CN107678886B - Method for storing and recovering application program data and terminal equipment - Google Patents

Method for storing and recovering application program data and terminal equipment Download PDF

Info

Publication number
CN107678886B
CN107678886B CN201710931615.XA CN201710931615A CN107678886B CN 107678886 B CN107678886 B CN 107678886B CN 201710931615 A CN201710931615 A CN 201710931615A CN 107678886 B CN107678886 B CN 107678886B
Authority
CN
China
Prior art keywords
data
submodule
preset
application program
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710931615.XA
Other languages
Chinese (zh)
Other versions
CN107678886A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201710931615.XA priority Critical patent/CN107678886B/en
Publication of CN107678886A publication Critical patent/CN107678886A/en
Application granted granted Critical
Publication of CN107678886B publication Critical patent/CN107678886B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/62Uninstallation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method for storing and recovering application program data and terminal equipment, and belongs to the technical field of information. The terminal equipment disclosed by the invention comprises a storage module and a recovery module, wherein the storage module comprises: creating a sub-module, assembling the sub-module, adding the sub-module, setting the sub-module, a first encryption sub-module, a first identification sub-module and a second identification sub-module; the recovery module includes: the device comprises a first obtaining submodule, a first verifying submodule, a first reading submodule, a second reading submodule and a first decrypting submodule. According to the technical scheme disclosed by the invention, when the terminal equipment reinstalls the application program, the data of the application program can be obtained from the safe storage area, and the data does not need to be memorized by a user in a complicated way, so that the process of reinstalling the application program is simplified, and the user experience is improved.

