CN107333261A - Method, storage medium and the mobile terminal of encryption data - Google Patents

Method, storage medium and the mobile terminal of encryption data Download PDF

Info

Publication number
CN107333261A
CN107333261A CN201710475590.7A CN201710475590A CN107333261A CN 107333261 A CN107333261 A CN 107333261A CN 201710475590 A CN201710475590 A CN 201710475590A CN 107333261 A CN107333261 A CN 107333261A
Authority
CN
China
Prior art keywords
data
data block
encrypted
group
block
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710475590.7A
Other languages
Chinese (zh)
Inventor
赵创
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nubia Technology Co Ltd
Original Assignee
Nubia Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nubia Technology Co Ltd filed Critical Nubia Technology Co Ltd
Priority to CN201710475590.7A priority Critical patent/CN107333261A/en
Publication of CN107333261A publication Critical patent/CN107333261A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/7243User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality with interactive means for internal management of messages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72463User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Software Systems (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of method of encryption data, storage medium and mobile terminal, this method includes:The instruction data of current data group Bitmap file data blocks are obtained, wherein, indicate that data are used to indicate the data block service condition of each in data group;Operation is encrypted to the data in scheduled data block according to instruction data, wherein, the data block that scheduled data block is designated as being used for instruction data.The present invention, in encryption, is that each single data block is encrypted respectively, and not all data blocks in whole data group are encrypted together.By the way that data block that is single, being used is encrypted, in the case where ensureing secure user data, the time consumed in ciphering process is greatly shortened, the following problem of prior art is solved:Although existing cipher mode ensure that secure user data, but take oversize, strong influence Consumer's Experience.

