CN105844170A - File processing method and device - Google Patents
File processing method and device Download PDFInfo
- Publication number
- CN105844170A CN105844170A CN201510024398.7A CN201510024398A CN105844170A CN 105844170 A CN105844170 A CN 105844170A CN 201510024398 A CN201510024398 A CN 201510024398A CN 105844170 A CN105844170 A CN 105844170A
- Authority
- CN
- China
- Prior art keywords
- file
- application
- encrypted
- encryption
- temporary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a file processing method and device. The file processing method comprises following steps: receiving an access request of a first application to a first file, wherein the access request comprises decryption information used for decrypting the first file; decrypting the first file according to the decryption information; creating a temporary file of the first file according to the decrypted first file; outputting the temporary file of the first file; and processing the first file and / or the temporary file according to operation of the first application on the temporary file. The embodiment of the application has following beneficial effects: by encipherment protection of an operation file of an application program, the file can be decrypted by a corresponding application program when the application program accesses the file and plaintext content of the file can be accessed. Therefore, data safety is ensured and privacy leakage is avoided. The method helps improve safety of storage files in a storage card.
Description
Technical field
The application relates to technical field of data processing, particularly relates to a kind of document handling method and one literary composition
Part processing means.
Background technology
Along with the development of modern communications and improving constantly of mobile terminal self performance, mobile phone etc. moves
Terminal has come into the intelligent digital epoch, and it is open and easy-to-use for Android (Android) system addresses
One of property mainstream operation system becoming current mobile device.Android phone is hidden with the life of individual
Contact private, business activity is increasingly tightr, but consequently also brings asking of data safety and secret protection
Topic.
Different according to the position that data store, the data of android system are divided into internal SQLite data base
In data and the data of external storage card.The data of external storage card are mainly stored in document form
In safe digital card (Secure Digital Memory Card, SD).But android system is to SD
File access authority granularity in card is excessive, only accesses and the control of authority that can not access, certain application
As long as program application is to accessing the big portion that the authority of SD card just can arbitrarily read, distort in SD card
Single cent part, in brief, application program can arbitrarily read, distort another application program exists
The file preserved in SD card.Such as, the application program such as App A, App B, App C was all running
Journey creates respective file File A, File B, File C, and File A, File B, File C respectively
It is stored in SD card, as long as a certain rogue program has applied for that the authority accessing this SD card just can access
And distort these files, thus easily cause the leakage of the private datas such as the photo of user, notepad.
Therefore, a technical problem that those skilled in the art urgently solve is presently required exactly: how to carry
High storage card stores the safety of file.
Summary of the invention
The embodiment of the present application technical problem to be solved is to provide a kind of document handling method, it is possible to increase
Storage card stores the safety of file.
Accordingly, the embodiment of the present application additionally provides a kind of document handling apparatus, in order to ensure said method
Realization and application.
In order to solve the problems referred to above, this application discloses a kind of document handling method, including:
Receiving first application access request to the first file, described access request includes for described
The decryption information that first file is decrypted;
According to described decryption information, described first file is decrypted;
Temporary file according to the first file described in described first document creation after deciphering;
Export the temporary file of described first file;
According to described first application operation to described temporary file, to described first file and/or described in face
Time file process.
Further, before the access request to the first file is applied in described reception first, described method is also
Including:
Receiving described first application CIPHERING REQUEST to described first file, described CIPHERING REQUEST includes using
Confidential information is added in what described first file was encrypted;
According to the described confidential information that adds, described first file is encrypted.
Further, before described reception is to the CIPHERING REQUEST of described first file, described method also includes:
Verify whether described first application has the encryption authority being encrypted described first file;
If so, further according to the described confidential information that adds, described first file is encrypted.
Further, described CIPHERING REQUEST also includes described first application Authority Verification information, wherein,
Described Authority Verification information is to encrypting authentication platform application to described first in described first application
The encrypted right that file is encrypted in limited time, is audited by by described encryption authentication platform and authorizes described
The information returned after encryption authority;
Whether described first application of described checking has the encryption authority being encrypted described first file,
Including:
Whether have described first file is entered according to the first application described in described Authority Verification Information Authentication
The encryption authority of row encryption.
Further, the described operation according to described first application to described temporary file, to described first literary composition
Part and/or described temporary file process, including:
If described first application is read operation to the operation of described temporary file, then apply described first
After reading described temporary file, delete described temporary file;
If described first application is content update operation to the operation of described temporary file, then to updating after
Described first file replaced by described temporary file after being encrypted.
Present invention also provides a kind of document handling apparatus, including:
First request reception unit, is configured to the access request receiving the first application to the first file, institute
State access request and include the decryption information for described first file is decrypted;
Decryption unit, is configured to be decrypted described first file according to described decryption information;
File generating unit, is configured to according to the first file described in described first document creation after deciphering
Temporary file;
File output unit, is configured to export the temporary file of described first file;
Document handling unit, is configured to apply the operation to described temporary file according to described first, right
Described first file and/or described temporary file process.
Further, described device also includes:
Second request reception unit, is configured to receive the first application in described first request reception unit right
Before the access request of the first file, receive described first application CIPHERING REQUEST to described first file,
Described CIPHERING REQUEST includes adding confidential information for be encrypted described first file;
Ciphering unit, is configured to add confidential information described in basis and is encrypted described first file.