Description

Method for storing and recovering application program data and terminal equipment
Technical Field
The present invention relates to the field of information technologies, and in particular, to a method and a terminal device for saving and restoring data in an application.
Background
In the prior art, after an application program in a terminal device is uninstalled, related data in the application program is lost, when the application program is reinstalled, the previous data cannot be recovered, so that a user must add the data to the newly installed application program again, when the related data is more, the data is not easy to remember, and if some important data is lost, the user is greatly influenced. Especially, for the application program of the dynamic token for security authentication, after the terminal device uninstalls the application program, the terminal device must re-apply for activating a token number to the manufacturer of the application program or a server corresponding to the application program again when the application program is re-installed, and the installation procedure is cumbersome, resulting in poor user experience.
Disclosure of Invention
The invention provides a method for saving and restoring application program data and terminal equipment.
The invention provides a method for saving and recovering application program data, which comprises the steps of saving the application program data before a terminal device unloads an application program; when the terminal equipment reinstalls the application program, recovering the application program data;
the step of storing the application program data by the terminal device specifically comprises the following steps:
step S1: the terminal equipment creates a storage object;
step S2: the terminal equipment assembles the application program data into the storage object;
step S3: the terminal equipment adds the storage object into a self safe storage area;
after the step S1 and before the step S3, the method further includes: the terminal equipment sets the storage object as a preset encryption type; the step S3 further includes: the terminal equipment encrypts the application program data in the storage object in the safe storage area according to the preset encryption type;
the step S3 is preceded by: the terminal equipment uses a preset data identifier to identify the application program data in the storage object, and uses a preset object identifier to identify the storage object;
the restoring of the application program data by the terminal device specifically includes the following steps:
step A0: the terminal equipment acquires an identifier of an application program of data to be recovered according to a preset path, finds a first certificate stored by the terminal equipment according to the acquired identifier of the application program, verifies the application program of the data to be recovered by using the first certificate, and executes the step A1 when the verification is passed;
step A1: the terminal equipment reads the storage object in the safe storage area according to the preset object identification;
step A2: and the terminal equipment reads the encrypted application program data in the storage object according to the preset data identification, and decrypts the encrypted application program data in the storage object by using a decryption algorithm corresponding to the preset encryption type to obtain the application program data.
Optionally, before the terminal device uses a preset data identifier to identify the application data, the method further includes: the terminal equipment generates the preset data identification according to a first preset algorithm;
correspondingly, before the terminal device reads the data in the storage object according to the preset data identifier, the method further includes: and the terminal equipment generates the preset data identifier according to the first preset algorithm.
Optionally, before the terminal device identifies the storage object by using a preset object identifier, the method further includes: the terminal equipment generates the preset object identification according to a second preset algorithm;
correspondingly, before the terminal device reads the storage object in the secure storage area according to the preset object identifier, the method further includes: and the terminal equipment generates the preset object identification according to the second preset algorithm.
Optionally, before the terminal device identifies the storage object by using a preset object identifier, the method further includes: the terminal equipment sends an object identification acquisition request to a corresponding server according to a preset server address, and receives the preset object identification returned by the corresponding server;
correspondingly, before the terminal device reads the storage object in the secure storage area according to the preset object identifier, the method further includes: and the terminal equipment sends an object identification acquisition request to a corresponding server according to the preset server address and receives the preset object identification returned by the corresponding server.
Optionally, before step S3, the method further includes:
step H1, the terminal equipment judges whether the safe storage area has the preset object identification;
step H2: and when the terminal equipment judges that the object identification exists in the safe storage area, deleting the object identification in the safe storage area and the storage object corresponding to the object identification.
Optionally, before step S3, the method further includes: the terminal equipment judges whether the safe storage area has the preset object identification or not;
accordingly, the step S3 is specifically: and when the terminal equipment judges that the object identifier exists in the safe storage area, the storage object comprising the application program data is used for updating the storage object corresponding to the object identifier in the safe storage area.
In the invention, the application program data can be a token serial number, or a user name and a private key, or comprises the user name and a user password, and when the application program data comprises the user name and the password, the application program data further comprises one or more of a company address, a company website, a contact phone, a mailbox address and a contact person.
In the invention, when the application program data of the dynamic token is stored, the application program data is recovered without re-applying the activation token number to the manufacturer of the application program, thereby simplifying the installation process and improving the user experience.
In the present invention, the application data assembled into the storage object in the step S2 is identical to the application data decrypted in the step a 2.
Optionally, after the step a2, the method further includes:
step A3: and the terminal equipment accesses a corresponding server according to a preset server address, verifies the application program data obtained by decryption through the corresponding server, judges whether a notification of successful verification returned by the corresponding server is received, if so, the data recovery is successful, and otherwise, the data recovery is failed.
In the present invention, when the application data obtained by the decryption is a token serial number, the step a3 specifically includes:
the terminal equipment sends the token serial number to a token server according to a preset token server address, verifies the token serial number through the token server, judges whether a notice of successful verification returned by the token server is received, if so, the data recovery is successful, otherwise, the data recovery is failed;
when the application data obtained by the decryption is a user name and a private key, the step a3 specifically includes:
step A31: the terminal equipment sends a request for acquiring the data to be signed to an authentication server according to a preset authentication server address and receives the data to be signed returned by the authentication server;
step A32: the terminal device signs the data to be signed by using the private key, sends a signature result and the user name to the authentication server, verifies the signature result through the authentication server, judges whether a notification of successful verification returned by the authentication server is received, if so, the data is successfully recovered, and otherwise, the data recovery fails.
When the application data obtained by decryption includes a user name and a user password, the step a3 specifically includes:
and the terminal equipment sends the user name and the password to a corresponding server according to a preset server address, verifies the user name and the password through the corresponding server, judges whether a notification of successful verification returned by the server is received, if so, the data recovery is successful, and otherwise, the data recovery is failed.
Optionally, after the step a2, the method further includes: and the terminal equipment displays the application program data obtained by decryption.
In the present invention, the step a0 further includes: the terminal equipment acquires a second certificate and corresponding second code signature data according to the identifier of the application program;
correspondingly, in step a0, the verifying, by the terminal device, the application program of the data to be restored by using the first certificate specifically includes:
the terminal equipment decrypts a first code signature file corresponding to the first certificate stored by the terminal equipment by using a first public key in the first certificate to obtain first decrypted data; and decrypting the second code signature data by using a second public key in the second certificate to obtain second decrypted data, judging whether the first decrypted data is consistent with the second decrypted data, if so, passing the verification, and otherwise, failing to pass the verification.
Further, before the terminal device uses the first certificate to verify the application program of the data to be restored, the method further includes: and the terminal equipment acquires the root certificate of the second certificate stored by the terminal equipment, verifies the second certificate by using the root certificate, and executes the step A0 when the verification is passed, otherwise, the operation is finished.
Specifically, the second certificate includes second signature data obtained by signing content in the second certificate using a third private key in a root certificate of the second certificate;
correspondingly, the verifying the second certificate by the terminal device using the root certificate specifically includes: the terminal equipment decrypts the second signature data by using a third public key in the root certificate to obtain third decrypted data; and calculating the content in the second certificate according to a fifth preset algorithm to obtain a third calculation result, judging whether the third decrypted data is consistent with the third calculation result, if so, passing the verification, and otherwise, failing to pass the verification.
Optionally, before the step S3, the method further includes: the terminal equipment encrypts the application program data according to a third preset algorithm to generate first encrypted application program data;
accordingly, the application data added to the storage object in the secure storage area in step S3 is specifically the first encrypted application data;
in step a2, the decrypting, by the terminal device, the encrypted application data in the storage object by using the decryption algorithm corresponding to the preset encryption type to obtain the application data specifically includes: the terminal equipment decrypts the encrypted application program data in the storage object by using a decryption algorithm corresponding to the preset encryption type to obtain the first encrypted application program data;
the step a2 further includes: and the terminal equipment decrypts the first encrypted application program according to a fourth preset algorithm to obtain the application program data.
The invention provides a terminal device for saving and restoring application program data, which comprises a saving module and a restoring module, wherein the saving module comprises:
the creating submodule is used for creating a storage object;
the assembly submodule is used for assembling the application program data into the storage object created by the creation submodule;
the adding submodule is used for adding the storage object into a safe storage area of the terminal equipment after the assembling submodule assembles the application program data into the storage object created by the creating submodule;
the setting submodule is used for setting the storage object created by the creating submodule into a preset encryption type;
the first encryption submodule is used for encrypting the application program data added into the storage object in the secure storage area by the adding submodule according to the preset encryption type set by the setting submodule;
the first identification submodule is used for identifying the application program data assembled into the storage object by the assembly submodule by using a preset data identification;