Description

Method, storage medium and the mobile terminal of encryption data
Technical field
The present invention relates to communication field, more particularly to a kind of method of encryption data, storage medium and mobile terminal.
Background technology
Requirement more and more higher with people to terminal device security, the especially data of user partition cease with user profile Manner of breathing is closed, it is therefore desirable to user partition is encrypted operation, it is to avoid information is compromised.At present, conventional cipher mode includes: Full disk encryption, based on modes such as file encryptions.But, in ciphering process there is also one substantially the problem of, enciphering rate Speed strong influence Consumer's Experience.The data of user partition is quickly encrypted and have become each mobile terminal manufacturer The direction of research.
It is the cipher mode of ext4 file system for user partition, can be to whole when above-mentioned cipher mode is encrypted All Block (data block) of individual data (data) subregion carry out whole encryptions.If user's data subregions are 47.68G or so, Its sector number is that 93431672, Block numbers are 11678959, then in equipment first time start-up course, it is necessary to right 93431672/8 block is encrypted, and takes up to 254 seconds;And adjoint user's space is continuously increased, its corresponding piece Number is also accordingly increased, the time-consuming increase being directly proportional of encryption, strong influence first time starting up speed.
Therefore, although existing cipher mode ensure that secure user data, but take oversize, strong influence user Experience.
The content of the invention
It is a primary object of the present invention to propose a kind of method of encryption data, storage medium and mobile terminal, it is intended to solve The certainly following problem of prior art:Although existing cipher mode ensure that secure user data, but time-consuming oversize, greatly Influence Consumer's Experience.
To achieve the above object, the method for a kind of encryption data that the present invention is provided, including:Obtain current data group middle position The instruction data of map file data block, wherein, the instruction data are used to indicate that each data block uses feelings in the data group Condition;Operation is encrypted to the data in scheduled data block according to the instruction data, wherein, the scheduled data block is described Indicate that data are designated as the data block used.
Optionally, the data in scheduled data block are encrypted with operation according to the instruction data, including:According to described Indicate that data are determined in the data group with the presence or absence of the data block for needing to encrypt;When there is the data block for needing to encrypt, root Operation is encrypted to the data in the scheduled data block according to the instruction data;In the absence of the data block for needing to encrypt When, obtain next data group.
Optionally, the data in scheduled data block are encrypted after operation according to the instruction data, in addition to: S1, whether detection current data block is last data block to be encrypted in the data group;S2, be not that last is treated In the case of the data block of encryption, after the data block completes encryption, next data block to be encrypted is obtained, and perform S1。
Optionally, after step S1, in addition to:S3, in the case where being last data block to be encrypted, in institute State data block to complete after encryption, obtain next data group.
Optionally, before the next data group of acquisition, in addition to:Detect whether current data group is last data Group;In the case where not being last data group, next data group is obtained.
In addition, to achieve the above object, the present invention also proposes a kind of storage medium, and be stored with computer program, the meter Calculation machine program realizes following steps when being executed by processor:The instruction data of current data group Bitmap file data blocks are obtained, Wherein, the instruction data are used to indicate each data block service condition in the data group;According to the instruction data to pre- Determine the data in data block and operation is encrypted, wherein, the scheduled data block is described to indicate that data are designated as being used Data block.
Optionally, the computer program is indicating data in scheduled data block by the computing device according to described Data when the step of operation is encrypted, be implemented as follows step:Determined according to the instruction data in the data group With the presence or absence of the data block for needing to encrypt;When there is the data block for needing to encrypt, according to the instruction data to described predetermined Operation is encrypted in data in data block;When in the absence of the data block for needing to encrypt, next data group is obtained.
Optionally, the computer program is indicating data in scheduled data block by the computing device according to described Data the step of operation is encrypted after, also by the computing device following steps:S1, whether detection current data block For last data block to be encrypted in the data group;S2, in the case where not being last data block to be encrypted, After the data block completes encryption, next data block to be encrypted is obtained, and perform S1.
Optionally, after the computer program is the step of by the computing device S1, also held by the processor Row following steps:S3, in the case where being last data block to be encrypted, after the data block completes encryption, is obtained Next data group.
In addition, to achieve the above object, the present invention also proposes a kind of mobile terminal, at least including memory, processor, institute State the computer program that is stored with memory, realized during computer program of the processor on the memory is performed above-mentioned The step of method of encryption data.
The present invention, in encryption, is that each single data block is encrypted respectively, and not in whole data group All data blocks be encrypted together.By the way that data block that is single, being used is encrypted, ensureing user data peace In the case of complete, the time consumed in ciphering process is greatly shortened, the following problem of prior art is solved:It is existing to add Although close mode ensure that secure user data, but take oversize, strong influence Consumer's Experience.
Brief description of the drawings
Fig. 1 is a kind of optional hardware architecture diagram of mobile terminal of realization each embodiment of the invention;
Fig. 2 is the communications network system Organization Chart of mobile terminal as shown in Figure 1;
Fig. 3 is the flow chart of the method for first embodiment of the invention encryption data;
Fig. 4 is the flow chart of the method for second embodiment of the invention encryption data;
Fig. 5 is each subregion distribution map of third embodiment of the invention eMMC;
Fig. 6 is third embodiment of the invention Ext4 file system Group and Block distribution maps;
Fig. 7 is third embodiment of the invention encryption flow figure.
The realization, functional characteristics and advantage of the object of the invention will be described further referring to the drawings in conjunction with the embodiments.
Embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
In follow-up description, the suffix using such as " module ", " part " or " unit " for representing element is only Be conducive to the explanation of the present invention, itself there is no a specific meaning.Therefore, " module ", " part " or " unit " can be mixed Ground is used.
Terminal can be implemented in a variety of manners.For example, the terminal described in the present invention can include such as mobile phone, flat board Computer, notebook computer, palm PC, personal digital assistant (Personal Digital Assistant, PDA), portable Media player (Portable Media Player, PMP), guider, wearable device, Intelligent bracelet, pedometer etc. are moved Move the fixed terminals such as terminal, and numeral TV, desktop computer.
