WO2019033374A1 - Backup recovery method and system - Google Patents

Backup recovery method and system Download PDF

Info

Publication number
WO2019033374A1
WO2019033374A1 PCT/CN2017/097943 CN2017097943W WO2019033374A1 WO 2019033374 A1 WO2019033374 A1 WO 2019033374A1 CN 2017097943 W CN2017097943 W CN 2017097943W WO 2019033374 A1 WO2019033374 A1 WO 2019033374A1
Authority
WO
WIPO (PCT)
Prior art keywords
backup
terminal device
information
preset
backup information
Prior art date
Application number
PCT/CN2017/097943
Other languages
French (fr)
Chinese (zh)
Inventor
叶胡星
Original Assignee
深圳市优品壹电子有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市优品壹电子有限公司 filed Critical 深圳市优品壹电子有限公司
Priority to PCT/CN2017/097943 priority Critical patent/WO2019033374A1/en
Publication of WO2019033374A1 publication Critical patent/WO2019033374A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a backup recovery method and system.
  • the terminal in order to avoid data loss, the terminal generally backs up some important information on the server.
  • the server When the terminal obtains its backup information from the server, the server only needs to send its own identification information to obtain the backup information from the server, and the server directly sends the backup information corresponding to the identifier to the terminal.
  • the backup information of the terminal in this mode is often easily stolen, such as stealing directly in the process of sending backup information to the terminal by the server, or stealing the identifier of the terminal, and the fake terminal steals the backup information from the server. Poor sex.
  • the embodiment of the invention provides a backup and recovery method and system, which can improve the security of information acquisition through two-way encryption of the terminal device and the server.
  • an embodiment of the present invention provides a backup and recovery method, where the method includes:
  • the terminal device sends a backup recovery request to the server, where the backup recovery request carries the identity identifier of the terminal device, and the identity identifier has been encrypted by using a preset first public key;
  • the terminal device receives the backup information sent by the server, where the backup information is that the server decrypts the backup recovery request by using a preset first private key, and acquires the identity identifier when the decryption succeeds. Corresponding backup information, and encrypting the backup information by using a preset second public key, and sending the backup information to the terminal device;
  • the terminal device decrypts the backup information by using a preset second private key, and acquires the backup information when the decryption succeeds;
  • the first public key and the first private key are pre-generated first key pairs
  • the second public key and the second private key are pre-generated second key pairs
  • the first key pair and the second key pair are different in key.
  • the method further includes:
  • the terminal device sends an information backup request to the server, where the information backup request includes backup information of the terminal device and an identity identifier of the terminal device, so that the server uses the identity identifier and the backup information. Perform associative storage.
  • the terminal device sends an information backup request to the server, including:
  • the terminal device encrypts the backup information by using a preset encryption manner, and sends an information backup request including the encrypted backup information and the identity identifier of the terminal device to the server;
  • the terminal device decrypts the backup information by using a preset second private key, and obtains the backup information when the decryption succeeds, including:
  • the terminal device decrypts the backup information by using a preset second private key, and decrypts the backup information by using a preset decryption manner to obtain the backup information;
  • the preset encryption mode corresponds to the preset decryption mode.
  • the preset encryption manner includes at least one of a password encryption method, a fingerprint string encryption method, a voiceprint encryption method, and an iris encryption method;
  • the preset decryption method includes at least one of a password decryption method, a fingerprint string decryption method, a voiceprint decryption method, and an iris decryption method.
  • the embodiment of the present invention further provides a backup and recovery system, where the system includes: a terminal device and a server;
  • the terminal device is configured to send a backup and restore request to the server, where the backup and recovery request carries an identity identifier of the terminal device, and the identity identifier is encrypted by using a preset first public key;
  • the server is configured to receive the backup recovery request sent by the terminal device, and decrypt the backup recovery request by using a preset first private key, and obtain the identity identifier and search when the decryption succeeds And generating the backup information corresponding to the identity identifier, and encrypting the backup information by using a preset second public key, and sending the backup information to the terminal device;
  • the terminal device is further configured to decrypt the backup information by using a preset second private key, and obtain the backup information when the decryption succeeds;
  • the first public key and the first private key are pre-generated first key pairs
  • the second public key and the second private key are pre-generated second key pairs
  • the first key pair and the second key pair are different in key.
  • the terminal device is further configured to send an information backup request to the server, where the information backup request includes backup information of the terminal device and an identity identifier of the terminal device;
  • the server is further configured to receive the information backup request sent by the terminal device, and store the identity identifier and the backup information in association.
  • the terminal device is specifically configured to encrypt the backup information by using a preset encryption manner, and send an information backup request including the encrypted backup information and the identity identifier of the terminal device to the server.
  • the terminal device is configured to decrypt the backup information by using a preset second private key, and decrypt the backup information by using a preset decryption manner to obtain the The backup information, wherein the preset encryption mode corresponds to the preset decryption mode.
  • the preset encryption manner includes at least one of a password encryption method, a fingerprint string encryption method, a voiceprint encryption method, and an iris encryption method;
  • the preset decryption method includes at least one of a password decryption method, a fingerprint string decryption method, a voiceprint decryption method, and an iris decryption method.
  • the server is configured to determine, according to the identity identifier, whether the identity of the terminal device is legal, and associate the identity identifier with the backup information when determining that the identity of the terminal device is legal. storage.
  • an embodiment of the present invention provides a terminal device, where the terminal device includes: a communication unit and a processing unit, and the terminal device performs some or all of the steps of the method of the first aspect by using the foregoing unit.
  • an embodiment of the present invention provides a server, where the server includes: a communication unit and a processing unit, and the server performs some or all of the steps performed by the server of the second aspect by using the foregoing unit.
  • an embodiment of the present invention provides another terminal device, including a processor, a transceiver, and a memory, where the processor, the transceiver, and the memory are connected to each other, wherein the memory is used to store the supporting terminal device to perform the foregoing.
  • An application code of a method the processor being configured to perform the method of the first aspect above.
  • an embodiment of the present invention provides another server, including a processor, a transceiver, and a memory, where the processor, the transceiver, and the memory are connected to each other, wherein the memory is used for storing
  • the application code executing the above method by the server, the processor being configured to perform some or all of the steps of the server of the second aspect above.
  • an embodiment of the present invention provides a computer readable storage medium, where the computer storage medium stores a computer program, where the computer program includes program instructions, and the program instructions, when executed by a processor, cause the processing The method of the first aspect described above is performed.
  • an embodiment of the present invention provides a computer readable storage medium, where the computer storage medium stores a computer program, where the computer program includes program instructions, and the program instructions, when executed by a processor, cause the processing The method of executing the server of the second aspect above is performed.
  • the present application also provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method described in the above aspects.
  • the present application further provides a chip system including a processor for supporting a terminal device or a server to implement the functions involved in the above aspects.
  • the chip system further comprises a memory for storing program instructions and data necessary for the terminal device or the server.
  • the chip system can be composed of chips, and can also include chips and other discrete devices.
  • the terminal device may send a backup recovery request carrying the identity identifier encrypted by using the preset first public key to the server, so that the server can decrypt the backup recovery request by using the preset first private key. And when the decryption succeeds, the identifier is obtained, and the backup information corresponding to the identifier is found, and the backup information is encrypted by using the preset second public key, and then sent to the terminal device, so that the terminal device can pass the The backup information is decrypted by using the preset second private key, and when the decryption is successful, the backup information is obtained, thereby improving the security of information acquisition through two-way encryption of the terminal device and the server.
  • FIG. 1 is a schematic diagram of interaction of a backup and recovery method according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a backup and recovery system according to an embodiment of the present invention.
  • FIG. 3 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a terminal device according to another embodiment of the present invention.
  • the term “if” can be interpreted as “when” or “on” or “in response to determining” or “in response to detecting” depending on the context. .
  • the phrase “if determined” or “if detected [condition or event described]” may be interpreted in context to mean “once determined” or “in response to determining” or “once detected [condition or event described] ] or “in response to detecting [conditions or events described]”.
  • the embodiment of the invention discloses a backup and recovery method, a system and a terminal device, which can improve the security of information acquisition through two-way encryption of the terminal device and the server. The details are explained below.
  • FIG. 1 is a schematic diagram of interaction of a backup recovery method according to an embodiment of the present invention. Specific As shown in FIG. 1, the backup recovery method of the embodiment of the present invention may include the following steps:
  • the terminal device sends a backup recovery request to the server, where the backup recovery request carries the identity identifier of the terminal device, and the identity identifier has been encrypted by using a preset first public key.
  • the terminal device stores a pre-configured first public key and a second private key
  • the server stores a pre-configured first private key and a second public key.
  • the first public key and the first private key are pre-generated first key pairs
  • the second public key and the second private key are pre-generated second key pairs
  • the first key The key corresponding to the second key pair is different. That is to say, the first public key and the first private key are mutually encrypted and decrypted keys
  • the second public key and the second private key are mutually encrypted and decrypted keys.
  • the server decrypts the backup recovery request by using a preset first private key, and obtains the identity identifier when the decryption succeeds, and searches for backup information corresponding to the identity identifier.
  • the server may store backup information uploaded by each terminal device, and each backup information may be stored in association with the identity identifier of the terminal device. Therefore, when receiving the backup recovery request carrying the identity identifier, the server can obtain the identity of the terminal device by performing a program for the backup recovery request, and then search for the associated backup information according to the identity identifier.
  • the server encrypts the backup information by using a preset second public key, and sends the backup information to the terminal device.
  • the terminal device decrypts the backup information by using a preset second private key, and obtains the backup information when the decryption succeeds.
  • the server may encrypt the backup information by using the second public key, and then send the encrypted backup information to the terminal device instead of directly sending the backup information to the terminal device. Therefore, when receiving the backup information returned by the server for the backup recovery request, the terminal device may decrypt the encrypted backup information by using the second private key to obtain the backup information. This effectively prevents the backup information from being stolen by illegal molecules and improves information security.
  • the terminal device may further send an information backup request to the server, where the information backup request includes backup information of the terminal device and an identity identifier of the terminal device.
  • the server may receive the information backup request sent by the terminal device, and store the identity identifier and the backup information in association. That is, each terminal device can perform information backup on the server in advance, so that the terminal device can recover the backed up information from the server in time when the information is lost.
  • the backup information when the terminal device sends an information backup request to the server, the backup information may be encrypted by using a preset encryption manner, and the information including the encrypted backup information and the identity identifier of the terminal device is sent to the server. Backup request. Further, the terminal device decrypts the backup information by using a preset second private key, and when the decryption is successful, the terminal information may be specifically used to adopt a preset second private key pair. The backup information is decrypted, and when the decryption is successful, the backup information is decrypted by using a preset decryption manner to obtain the backup information. That is to say, when uploading the backup information, the terminal device can encrypt the backup information, that is, store the encrypted backup information at the server. Therefore, when the terminal device performs backup and recovery, and receives the encrypted backup information returned by the server, the backup information can be successfully decrypted by using the second private key and the preset decryption manner to obtain the backup information. This further enhances safety performance.