the second identification submodule is used for identifying the storage object created by the creation submodule by using a preset object identification;
the recovery module includes:
the first obtaining submodule is used for obtaining an identifier of an application program of data to be recovered according to a preset path and finding a first certificate stored in the first obtaining submodule according to the obtained identifier of the application program;
the first verification submodule is used for verifying the application program of the data to be recovered by using the first certificate acquired by the first acquisition submodule;
the first reading sub-module is used for reading the storage object in the safe storage area according to the preset object identification when the verification result of the first verification sub-module is that the verification is passed;
the second reading submodule is used for reading the encrypted application program data in the storage object read by the first reading submodule according to the preset data identification;
the first decryption submodule is used for decrypting the encrypted application program data read by the second reading submodule by using a decryption algorithm corresponding to the preset encryption type set by the setting submodule to obtain the application program data.
The invention has the beneficial effects that: before the application program in the terminal equipment is unloaded, the terminal equipment stores the data in the application program into a self safe storage area, the application program data can be obtained from the safe storage area when the application program is reinstalled, the user does not need to memorize the data in a complicated way, the process of reinstalling the application program is simplified, and the user experience is improved.
Drawings
Fig. 1 is a flowchart illustrating a method for saving application data according to embodiment 1 of the present invention;
fig. 2 is a flowchart of a method for recovering application data according to embodiment 1 of the present invention;
fig. 3 is a block diagram illustrating a module organization of a terminal device for saving and restoring application data according to embodiment 2 of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Example 1
The embodiment provides a method for saving and recovering application program data, which comprises the steps of saving the application program data before the terminal equipment unloads an application program; when the terminal equipment reinstalls the application program, recovering the application program data;
as shown in fig. 1, the step of storing the application data by the terminal device specifically includes the following steps:
step 101: the terminal device creates a storage object.
Specifically, the terminal device creates a storage object, specifically: and the terminal equipment creates a storage object according to a preset format. Further, the terminal device creates a preset number of storage objects in a preset format.
For example, when the preset number is 1, the storage objects in the preset format may specifically be: { data identity ═ data; application data is equal to; }; or the storage object in the preset format may specifically be: { data identification 1 ═ i; application data1 ═ i; data identification 2 ═ 2; application data2 ═ i; … … }. The structure of the application data may be { data1 ═ here; or { data1 ═ a; data2 ═ a; … … }.
When the preset number is 2, the storage objects in the preset format may specifically be: { data identity ═ data; application data is equal to; }, { data identification 2 ═ 2; application data2 ═ i; … … }. The structure of the application data may be { data1 ═ here; or { data1 ═ a; data2 ═ a; … … }.
In this embodiment, the storage object in the preset format further has an identifier of the storage object, and the identifier of the storage object may be outside the storage object or inside the storage object. For example, when the storage object identifier is outside the storage object, the storage object in the preset format is: storing the object identification: { data identity ═ data; application data is equal to; when the storage object is identified in the storage object, the storage object with the preset format is: { object identification ═ i; data identification is equal to; application data is equal to; }.
Step 102: and the terminal equipment sets the storage object as a preset encryption type.
Specifically, the terminal device sets the encryption type of the storage object to a preset value.
In this embodiment, the encryption type may be one of a first preset encryption type, a second preset encryption type, a third preset encryption type, a fourth preset encryption type, and a fifth preset encryption type. Specifically, the method comprises the following steps: when the terminal equipment sets the value of the encryption type as a first preset value, the encryption type is a first preset encryption type; when the value of the encryption type is set to be a second preset value, the encryption type is a second preset encryption type; when the value of the encryption type is set to a third preset value, the encryption type is a third preset encryption type; when the value of the encryption type is set to a fourth preset value, the encryption type is a fourth preset encryption type; and when the value of the encryption type is set to be a fifth preset value, the encryption type is a fifth preset encryption type.
In this embodiment, when there are a plurality of storage objects, the terminal device sets a preset encryption type for each storage object.
Step 103: the terminal equipment judges whether the safe storage area has a preset object identification, if so, the step 104 is executed, otherwise, the step 105 is executed.
Specifically, the terminal device calls a read interface of the secure storage area, reads data in the secure storage area, and determines whether the data in the secure storage area has a preset object identifier, if so, step 104 is executed, otherwise, step 105 is executed. For example, the preset object identifier of the terminal device is 0001, and it is determined whether there is an object identifier 0001 in the secure storage area, if yes, step 104 is executed, otherwise, step 105 is executed.
Step 104: the terminal device deletes the preset object identifier and the corresponding storage object in the secure storage area, and executes step 105.
Specifically, the terminal device calls a deletion interface of the secure storage area to delete the preset target object identifier and the corresponding storage object in the secure storage area.
Step 105: and the terminal equipment identifies the storage object by using a preset object identification and identifies the data in the application program by using a preset data identification.
In this embodiment, when there are multiple preset object identifiers and/or multiple data identifiers, step 101 specifically includes the terminal device creating a preset number of storage objects, and correspondingly, step 105 specifically includes: the terminal equipment respectively identifies the storage objects with the first preset number by using the preset object identifications with the first preset number, and respectively identifies the data in the application program by using the preset data identifications with the second preset number.
For example, when the number of preset data identifiers is 1 and the number of preset object identifiers is 1, the using of the object identifiers for the storage object identifiers specifically includes: { object identification 0001; 0010 is data identification; application data is equal to; 0001 as object identification, and 0010 as data identification;
when the number of the preset data identifiers is 2 and the number of the preset object identifiers is 1, the object identifier is used for specifically storing the object identifier as follows: { object identification 0001; data identifier 1 is 0010; application data1 ═ i; data identifier 2 is 0011; application data1 ═ i; 0001 as object mark, 0010 and 0011 as data mark;
when the number of the preset data identifiers is 2 and the number of the preset object identifiers is 4, the object identifier is used for specifically storing the object identifier as follows: { object identification 1 ═ 0001; data identifier 1 is 0010; application data1 ═ i; data identifier 2 is 0011; application data2 ═ i; }, { object identification 2 ═ 0002; data identification 3 is 0100; application data 3 ═ i; data identification 4 ═ 0101; application data 4 ═ i; 0001 and 0002 are object marks, and 0010, 0011, 0100 and 0101 are data marks.
Further, step 105 may specifically be: the terminal device sets the value of the account attribute item corresponding to the preset encryption type as a preset object identifier, and sets the value of the service attribute item corresponding to the preset encryption type of the storage object as a preset data identifier. It should be noted that, in this embodiment, each encryption type has a corresponding account attribute item and a corresponding service attribute item, the identification value of the storage object may be a value of the account attribute item, and the identification value of the application data may be a value of the service attribute item.
Step 106: and the terminal equipment assembles the data in the application program into the storage object.
Specifically, the terminal device assembles data in the application program into a data storage area of the storage object according to a preset format. For example, when the data in the application program comprises a token number, a private key and a user name, the terminal device will use the token number
Token-bc 906717191c532bc76cd8c4E7a520587E90D4a385b43863f3c1da6c406ed283, private key-D89207D 55DB1FEA62D16CF5E8D4 deded 19
The specific steps of assembling the CAAF041CF06a083D65574CD8F913B and the user name username 123 into the data storage area of the storage object according to the preset format are as follows: { Token ═ bc906717191c
532bc76cd8c4e7a520587e90d4a385b43863f3c1da6c406ed283;private=D89
207D55DB1FEA62D16CF5E8D4DEDECD19CAAF041CF06A083D65574CD8F913B;username=123}。
In this embodiment, the order of step 105 and step 106 may be changed, that is, step 106 is executed and then step 105 is executed when step 103 determines no, and step 106 is executed and then step 105 is executed after step 104.
In this embodiment, the terminal device identifies the storage object by using a preset object identifier, and the data that is organized into the storage object and that has been identified by using the preset data identifier may be specifically as follows { object identifier is 0001; 0010 is data identification; token ═ bc906
717191c532bc76cd8c4e7a520587e90d4a385b43863f3c1da6c406ed283;
private=D89207D55DB1FEA62D16CF5E8D4DEDECD19CAAF041CF06A083D65574CD8F913B;username=123}。
Step 107: and the terminal equipment adds the storage object into the secure storage area and encrypts the data of the application program in the storage object in the secure storage area according to a preset encryption type to obtain encrypted application program data.
Specifically, when the preset encryption type is the first encryption type, the terminal device encrypts application program data in the storage object in the secure storage area according to the preset encryption type to obtain encrypted application program data, specifically: and the terminal equipment encrypts the application program data according to a preset algorithm corresponding to the preset encryption type to obtain encrypted application program data.
In this embodiment, when the determination result in step 103 is yes, steps 105 to 107 may be further performed, and step 107 is replaced with: and the terminal equipment uses the storage object comprising the application program data to update the storage object corresponding to the object identification in the safe storage area.
Specifically, the terminal device updates the storage object corresponding to the object identifier in the secure storage area by using the storage object including the application data, specifically: and the terminal equipment calls the updating interface of the secure storage area to update the storage object corresponding to the object identifier in the secure storage area by using the storage object comprising the application program data.
As shown in fig. 2, the restoring of the application data by the terminal device specifically includes the following steps:
step 200: the terminal equipment obtains the identifier of the application program of the data to be recovered according to the preset path, finds the first certificate stored by the terminal equipment according to the obtained identifier of the application program, verifies the application program of the data to be recovered by using the first certificate, if the verification is passed, the step 201 is executed, and if the verification is not passed, the step is ended.
Further, step 200 further includes: the terminal equipment acquires a second certificate and second code signature data of the application program according to the identifier of the application program;
correspondingly, in step 200, the terminal device verifies the application program of the data to be recovered by using the first certificate, specifically: the terminal equipment decrypts a first code signature file corresponding to a first certificate stored by the terminal equipment by using a first public key in the first certificate to obtain first decrypted data; and decrypting the second code signature data by using a second public key in the second certificate to obtain second decrypted data, judging whether the first decrypted data is matched with the second decrypted data, if so, passing the verification, and otherwise, failing to pass the verification.