It will be illustrated in subsequent descriptions by taking mobile terminal as an example, it will be appreciated by those skilled in the art that except special Outside element for moving purpose, construction according to the embodiment of the present invention can also apply to the terminal of fixed type.
Referring to Fig. 1, its hardware architecture diagram for a kind of mobile terminal of realization each embodiment of the invention, the shifting Dynamic terminal 100 can include:RF (Radio Frequency, radio frequency) unit 101, WiFi module 102, audio output unit 103rd, A/V (audio/video) input block 104, sensor 105, display unit 106, user input unit 107, interface unit 108th, the part such as memory 109, processor 110 and power supply 111.It will be understood by those skilled in the art that shown in Fig. 1 Mobile terminal structure does not constitute the restriction to mobile terminal, and mobile terminal can be included than illustrating more or less parts, Either combine some parts or different parts arrangement.
The all parts of mobile terminal are specifically introduced with reference to Fig. 1:
Radio frequency unit 101 can be used for receiving and sending messages or communication process in, the reception and transmission of signal, specifically, by base station Downlink information receive after, handled to processor 110;In addition, up data are sent into base station.Generally, radio frequency unit 101 Including but not limited to antenna, at least one amplifier, transceiver, coupler, low-noise amplifier, duplexer etc..In addition, penetrating Frequency unit 101 can also be communicated by radio communication with network and other equipment.Above-mentioned radio communication can use any communication Standard or agreement, including but not limited to GSM (Global System of Mobile communication, global system for mobile telecommunications System), GPRS (General Packet Radio Service, general packet radio service), CDMA2000 (Code Division Multiple Access 2000, CDMA 2000), WCDMA (Wideband Code Division Multiple Access, WCDMA), TD-SCDMA (Time Division-Synchronous Code Division Multiple Access, TD SDMA), FDD-LTE (Frequency Division Duplexing-Long Term Evolution, FDD Long Term Evolution) and TDD-LTE (Time Division Duplexing-Long Term Evolution, time division duplex Long Term Evolution) etc..
WiFi belongs to short range wireless transmission technology, and mobile terminal can help user's transmitting-receiving electricity by WiFi module 102 Sub- mail, browse webpage and access streaming video etc., it has provided the user wireless broadband internet and accessed.Although Fig. 1 shows Go out WiFi module 102, but it is understood that, it is simultaneously not belonging to must be configured into for mobile terminal, completely can be according to need To be omitted in the essential scope for do not change invention.
Audio output unit 103 can be in call signal reception pattern, call mode, record mould in mobile terminal 1 00 When under the isotypes such as formula, speech recognition mode, broadcast reception mode, it is that radio frequency unit 101 or WiFi module 102 are received or The voice data stored in memory 109 is converted into audio signal and is output as sound.Moreover, audio output unit 103 The audio output related to the specific function that mobile terminal 1 00 is performed can also be provided (for example, call signal receives sound, disappeared Breath receives sound etc.).Audio output unit 103 can include loudspeaker, buzzer etc..
A/V input blocks 104 are used to receive audio or video signal.A/V input blocks 104 can include graphics processor (Graphics Processing Unit, GPU) 1041 and microphone 1042,1041 pairs of graphics processor is in video acquisition mode Or the view data progress of the static images or video obtained in image capture mode by image capture apparatus (such as camera) Reason.Picture frame after processing may be displayed on display unit 106.Picture frame after being handled through graphics processor 1041 can be deposited Storage is transmitted in memory 109 (or other storage mediums) or via radio frequency unit 101 or WiFi module 102.Mike Wind 1042 can connect in telephone calling model, logging mode, speech recognition mode etc. operational mode via microphone 1042 Quiet down sound (voice data), and can be voice data by such acoustic processing.Audio (voice) data after processing can To be converted to the form output that mobile communication base station can be sent to via radio frequency unit 101 in the case of telephone calling model. Microphone 1042 can implement various types of noises and eliminate (or suppression) algorithm to eliminate (or suppression) in reception and send sound The noise produced during frequency signal or interference.
Mobile terminal 1 00 also includes at least one sensor 105, such as optical sensor, motion sensor and other biographies Sensor.Specifically, optical sensor includes ambient light sensor and proximity transducer, wherein, ambient light sensor can be according to environment The light and shade of light adjusts the brightness of display panel 1061, and proximity transducer can close when mobile terminal 1 00 is moved in one's ear Display panel 1061 and/or backlight.As one kind of motion sensor, accelerometer sensor can detect in all directions (general For three axles) size of acceleration, size and the direction of gravity are can detect that when static, the application available for identification mobile phone posture (such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, percussion) etc.; The fingerprint sensor that can also configure as mobile phone, pressure sensor, iris sensor, molecule sensor, gyroscope, barometer, The other sensors such as hygrometer, thermometer, infrared ray sensor, will not be repeated here.
Display unit 106 is used for the information for showing the information inputted by user or being supplied to user.Display unit 106 can be wrapped Display panel 1061 is included, liquid crystal display (Liquid Crystal Display, LCD), Organic Light Emitting Diode can be used Forms such as (Organic Light-Emitting Diode, OLED) configures display panel 1061.
User input unit 107 can be used for the numeral or character information for receiving input, and produce the use with mobile terminal The key signals input that family is set and function control is relevant.Specifically, user input unit 107 may include contact panel 1071 with And other input equipments 1072.Contact panel 1071, also referred to as touch-screen, collect touch operation of the user on or near it (such as user is using any suitable objects such as finger, stylus or annex on contact panel 1071 or in contact panel 1071 Neighbouring operation), and corresponding attachment means are driven according to formula set in advance.Contact panel 1071 may include touch detection Two parts of device and touch controller.Wherein, touch detecting apparatus detects the touch orientation of user, and detects touch operation band The signal come, transmits a signal to touch controller;Touch controller receives touch information from touch detecting apparatus, and by it It is converted into contact coordinate, then gives processor 110, and the order sent of reception processing device 110 and can be performed.In addition, can To realize contact panel 1071 using polytypes such as resistance-type, condenser type, infrared ray and surface acoustic waves.Except contact panel 1071, user input unit 107 can also include other input equipments 1072.Specifically, other input equipments 1072 can be wrapped Include but be not limited to physical keyboard, in function key (such as volume control button, switch key etc.), trace ball, mouse, action bars etc. One or more, do not limit herein specifically.
Further, contact panel 1071 can cover display panel 1061, detect thereon when contact panel 1071 or After neighbouring touch operation, processor 110 is sent to determine the type of touch event, with preprocessor 110 according to touch thing The type of part provides corresponding visual output on display panel 1061.Although in Fig. 1, contact panel 1071 and display panel 1061 be input and the output function that mobile terminal is realized as two independent parts, but in certain embodiments, can By contact panel 1071 and the input that is integrated and realizing mobile terminal of display panel 1061 and output function, not do specifically herein Limit.
