CN107743063A - Data processing method and device - Google Patents
Data processing method and device Download PDFInfo
- Publication number
- CN107743063A CN107743063A CN201711043857.1A CN201711043857A CN107743063A CN 107743063 A CN107743063 A CN 107743063A CN 201711043857 A CN201711043857 A CN 201711043857A CN 107743063 A CN107743063 A CN 107743063A
- Authority
- CN
- China
- Prior art keywords
- key
- data
- encryption
- random number
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Abstract
The disclosure is directed to a kind of data processing method and device, methods described is used for terminal, including:When detecting that an application writes the first data to specified database, the first key for encrypting first data is generated;It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and second data are stored in into the specified database;First key is encrypted, the first key after encryption is the second key, and second key is preserved to designated storage area.Therefore, the disclosure can avoid terminal opened after highest authority caused by leaking data, so as to improve the security of data in database.
Description
Technical field
This disclosure relates to communication technical field, more particularly to a kind of data processing method and device.
Background technology
With the continuous development of the communication technology, the application of smart mobile phone is also more and more extensive.At present, many smart mobile phones
Significant data, such as:Short message, telephone number etc., all it is to be stored in customer data base in clear text manner.But when intelligent hand
Machine is once opened highest authority (root), then the security of customer data base can also reduce, and easily cause leaking data.
The content of the invention
To overcome problem present in correlation technique, the embodiment of the present disclosure provides a kind of data processing method and device.
According to the first aspect of the embodiment of the present disclosure, there is provided a kind of data processing method, methods described are used for terminal, bag
Include:
When detecting that an application writes the first data to specified database, generate for encrypt first data the
One key;
It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and
Second data are stored in the specified database;
First key is encrypted, the first key after encryption is the second key, and second key is protected
Deposit to designated storage area.
Alternatively, first key generated for encrypting first data, including:
User cipher corresponding to the application and key random number are determined, the key random number is key management service
What KMS was provided;
Utilize the first key described in the user cipher and the key generating random number.
Alternatively, it is described to be encrypted using the first data described in first secret key pair, including:
It is determined that the first AES for encrypting first data;
First data are encrypted using first key and first AES.
Alternatively, it is described that first key is encrypted;
It is determined that the second AES for encrypting first key;
First key is entered using the user cipher and the key random number and second AES
Row encryption.
Alternatively, methods described also includes:
When detecting that the application needs to read second data from the specified database, from the specified storage
Read second key in region;
Second key is decrypted, obtains first key;
It is decrypted using the second data described in first secret key pair, obtains first data, and by described first
Data are sent to the application.
Alternatively, it is described that second key is decrypted, including:
User cipher corresponding to the application and key random number are determined, the key random number is that KMS is provided;
It is determined that the first decipherment algorithm for decrypting second key, first decipherment algorithm and the described second encryption
Algorithm is corresponding;
Second key is entered using the user cipher and the key random number and first decipherment algorithm
Row decryption.
Alternatively, it is described to be decrypted using the second data described in first secret key pair, including:
It is determined that the second decipherment algorithm for decrypting second data, second decipherment algorithm and the described first encryption
Algorithm is corresponding;
Calculate and second data are decrypted using first key and second decryption.
According to the second aspect of the embodiment of the present disclosure, there is provided a kind of data processing equipment, described device are used for terminal, bag
Include:
Key generation module, it is configured as, when detecting that an application writes the first data to database, generating for adding
First key of close first data;
First encrypting module, be configured to, with first secret key pair described in the first data be encrypted, after encryption
First data are the second data, and second data are stored in into the specified database;
Second encrypting module, it is configured as that first key is encrypted, the first key after encryption is second secret
Key, and second key is preserved to designated storage area.
Alternatively, the key generation module includes:
First determination sub-module, user cipher corresponding to the application and key random number are configured to determine that, it is described secret
Key random number is that key management service KMS is provided;
First generation submodule, it is secret to be configured to, with described in the user cipher and the key generating random number first
Key.
Alternatively, first encrypting module includes:
Second determination sub-module, it is configured to determine that the first AES for encrypting first data;
First encryption submodule, is configured to, with first key and first AES and is counted to described first
According to being encrypted;
First preserves submodule, and the first data being configured as after encryption are the second data, and second data are deposited
Enter the specified database.