Further, before the terminal device uses the first certificate to verify the application program of the data to be recovered, the method further includes: and the terminal equipment acquires the root certificate of the second certificate stored by the terminal equipment, verifies the second certificate by using the root certificate, continues when the verification is passed, and otherwise, ends.
Specifically, the second certificate includes second signature data obtained by signing content in the second certificate using a third private key in a root certificate of the second certificate; correspondingly, the verifying the second certificate by the terminal device using the root certificate specifically includes: the terminal equipment decrypts the second signature data by using a third public key in the root certificate to obtain third decrypted data; and calculating the content in the second certificate according to a fifth preset algorithm to obtain a third calculation result, judging whether the third decrypted data is consistent with the third calculation result, if so, passing the verification, and otherwise, failing to pass the verification.
Specifically, in step 200, the terminal device obtains an identifier of an application program of the data to be recovered according to a preset path, specifically: the terminal device finds the first configuration file according to the preset path, and obtains the identifier of the application program of the data to be recovered from the first configuration file.
Specifically, the obtaining, by the terminal device, the second certificate and the second code signature data of the application program according to the identifier of the application program includes: and the terminal equipment finds the second configuration file according to the identifier of the application program and acquires the second certificate and the second code signature data of the application program from the second configuration file. Further, the terminal device finds the second configuration file according to the identifier of the application program, specifically: the terminal device finds a second configuration file stored by the terminal device and comprising an application identification matched with the identification of the application program. In this embodiment, before the terminal device finds the second configuration file according to the identifier of the application program, the method further includes: and the terminal equipment judges whether the application identification matched with the identification of the application program is stored in the terminal equipment, if so, the terminal equipment continues, and if not, the terminal equipment ends.
When the verification passes in step 200 of this embodiment, step 201 further includes: and the terminal equipment acquires a second equipment identifier from the second configuration file, acquires a first equipment identifier from the first configuration file, judges whether the acquired second equipment identifier is matched with the first equipment identifier, if so, executes the step 201, otherwise, finishes the step.
Step 201: the terminal device reads the data in the secure storage area.
Specifically, the terminal device calls a reading interface to read the data in the secure storage area.
Step 202: the terminal equipment judges whether the safe storage area has a preset object mark, if so, step 203 is executed, otherwise, the process is finished.
For example, when the preset object identifier is 0001, the terminal device determines whether the storage object identifier in the secure storage area is 0001, if so, step 203 is executed, otherwise, the process is ended.
Step 203: and the terminal equipment reads the storage object in the safe storage area according to the preset object identification.
For example, the terminal device reads a corresponding storage object { object identifier is 0001; 0010 is data identification; token-bc 906717191c532bc76cd8c4e7a520587e90d4a385b43863f3c1da6c406ed 283; private ═ D89207D55DB1FEA62D16CF5E8D4 dedcd 19CAAF041CF06a083D65574CD8F 913B; size ═ 3; username 123 }.
Step 204: the terminal device determines whether the storage object has a preset data identifier, if so, step 205 is executed, otherwise, the process is ended.
For example, when the preset data identifier is 0010, the terminal device determines whether there is the preset data identifier 0010 in the storage object, if so, step 205 is executed, otherwise, the process is ended.
Step 205: and the terminal equipment reads the encrypted application program data in the storage object according to the preset data identification, and decrypts the encrypted application program data in the storage object by using a decryption algorithm corresponding to the preset encryption type to obtain the application program data.
For example, the application program data encrypted in the storage object is read by the terminal device according to the preset data identifier 0010, and the application program data obtained by decrypting the encrypted application program data in the storage object by using the decryption algorithm corresponding to the preset encryption type is specifically: { Token ═ bc906717191c532bc76cd8c4e7a520587e90d4a385b43863f3c1da6c406ed 283;
private ═ D89207D55DB1FEA62D16CF5E8D4 dedcd 19CAAF041CF06a083D65574CD8F 913B; 123} Token 906717191c532b
c76CD8c4E7a520587E90D4a385b43863F3c1da6c406ed283 as a token, D89207D55DB1FEA62D16CF5E8D4 deded 19CAAF041CF06a083D65574CD8F913B as a private key, and username 123 as a user name.
In this embodiment, the method may further include: and the terminal equipment stores the obtained application program data into the running application program. The data stored in the application program can be directly used when the application program is subsequently run.
Optionally, in step 105 of the method in this embodiment, before the terminal device uses the preset data identifier to identify the application data, the method further includes: the terminal equipment generates a preset data identifier according to a first preset algorithm; correspondingly, before the step 204, the method further includes: and the terminal equipment generates a preset data identifier according to a first preset algorithm.
Specifically, the generating, by the terminal device, a preset data identifier according to a first preset algorithm specifically includes: and the terminal equipment calculates the preset data according to a first preset algorithm, and the obtained calculation result is used as a preset data identifier. For example, when the first preset algorithm is SHA256 and the preset data is 123456, the terminal device uses the algorithm SHA256 to calculate 123456, and an obtained calculation result is used as the preset data identifier.
Optionally, in step 105 of the method in this embodiment, before the terminal device identifies the storage object by using a preset object identifier, the method further includes: the terminal equipment generates a preset object identifier according to a second preset algorithm; correspondingly, before the step 202, the method further includes: and the terminal equipment generates a preset object identifier according to a second preset algorithm.
Specifically, the generating, by the terminal device, a preset object identifier according to a second preset algorithm specifically includes: and the terminal equipment calculates the preset data according to a second preset algorithm, and the calculation result is used as a preset object identifier.
Optionally, in step 105, before the terminal device identifies the storage object by using the preset object identifier, the method further includes: the terminal equipment sends an object identification obtaining request to a corresponding server according to a preset server address and receives a preset object identification returned by the corresponding server; correspondingly, before the step 202, the method further includes: and the terminal equipment sends an object identification acquisition request to the corresponding server according to the preset server address and receives the preset object identification returned by the corresponding server. In this embodiment, when the application data includes a private key and a user name, the object identifier is specifically a private key identifier, and when the terminal device generates the private key, a corresponding private key identifier is generated, and the private key identifier is uploaded to a corresponding server.
Optionally, after step 205, the method further includes: the terminal device displays the restored application data.
Optionally, step 205 further includes:
step 206: and the terminal equipment accesses the corresponding server according to the preset server address, verifies the application program data obtained by decryption through the corresponding server, judges whether a notification of successful verification returned by the server is received, if so, the data recovery is successful, and otherwise, the data recovery is failed.
When the decrypted application data is the token serial number, step 206 specifically includes: and the terminal equipment sends the token serial number to the token server according to the preset token server address, verifies the token serial number through the token server, judges whether a notification of successful verification returned by the token server is received, if so, the data recovery is successful, and otherwise, the data recovery is failed.
When the decrypted application data is a user name and a private key, step 206 specifically includes:
step A31: the terminal equipment sends a request for acquiring the data to be signed to the authentication server according to a preset authentication server address and receives the data to be signed returned by the authentication server;
step A32: the terminal equipment signs the data to be signed by using the private key, sends the signature result and the user name to the authentication server, verifies the signature result through the authentication server, judges whether a notification of successful verification returned by the authentication server is received, if so, the data recovery is successful, and otherwise, the data recovery is failed.
In this embodiment, when receiving the signature result of the terminal device, the authentication server checks the signature result, returns a notification of successful verification to the terminal device if the signature is successfully verified, and returns a notification of failed verification to the terminal device if the signature is failed. Specifically, the authentication server checks the signature result, specifically: and the authentication server decrypts the signature result by using the public key corresponding to the user name to obtain decrypted data, judges whether the decrypted data is the same as the data to be signed, if so, verifies the signature successfully, and otherwise, fails to verify the signature.
When the application data obtained by decryption includes a user name and a user password, step 206 specifically includes: the terminal equipment sends the user name and the password to the corresponding server according to the preset server address, verifies the user name and the password through the corresponding server, judges whether a notification of successful verification returned by the server is received, if so, the data recovery is successful, and otherwise, the data recovery is failed. Further, the application data may further include one or more of a company address, a company web address, a contact phone, a mailbox address, and a contact. In this embodiment, when the server receives the user name and the password of the terminal device, it determines whether the received user name and password are consistent with the user name and password stored by the server, if so, a notification of successful authentication is returned to the terminal device, otherwise, a notification of failed authentication is returned to the terminal device.
In this embodiment, the application data may include a private key and/or a token number.
Further, the application data may further include one or more of a user name, a company address, a company website, a user password, a contact phone, a contact person, and a mailbox address. For example, the application data may include a private key, a username, or a token number, a username. The data included in the application data is set according to actual needs, and is not listed here.
Optionally, before the step 107, the method further includes: the terminal equipment encrypts the application program data according to a third preset algorithm to generate first encrypted application program data; correspondingly, the application data added to the storage object in the secure storage area in step 107 is specifically the first encrypted application data; the application data acquired by the terminal in step 205 is specifically the first encrypted application data; step 205 further comprises: and the terminal equipment decrypts the first encrypted application program according to a fourth preset algorithm to obtain application program data. In this embodiment, the fourth preset algorithm is a decryption algorithm corresponding to the third preset algorithm; the third preset algorithm and the fourth preset algorithm may be symmetric encryption algorithms, that is, the third preset algorithm is the same as the fourth preset algorithm; or an asymmetric encryption algorithm, that is, the third preset algorithm is different from the fourth preset algorithm.