Interface unit 108 is connected the interface that can pass through as at least one external device (ED) with mobile terminal 1 00.For example, External device (ED) can include wired or wireless head-band earphone port, external power source (or battery charger) port, wired or nothing Line FPDP, memory card port, the port for connecting the device with identification module, audio input/output (I/O) end Mouth, video i/o port, ear port etc..Interface unit 108 can be used for receiving the input from external device (ED) (for example, number It is believed that breath, electric power etc.) and the input received is transferred to one or more elements in mobile terminal 1 00 or can be with For transmitting data between mobile terminal 1 00 and external device (ED).
Memory 109 can be used for storage software program and various data.Memory 109 can mainly include storing program area And storage data field, wherein, application program (the such as sound that storing program area can be needed for storage program area, at least one function Sound playing function, image player function etc.) etc.;Storage data field can be stored uses created data (such as according to mobile phone Voice data, phone directory etc.) etc..In addition, memory 109 can include high-speed random access memory, it can also include non-easy The property lost memory, for example, at least one disk memory, flush memory device or other volatile solid-state parts.
Processor 110 is the control centre of mobile terminal, utilizes each of various interfaces and the whole mobile terminal of connection Individual part, by operation or performs and is stored in software program and/or module in memory 109, and calls and be stored in storage Data in device 109, perform the various functions and processing data of mobile terminal, so as to carry out integral monitoring to mobile terminal.Place Reason device 110 may include one or more processing units;It is preferred that, processor 110 can integrated application processor and modulatedemodulate mediate Device is managed, wherein, application processor mainly handles operating system, user interface and application program etc., and modem processor is main Handle radio communication.It is understood that above-mentioned modem processor can not also be integrated into processor 110.
Mobile terminal 1 00 can also include the power supply 111 (such as battery) powered to all parts, it is preferred that power supply 111 Can be logically contiguous by power-supply management system and processor 110, so as to realize management charging by power-supply management system, put The function such as electricity and power managed.
Although Fig. 1 is not shown, mobile terminal 1 00 can also will not be repeated here including bluetooth module etc..
For the ease of understanding the embodiment of the present invention, the communications network system that the mobile terminal of the present invention is based on is entered below Row description.
Referring to Fig. 2, Fig. 2 is a kind of communications network system Organization Chart provided in an embodiment of the present invention, the communication network system Unite as the LTE system of universal mobile communications technology, UE (User Equipment, use of the LTE system including communicating connection successively Family equipment) 201, E-UTRAN (Evolved UMTS Terrestrial Radio Access Network, evolved UMTS lands Ground wireless access network) 202, EPC (Evolved Packet Core, evolved packet-based core networks) 203 and operator IP operation 204。
Specifically, UE201 can be above-mentioned terminal 100, and here is omitted.
E-UTRAN202 includes eNodeB2021 and other eNodeB2022 etc..Wherein, eNodeB2021 can be by returning Journey (backhaul) (such as X2 interface) is connected with other eNodeB2022, and eNodeB2021 is connected to EPC203, ENodeB2021 can provide UE201 to EPC203 access.
EPC203 can include MME (Mobility Management Entity, mobility management entity) 2031, HSS (Home Subscriber Server, home subscriber server) 2032, other MME2033, SGW (Serving Gate Way, Gateway) 2034, PGW (PDN Gate Way, grouped data network gateway) 2035 and PCRF (Policy and Charging Rules Function, policy and rate functional entity) 2036 etc..Wherein, MME2031 be processing UE201 and There is provided carrying and connection management for the control node of signaling between EPC203.HSS2032 is all to manage for providing some registers Such as function of attaching position register (not shown) etc, and some are preserved about the use such as service features, data rate The special information in family.All customer data can be transmitted by SGW2034, and PGW2035 can provide UE 201 IP Address is distributed and other functions, and PCRF2036 is strategy and the charging control strategic decision-making of business data flow and IP bearing resources Point, it selects and provided available strategy and charging control decision-making with charge execution function unit (not shown) for strategy.
IP operation 204 can include internet, Intranet, IMS (IP Multimedia Subsystem, IP multimedia System) or other IP operations etc..
Although above-mentioned be described by taking LTE system as an example, those skilled in the art it is to be understood that the present invention not only Suitable for LTE system, be readily applicable to other wireless communication systems, such as GSM, CDMA2000, WCDMA, TD-SCDMA with And following new network system etc., do not limit herein.
Based on above-mentioned mobile terminal hardware configuration and communications network system, each embodiment of the inventive method is proposed.
First embodiment of the invention provides a kind of method of encryption data, and the flow of this method is as shown in figure 3, including step Rapid S302 to S304:
S302, obtains the instruction data of current data group Bitmap file data blocks, wherein, indicate that data are used for indicated number According to each data block service condition in group.
According to instruction data operation is encrypted in data in scheduled data block by S304, wherein, scheduled data block is finger Registration is according to the data block for being designated as being used.
It is the cipher mode of ext4 file system for user partition, it is necessary to configure point before existing encryption flow Area's carry table information, configures its mount point, carry path and carry mark, and set in userdata (user data) entry Carry mark.
When system boot is downloaded first, each mirrored storage is in eMMC (embedded multi-media card, Embedded Multi Media Card) in corresponding equipment.Assuming that now EMMC is 64G, then user's userdata partition sizes are about 50G, Its sector number is about 93431672.
, can be to whole userdata points when the data of above-mentioned amount of capacity are encrypted using existing cipher mode All Block in area carry out whole encryptions, that is, need that 93431672/8 block is encrypted, and take up to 254 seconds;And it is adjoint User's space is continuously increased, and its corresponding piece number is also accordingly increased, the time-consuming increase being directly proportional of encryption, greatly Influence first time starting up speed.
Therefore, the embodiments of the invention provide a kind of method of the encryption data of optimization, in order to makes terminal system When starting shooting first time, greatly shorten the available machine time, lift Consumer's Experience.
The embodiment of the present invention obtains the instruction data of current data group Bitmap file data blocks, the instruction when realizing Data are used to indicate the data block service condition of each in data group.If there is some data blocks to be used by a user in current data group , then, in the bitmap file data block, the mark of used data block will be related to, and other are not previously used Data block then be not present the mark.
In this manner it is possible to according to indicate data operation is encrypted to the data in scheduled data block, when realizing, it is necessary to plus The data block that close scheduled data block is designated as being used for instruction data.
During according to indicating that operation is encrypted to the data in scheduled data block in data, first according to instruction data Determine in data group with the presence or absence of the data block for needing to encrypt;When there is the data block for needing to encrypt, according to instruction data pair Operation is encrypted in data in scheduled data block;When in the absence of the data block for needing to encrypt, next data group is obtained.
In a data group, used if only existing some data block, then, just carried out just for the data block Encryption, is used if there is multiple data blocks, then, just it is encrypted respectively for the plurality of data block.
The embodiment of the present invention, in encryption, is that each single data block is encrypted respectively, and not to whole number It is encrypted together according to all data blocks in group.By the way that data block that is single, being used is encrypted, ensureing user In the case of data safety, the time consumed in ciphering process is greatly shortened, the following problem of prior art is solved:It is existing Although some cipher modes ensure that secure user data, but take oversize, strong influence Consumer's Experience.
Second embodiment of the invention provides a kind of method of encryption data, and the flow of this method is as shown in figure 4, including step Rapid S401 to S407:
S401, obtains the instruction data of current data group Bitmap file data blocks, wherein, indicate that data are used for indicated number According to each data block service condition in group.
It is the cipher mode of ext4 file system for user partition, it is necessary to configure point before existing encryption flow Area's carry table information, configures its mount point, carry path and carry mark, and set in userdata (user data) entry Carry mark.
When system boot is downloaded first, each mirrored storage is in eMMC (embedded multi-media card, Embedded Multi Media Card) in corresponding equipment.Assuming that now EMMC is 64G, then user's userdata partition sizes are about 50G, Its sector number is about 93431672.
, can be to whole userdata points when the data of above-mentioned amount of capacity are encrypted using existing cipher mode All Block in area carry out whole encryptions, that is, need that 93431672/8 block is encrypted, and take up to 254 seconds;And it is adjoint User's space is continuously increased, and its corresponding piece number is also accordingly increased, the time-consuming increase being directly proportional of encryption, greatly Influence first time starting up speed.
Therefore, a kind of method of the encryption data of optimization provided in an embodiment of the present invention, purpose is exactly in order that terminal system System greatly shortens the available machine time when starting shooting first time, lifts Consumer's Experience.
The present embodiment obtains the instruction data of current data group Bitmap file data blocks, the instruction data when realizing For indicating the data block service condition of each in data group.If there is some data blocks to be used by a user in current data group, So, in the bitmap file data block, the mark of used data block will be related to, and the number that other are not previously used The mark is then not present according to block.
In this manner it is possible to according to indicate data operation is encrypted to the data in scheduled data block, when realizing, it is necessary to plus The data block that close scheduled data block is designated as being used for instruction data.
According to instruction data operation is encrypted in data in scheduled data block by S402, wherein, scheduled data block is finger Registration is according to the data block for being designated as being used.
During according to indicating that operation is encrypted to the data in scheduled data block in data, specifically:First basis Indicate that data are determined in data group with the presence or absence of the data block for needing to encrypt;When there is the data block for needing to encrypt, according to finger Operation is encrypted to the data in scheduled data block in registration evidence;When in the absence of the data block for needing to encrypt, obtain next Data group.
In a data group, used if only existing some data block, then, just carried out just for the data block Encryption, is used if there is multiple data blocks, then, just it is encrypted respectively for the plurality of data block.
S403, whether detection current data block is last data block to be encrypted in data group.If it is, performing S405, otherwise performs S404.
S404, in the case where not being last data block to be encrypted, after data block completes encryption, is obtained next Individual data block to be encrypted, and perform S403.
S405, in the case where being last data block to be encrypted, after data block completes encryption, detects current number Whether it is last data group according to group.If it is, performing S407, S406 is otherwise performed.
S406, in the case where not being last data group, obtains next data group.
S407, terminates encryption flow.
The embodiment of the present invention, in encryption, is that each single data block is encrypted respectively, and not to whole number It is encrypted together according to all data blocks in group.By the way that data block that is single, being used is encrypted, ensureing user In the case of data safety, the time consumed in ciphering process is greatly shortened, the following problem of prior art is solved:It is existing Although some cipher modes ensure that secure user data, but take oversize, strong influence Consumer's Experience.
Third embodiment of the invention provides the quick method party to user partition data encryption in a kind of Android system The flow of method includes step S1 to S4.
S1, configures subregion carry table information, in userdata entries, configures its mount point, carry path and carry mark Will, and in carry traffic sign placement forceencryptable=footer.
S2, when downloading first, each mirrored storage is in eMMC equipment, and eMMC each subregion distributions are as shown in Figure 5.Assuming that Now eMMC is 64G, then user's userdata partition sizes are about 50G, and its sector number is about 93431672, its In, 1 piece=8 sector=4096KB of remarks.
S3, in the start-up course of system, performs quick ciphering process.
The embodiment of the present invention is so that in program operation process, automatic encipheror process of implementing includes:
(1) in start-up course, mount_all fstab.qcom orders in rc scripts can be performed.
(2) mount_all and then fstab.qcom scripts are read, and travel through script, respectively carry/system subregions ,/ Userdata subregions ,/misc subregions etc..
(3) when being judged as non-/userdata, check_fs operations and mount operations is directly performed, subregion is realized Carry.
(4) when judging carry/userdata subregions, by parsing forceencryptable=footer marks, table Bright user data subregions need to force encryption start, it is necessary to force cryptographic operation.Then, by process communication, and pass through Cryptfs processes complete ciphering user data operation.
(5) before encryption, it is necessary first to apply for that 16KB footer spaces are used to store password, encryption type, encryption The information such as state, encryption progress, cipher mode.Secondly obtaining needs the information such as the size of encryption device, and passes through device- Mapper is created that virtual block device/dev/dm-0, so far completes preparation before encryption.
(6) encryption is started.
The process of encryption is the process of a loop nesting, and the Block in a Group and Group is read every time, In Ext4 file system, Group and Block distributions are as shown in Figure 6.
Using original encryption mode, each Block in each Group will be encrypted respectively, hair of being therefrom not difficult It is existing, even if some Block and being not used by, but use original encryption still can be performed cryptographic operation, can thus add It is close to take oversize, strong influence Consumer's Experience.Based on this, the present embodiment is by analyzing the feature of Ext4 file system, increase Encrypt management and control strategy.When realizing, whether the present embodiment judge current block by EXT4_BG_BLOCK_UNINIT marks Write user data;If writing user data, encrypt, conversely, not encrypting then, and then accelerate enciphering rate.