Further, described device also includes:
Authority Verification unit, be configured to described ciphering unit according to described in add confidential information to described first
Before file is encrypted, verifies whether described first application has and described first file is encrypted
Encryption authority;
Described ciphering unit, be configured as described Authority Verification unit checking described first application have right
The encrypted right that described first file is encrypted is prescribed a time limit, further according to the described confidential information that adds to described first file
It is encrypted.
Further, described CIPHERING REQUEST also includes described first application Authority Verification information, wherein,
Described Authority Verification information is to encrypting authentication platform application to described first in described first application
The encrypted right that file is encrypted in limited time, is audited by by described encryption authentication platform and authorizes described
The information returned after encryption authority;
Described Authority Verification unit, is configured to according to the first application described in described Authority Verification Information Authentication
Whether there is the encryption authority being encrypted described first file.10, according in claim 6 to 9
Device described in any one, it is characterised in that
Described document handling unit, being configured as described first application to the operation of described temporary file is
During read operation, after described temporary file is read in described first application, delete described temporary file;When
When described first application is content update operation to the operation of described temporary file, face described in after updating
Time file be encrypted after replace described first file.
Compared with prior art, the embodiment of the present application includes advantages below:
The embodiment of the present application is by the encipherment protection to application program operating file so that visit at application program
When asking this document, the only application program of its correspondence namely " host " application of file could realize literary composition
The deciphering of part, just can have access to the clear content of file, thus decrease rogue program in prior art and lead to
File in overscanning storage card can obtain file content and cause problem of data safety and privacy leakage
Situation, the method increases the safety storing file in storage card.
Accompanying drawing explanation
Fig. 1 is the flow chart of steps of a kind of document handling method embodiment of the application;
Fig. 2 is the flow chart of steps of the another kind of document handling method embodiment of the application;
Fig. 3 is the structured flowchart of a kind of document handling apparatus embodiment of the application;
Fig. 4 is the structured flowchart of the another kind of document handling apparatus embodiment of the application.
Detailed description of the invention
Understandable, below in conjunction with the accompanying drawings for enabling the above-mentioned purpose of the application, feature and advantage to become apparent from
With detailed description of the invention, the application is described in further detail.
With reference to Fig. 1, it is shown that the flow chart of steps of a kind of document handling method embodiment of the application, tool
Body may include steps of:
Step 101, receives first application access request to the first file, and this access request includes using
In the decryption information that the first file is decrypted.
In the embodiment of the present application, this document processing means can be operating system itself or be arranged on operation system
Device in system, this operating system can be android system.
This document processing means has the function realizing encrypting and protecting files, such as can be in SD card
Storage file is encrypted protection.This function can be by being used for open one of the application layer of operating system
(Application Programming Interface, application programming connects to realize the API of file encryption-decryption
Mouthful) realize, the exploitation side of application program can realize being applied to program operation by calling this API
The file produced carries out encryption and decryption.Wherein, this API specifically can be by revising the source code of operating system
Realize.
This document processing means can actively or the request of exploitation side based on application program is to applying journey
The content of file that sort run produces is encrypted, wherein this document content add confidential information and decryption information
(such as encryption key and decruption key) can be by the exploitation side of document handling apparatus and application program
Side determines and informs the opposing party, it is also possible to consult by both party to determine.
In the present embodiment, the first application is run the first file produced and carries out by this document processing means in advance
Encryption.Wherein, AES can be other AESs such as AES encryption algorithm, or DES.
Initiate access request when the first application needs to access its first file, and wrap in this access request
Containing for decryption information that the first file is decrypted, the such as private key of this first application and development side, or
A certain password etc..
This document processing means, after receiving this access request, obtains decryption information therein, performs step
Rapid 102.
Step 102, is decrypted the first file according to decryption information.
This document processing means is according to this decryption information, and the private key of the such as first application and development side, to first
File is decrypted, it is thus achieved that the first file after deciphering, namely the plaintext of the first file.
Step 103, according to the temporary file of first document creation the first file after deciphering.
This document processing means creates according to the plaintext of the first file or generates same with the first file further
The temporary file of type.First application has reformed into the access to temporary file to the access of the first file.
Step 104, exports the temporary file of the first file.
This document processing means returns the temporary file of the first file to the first application, makes for the first application
With.
Step 105, according to first application operation to temporary file, to the first file and/or temporary file
Process.
Document handling apparatus can be according to the first application operational circumstances to temporary file, to the first file or face
Time file, or the first file and temporary file process.
Such as, if the first application is only read operation to the operation of temporary file, then read in the first application
After temporary file, document handling apparatus deletes this temporary file.
If the first application is content update operation to the operation of temporary file, such as, deletes or increase or repair
Change, then document handling apparatus can delete the first file, and the temporary file after updating is encrypted with
Replace the first file.
The embodiment of the present application is by the encipherment protection to application program operating file so that visit at application program
When asking this document, the only application program of its correspondence namely " host " application of file could realize literary composition
The deciphering of part, just can have access to the clear content of file, thus decrease rogue program in prior art and lead to
File in overscanning storage card can obtain file content and cause problem of data safety and privacy leakage
Situation, the method increases the safety storing file in storage card.
In another embodiment of the application, receive the first application to the first file at document handling apparatus
Access request before, it is also possible to first include:
Receiving first application CIPHERING REQUEST to the first file, this CIPHERING REQUEST includes for the first literary composition
What part was encrypted adds confidential information;
According to adding confidential information, the first file is encrypted.
