CN107391974A - A kind of backup method and device of software protecting equipment data - Google Patents
A kind of backup method and device of software protecting equipment data Download PDFInfo
- Publication number
- CN107391974A CN107391974A CN201710595109.8A CN201710595109A CN107391974A CN 107391974 A CN107391974 A CN 107391974A CN 201710595109 A CN201710595109 A CN 201710595109A CN 107391974 A CN107391974 A CN 107391974A
- Authority
- CN
- China
- Prior art keywords
- data
- backed
- key
- protecting equipment
- software protecting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000011084 recovery Methods 0.000 claims description 27
- 238000003860 storage Methods 0.000 claims description 23
- 238000001629 sign test Methods 0.000 claims description 21
- 239000002131 composite material Substances 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 16
- 238000004590 computer program Methods 0.000 description 10
- 238000004422 calculation algorithm Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000002372 labelling Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 239000004576 sand Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The invention discloses a kind of software protecting equipment data back up method and device; it is related to data encryption technology field; purpose is how before software protecting equipment factory reset to carry out carrying out safety backup to data in software protecting equipment, and the problem of recover when needing data again to Backup Data.The method of the present invention includes:Obtain data to be backed up;The data to be backed up are signed using the first key in software protecting equipment, obtain signature packet corresponding with the data to be backed up;The signature packet is encrypted using the second key in software protecting equipment, obtains backup data package;The backup data package is exported.Present invention is suitably applied to data in software protecting equipment are backed up and recovered.
Description
Technical field
The present invention relates to data encryption technology field, more particularly to a kind of backup method and dress of software protecting equipment data
Put.
Background technology
With the extensive use of big data, people start to pay attention to data safety further, and the protection demand to information is gradual
Expand, and data encryption is a kind of most reliable method that computer system is protected to information, refers to pass through AES
It will be changed into ciphertext in plain text with encryption key.Wherein, software protecting equipment be it is a kind of with software protection function intelligent plus
Close instrument, comprising the hardware components that can be used on computer parallel interface or USB interface, and it is a set of be applied to it is each
The software section of kind program language.
Software protecting equipment is reused in order to facilitate user, factory reset function can be configured in a device, and is led to
System memory block and the part of user storage area two are included in the case of often in software protecting equipment, therefore device is being recovered to dispatch from the factory
After setting, the data preserved in device users region can be cleared.Current software protecting equipment before factory reset,
User can not carry out carrying out safety backup to the data being stored in user area, so as to be reused to data in device, influence
Consumer's Experience.Therefore, before to software protecting equipment factory reset, how the data being stored in user area to be carried out
Carrying out safety backup, and after factory reset, how the data that have backed up are recovered when needing data again, into
For urgent problem to be solved in the industry.
The content of the invention
In view of the above problems, the present invention provides a kind of backup method and device of software protecting equipment data, main purpose
It is to being backed up before software protecting equipment factory reset to the data in software protecting equipment, and ought needs again
By in data recovery to software protecting equipment during Backup Data.
In order to solve the above technical problems, in a first aspect, the invention provides a kind of backup side of software protecting equipment data
Method, this method include:
Obtain data to be backed up, the data to be backed up carry identification information corresponding with the data to be backed up;
The data to be backed up are signed using the first key in software protecting equipment, obtain with it is described to be backed up
Signature packet corresponding to data, the first key are the private key being stored in software protecting equipment system area;
The signature packet is encrypted using the second key in software protecting equipment, obtains backup data package,
Second key is the public key being stored in software protecting equipment corresponding with the first key;
The backup data package is exported.
Optionally, after the acquisition data to be backed up, methods described also includes:
Hash operation is carried out to the data to be backed up, obtains first cryptographic Hash corresponding with the data to be backed up;
Random digit is generated using preset function and is stored in the system area;
The first key using in software protecting equipment is signed to the data to be backed up, obtains treating with described
Signed data includes corresponding to Backup Data:
First cryptographic Hash and the random digit are signed using the first key in software protecting equipment, obtained
To signature packet corresponding with the data to be backed up.
Optionally, the signature packet is encrypted using the second key in software protecting equipment including:
The data to be backed up are combined with the signature packet, obtain data splitting bag;
The data splitting bag is encrypted using the second key in software protecting equipment.
Optionally, methods described also includes:
When software protecting equipment receives data recovery instruction, the backup data package is entered using the first key
Row decryption, the backup data package after being decrypted, and include in the backup data package after the decryption to be backed up after decryption
Data and signed data;
Verify whether the data to be backed up after the decryption have and recover authority, the recovery authority allows for mark data
Recover to the authority in the software protecting equipment;
If so, then the data to be backed up after decryption are preserved to the software protecting equipment.
Optionally, whether the data to be backed up after the checking decryption there is recovery authority to include:
Hash operation is carried out to the data to be backed up after the decryption, obtained corresponding with the data to be backed up after the decryption
The second cryptographic Hash;
It is close using described second according to the signed data after the random digit, second cryptographic Hash and the decryption
Key carries out sign test;
When sign test by when, determine the data to be backed up after the decryption have recover authority.