In the embodiment, when the application program data of the dynamic token is stored, the application program data is recovered without re-applying the activation token number to the manufacturer of the application program, so that the installation process is simplified, and the user experience is improved.
Example 2
The embodiment provides a terminal device for saving and restoring application program data, which comprises a saving module and a restoring module, wherein the saving module comprises:
a creating submodule 101 for creating a storage object;
an assembly submodule 102, configured to assemble the application data into the storage object created by the creation submodule 101;
an adding submodule 103, configured to add the storage object to the secure storage area of the terminal device after the assembling submodule 102 assembles the application data into the storage object created by the creating submodule 101;
a setting submodule 104 configured to set the storage object created by the creating submodule 101 to a preset encryption type;
the first encryption submodule 105 is used for encrypting the application program data added to the storage object in the secure storage area by the adding submodule 103 according to the preset encryption type set by the setting submodule 104;
the first identification submodule 106 is configured to identify, by using a preset data identifier, application data assembled into the storage object by the assembly submodule 102;
a second identification submodule 107, configured to identify the storage object created by the creation submodule 101 by using a preset object identifier;
the recovery module includes:
the first obtaining sub-module 108 is configured to obtain an identifier of an application program of the data to be restored according to a preset path, and find a first certificate stored in the first obtaining sub-module according to the obtained identifier of the application program;
the first verification sub-module 109 is configured to verify the application program of the data to be recovered by using the first certificate acquired by the first acquisition sub-module 108;
the first reading sub-module 110 is configured to read a storage object in the secure storage area according to a preset object identifier when the verification result of the first verification sub-module 109 is that verification is passed;
the second reading submodule 111 is configured to read, according to a preset data identifier, the encrypted application program data in the storage object read by the first reading submodule 110;
the first decryption submodule 112 is configured to decrypt the encrypted application data in the storage object read by the second reading submodule 111 by using a decryption algorithm corresponding to the preset encryption type set by the setting submodule 104 to obtain the application data.
Optionally, the saving module further includes a first generation submodule, and the restoring module further includes a second generation submodule;
the first generation submodule is used for generating a preset data identifier according to a first preset algorithm;
the first identification submodule 106 is specifically configured to identify, by using a preset data identifier generated by the first generation submodule, application program data assembled into the storage object by the assembly submodule 102;
the second generation submodule is used for generating a preset data identifier according to a first preset algorithm;
the second reading submodule 111 is specifically configured to read, according to the preset data identifier generated by the second generating submodule, the encrypted application data in the storage object read by the first reading submodule 110.
Optionally, the saving module further includes a third generation sub-module; the recovery module further comprises a fourth generation submodule;
the third generation submodule is used for generating a preset object identifier according to a second preset algorithm;
the second identification submodule 107 is specifically configured to identify the storage object created by the creating submodule 101 by using a preset object identifier generated by the third generating submodule;
the fourth generation submodule is used for generating a preset object identifier according to a second preset algorithm;
the first reading sub-module 110 is specifically configured to, when the verification result of the first verification sub-module 109 is that the verification is passed, read the storage object in the secure storage area according to the preset object identifier generated by the fourth generation sub-module.
Optionally, the storage module further includes a first object identifier obtaining sub-module; the recovery module also comprises a second object identification acquisition sub-module;
the first object identification acquisition submodule is used for sending an object identification acquisition request to a corresponding server according to a preset server address and receiving a preset object identification returned by the corresponding server;
the second identification submodule 107 is specifically configured to identify the storage object created by the creating submodule 101 by using the preset object identifier received by the first object identifier obtaining submodule;
the second object identification obtaining submodule is used for sending an object identification obtaining request to the corresponding server according to the preset server address and receiving the preset object identification returned by the corresponding server;
the first reading sub-module 110 is specifically configured to, when the first verification sub-module 109 verifies that the result is that the verification is passed, read the storage object in the secure storage area according to the preset object identifier received by the second object identifier obtaining sub-module.
Optionally, the saving module further includes a first determining submodule and a deleting submodule;
a first judgment submodule, configured to judge whether a secure storage area has a preset object identifier before the adding submodule 103 adds the storage object to the secure storage area of the terminal device;
and the deleting submodule is used for deleting the object identifier in the safe storage area and the storage object corresponding to the object identifier when the first judging submodule judges that the safe storage area has the preset object identifier.
Optionally, the saving module further includes a second judgment sub-module;
a second judgment submodule, configured to judge whether the secure storage area has a preset object identifier before the adding submodule 103 adds the storage object to the secure storage area of the terminal device;
the adding submodule 103 is specifically configured to update the storage object corresponding to the object identifier in the secure storage area by using the storage object including the application data when the second judging submodule judges that the secure storage area has the object identifier.
Optionally, the recovery module further includes a second verification sub-module;
and a second verification sub-module, configured to access a corresponding server according to a preset server address, verify the application data obtained by the first decryption sub-module 112 through the corresponding server, and determine whether a notification of successful verification returned by the corresponding server is received, if yes, the data recovery is successful, and otherwise, the data recovery fails.
In this embodiment, when the application data obtained by the first decryption sub-module 112 is a token serial number, the second verification sub-module is specifically configured to send the token serial number to the token server according to a preset token server address, verify the token serial number by the token server, and determine whether a notification of successful verification returned by the token server is received, if so, the data recovery is successful, and otherwise, the data recovery is failed.
When the application program data obtained by the first decryption sub-module 112 is a user name and a private key, the second verification sub-module is specifically configured to send a request for obtaining data to be signed to an authentication server according to a preset authentication server address, and receive the data to be signed returned by the authentication server; and signing the data to be signed by using a private key, sending a signature result and the user name to an authentication server, verifying the signature result through the authentication server, judging whether a notification of successful verification returned by the authentication server is received, if so, successfully recovering the data, and otherwise, failing to recover the data.
When the application program data obtained by the first decryption sub-module 112 includes a user name and a user password, the second verification sub-module is specifically configured to send the user name and the password to a corresponding server according to a preset server address, verify the user name and the password by the corresponding server, and determine whether a notification of successful verification returned by the server is received, if so, the data recovery is successful, otherwise, the data recovery is failed.
Further, the application data obtained by the first decryption sub-module 112 further includes one or more of a company address, a company website, a contact phone, a mailbox address, and a contact person.
Optionally, the recovery module further includes a display sub-module;
and a display sub-module for displaying the application data decrypted by the first decryption sub-module 112.
Optionally, the recovery module further includes a second obtaining sub-module;
the second obtaining submodule is used for obtaining a second certificate and corresponding second code signature data according to the identifier of the application program obtained by the first obtaining submodule 108;
the first verification sub-module 109 is specifically configured to decrypt the first code signature file corresponding to the first certificate stored by the first verification sub-module by using the first public key in the first certificate acquired by the first acquisition sub-module 108, so as to obtain first decrypted data; and decrypting the second code signature data by using a second public key in a second certificate acquired by the second acquisition submodule to obtain second decrypted data, judging whether the first decrypted data is consistent with the second decrypted data, if so, passing the verification, and otherwise, failing to pass the verification.
Further, the recovery module further includes a third obtaining sub-module, a saving sub-module and a third verifying sub-module on the basis of the second obtaining sub-module;
the storage submodule is used for storing the root certificate of the second certificate;
the third obtaining submodule is used for obtaining the root certificate of the second certificate stored by the storage submodule;
and the third verification sub-module is configured to verify the second certificate by using the root certificate acquired by the third acquisition sub-module, and trigger the first verification sub-module 109 when the verification passes.
Specifically, the second certificate obtained by the third obtaining sub-module includes second signature data obtained by using a third private key in a root certificate of the second certificate to sign the content in the second certificate;
correspondingly, the third verification submodule is specifically configured to decrypt the second signature data by using a third public key in the root certificate acquired by the third acquisition submodule to obtain third decrypted data; and calculating the content in the second certificate acquired by the second acquisition submodule according to a fifth preset algorithm to obtain a third operation result, judging whether the third decrypted data is consistent with the third operation result, if so, passing the verification, and otherwise, failing to pass the verification.
Optionally, the storage module further includes a second encryption sub-module; the recovery module also comprises a second decryption submodule;
the second encryption submodule is used for encrypting the application program data according to a third preset algorithm to generate first encrypted application program data;
correspondingly, the application program data added to the storage object in the secure storage area by the adding submodule 103 is specifically first encrypted application program data;
the first decryption submodule 112 is specifically configured to decrypt the encrypted application program data read by the second reading submodule 111 by using a decryption algorithm corresponding to the preset encryption type set by the setting submodule 104 to obtain first encrypted application program data;
and the second decryption sub-module is configured to decrypt the first encrypted application obtained by decrypting the first decryption sub-module 112 according to a fourth preset algorithm to obtain application data.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (30)