Alternatively, second encrypting module includes:
3rd determination sub-module, it is configured to determine that the second AES for encrypting first key;
Second encryption submodule, is configured to, with the user cipher and the key random number and described second
First key is encrypted AES;
First preserves submodule, and the first data being configured as after encryption are the second data, and second data are deposited
Enter the specified database.
Alternatively, described device also includes:
Key read module, it is configured as detecting the application needs from specified database reading described second
During data, second key is read from the designated storage area;
First deciphering module, it is configured as that second key is decrypted, obtains first key;
Second deciphering module, be configured to, with first secret key pair described in the second data be decrypted, obtain described
First data, and first data are sent to the application.
Alternatively, first deciphering module includes:
4th determination sub-module, user cipher corresponding to the application and key random number are configured to determine that, it is described secret
Key random number is that KMS is provided;
5th determination sub-module, is configured to determine that the first decipherment algorithm for decrypting second key, described
One decipherment algorithm is corresponding with second AES;
First decryption submodule, is configured to, with the user cipher and the key random number and described first
Second key is decrypted decipherment algorithm.
Alternatively, second deciphering module includes:
6th determination sub-module, is configured to determine that the second decipherment algorithm for decrypting second data, described
Two decipherment algorithms are corresponding with first AES;
Second decryption submodule, is configured to, with first key and second decryption is calculated to second data
It is decrypted, obtains first data;
Sending submodule, it is configured as sending first data to the application.
According to the third aspect of the embodiment of the present disclosure, there is provided a kind of data processing equipment, described device are used for terminal, bag
Include:
Processor;
For storing the memory of processor-executable instruction;
Wherein, the processor is configured as:
When detecting that an application writes the first data to specified database, generate for encrypt first data the
One key;
It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and
Second data are stored in the specified database;
First key is encrypted, the first key after encryption is the second key, and second key is protected
Deposit to designated storage area.
The technical scheme provided by this disclosed embodiment can include the following benefits:
Terminal can be generated for encrypting when detecting that an application writes the first data to specified database in the disclosure
First key of the first data, then it is encrypted using first the first data of secret key pair, the first data after encryption are second
Data, and the second data are stored in specified database, finally the first key is encrypted, the first key after encryption is second
Key, and the second key is preserved to designated storage area, so terminal can be avoided to be opened caused by after highest authority
Leaking data, so as to improve the security of data in database.
Terminal can also utilize user cipher and the key of key generating random number first, first so generated in the disclosure
Key is not easy to be cracked, and improves the security of the first key.
Terminal can also utilize the first key and the first AES that the first data are encrypted in the disclosure, so raw
Into the first data be not easy to be cracked, improve the security of the first data.
Terminal can not also directly save the first key for encrypted primary data in the disclosure, but utilize
User cipher and key random number and the second AES are encrypted, then preserve the second key obtained after encryption, so as to
Improve the security of key.
Terminal can deposit when detecting that an application needs to read the second data from specified database from specifying in the disclosure
The second key is read in storage area domain, and the second key is decrypted, obtains the first key, is carried out using first the second data of secret key pair
Decryption, obtains the first data, and the first data are sent to application, it is achieved thereby that reading data from specified database, improves
The reliability of data processing.
Terminal can also utilize user cipher and key random number and the first decipherment algorithm to the second key in the disclosure
It is decrypted, obtains the first key, so as to improves the degree of accuracy for obtaining key.
Terminal can also utilize the first key and the second decryption to calculate and the second data are decrypted in the disclosure, obtain first
Data, so as to improve the degree of accuracy of data processing.
It should be appreciated that the general description and following detailed description of the above are only exemplary and explanatory, not
The disclosure can be limited.
Brief description of the drawings
Accompanying drawing herein is merged in specification and forms the part of this specification, shows the implementation for meeting the present invention
Example, and for explaining principle of the invention together with specification.
Fig. 1 is a kind of flow chart of data processing method of the disclosure according to an exemplary embodiment;
Fig. 2A is an a kind of application scenario diagram of data processing method of the disclosure according to an exemplary embodiment;
Fig. 2 B are a kind of another application scene graph of data processing method of the disclosure according to an exemplary embodiment;
Fig. 2 C are a kind of another application scene graph of data processing method of the disclosure according to an exemplary embodiment;
Fig. 3 is the flow chart of another data processing method of the disclosure according to an exemplary embodiment;
Fig. 4 is the flow chart of another data processing method of the disclosure according to an exemplary embodiment;
Fig. 5 is the flow chart of another data processing method of the disclosure according to an exemplary embodiment;
Fig. 6 is the flow chart of another data processing method of the disclosure according to an exemplary embodiment;
Fig. 7 is the flow chart of another data processing method of the disclosure according to an exemplary embodiment;
Fig. 8 is the flow chart of another data processing method of the disclosure according to an exemplary embodiment;
Fig. 9 is a kind of block diagram of data processing equipment of the disclosure according to an exemplary embodiment;
Figure 10 is the block diagram of another data processing equipment of the disclosure according to an exemplary embodiment;
Figure 11 is the block diagram of another data processing equipment of the disclosure according to an exemplary embodiment;
Figure 12 is the block diagram of another data processing equipment of the disclosure according to an exemplary embodiment;
Figure 13 is the block diagram of another data processing equipment of the disclosure according to an exemplary embodiment;
Figure 14 is the block diagram of another data processing equipment of the disclosure according to an exemplary embodiment;
Figure 15 is the block diagram of another data processing equipment of the disclosure according to an exemplary embodiment;
Figure 16 is a kind of structural representation suitable for data processing equipment of the disclosure according to an exemplary embodiment
Figure.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the disclosure.On the contrary, they be only with it is such as appended
The example of the consistent apparatus and method of some aspects be described in detail in claims, the disclosure.
It is only merely for the purpose of description specific embodiment in the term that the disclosure uses, and is not intended to be limiting the disclosure.
" one kind " of singulative used in disclosure and the accompanying claims book, " described " and "the" are also intended to including majority
Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wrapped
Containing the associated list items purpose of one or more, any or all may be combined.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the disclosure
A little information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example, do not departing from
In the case of disclosure scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ...
When " or " in response to determining ".
Fig. 1 is a kind of flow chart of data processing method of the disclosure according to an exemplary embodiment, and Fig. 2A is root
According to a kind of scene graph of data processing method shown in an exemplary embodiment;The data processing method can be applied in terminal,
Such as:It is mounted with smart mobile phone of android system or class Unix system etc..As shown in figure 1, the data processing method includes writing
The processing procedure of data, specifically includes following steps:
In step 110, when detecting that an application writes the first data to specified database, generate for encrypting first
First key of data.
In the embodiment of the present disclosure, specified database can be the customer data base on smart mobile phone, and the database is used for
Preserve the data Jing Guo encryption.
In the step 120, it is encrypted using first the first data of secret key pair, the first data after encryption are the second number
According to, and the second data are stored in specified database.
In step 130, the first key is encrypted, the first key after encryption is the second key, and secret by second
Key is preserved to designated storage area.
In the embodiment of the present disclosure, designated storage area can be in specified database;Can not also in specified database,
But an individual region, i.e., only it is used for preserving the region of key.
In an exemplary scene, as shown in Figure 2 A, including user, the smart mobile phone as terminal.When user needs newly
When building contact person, the user can first click on this application of contact person, as shown in Figure 2 B, then be inputted in contact person interface newly-built
It is people's information, is not to be directly stored in specified database after terminal receives newly-built associated person information as shown in Figure 2 C, but it is raw
Into the first key for encrypting newly-built associated person information, then added using the newly-built associated person information of the first secret key pair
It is close, then the newly-built associated person information of encryption is stored in specified database;The first key can be also encrypted simultaneously, and will encryption
Key afterwards is preserved to designated storage area.
As seen from the above-described embodiment, when detecting that an application writes the first data to specified database, generate for adding
First key of close first data, then it is encrypted using first the first data of secret key pair, the first data after encryption are the
Two data, and the second data are stored in specified database, finally the first key is encrypted, the first key after encryption is the
Two keys, and the second key is preserved to designated storage area, it can so avoid terminal from being caused after being opened highest authority
Leaking data, so as to improve the security of data in database.
In one embodiment, in above-mentioned steps 110, when generation is used for the first key of encrypted primary data, can adopt
With but be not limited to implementations below, as shown in Figure 3:
In the step 310, user cipher corresponding to the application and key random number are determined, the key random number is KMS
(Key Management Service, key management service) provides.
In the embodiment of the present disclosure, user cipher can be corresponding with terminal user, i.e. the corresponding use of a terminal user
Family password;Can also be corresponding with application, i.e., the corresponding user cipher of one application, the user cipher can be user first
Secondary to log in the password inputted during the application, user cipher can be with identical or different corresponding to different applications.