Second aspect, present invention also offers a kind of back-up device of software protecting equipment data, the device includes:
Acquiring unit, for obtaining data to be backed up, the data to be backed up carry corresponding with the data to be backed up
Identification information;
Signature unit, for being signed using the first key in software protecting equipment to the data to be backed up, obtain
To signature packet corresponding with the data to be backed up, the first key is to be stored in software protecting equipment system area
Private key;
Ciphering unit, for the signature packet to be encrypted using the second key in software protecting equipment, obtain
To backup data package, second key is the public key being stored in software protecting equipment corresponding with the first key;
Output unit, for the backup data package to be exported.
Optionally, described device also includes:
Arithmetic element, for carrying out Hash operation to the data to be backed up, obtain corresponding with the data to be backed up
First cryptographic Hash;
Generation unit, for generating random digit using preset function and being stored in the system area;
The signature unit, specifically for utilizing the first key in software protecting equipment to first cryptographic Hash and institute
State random digit to be signed, obtain signature packet corresponding with the data to be backed up.
Optionally, the ciphering unit includes:
Composite module, for the data to be backed up to be combined with the signature packet, obtain data splitting bag;
Encrypting module, for the data splitting bag to be encrypted using the second key in software protecting equipment.
Optionally, described device also includes:
Decryption unit, for when software protecting equipment receive data recovery instruction when, using the first key to institute
State backup data package to be decrypted, the backup data package after being decrypted, and include in the backup data package after the decryption
Data to be backed up and signed data after decryption;
Authentication unit, for verifying whether the data to be backed up after the decryption have recovery authority, the recovery authority
Allow to recover to the authority in the software protecting equipment for mark data;
Storage unit, recover authority if having for the data to be backed up after the decryption, will be to be backed up after decryption
Data are preserved to the software protecting equipment.
Optionally, the authentication unit includes:
Computing module, for after the decryption data to be backed up carry out Hash operation, obtain with after the decryption
Second cryptographic Hash corresponding to data to be backed up;
Sign test module, for according to the signed data after the random digit, second cryptographic Hash and the decryption, profit
Sign test is carried out with second key;
Determining module, for when sign test by when, determine the data to be backed up after the decryption have recover authority.
By above-mentioned technical proposal, the backup method and device of software protecting equipment data provided by the invention, for existing
There is technology before factory reset is carried out to device, carrying out safety backup can not be carried out to data in device, influence Consumer's Experience
The problem of, the present invention recycles the private key in software protecting equipment to treat Backup Data by getting data to be backed up first
Signed, then the public key in reuse means treats Backup Data and the backup for completing to treat Backup Data is encrypted, and
Backup Data is exported to preserve data, therefore compared to prior art, the present invention is by treating Backup Data
After carrying out Hash operation, the random digit generated at random in cryptographic Hash and system area is entered using the private key in software protecting equipment
Row signature, it can be ensured that the efficiency of data backup and the security of data backup.Meanwhile utilize the public key in encryption lock user area
It is encrypted by public key encryption algorithm, it is ensured that only decrypted, protected by the private key in encryption lock system area corresponding with public key
The security of data backup is demonstrate,proved.In addition, when needing to recover Backup Data, by verifying whether Backup Data is usurped
Change, recover Backup Data to encryption lock in the case where being not tampered with, realize encryption lock factory reset it
The preceding data in encryption lock user area carry out carrying out safety backup, and when needing to use data again by Backup Data recover to
In encryption lock, Consumer's Experience is improved.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this area
Technical staff will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 shows a kind of backup method flow chart of software protecting equipment data provided in an embodiment of the present invention;
Fig. 2 shows the backup method flow chart of another software protecting equipment data provided in an embodiment of the present invention;
Fig. 3 shows a kind of composition frame chart of the back-up device of software protecting equipment data provided in an embodiment of the present invention;
Fig. 4 shows the composition frame of the back-up device of another software protecting equipment data provided in an embodiment of the present invention
Figure.
Embodiment
The exemplary embodiment of the present invention is more fully described below with reference to accompanying drawings.Although the present invention is shown in accompanying drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the present invention without should be by embodiments set forth here
Limited.Conversely, there is provided these embodiments are to be able to be best understood from the present invention, and can be by the scope of the present invention
Completely it is communicated to those skilled in the art.
In order to which before factory reset is carried out to software protecting equipment, the data in device users area are carried out
Securely held, and can recovers Backup Data to software protecting equipment when needing to use data again, the embodiment of the present invention
A kind of backup method of software protecting equipment data is provided, as shown in figure 1, this method includes:
101st, data to be backed up are obtained.
Wherein, the data to be backed up carry identification information corresponding with the data to be backed up, and the mark letter
Breath can be that user treats the title that Backup Data defines, or data save location information to be backed up, the present invention are implemented
Example is not specifically limited.
It should be noted that the present embodiment by taking the encryption lock in software protecting equipment as an example, enters with reference to concrete application scene
Row description, but not limited to this.Encryption lock is specifically performing the method described in this step typically by use is connected with computer
Before, data backup program can be set in encryption lock, so that in Computer display when proper encryption lock is connected with computer
Data backup window corresponding to ejection in interface, backup behaviour is carried out to data in encryption lock when user performs in data backup window
When making, stand-by program built in triggering encryption lock calling, data to be backed up are obtained.