1. A method for saving and restoring application data, comprising: before the terminal equipment unloads the application program, storing the application program data; when the terminal equipment reinstalls the application program, recovering the application program data;
the step of storing the application program data by the terminal device specifically comprises the following steps:
step S1: the terminal equipment creates a storage object;
step S2: the terminal equipment assembles the application program data into the storage object;
step S3: the terminal equipment adds the storage object into a self safe storage area;
after the step S1 and before the step S3, the method further includes: the terminal equipment sets the storage object as a preset encryption type; the step S3 further includes: the terminal equipment encrypts the application program data in the storage object in the safe storage area according to the preset encryption type;
the step S3 is preceded by: the terminal equipment uses a preset data identifier to identify the application program data in the storage object, and uses a preset object identifier to identify the storage object;
the restoring of the application program data by the terminal device specifically includes the following steps:
step A0: the terminal equipment acquires an identifier of an application program of data to be recovered according to a preset path, finds a first certificate stored by the terminal equipment according to the acquired identifier of the application program, verifies the application program of the data to be recovered by using the first certificate, and executes the step A1 when the verification is passed;
step A1: the terminal equipment reads the storage object in the safe storage area according to the preset object identification;
step A2: the terminal equipment reads the encrypted application program data in the storage object according to the preset data identification, and decrypts the encrypted application program data in the storage object by using a decryption algorithm corresponding to the preset encryption type to obtain the application program data;
the step a0 further includes: the terminal equipment acquires a second certificate and corresponding second code signature data according to the identifier of the application program;
in step a0, the verifying, by the terminal device, the application program of the data to be restored using the first certificate specifically includes:
the terminal equipment decrypts a first code signature file corresponding to the first certificate stored by the terminal equipment by using a first public key in the first certificate to obtain first decrypted data; and decrypting the second code signature data by using a second public key in the second certificate to obtain second decrypted data, judging whether the first decrypted data is consistent with the second decrypted data, if so, passing the verification, and otherwise, failing to pass the verification.
2. The method of claim 1, wherein before the terminal device uses a preset data identifier to identify the application data, the method further comprises: the terminal equipment generates the preset data identification according to a first preset algorithm;
before the terminal device reads the data in the storage object according to the preset data identifier, the method further includes: and the terminal equipment generates the preset data identifier according to the first preset algorithm.
3. The method according to claim 1 or 2, wherein before the terminal device identifies the storage object by using a preset object identifier, the method further comprises: the terminal equipment generates the preset object identification according to a second preset algorithm;
before the terminal device reads the storage object in the secure storage area according to the preset object identifier, the method further includes: and the terminal equipment generates the preset object identification according to the second preset algorithm.
4. The method according to claim 1 or 2, wherein before the terminal device identifies the storage object by using a preset object identifier, the method further comprises: the terminal equipment sends an object identification acquisition request to a corresponding server according to a preset server address, and receives the preset object identification returned by the corresponding server;
before the terminal device reads the storage object in the secure storage area according to the preset object identifier, the method further includes: and the terminal equipment sends an object identification acquisition request to a corresponding server according to the preset server address and receives the preset object identification returned by the corresponding server.
5. The method according to claim 1, wherein before the step S3, the method further comprises:
step H1, the terminal equipment judges whether the safe storage area has the preset object identification;
step H2: and when the terminal equipment judges that the object identification exists in the safe storage area, deleting the object identification in the safe storage area and the storage object corresponding to the object identification.
6. The method according to claim 1, wherein before the step S3, the method further comprises: the terminal equipment judges whether the safe storage area has the preset object identification or not;
the step S3 specifically includes: and when the terminal equipment judges that the object identifier exists in the safe storage area, the storage object comprising the application program data is used for updating the storage object corresponding to the object identifier in the safe storage area.
7. The method according to claim 1, wherein after the step a2, the method further comprises:
step A3: and the terminal equipment accesses a corresponding server according to a preset server address, verifies the application program data obtained by decryption through the corresponding server, judges whether a notification of successful verification returned by the corresponding server is received, if so, the data recovery is successful, and otherwise, the data recovery is failed.
8. The method according to claim 7, wherein when the application data obtained by decryption is a token serial number, the step a3 specifically includes:
and the terminal equipment sends the token serial number to a token server according to a preset token server address, verifies the token serial number through the token server, judges whether a notice of successful verification returned by the token server is received, if so, the data recovery is successful, and otherwise, the data recovery is failed.
9. The method according to claim 7, wherein when the application data obtained by decryption is a user name and a private key, the step a3 specifically includes:
step A29: the terminal equipment sends a request for acquiring the data to be signed to an authentication server according to a preset authentication server address and receives the data to be signed returned by the authentication server;
step A30: the terminal device signs the data to be signed by using the private key, sends a signature result and the user name to the authentication server, verifies the signature result through the authentication server, judges whether a notification of successful verification returned by the authentication server is received, if so, the data is successfully recovered, and otherwise, the data recovery fails.
10. The method according to claim 7, wherein when the application data obtained by decryption includes a user name and a user password, the step a3 specifically includes:
and the terminal equipment sends the user name and the password to a corresponding server according to a preset server address, verifies the user name and the password through the corresponding server, judges whether a notification of successful verification returned by the server is received, if so, the data recovery is successful, and otherwise, the data recovery is failed.
11. The method of claim 10, wherein the application data further comprises one or more of a company address, a company web address, a contact phone, a mailbox address, and a contact.
12. The method according to any one of claims 1, 8, 10 and 11, wherein after step a2, the method further comprises: and the terminal equipment displays the application program data obtained by decryption.
13. The method according to claim 1, wherein before the terminal device uses the first certificate to authenticate the application program of the data to be restored, the method further comprises: and the terminal equipment acquires the root certificate of the second certificate stored by the terminal equipment, verifies the second certificate by using the root certificate, and executes the step A0 when the verification is passed, otherwise, the operation is finished.
14. The method according to claim 13, wherein the second certificate includes second signature data obtained by signing content in the second certificate using a third private key in a root certificate of the second certificate;
the terminal device uses the root certificate to verify the second certificate, specifically: the terminal equipment decrypts the second signature data by using a third public key in the root certificate to obtain third decrypted data; and calculating the content in the second certificate according to a fifth preset algorithm to obtain a third calculation result, judging whether the third decrypted data is consistent with the third calculation result, if so, passing the verification, and otherwise, failing to pass the verification.
15. The method according to claim 1, wherein the step S3 is preceded by: the terminal equipment encrypts the application program data according to a third preset algorithm to generate first encrypted application program data;
the application data added to the storage object in the secure storage area in step S3 is specifically the first encrypted application data;
in step a2, the decrypting, by the terminal device, the encrypted application data in the storage object by using a decryption algorithm corresponding to the preset encryption type to obtain the application data, specifically: the terminal equipment decrypts the encrypted application program data in the storage object by using a decryption algorithm corresponding to the preset encryption type to obtain the first encrypted application program data;
the step a2 further includes: and the terminal equipment decrypts the first encrypted application program according to a fourth preset algorithm to obtain the application program data.
16. The terminal equipment for saving and restoring the application program data is characterized by comprising a saving module and a restoring module, wherein the saving module comprises:
the creating submodule is used for creating a storage object;
the assembly submodule is used for assembling the application program data into the storage object created by the creation submodule;
the adding submodule is used for adding the storage object into a safe storage area of the terminal equipment after the assembling submodule assembles the application program data into the storage object created by the creating submodule;
the setting submodule is used for setting the storage object created by the creating submodule into a preset encryption type;
the first encryption submodule is used for encrypting the application program data added into the storage object in the secure storage area by the adding submodule according to the preset encryption type set by the setting submodule;
the first identification submodule is used for identifying the application program data assembled into the storage object by the assembly submodule by using a preset data identification;
the second identification submodule is used for identifying the storage object created by the creation submodule by using a preset object identification;
the recovery module includes:
the first obtaining submodule is used for obtaining an identifier of an application program of data to be recovered according to a preset path and finding a first certificate stored in the first obtaining submodule according to the obtained identifier of the application program;