The exploitation side of the first application can run deposited content privacy in the file produced according to the first application
The height of rank decides whether that calling API carries out file encryption, the most then initiate the first file
CIPHERING REQUEST, and in this CIPHERING REQUEST, comprise the confidential information that adds for the first file is encrypted, example
Such as the side's of exploitation private key etc..
Document handling apparatus after receiving this CIPHERING REQUEST can according to therein add confidential information to this
One file is encrypted.
In another embodiment, in order to prevent rogue program from utilizing this cryptographic API to unencryption in storage card
File carry out malice encrypt and cause former application program to file unreadable, document handling apparatus is not
After receiving CIPHERING REQUEST, i.e. carry out file encryption, but follow the steps below the most first:
Whether checking the first application has the encryption authority being encrypted the first file;
If so, the first file is encrypted by document handling apparatus further according to adding confidential information.
In another embodiment, in order to verify whether the first application had adding that the first file is encrypted
Close authority, can set up encryption authentication platform, i.e. file encryption API authentication platform, and this is examined
Core platform is for auditing application program to calling API and carry out the authority application of file encryption, and after contributing to
Continue the checking to application program in ciphering process.
First first application initiates the encryption being encrypted the first file to this encryption authentication platform
The application of authority, essence namely the application use authority to above-mentioned API.This application can comprise first
The related content of application, such as public key certificate, identifying data and App brief introduction etc..
Encryption authentication platform, after receiving this application, examines the related content of the first application, determines
Whether by checking, if by checking, then authorizing the encrypted right that the first file is encrypted by the first application
Limit, namely authorize the authority that the first application uses above-mentioned API, the most also can return Authority Verification information,
This Authority Verification information is when the first file is encrypted by follow-up first application request, and file process fills
Put whether this first application of checking has the authority to the first file encryption.
So, when the first file is encrypted by the first application to document handling apparatus request, Qi Zhongjia
Except including that adding confidential information can also include this Authority Verification information, so, in file process in close request
Device, according to adding before the first file is encrypted by confidential information, may include that
Apply according to Authority Verification Information Authentication first whether to have and described first file is encrypted
Encryption authority;
If so, the first file is encrypted further according to adding confidential information.
By increasing this ciphering process and proof procedure, it is possible to prevent rogue program to utilize this cryptographic API
Unencrypted file in storage card is carried out malice encrypt and cause former application program to file unreadable,
Ensure that effectiveness and the feasibility of this document encryption protecting method.
Illustrate as a example by the file in SD card in android system is processed below.
With reference to Fig. 2, it is shown that the flow chart of steps of the another kind of document handling method embodiment of the application,
Specifically may include steps of:
Step 201, arranges the API of file encryption-decryption in android system.
This API specifically can realize file by the way of revising and compiling android system source code and add
The API of deciphering, increases the transparent encryption and decryption functions of android system SD card file.Concrete, can
To increase encryption and decryption functions in Framework layer file system source code part.
Owing to the API of Android is provided to application layer by Framework layer, and Framework layer
Main use Java language is write, so this programme uses the File apoplexy due to endogenous wind at Framework layer to introduce
The class libraries javax.crypto that Java encryption is relevant.Javax.crypto comprises and achieves AES, solution
Close algorithm and the class of key agreement and interface, import to class therein
In File.java under libcore/luni/src/main/java/java/io catalogue, and newly increase at File apoplexy due to endogenous wind
Close function encryptFileByAES (sourceFile, encryptedSignature, developerKey,
CertificateFilePath) encryption of file is realized.
After amendment system source code, the method compiling of compiling android system and SDK is utilized to provide
There are android system and Android SDK that SD card file encrypts.
First, the configuration file of android system is revised.
The compiling work that the Ubuntu operating system of 32 can be used to carry out, needs following
Android.mk file (remarks: android_src represents Android source code root):
(1)android_src/external/clearsilver/cgi/Android.mk
(2)android_src/external/clearsilver/java-jni/Android.mk
(3)android_src/external/clearsilver/util/Android.mk
(4)android_src/external/clearsilver/cs/Android.mk
M64 in above file is revised as m32.
It addition, by android_src/build/core/main.mk ifneq (64, $ (findstring 64,
$ (build_arch))) it is revised as: ifneq (i686, $ (findstring i686, $ (build_arch))).
Then, the android system after compiling amendment source code.
Under the root of Android source code, perform make order start to compile Android source code.Separately
Outward, in order to shorten compilation time, can on the PC having multi-CPU, multinuclear, hyperthread use-jn
Command line parameter, such as 4 core PC can use make j4 to accelerate compilation speed.Perform make
More newly-built important catalogues can deposit compiling result afterwards, after make, meeting exists
Under android_src/out/target/product/generic catalogue generate system.img, userdata.img with
And the image file such as ramdisk.img, these image files are the achievement of compiling, the most permissible with them
Start a new android system.
Subsequently, on the basis of successful com android system, carry out the compiling of SDK.
Can generate when compiling Android source code required for two kinds of platforms operation Android
Libraries and tools, a kind of is directly to run, at PC end, storehouse and the instrument that Android needs, and deposits
In out/host catalogue;Another kind be run directly in the storehouse in Android platform and instrument (based on
ARM framework), leave in out/target catalogue.The application revise compile SDK after source code can be
Original and the compressed package thereof of SDK is generated under android_src/out/host/linux-x86/sdk/ catalogue.
Android-sdk_eng.root_linux-x86 file is new SDK file, android-sdk_
Eng.root_linux-x86.zip is the compressed package of SDK.
Android image file is the android system supporting SD card file encryption and decryption functions, this mirror image
Android intelligent terminal can be loaded.SDK file is the exploitation providing SD card file encryption and decryption API
Tool kit, Android application developer can use this SDK quickly develop have encipherment protection its
The application program of the file function being stored in SD card.
Step 202, encryption authentication platform receives the encryption that the first file is encrypted by the first application
The application of authority.
In the present embodiment, android system SD card file cryptographic API authentication platform can be set up,
It is designated as encrypting authentication platform.First application exploitation side by the public key certificate of oneself, identifying data with
And App brief introduction submit to audit platform the use authority of file encryption-decryption API is carried out real name application.
Step 203, after application is verified by encryption authentication platform, authorizes the first application to first
The encryption authority that file is encrypted, and return Authority Verification information.
Examination & verification is by rear, and the encryption authority that the first file is encrypted by the first application authorized by examination & verification platform,
Namely authorize the first application to the use authority to file encryption-decryption API, and can be to the first application distribution one
Individual AppID and AppKey, AppID and AppKey is signed by examination & verification platform with the private key of oneself
Name, is encrypted AppID, AppKey and corresponding signature with the PKI of exploitation side the most again,
Finally the public key certificate of ciphertext and platform is presented to first as this first Authority Verification information applied
Application.
The store path of this ciphertext and public key certificate is exactly file encryption API encryptFileByAES (File
SourceFile, String encryptedSignature, String developerKey, String
CertificateFilePath, String sourceFileKey) needed for parameter, wherein sourceFile be intended to by
The file of encryption, developerKey is the private key of developer, and this private key will be as deciphering
The key of encryptedSignature, sourceFileKey is by after checking carrying out sourceFile
Encrypted ones needed for AES encryption.
Sequence of steps between above-mentioned steps 201 and step 202~203 can be adjusted as required.
Step 204, system receives first application CIPHERING REQUEST to the first file, wraps in this CIPHERING REQUEST
Include and add confidential information and Authority Verification information for what the first file was encrypted.
The private key of oneself, ciphertext and the PKI of platform that examination & verification platform is issued are demonstrate,proved by the exploitation side of the first application
Password needed for the file path of book, and encryption sends to android system, to initiate the first literary composition
The CIPHERING REQUEST of part.
Step 205, according to Authority Verification information, system judges whether the first application has to enter the first file
The encryption authority of row encryption.
Android system deciphers, first with the private key of the first application and development side, the ciphertext that examination & verification platform sends
Obtain AppID, the AppKey after deciphering and signing messages, then read the PKI card of examination & verification platform
Book obtains effective PKI of examination & verification platform, AppID, the AppKey after checking deciphering and signing messages
Judge that exploitation side has been reviewed platform mandate the most, and there is the use authority of file encryption-decryption API.
Concrete, system call isAuthorized (encryptedSignature, developerKey,
CertificateFilePath), this function exploitation side private key deciphering encryptedSignature obtains in plain text
AppID, AppKey and signature signature, then the public key certificate acquisition platform that reading platform is issued
PKI, utilize the PKI of platform, AppID, AppKey and signature to carry out the signature of RSA
Checking, the token variable isAuthorizedApp whether authorized finally can be entered by function according to the result
Row assignment.
If by above-mentioned signature verification, it is determined that the first application has been reviewed platform mandate, and has file
The use authority of encryption and decryption API, then perform step 206, and file is carried out by normal call encryption and decryption API
Encryption;If not by above-mentioned signature verification, be not the most encrypted operation and directly using original as knot
Fruit returns to the first application.
Step 206, calls encryption and decryption API and is encrypted the first file according to adding confidential information.
This calls encryption and decryption API and the first file is encrypted process may is that first, encryption function
EncryptFileByAES (sourceFile, encryptedSignature, developerKey,
CertificateFilePath, sourceFileKey) judge whether according to the value of above-mentioned isAuthorizedApp
First file is encrypted.
If the first file is encrypted, then set up one with the first file with literary composition interim before the encryption of type
Part, and by exploitation side's private key initialization encryption key, encryption function is intended to the original text of the first file of encryption
Part reads in inputStream with 1024 byte cycle, then by inputStream with the most initialized
Encryption key cipher be encrypted to encrypting traffic cipherInputStream, then by encrypting traffic
It is written to before this encryption in temporary file, finally deletes original and front for encryption temporary file is renamed as former
The filename of file, thus obtain the first file encrypted.
Step 207, system receives first application access request to the first file, and access request includes
For the decryption information that the first file is decrypted.
This decryption information can be the private key of the first application and development side.
Step 208, calls encryption and decryption API and is decrypted the first file according to decryption information.
In this step, call encryption and decryption API the first file is decrypted that process may is that first can be
Decruption key, decryption function decryptFileByAES (sourceFile, key) is initialized with exploitation side's private key
The first file being intended to deciphering circulates in units of 1024 bytes and is read in inputStream, then by
The cipherOutputStream decruption key being initialized is decrypted.
Step 209, according to the temporary file of first document creation the first file after deciphering.
Data stream after deciphering is write in temporary file.
Step 210, exports the temporary file of the first file.
Step 211, according to first application operation to temporary file, to the first file and/or temporary file
Process.
Above-mentioned steps 207~211 is similar with the step 101 in previous embodiment~105, and here is omitted.
The present embodiment uses platform examination & verification, platform mandate, reflects and manage Android otherwise voluntarily
Encryption and decryption API of system SD card file, application and development side is to use this encryption and decryption API must be to flat
Platform application, after examination & verification, its encryption and decryption authority authorized by platform, in the process that file carries out encryption and decryption
In, what android system can verify whether this application and development side have SD card encryption and decryption API calls power
Limit, carries out the encryption and decryption of file under conditions of having authority the most again.
The SD card file system adding encryption function is incorporated the original of android system by the present embodiment
Ecology, and call authority by what examination & verification platform managed this API, exploitation side needs this platform application
Authority, it is also possible to mutually exchange at this platform, this platform can also increase new similar functions, thus shape
Become a developer interactive community based on android system.
The embodiment of the present application can protect the privacy of user for a user, for application and development side
The core data of application program can be protected.Such as, if App A have invoked cryptographic API and enters File A
The File A that encryption, App B, App C and other program read that gone is the ciphertext of File A
Content, but File A is but transparent for App A itself, and App A can read File A's
In plain text.Thus isolated between App so that everybody can not directly access the file of the other side,
Unless obtain the key of the other side App, thus effective guarantee privacy of user and data safety.
It should be noted that for embodiment of the method, in order to be briefly described, therefore it is all expressed as one it be
The combination of actions of row, but those skilled in the art should know, and the embodiment of the present application is not by described
The restriction of sequence of movement because according to the embodiment of the present application, some step can use other orders or
Person is carried out simultaneously.Secondly, those skilled in the art also should know, embodiment described in this description
Belong to preferred embodiment, necessary to involved action not necessarily the embodiment of the present application.
With reference to Fig. 3, it is shown that the structured flowchart of the application a kind of document handling apparatus embodiment, specifically may be used
To include such as lower unit:
First request reception unit 301, is configured to the access request receiving the first application to the first file,
Described access request includes the decryption information for being decrypted described first file.
Decryption unit 302, is configured to be decrypted described first file according to described decryption information.
File generating unit 303, is configured to according to described in described first document creation after deciphering first
The temporary file of file.
File output unit 304, is configured to export the temporary file of described first file.
Document handling unit 305, is configured to apply the operation to described temporary file according to described first,
Described first file and/or described temporary file are processed.
The embodiment of the present application is by the encipherment protection to application program operating file so that visit at application program
When asking this document, the only application program of its correspondence namely " host " application of file could realize literary composition
The deciphering of part, just can have access to the clear content of file, thus decrease rogue program in prior art and lead to
File in overscanning storage card can obtain file content and cause problem of data safety and privacy leakage
Situation, the arrangement increases the safety storing file in storage card.
In another embodiment, as shown in Figure 4, this device except including the first request reception unit 301,
Decryption unit 302, file generating unit 303, file output unit 304, document handling unit 305
Outside, it is also possible to including:
Second request reception unit 401, being configured to receive first in described first request reception unit should
Before the access request to the first file, receive described first application and the encryption of described first file is asked
Asking, described CIPHERING REQUEST includes adding confidential information for be encrypted described first file;
Ciphering unit 402, is configured to add confidential information described in basis and is encrypted described first file.
This device can also include Authority Verification unit 403, is configured to described ciphering unit 402
Add before described first file is encrypted by confidential information according to described, verify whether described first application has
The encryption authority that described first file is encrypted;
Described ciphering unit 402, is configured as described Authority Verification unit 403 and judges that described first should
With there is the encrypted right being encrypted described first file in limited time, further according to the described confidential information that adds to described
First file is encrypted.
CIPHERING REQUEST also includes the Authority Verification information of described first application, wherein, described Authority Verification
Information is to be encrypted described first file to encryption authentication platform application in described first application
Encrypted right in limited time, by the examination & verification of described encryption authentication platform by and return after authorizing described encryption authority
The information returned;
Described Authority Verification unit 403, is configured to according to described in described Authority Verification Information Authentication first
Whether application has the encryption authority being encrypted described first file.
In another embodiment of the application, document handling unit 305, described can be configured as
When one application is read operation to the operation of described temporary file, described first application read described temporarily
After file, delete described temporary file;When described first application is content to the operation of described temporary file
When updating operation, after the described temporary file after updating is encrypted, replace described first file.
The embodiment of the present application also discloses a kind of electronic equipment, including data/address bus, memorizer and processor,
Wherein, in memorizer, storage has one section of program code execution, and processor obtains memorizer by data/address bus
In program code, and perform following steps:
Receiving first application access request to the first file, described access request includes for described
The decryption information that first file is decrypted;
According to described decryption information, described first file is decrypted;
Temporary file according to the first file described in described first document creation after deciphering;
Export the temporary file of described first file;
According to described first application operation to described temporary file, to described first file and/or described in face
Time file process.
For device embodiment, due to itself and embodiment of the method basic simlarity, so the comparison described
Simply, relevant part sees the part of embodiment of the method and illustrates.
Each embodiment in this specification all uses the mode gone forward one by one to describe, and each embodiment stresses
Be all the difference with other embodiments, between each embodiment, identical similar part sees mutually
?.
Those skilled in the art are it should be appreciated that the embodiment of the embodiment of the present application can be provided as method, dress
Put or computer program.Therefore, the embodiment of the present application can use complete hardware embodiment, completely
Software implementation or the form of the embodiment in terms of combining software and hardware.And, the embodiment of the present application
Can use and can be situated between with storage at one or more computers wherein including computer usable program code
The upper computer journey implemented of matter (including but not limited to disk memory, CD-ROM, optical memory etc.)
The form of sequence product.
In a typical configuration, described computer equipment includes one or more processor
(CPU), input/output interface, network interface and internal memory.Internal memory potentially includes computer-readable medium
In volatile memory, the shape such as random access memory (RAM) and/or Nonvolatile memory
Formula, such as read only memory (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium
Example.Computer-readable medium includes removable media permanent and non-permanent, removable and non-
Information storage can be realized by any method or technology.Information can be computer-readable instruction,
Data structure, the module of program or other data.The example of the storage medium of computer includes, but
Be not limited to phase transition internal memory (PRAM), static RAM (SRAM), dynamic random are deposited
Access to memory (DRAM), other kinds of random access memory (RAM), read only memory
(ROM), Electrically Erasable Read Only Memory (EEPROM), fast flash memory bank or other in
Deposit technology, read-only optical disc read only memory (CD-ROM), digital versatile disc (DVD) or other
Optical storage, magnetic cassette tape, tape magnetic rigid disk storage other magnetic storage apparatus or any its
His non-transmission medium, can be used for the information that storage can be accessed by a computing device.According to herein
Defining, computer-readable medium does not include the computer readable media (transitory media) of non-standing,
Data signal and carrier wave such as modulation.
The embodiment of the present application is with reference to the method according to the embodiment of the present application, terminal unit (system) and meter
The flow chart of calculation machine program product and/or block diagram describe.It should be understood that can be by computer program instructions
Each flow process in flowchart and/or block diagram and/or square frame and flow chart and/or square frame
Flow process in figure and/or the combination of square frame.Can provide these computer program instructions to general purpose computer,
The processor of special-purpose computer, Embedded Processor or other programmable data processing terminal equipment is to produce
One machine so that performed by the processor of computer or other programmable data processing terminal equipment
Instruction produce for realizing at one flow process of flow chart or multiple flow process and/or one square frame of block diagram or
The device of the function specified in multiple square frames.
These computer program instructions may be alternatively stored in and computer or other programmable datas can be guided to process
In the computer-readable memory that terminal unit works in a specific way so that be stored in this computer-readable
Instruction in memorizer produces the manufacture including command device, and this command device realizes flow chart one
The function specified in flow process or multiple flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions also can be loaded into computer or other programmable data processing terminals set
Standby upper so that on computer or other programmable terminal equipment, to perform sequence of operations step in terms of producing
The process that calculation machine realizes, thus the instruction performed on computer or other programmable terminal equipment provides and uses
In realizing in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame
The step of the function specified.
Although having been described for the preferred embodiment of the embodiment of the present application, but those skilled in the art being once
Know basic creative concept, then these embodiments can be made other change and amendment.So,
Claims are intended to be construed to include preferred embodiment and fall into the institute of the embodiment of the present application scope
There are change and amendment.
Finally, in addition it is also necessary to explanation, in this article, the relational terms of such as first and second or the like
It is used merely to separate an entity or operation with another entity or operating space, and not necessarily requires
Or imply relation or the order that there is any this reality between these entities or operation.And, art
Language " includes ", " comprising " or its any other variant are intended to comprising of nonexcludability, so that
Process, method, article or terminal unit including a series of key elements not only include those key elements, and
Also include other key elements being not expressly set out, or also include for this process, method, article or
The key element that person's terminal unit is intrinsic.In the case of there is no more restriction, statement " include one
It is individual ... " key element that limits, it is not excluded that including the process of described key element, method, article or end
End equipment there is also other identical element.
Above to a kind of document handling method provided herein and a kind of document handling apparatus, carry out
Being discussed in detail, principle and the embodiment of the application are set forth by specific case used herein,
The explanation of above example is only intended to help and understands the present processes and core concept thereof;Meanwhile, right
In one of ordinary skill in the art, according to the thought of the application, in detailed description of the invention and range of application
On all will change, in sum, this specification content should not be construed as the restriction to the application.
Claims (10)
1. a document handling method, it is characterised in that including:
Receiving first application access request to the first file, described access request includes for described
The decryption information that first file is decrypted;
According to described decryption information, described first file is decrypted;
Temporary file according to the first file described in described first document creation after deciphering;
Export the temporary file of described first file;
According to described first application operation to described temporary file, to described first file and/or described in face
Time file process.
Method the most according to claim 1, it is characterised in that it is right to apply in described reception first
Before the access request of the first file, described method also includes:
Receiving described first application CIPHERING REQUEST to described first file, described CIPHERING REQUEST includes using
Confidential information is added in what described first file was encrypted;
According to the described confidential information that adds, described first file is encrypted.
Method the most according to claim 2, it is characterised in that in described reception to described first
Before the CIPHERING REQUEST of file, described method also includes:
Verify whether described first application has the encryption authority being encrypted described first file;
If so, further according to the described confidential information that adds, described first file is encrypted.
Method the most according to claim 3, it is characterised in that also include in described CIPHERING REQUEST
The Authority Verification information of described first application, wherein, described Authority Verification information is to apply described first
The encrypted right being encrypted described first file to encryption authentication platform application is prescribed a time limit, described add
The information that close authentication platform returns after auditing by and authorizing described encryption authority;
Whether described first application of described checking has the encryption authority being encrypted described first file,
Including:
Whether have described first file is entered according to the first application described in described Authority Verification Information Authentication
The encryption authority of row encryption.
Method the most as claimed in any of claims 1 to 4, it is characterised in that described
According to described first application operation to described temporary file, to described first file and/or described temporary file
Process, including:
If described first application is read operation to the operation of described temporary file, then apply described first
After reading described temporary file, delete described temporary file;
If described first application is content update operation to the operation of described temporary file, then to updating after
Described first file replaced by described temporary file after being encrypted.
6. a document handling apparatus, it is characterised in that including:
First request reception unit, is configured to the access request receiving the first application to the first file, institute
State access request and include the decryption information for described first file is decrypted;
Decryption unit, is configured to be decrypted described first file according to described decryption information;
File generating unit, is configured to according to the first file described in described first document creation after deciphering
Temporary file;
File output unit, is configured to export the temporary file of described first file;
Document handling unit, is configured to apply the operation to described temporary file according to described first, right
Described first file and/or described temporary file process.
Device the most according to claim 6, it is characterised in that described device also includes:
Second request reception unit, is configured to receive the first application in described first request reception unit right
Before the access request of the first file, receive described first application CIPHERING REQUEST to described first file,
Described CIPHERING REQUEST includes adding confidential information for be encrypted described first file;
Ciphering unit, is configured to add confidential information described in basis and is encrypted described first file.
Device the most according to claim 7, it is characterised in that described device also includes:
Authority Verification unit, be configured to described ciphering unit according to described in add confidential information to described first
Before file is encrypted, verifies whether described first application has and described first file is encrypted
Encryption authority;
Described ciphering unit, be configured as described Authority Verification unit checking described first application have right
The encrypted right that described first file is encrypted is prescribed a time limit, further according to the described confidential information that adds to described first file
It is encrypted.
Device the most according to claim 8, it is characterised in that also include in described CIPHERING REQUEST
The Authority Verification information of described first application, wherein, described Authority Verification information is to apply described first
The encrypted right being encrypted described first file to encryption authentication platform application is prescribed a time limit, described add
The information that close authentication platform returns after auditing by and authorizing described encryption authority;
Described Authority Verification unit, is configured to according to the first application described in described Authority Verification Information Authentication
Whether there is the encryption authority being encrypted described first file.
10. according to the device described in any one in claim 6 to 9, it is characterised in that
Described document handling unit, being configured as described first application to the operation of described temporary file is
During read operation, after described temporary file is read in described first application, delete described temporary file;When
When described first application is content update operation to the operation of described temporary file, face described in after updating
Time file be encrypted after replace described first file.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510024398.7A CN105844170A (en) | 2015-01-16 | 2015-01-16 | File processing method and device |
| PCT/CN2016/070169 WO2016112799A1 (en) | 2015-01-16 | 2016-01-05 | File processing method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510024398.7A CN105844170A (en) | 2015-01-16 | 2015-01-16 | File processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105844170A true CN105844170A (en) | 2016-08-10 |
Family
ID=56405241
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510024398.7A Pending CN105844170A (en) | 2015-01-16 | 2015-01-16 | File processing method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105844170A (en) |
| WO (1) | WO2016112799A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106407838A (en) * | 2016-09-21 | 2017-02-15 | 乐视控股(北京)有限公司 | A memo information management method and device |
| CN109495444A (en) * | 2018-09-30 | 2019-03-19 | 北京工业职业技术学院 | A kind of CIPHERING REQUEST processing method |
| CN110851805A (en) * | 2019-10-14 | 2020-02-28 | 深圳市非零无限科技有限公司 | Method, system and readable storage medium for verifying user access authorization by SDK |
| CN112738219A (en) * | 2020-12-28 | 2021-04-30 | 中国第一汽车股份有限公司 | Program running method, program running device, vehicle and storage medium |
| CN113326540A (en) * | 2021-06-29 | 2021-08-31 | 平安普惠企业管理有限公司 | Calling authority control method, device, server, system and medium of microservice |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853363A (en) * | 2010-05-07 | 2010-10-06 | 北京飞天诚信科技有限公司 | File protection method and system |
| CN103106372A (en) * | 2013-01-17 | 2013-05-15 | 上海交通大学 | Lightweight class privacy data encryption method and system for Android system |
| CN103246850A (en) * | 2013-05-23 | 2013-08-14 | 福建伊时代信息科技股份有限公司 | Method and device for processing file |
| CN103455520A (en) * | 2012-06-04 | 2013-12-18 | 北京三星通信技术研究有限公司 | Method and device for accessing Android database |
| CN103686716A (en) * | 2013-12-19 | 2014-03-26 | 复旦大学 | Android access control system for enhancing confidentiality and integrality |
| CN104217175A (en) * | 2014-09-05 | 2014-12-17 | 北京邮电大学 | Data read-write method and device |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8191162B1 (en) * | 2007-04-10 | 2012-05-29 | Zafesoft Inc. | System and method for securing and tracking files |
| US8160247B2 (en) * | 2007-09-27 | 2012-04-17 | Adobe Systems Incorporated | Providing local storage service to applications that run in an application execution environment |
| JP5164029B2 (en) * | 2008-04-10 | 2013-03-13 | 日本電気株式会社 | Information leakage prevention apparatus, method and program thereof |
| CN103218575A (en) * | 2013-04-17 | 2013-07-24 | 武汉元昊科技有限公司 | Host file security monitoring method |
| US9405925B2 (en) * | 2014-02-09 | 2016-08-02 | Microsoft Technology Licensing, Llc | Content item encryption on mobile devices |
| CN104331644B (en) * | 2014-11-24 | 2017-08-04 | 北京邮电大学 | A kind of transparent encipher-decipher method of intelligent terminal file |
-
2015
- 2015-01-16 CN CN201510024398.7A patent/CN105844170A/en active Pending
-
2016
- 2016-01-05 WO PCT/CN2016/070169 patent/WO2016112799A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853363A (en) * | 2010-05-07 | 2010-10-06 | 北京飞天诚信科技有限公司 | File protection method and system |
| CN103455520A (en) * | 2012-06-04 | 2013-12-18 | 北京三星通信技术研究有限公司 | Method and device for accessing Android database |
| CN103106372A (en) * | 2013-01-17 | 2013-05-15 | 上海交通大学 | Lightweight class privacy data encryption method and system for Android system |
| CN103246850A (en) * | 2013-05-23 | 2013-08-14 | 福建伊时代信息科技股份有限公司 | Method and device for processing file |
| CN103686716A (en) * | 2013-12-19 | 2014-03-26 | 复旦大学 | Android access control system for enhancing confidentiality and integrality |
| CN104217175A (en) * | 2014-09-05 | 2014-12-17 | 北京邮电大学 | Data read-write method and device |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106407838A (en) * | 2016-09-21 | 2017-02-15 | 乐视控股(北京)有限公司 | A memo information management method and device |
| CN109495444A (en) * | 2018-09-30 | 2019-03-19 | 北京工业职业技术学院 | A kind of CIPHERING REQUEST processing method |
| CN109495444B (en) * | 2018-09-30 | 2022-02-22 | 北京工业职业技术学院 | Encryption request processing method |
| CN110851805A (en) * | 2019-10-14 | 2020-02-28 | 深圳市非零无限科技有限公司 | Method, system and readable storage medium for verifying user access authorization by SDK |
| CN112738219A (en) * | 2020-12-28 | 2021-04-30 | 中国第一汽车股份有限公司 | Program running method, program running device, vehicle and storage medium |
| CN113326540A (en) * | 2021-06-29 | 2021-08-31 | 平安普惠企业管理有限公司 | Calling authority control method, device, server, system and medium of microservice |
| CN113326540B (en) * | 2021-06-29 | 2023-12-22 | 深圳世纪前沿量化科技有限公司 | Micro-service calling authority control method, device, server, system and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016112799A1 (en) | 2016-07-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10839107B2 (en) | Managing a smart contract on a blockchain | |
| WO2020238255A1 (en) | Smart contract management method and apparatus based on blockchain, and electronic device | |
| CN111181720B (en) | Service processing method and device based on trusted execution environment | |
| CN108737374B (en) | Privacy protection method for data storage in block chain | |
| CN110266467B (en) | Method and device for realizing dynamic encryption based on block height | |
| CN110020855B (en) | Method, node and storage medium for realizing privacy protection in block chain | |
| CN110020856B (en) | Method, node and storage medium for realizing mixed transaction in block chain | |
| CN110245503B (en) | Receipt storage method and node combining code marking and judging conditions | |
| CN113114476B (en) | Privacy evidence storing method and device based on contract | |
| CN110276610B (en) | Method and device for realizing dynamic encryption based on transaction offset | |
| CN105844170A (en) | File processing method and device | |
| CN111639362B (en) | Method, node and storage medium for implementing privacy protection in blockchain | |
| CN107196907A (en) | A kind of guard method of Android SO files and device | |
| CN109450620A (en) | The method and mobile terminal of security application are shared in a kind of mobile terminal | |
| CN105893837A (en) | Application program installation method, security encryption chip and terminal | |
| US11341280B2 (en) | Executing entity-specific cryptographic code in a cryptographic coprocessor | |
| CN110263547B (en) | Method and device for realizing dynamic encryption based on contract state modification sequence | |
| US8745375B2 (en) | Handling of the usage of software in a disconnected computing environment | |
| CN116886356B (en) | Chip-level transparent file encryption storage system, method and equipment | |
| CN110851851A (en) | Authority management method, device and equipment in block chain type account book | |
| CN115758332A (en) | Transaction grouping method and block link point | |
| CN113542303B (en) | Software importing system and method for secret key in non-trusted environment | |
| TWI790745B (en) | Data backup carrier and backup system having the same | |
| Rawat et al. | Enhanced Security Mechanism for Cryptographic File Systems Using Trusted Computing | |
| CN117375850A (en) | Password integrated application method, system and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160810 |
|
| RJ01 | Rejection of invention patent application after publication |