For the embodiment of the present invention, identification verification function can be set in encryption lock, i.e., by identity to encryption
The identity for locking currently used person is verified.Specifically, when encryption lock connection on computers when, can take user name with it is close
The mode of code carries out the checking of identity, can also select the mode of recognition of face or fingerprint recognition to be verified, herein
Do not limit.By the checking to encryption lock user's identity, avoid encryption lock information caused by during improper use and let out
The problem of dew, and then improve the security and uniqueness of encryption lock.
102nd, the data to be backed up are signed using the first key in software protecting equipment.
Further, signature packet corresponding with the data to be backed up is obtained.Wherein, the first key is preservation
In the private key of software protecting equipment system area.Specifically, the step 102 can be to utilize the private key being stored in system area,
By password generating algorithm of the prior art, labeling algorithm, verification algorithm etc., treat Backup Data and signed, herein not
Repeat again.
Under normal circumstances, such as encryption lock software protecting equipment, in process of production i.e. by encryption lock be divided into user area and
Two parts of system area, and public key and private key are with the addition of in encryption lock system area, however be stored in private key in system area can not
Encryption lock is exported, public key can export encryption lock with data in user area etc., so as to when by using the private in system area
When key is signed to data, Key Exposure can be avoided to be forged signature when going out encryption lock and cause encryption data is decrypted to ask
Topic, so as to improve the security of Backup Data.
103rd, the signature packet is encrypted using the second key in software protecting equipment.
Further, backup data package is obtained, second key is stored in software to be corresponding with the first key
Public key in protection device.
Generally, it is to use different keys to encrypt and decrypt in existing password system, that is, asymmetric key cipher
System, i.e., occur comprising two keys of public key and private key, public key and private key pair, can enciphering/deciphering, and using wherein each other
During one encrypted data, only another key is decrypted by corresponding.Such as can be with defeated for encryption lock, its public key
Go out encryption lock without secrecy, and the private key in encryption lock system area can be preserved with external disclosure, encryption lock can not be exported, so as to
, only can be to encryption by the private key in encryption lock system area when data are encrypted public key in using encryption lock
Data are decrypted, and when ensuring that the data output encryption lock in by encryption lock preserves, can not be decrypted, and then ensure
The security of Backup Data.
104th, the backup data package is exported.
For the embodiment of the present invention, after data being encrypted in the step 103, that is, complete in encryption lock
The backup of user area data, now stand-by program can be by calling output function set in preset interface etc., to backup number
Output operation is carried out according to bag.And backup data package can be output to the computer of connection corresponding with encryption lock by output function,
It can be that backup data package directly is output into third party to preserve in equipment, can specifically be chosen according to being actually needed,
The embodiment of the present invention is not specifically limited.
The backup method of software protecting equipment data provided in an embodiment of the present invention, carried out for prior art to device
Before factory reset, carrying out safety backup, the problem of influenceing Consumer's Experience, this hair can not be carried out to data in software protecting equipment
It is bright by getting data to be backed up first, recycle the private key in software protecting equipment system area to treat Backup Data and signed
Name, then the public key in reuse means treats Backup Data and the backup for completing to treat Backup Data is encrypted, and will back up
Data output is to preserve data, therefore compared to prior art, and the embodiment of the present invention is by using software protection
After private key is signed to data in device, and data encryption is realized and exports data encryption in device, kept away using public key
The problem of having exempted from potential safety hazard caused by the data in the software protecting equipment are exported with plaintext version, can be to software protecting equipment
The carry out carrying out safety backup of interior data.
Further, as the refinement and extension to embodiment illustrated in fig. 1, the embodiment of the present invention additionally provides another soft
The backup method of part protection device data, as shown in Fig. 2 wherein, comprising the following steps that:
201st, data to be backed up are obtained.
Wherein, the data to be backed up carry identification information corresponding with the data to be backed up, and the mark letter
The concept explanation of breath may be referred to accordingly describe in the step 101, will not be repeated here.
For the embodiment of the present invention, data to be backed up can be the total data in software protecting equipment user area, also may be used
Think the partial data in software protecting equipment user area, user can be treated by the computer being connected with software protecting equipment
The data of backup are named, or automatically generate corresponding title according to data storing path in software protecting equipment
Deng the embodiment of the present invention is not specifically limited.By being named to the data to be backed up got, can be completed to data
Corresponding storage region is stored according to title after backup, is searched when needing to use Backup Data in order to user according to title
Rope obtains, and improves the convenience and efficiency of Backup Data lookup.
202nd, Hash operation is carried out to the data to be backed up.
Further, first cryptographic Hash corresponding with the data to be backed up is obtained.Wherein, the Hash operation can be
MD5 (Message-Digest Algorithm 5, Message-Digest Algorithm 5) computing, can be by a kind of guarantor of the generation of data efficient
Close form.
For the embodiment of the present invention, the cryptographic Hash of data to be backed up is calculated by using MD5 computings, it can be ensured that when treating
Backup Data capacity still is able to efficiently calculate cryptographic Hash when larger, is further signed in order to treat Backup Data
The operation such as encryption, ensures and data backup program in encryption lock is smoothly performed, and improve the efficiency of data backup.
203rd, generate random digit using preset function and be stored in the system area.
Wherein, the preset function can be random function rand (), sand () etc., the random digit can be 3,
15th, 101 etc., the embodiment of the present invention is not especially limited.Specifically, the step 203 can be using the data in encryption lock as
Basic data generates random digit at random, or local time when being performed according to step etc. is generated, and the present invention is real
Example is applied to be not specifically limited.
204th, first cryptographic Hash and the random digit are signed using the first key in software protecting equipment
Name.
Further, signature packet corresponding with the data to be backed up is obtained.The concept explanation of the first key
It may be referred to accordingly describe in the step 102, will not be repeated here.For the embodiment of the present invention, by generating random digit
And random digit and data to be backed up are signed simultaneously, in order to when treating Backup Data and being recovered, pass through
The random digit used during signature carries out sign test, and system of the digital halftoning due to generating at random in encryption lock to data
Area, encryption lock will not be exported in company with Backup Data, so as to be avoided standby by sign test when Backup Data is outside encryption lock
Part data leaking data problem caused by malice sign test outside encryption lock, further ensure that the security of Backup Data.
205th, the signature packet is encrypted using the second key in software protecting equipment.
Further, backup data package is obtained, second key is stored in software to be corresponding with the first key
Public key in protection device.And the concept explanation of the public key and private key may be referred to accordingly describe in the step 103, herein
Repeat no more.Specifically, the step 205 can include:The data to be backed up are combined with the signature packet,
Obtain data splitting bag;The data splitting bag is encrypted using the second key in software protecting equipment.
206th, the backup data package is exported.
For the embodiment of the present invention, it can set stand-by program automatically will be standby after above-mentioned steps 201 to step 205 is completed
Part packet is exported, and is exported prompting backup and completed prompt message, is taken further according to prompt message so as to obtain user
Operation, can also be in computer interface corresponding to encryption lock whether configuration detection backup completes window, when detecting number
When having been completed according to backup, by confirming that the stand-by program in window trigger encryption lock is defeated by the data progress for completing backup
Go out.
207th, when software protecting equipment receives data recovery instruction, using the first key to the Backup Data
Bag is decrypted.
Further, the backup data package after being decrypted, and include decryption in the backup data package after the decryption
Data to be backed up afterwards and signed data.Wherein, the data recovery instruction can be in the meter being connected with software protecting equipment
The data recovery window of calculation machine configuration, when user is operated in data recovery window, generation data recovery is instructed and passed
Deliver in software protecting equipment, now trigger the stand-by program in software protecting equipment, utilize the private key in software protecting equipment
Backup data package is decrypted.And the backup data package can be soft by the computer importing being connected with software protecting equipment
In part protection device, it can also be importing directly into by third party's storage device in software protecting equipment.
208th, verify whether the data to be backed up after the decryption have and recover authority.
Wherein, the authority of recovering is that mark data allows to recover to the authority of the software protecting equipment user area.
It should be noted that such as the encryption lock in software protecting equipment, when, encrypted Backup Data is non-institute
It when stating the data that encryption lock is encrypted, can not be decrypted by the public key in the encryption lock and private key, also not allow to recover
To the encryption lock.And when Backup Data is tampered outside encryption lock, show that Backup Data has the wind maliciously used
Danger, data there may be risk, now also be not allowed to recover to the encryption lock.It is thus extensive when Backup Data is decrypted
When multiple, by whether there is recovery authority to verify it, it can be ensured that Backup Data is the number that the encryption lock is encrypted
According to and do not used outside encryption lock by modification, the security of Backup Data is ensure that, and then improve data backup restoration
Security.
Specifically, the step 208 includes:Hash operation is carried out to the data to be backed up after the decryption, obtain with
Data to be backed up after the decryption enter corresponding second cryptographic Hash;According to the random digit, second cryptographic Hash and institute
The signed data after decryption is stated, sign test is carried out using second key;When sign test by when, determine after the decryption treat it is standby
Part data, which have, recovers authority.
For the embodiment of the present invention, accordingly described according in the step 103, when the public key in encryption lock can be to data
When carrying out sign test, show that data are the data being encrypted by the public key in the encryption lock and situation about being tampered is not present.
By calculate decrypt after data to be backed up cryptographic Hash and by it compared with the first cryptographic Hash, when the first cryptographic Hash and second
Cryptographic Hash can further confirm that the accuracy of sign test when equal, so as to ensure for the encryption lock of decrypting Backup Data with
The encryption lock that Backup Data is encrypted is identical, and Backup Data is not tampered with outside encryption lock, and it is standby to improve data
Part and the accuracy and security recovered.
209th, if so, then preserving the data to be backed up after decryption to the software protecting equipment user area.
Specifically, the data to be backed up after decryption are stored in software protecting equipment, depositing for prior art can be selected
Storage mode is carried out, and can be selected according to being actually needed, the embodiment of the present invention is not specifically limited and repeated.Need to illustrate
, when the Backup Data after checking is decrypted is without authority is recovered, the device for showing that the Backup Data is encrypted is with working as
The preceding device that Backup Data is decrypted is not same device, or Backup Data is tampered, now can be with outputting alarm
Information is to prompt user's Backup Data not recover, it is ensured that the security of data backup, lifts Consumer's Experience.
Further, as the realization to method shown in above-mentioned Fig. 1, the embodiment of the present invention additionally provides a kind of software protection
The back-up device of device data, for being realized to the method shown in above-mentioned Fig. 1.The device embodiment is implemented with preceding method
Example is corresponding, and for ease of reading, present apparatus embodiment is no longer repeated the detail content in preceding method embodiment one by one, but
It will be appreciated that the device in the present embodiment can correspond to the full content realized in preceding method embodiment.As shown in figure 3, should
Device includes:Acquiring unit 31, signature unit 32, ciphering unit 33, output unit 34, wherein
Acquiring unit 31, it can be used for obtaining data to be backed up, the data to be backed up carry and the number to be backed up
According to corresponding identification information.
Signature unit 32, it can be used for getting the acquiring unit 31 using the first key in software protecting equipment
Data to be backed up signed, obtain signature packet corresponding with the data to be backed up, the first key is preserves
Private key in software protecting equipment system area.
Ciphering unit 33, it can be used for signing to the signature unit 32 using the second key in software protecting equipment
To signature packet be encrypted, obtain backup data package, second key preserves to be corresponding with the first key
Public key in software protecting equipment.
Output unit 34, it can be used for after the ciphering unit 33 is encrypted obtained backup data package output.
Further, as the realization to method shown in above-mentioned Fig. 2, the embodiment of the present invention additionally provides another software and protected
The back-up device of protection unit data, for being realized to the method shown in above-mentioned Fig. 2.The device embodiment is real with preceding method
It is corresponding to apply example, for ease of reading, present apparatus embodiment is no longer repeated the detail content in preceding method embodiment one by one,
It should be understood that the device in the present embodiment can correspond to the full content realized in preceding method embodiment.As shown in figure 4,
The device includes:Acquiring unit 41, signature unit 42, ciphering unit 43, output unit 44, wherein
Acquiring unit 41, it can be used for obtaining data to be backed up, the data to be backed up carry and the number to be backed up
According to corresponding identification information.
Signature unit 42, it can be used for getting the acquiring unit 41 using the first key in software protecting equipment
Data to be backed up signed, obtain signature packet corresponding with the data to be backed up, the first key is preserves
Private key in software protecting equipment system area.
Ciphering unit 43, it can be used for signing to the signature unit 42 using the second key in software protecting equipment
To signature packet be encrypted, obtain backup data package, second key preserves to be corresponding with the first key
Public key in software protecting equipment user area.
Output unit 44, it can be used for after the ciphering unit 43 is encrypted obtained backup data package output.
Further, described device also includes:
Arithmetic element 45, it can be used for carrying out Hash operation to the data to be backed up, obtain and the data to be backed up
Corresponding first cryptographic Hash.
Generation unit 46, it can be used for generating random digit using preset function and be stored in the system area.
Further,
The signature unit 42, specifically it can be used for using the first key in software protecting equipment to first Hash
Value and the random digit are signed, and obtain signature packet corresponding with the data to be backed up.
Further, described device also includes:
Decryption unit 47, it can be used for when software protecting equipment receives data recovery instruction, it is close using described first
The backup data package is decrypted key.
Authentication unit 48, it can be used for verifying whether the data to be backed up after the decryption have recovery authority, it is described extensive
Multiple authority is that mark data allows to recover to the authority of the software protecting equipment user area.
Storage unit 49, it can be used for if so, then preserving the data to be backed up after decryption to the software protecting equipment
User area.
Further, based on the above method and device, the embodiment of the present invention additionally provides a kind of software protecting equipment, described
It is soft can to perform any one in method described above when carrying out data backup in software protecting equipment for software protecting equipment
The backup method of part protection device data.
By above-mentioned technical proposal, a kind of backup method and dress of software protecting equipment data provided in an embodiment of the present invention
Put, for prior art before factory reset is carried out to device, carrying out safety backup can not be carried out to data in device, influenceed
The problem of Consumer's Experience, the present invention recycle the private in software protecting equipment system area by getting data to be backed up first
Key is treated Backup Data and signed, and then the public key in reuse means treats Backup Data and completion is encrypted to be backed up
The backup of data, and Backup Data is exported to preserve data, therefore pass through compared to prior art, the present invention
Treat Backup Data carry out Hash operation after, using system area in software protecting equipment private key in cryptographic Hash and system area with
The random digit of machine generation is signed, it can be ensured that the efficiency of data backup and the security of data backup.Meanwhile utilization is soft
Public key in part protection device is encrypted, it is ensured that is only decrypted, protected by the private key in apparatus system area corresponding with public key
The security of data backup is demonstrate,proved.In addition, when needing to recover Backup Data, by verifying whether Backup Data is usurped
Change, recover Backup Data to software protecting equipment in the case where being not tampered with, realize and recover to dispatch from the factory to set in device
Carrying out safety backup is carried out to the data in device users area before putting, and recovered Backup Data when needing to use data again
To software protecting equipment, Consumer's Experience is improved.
The software protecting equipment includes processor and memory, above-mentioned acquiring unit, signature unit, ciphering unit and
Output unit is stored in memory, corresponding to realize by the said procedure unit of computing device storage in memory
Function.
Kernel is included in processor, is gone in memory to transfer corresponding program unit by kernel.Kernel can set one
Or more, the consumption of time during software protecting equipment Backup Data is reduced by adjusting kernel parameter, it is standby to improve data
Part efficiency.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/
Or the form such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM), memory includes at least one deposit
Store up chip.
The embodiments of the invention provide a kind of storage medium, program is stored thereon with, it is real when the program is executed by processor
The backup method of the existing software protecting equipment data.
The embodiments of the invention provide a kind of processor, the processor is used for operation program, wherein, described program operation
The backup method of software protecting equipment data described in Shi Zhihang.
The embodiments of the invention provide a kind of software protecting equipment, including processor, memory and is stored in storage
Following steps are realized on device and the program that can run on a processor, during computing device program:Data to be backed up are obtained, it is described
Data to be backed up carry identification information corresponding with the data to be backed up;Utilize the first key pair in software protecting equipment
The data to be backed up are signed, and obtain signature packet corresponding with the data to be backed up, and the first key is protects
The private key in software protecting equipment system area be present;The signature packet is entered using the second key in software protecting equipment
Row encryption, obtains backup data package, and second key is stored in software protecting equipment to be corresponding with the first key
Public key;The backup data package is exported.
Further, after the acquisition data to be backed up, methods described also includes:
Hash operation is carried out to the data to be backed up, obtains first cryptographic Hash corresponding with the data to be backed up;
Random digit is generated using preset function and is stored in the system area;
The first key using in software protecting equipment is signed to the data to be backed up, obtains treating with described
Signed data includes corresponding to Backup Data:
First cryptographic Hash and the random digit are signed using the first key in software protecting equipment, obtained
To signature packet corresponding with the data to be backed up.
Further, the signature packet is encrypted using the second key in software protecting equipment including:
The data to be backed up are combined with the signature packet, obtain data splitting bag;
The data splitting bag is encrypted using the second key in software protecting equipment.
Further, methods described also includes:
When software protecting equipment receives data recovery instruction, the backup data package is entered using the first key
Row decryption, the backup data package after being decrypted, and include in the backup data package after the decryption to be backed up after decryption
Data and signed data;
Verify whether the data to be backed up after the decryption have and recover authority, the recovery authority allows for mark data
Recover to the authority in the software protecting equipment;
If so, then the data to be backed up after decryption are preserved to the software protecting equipment.
Further, whether the data to be backed up after the checking decryption there is recovery authority to include:
Hash operation is carried out to the data to be backed up after the decryption, obtained corresponding with the data to be backed up after the decryption
The second cryptographic Hash;
It is close using described second according to the signed data after the random digit, second cryptographic Hash and the decryption
Key carries out sign test;
When sign test by when, determine the data to be backed up after the decryption have recover authority.
Equipment in the embodiment of the present invention can be server, PC, PAD, mobile phone etc..
The embodiment of the present invention additionally provides a kind of computer program product, when being performed on data processing equipment, is suitable to
Perform the program of initialization there are as below methods step:Obtain data to be backed up, the data to be backed up carry with it is described treat it is standby
Identification information corresponding to part data;The data to be backed up are signed using the first key in software protecting equipment, obtained
To signature packet corresponding with the data to be backed up, the first key is to be stored in software protecting equipment system area
Private key;The signature packet is encrypted using the second key in software protecting equipment, obtains backup data package, it is described
Second key is the public key being stored in software protecting equipment corresponding with the first key;The backup data package is defeated
Go out.
Further, after the acquisition data to be backed up, methods described also includes:
Hash operation is carried out to the data to be backed up, obtains first cryptographic Hash corresponding with the data to be backed up;
Random digit is generated using preset function and is stored in the system area;
The first key using in software protecting equipment is signed to the data to be backed up, obtains treating with described
Signed data includes corresponding to Backup Data:
First cryptographic Hash and the random digit are signed using the first key in software protecting equipment, obtained
To signature packet corresponding with the data to be backed up.
Further, the signature packet is encrypted using the second key in software protecting equipment including:
The data to be backed up are combined with the signature packet, obtain data splitting bag;
The data splitting bag is encrypted using the second key in software protecting equipment.
Further, methods described also includes:
When software protecting equipment receives data recovery instruction, the backup data package is entered using the first key
Row decryption, the backup data package after being decrypted, and include in the backup data package after the decryption to be backed up after decryption
Data and signed data;
Verify whether the data to be backed up after the decryption have and recover authority, the recovery authority allows for mark data
Recover to the authority in the software protecting equipment;
If so, then the data to be backed up after decryption are preserved to the software protecting equipment.
Further, whether the data to be backed up after the checking decryption there is recovery authority to include:
Hash operation is carried out to the data to be backed up after the decryption, obtained corresponding with the data to be backed up after the decryption
The second cryptographic Hash;
It is close using described second according to the signed data after the random digit, second cryptographic Hash and the decryption
Key carries out sign test;
When sign test by when, determine the data to be backed up after the decryption have recover authority.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, the application can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the application can use the computer for wherein including computer usable program code in one or more
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The application is with reference to the flow according to the method for the embodiment of the present application, equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net
Network interface and internal memory.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/
Or the form such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Memory is computer-readable Jie
The example of matter.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved
State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus
Or any other non-transmission medium, the information that can be accessed by a computing device available for storage.Define, calculate according to herein
Machine computer-readable recording medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability
Comprising so that process, method, commodity or equipment including a series of elements not only include those key elements, but also wrapping
Include the other element being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that including key element
Other identical element in process, method, commodity or equipment also be present.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product.
Therefore, the application can be using the embodiment in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Form.Deposited moreover, the application can use to can use in one or more computers for wherein including computer usable program code
The shape for the computer program product that storage media is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Formula.
Embodiments herein is these are only, is not limited to the application.To those skilled in the art,
The application can have various modifications and variations.All any modifications made within spirit herein and principle, equivalent substitution,
Improve etc., it should be included within the scope of claims hereof.
Claims (10)
1. a kind of backup method of software protecting equipment data, it is characterised in that methods described includes:
Obtain data to be backed up, the data to be backed up carry identification information corresponding with the data to be backed up;
The data to be backed up are signed using the first key in software protecting equipment, obtained and the data to be backed up
Corresponding signature packet, the first key are the private key being stored in software protecting equipment system area;
The signature packet is encrypted using the second key in software protecting equipment, obtains backup data package, it is described
Second key is the public key being stored in software protecting equipment corresponding with the first key;
The backup data package is exported.
2. according to the method for claim 1, it is characterised in that after the acquisition data to be backed up, methods described is also wrapped
Include:
Hash operation is carried out to the data to be backed up, obtains first cryptographic Hash corresponding with the data to be backed up;
Random digit is generated using preset function and is stored in the system area;
The first key using in software protecting equipment is signed to the data to be backed up, obtain with it is described to be backed up
Signed data includes corresponding to data:
First cryptographic Hash and the random digit are signed using the first key in software protecting equipment, obtain with
Signature packet corresponding to the data to be backed up.
3. according to the method for claim 2, it is characterised in that using the second key in software protecting equipment to the label
Name packet be encrypted including:
The data to be backed up are combined with the signature packet, obtain data splitting bag;
The data splitting bag is encrypted using the second key in software protecting equipment.
4. according to the method for claim 1, it is characterised in that methods described also includes:
When software protecting equipment receives data recovery instruction, the backup data package is solved using the first key
It is close, the backup data package after being decrypted, and include the data to be backed up after decryption in the backup data package after the decryption
And signed data;
Verify whether the data to be backed up after the decryption have and recover authority, the recovery authority is that mark data allows to recover
Authority in the software protecting equipment user area;
If so, then the data to be backed up after decryption are preserved to the software protecting equipment user area.
5. according to the method for claim 4, it is characterised in that whether the data to be backed up after the checking decryption have
There is recovery authority to include:
Hash operation is carried out to the data to be backed up after the decryption, obtains corresponding with the data to be backed up after the decryption the
Two cryptographic Hash;
According to the signed data after the random digit, second cryptographic Hash and the decryption, entered using second key
Row sign test;
When sign test by when, determine the data to be backed up after the decryption have recover authority.
6. a kind of back-up device of software protecting equipment data, it is characterised in that described device includes:
Acquiring unit, for obtaining data to be backed up, the data to be backed up carry mark corresponding with the data to be backed up
Know information;
Signature unit, for being signed using the first key in software protecting equipment to the data to be backed up, obtain with
Signature packet corresponding to the data to be backed up, the first key are the private being stored in software protecting equipment system area
Key;
Ciphering unit, for the signature packet to be encrypted using the second key in software protecting equipment, obtain standby
Part packet, second key is the public key being stored in software protecting equipment corresponding with the first key;
Output unit, for the backup data package to be exported.
7. device according to claim 6, it is characterised in that described device also includes:
Arithmetic element, for carrying out Hash operation to the data to be backed up, obtain and the data corresponding first to be backed up
Cryptographic Hash;
Generation unit, for generating random digit using preset function and being stored in the system area;
The signature unit, specifically for using the first key in software protecting equipment to first cryptographic Hash and it is described with
Machine numeral is signed, and obtains signature packet corresponding with the data to be backed up.
8. device according to claim 7, it is characterised in that the ciphering unit includes:
Composite module, for the data to be backed up to be combined with the signature packet, obtain data splitting bag;
Encrypting module, for the data splitting bag to be encrypted using the second key in software protecting equipment.
9. device according to claim 6, it is characterised in that described device also includes:
Decryption unit, for when software protecting equipment receive data recovery instruction when, using the first key to described standby
Part packet is decrypted, the backup data package after being decrypted, and includes decryption in the backup data package after the decryption
Data to be backed up afterwards and signed data;
Authentication unit, for verifying whether the data to be backed up after the decryption have recovery authority, the recovery authority is mark
Knowing data allows to recover to the authority in the software protecting equipment user area;
Storage unit, recover authority if having for the data to be backed up after the decryption, by the data to be backed up after decryption
Preserve to the software protecting equipment user area.