the first verification submodule is used for verifying the application program of the data to be recovered by using the first certificate acquired by the first acquisition submodule;
the first reading sub-module is used for reading the storage object in the safe storage area according to the preset object identification when the verification result of the first verification sub-module is that the verification is passed;
the second reading submodule is used for reading the encrypted application program data in the storage object read by the first reading submodule according to the preset data identification;
the first decryption submodule is used for decrypting the encrypted application program data read by the second reading submodule by using a decryption algorithm corresponding to the preset encryption type set by the setting submodule to obtain the application program data;
the recovery module further comprises a second acquisition submodule;
the second obtaining submodule is used for obtaining a second certificate and corresponding second code signature data according to the identifier of the application program obtained by the first obtaining submodule;
the first verification submodule is specifically configured to decrypt, by using a first public key in the first certificate acquired by the first acquisition submodule, a first code signature file corresponding to the first certificate stored in the first verification submodule, so as to obtain first decrypted data; and decrypting the second code signature data by using a second public key in the second certificate acquired by the second acquisition submodule to obtain second decrypted data, judging whether the first decrypted data is consistent with the second decrypted data, if so, verifying the first decrypted data, and otherwise, verifying the first decrypted data.
17. The terminal device of claim 16, wherein the saving module further comprises a first generation submodule; the recovery module further comprises a second generation submodule;
the first generation submodule is used for generating the preset data identifier according to a first preset algorithm;
the first identification submodule is specifically configured to identify, by using the preset data identifier generated by the first generation submodule, the application program data assembled into the storage object by the assembly submodule;
the second generation submodule is used for generating the preset data identifier according to the first preset algorithm;
the second reading submodule is specifically configured to read, according to the preset data identifier generated by the second generating submodule, the encrypted application program data in the storage object read by the first reading submodule.
18. The terminal device according to claim 16 or 17, wherein the saving module further comprises a third generation submodule; the recovery module further comprises a fourth generation submodule;
the third generating submodule is used for generating the preset object identifier according to a second preset algorithm;
the second identification submodule is specifically configured to identify the storage object created by the creation submodule by using the preset object identifier generated by the third generation submodule;
the fourth generating submodule is configured to generate the preset object identifier according to the second preset algorithm;
the first reading sub-module is specifically configured to, when the verification result of the first verification sub-module is that verification is passed, read the storage object in the secure storage area according to the preset object identifier generated by the fourth generation sub-module.
19. The terminal device according to claim 16 or 17, wherein the saving module further comprises a first object identifier obtaining sub-module; the recovery module further comprises a second object identification obtaining sub-module;
the first object identifier obtaining submodule is used for sending an object identifier obtaining request to a corresponding server according to a preset server address and receiving the preset object identifier returned by the corresponding server;
the second identification submodule is specifically configured to identify the storage object created by the creation submodule by using the preset object identifier received by the first object identifier obtaining submodule;
the second object identifier obtaining submodule is used for sending an object identifier obtaining request to a corresponding server according to the preset server address and receiving the preset object identifier returned by the corresponding server;
the first reading sub-module is specifically configured to, when the verification result of the first verification sub-module is that verification is passed, read the storage object in the secure storage area according to the preset object identifier received by the second object identifier obtaining sub-module.
20. The terminal device according to claim 16, wherein the saving module further comprises a first judgment sub-module and a deletion sub-module;
the first judging submodule is used for judging whether the safe storage area has the preset object identification or not before the adding submodule adds the storage object into the safe storage area of the terminal equipment;
the deleting submodule is configured to delete the object identifier in the secure storage area and the storage object corresponding to the object identifier when the first determining submodule determines that the secure storage area has the preset object identifier.
21. The terminal device of claim 16, wherein the saving module further comprises a second determination submodule;
the second judging submodule is configured to judge whether the secure storage area has the preset object identifier before the adding submodule adds the storage object to the secure storage area of the terminal device;
the adding submodule is specifically configured to update, when the second judging submodule judges that the secure storage area has the object identifier, the storage object including the application data to the storage object corresponding to the object identifier in the secure storage area.
22. The terminal device of claim 16, wherein the recovery module further comprises a second verification sub-module;
the second verification submodule is used for accessing a corresponding server according to a preset server address, verifying the application program data obtained by the first decryption submodule through the corresponding server, and judging whether a notification of successful verification returned by the corresponding server is received or not, if so, the data recovery is successful, otherwise, the data recovery is failed.
23. The terminal device according to claim 22, wherein when the application data obtained by the first decryption sub-module is a token serial number, the second verification sub-module is specifically configured to send the token serial number to a token server according to a preset token server address, verify the token serial number by the token server, determine whether a notification of successful verification returned by the token server is received, if so, recover the data successfully, and otherwise, recover the data unsuccessfully.
24. The terminal device according to claim 22, wherein when the application data obtained by the first decryption sub-module is a user name and a private key, the second verification sub-module is specifically configured to send a request for obtaining data to be signed to an authentication server according to a preset authentication server address, and receive the data to be signed returned by the authentication server; and signing the data to be signed by using the private key, sending a signature result and the user name to the authentication server, verifying the signature result through the authentication server, judging whether a notification of successful verification returned by the authentication server is received, if so, successfully recovering the data, and otherwise, failing to recover the data.
25. The terminal device according to claim 22, wherein when the application data obtained by the first decryption sub-module includes a user name and a user password, the second authentication sub-module is specifically configured to send the user name and the password to a corresponding server according to a preset server address, authenticate the user name and the password by the corresponding server, determine whether a notification of successful authentication returned by the server is received, if so, recover the data successfully, and otherwise, recover the data unsuccessfully.
26. The terminal device of claim 25, wherein the application data obtained by the first decryption sub-module further comprises one or more of a company address, a company website, a contact phone, a mailbox address, and a contact.
27. The terminal device according to any one of claims 16, 23, 25, 26, wherein the recovery module further comprises a display sub-module;
and the display submodule is used for displaying the application program data obtained by the decryption of the first decryption submodule.
28. The terminal device according to claim 16, wherein the recovery module further comprises a third obtaining sub-module, a saving sub-module, and a third verifying sub-module;
the storage submodule is used for storing the root certificate of the second certificate;
the third obtaining submodule is configured to obtain a root certificate of the second certificate stored by the storing submodule;
the third verification sub-module is configured to verify the second certificate by using the root certificate acquired by the third acquisition sub-module, and trigger the first verification sub-module when the verification is passed.
29. The terminal device according to claim 28, wherein the second certificate acquired by the third acquisition sub-module includes second signature data obtained by signing content in the second certificate using a third private key in a root certificate of the second certificate;
the third verification submodule is specifically configured to decrypt the second signature data by using a third public key in the root certificate acquired by the third acquisition submodule to obtain third decrypted data; and calculating the content in the second certificate acquired by the second acquisition submodule according to a fifth preset algorithm to obtain a third calculation result, judging whether the third decrypted data is consistent with the third calculation result, if so, passing the verification, and otherwise, failing to pass the verification.
30. The terminal device of claim 16, wherein the save module further comprises a second encryption submodule and the restore module further comprises a second decryption submodule;
the second encryption submodule is used for encrypting the application program data according to a third preset algorithm to generate first encrypted application program data;
the application program data added by the adding submodule into the storage object in the secure storage area is specifically the first encrypted application program data;
the first decryption submodule is specifically configured to decrypt the encrypted application program data read by the second reading submodule by using a decryption algorithm corresponding to the preset encryption type set by the setting submodule, so as to obtain the first encrypted application program data;
and the second decryption submodule is used for decrypting the first encrypted application program obtained by decrypting the first decryption submodule according to a fourth preset algorithm to obtain the application program data.
CN201710931615.XA 2017-10-09 2017-10-09 Method for storing and recovering application program data and terminal equipment Active CN107678886B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710931615.XA CN107678886B (en) 2017-10-09 2017-10-09 Method for storing and recovering application program data and terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710931615.XA CN107678886B (en) 2017-10-09 2017-10-09 Method for storing and recovering application program data and terminal equipment