Encryption flow is as shown in fig. 7, comprises S701 to S707.
S701, judges that the possibility detected needs whether the Group encrypted reaches aux_info.group, that is, judges current Whether the Group quantity of encryption reaches the upper limit of all Group quantity of presence.If it is, performing S707, otherwise, perform S702。
The information such as Block BitMap blocks position, the Block_count block numbers recorded in S702, reading Group, that is, determine Current how many lower Block of Group groups.
S703, judges whether encryption reaches Block_count.If it is, performing S701, otherwise, S704 is performed.
S704, obtains Block to be encrypted bg_flags.
S705, judges whether the Block is taken by user data.If it is, performing S706, S703 is otherwise performed.
S706, is encrypted operation, specifically, reading/dev/block/bootdevice/by-name/userdata numbers According to after AES, being written to/dev/dm-0 equipment.Return to S703.
S707, terminates encryption flow.
(7) after the completion of encryption, verify password default, and after encryption /dev/dm-0 equipment is mounted to data carries Point, so far completes subregion carry.
S4, system normally starts.
The embodiment of the present invention is targetedly encrypted, and is encrypted just for the Block comprising user data, eliminates part use Block encryption is not used in user data.Same user partition data are 47.68G, using the new quick cipher mode time only Need 24 seconds, the efficiency of encryption is improved up to 10 times, improves enciphering rate, strengthens user experience.As patch 128G, 256G eMMC When, the increase that user's space can be at double, using original mode, the increase that the Block of encryption can be at double, display is time-consuming also can be at double Increase, but if using the quick cipher mode of the present embodiment, it is also only 25 seconds or so to take, time-consuming not increase, with It is existing to be held essentially constant.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but a lot In the case of the former be more preferably embodiment.Understood based on such, technical scheme is substantially in other words to existing The part that technology contributes can be embodied in the form of software product, and the computer software product is stored in a storage In medium (such as ROM/RAM, magnetic disc, CD), including some instructions are to cause a station terminal equipment (can be mobile phone, calculate Machine, server, or network equipment etc.) method that performs each of the invention embodiment.
Fourth embodiment of the invention additionally provides a kind of storage medium, and the storage medium can be set in the terminal, Present in the form of a memory.Alternatively, in the present embodiment, above-mentioned storage medium can be configured to storage be used for perform with The program code of lower step:
S11, obtains the instruction data of current data group Bitmap file data blocks, wherein, indicate that data are used for indicated number According to each data block service condition in group;
According to instruction data operation is encrypted in data in scheduled data block by S12, wherein, scheduled data block is finger Registration is according to the data block for being designated as being used.
Computer program be executed by processor according to indicate data behaviour is encrypted to the data in scheduled data block During the step of work, step is implemented as follows:
The data block of encryption is needed according to indicating that data determine to whether there is in data group;There are the data that needs are encrypted During block, operation is encrypted to the data in scheduled data block according to instruction data;When in the absence of the data block for needing to encrypt, Obtain next data group.
Computer program be executed by processor according to indicate data behaviour is encrypted to the data in scheduled data block After the step of making, following steps are also executed by processor:
S1, whether detection current data block is last data block to be encrypted in data group;
S2, in the case where not being last data block to be encrypted, after data block completes encryption, is obtained next Data block to be encrypted, and perform S1.
S3, in the case where being last data block to be encrypted, after data block completes encryption, obtains next number According to group.
The embodiment of the present invention, in encryption, is that each single data block is encrypted respectively, and not to whole number It is encrypted together according to all data blocks in group.By the way that data block that is single, being used is encrypted, ensureing user In the case of data safety, the time consumed in ciphering process is greatly shortened, the following problem of prior art is solved:It is existing Although some cipher modes ensure that secure user data, but take oversize, strong influence Consumer's Experience.
Alternatively, in the present embodiment, above-mentioned storage medium can include but is not limited to:USB flash disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD etc. is various can be with the medium of store program codes.Alternatively, in the present embodiment, processor has been deposited according in storage medium The program code of storage performs the method and step of above-described embodiment record.Alternatively, the specific example in the present embodiment may be referred to Example described in above-described embodiment and optional embodiment, the present embodiment will not be repeated here.Obviously, the technology of this area Personnel should be understood that above-mentioned each module of the invention or each step can be realized with general computing device, and they can be with Concentrate on single computing device, or be distributed on the network that multiple computing devices are constituted, alternatively, they can be used Computing device executable program code is realized, it is thus possible to be stored in storage device by computing device to hold OK, and in some cases, can to perform shown or described step different from order herein, or by they point Each integrated circuit modules is not fabricated to, or the multiple modules or step in them are fabricated to single integrated circuit module Realize.So, the present invention is not restricted to any specific hardware and software combination.
It should be noted that herein, term " comprising ", "comprising" or its any other variant are intended to non-row His property is included, so that process, method, article or device including a series of key elements not only include those key elements, and And also including other key elements being not expressly set out, or also include for this process, method, article or device institute inherently Key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that including this Also there is other identical element in process, method, article or the device of key element.
The embodiments of the present invention are for illustration only, and the quality of embodiment is not represented.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Understood based on such, technical scheme is substantially done to prior art in other words Going out the part of contribution can be embodied in the form of software product, and the computer software product is stored in a storage medium In (such as ROM/RAM, magnetic disc, CD), including some instructions are to cause a station terminal (can be mobile phone, computer, service Device, air conditioner, or network equipment etc.) perform method described in each of the invention embodiment.
Embodiments of the invention are described above in conjunction with accompanying drawing, but the invention is not limited in above-mentioned specific Embodiment, above-mentioned embodiment is only schematical, rather than restricted, one of ordinary skill in the art Under the enlightenment of the present invention, in the case of present inventive concept and scope of the claimed protection is not departed from, it can also make a lot Form, these are belonged within the protection of the present invention.

Claims (10)

1. a kind of method of encryption data, it is characterised in that including:
The instruction data of current data group Bitmap file data blocks are obtained, wherein, the instruction data are used to indicate the number According to each data block service condition in group;
Operation is encrypted to the data in scheduled data block according to the instruction data, wherein, the scheduled data block is institute State and indicate that data are designated as the data block used.
2. the method as described in claim 1, it is characterised in that the data in scheduled data block are entered according to the instruction data Row cryptographic operation, including:
Determined according to the instruction data in the data group with the presence or absence of the data block for needing to encrypt;
When there is the data block for needing to encrypt, the data in the scheduled data block are encrypted according to the instruction data Operation;
When in the absence of the data block for needing to encrypt, next data group is obtained.
3. the method as described in claim 1, it is characterised in that the data in scheduled data block are entered according to the instruction data After row cryptographic operation, in addition to:
S1, whether detection current data block is last data block to be encrypted in the data group;
S2, in the case where not being last data block to be encrypted, after the data block completes encryption, is obtained next Data block to be encrypted, and perform S1.
4. method as claimed in claim 3, it is characterised in that after step S1, in addition to:
S3, in the case where being last data block to be encrypted, after the data block completes encryption, obtains next number According to group.
5. the method as described in claim 2 or 4, it is characterised in that before the next data group of acquisition, in addition to:
Detect whether current data group is last data group;
In the case where not being last data group, next data group is obtained.
6. a kind of storage medium, be stored with computer program, it is characterised in that real when the computer program is executed by processor Existing following steps:
The instruction data of current data group Bitmap file data blocks are obtained, wherein, the instruction data are used to indicate the number According to each data block service condition in group;
Operation is encrypted to the data in scheduled data block according to the instruction data, wherein, the scheduled data block is institute State and indicate that data are designated as the data block used.
7. storage medium as claimed in claim 6, it is characterised in that the computer program is by the computing device root When the step of operation is encrypted to the data in scheduled data block according to the instruction data, step is implemented as follows:
Determined according to the instruction data in the data group with the presence or absence of the data block for needing to encrypt;
When there is the data block for needing to encrypt, the data in the scheduled data block are encrypted according to the instruction data Operation;
When in the absence of the data block for needing to encrypt, next data group is obtained.
8. storage medium as claimed in claim 6, it is characterised in that the computer program is by the computing device root According to it is described instruction data operation is encrypted to the data in scheduled data block the step of after, also by the computing device with Lower step:
S1, whether detection current data block is last data block to be encrypted in the data group;
S2, in the case where not being last data block to be encrypted, after the data block completes encryption, is obtained next Data block to be encrypted, and perform S1.
9. storage medium as claimed in claim 8, it is characterised in that the computer program is by the computing device S1 The step of after, also by the computing device following steps:
S3, in the case where being last data block to be encrypted, after the data block completes encryption, obtains next number According to group.
10. a kind of mobile terminal, at least including memory, processor, be stored with computer program, its feature on the memory It is, side any one of claim 1 to 5 is realized during computer program of the processor on the memory is performed The step of method.
CN201710475590.7A 2017-06-21 2017-06-21 Method, storage medium and the mobile terminal of encryption data Pending CN107333261A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710475590.7A CN107333261A (en) 2017-06-21 2017-06-21 Method, storage medium and the mobile terminal of encryption data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710475590.7A CN107333261A (en) 2017-06-21 2017-06-21 Method, storage medium and the mobile terminal of encryption data

Publications (1)

Publication Number Publication Date
CN107333261A true CN107333261A (en) 2017-11-07

Family

ID=60195229

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710475590.7A Pending CN107333261A (en) 2017-06-21 2017-06-21 Method, storage medium and the mobile terminal of encryption data

Country Status (1)

Country Link
CN (1) CN107333261A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112822152A (en) * 2020-11-09 2021-05-18 腾讯科技(上海)有限公司 Directional information display processing method and related equipment
CN116578393A (en) * 2023-07-11 2023-08-11 苏州浪潮智能科技有限公司 Method, system, equipment and storage medium for using encrypted catalogue by container

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102171704A (en) * 2008-10-03 2011-08-31 微软公司 External encryption and recovery management with hardware encrypted storage devices
CN104615941A (en) * 2015-01-29 2015-05-13 华为技术有限公司 Fast encryption method and device for Android user partition and terminal equipment
CN104717059A (en) * 2013-12-16 2015-06-17 国际商业机器公司 Multiband encryption engine and a self testing method thereof
US20160078244A1 (en) * 2014-09-15 2016-03-17 Unisys Corporation Secured file system management
CN106156639A (en) * 2016-06-28 2016-11-23 北京小米移动软件有限公司 Data partition encryption method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102171704A (en) * 2008-10-03 2011-08-31 微软公司 External encryption and recovery management with hardware encrypted storage devices
CN104717059A (en) * 2013-12-16 2015-06-17 国际商业机器公司 Multiband encryption engine and a self testing method thereof
US20160078244A1 (en) * 2014-09-15 2016-03-17 Unisys Corporation Secured file system management
CN104615941A (en) * 2015-01-29 2015-05-13 华为技术有限公司 Fast encryption method and device for Android user partition and terminal equipment
CN106156639A (en) * 2016-06-28 2016-11-23 北京小米移动软件有限公司 Data partition encryption method and device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112822152A (en) * 2020-11-09 2021-05-18 腾讯科技(上海)有限公司 Directional information display processing method and related equipment
CN112822152B (en) * 2020-11-09 2023-07-04 腾讯科技(上海)有限公司 Directional information display processing method and related equipment
CN116578393A (en) * 2023-07-11 2023-08-11 苏州浪潮智能科技有限公司 Method, system, equipment and storage medium for using encrypted catalogue by container
CN116578393B (en) * 2023-07-11 2023-09-29 苏州浪潮智能科技有限公司 Method, system, equipment and storage medium for using encrypted catalogue by container

Similar Documents

Publication Publication Date Title
CN107770369A (en) Control method, device and the computer-readable recording medium of mobile terminal
CN107436779A (en) A kind of application management method, equipment and computer-readable recording medium
CN107729133A (en) A kind of method, terminal and computer-readable recording medium for running application program
CN107613489A (en) A kind of wireless charging method, hotspot equipment, terminal and storage medium
CN106953684A (en) A kind of method for searching star, mobile terminal and computer-readable recording medium
CN107295501A (en) Information updating method, terminal, server and computer-readable recording medium
CN107426717A (en) One kind searches net register method, terminal and computer-readable recording medium
CN107818459A (en) Red packet sending method, terminal and storage medium based on augmented reality
CN107122817A (en) Processing method and Quick Response Code terminal based on Quick Response Code
CN107846675A (en) Register method, terminal, registrar and computer-readable recording medium
CN107240157A (en) Near-field communication method of controlling security, mobile terminal and computer-readable recording medium
CN107343272A (en) A kind of data traffic sharing method and mobile terminal
CN107506039A (en) Mobile terminal, data transmission method and computer-readable storage medium
CN107635232A (en) A kind of network share method, terminal and computer-readable recording medium
CN107346392A (en) Terminal system change recognition methods, device and readable storage medium storing program for executing
CN107896287A (en) Phone number risk monitoring method and mobile terminal
CN107172605A (en) A kind of Emmergency call method, mobile terminal and computer-readable recording medium
CN107483804A (en) A kind of image pickup method, mobile terminal and computer-readable recording medium
CN107635234A (en) Wi Fi control methods, mobile terminal and computer-readable recording medium
CN108184106A (en) Image processing method, mobile terminal and computer readable storage medium
CN107347117A (en) A kind of message management method, mobile terminal and computer-readable recording medium
CN107613206A (en) A kind of image processing method, mobile terminal and computer-readable recording medium
CN107562343A (en) A kind of interactive regulation and control method, equipment and computer-readable recording medium
CN107194217A (en) User data access control method, equipment and computer-readable recording medium
CN107222525A (en) Data network connection status display methods, terminal and computer-readable recording medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171107