10. device according to claim 9, it is characterised in that the authentication unit includes:
Computing module, for carrying out Hash operation to the data to be backed up after the decryption, obtain standby with treating after the decryption
Second cryptographic Hash corresponding to part data;
Sign test module, for according to the signed data after the random digit, second cryptographic Hash and the decryption, utilizing institute
State the second key and carry out sign test;
Determining module, for when sign test by when, determine the data to be backed up after the decryption have recover authority.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710595109.8A CN107391974A (en) | 2017-07-19 | 2017-07-19 | A kind of backup method and device of software protecting equipment data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710595109.8A CN107391974A (en) | 2017-07-19 | 2017-07-19 | A kind of backup method and device of software protecting equipment data |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107391974A true CN107391974A (en) | 2017-11-24 |
Family
ID=60336393
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710595109.8A Pending CN107391974A (en) | 2017-07-19 | 2017-07-19 | A kind of backup method and device of software protecting equipment data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107391974A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109684129A (en) * | 2018-11-20 | 2019-04-26 | 北京深思数盾科技股份有限公司 | Data backup restoration method, storage medium, encryption equipment, client and server |
CN110086755A (en) * | 2018-01-26 | 2019-08-02 | 巍乾全球技术有限责任公司 | Realize method, application server, internet of things equipment and the medium of Internet of Things service |
CN116432199A (en) * | 2023-03-03 | 2023-07-14 | 安超云软件有限公司 | Cloud platform remote data backup method, cloud platform remote data recovery method and electronic equipment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105791258A (en) * | 2014-12-26 | 2016-07-20 | 中国移动通信集团上海有限公司 | Data transmission method, terminal and open platform |
CN105847005A (en) * | 2016-03-14 | 2016-08-10 | 美的集团股份有限公司 | Encryption device and method |
-
2017
- 2017-07-19 CN CN201710595109.8A patent/CN107391974A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105791258A (en) * | 2014-12-26 | 2016-07-20 | 中国移动通信集团上海有限公司 | Data transmission method, terminal and open platform |
CN105847005A (en) * | 2016-03-14 | 2016-08-10 | 美的集团股份有限公司 | Encryption device and method |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110086755A (en) * | 2018-01-26 | 2019-08-02 | 巍乾全球技术有限责任公司 | Realize method, application server, internet of things equipment and the medium of Internet of Things service |
CN110086755B (en) * | 2018-01-26 | 2022-06-21 | 巍乾全球技术有限责任公司 | Method for realizing service of Internet of things, application server, Internet of things equipment and medium |
US11546173B2 (en) | 2018-01-26 | 2023-01-03 | Vechain Global Technology Sarl | Methods, application server, IoT device and media for implementing IoT services |
CN109684129A (en) * | 2018-11-20 | 2019-04-26 | 北京深思数盾科技股份有限公司 | Data backup restoration method, storage medium, encryption equipment, client and server |
CN116432199A (en) * | 2023-03-03 | 2023-07-14 | 安超云软件有限公司 | Cloud platform remote data backup method, cloud platform remote data recovery method and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3286867B1 (en) | Method, apparatus, and system for cloud-based encryption machine key injection | |
CN102509034B (en) | Software license control method of software license control device | |
CN107347058A (en) | Data ciphering method, data decryption method, apparatus and system | |
CN104322003B (en) | Cryptographic authentication and identification method using real-time encryption | |
CN105184181B (en) | File encryption method, file decryption method and file encryption device | |
CN106529308A (en) | Data encryption method and apparatus, and mobile terminal | |
CN107004083A (en) | Device keyses are protected | |
CN106664200A (en) | Controlling access to a resource via a computing device | |
CN109218295A (en) | Document protection method, device, computer equipment and storage medium | |
CN111191195A (en) | Method and device for protecting APK | |
CN112241527B (en) | Secret key generation method and system of terminal equipment of Internet of things and electronic equipment | |
CN107391974A (en) | A kind of backup method and device of software protecting equipment data | |
CN101815292A (en) | Device and method for protecting data of mobile terminal | |
JP2013251609A (en) | Information processing device, ic chip, and information processing method | |
CN108416224A (en) | A kind of data encryption/decryption method and device | |
CN102270285B (en) | Key authorization information management method and device | |
CN111008400A (en) | Data processing method, device and system | |
CN111768523B (en) | CTID-based NFC intelligent door lock unlocking method, system, equipment and medium | |
CN110932853B (en) | Key management device and key management method based on trusted module | |
CN106487509B (en) | A kind of method and host equipment generating key | |
CN114297673A (en) | Password verification method, solid state disk and upper computer | |
CN101661573A (en) | Method for producing electronic seal and method for using electronic seal | |
KR101677138B1 (en) | Method of on-line/off-line electronic signature system for security of off-line token | |
CN111008374A (en) | Block chain-based password processing method, device and medium | |
CN100546242C (en) | A kind of generation of super code and authentication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171124 |
|
RJ01 | Rejection of invention patent application after publication |