CN107305606A - The processing method and processing device of application file and the access method of file and device - Google Patents
The processing method and processing device of application file and the access method of file and device Download PDFInfo
- Publication number
- CN107305606A CN107305606A CN201610248009.3A CN201610248009A CN107305606A CN 107305606 A CN107305606 A CN 107305606A CN 201610248009 A CN201610248009 A CN 201610248009A CN 107305606 A CN107305606 A CN 107305606A
- Authority
- CN
- China
- Prior art keywords
- file
- operation object
- terminal applies
- write
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
Abstract
The invention provides a kind of processing method and processing device of application file and the access method and device of file, wherein, the access method of this document includes:Obtain access request of the terminal applies to protected file; the input and output I/O operation object with encryption and decryption functions of the terminal applies is called to check the group authentication information of the protected file; determine whether the terminal applies there are access rights to the protected file according to this group of authentication information; in the case where the terminal applies have the protected file access rights, it is allowed to the access request.Using above-mentioned technical proposal, solve file under BYOD environment and arbitrarily accessed by different application, easily the problem of leakage information, it is ensured that the security of fileinfo.
Description
Technical field
The present invention relates to the communications field, the access side of processing method and processing device and file in particular to a kind of application file
Method and device.
Background technology
Mobile Internet is developed rapidly so that the application of intelligent terminal becomes increasingly abundant, and Android android system is as presently the most flowing
Capable intelligent terminal platform, only Google market Google Play provide Android application program of the quantity more than 1,000,000.
The popularization of intelligent terminal application so that become day from carrying device office (Bring Your Own Device, referred to as BYOD)
It is beneficial popular.Due to BYOD have work flexibly, the advantage such as improved efficiency and cost savings, it has also become the focus of research with not
Carry out the trend of enterprise development.
The increased popularity of Android applications causes increasing important and sensitive information to be stored in intelligent terminal, however, with
And come is then sensitive and the safety issue of privacy information.The leak that attacker can exist using android system, in intelligence
Malicious code can be implanted into terminal, steal user privacy information, heavy losses are caused to user.Correspondingly, BYOD technologies exist
The own mobile terminal of the confidentiality issue of intelligent terminal information, i.e. enterprise staff is exacerbated while offering convenience inevitably
It can operate in external web environment, be subject to malicious attack, cause the leakage of enterprise's sensitive information.At the same time, if with
Family privacy information does not obtain good safeguard protection, then may be read by enterprise's application, so as to cause the leakage of user privacy information.
At present, in order to solve the problems, such as intelligent terminal sensitive information leakage, more universal mode is added using the transparent of Android files
Decryption technology, when the kernel level of operating system is realized in reading and writing of files data, completes the transparent encryption and decryption of file, so that not
Change user to be accustomed on the premise of with user not discovering, realize the information protection of intelligent terminal.For example, Patent No.
The patent of " CN104252605A " proposes the file transparent that a kind of hook (hook) technology based on Android bottoms is realized
Encipher-decipher method, the pass phrase that can be provided according to user realizes the encryption and decryption to particular category file.In another example Patent No.
The patent of " CN104331644A " is realized and authorized also with socket Netlink and the hook technology of operating system bottom
Process and the access control and the transparent encryption and decryption of file of file to be protected.Although this kind of transparent encryption and decryption technology can realize file
Confidentiality protection, but need system root authority, both limited the deployment scope of Android file encryption-decryption technologies, also can
Adapt to BYOD running environment.Similarly, the patent of such as Patent No. " CN104951705A " proposes a kind of based on behaviour
Make the Android application datas encryption method for packing of system interface rewriting, apply porch code by inserting, realize and opened in application
Java local interfaces (the Java Native Interface, abbreviation that input and output (Input/Output, referred to as I/O) are read and write when dynamic
For JNI) call instruction progress hook is with replacing, and still fall within realizes the transparent encryption and decryption of file in system bottom, and implementation is
The replacement of underlay approach.
Above-mentioned patent transparent encryption and decryption of file in android system bottom layer realization, however, in the above-mentioned methods, it is all
Identical access rights are respectively provided with using for all encryption files, it is impossible to the transparent processing BYOD rings in encryption process
Packet-based file access control problem, i.e. different application group are differed for the access rights of different files under border.
Therefore, in order to protect the confidentiality of enterprise's sensitive information and user privacy information under BYOD environment, it is allowed to attack from malice
Hit and validated user the information leakage problem that is brought of unauthorized access, and easily can be disposed on a large scale,
It is necessary to provide a kind of Android file real-time encryption and decryption methods of application layer, android system root authority need not be being obtained
Under the premise of, the confidentiality of Android terminal stored information can either be strengthened, can simultaneously meet under BYOD environment and be based on again
The file access control requirement of packet.
For in correlation technique, file is arbitrarily accessed by different application under BYOD environment, easily the problem of leakage information, at present
Scheme is not efficiently solved also.
The content of the invention
The invention provides a kind of processing method and processing device of application file and the access method and device of file, at least to solve phase
File is arbitrarily accessed by different application under BYOD environment in the technology of pass, easily the problem of leakage information.
According to an aspect of the invention, there is provided a kind of processing method of application file, including:
Decompiling terminal applies file obtains byte code files;
The input and output I/O operation object of the byte code files is obtained, carrying out code instrumentation to the I/O operation object is handled
To the I/O operation object with encryption and decryption functions;
Compiling is carried out back to the byte code files for including the I/O operation object with encryption and decryption functions.
Further, code instrumentation processing is carried out to the I/O operation object and obtains the I/O operation object bag with encryption and decryption functions
Include:
In the case where the I/O operation object of the byte code files is order read-write or random read-write I/O operation object, use
Custom security class object replaces the I/O operation object;
In the case where the I/O operation object of the byte code files is internal memory mapping mode, the internal memory of the byte code files is marked
Mapped buffer object, and code instrumentation processing is carried out to internal memory mapped buffer object.
Further, it is order read-write or the feelings of random read-write I/O operation object in the I/O operation object of the byte code files
Under condition, replacing the I/O operation object using custom security class object includes:
The custom security subclass of class corresponding to the I/O operation object is created, the object instance of the custom security subclass is used
Replace the I/O operation object instance;
Create that class corresponding to the I/O operation object is of the same name and custom security class under the different NameSpaces, use described the
The object instance of two custom security classes replaces the function signature information of the I/O operation object instance and the I/O operation object.
Further, the terminal applies file includes:Executable file;The resource file storehouse of terminal loads operation.
According to an aspect of the invention, there is provided a kind of access method of file, including:
Obtain access request of the terminal applies to protected file;
The input and output I/O operation object with encryption and decryption functions of the terminal applies is called to check the group of the protected file
Authentication information, wherein, described group of authentication information is set by the terminal applies for creating the protected file, with encryption and decryption
The I/O operation object of function is generated in the following manner:The application file of terminal applies described in decompiling obtains byte code files, obtains
The input and output I/O operation object of the byte code files is taken, code instrumentation processing is carried out to the I/O operation object to be had
The I/O operation object of encryption and decryption functions;
Determine whether the terminal applies there are access rights to the protected file according to described group of authentication information, in the terminal
In the case of with the protected file access rights, it is allowed to the access request, wherein, in described group of authentication information
In the case of detection by the input and output I/O operation object with encryption and decryption functions, determine that the terminal applies have institute
State protected file access rights.
Further, it is determined that the terminal applies have to the protected file access rights in the case of after, the side
Method also includes:
Operation is decrypted to the protected file according to group key information in the terminal applies, wherein, the group key information
The terminal applies are obtained in advance.
Further, the group key information is obtained in advance by one below mode:
In the case where the terminal belonging to the terminal applies is connected with key server, key server described in real-time reception is distributed
Group key information;
In the case where the terminal belonging to the terminal applies is not connected with the key server, the group key being locally stored is used
Information.
Further, in the case where allowing the access request, read-write operation type bag of the terminal applies to the file
Include one below:Order read-write I/O operation, random read-write I/O operation and memory-mapped I/O operation.
Further,
The order read-write I/O operation includes one below:Order read-write I/O operation form based on byte stream, based on coded number
I/O operation form, the order read-write I/O operation form of compressed file, the order read-write based on file pipes are read and write according to the order of block
I/O operation form;
The random read-write I/O operation includes one below:Random read-write I/O operation form based on byte stream, based on file pipe
The random read-write I/O operation form in road.
Further, the memory-mapped I/O operation includes one below:
For the memory-mapped I/O operation that the protected file is overall;
The memory-mapped I/O for presetting original position and preset length for the protected file is operated.
According to another aspect of the present invention there is provided a kind of processing unit of application file, applied to terminal, including:
Decompiling module, byte code files are obtained for decompiling terminal applies file;
Module is inserted, the input and output I/O operation object for obtaining the byte code files is carried out to the I/O operation object
Code instrumentation processing obtains the I/O operation object with encryption and decryption functions;
Collector is returned, for carrying out back compiling to the byte code files for including the I/O operation object with encryption and decryption functions.
Further, the inserting module includes:
Replacement unit, is order read-write or random read-write I/O operation object for the I/O operation object in the byte code files
In the case of, replace the I/O operation object using custom security class object;
Indexing unit, in the case of being internal memory mapping mode in the I/O operation object of the byte code files, marks the word
The internal memory mapped buffer object of code file is saved, and code instrumentation processing is carried out to internal memory mapped buffer object.
According to another aspect of the present invention there is provided a kind of access mechanism of file, applied to terminal, including:
Acquisition module, for obtaining access request of the terminal applies to protected file;
Module is checked, for calling the input and output I/O operation object with encryption and decryption functions of the terminal applies to check the quilt
The group authentication information of file is protected, wherein, described group of authentication information is set by the terminal applies for creating the protected file,
I/O operation object with encryption and decryption functions is generated in the following manner:The application file of terminal applies described in decompiling obtains byte
Code file, obtains the input and output I/O operation object of the byte code files, and the I/O operation object is carried out at code instrumentation
Reason obtains the I/O operation object with encryption and decryption functions;
Access modules, for determining whether the terminal applies have access right to the protected file according to described group of authentication information
Limit, in the case of it is determined that the terminal applies have to the protected file access rights, it is allowed to the access request, its
In, in the case of detection of the described group of authentication information by the input and output I/O operation object with encryption and decryption functions, really
The fixed terminal applies have the protected file access rights.
Further, the access modules are additionally operable to it is determined that the terminal applies have to the protected file access rights
In the case of after, operation is decrypted to the protected file according to group key information in the terminal applies, wherein, described group
Key information is that the terminal applies are obtained in advance.
By the present invention, access request of the terminal applies to protected file is obtained, that calls the terminal applies has encryption and decryption work(
The input and output I/O operation object of energy checks the group authentication information of the protected file, wherein, this group of authentication information is somebody's turn to do by creating
What the terminal applies of protected file were set, the I/O operation object with encryption and decryption functions is generated in the following manner:Decompiling should
The application file of terminal applies obtains byte code files, the input and output I/O operation object of the byte code files is obtained, to the I/O
Operation object carries out code instrumentation processing and obtains the I/O operation object with encryption and decryption functions, and the end is determined according to this group of authentication information
Whether end application has access rights to the protected file, in the case where the terminal applies have the protected file access rights,
Allow the access request, wherein, this group of authentication information by this have encryption and decryption functions input and output I/O operation object inspection
In the case of survey, determine that the terminal applies have the protected file access rights, solve file under BYOD environment different
Using random access, easily the problem of leakage information, it is ensured that the security of fileinfo.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, of the invention shows
Meaning property embodiment and its illustrate be used for explain the present invention, do not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is a kind of flow chart of the processing method of application file according to embodiments of the present invention;
Fig. 2 is a kind of flow chart of the access method of file according to embodiments of the present invention;
Fig. 3 is a kind of structured flowchart one of the processing unit of application file according to embodiments of the present invention;
Fig. 4 is a kind of structured flowchart two of the processing unit of application file according to embodiments of the present invention;
Fig. 5 is a kind of structured flowchart of the access mechanism of file according to embodiments of the present invention;
Fig. 6 is the schematic diagram that Android application codes according to the preferred embodiment of the invention insert process;
Fig. 7 is the schematic diagram that Android applications according to embodiments of the present invention access protected file;
Fig. 8 is the schematic diagram of application example a kind of in BYOD environment according to the preferred embodiment of the invention;
Fig. 9 is the application example for performing file access control in Android application change packets according to the preferred embodiment of the present invention
Schematic diagram.
Embodiment
Describe the present invention in detail below with reference to accompanying drawing and in conjunction with the embodiments.It should be noted that in the case where not conflicting,
The feature in embodiment and embodiment in the application can be mutually combined.
It should be noted that term " first ", " second " in description and claims of this specification and above-mentioned accompanying drawing etc. is to use
In distinguishing similar object, without for describing specific order or precedence.
A kind of processing method of application file is provided in the present embodiment, and Fig. 1 is a kind of practical writing according to embodiments of the present invention
The flow chart of the processing method of part, as shown in figure 1, the flow comprises the following steps:
Step S102, decompiling terminal applies file obtains byte code files;
Step S104, obtains the input and output I/O operation object of the byte code files, and line code is entered to the I/O operation object and is inserted
Dress processing obtains the I/O operation object with encryption and decryption functions;
The byte code files for including the I/O operation object with encryption and decryption functions are carried out back compiling by step S106.
By above-mentioned steps, decompiling terminal applies file obtains byte code files, obtains the input and output I/O of the byte code files
Operation object, to the I/O operation object carry out code instrumentation processing obtain the I/O operation object with encryption and decryption functions, to comprising
There is this that there are the byte code files of the I/O operation object of encryption and decryption functions to carry out back compiling.Code instrumentation technology is a kind of by modification
Or delete existing instruction and insert the technology that new instruction carrys out reprogramming process performing, in the related art, terminal applies do not have
There is the function of encryption and decryption file, the application file of terminal applies by code instrumentation technology modification imparts terminal applies and adds solution
The function of ciphertext part, every file by the terminal applies input and output can all be marked, and the mark is used for follow-up other and answered
With identification.Using above-mentioned technical proposal, solve file under BYOD environment and arbitrarily accessed by different application, easily reveal information
The problem of, it is ensured that the security of fileinfo.
In the present embodiment, code instrumentation processing is carried out to the I/O operation object and obtains the I/O operation object with encryption and decryption functions
Including:
In the case where the I/O operation object of the byte code files is order read-write or random read-write I/O operation object, using certainly
Define safe class object and replace the I/O operation object;
In the case where the I/O operation object of the byte code files is internal memory mapping mode, the internal memory of the byte code files is marked to map
Buffer object, and code instrumentation processing is carried out to the internal memory mapped buffer object.
In the present embodiment, it is sequentially read-write or random read-write I/O operation object in the I/O operation object of the byte code files
In the case of, replacing the I/O operation object using custom security class object includes:
The custom security subclass of class corresponding to the I/O operation object is created, is replaced using the object instance of the custom security subclass
The I/O operation object instance;
Create that class corresponding to the I/O operation object is of the same name and custom security class under the different NameSpaces, using this second from
The object instance for defining security classes replaces the I/O operation object instance and the function signature information of the I/O operation object.
In the present embodiment, the terminal applies file includes:Executable file;The resource file storehouse of terminal loads operation, for example
The executable file suffixes that Android Android system can be read is .DEX file.
A kind of access method of file is provided in the present embodiment, and Fig. 2 is a kind of access of file according to embodiments of the present invention
The flow chart of method, as shown in Fig. 2 the flow comprises the following steps:
Step S202, obtains access request of the terminal applies to protected file;
Step S204, calls the input and output I/O operation object with encryption and decryption functions of the terminal applies to check this by protection text
The group authentication information of part, wherein, this group of authentication information is what is set by creating the terminal applies of the protected file, with adding solution
The I/O operation object of close function is generated in the following manner:The application file of the decompiling terminal applies obtains byte code files, obtains
The input and output I/O operation object of the byte code files is taken, code instrumentation processing is carried out to the I/O operation object and obtains having plus solution
The I/O operation object of close function;
Step S206, determines whether the terminal applies have access rights to the protected file, at the end according to this group of authentication information
In the case that end application has the protected file access rights, it is allowed to the access request, wherein, pass through in this group of authentication information
In the case that this has the detection of input and output I/O operation object of encryption and decryption functions, determine that the terminal applies have this by protection text
Part access rights.
By above-mentioned steps, access request of the terminal applies to protected file is obtained, that calls the terminal applies has encryption and decryption
The input and output I/O operation object of function checks the group authentication information of the protected file, and the terminal is determined according to this group of authentication information
Whether there are access rights using to the protected file, in the case where the terminal applies have the protected file access rights,
Allow the access request.The group authentication information of protected file is to create that the terminal applies of this document set, it is necessary to explanation,
Protected file is can be created by the first application of terminal, and the protected file is accessed by the second application requirement of terminal, and
Either the first application of terminal or the second application of terminal are all the applications of three step process by Fig. 1, include tool
There is the I/O operation object of encryption and decryption functions.
In the present embodiment, it is determined that the terminal applies have to the protected file access rights in the case of after, the terminal
Operation is decrypted to the protected file using according to group key information, wherein, the group key information is that the terminal applies are advance
Obtain.The present embodiment, by increase group authentication information, realizes checking and the Authority Verification of key to the protection of file, for logical
Cross group and differentiate related identification, the work that file cipher text is decrypted the group key obtained in advance by terminal.
In the present embodiment, the group key information is obtained in advance by one below mode:
In the case where the terminal belonging to the terminal applies is connected with key server, the group of real-time reception key server distribution
Key information;
In the case where the terminal belonging to the terminal applies is not connected with the key server, the group key information being locally stored is used.
In the present embodiment, in the case where allowing the access request, the terminal applies include to the read-write operation type of this document
One below:Order read-write I/O operation, random read-write I/O operation and memory-mapped I/O operation.
In the present embodiment, the order read-write I/O operation includes one below:Order read-write I/O operation form based on byte stream,
Order read-write I/O operation form based on coded data block, the order read-write I/O operation form of compressed file, based on file pipes
Order read-write I/O operation form;
The random read-write I/O operation includes one below:Random read-write I/O operation form based on byte stream, based on file pipes
Random read-write I/O operation form.
In the present embodiment, memory-mapped I/O operation includes one below:
For the memory-mapped I/O operation that the protected file is overall;
The memory-mapped I/O for presetting original position and preset length for the protected file is operated.
A kind of processing unit of application file is additionally provided in the present embodiment, and applied to terminal, the device is used to realize above-mentioned reality
Example and preferred embodiment are applied, repeating no more for explanation had been carried out.As used below, term " module " can be real
The combination of the software and/or hardware of existing predetermined function.Although the device described by following examples is preferably realized with software,
It is hardware, or the realization of the combination of software and hardware is also that may and be contemplated.
Fig. 3 is a kind of structured flowchart one of the processing unit of application file according to embodiments of the present invention, as shown in figure 3, the dress
Put including:
Decompiling module 32, byte code files are obtained for decompiling terminal applies file;
Module 34 is inserted, is connected with decompiling module 32, the input and output I/O operation object for obtaining the byte code files,
Code instrumentation processing is carried out to the I/O operation object and obtains the I/O operation object with encryption and decryption functions;
Collector 36 is returned, is connected with inserting module 34, for including the I/O operation object with encryption and decryption functions
Byte code files carry out back compiling.
Fig. 4 is a kind of structured flowchart two of the processing unit of application file according to embodiments of the present invention, as shown in figure 4, this is inserted
Include for die-filling piece 34:
Replacement unit 42, is order read-write or random read-write I/O operation object for the I/O operation object in the byte code files
In the case of, replace the I/O operation object using custom security class object;
Indexing unit 44, in the case of being internal memory mapping mode in the I/O operation object of the byte code files, marks the word
The internal memory mapped buffer object of code file is saved, and code instrumentation processing is carried out to the internal memory mapped buffer object.
Fig. 5 is a kind of structured flowchart of the access mechanism of file according to embodiments of the present invention, as shown in figure 5, the device includes:
Acquisition module 52, for obtaining access request of the terminal applies to protected file;
Module 54 is checked, is connected with acquisition module 52, the input and output I/O with encryption and decryption functions for calling the terminal applies
Operation object checks the group authentication information of the protected file, wherein, this group of authentication information is the end by creating the protected file
End application is set, and the I/O operation object with encryption and decryption functions is generated in the following manner:The application of the decompiling terminal applies
File obtains byte code files, obtains the input and output I/O operation object of the byte code files, and generation is carried out to the I/O operation object
Code inserting processing obtains the I/O operation object with encryption and decryption functions;
Access modules 56, with checking that module 54 is connected, for determining the terminal applies to this by protection text according to this group of authentication information
Whether part has access rights, in the case of it is determined that the terminal applies have to the protected file access rights, it is allowed to the access
Request, wherein, in the case where this group of authentication information has the detection of input and output I/O operation object of encryption and decryption functions by this,
Determine that the terminal applies have the protected file access rights.
In the present embodiment, the access modules 56 are additionally operable to it is determined that the terminal applies have to the protected file access rights
In the case of after, operation is decrypted to the protected file according to group key information in the terminal applies, wherein, the group key is believed
Breath is that the terminal applies are obtained in advance.
It should be noted that above-mentioned modules can be by software or hardware to realize, for the latter, can by with
Under type is realized, but not limited to this:Above-mentioned modules are respectively positioned in same processor;Or, above-mentioned modules distinguish position
In different processors.
It is described in detail with reference to the preferred embodiment of the present invention.
The preferred embodiment of the present invention provide it is a kind of towards packet access control, based on application layer realize Android Android files
Real-time encryption and decryption mode, can read user-defined dynamic access control strategy, and can need not obtain power user root power
In the case of limiting or Android first floor systems being modified, the real-time encryption and decryption of file is realized in Android application layers, to carry
For the confidentiality of Android files.That is, it is necessary to which real-time encryption and decryption technology meets following two sides under BYOD application environments
The requirement in face:On the one hand require that application can correctly recognize business data and user's private data, and can be carried out based on user's group
Access control and data protection;On the other hand require without bottom android system being modified and being obtained system root authority,
To strengthen the terminal adaptability and disposition flexibility of real-time encryption and decryption technology.
To achieve these goals, the technical solution of the preferred embodiment of the present invention is:It is to realize to text because Android is applied
The read and write access of part, file I/O application programming interface (the Application Programming that Java framework need to be called to provide
Interface, referred to as API), then by bytecode Static Analysis Technology, all file access objects in monitoring application, and
Definition process function is inserted from, the reading of packet access control policy and real-time encryption and decryption functions is realized, is based on so as to realize
The file access control and Confidentiality protection of application packet.
The preferred embodiment of the present invention carries out decompiling to Android applications first and obtains its bytecode, then recognizes Android frameworks
The Java layer file I/O interfaces API of offer.Because the file I/O operation of android system can be order read-write or random write
The different types such as write, thus need to use corresponding code instrumentation for different file I/O types, and call encryption/decryption module,
Realize the real-time encryption and decryption of Android files.Especially, in order to realize the file access control based on application packet, the present invention is adopted
The mode being combined with dynamic group key and group authentication information, application packet is converted to the access privilege control problem of file
Can application packet carry out correct encryption and decryption problem to file, so as to while file real-time encryption and decryption is realized, can realize
Required packet-based file access control requirement under BYOD environment.In addition, the encryption process of file is specific
Android applications are internal to be realized, thus is not customized and limited by Android versions and android system, without modification bottom
Layer android system and acquisition system root authority, flexibility are good;Meanwhile, the encryption process of file is completed in real time in internal memory,
Any clear data will not be stored in equipment, security is good.
Enter for Android application Androids installation kit (Android Package, referred to as apk) file of access control to be performed
Row instrumentation operations, insertion method is as follows:
Step one, decompiling is carried out to the Android application apk files of access control to be performed, obtains the bytecode text of the application
Part.
Step 2, one class of each node on behalf in class-based byte code files tree, tree is constructed for the byte code files of generation
File.
Step 3, is analyzed byte code files tree, all file I/O operation objects of acquisition and document memory mapped buffer
Object.
Step 4, judges file I/O operation object, if I/O objects are order read-write or random read-write I/O objects,
Using the upward transition characteristic of programming language, by code instrumentation method, original I/O objects are substituted using custom security class object;
If I/O operation is internal memory mapping mode, the internal memory mapped buffer object is marked, and code instrumentation is to realize for institute
There is the safe handling for the internal memory mapped buffer Object Operations.
Step 5, carries out back compiling, and carry out enterprise's signature for the byte code files after inserting.
In the Android application implementation procedures for having been carried out access control inserting, the process for accessing protected file is as follows:
Step one, Android is applied according to packet access control policy, and the mapping relations based on user identity and employing fingerprint are moved
State obtains the group key information of key management unit distribution.
Step 2, when Android applications create file to be protected, the I/O objects with encryption and decryption functions write in file in
In tail of file establishment group authentication information when being locally stored, and call crypto module that file is encrypted, generation ciphertext storage.
Step 3, when Android application access protected files are written and read operation, has I/O pairs of encryption and decryption functions in
Group authentication information as checking protected file afterbody, to judge whether the application has the access rights to protected file.
Step 4, if judging in step 3, Android is applied with the access limit to protected file, is had in application plus solution
The I/O object references crypto module of close function carries out encryption and decryption operation to protected file, and clear text file is returned during read operation, behaviour is write
Cryptograph files write-in is locally stored when making, i.e. if group authentication information is correct, group key may insure read-write operation success.
Step 5, if judging in step 3, Android applies the access limit not having to protected file, and refusal opens this article
Part.
Further, in the above method, used crypto module can be any block cipher.
Fig. 6 is the schematic diagram that Android application codes according to the preferred embodiment of the invention insert process, as shown in fig. 6, this hair
Bright preferred embodiment is realizes real-time encryption and decryption, and the process for carrying out code instrumentation to Android application codes is as follows:
S611:File real-time encryption and decryption program 601 calls APK decompilings module 602 (anti-equivalent to above-described embodiment first
Collector 32) decompiling is carried out to the Android application apk files that access control to be performed is operated, to generate bytecode text
Part;
S612:The byte code files that file real-time encryption and decryption program 601 calls byte code division to analyse 602 pairs of generations of module carry out static
Analysis, constructs one class file of each node on behalf in byte code files tree, tree;
S613:I/O operation type judging module 603 is traveled through to byte code files tree, is identified and is recorded in byte code files tree
All file I/O operations, and file I/O action type is judged, if I/O operation type is order read-write or random write
I/O operation is write, then performs S614, otherwise I/O operation type operates for memory-mapped I/O, S617 is performed;
S614:For the I/O operation of order/random read-write, order/random read-write I/O object handles module 605 is called, to perform
S615;
S615:Sequentially/random read-write I/O processing modules 605 (equivalent to the replacement unit 42 of above-described embodiment) will be for former I/O
Object is rewritten as custom security class object, wherein, custom security class includes being inherited from making by oneself for class corresponding to former I/O objects
The full subclass in Yian city and from class corresponding to former I/O objects is of the same name but the custom security class two types that belong under different NameSpaces;
S616:Sequentially/random read-write I/O processing modules 605 reconstruct byte code files tree after code instrumentation operation terminates;
S617:For memory-mapped I/O operation, document memory mapped buffer object handles module 606 is called (equivalent to above-mentioned
The indexing unit 44 of embodiment), to perform S618 and 619;
S618:Document memory mapped buffer object handles module 606 operates the internal memory mapped buffer object created to file I/O
It is marked, and object information is stored in chained list;
S619:Byte code files tree is traveled through, pacified for the operation being possible to for internal memory mapped buffer object
Full code instrumentation, so that the object information operationally followed the trail of and in chained list judges whether the object of the operation really reflects for internal memory
Buffer object is penetrated, if security control code is then performed, otherwise without any processing;
S620:Document memory mapped buffer object handles module 606 reconstructs byte code files after code instrumentation operation terminates
Tree;
S621:APK collectors 602 are performed, compiling are carried out back to the byte code files of reconstruct, and signed;
S622:Return through code instrumentation, the Android applications apk of application layer file real-time encryption and decryption function can be realized.
Fig. 7 is the schematic diagram that Android applications according to embodiments of the present invention access protected file, as shown in fig. 7, of the invention
The course of work during Android for the having been carried out access control instrumentation operations application access protected files of preferred embodiment is as follows:
S701:The Android for having been carried out access control instrumentation operations is applied for protected file execution read operation;
S702:Android applications dynamic access group key information first, by key management when the group key information both can be online
It is locally stored when device distribution or offline;
S703:The group authentication information of protected file afterbody is checked when opening file, to judge whether with the access to this document
Authority;
S704:Android is applied to be judged whether with the access rights to protected file, if then performing by group authentication information
S705, otherwise performs S708;
S705:If Android is applied with the access rights to file, cryptograph files to be read are obtained;
S706:Call crypto module that the ciphertext data that S705 is obtained are decrypted;
S707:The clear data recovered is returned to use for Android applications;
S708:If Android refuses the access to protected file using access rights not to file.
Fig. 8 is the schematic diagram of application example a kind of in BYOD environment according to the preferred embodiment of the invention, as shown in figure 8,
There are two secure groups 801 and 804 under the BYOD environment, wherein secure group 801 applies 802 Hes comprising Android
Android only applies 805 using 803 two member's applications, secure group 804 comprising Android.The file 807 of encryption is used
The group key of secure group 801 is encrypted, then the application in secure group 801 can be visited by file real-time encryption and decryption module 806
The file 807 of encryption is asked, and the application in secure group 804 is then denied access to.
S811:Android in secure group 801 attempts to read and write in encryption file 807 using 802 by file read-write I/O requests
Data;
S812:File real-time encryption and decryption module 806 judges that Android has to encryption file using 802 according to a group authentication information
807 access rights, are returned after the ciphertext data of read operation are decrypted by S819 JNI interface interchanges crypto module 808
Return clear data;
S813:Android in secure group 801 attempts to read and write in encryption file 807 using 803 by file read-write I/O requests
Data;
S814:File real-time encryption and decryption module 806 judges that Android has to encryption file using 803 according to a group authentication information
807 access rights, are returned after the ciphertext data of read operation are decrypted by S819 JNI interface interchanges crypto module 808
Return clear data;
S815:Android in secure group 804 attempts to read and write in encryption file 807 using 805 by file read-write I/O requests
Data;
S816:File real-time encryption and decryption module 806 judges Android using 802 not to encryption file according to a group authentication information
807 access rights, refuse access of the application to encryption file 807;
S817:If Android is applied with the access rights to encrypting file 807, file real-time encryption and decryption module 806 is first
The clear data of write operation is encrypted by S819 JNI interface interchanges crypto module 808, then ciphertext data are write
Encrypt file 807;
S818:If Android is applied with the access rights to encrypting file 807, file real-time encryption and decryption module 806 is read
The ciphertext data in file 807 are encrypted, then ciphertext data are solved by S819 JNI interface interchanges crypto module 808
Close recovery clear data;
S819:Java layer identification codes realize that encryption and decryption is operated by the crypto module of Native layers of JNI interface interchanges.
Fig. 9 is the application example for performing file access control in Android application change packets according to the preferred embodiment of the present invention
Schematic diagram, as shown in Figure 9:
There is Android in the application example scene using 901, group key management device 902 and two secure groups:Secure group
A903 and secure group B904, cryptograph files A906 are encrypted using secure group A903 group key, cryptograph files B907
It is encrypted using secure group B904 group key.When initial, group key management device 902 authorizes peace to Android using 901
Full group A group key, i.e. Android is applied using 901 members for turning into secure group A, can add solution in real time by file
Close module 905 accesses cryptograph files 906, and to the access denied of cryptograph files 907;Then, group key management device 902 to
Android also implies that the group for having cancelled Android using 901 secure group A using 901 group keys for authorizing secure group B
Key, i.e. Android is applied using 901 members for turning into secure group B, can be visited by file real-time encryption and decryption module 905
Cryptograph files 907 are asked, and to the access denied of cryptograph files 906.
S911:When initial, group key management device 902 is to Android using 901 group keys for authorizing secure group A;
S912:The group keys that Android obtains secure group A using 901, it is meant that the application as secure group A903 into
Member's application;
S913:Android in secure group A903 attempts to read and write cryptograph files 906 using 901 by file read-write I/O requests
In data;
S914:If file real-time encryption and decryption module 905 judges that Android has to cryptograph files using 901 according to a group authentication information
906 access rights, then file real-time encryption and decryption module 905 call crypto module that the clear data of write operation is encrypted first,
Then ciphertext data are write into cryptograph files 906;
S915:If file real-time encryption and decryption module 905 judges that Android has to cryptograph files using 901 according to a group authentication information
906 access rights, then the ciphertext data in the reading of file real-time encryption and decryption module 905 cryptograph files 906, then call password
Recovery clear data is decrypted to ciphertext data in module;
S916:File real-time encryption and decryption module 905 is judging Android using 901 with to the access rights of cryptograph files 906
Under the premise of, the clear data recovered in S915 is returned into Android and applies 901;
S917:Android in secure group A903 attempts to read and write cryptograph files 907 using 901 by file read-write I/O requests
In data;
S918:File real-time encryption and decryption module 905 judges Android using 901 not to cryptograph files according to a group authentication information
907 access rights, refuse access of the application to cryptograph files 907;
S921:Then, group key management device 902 applies 901 group keys for authorizing secure group B to Android, i.e. revocation
Android applies the 901 secure group A being currently owned by group key;
S922:The group keys that Android obtains secure group B using 901, it is meant that the application as secure group B904 into
Member's application;
S923:Android in secure group B904 attempts to read and write cryptograph files 906 using 901 by file read-write I/O requests
In data;
S924:File real-time encryption and decryption module 905 judges Android using 901 not to cryptograph files according to a group authentication information
906 access rights, refuse access of the application to cryptograph files 906;
S925:Android in secure group B904 attempts to read and write cryptograph files 907 using 901 by file read-write I/O requests
In data;
S926:If file real-time encryption and decryption module 905 judges that Android has to cryptograph files using 901 according to a group authentication information
907 access rights, then file real-time encryption and decryption module 905 call crypto module that the clear data of write operation is encrypted first,
Then ciphertext data are write into cryptograph files 907;
S927:If file real-time encryption and decryption module 905 judges that Android has to cryptograph files using 901 according to a group authentication information
907 access rights, then the ciphertext data in the reading of file real-time encryption and decryption module 905 cryptograph files 907, then call password
Recovery clear data is decrypted to ciphertext data in module;
S928:File real-time encryption and decryption module 905 is judging Android using 901 with to the access rights of cryptograph files 907
Under the premise of, the clear data that S927 recovers is returned into Android and applies 901.
Compared with correlation technique, the preferred embodiment of the present invention propose it is a kind of towards packet access control, based on Android application
The file real-time encryption and decryption method that layer is realized, the good effect of the preferred embodiment of the present invention is:
(1) realize flexible with deployment way
The Android application layers file real-time encryption and decryption method of the preferred embodiment of the present invention is realized in application layer, using code instrumentation skill
Art realizes the I/O operation control and encryption and decryption functions to file to be protected, and need not change underlying operating system or system is carried out
Root is operated, thus realization and deployment way are more flexible, it is easy to promoted.
(2) towards the file access control and Confidentiality protection of packet
The Android application layer file real-time encryption and decryption methods of the preferred embodiment of the present invention can be defined according to security strategy, pass through text
Part encryption and decryption is operated while confidentiality is provided for protected file, realizes the file access control function towards packet.File
Encryption process realize specific Android applications are internal, according to dynamic group key and group authentication information, realize Android
Using access control function of the group to specific file, thus it is more suitable under BYOD environment enterprise using being coexisted with individual application
When Android file encryption-decryptions.
The above-mentioned strategy that the preferred embodiment of the present invention is used, the file that can be effectively realized for Android application groups adds solution in real time
Close, there is provided the confidentiality of Android files on the premise of Android first floor systems are not changed.
Through the above description of the embodiments, those skilled in the art can be understood that the side according to above-described embodiment
Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases before
Person is more preferably embodiment.Understood based on such, technical scheme substantially makes tribute to prior art in other words
The part offered can be embodied in the form of software product, and the computer software product is stored in a storage medium (such as
ROM/RAM, magnetic disc, CD) in, including some instructions to cause a station terminal equipment (can be mobile phone, computer,
Server, or the network equipment etc.) perform method described in each embodiment of the invention.
Embodiments of the invention additionally provide a kind of storage medium.Alternatively, in the present embodiment, above-mentioned storage medium can be by
It is set to the program code that storage is used to perform following steps:
S1, obtains access request of the terminal applies to protected file;
S2, calls the input and output I/O operation object with encryption and decryption functions of the terminal applies to check the group mirror of the protected file
Other information, wherein, this group of authentication information is what is set by creating the terminal applies of the protected file, with encryption and decryption functions
I/O operation object is generated in the following manner:The application file of the decompiling terminal applies obtains byte code files, obtains the byte
The input and output I/O operation object of code file, code instrumentation processing is carried out to the I/O operation object and is obtained with encryption and decryption functions
I/O operation object;
S3, determines whether the terminal applies have access rights to the protected file, in the terminal applies according to this group of authentication information
In the case of the protected file access rights, it is allowed to the access request, wherein, have in this group of authentication information by this
In the case of the detection of the input and output I/O operation object of encryption and decryption functions, determine that the terminal applies are accessed with the protected file
Authority.
Alternatively, storage medium is also configured to the program code that storage is used to perform the method and step of above-described embodiment.
Alternatively, in the present embodiment, above-mentioned storage medium can include but is not limited to:USB flash disk, read-only storage (ROM,
Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disc or
Person's CD etc. is various can be with the medium of store program codes.
Alternatively, the specific example in the present embodiment may be referred to the example described in above-described embodiment and optional embodiment,
The present embodiment will not be repeated here.
Obviously, those skilled in the art should be understood that above-mentioned each module of the invention or each step can use general calculating
Device realizes that they can be concentrated on single computing device, or be distributed on the network that multiple computing devices are constituted,
Alternatively, they can be realized with the executable program code of computing device, it is thus possible to be stored in storage device
In performed by computing device, and in some cases, can be to perform shown or described step different from order herein
Suddenly, they are either fabricated to each integrated circuit modules respectively or be fabricated to the multiple modules or step in them single
Integrated circuit modules are realized.So, the present invention is not restricted to any specific hardware and software combination.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for those skilled in the art
For, the present invention can have various modifications and variations.Any modification within the spirit and principles of the invention, being made, etc.
With replacement, improvement etc., it should be included in the scope of the protection.
Claims (14)
1. a kind of processing method of application file, it is characterised in that including:
Decompiling terminal applies file obtains byte code files;
The input and output I/O operation object of the byte code files is obtained, the I/O operation object is carried out at code instrumentation
Reason obtains the I/O operation object with encryption and decryption functions;
Compiling is carried out back to the byte code files for including the I/O operation object with encryption and decryption functions.
2. according to the method described in claim 1, it is characterised in that code instrumentation processing is carried out to the I/O operation object and is had
The I/O operation object for having encryption and decryption functions includes:
In the case where the I/O operation object of the byte code files is order read-write or random read-write I/O operation object,
The I/O operation object is replaced using custom security class object;
In the case where the I/O operation object of the byte code files is internal memory mapping mode, the byte code files are marked
Internal memory mapped buffer object, and code instrumentation processing is carried out to internal memory mapped buffer object.
3. method according to claim 2, it is characterised in that read and write in the I/O operation object of the byte code files for order
Or in the case of random read-write I/O operation object, replacing the I/O operation object using custom security class object includes:
The custom security subclass of class corresponding to the I/O operation object is created, the object of the custom security subclass is used
Example replaces the I/O operation object instance;
Create that class corresponding to the I/O operation object is of the same name and custom security class under the different NameSpaces, use the
The object instance of two custom security classes replaces the function signature of the I/O operation object instance and the I/O operation object
Information.
4. according to the method in any one of claims 1 to 3, it is characterised in that the terminal applies file includes:
Executable file;
The resource file storehouse of terminal loads operation.
5. a kind of access method of file, it is characterised in that including:
Obtain access request of the terminal applies to protected file;
The input and output I/O operation object with encryption and decryption functions of the terminal applies is called to check the protected file
Group authentication information, wherein, described group of authentication information is set by the terminal applies for creating the protected file, tool
The I/O operation object for having encryption and decryption functions is generated in the following manner:The application file of terminal applies described in decompiling obtains word
Code file is saved, the input and output I/O operation object of the byte code files is obtained, line code is entered to the I/O operation object
Inserting processing obtains the I/O operation object with encryption and decryption functions;
Determine whether the terminal applies there are access rights to the protected file according to described group of authentication information, described
In the case that terminal applies have the protected file access rights, it is allowed to the access request, wherein, at described group
In the case of detection of the authentication information by the input and output I/O operation object with encryption and decryption functions, the end is determined
End application has the protected file access rights.
6. method according to claim 5, it is characterised in that it is determined that the terminal applies have to the protected file
After in the case of access rights, methods described also includes:
Operation is decrypted to the protected file according to group key information in the terminal applies, wherein, the group key
Information is that the terminal applies are obtained in advance.
7. method according to claim 6, it is characterised in that the group key information is obtained in advance by one below mode:
In the case where the terminal belonging to the terminal applies is connected with key server, key server described in real-time reception
The group key information of distribution;
In the case where the terminal belonging to the terminal applies is not connected with the key server, the group being locally stored is used
Key information.
8. method according to claim 5, it is characterised in that in the case where allowing the access request, the terminal should
Include one below with the read-write operation type to the file:
Order read-write I/O operation, random read-write I/O operation and memory-mapped I/O operation.
9. method according to claim 8, it is characterised in that
The order read-write I/O operation includes one below:Order read-write I/O operation form based on byte stream, based on volume
The order read-write I/O operation form of code data block, the order read-write I/O operation form of compressed file, based on file pipes
Order read-write I/O operation form;
The random read-write I/O operation includes one below:Random read-write I/O operation form based on byte stream, based on text
The random read-write I/O operation form of part pipeline.
10. method according to claim 8, it is characterised in that the memory-mapped I/O operation includes one below:
For the memory-mapped I/O operation that the protected file is overall;
The memory-mapped I/O for presetting original position and preset length for the protected file is operated.
11. a kind of processing unit of application file, applied to terminal, it is characterised in that including:
Decompiling module, byte code files are obtained for decompiling terminal applies file;
Insert module, the input and output I/O operation object for obtaining the byte code files, to the I/O operation object
Carry out code instrumentation processing and obtain the I/O operation object with encryption and decryption functions;
Collector is returned, for being returned to the byte code files for including the I/O operation object with encryption and decryption functions
Compiling.
12. device according to claim 11, it is characterised in that the inserting module includes:
Replacement unit, is order read-write or random read-write I/O operation for the I/O operation object in the byte code files
In the case of object, the I/O operation object is replaced using custom security class object;
Indexing unit, in the case of being internal memory mapping mode in the I/O operation object of the byte code files, marks institute
The internal memory mapped buffer object of byte code files is stated, and code instrumentation processing is carried out to internal memory mapped buffer object.
13. a kind of access mechanism of file, applied to terminal, it is characterised in that including:
Acquisition module, for obtaining access request of the terminal applies to protected file;
Module is checked, for calling the input and output I/O operation object with encryption and decryption functions of the terminal applies to check institute
The group authentication information of protected file is stated, wherein, described group of authentication information is should by creating the terminal of the protected file
With setting, the I/O operation object with encryption and decryption functions is generated in the following manner:Terminal applies described in decompiling should
Byte code files are obtained with file, the input and output I/O operation object of the byte code files are obtained, to the I/O operation
Object carries out code instrumentation processing and obtains the I/O operation object with encryption and decryption functions;
Access modules, for determining whether the terminal applies have visit to the protected file according to described group of authentication information
Authority is asked, in the case of it is determined that the terminal applies have to the protected file access rights, it is allowed to described to access
Request, wherein, in detection of the described group of authentication information by the input and output I/O operation object with encryption and decryption functions
In the case of, determine that the terminal applies have the protected file access rights.
14. device according to claim 13, it is characterised in that the access modules are additionally operable to it is determined that the terminal applies have
After in the case of having to the protected file access rights, the terminal applies are protected according to group key information to described
Operation is decrypted in shield file, wherein, the group key information is that the terminal applies are obtained in advance.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610248009.3A CN107305606A (en) | 2016-04-20 | 2016-04-20 | The processing method and processing device of application file and the access method of file and device |
PCT/CN2017/081260 WO2017181968A1 (en) | 2016-04-20 | 2017-04-20 | Method for processing application file, method and device for accessing application file, and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610248009.3A CN107305606A (en) | 2016-04-20 | 2016-04-20 | The processing method and processing device of application file and the access method of file and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107305606A true CN107305606A (en) | 2017-10-31 |
Family
ID=60115648
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610248009.3A Pending CN107305606A (en) | 2016-04-20 | 2016-04-20 | The processing method and processing device of application file and the access method of file and device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107305606A (en) |
WO (1) | WO2017181968A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI678618B (en) * | 2018-06-22 | 2019-12-01 | 慧榮科技股份有限公司 | Method and apparatus for performing operations to namespaces of a flash memory device |
CN113835718A (en) * | 2020-06-23 | 2021-12-24 | 北京字节跳动网络技术有限公司 | Android application package generation method and device, terminal device and medium |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111259408B (en) * | 2018-12-03 | 2023-05-30 | 斑马智行网络(香港)有限公司 | Application authority management and checking method, device, equipment and storage medium |
CN109977040B (en) * | 2019-03-27 | 2023-11-14 | 努比亚技术有限公司 | File read-write permission control method, device, terminal and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104239820A (en) * | 2013-06-13 | 2014-12-24 | 普天信息技术研究院有限公司 | Secure storage device |
CN104951705A (en) * | 2015-07-08 | 2015-09-30 | 南京烽火星空通信发展有限公司 | Android application data encryption packaging method based on operating system interface rewriting |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150378756A1 (en) * | 2014-06-25 | 2015-12-31 | SmartBear Software, Inc. | Systems and methods for mobile application tracing instrumentation |
CN104252605B (en) * | 2014-09-17 | 2017-03-15 | 南京信息工程大学 | A kind of file transparent encrypting and deciphering system of Android platform and method |
CN104331644B (en) * | 2014-11-24 | 2017-08-04 | 北京邮电大学 | A kind of transparent encipher-decipher method of intelligent terminal file |
-
2016
- 2016-04-20 CN CN201610248009.3A patent/CN107305606A/en active Pending
-
2017
- 2017-04-20 WO PCT/CN2017/081260 patent/WO2017181968A1/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104239820A (en) * | 2013-06-13 | 2014-12-24 | 普天信息技术研究院有限公司 | Secure storage device |
CN104951705A (en) * | 2015-07-08 | 2015-09-30 | 南京烽火星空通信发展有限公司 | Android application data encryption packaging method based on operating system interface rewriting |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI678618B (en) * | 2018-06-22 | 2019-12-01 | 慧榮科技股份有限公司 | Method and apparatus for performing operations to namespaces of a flash memory device |
TWI708144B (en) * | 2018-06-22 | 2020-10-21 | 慧榮科技股份有限公司 | Apparatus and computer program product for performing operations to namespaces of a flash memory device |
US11307992B2 (en) | 2018-06-22 | 2022-04-19 | Silicon Motion, Inc. | Method and apparatus for performing operations to namespaces of a flash memory device |
CN113835718A (en) * | 2020-06-23 | 2021-12-24 | 北京字节跳动网络技术有限公司 | Android application package generation method and device, terminal device and medium |
Also Published As
Publication number | Publication date |
---|---|
WO2017181968A1 (en) | 2017-10-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109766722A (en) | The method and its system of intelligent contract are constructed in a kind of block chain | |
CN105408912A (en) | Process authentication and resource permissions | |
CN107679393B (en) | Android integrity verification method and device based on trusted execution environment | |
US8572372B2 (en) | Method for selectively enabling access to file systems of mobile terminals | |
US20220286448A1 (en) | Access to data stored in a cloud | |
EP1542112A1 (en) | Open type general-purpose attack-resistant cpu, and application system thereof | |
CN106980793B (en) | TrustZone-based universal password storage and reading method, device and terminal equipment | |
CN103617401A (en) | Method and device for protecting data files | |
SG189388A1 (en) | Cryptographic system and methodology for securing software cryptography | |
JP2016540282A (en) | Method and apparatus for protecting a dynamic library | |
CN107305606A (en) | The processing method and processing device of application file and the access method of file and device | |
CN105975867B (en) | A kind of data processing method | |
CN107358114A (en) | A kind of method and terminal for preventing user data loss | |
CN104484628B (en) | It is a kind of that there is the multi-application smart card of encrypting and decrypting | |
Wu et al. | Overprivileged permission detection for android applications | |
CN109241707A (en) | Application program obscures method, apparatus and server | |
CN113239853A (en) | Biological identification method, device and equipment based on privacy protection | |
WO2017112640A1 (en) | Obtaining a decryption key from a mobile device | |
CN108229210A (en) | A kind of method, terminal and computer readable storage medium for protecting data | |
CN110443039A (en) | Detection method, device and the electronic equipment of plug-in security | |
US9819663B1 (en) | Data protection file system | |
WO2015154469A1 (en) | Database operation method and device | |
CN108171063A (en) | Method, terminal and the computer readable storage medium of access safety element | |
WO2017112639A1 (en) | Encrypted synchronization | |
CN110069936A (en) | A kind of wooden horse steganography method and detection method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20171031 |
|
WD01 | Invention patent application deemed withdrawn after publication |