Publications (2)

Publication Number Publication Date
CN107678886A CN107678886A (en) 2018-02-09
CN107678886B true CN107678886B (en) 2020-02-21

Family

ID=61139724

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710931615.XA Active CN107678886B (en) 2017-10-09 2017-10-09 Method for storing and recovering application program data and terminal equipment

Country Status (1)

Country Link
CN (1) CN107678886B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109189406A (en) * 2018-07-27 2019-01-11 努比亚技术有限公司 A kind of application management method, terminal and computer readable storage medium
CN109819018B (en) * 2018-12-29 2021-06-08 飞天诚信科技股份有限公司 Method and device for realizing hot updating of executable file of smart card
CN111221985B (en) * 2019-11-14 2024-04-12 网易(杭州)网络有限公司 Data processing method and device based on operating system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104123199A (en) * 2014-07-03 2014-10-29 可牛网络技术(北京)有限公司 Method and device for recovering application program and mobile terminal
CN105721162A (en) * 2016-01-30 2016-06-29 飞天诚信科技股份有限公司 Method and device for automatically importing digital certificate to application program
CN107066346A (en) * 2016-09-27 2017-08-18 阿里巴巴集团控股有限公司 A kind of data back up method, data reconstruction method and device
CN107168699A (en) * 2017-04-28 2017-09-15 北京五八信息技术有限公司 application program repairing method and terminal device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8566640B2 (en) * 2010-07-19 2013-10-22 Veeam Software Ag Systems, methods, and computer program products for instant recovery of image level backups

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104123199A (en) * 2014-07-03 2014-10-29 可牛网络技术(北京)有限公司 Method and device for recovering application program and mobile terminal
CN105721162A (en) * 2016-01-30 2016-06-29 飞天诚信科技股份有限公司 Method and device for automatically importing digital certificate to application program
CN107066346A (en) * 2016-09-27 2017-08-18 阿里巴巴集团控股有限公司 A kind of data back up method, data reconstruction method and device
CN107168699A (en) * 2017-04-28 2017-09-15 北京五八信息技术有限公司 application program repairing method and terminal device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种深度备份应用程序和数据的方法;闫海忠;《电脑编程技巧与维护》;20161016(第18期);第56-58、68页 *

Also Published As

Publication number Publication date
CN107678886A (en) 2018-02-09

Similar Documents

Publication Publication Date Title
US10979231B2 (en) Cross-chain authentication method, system, server, and computer-readable storage medium
EP3343831B1 (en) Identity authentication method and apparatus
CN106612180B (en) Method and device for realizing session identification synchronization
CN106452764B (en) Method for automatically updating identification private key and password system
CN107612889B (en) Method for preventing user information leakage
CN107678886B (en) Method for storing and recovering application program data and terminal equipment
US11394543B2 (en) System and method for secure sensitive data storage and recovery
CN106878009B (en) Key updating method and system
CN111625829A (en) Application activation method and device based on trusted execution environment
WO2018184447A1 (en) Blockchain-based digital certificate deletion method, device and system, and storage medium
CN102946392A (en) URL (Uniform Resource Locator) data encrypted transmission method and system
CN111130798B (en) Request authentication method and related equipment
WO2020035009A1 (en) Authentication system and working method therefor
US20100241865A1 (en) One-Time Password System Capable of Defending Against Phishing Attacks
CN111814132B (en) Security authentication method and device, security authentication chip and storage medium
CN103825724A (en) Identification type password system and method for updating and recovering private key automatically
CN114257376B (en) Digital certificate updating method, device, computer equipment and storage medium
JP2017531951A (en) Method, device, terminal and server for security check
CN112579125A (en) Firmware upgrading method and device, electronic equipment and storage medium
CN115348107A (en) Internet of things equipment secure login method and device, computer equipment and storage medium
CN107437996B (en) Identity authentication method, device and terminal
CN108234126B (en) System and method for remote account opening
CN110287725B (en) Equipment, authority control method thereof and computer readable storage medium
EP3756332B1 (en) Automated account recovery using trusted devices
CN116647413B (en) Application login method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant