Specific embodiment
Below in conjunction with accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Ground description, it is clear that described embodiment is only a part of embodiment of the invention, rather than the embodiment of whole.Generally exist
The component of the embodiment of the present invention described and illustrated in accompanying drawing can be arranged and be designed with a variety of configurations herein.Cause
This, the detailed description of the embodiments of the invention to providing in the accompanying drawings is not intended to limit claimed invention below
Scope, but it is merely representative of the selected embodiment of the present invention.Based on embodiments of the invention, those skilled in the art are not doing
The every other embodiment obtained on the premise of going out creative work, belongs to the scope of protection of the invention.
It should be noted that:Similar label and letter represent similar terms in following accompanying drawing, therefore, once a certain Xiang Yi
It is defined in individual accompanying drawing, then in subsequent accompanying drawing which further need not be defined and is explained.Meanwhile, the present invention's
In description, unless otherwise clearly defined and limited, should be interpreted broadly term " installation ", " setting ", " connection ", for example, can
Being to be fixedly connected, or be detachably connected, or it is integrally connected;Can be mechanically connected, or electrically connect;Can
Being to be joined directly together, it is also possible to be indirectly connected to by intermediary, can be the connection of two element internals.For this area
For those of ordinary skill, above-mentioned term concrete meaning in the present invention can be understood with concrete condition.
Fig. 1 is referred to, is a kind of safety system block diagram provided in an embodiment of the present invention.The safety system should
For user terminal 10, the user terminal 10 and first terminal 20 and second terminal 30 near-field communication (Near Field
Communication, NFC) connection.Wherein, the near-field communication is a kind of radiotechnics of short distance high frequency, 10 centimetres away from
Can be run with the frequency of 13.56MHz from interior, its transmission speed has 106Kbit/ seconds, 212Kbit/ seconds or 424Kbit/ seconds
Three kinds.At present, near-field communication has become 18092 international standards of ISO/IEC IS, ECMA-340 standards and ETSI TS102 190
Standard.Alternatively, near-field communication equipment information can be using actively and passively two kinds of read modes.
Alternatively, the user terminal 10 can adopt Android, IOS, BlackBerry or other can support institute
State other operating systems of near-field communication application.The embodiment of the present invention is using the user terminal 10 for being provided with android system.
Alternatively, during the first terminal 20 and the second terminal 30 can be daily life, common nfc card piece,
Such as mass transit card, access card etc., or mobile terminal with NFC function etc..In embodiments of the present invention, carry out file to add
During close and decryption, the sequence code information of the first terminal 20 or the second terminal 30 is only read, will not be obtained or be write
Any other information, to ensure the safety of the user of the user terminal 20.
Further, Fig. 2 is referred to, is the encryption function cellular construction frame of the safety system of the embodiment of the present invention
Figure.During being encrypted to file, the system includes first choice module 102, the first judge module 104, second
Judge module 106, first information acquisition module 108, the first key generation module 110 and encrypting module 112.
The first choice module 102 is used to choose privacy of user file.Alternatively, the first choice module 102 can
For the file browser that the operating system in the user terminal 10 is carried.
First judge module 104 is used to judge that the privacy of user file whether there is, if existing, to the use
Family private file is marked, and as file to be encrypted.First judge module 104 is additionally operable to judge the privacy of user
Whether the type of file is specified type, if specified type, then as file to be encrypted.
Alternatively, except the first judge module 104 excessively described above is used to successively judge whether the privacy of user file is deposited
Outside whether the type with the privacy of user file is specified type, first judge module 104 individually can also be used
In judging that the privacy of user file whether there is, or it is individually used for judging whether the type of the privacy of user file is specified
Type.
Second judge module 106 is used to judge whether the user terminal 10 supports 20 information of the first terminal
Read, if the user terminal 10 supports the reading of 20 information of the first terminal, read the sequence of the first terminal 20
Code information.
The first information acquisition module 108 is used for the sequence code information for obtaining first terminal 20, used as encrypting metadata.
Specifically, the first information acquisition module 108 obtains the data message of the first terminal 20 first, then to the data
Information carries out filtration extraction, so as to obtain the sequence code information, using as encrypting metadata.
The first key generation module 110 is used to be encrypted the encrypting metadata by AES, obtains
Encryption key.Alternatively, when being encrypted to the encrypting metadata, one or more different encryptions can be chosen and is calculated
Method, wherein, the embodiment of the present invention is encrypted to the encrypting metadata using md5 encryption algorithm.
The encrypting module 112 is used to be encrypted by encryption secret key pair file to be encrypted, obtains encrypting file,
And the encryption file is preserved according to specified path.
Alternatively, the safety system is when file encryption is carried out, also including the 3rd judge module 114, described
Three judge modules 114 are used for the storage address for choosing the encryption file, and whether judge the memory space of the storage address
Enough, and choose target storage address whether be specified type.
Further, Fig. 3 is referred to, is the decryption functional unit structural frames of the safety system of the embodiment of the present invention
Figure, during being decrypted to file, the system also includes the second selecting module 116, the second data obtaining module
118th, the second key generation module 120 and key matching module 122.
Wherein, second selecting module 116 is used to choose file to be decrypted.Second data obtaining module 118
For obtaining the sequence code information of the second terminal 30, as decrypted metadata.The second key generation module 120, uses
In encrypting the decrypted metadata using the AES, obtain decrypting key.The key matching module 122, is used for
The decryption key is matched with the encryption key, if the match is successful, the file to be decrypted is opened.
Wherein, when being encrypted by 120 pairs of decrypted metadatas of the second key generation module, and first key
, when being encrypted to the encrypting metadata, the AES of employing is identical for generation module 110.
It should be appreciated that when to the file decryption to be decrypted success, the second terminal 30 and the first terminal 20
Should be the same terminal with same sequence number, i.e., the encryption key that described user terminal 10 is obtained by the first terminal 20
It is identical with the decryption key obtained by the second terminal 30.Conversely, decryption failure.
Design and description based on above safety system, below by the user terminal 10 using android system
In, the method for security protection is further elaborated.Refer to Fig. 4, be present pre-ferred embodiments provide be applied to Fig. 2
The encryption method flow chart in method for security protection in the encryption function unit of shown safety system.Following steps are
To elaborating for the idiographic flow shown in Fig. 4.
Step S101, chooses privacy of user file.
In the embodiment of the present invention, step S101 is performed by the first choice module 102 in Fig. 2.Specifically, in the user
In terminal 10, when user needs to be encrypted private data, file etc., chosen by the first choice module 102 and used
Family private file, its code are as follows:
Intent intent=new Intent (Intent.ACTION_GET_CONTENT);
intent.setType("*/*");// type is set, can be any type or any suffix
intent.addCategory(Intent.CATEGORY_OPENABLE);
startActivityForResult(intent,1);
After the selection of privacy of user file is completed, the user terminal 10 can be connect by onActivityResult methods
The private file information of user's selection is received, the information is the character string of the absolute address of a file, is passed through in Android
The character string can obtain the private file.
Step S102, judges that privacy of user file whether there is, if not existing, execution step S101, if existing, is held
Row step S103.
Step S103, is marked to privacy of user file, used as file to be encrypted.
Specifically, after step S101 is completed, after obtaining the absolute address of this document, need to judge the privacy of user text
Part whether there is.Because during selection, surprisingly causing this document to be deleted because of some, and making this encipheror
Cannot continue.Therefore, concrete determination methods are as follows:
File f=new File ("/storage/sdcard/test.pdf ");
f.exists();
In above-mentioned code, the newly-built File object of character string first to obtaining, the object are the private file for obtaining
The benchmark that whether there is, judges the privacy of user file by object execution exists methods and whether there is, if return value
For false, then do not exist;If return value is true, privacy of user file is present, and enters rower to the privacy of user file
Note, as file to be encrypted.
Step S104, determines whether specified type, if it is not, then execution step S101, if specified type, then performs
Step S105.
Specifically, after completing to walk S103, need to judge whether the file to be encrypted is specified type, that is, judge described
File to be encrypted is a file or a file, because the present invention can only encrypt a file, and cannot encrypt one
File.Whether in judge process, isDirectory () is performed using file functions judging the file to be encrypted is
File, if return value is true, for file, at this moment needs return to step S101 to reselect;If return value is
False, then execution step S105.In embodiments of the present invention, the first judge module during step S102- step S104 is by Fig. 2
104 complete.
Alternatively, step S102 and step S104 separately can also be carried out, i.e., in one embodiment, can be with
Only the privacy of user file to choosing carries out type decision, or the presence sex determination for only carrying out file, however it is not limited to this
The scope that inventive embodiments are given.
Step S105, judges whether the user terminal 10 supports the reading of 20 information of the first terminal, if not supporting,
Then encryption flow terminates;If supporting, execution step S106.
In the embodiment of the present invention, step S105 by Fig. 2 in the second judge module 106 complete.Specifically, user's end
When end 10 starts the sequence code information for reading the first terminal 20, it is by the NfcAdapter side on the user terminal 10
Method is obtaining.Therefore, it is necessary first to judge whether the user terminal 10 supports NFC function.If the user terminal 10 is not
Support, then after being initialized using NfcAdapter, return value is null, and encryption flow terminates;If return value is not null,
Continue step S106.
Step S106, obtains the sequence code information of first terminal 20, as encrypting metadata.
In the embodiment of the present invention, step S106 is completed by the first information acquisition module 108 in Fig. 2.Specifically, the use
Family terminal 10 obtains the data message of the first terminal 20 to be realized by following procedure:
Parcelable [] rawArray=
intent.getParcelableArrayExtra(NfcAdapter.EXTRA_NDEF_MESSAGES);
NdefMessage mNdefMsg=(NdefMessage) rawArray [0];
NdefRecord mNdefRecord=mNdefMsg.getRecords () [0];
Wherein, first and second line code is all NFC data information for starting to get, and the data message is NFC module
Data.The third line is reading the first terminal 20 with 10 near-field communication of the user terminal according to the data message
Data message, if obtaining 20 exception of failure or the first terminal, the return value of NdefRecord is empty, encryption flow knot
Beam;If return value there are data, the data message of the first terminal 20 is read by NdefRecord, program is as follows:
String(mNdefRecord.getPayload(),"UTF-8");
Further, as the data message has a lot, therefore the present invention implements column selection and takes the one of the data message
Part is used as the encrypting metadata.Specifically, using using the sequence code of the first terminal 20 as encrypting metadata, it is described
After sequence code is located at the SEL character strings of the data message, therefore, can be obtained by filtering the data before SEL character strings
To the sequence code information.
Specifically, the embodiment of the present invention intercepts the SEL character strings using the split in Android.I.e. by using
Strsplit (" [SEL] ") function intercepts a character string dimension, and the array has two data, first be SEL before number
According to, second is data after SEL, can directly adopt str [1] function to obtain second data, i.e., described sequence code information,
And as encrypting metadata.
Alternatively, after the data message that the first terminal 20 is read by NdefRecord, also can directly by institute
Data message is stated as encrypting metadata, so as to further increase the complexity of password.
Step S107, is encrypted to encrypting metadata, generates encryption key.
In embodiments of the present invention, the first key generation module 110 during step S108 is by Fig. 2 is completed.Specifically, should
Character string obtained by encrypting metadata is encrypted by md5 encryption algorithm as encrypts key.
Step S108, is encrypted by encryption secret key pair file to be encrypted, obtains encrypting file.
In embodiments of the present invention, step S108 is completed by the encrypting module 112 in Fig. 2, specifically, by using java
In DES carrying out, program is as follows:
In said method, an encryption class is created first by Cipher, and this.Key is incoming, and this.key is then
It is encryption key described above, after the encryption key write, file stream will be started, and add it to encryption stream
It is encrypted in CipherInputStream, obtains encrypting file.
Step S109, chooses encryption file storage address.
Whether enough step S110, judge parking space, if parking space is not enough, execution step S109, if storage is empty
Between enough, then execution step S111.
Step S111, storage encryption file.
In embodiments of the present invention, the 3rd judge module 114 during step S109- step S111 is by Fig. 2 is completed.Specifically
Ground, after file encryption is completed, the user terminal 10 will be prompted to the storage address that user chooses the encryption file.It is concrete to select
Selection method such as step S100 is chosen, then execution step S110, judges whether the memory space of file reaches encryption enough
Parking space size needed for file.The mode of judgement is as follows:
StatFs dataFs=new StatFs (Path);
Long sizes=(long) dataFs.getFreeBlocks () * (long) dataFs.getBlockSize
();
Above-mentioned code is to judge remaining space size under the path, and using the sizes for returning come the file with selection
Judged, if space greatly if can be write, if not enough, point out user reselect.
Alternatively, after step S109 is completed, can by and step S103 identical method carry out the judgement of file type.
But, the file type that this step is chosen should be file rather than file, therefore just may be used when judging isDirectory for true
To perform next step, if false, then need to re-execute step S109.
Further, Fig. 5 is refer to, is the safeguard protection system being applied to shown in Fig. 3 that present pre-ferred embodiments are provided
The decryption method flow chart in method for security protection in the decryption functional unit of system.Following steps are to concrete shown in Fig. 5
What flow process was carried out elaborates.
Step S112, chooses file to be decrypted.
In embodiments of the present invention, the second selecting module 116 during step S112 is by Fig. 3 is completed.Specifically, select to wait to solve
Ciphertext part, is still selected using above-mentioned steps S101 identical file selection mode.After the completion of selection, need to select solution
The storage address of close rear file, when using the address, while the text after needing the space for judging the address whether to decrypt enough
Part is deposited.Concrete grammar such as step S109 and step S110, are repeated no more here.
Step S113, obtains the sequence code information of second terminal 30, as decrypted metadata.
Step S114, encrypts to the decrypted metadata, obtains decrypting key.
Step S114 by Fig. 3 in the second key generation module 120 complete.Specifically, step S113 and step S114
Idiographic flow is identical with step S106 and step S107, obtains the sequence code information of second terminal 30, as decrypted metadata, right
The decrypted metadata encryption, obtains decrypting key.Detailed process is repeated no more here.
Step S115, the decryption key is matched with the encryption key, if the match is successful, is treated described in opening
Decryption file.
In embodiments of the present invention, step S115 is completed by the key matching module 122 in Fig. 3.Specifically, decrypting process
It is decrypted using the DES algorithms in java, file will be decrypted, file storage address is incoming after decryption key and decryption, makes
It is decrypted with following information:
Cipher cipher=Cipher.getInstance (" DES ");
cipher.init(Cipher.DECRYPT_MODE,this.key);
InputStream is=new FileInputStream (file);
OutputStream out=new FileOutputStream (dest);
CipherOutputStream cos=new CipherOutputStream (out, cipher);
In above- mentioned information, the Cipher of a des method is initialized first, then by establishment file stream by file and decryption
Key information is incoming together, generates the file stream of a decryption and is written in file.If it fails to match for the key of input, can
Mess code is generated, flow process terminates;If the match is successful for key, a decryption file is generated, it is finally required that this document is user
File.
In sum, the present invention is provided method for security protection and system, are applied to connect with 20 near-field communication of first terminal
The user terminal 10 for connecing.Sequence code information of the method for security protection based on safety system by acquisition first terminal 20,
As encrypting metadata.Encrypting metadata is encrypted by AES again, generates encryption key.Finally, by encryption
Secret key pair file to be encrypted is encrypted, and obtains encrypting file and being preserved according to specified path.When needing to carry out file solution
When close, then contacted with the user terminal 10 by the first terminal 20, you can complete file decryption.The present invention can be effective
In avoiding prior art, the series of problems that password is easily revealed, lost etc. brings, while also further increasing terminal data
Safety.
In embodiment provided herein, it should be understood that disclosed apparatus and method, it is also possible to by other
Mode realize.Device embodiment described above is only schematic, and for example, the flow chart and block diagram in accompanying drawing shows
Devices in accordance with embodiments of the present invention, the architectural framework in the cards of method and computer program product, function and behaviour
Make.At this point, each square frame in flow chart or block diagram can represent a part for module, program segment or a code, institute
State the executable instruction of the part comprising one or more logic functions for being used to realize regulation of module, program segment or code.
It should also be noted that at some as in the implementation replaced, the function of being marked in square frame can also be with different from accompanying drawing
The order for being marked occurs.For example, two continuous square frames can essentially be performed substantially in parallel, and they sometimes can also be by
Contrary order is performed, and this is depending on involved function.It is also noted that block diagram and/or each square frame in flow chart,
And the combination of block diagram and/or the square frame in flow chart, the special based on hardware of the function that performs regulation or action can be used
System realizing, or can be realized with the combination of specialized hardware and computer instruction.
It should be noted that herein, term " including ", "comprising" or its any other variant are intended to non-row
His property is included, so that a series of process, method, article or equipment including key elements not only include those key elements, and
And also include other key elements being not expressly set out, or also include for this process, method, article or equipment institute inherently
Key element.In the absence of more restrictions, the key element for being limited by sentence "including a ...", it is not excluded that including institute
Also there is other identical element in process, method, article or the equipment of stating key element.
The preferred embodiments of the present invention are the foregoing is only, the present invention is not limited to, for the skill of this area
For art personnel, the present invention can have various modifications and variations.It is all within the spirit and principles in the present invention, made any repair
Change, equivalent, improvement etc., should be included within the scope of the present invention.It should be noted that:Similar label and letter exist
Similar terms is represented in figure below, therefore, once being defined in a certain Xiang Yi accompanying drawing, then it is not required in subsequent accompanying drawing
Which is further defined and is explained.
The above, the only specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be defined by the scope of the claims.