  • the preset encryption method may include at least one of a password encryption method, a fingerprint string encryption method, a voiceprint encryption method, and an iris encryption method.
  • the preset decryption method may include a password decryption method and a fingerprint. At least one of a string decryption method, a voiceprint decryption method, and an iris decryption method.
  • the preset encryption mode corresponds to the preset decryption mode.
  • the preset decryption mode is also a password decryption mode
  • the password encryption mode is the same as the password corresponding to the password decryption mode; for example, the preset encryption mode is fingerprint string encryption.
  • the preset decryption mode is also a fingerprint string decryption mode
  • the fingerprint string encryption mode is the same as the corresponding fingerprint string of the fingerprint string decryption mode, including the same fingerprint and the same fingerprint input order.
  • the server may further determine, according to the identity identifier, whether the identity of the terminal device is legal, and associate the identity identifier with the backup information when determining that the identity of the terminal device is legal. Thereby improving safety performance.
  • the server may store the identifier list of the legal user. If the identity of the terminal device is in the identifier list, the identity of the terminal device may be determined. For the manner of determining whether the identity of the terminal device is legal, the embodiment of the present invention Not limited.
  • the terminal device may further receive the to-be-verified information input for the user operation, determine whether the to-be-verified information matches the preset verification information, and when the to-be-verified information matches the verification information, , send a backup recovery request to the server. That is to say, if it is determined that the terminal device needs to send a backup recovery request, the user identity may be verified, and when the verification is successful, the backup recovery request is sent to improve the reliability of information recovery.
  • the information to be verified may include password information, fingerprint string information, voiceprint information, and iris information. At least one of them.
  • the information to be verified may include fingerprint string information, where the fingerprint string information includes at least one fingerprint and an input sequence of the fingerprint. Further, the terminal device may determine whether the fingerprint included in the fingerprint string information matches the fingerprint in the preset verification information, and whether the input sequence of the fingerprint included in the fingerprint string information is in the verification information. The input order of the fingerprints is the same, and when the fingerprints match and the input order of the fingerprints is the same, it is determined that the information to be verified matches the verification information.
  • the information to be verified may include voiceprint information. Further, the terminal device may determine whether the voiceprint information included in the to-be-verified information matches the voiceprint information in the preset verification information, and determine the to-be-verified information and the verification information when matching Match.
  • the terminal device may send a backup recovery request carrying the identity identifier encrypted by using the preset first public key to the server, so that the server can restore the backup request by using the preset first private key.
  • the decryption is performed, and when the decryption is successful, the identity identifier is obtained, and the backup information corresponding to the identity identifier is found, and the backup information is encrypted by using the preset second public key, and then sent to the terminal device, so that the terminal device is
  • the backup information can be decrypted by using the preset second private key, and when the decryption is successful, the backup information is obtained, thereby improving the security of information acquisition through two-way encryption of the terminal device and the server.
  • the backup and recovery system of the embodiment of the present invention may include: a terminal device 201 and a server 202;
  • the terminal device 201 is configured to send a backup recovery request to the server 202, where the backup recovery request carries an identity identifier of the terminal device 201, and the identity identifier is encrypted by using a preset first public key. ;
  • the server 202 is configured to receive the backup recovery request sent by the terminal device 201, and decrypt the backup recovery request by using a preset first private key, and obtain the identity identifier when the decryption is successful. And searching for the backup information corresponding to the identity identifier, and encrypting the backup information by using a preset second public key, and sending the backup information to the terminal device 201;
  • the terminal device 201 is further configured to decrypt the backup information by using a preset second private key, and obtain the backup information when the decryption succeeds;
  • the first public key and the first private key are pre-generated first key pairs
  • the second public key and the second private key are pre-generated second key pairs
  • the first key pair and the second key pair are different in key.
  • the terminal device 201 is further configured to send an information backup request to the server 202, where the information backup request includes backup information of the terminal device 201 and an identity identifier of the terminal device 201;
  • the server 202 is further configured to receive the information backup request sent by the terminal device 201, and store the identity identifier and the backup information in association.
  • the terminal device 201 may be specifically configured to encrypt the backup information by using a preset encryption manner, and send the encrypted backup information and the identity identifier of the terminal device 201 to the server 202. Information backup request.
  • the terminal device 201 is specifically configured to decrypt the backup information by using a preset second private key, and decrypt the backup information by using a preset decryption manner when the decryption is successful, Obtaining the backup information, where the preset encryption manner corresponds to the preset decryption manner.
  • the preset encryption mode includes at least one of a password encryption mode, a fingerprint string encryption mode, a voiceprint encryption mode, and an iris encryption mode; and correspondingly, the preset decryption mode includes a password decryption mode and a fingerprint string. At least one of a decryption method, a voiceprint decryption method, and an iris decryption method.
  • the server 202 is specifically configured to determine, according to the identity identifier, whether the identity of the terminal device 201 is legal, and when determining that the identity of the terminal device 201 is legal, the identity identifier and the Backup information is stored in association.
  • the terminal device 201 can refer to the related description of the terminal device in the embodiment shown in FIG. 1
  • the server 202 can refer to the related description of the server in the embodiment shown in FIG. 1 , and details are not described herein.
  • FIG. 3 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
  • the terminal device 300 of the embodiment of the present invention may include a communication unit 301 and a processing unit 302. Wherein, these units can perform corresponding functions of the terminal device in the above method example, for example,
  • the communication unit 301 is configured to send a backup recovery request to the server, where the backup recovery request carries the identity identifier of the terminal device, and the identity identifier has been encrypted by using a preset first public key;
  • the communication unit 301 is further configured to receive backup information sent by the server, where the backup information is that the server decrypts the backup recovery request by using a preset first private key, and when the decryption succeeds, acquiring The backup information corresponding to the identity identifier, and the backup information is encrypted by using a preset second public key, and then sent to the terminal device;
  • the processing unit 302 is configured to decrypt the backup information by using a preset second private key, and obtain the backup information when the decryption succeeds;
  • the first public key and the first private key are pre-generated first key pairs
  • the second public key and the second private key are pre-generated second key pairs
  • the first key pair and the second key pair are different in key.
  • the communication unit 301 is further configured to send an information backup request to the server, where the information backup request includes backup information of the terminal device and an identity identifier of the terminal device, so that the server The identity identifier and the backup information are stored in association.
  • the communication unit 301 when the communication unit 301 sends an information backup request to the server, the communication unit 301 may be specifically configured to:
  • the processing unit 302 decrypts the backup information by using a preset second private key, and when the decryption is successful, the backup information may be specifically used for:
  • the preset encryption mode corresponds to the preset decryption mode.
  • the preset encryption method may include at least one of a password encryption method, a fingerprint string encryption method, a voiceprint encryption method, and an iris encryption method.
  • the preset decryption method may include a password decryption method. At least one of a fingerprint decryption method, a voiceprint decryption method, and an iris decryption method.
  • the terminal device may implement some or all of the steps in the backup recovery method in the foregoing embodiment shown in FIG. 1 by using the foregoing unit.
  • the embodiments of the present invention are device embodiments corresponding to the method embodiments, and the description of the method embodiments is also applicable to the embodiments of the present invention.
  • FIG. 4 is a schematic structural diagram of a terminal device according to another embodiment of the present invention.
  • the terminal device 400 of the embodiment of the present invention may include: one or more processors 401; and optionally include one or more transceivers 402, a user interface 403, a memory 404, and the like. Wait.
  • the processor 401, the transceiver 402, the user interface 403, and the memory 404 may be connected by a bus 405, or may be connected by other means.
  • Memory 404 can be used to store instructions, and processor 401 can be used to execute instructions stored by memory 404.
  • the processor 401 may be a central processing unit (CPU), and the processor may also be another general-purpose processor, a digital signal processor (DSP). , Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component, etc.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the transceiver 402 can be used to receive and/or transmit information.
  • the user interface 403 may include a touchpad, a fingerprint sensor (for collecting fingerprint information of the user), a microphone, etc., and may also include a display (LCD or the like), a speaker, and the like.
  • the memory 404 can include read only memory and random access memory and provides instructions and data to the processor 401.
  • a portion of memory 404 may also include non-volatile random access memory.
  • the processor 401 is specifically configured to: send, by using the transceiver 402, a backup and recovery request to the server, where the backup and recovery request carries the identity identifier of the terminal device, and the identity identifier has adopted a preset a public key encryption; receiving, by the transceiver 402, backup information sent by the server, where the backup information is that the server decrypts the backup recovery request by using a preset first private key, and when the decryption is successful Obtaining the backup information corresponding to the identity identifier, and encrypting the backup information by using a preset second public key, and sending the backup information to the terminal device; using the preset second private key to the backup information Decrypting, and when the decryption is successful, acquiring the backup information; wherein the first public key and the first private key are pre-generated first key pairs, the second public key and the first The second private key is a pre-generated second key pair, and the first key pair and the second key pair correspond to different keys.
  • processor 401 is further configured to perform the following steps:
  • the information backup request And including the backup information of the terminal device and the identity identifier of the terminal device, so that the server associates the identity identifier and the backup information in association.
  • processor 401 is further configured to perform the following steps:
  • the processor 401 decrypts the backup information by using a preset second private key, and when the decryption is successful, the backup information may be specifically used for:
  • the preset encryption mode corresponds to the preset decryption mode.
  • the preset encryption mode includes at least one of a password encryption mode, a fingerprint string encryption mode, a voiceprint encryption mode, and an iris encryption mode; and correspondingly, the preset decryption mode includes a password decryption mode and a fingerprint string. At least one of a decryption method, a voiceprint decryption method, and an iris decryption method.
  • the processor 401, the transceiver 402, the user interface 03, and the memory 404 described in the embodiment of the present invention may implement the implementation described in the backup recovery method in the embodiment shown in FIG. 1, and may also perform the present invention.
  • the implementation manner of the terminal device described in the embodiment is not described herein again.
  • a computer readable storage medium storing a computer program, the computer program being executed by a processor to implement a backup recovery method of the embodiment shown in FIG. .
  • the computer readable storage medium may be an internal storage unit of the terminal device described in any of the foregoing embodiments, such as a hard disk or a memory of the terminal device.
  • the computer readable storage medium may also be an external storage device of the terminal device, such as a plug-in hard disk equipped on the terminal device, a smart memory card (SMC), and a secure digital (Secure Digital, SD) ) cards, flash cards, etc.
  • the computer readable storage medium may also include both an internal storage unit of the terminal device and an external storage device.
  • the computer readable storage medium is for storing the computer program and other programs and data required by the terminal device.
  • the computer readable storage medium can also be used to temporarily store data that has been output or is about to be output.
  • the disclosed system, terminal device, and server and method may be implemented in other manners.
  • the division of the unit in the embodiment of the present invention is schematic, and is only a logical function division, and the actual implementation may have another division manner.
  • Each functional unit in the embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated in one unit, or some features may be ignored or not executed.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, or an electrical, mechanical or other form of connection.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the embodiments of the present invention.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • a computer readable storage medium including instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the various aspects of the present invention. All or part of the steps of the method described in the examples.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

Abstract

A backup recovery method and system, the method comprising: a terminal device (201) sending a backup recovery request to a server (202), the backup recovery request carrying the identity identifier of the terminal device (201), and the identity identifier having been encrypted using a first preset public key (101); the server (202) receiving the backup recovery request sent by the terminal device (201), decrypting the backup recovery request using a first preset private key, and, when the decryption succeeds, obtaining the identity identifier and searching for backup information corresponding to the identity identifier (102), and sending the backup information to the terminal device (201) after encrypting the backup information using a second preset public key (103); the terminal device (201) decrypting the backup information using a second preset private key, and acquiring the backup information when the decryption succeeds (104). Said method can improve the security of information acquisition by performing bidirectional encryption of the terminal device (201) and the server (202).

Description

一种备份恢复方法及系统Backup recovery method and system 技术领域Technical field
本发明涉及通信技术领域,尤其涉及一种备份恢复方法及系统。The present invention relates to the field of communications technologies, and in particular, to a backup recovery method and system.
背景技术Background technique
目前,为了避免数据丢失,终端一般会在服务器对一些重要信息进行备份。终端从服务器获取其备份信息时,仅需发送自身的标识信息即可从该服务器获取得到该备份信息,服务器直接将该标识对应的备份信息发送给终端。然而,该方式下终端的备份信息往往很容易被盗取,比如直接在服务器发送备份信息给终端的过程中盗取,或者通过盗取终端的标识,假冒终端去向服务器盗取该备份信息,安全性较差。Currently, in order to avoid data loss, the terminal generally backs up some important information on the server. When the terminal obtains its backup information from the server, the server only needs to send its own identification information to obtain the backup information from the server, and the server directly sends the backup information corresponding to the identifier to the terminal. However, the backup information of the terminal in this mode is often easily stolen, such as stealing directly in the process of sending backup information to the terminal by the server, or stealing the identifier of the terminal, and the fake terminal steals the backup information from the server. Poor sex.
发明内容Summary of the invention
本发明实施例提供一种备份恢复方法及系统,能够通过终端设备和服务器的双向加密,来提升信息获取的安全性。The embodiment of the invention provides a backup and recovery method and system, which can improve the security of information acquisition through two-way encryption of the terminal device and the server.
第一方面,本发明实施例提供了一种备份恢复方法,该方法包括:In a first aspect, an embodiment of the present invention provides a backup and recovery method, where the method includes:
终端设备向服务器发送备份恢复请求,所述备份恢复请求中携带有所述终端设备的身份标识,且所述身份标识已采用预设的第一公钥加密;The terminal device sends a backup recovery request to the server, where the backup recovery request carries the identity identifier of the terminal device, and the identity identifier has been encrypted by using a preset first public key;
所述终端设备接收所述服务器发送的备份信息,所述备份信息是所述服务器采用预设的第一私钥对所述备份恢复请求进行解密,且在解密成功时,获取与所述身份标识对应的备份信息,并采用预设的第二公钥对所述备份信息进行加密后向所述终端设备发送的;The terminal device receives the backup information sent by the server, where the backup information is that the server decrypts the backup recovery request by using a preset first private key, and acquires the identity identifier when the decryption succeeds. Corresponding backup information, and encrypting the backup information by using a preset second public key, and sending the backup information to the terminal device;
所述终端设备采用预设的第二私钥对所述备份信息进行解密,并在解密成功时,获取所述备份信息;The terminal device decrypts the backup information by using a preset second private key, and acquires the backup information when the decryption succeeds;
其中,所述第一公钥和所述第一私钥为预先生成的第一密钥对,所述第二公钥和所述第二私钥为预先生成的第二密钥对,且所述第一密钥对和所述第二密钥对所对应的密钥不同。The first public key and the first private key are pre-generated first key pairs, and the second public key and the second private key are pre-generated second key pairs, and The first key pair and the second key pair are different in key.
可选的,所述方法还包括: Optionally, the method further includes:
所述终端设备向所述服务器发送信息备份请求,所述信息备份请求包括所述终端设备的备份信息和所述终端设备的身份标识,以使所述服务器将所述身份标识和所述备份信息进行关联存储。The terminal device sends an information backup request to the server, where the information backup request includes backup information of the terminal device and an identity identifier of the terminal device, so that the server uses the identity identifier and the backup information. Perform associative storage.
可选的,所述终端设备向所述服务器发送信息备份请求,包括:Optionally, the terminal device sends an information backup request to the server, including:
所述终端设备采用预设加密方式对所述备份信息进行加密,并向所述服务器发送包括加密后的备份信息和所述终端设备的身份标识的信息备份请求;The terminal device encrypts the backup information by using a preset encryption manner, and sends an information backup request including the encrypted backup information and the identity identifier of the terminal device to the server;
所述终端设备采用预设的第二私钥对所述备份信息进行解密,并在解密成功时,获取所述备份信息,包括:The terminal device decrypts the backup information by using a preset second private key, and obtains the backup information when the decryption succeeds, including:
所述终端设备采用预设的第二私钥对所述备份信息进行解密,且解密成功时,采用预设解密方式对所述备份信息进行解密,以获取所述备份信息;The terminal device decrypts the backup information by using a preset second private key, and decrypts the backup information by using a preset decryption manner to obtain the backup information;
其中,所述预设加密方式与所述预设解密方式相对应。The preset encryption mode corresponds to the preset decryption mode.
可选的,所述预设加密方式包括密码加密方式、指纹串加密方式、声纹加密方式、虹膜加密方式中的至少一项;Optionally, the preset encryption manner includes at least one of a password encryption method, a fingerprint string encryption method, a voiceprint encryption method, and an iris encryption method;
所述预设解密方式包括密码解密方式、指纹串解密方式、声纹解密方式、虹膜解密方式中的至少一项。The preset decryption method includes at least one of a password decryption method, a fingerprint string decryption method, a voiceprint decryption method, and an iris decryption method.
第二方面,本发明实施例还提供了一种备份恢复系统,该系统包括:终端设备和服务器;其中,In a second aspect, the embodiment of the present invention further provides a backup and recovery system, where the system includes: a terminal device and a server;
所述终端设备,用于向所述服务器发送备份恢复请求,所述备份恢复请求中携带有所述终端设备的身份标识,且所述身份标识已采用预设的第一公钥加密;The terminal device is configured to send a backup and restore request to the server, where the backup and recovery request carries an identity identifier of the terminal device, and the identity identifier is encrypted by using a preset first public key;
所述服务器,用于接收所述终端设备发送的所述备份恢复请求,并采用预设的第一私钥对所述备份恢复请求进行解密,并在解密成功时,获取所述身份标识,查找出与所述身份标识对应的备份信息,并采用预设的第二公钥对所述备份信息进行加密后向所述终端设备发送所述备份信息;The server is configured to receive the backup recovery request sent by the terminal device, and decrypt the backup recovery request by using a preset first private key, and obtain the identity identifier and search when the decryption succeeds And generating the backup information corresponding to the identity identifier, and encrypting the backup information by using a preset second public key, and sending the backup information to the terminal device;
所述终端设备,还用于采用预设的第二私钥对所述备份信息进行解密,并在解密成功时,获取所述备份信息;The terminal device is further configured to decrypt the backup information by using a preset second private key, and obtain the backup information when the decryption succeeds;
其中,所述第一公钥和所述第一私钥为预先生成的第一密钥对,所述第二公钥和所述第二私钥为预先生成的第二密钥对,且所述第一密钥对和所述第二密钥对所对应的密钥不同。 The first public key and the first private key are pre-generated first key pairs, and the second public key and the second private key are pre-generated second key pairs, and The first key pair and the second key pair are different in key.
可选的,所述终端设备,还用于向所述服务器发送信息备份请求,所述信息备份请求包括所述终端设备的备份信息和所述终端设备的身份标识;Optionally, the terminal device is further configured to send an information backup request to the server, where the information backup request includes backup information of the terminal device and an identity identifier of the terminal device;
所述服务器,还用于接收所述终端设备发送的所述信息备份请求,并将所述身份标识和所述备份信息进行关联存储。The server is further configured to receive the information backup request sent by the terminal device, and store the identity identifier and the backup information in association.
可选的,所述终端设备,具体用于采用预设加密方式对所述备份信息进行加密,并向所述服务器发送包括加密后的备份信息和所述终端设备的身份标识的信息备份请求。Optionally, the terminal device is specifically configured to encrypt the backup information by using a preset encryption manner, and send an information backup request including the encrypted backup information and the identity identifier of the terminal device to the server.
可选的,所述终端设备,具体用于在采用预设的第二私钥对所述备份信息进行解密,且解密成功时,采用预设解密方式对所述备份信息进行解密,以获取所述备份信息,其中,所述预设加密方式与所述预设解密方式相对应。Optionally, the terminal device is configured to decrypt the backup information by using a preset second private key, and decrypt the backup information by using a preset decryption manner to obtain the The backup information, wherein the preset encryption mode corresponds to the preset decryption mode.
可选的,所述预设加密方式包括密码加密方式、指纹串加密方式、声纹加密方式、虹膜加密方式中的至少一项;Optionally, the preset encryption manner includes at least one of a password encryption method, a fingerprint string encryption method, a voiceprint encryption method, and an iris encryption method;
所述预设解密方式包括密码解密方式、指纹串解密方式、声纹解密方式、虹膜解密方式中的至少一项。The preset decryption method includes at least one of a password decryption method, a fingerprint string decryption method, a voiceprint decryption method, and an iris decryption method.
可选的,所述服务器,具体用于根据所述身份标识确定所述终端设备的身份是否合法,并在确定所述终端设备的身份合法时,将所述身份标识和所述备份信息进行关联存储。Optionally, the server is configured to determine, according to the identity identifier, whether the identity of the terminal device is legal, and associate the identity identifier with the backup information when determining that the identity of the terminal device is legal. storage.
第三方面,本发明实施例提供了一种终端设备,该终端设备包括:通信单元和处理单元,该终端设备通过上述单元执行该第一方面的方法的部分或全部步骤。In a third aspect, an embodiment of the present invention provides a terminal device, where the terminal device includes: a communication unit and a processing unit, and the terminal device performs some or all of the steps of the method of the first aspect by using the foregoing unit.
第四方面,本发明实施例提供了一种服务器,该服务器包括:通信单元和处理单元,该服务器通过上述单元执行该第二方面的服务器执行的部分或全部步骤。In a fourth aspect, an embodiment of the present invention provides a server, where the server includes: a communication unit and a processing unit, and the server performs some or all of the steps performed by the server of the second aspect by using the foregoing unit.
第五方面,本发明实施例提供了另一种终端设备,包括处理器、收发器和存储器,所述处理器、收发器和存储器相互连接,其中,所述存储器用于存储支持终端设备执行上述方法的应用程序代码,所述处理器被配置用于执行上述第一方面的方法。In a fifth aspect, an embodiment of the present invention provides another terminal device, including a processor, a transceiver, and a memory, where the processor, the transceiver, and the memory are connected to each other, wherein the memory is used to store the supporting terminal device to perform the foregoing. An application code of a method, the processor being configured to perform the method of the first aspect above.
第六方面,本发明实施例提供了另一种服务器,包括处理器、收发器和存储器,所述处理器、收发器和存储器相互连接,其中,所述存储器用于存储支 持服务器执行上述方法的应用程序代码,所述处理器被配置用于执行上述第二方面的服务器的部分或全部步骤。In a sixth aspect, an embodiment of the present invention provides another server, including a processor, a transceiver, and a memory, where the processor, the transceiver, and the memory are connected to each other, wherein the memory is used for storing The application code executing the above method by the server, the processor being configured to perform some or all of the steps of the server of the second aspect above.
第七方面,本发明实施例提供了一种计算机可读存储介质,所述计算机存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行上述第一方面的方法。In a seventh aspect, an embodiment of the present invention provides a computer readable storage medium, where the computer storage medium stores a computer program, where the computer program includes program instructions, and the program instructions, when executed by a processor, cause the processing The method of the first aspect described above is performed.
第八方面,本发明实施例提供了一种计算机可读存储介质,所述计算机存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行上述第二方面的服务器执行的方法。In an eighth aspect, an embodiment of the present invention provides a computer readable storage medium, where the computer storage medium stores a computer program, where the computer program includes program instructions, and the program instructions, when executed by a processor, cause the processing The method of executing the server of the second aspect above is performed.
第九方面,本申请还提供了一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机执行上述各方面所述的方法。In a ninth aspect, the present application also provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method described in the above aspects.
第十方面,本申请还提供了一种芯片系统,该芯片系统包括处理器,用于支持终端设备或服务器实现上述方面中所涉及的功能。在一种可能的设计中,所述芯片系统还包括存储器,所述存储器,用于保存终端设备或服务器必要的程序指令和数据。该芯片系统,可以由芯片构成,也可以包括芯片和其他分立器件。In a tenth aspect, the present application further provides a chip system including a processor for supporting a terminal device or a server to implement the functions involved in the above aspects. In a possible design, the chip system further comprises a memory for storing program instructions and data necessary for the terminal device or the server. The chip system can be composed of chips, and can also include chips and other discrete devices.
本发明实施例中终端设备可通过向服务器发送携带有已采用预设的第一公钥加密的身份标识的备份恢复请求,使得服务器能够采用预设的第一私钥对该备份恢复请求进行解密,并在解密成功时,获取所述身份标识,查找出与该身份标识对应的备份信息,进而采用预设的第二公钥对该备份信息进行加密后发送给终端设备,使得终端设备能够通过采用预设的第二私钥对该备份信息进行解密,并在解密成功时,获取得到该备份信息,由此能够通过终端设备和服务器的双向加密,提升信息获取的安全性。In the embodiment of the present invention, the terminal device may send a backup recovery request carrying the identity identifier encrypted by using the preset first public key to the server, so that the server can decrypt the backup recovery request by using the preset first private key. And when the decryption succeeds, the identifier is obtained, and the backup information corresponding to the identifier is found, and the backup information is encrypted by using the preset second public key, and then sent to the terminal device, so that the terminal device can pass the The backup information is decrypted by using the preset second private key, and when the decryption is successful, the backup information is obtained, thereby improving the security of information acquisition through two-way encryption of the terminal device and the server.
附图说明DRAWINGS
为了更清楚地说明本发明实施例技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are some embodiments of the present invention. For the ordinary technicians, other drawings can be obtained based on these drawings without any creative work.
图1是本发明实施例提供的一种备份恢复方法的交互示意图; 1 is a schematic diagram of interaction of a backup and recovery method according to an embodiment of the present invention;
图2是本发明实施例提供的一种备份恢复系统的结构示意图;2 is a schematic structural diagram of a backup and recovery system according to an embodiment of the present invention;
图3是本发明实施例提供的一种终端设备的结构示意图;3 is a schematic structural diagram of a terminal device according to an embodiment of the present invention;
图4是本发明另一实施例提供的一种终端设备的结构示意图。FIG. 4 is a schematic structural diagram of a terminal device according to another embodiment of the present invention.
具体实施方式Detailed ways
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
应当理解,当在本说明书和所附权利要求书中使用时,术语“包括”和“包含”指示所描述特征、整体、步骤、操作、元素和/或组件的存在,但并不排除一个或多个其它特征、整体、步骤、操作、元素、组件和/或其集合的存在或添加。The use of the terms "comprising", "comprising", "","," The presence or addition of a plurality of other features, integers, steps, operations, elements, components, and/or collections thereof.
还应当理解,在此本发明说明书中所使用的术语仅仅是出于描述特定实施例的目的而并不意在限制本发明。如在本发明说明书和所附权利要求书中所使用的那样,除非上下文清楚地指明其它情况,否则单数形式的“一”、“一个”及“该”意在包括复数形式。It is also to be understood that the terminology of the present invention is to be construed as a The singular forms "", ",",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
还应当进一步理解,在本发明说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。It is further understood that the term "and/or" used in the description of the invention and the appended claims means any combination and all possible combinations of one or more of the associated listed items, .
如在本说明书和所附权利要求书中所使用的那样,术语“如果”可以依据上下文被解释为“当...时”或“一旦”或“响应于确定”或“响应于检测到”。类似地,短语“如果确定”或“如果检测到[所描述条件或事件]”可以依据上下文被解释为意指“一旦确定”或“响应于确定”或“一旦检测到[所描述条件或事件]”或“响应于检测到[所描述条件或事件]”。As used in this specification and the appended claims, the term "if" can be interpreted as "when" or "on" or "in response to determining" or "in response to detecting" depending on the context. . Similarly, the phrase "if determined" or "if detected [condition or event described]" may be interpreted in context to mean "once determined" or "in response to determining" or "once detected [condition or event described] ] or "in response to detecting [conditions or events described]".
本发明实施例公开了一种备份恢复方法、系统及终端设备,能够通过终端设备和服务器的双向加密,来提升信息获取的安全性。以下分别详细说明。The embodiment of the invention discloses a backup and recovery method, a system and a terminal device, which can improve the security of information acquisition through two-way encryption of the terminal device and the server. The details are explained below.
请参见图1,是本发明实施例提供一种备份恢复方法的交互示意图。具体 的,如图1所示,本发明实施例的备份恢复方法可包括以下步骤:FIG. 1 is a schematic diagram of interaction of a backup recovery method according to an embodiment of the present invention. Specific As shown in FIG. 1, the backup recovery method of the embodiment of the present invention may include the following steps:
101、终端设备向服务器发送备份恢复请求,该备份恢复请求中携带有该终端设备的身份标识,且该身份标识已采用预设的第一公钥加密。The terminal device sends a backup recovery request to the server, where the backup recovery request carries the identity identifier of the terminal device, and the identity identifier has been encrypted by using a preset first public key.
具体的,该终端设备中存储有预先配置的第一公钥和第二私钥,服务器中存储有预先配置的第一私钥和第二公钥。其中,该第一公钥和该第一私钥为预先生成的第一密钥对,该第二公钥和该第二私钥为预先生成的第二密钥对,且该第一密钥对和该第二密钥对所对应的密钥不同。也就是说,该第一公钥和第一私钥互为加密和解密的密钥,第二公钥和第二私钥互为加密和解密的密钥。从而实现终端设备和服务器的双向加密和解密。Specifically, the terminal device stores a pre-configured first public key and a second private key, and the server stores a pre-configured first private key and a second public key. The first public key and the first private key are pre-generated first key pairs, the second public key and the second private key are pre-generated second key pairs, and the first key The key corresponding to the second key pair is different. That is to say, the first public key and the first private key are mutually encrypted and decrypted keys, and the second public key and the second private key are mutually encrypted and decrypted keys. Thereby two-way encryption and decryption of the terminal device and the server are realized.
102、服务器采用预设的第一私钥对该备份恢复请求进行解密,并在解密成功时,获取该身份标识,查找出与该身份标识对应的备份信息。102. The server decrypts the backup recovery request by using a preset first private key, and obtains the identity identifier when the decryption succeeds, and searches for backup information corresponding to the identity identifier.
可选的,该服务器中可存储有各终端设备上传的备份信息,每一个备份信息可以与终端设备的身份标识关联存储。从而服务器在接收到携带身份标识的备份恢复请求时,能够通过对该备份恢复请求进行节目,以获取得到该终端设备的身份标识,进而根据该身份标识查找关联的备份信息。Optionally, the server may store backup information uploaded by each terminal device, and each backup information may be stored in association with the identity identifier of the terminal device. Therefore, when receiving the backup recovery request carrying the identity identifier, the server can obtain the identity of the terminal device by performing a program for the backup recovery request, and then search for the associated backup information according to the identity identifier.
103、服务器采用预设的第二公钥对该备份信息进行加密后向该终端设备发送该备份信息。103. The server encrypts the backup information by using a preset second public key, and sends the backup information to the terminal device.
104、终端设备采用预设的第二私钥对该备份信息进行解密,并在解密成功时,获取该备份信息。104. The terminal device decrypts the backup information by using a preset second private key, and obtains the backup information when the decryption succeeds.
具体的,服务器在查找出该备份信息之后,即可采用该第二公钥对该备份信息进行加密,再将加密的备份信息发送给终端设备,而不是直接将该备份信息发送给终端设备。从而终端设备在接收到服务器针对该备份恢复请求返回的备份信息时,即可采用该第二私钥对该加密的备份信息进行解密,以获取该备份信息。这就有效防止了备份信息被非法分子窃取的问题,提升了信息安全性。Specifically, after the server finds the backup information, the server may encrypt the backup information by using the second public key, and then send the encrypted backup information to the terminal device instead of directly sending the backup information to the terminal device. Therefore, when receiving the backup information returned by the server for the backup recovery request, the terminal device may decrypt the encrypted backup information by using the second private key to obtain the backup information. This effectively prevents the backup information from being stolen by illegal molecules and improves information security.
可选的,该终端设备还可向该服务器发送信息备份请求,该信息备份请求包括该终端设备的备份信息和该终端设备的身份标识。该服务器可接收该终端设备发送的该信息备份请求,并将该身份标识和该备份信息进行关联存储。也即,各终端设备可预先在服务器进行信息备份,以便于终端设备在信息丢失时能够及时从该服务器恢复该备份的信息。 Optionally, the terminal device may further send an information backup request to the server, where the information backup request includes backup information of the terminal device and an identity identifier of the terminal device. The server may receive the information backup request sent by the terminal device, and store the identity identifier and the backup information in association. That is, each terminal device can perform information backup on the server in advance, so that the terminal device can recover the backed up information from the server in time when the information is lost.
可选的,该终端设备在向该服务器发送信息备份请求时,可采用预设加密方式对该备份信息进行加密,并向该服务器发送包括加密后的备份信息和该终端设备的身份标识的信息备份请求。进一步可选的,该终端设备在采用预设的第二私钥对该备份信息进行解密,并在解密成功时,获取该备份信息时,可具体用于在采用预设的第二私钥对该备份信息进行解密,且解密成功时,采用预设解密方式对该备份信息进行解密,以获取该备份信息。也就是说,终端设备在上传备份信息时,可以对该备份信息进行加密,即在服务器存储该加密的备份信息。从而终端设备在进行备份恢复,接收到服务器返回的已加密的备份信息时,能够采用该第二私钥和该预设解密方式对该备份信息进行成功解密后,才能获得该备份信息。从而能够进一步提升安全性能。Optionally, when the terminal device sends an information backup request to the server, the backup information may be encrypted by using a preset encryption manner, and the information including the encrypted backup information and the identity identifier of the terminal device is sent to the server. Backup request. Further, the terminal device decrypts the backup information by using a preset second private key, and when the decryption is successful, the terminal information may be specifically used to adopt a preset second private key pair. The backup information is decrypted, and when the decryption is successful, the backup information is decrypted by using a preset decryption manner to obtain the backup information. That is to say, when uploading the backup information, the terminal device can encrypt the backup information, that is, store the encrypted backup information at the server. Therefore, when the terminal device performs backup and recovery, and receives the encrypted backup information returned by the server, the backup information can be successfully decrypted by using the second private key and the preset decryption manner to obtain the backup information. This further enhances safety performance.
进一步可选的,该预设加密方式可包括密码加密方式、指纹串加密方式、声纹加密方式、虹膜加密方式中的至少一项;相应地,该预设解密方式可包括密码解密方式、指纹串解密方式、声纹解密方式、虹膜解密方式中的至少一项。其中,该预设加密方式与该预设解密方式相对应。比如,该预设加密方式为密码加密方式时,该预设解密方式也为密码解密方式,该密码加密方式和密码解密方式的对应的密码相同;又如,该预设加密方式为指纹串加密方式时,该预设解密方式也为指纹串解密方式,该指纹串加密方式和指纹串解密方式的对应的指纹串相同,包括指纹相同以及指纹输入顺序相同等等。Further, the preset encryption method may include at least one of a password encryption method, a fingerprint string encryption method, a voiceprint encryption method, and an iris encryption method. Accordingly, the preset decryption method may include a password decryption method and a fingerprint. At least one of a string decryption method, a voiceprint decryption method, and an iris decryption method. The preset encryption mode corresponds to the preset decryption mode. For example, when the preset encryption mode is the password encryption mode, the preset decryption mode is also a password decryption mode, and the password encryption mode is the same as the password corresponding to the password decryption mode; for example, the preset encryption mode is fingerprint string encryption. In the mode, the preset decryption mode is also a fingerprint string decryption mode, and the fingerprint string encryption mode is the same as the corresponding fingerprint string of the fingerprint string decryption mode, including the same fingerprint and the same fingerprint input order.
进一步可选的,该服务器还可根据该身份标识确定该终端设备的身份是否合法,并在确定该终端设备的身份合法时,将该身份标识和该备份信息进行关联存储。从而提升安全性能。比如服务器可存储有合法用户的标识列表,如果该终端设备的身份标识处于该标识列表中,即可确定该终端设备的身份合法,对于确定该终端设备的身份是否合法的方式,本发明实施例不做限定。Further optionally, the server may further determine, according to the identity identifier, whether the identity of the terminal device is legal, and associate the identity identifier with the backup information when determining that the identity of the terminal device is legal. Thereby improving safety performance. For example, the server may store the identifier list of the legal user. If the identity of the terminal device is in the identifier list, the identity of the terminal device may be determined. For the manner of determining whether the identity of the terminal device is legal, the embodiment of the present invention Not limited.
进一步可选的,该终端设备还可接收针对用户操作输入的待验证信息,判断该待验证信息是否与预设的校验信息相匹配,并在该待验证信息与该校验信息相匹配时,向该服务器发送备份恢复请求。也就是说,如果确定终端设备需要发送备份恢复请求时,还可用户身份进行验证,并在验证成功时,再发送该备份恢复请求,以提升信息恢复的可靠性。Further optionally, the terminal device may further receive the to-be-verified information input for the user operation, determine whether the to-be-verified information matches the preset verification information, and when the to-be-verified information matches the verification information, , send a backup recovery request to the server. That is to say, if it is determined that the terminal device needs to send a backup recovery request, the user identity may be verified, and when the verification is successful, the backup recovery request is sent to improve the reliability of information recovery.
其中,该待验证信息可包括密码信息、指纹串信息、声纹信息、虹膜信息 中的至少一项。The information to be verified may include password information, fingerprint string information, voiceprint information, and iris information. At least one of them.
可选的,该待验证信息可包括指纹串信息,该指纹串信息包括至少一个指纹以及指纹的输入顺序。进一步的,该终端设备则可通过判断该指纹串信息包括的指纹是否与预设的校验信息中的指纹相匹配,以及该指纹串信息包括的指纹的输入顺序是否与该校验信息中的指纹的输入顺序相同,并在该指纹相匹配、且该指纹的输入顺序相同时,确定该待验证信息与该校验信息相匹配。Optionally, the information to be verified may include fingerprint string information, where the fingerprint string information includes at least one fingerprint and an input sequence of the fingerprint. Further, the terminal device may determine whether the fingerprint included in the fingerprint string information matches the fingerprint in the preset verification information, and whether the input sequence of the fingerprint included in the fingerprint string information is in the verification information. The input order of the fingerprints is the same, and when the fingerprints match and the input order of the fingerprints is the same, it is determined that the information to be verified matches the verification information.
可选的,该待验证信息可包括声纹信息。进一步的,该终端设备则可通过判断该待验证信息包括的声纹信息是否与预设的校验信息中的声纹信息相匹配,并在匹配时,确定该待验证信息与该校验信息相匹配。Optionally, the information to be verified may include voiceprint information. Further, the terminal device may determine whether the voiceprint information included in the to-be-verified information matches the voiceprint information in the preset verification information, and determine the to-be-verified information and the verification information when matching Match.
在本发明实施例中,终端设备可通过向服务器发送携带有已采用预设的第一公钥加密的身份标识的备份恢复请求,使得服务器能够采用预设的第一私钥对该备份恢复请求进行解密,并在解密成功时,获取所述身份标识,查找出与该身份标识对应的备份信息,进而采用预设的第二公钥对该备份信息进行加密后发送给终端设备,使得终端设备能够通过采用预设的第二私钥对该备份信息进行解密,并在解密成功时,获取得到该备份信息,由此能够通过终端设备和服务器的双向加密,提升信息获取的安全性。In the embodiment of the present invention, the terminal device may send a backup recovery request carrying the identity identifier encrypted by using the preset first public key to the server, so that the server can restore the backup request by using the preset first private key. The decryption is performed, and when the decryption is successful, the identity identifier is obtained, and the backup information corresponding to the identity identifier is found, and the backup information is encrypted by using the preset second public key, and then sent to the terminal device, so that the terminal device is The backup information can be decrypted by using the preset second private key, and when the decryption is successful, the backup information is obtained, thereby improving the security of information acquisition through two-way encryption of the terminal device and the server.
请参见图2,是本发明实施例提供一种备份恢复系统的结构示意图。具体的,如图2所示,本发明实施例的备份恢复系统可包括:终端设备201和服务器202;其中,Referring to FIG. 2, it is a schematic structural diagram of a backup and recovery system according to an embodiment of the present invention. Specifically, as shown in FIG. 2, the backup and recovery system of the embodiment of the present invention may include: a terminal device 201 and a server 202;
所述终端设备201,用于向所述服务器202发送备份恢复请求,所述备份恢复请求中携带有所述终端设备201的身份标识,且所述身份标识已采用预设的第一公钥加密;The terminal device 201 is configured to send a backup recovery request to the server 202, where the backup recovery request carries an identity identifier of the terminal device 201, and the identity identifier is encrypted by using a preset first public key. ;
所述服务器202,用于接收所述终端设备201发送的所述备份恢复请求,并采用预设的第一私钥对所述备份恢复请求进行解密,并在解密成功时,获取所述身份标识,查找出与所述身份标识对应的备份信息,并采用预设的第二公钥对所述备份信息进行加密后向所述终端设备201发送所述备份信息;The server 202 is configured to receive the backup recovery request sent by the terminal device 201, and decrypt the backup recovery request by using a preset first private key, and obtain the identity identifier when the decryption is successful. And searching for the backup information corresponding to the identity identifier, and encrypting the backup information by using a preset second public key, and sending the backup information to the terminal device 201;
所述终端设备201,还用于采用预设的第二私钥对所述备份信息进行解密,并在解密成功时,获取所述备份信息; The terminal device 201 is further configured to decrypt the backup information by using a preset second private key, and obtain the backup information when the decryption succeeds;
其中,所述第一公钥和所述第一私钥为预先生成的第一密钥对,所述第二公钥和所述第二私钥为预先生成的第二密钥对,且所述第一密钥对和所述第二密钥对所对应的密钥不同。The first public key and the first private key are pre-generated first key pairs, and the second public key and the second private key are pre-generated second key pairs, and The first key pair and the second key pair are different in key.
可选的,所述终端设备201,还可用于向所述服务器202发送信息备份请求,所述信息备份请求包括所述终端设备201的备份信息和所述终端设备201的身份标识;Optionally, the terminal device 201 is further configured to send an information backup request to the server 202, where the information backup request includes backup information of the terminal device 201 and an identity identifier of the terminal device 201;
所述服务器202,还可用于接收所述终端设备201发送的所述信息备份请求,并将所述身份标识和所述备份信息进行关联存储。The server 202 is further configured to receive the information backup request sent by the terminal device 201, and store the identity identifier and the backup information in association.
可选的,所述终端设备201,可具体用于采用预设加密方式对所述备份信息进行加密,并向所述服务器202发送包括加密后的备份信息和所述终端设备201的身份标识的信息备份请求。Optionally, the terminal device 201 may be specifically configured to encrypt the backup information by using a preset encryption manner, and send the encrypted backup information and the identity identifier of the terminal device 201 to the server 202. Information backup request.
可选的,所述终端设备201,可具体用于在采用预设的第二私钥对所述备份信息进行解密,且解密成功时,采用预设解密方式对所述备份信息进行解密,以获取所述备份信息,其中,所述预设加密方式与所述预设解密方式相对应。Optionally, the terminal device 201 is specifically configured to decrypt the backup information by using a preset second private key, and decrypt the backup information by using a preset decryption manner when the decryption is successful, Obtaining the backup information, where the preset encryption manner corresponds to the preset decryption manner.
可选的,所述预设加密方式包括密码加密方式、指纹串加密方式、声纹加密方式、虹膜加密方式中的至少一项;相应地,所述预设解密方式包括密码解密方式、指纹串解密方式、声纹解密方式、虹膜解密方式中的至少一项。Optionally, the preset encryption mode includes at least one of a password encryption mode, a fingerprint string encryption mode, a voiceprint encryption mode, and an iris encryption mode; and correspondingly, the preset decryption mode includes a password decryption mode and a fingerprint string. At least one of a decryption method, a voiceprint decryption method, and an iris decryption method.
可选的,所述服务器202,可具体用于根据所述身份标识确定所述终端设备201的身份是否合法,并在确定所述终端设备201的身份合法时,将所述身份标识和所述备份信息进行关联存储。Optionally, the server 202 is specifically configured to determine, according to the identity identifier, whether the identity of the terminal device 201 is legal, and when determining that the identity of the terminal device 201 is legal, the identity identifier and the Backup information is stored in association.
具体的,该终端设备201可参照上述图1所示实施例中的终端设备的相关描述,该服务器202可参照上述图1所示实施例中的服务器的相关描述,此处不赘述。Specifically, the terminal device 201 can refer to the related description of the terminal device in the embodiment shown in FIG. 1 , and the server 202 can refer to the related description of the server in the embodiment shown in FIG. 1 , and details are not described herein.
请参见图3,是本发明实施例提供的一种终端设备的结构示意图。具体的,如图3所示,本发明实施例的所述终端设备300可包括通信单元301和处理单元302。其中,这些单元可以执行上述方法示例中终端设备的相应功能,例如,FIG. 3 is a schematic structural diagram of a terminal device according to an embodiment of the present invention. Specifically, as shown in FIG. 3, the terminal device 300 of the embodiment of the present invention may include a communication unit 301 and a processing unit 302. Wherein, these units can perform corresponding functions of the terminal device in the above method example, for example,
通信单元301,用于向服务器发送备份恢复请求,所述备份恢复请求中携带有所述终端设备的身份标识,且所述身份标识已采用预设的第一公钥加密; The communication unit 301 is configured to send a backup recovery request to the server, where the backup recovery request carries the identity identifier of the terminal device, and the identity identifier has been encrypted by using a preset first public key;
所述通信单元301,还用于接收所述服务器发送的备份信息,所述备份信息是所述服务器采用预设的第一私钥对所述备份恢复请求进行解密,且在解密成功时,获取与所述身份标识对应的备份信息,并采用预设的第二公钥对所述备份信息进行加密后向所述终端设备发送的;The communication unit 301 is further configured to receive backup information sent by the server, where the backup information is that the server decrypts the backup recovery request by using a preset first private key, and when the decryption succeeds, acquiring The backup information corresponding to the identity identifier, and the backup information is encrypted by using a preset second public key, and then sent to the terminal device;
处理单元302,用于采用预设的第二私钥对所述备份信息进行解密,并在解密成功时,获取所述备份信息;The processing unit 302 is configured to decrypt the backup information by using a preset second private key, and obtain the backup information when the decryption succeeds;
其中,所述第一公钥和所述第一私钥为预先生成的第一密钥对,所述第二公钥和所述第二私钥为预先生成的第二密钥对,且所述第一密钥对和所述第二密钥对所对应的密钥不同。The first public key and the first private key are pre-generated first key pairs, and the second public key and the second private key are pre-generated second key pairs, and The first key pair and the second key pair are different in key.
可选的,所述通信单元301,还可用于向所述服务器发送信息备份请求,所述信息备份请求包括所述终端设备的备份信息和所述终端设备的身份标识,以使所述服务器将所述身份标识和所述备份信息进行关联存储。Optionally, the communication unit 301 is further configured to send an information backup request to the server, where the information backup request includes backup information of the terminal device and an identity identifier of the terminal device, so that the server The identity identifier and the backup information are stored in association.
可选的,所述通信单元301在向所述服务器发送信息备份请求时,可具体用于:Optionally, when the communication unit 301 sends an information backup request to the server, the communication unit 301 may be specifically configured to:
采用预设加密方式对所述备份信息进行加密,并向所述服务器发送包括加密后的备份信息和所述终端设备的身份标识的信息备份请求;And encrypting the backup information by using a preset encryption manner, and sending an information backup request including the encrypted backup information and the identity identifier of the terminal device to the server;
所述处理单元302在采用预设的第二私钥对所述备份信息进行解密,并在解密成功时,获取所述备份信息时,可具体用于:The processing unit 302 decrypts the backup information by using a preset second private key, and when the decryption is successful, the backup information may be specifically used for:
采用预设的第二私钥对所述备份信息进行解密,且解密成功时,采用预设解密方式对所述备份信息进行解密,以获取所述备份信息;Decrypting the backup information by using a preset second private key, and decrypting the backup information by using a preset decryption manner to obtain the backup information;
其中,所述预设加密方式与所述预设解密方式相对应。The preset encryption mode corresponds to the preset decryption mode.
进一步可选的,所述预设加密方式可包括密码加密方式、指纹串加密方式、声纹加密方式、虹膜加密方式中的至少一项;相应地,所述预设解密方式可包括密码解密方式、指纹串解密方式、声纹解密方式、虹膜解密方式中的至少一项。Further, the preset encryption method may include at least one of a password encryption method, a fingerprint string encryption method, a voiceprint encryption method, and an iris encryption method. Accordingly, the preset decryption method may include a password decryption method. At least one of a fingerprint decryption method, a voiceprint decryption method, and an iris decryption method.
具体的,该终端设备可通过上述单元实现上述图1所示实施例中的备份恢复方法中的部分或全部步骤。应理解,本发明实施例是对应方法实施例的装置实施例,对方法实施例的描述,也适用于本发明实施例。 Specifically, the terminal device may implement some or all of the steps in the backup recovery method in the foregoing embodiment shown in FIG. 1 by using the foregoing unit. It should be understood that the embodiments of the present invention are device embodiments corresponding to the method embodiments, and the description of the method embodiments is also applicable to the embodiments of the present invention.
请参见图4,是本发明另一实施例提供的一种终端设备的结构示意图。具体的,如图4所示,本发明实施例的所述终端设备400可以包括:一个或多个处理器401;还可选的包括一个或多个收发器402、用户接口403和存储器404等等。上述处理器401、收发器402、用户接口403和存储器404可以通过总线405连接,或者也可以通过其他方式连接。存储器404可用于存储指令,处理器401可用于执行存储器404存储的指令。FIG. 4 is a schematic structural diagram of a terminal device according to another embodiment of the present invention. Specifically, as shown in FIG. 4, the terminal device 400 of the embodiment of the present invention may include: one or more processors 401; and optionally include one or more transceivers 402, a user interface 403, a memory 404, and the like. Wait. The processor 401, the transceiver 402, the user interface 403, and the memory 404 may be connected by a bus 405, or may be connected by other means. Memory 404 can be used to store instructions, and processor 401 can be used to execute instructions stored by memory 404.
应当理解,在本发明实施例中,所述处理器401可以是中央处理单元(Central Processing Unit,CPU),该处理器还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。It should be understood that, in the embodiment of the present invention, the processor 401 may be a central processing unit (CPU), and the processor may also be another general-purpose processor, a digital signal processor (DSP). , Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component, etc. The general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
该收发器402可用于接收和/或发送信息。The transceiver 402 can be used to receive and/or transmit information.
该用户接口403可以包括触控板、指纹传感器(用于采集用户的指纹信息)、麦克风等,也可以包括显示器(LCD等)、扬声器等。The user interface 403 may include a touchpad, a fingerprint sensor (for collecting fingerprint information of the user), a microphone, etc., and may also include a display (LCD or the like), a speaker, and the like.
该存储器404可以包括只读存储器和随机存取存储器,并向处理器401提供指令和数据。存储器404的一部分还可以包括非易失性随机存取存储器。The memory 404 can include read only memory and random access memory and provides instructions and data to the processor 401. A portion of memory 404 may also include non-volatile random access memory.
其中,处理器401可具体用于:通过所述收发器402向服务器发送备份恢复请求,所述备份恢复请求中携带有所述终端设备的身份标识,且所述身份标识已采用预设的第一公钥加密;通过所述收发器402接收所述服务器发送的备份信息,所述备份信息是所述服务器采用预设的第一私钥对所述备份恢复请求进行解密,且在解密成功时,获取与所述身份标识对应的备份信息,并采用预设的第二公钥对所述备份信息进行加密后向所述终端设备发送的;采用预设的第二私钥对所述备份信息进行解密,并在解密成功时,获取所述备份信息;其中,所述第一公钥和所述第一私钥为预先生成的第一密钥对,所述第二公钥和所述第二私钥为预先生成的第二密钥对,且所述第一密钥对和所述第二密钥对所对应的密钥不同。The processor 401 is specifically configured to: send, by using the transceiver 402, a backup and recovery request to the server, where the backup and recovery request carries the identity identifier of the terminal device, and the identity identifier has adopted a preset a public key encryption; receiving, by the transceiver 402, backup information sent by the server, where the backup information is that the server decrypts the backup recovery request by using a preset first private key, and when the decryption is successful Obtaining the backup information corresponding to the identity identifier, and encrypting the backup information by using a preset second public key, and sending the backup information to the terminal device; using the preset second private key to the backup information Decrypting, and when the decryption is successful, acquiring the backup information; wherein the first public key and the first private key are pre-generated first key pairs, the second public key and the first The second private key is a pre-generated second key pair, and the first key pair and the second key pair correspond to different keys.
可选的,处理器401还用于执行以下步骤:Optionally, the processor 401 is further configured to perform the following steps:
通过所述收发器402向所述服务器发送信息备份请求,所述信息备份请求 包括所述终端设备的备份信息和所述终端设备的身份标识,以使所述服务器将所述身份标识和所述备份信息进行关联存储。Sending an information backup request to the server through the transceiver 402, the information backup request And including the backup information of the terminal device and the identity identifier of the terminal device, so that the server associates the identity identifier and the backup information in association.
可选的,处理器401还用于执行以下步骤:Optionally, the processor 401 is further configured to perform the following steps:
采用预设加密方式对所述备份信息进行加密,并通过所述收发器402向所述服务器发送包括加密后的备份信息和所述终端设备的身份标识的信息备份请求;And encrypting the backup information by using a preset encryption manner, and sending, by the transceiver 402, an information backup request including the encrypted backup information and the identity identifier of the terminal device to the server;
所述处理器401在采用预设的第二私钥对所述备份信息进行解密,并在解密成功时,获取所述备份信息时,可具体用于:The processor 401 decrypts the backup information by using a preset second private key, and when the decryption is successful, the backup information may be specifically used for:
采用预设的第二私钥对所述备份信息进行解密,且解密成功时,采用预设解密方式对所述备份信息进行解密,以获取所述备份信息;Decrypting the backup information by using a preset second private key, and decrypting the backup information by using a preset decryption manner to obtain the backup information;
其中,所述预设加密方式与所述预设解密方式相对应。The preset encryption mode corresponds to the preset decryption mode.
可选的,所述预设加密方式包括密码加密方式、指纹串加密方式、声纹加密方式、虹膜加密方式中的至少一项;相应地,所述预设解密方式包括密码解密方式、指纹串解密方式、声纹解密方式、虹膜解密方式中的至少一项。Optionally, the preset encryption mode includes at least one of a password encryption mode, a fingerprint string encryption mode, a voiceprint encryption mode, and an iris encryption mode; and correspondingly, the preset decryption mode includes a password decryption mode and a fingerprint string. At least one of a decryption method, a voiceprint decryption method, and an iris decryption method.
具体实现中,本发明实施例中所描述的处理器401、收发器402、用户接口03、存储器404可执行图1所示实施例中的备份恢复方法所描述的实现方式,也可执行本发明实施例所描述的终端设备的实现方式,在此不再赘述。In a specific implementation, the processor 401, the transceiver 402, the user interface 03, and the memory 404 described in the embodiment of the present invention may implement the implementation described in the backup recovery method in the embodiment shown in FIG. 1, and may also perform the present invention. The implementation manner of the terminal device described in the embodiment is not described herein again.
在本发明的另一实施例中提供一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现图1所示实施例的备份恢复方法。In another embodiment of the present invention, there is provided a computer readable storage medium storing a computer program, the computer program being executed by a processor to implement a backup recovery method of the embodiment shown in FIG. .
所述计算机可读存储介质可以是前述任一实施例所述的终端设备的内部存储单元,例如终端设备的硬盘或内存。所述计算机可读存储介质也可以是所述终端设备的外部存储设备,例如所述终端设备上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,所述计算机可读存储介质还可以既包括所述终端设备的内部存储单元也包括外部存储设备。所述计算机可读存储介质用于存储所述计算机程序以及所述终端设备所需的其他程序和数据。所述计算机可读存储介质还可以用于暂时地存储已经输出或者将要输出的数据。The computer readable storage medium may be an internal storage unit of the terminal device described in any of the foregoing embodiments, such as a hard disk or a memory of the terminal device. The computer readable storage medium may also be an external storage device of the terminal device, such as a plug-in hard disk equipped on the terminal device, a smart memory card (SMC), and a secure digital (Secure Digital, SD) ) cards, flash cards, etc. Further, the computer readable storage medium may also include both an internal storage unit of the terminal device and an external storage device. The computer readable storage medium is for storing the computer program and other programs and data required by the terminal device. The computer readable storage medium can also be used to temporarily store data that has been output or is about to be output.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示 例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。One of ordinary skill in the art will recognize the various aspects described in connection with the embodiments disclosed herein. The unit and algorithm steps of the example can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the interchangeability of hardware and software, the examples have been generally described in terms of functions in the above description. Composition and steps. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的系统、终端设备和服务器的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。A person skilled in the art can clearly understand that, for the convenience and brevity of the description, the specific working process of the system, the terminal device and the server described above can be referred to the corresponding process in the foregoing method embodiments, and details are not described herein again.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、终端设备和服务器和方法,可以通过其它的方式实现。例如,本发明实施例中对单元的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。本发明实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,或一些特征可以忽略,或不执行。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口、装置或单元的间接耦合或通信连接,也可以是电的,机械的或其它的形式连接。In the several embodiments provided by the present application, it should be understood that the disclosed system, terminal device, and server and method may be implemented in other manners. For example, the division of the unit in the embodiment of the present invention is schematic, and is only a logical function division, and the actual implementation may have another division manner. Each functional unit in the embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated in one unit, or some features may be ignored or not executed. . The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, or an electrical, mechanical or other form of connection.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本发明实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the embodiments of the present invention.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以是两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分,或者该技术方案的全 部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。The integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention contributes in essence or to the prior art, or the entire technical solution The portion or portion may be embodied in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the various aspects of the present invention. All or part of the steps of the method described in the examples. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以权利要求的保护范围为准。 The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any equivalent person can be easily conceived within the technical scope of the present invention by any person skilled in the art. Modifications or substitutions are intended to be included within the scope of the invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims (10)

  1. 一种备份恢复方法,其特征在于,包括:A backup recovery method, comprising:
    终端设备向服务器发送备份恢复请求,所述备份恢复请求中携带有所述终端设备的身份标识,且所述身份标识已采用预设的第一公钥加密;The terminal device sends a backup recovery request to the server, where the backup recovery request carries the identity identifier of the terminal device, and the identity identifier has been encrypted by using a preset first public key;
    所述终端设备接收所述服务器发送的备份信息,所述备份信息是所述服务器采用预设的第一私钥对所述备份恢复请求进行解密,且在解密成功时,获取与所述身份标识对应的备份信息,并采用预设的第二公钥对所述备份信息进行加密后向所述终端设备发送的;The terminal device receives the backup information sent by the server, where the backup information is that the server decrypts the backup recovery request by using a preset first private key, and acquires the identity identifier when the decryption succeeds. Corresponding backup information, and encrypting the backup information by using a preset second public key, and sending the backup information to the terminal device;
    所述终端设备采用预设的第二私钥对所述备份信息进行解密,并在解密成功时,获取所述备份信息;The terminal device decrypts the backup information by using a preset second private key, and acquires the backup information when the decryption succeeds;
    其中,所述第一公钥和所述第一私钥为预先生成的第一密钥对,所述第二公钥和所述第二私钥为预先生成的第二密钥对,且所述第一密钥对和所述第二密钥对所对应的密钥不同。The first public key and the first private key are pre-generated first key pairs, and the second public key and the second private key are pre-generated second key pairs, and The first key pair and the second key pair are different in key.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 further comprising:
    所述终端设备向所述服务器发送信息备份请求,所述信息备份请求包括所述终端设备的备份信息和所述终端设备的身份标识,以使所述服务器将所述身份标识和所述备份信息进行关联存储。The terminal device sends an information backup request to the server, where the information backup request includes backup information of the terminal device and an identity identifier of the terminal device, so that the server uses the identity identifier and the backup information. Perform associative storage.
  3. 根据权利要求2所述的方法,其特征在于,所述终端设备向所述服务器发送信息备份请求,包括:The method according to claim 2, wherein the terminal device sends an information backup request to the server, including:
    所述终端设备采用预设加密方式对所述备份信息进行加密,并向所述服务器发送包括加密后的备份信息和所述终端设备的身份标识的信息备份请求;The terminal device encrypts the backup information by using a preset encryption manner, and sends an information backup request including the encrypted backup information and the identity identifier of the terminal device to the server;
    所述终端设备采用预设的第二私钥对所述备份信息进行解密,并在解密成功时,获取所述备份信息,包括:The terminal device decrypts the backup information by using a preset second private key, and obtains the backup information when the decryption succeeds, including:
    所述终端设备采用预设的第二私钥对所述备份信息进行解密,且解密成功时,采用预设解密方式对所述备份信息进行解密,以获取所述备份信息;The terminal device decrypts the backup information by using a preset second private key, and decrypts the backup information by using a preset decryption manner to obtain the backup information;
    其中,所述预设加密方式与所述预设解密方式相对应。 The preset encryption mode corresponds to the preset decryption mode.
  4. 根据权利要求3所述的方法,其特征在于,The method of claim 3 wherein:
    所述预设加密方式包括密码加密方式、指纹串加密方式、声纹加密方式、虹膜加密方式中的至少一项;The preset encryption method includes at least one of a password encryption method, a fingerprint string encryption method, a voiceprint encryption method, and an iris encryption method;
    所述预设解密方式包括密码解密方式、指纹串解密方式、声纹解密方式、虹膜解密方式中的至少一项。The preset decryption method includes at least one of a password decryption method, a fingerprint string decryption method, a voiceprint decryption method, and an iris decryption method.
  5. 一种备份恢复系统,其特征在于,包括:终端设备和服务器;其中,A backup and recovery system, comprising: a terminal device and a server; wherein
    所述终端设备,用于向所述服务器发送备份恢复请求,所述备份恢复请求中携带有所述终端设备的身份标识,且所述身份标识已采用预设的第一公钥加密;The terminal device is configured to send a backup and restore request to the server, where the backup and recovery request carries an identity identifier of the terminal device, and the identity identifier is encrypted by using a preset first public key;
    所述服务器,用于接收所述终端设备发送的所述备份恢复请求,并采用预设的第一私钥对所述备份恢复请求进行解密,并在解密成功时,获取所述身份标识,查找出与所述身份标识对应的备份信息,并采用预设的第二公钥对所述备份信息进行加密后向所述终端设备发送所述备份信息;The server is configured to receive the backup recovery request sent by the terminal device, and decrypt the backup recovery request by using a preset first private key, and obtain the identity identifier and search when the decryption succeeds And generating the backup information corresponding to the identity identifier, and encrypting the backup information by using a preset second public key, and sending the backup information to the terminal device;
    所述终端设备,还用于采用预设的第二私钥对所述备份信息进行解密,并在解密成功时,获取所述备份信息;The terminal device is further configured to decrypt the backup information by using a preset second private key, and obtain the backup information when the decryption succeeds;
    其中,所述第一公钥和所述第一私钥为预先生成的第一密钥对,所述第二公钥和所述第二私钥为预先生成的第二密钥对,且所述第一密钥对和所述第二密钥对所对应的密钥不同。The first public key and the first private key are pre-generated first key pairs, and the second public key and the second private key are pre-generated second key pairs, and The first key pair and the second key pair are different in key.
  6. 根据权利要求5所述的系统,其特征在于,The system of claim 5 wherein:
    所述终端设备,还用于向所述服务器发送信息备份请求,所述信息备份请求包括所述终端设备的备份信息和所述终端设备的身份标识;The terminal device is further configured to send an information backup request to the server, where the information backup request includes backup information of the terminal device and an identity identifier of the terminal device;
    所述服务器,还用于接收所述终端设备发送的所述信息备份请求,并将所述身份标识和所述备份信息进行关联存储。The server is further configured to receive the information backup request sent by the terminal device, and store the identity identifier and the backup information in association.
  7. 根据权利要求6所述的系统,其特征在于,The system of claim 6 wherein:
    所述终端设备,具体用于采用预设加密方式对所述备份信息进行加密,并向所述服务器发送包括加密后的备份信息和所述终端设备的身份标识的信息 备份请求。The terminal device is specifically configured to encrypt the backup information by using a preset encryption manner, and send information including the encrypted backup information and the identity identifier of the terminal device to the server. Backup request.
  8. 根据权利要求7所述的系统,其特征在于,The system of claim 7 wherein:
    所述终端设备,具体用于在采用预设的第二私钥对所述备份信息进行解密,且解密成功时,采用预设解密方式对所述备份信息进行解密,以获取所述备份信息,其中,所述预设加密方式与所述预设解密方式相对应。The terminal device is specifically configured to decrypt the backup information by using a preset second private key, and decrypt the backup information by using a preset decryption manner to obtain the backup information. The preset encryption mode corresponds to the preset decryption mode.
  9. 根据权利要求8所述的系统,其特征在于,The system of claim 8 wherein:
    所述预设加密方式包括密码加密方式、指纹串加密方式、声纹加密方式、虹膜加密方式中的至少一项;The preset encryption method includes at least one of a password encryption method, a fingerprint string encryption method, a voiceprint encryption method, and an iris encryption method;
    所述预设解密方式包括密码解密方式、指纹串解密方式、声纹解密方式、虹膜解密方式中的至少一项。The preset decryption method includes at least one of a password decryption method, a fingerprint string decryption method, a voiceprint decryption method, and an iris decryption method.
  10. 根据权利要求6-9任一项所述的系统,其特征在于,A system according to any one of claims 6-9, wherein
    所述服务器,具体用于根据所述身份标识确定所述终端设备的身份是否合法,并在确定所述终端设备的身份合法时,将所述身份标识和所述备份信息进行关联存储。 The server is configured to determine whether the identity of the terminal device is legal according to the identity identifier, and when the identity of the terminal device is determined to be legal, the identity identifier and the backup information are stored in association.
PCT/CN2017/097943 2017-08-17 2017-08-17 Backup recovery method and system WO2019033374A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/097943 WO2019033374A1 (en) 2017-08-17 2017-08-17 Backup recovery method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/097943 WO2019033374A1 (en) 2017-08-17 2017-08-17 Backup recovery method and system

Publications (1)

Publication Number Publication Date
WO2019033374A1 true WO2019033374A1 (en) 2019-02-21

Family

ID=65362613

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/097943 WO2019033374A1 (en) 2017-08-17 2017-08-17 Backup recovery method and system

Country Status (1)

Country Link
WO (1) WO2019033374A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040236958A1 (en) * 2003-05-25 2004-11-25 M-Systems Flash Disk Pioneers, Ltd. Method and system for maintaining backup of portable storage devices
CN101006428A (en) * 2004-06-21 2007-07-25 摩托罗拉公司 Secure data backup and recovery
CN101325785A (en) * 2008-07-28 2008-12-17 深圳华为通信技术有限公司 Method and apparatus for backup and recuperation of data, mobile equipment
CN101483513A (en) * 2009-02-09 2009-07-15 上海爱数软件有限公司 Network backup system, data backup and recovery method
CN106126373A (en) * 2016-06-21 2016-11-16 青岛海信传媒网络技术有限公司 Data back up method and device, data reconstruction method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040236958A1 (en) * 2003-05-25 2004-11-25 M-Systems Flash Disk Pioneers, Ltd. Method and system for maintaining backup of portable storage devices
CN101006428A (en) * 2004-06-21 2007-07-25 摩托罗拉公司 Secure data backup and recovery
CN101325785A (en) * 2008-07-28 2008-12-17 深圳华为通信技术有限公司 Method and apparatus for backup and recuperation of data, mobile equipment
CN101483513A (en) * 2009-02-09 2009-07-15 上海爱数软件有限公司 Network backup system, data backup and recovery method
CN106126373A (en) * 2016-06-21 2016-11-16 青岛海信传媒网络技术有限公司 Data back up method and device, data reconstruction method and device

Similar Documents

Publication Publication Date Title
JP6239788B2 (en) Fingerprint authentication method, apparatus, intelligent terminal, and computer storage medium
WO2020237868A1 (en) Data transmission method, electronic device, server and storage medium
CN110798315B (en) Data processing method and device based on block chain and terminal
WO2017071493A1 (en) Identification, service processing and biometric information processing method and device
US20100138667A1 (en) Authentication using stored biometric data
WO2021141620A1 (en) Remote grant of access to locked data storage device
EP2628133B1 (en) Authenticate a fingerprint image
CN104239815A (en) Electronic document encryption and decryption method and method based on iris identification
TWI724684B (en) Method, system and device for performing cryptographic operations subject to identity verification
CN111242611B (en) Method and system for recovering digital wallet key
CN113221128B (en) Account and password storage method and registration management system
CA2686801C (en) Authetication using stored biometric data
WO2021141619A1 (en) Recovery key for unlocking a data storage device
CN106487758B (en) data security signature method, service terminal and private key backup server
US11334677B2 (en) Multi-role unlocking of a data storage device
US11366933B2 (en) Multi-device unlocking of a data storage device
WO2018166484A1 (en) Data encryption and decryption methods and apparatuses, electronic device and readable storage medium
US11265152B2 (en) Enrolment of pre-authorized device
US20170330177A1 (en) Payment terminal authentication
CN109075974B (en) Binding authentication method of fingerprint algorithm library and fingerprint sensor and fingerprint identification system
CN113316915B (en) Unlocking a data storage device
WO2019033374A1 (en) Backup recovery method and system
WO2015131585A1 (en) Method and device for ensuring sd card security
CN113383335A (en) Secure logging of data storage device events
CN106598773A (en) Trusted system restoring device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17921552

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 24.09.2020)

122 Ep: pct application non-entry in european phase

Ref document number: 17921552

Country of ref document: EP

Kind code of ref document: A1