Key random number can be corresponding with terminal user, i.e. the corresponding key random number of a terminal user;Also may be used
With corresponding with application, i.e., the corresponding key random number of one application, the key random number can be that user logs in for the first time
The password inputted during the application, user cipher can be with identical or different corresponding to different applications.
In step 320, user cipher and the key of key generating random number first are utilized.
In the embodiment of the present disclosure, have much using user cipher and key generating random number the first key method, such as:It is logical
The TZ (Trust Zone, safely can be with performing environment) provided on smart mobile phone is provided and generates the first key, and the disclosure is not made to have
The method limitation of body.
As seen from the above-described embodiment, using user cipher and the key of key generating random number first, first so generated
Key is not easy to be cracked, and improves the security of the first key.
In one embodiment, in above-mentioned steps 120, when being encrypted using first the first data of secret key pair, can adopt
With but be not limited to implementations below, as shown in Figure 4:
In step 410, it is determined that the first AES for encrypted primary data.
In the embodiment of the present disclosure, the first AES has a lot, such as:AES(Advanced Encryption
Standard, Advanced Encryption Standard) AES or DES (Data Encryption Standard, data encryption standards) plus
Close algorithm, and the disclosure does not make specific algorithm limitation.
At step 420, the first data are encrypted using the first key and the first AES.
As seen from the above-described embodiment, the first data are encrypted using the first key and the first AES, it is so raw
Into the first data be not easy to be cracked, improve the security of the first data.
In one embodiment, in above-mentioned steps 130, when the first key is encrypted, can use but be not limited to
Lower implementation, as shown in Figure 5:
In step 510, it is determined that for encrypt the first key the second AES.
In the embodiment of the present disclosure, the second AES has a lot, can be with identical with the first AES, can also be different.
In step 520, the first key is added using user cipher and key random number and the second AES
It is close.
In the embodiment of the present disclosure, user cipher can be corresponding with terminal user;Can also be corresponding with application.Similarly,
Key random number can be corresponding with terminal user;Can also be corresponding with application.
As seen from the above-described embodiment, it is not directly to save the first key for encrypted primary data, but it is sharp
It is encrypted with user cipher and key random number and the second AES, then preserves the second key obtained after encryption, from
And improve the security of key.
In one embodiment, the data processing method also includes the processing procedure for reading data, specifically includes following steps, such as
Shown in Fig. 6:
In step 610, when detecting that an application needs to read the second data from specified database, from designated storage area
Read the second key in domain.
In step 620, the second key is decrypted, obtains the first key.
In act 630, it is decrypted using first the second data of secret key pair, obtains the first data, and by the first data
Send to application.
As seen from the above-described embodiment, when detecting that an application needs to read the second data from specified database, Ke Yicong
Designated storage area reads the second key, and the second key is decrypted, obtains the first key, is counted using the first secret key pair second
According to being decrypted, the first data are obtained, and the first data are sent to application, it is achieved thereby that the reading from specified database
According to improving the reliability of data processing.
In one embodiment, in above-mentioned steps 620, when the second key is decrypted, can use but be not limited to
Lower implementation, as shown in Figure 7:
In step 720, it is determined that user cipher and key random number corresponding to application, the key random number are that KMS is provided
's.
In step 720, it is determined that for decrypt the second key the first decipherment algorithm, first decipherment algorithm with second add
Close algorithm is corresponding.
In the embodiment of the present disclosure, first decipherment algorithm is identical with the type of the second AES.Such as:Second encryption is calculated
Method is AES encryption algorithm, then the first decipherment algorithm is AES decipherment algorithms.
In step 730, the second key is solved using user cipher and key random number and the first decipherment algorithm
It is close.
As seen from the above-described embodiment, using user cipher and key random number and the first decipherment algorithm to the second key
It is decrypted, obtains the first key, so as to improves the degree of accuracy for obtaining key.
In one embodiment, in above-mentioned steps 630, when being decrypted using first the second data of secret key pair, can adopt
With but be not limited to implementations below, as shown in Figure 8:
In step 810, it is determined that for decrypt the second data the second decipherment algorithm, second decipherment algorithm with first add
Close algorithm is corresponding.
In the embodiment of the present disclosure, second decipherment algorithm is identical with the type of the first AES.Such as:First encryption is calculated
Method is AES encryption algorithm, then the second decipherment algorithm is AES decipherment algorithms.
In step 820, calculate and the second data are decrypted using the first key and the second decryption.
As seen from the above-described embodiment, calculate and the second data are decrypted using the first key and the second decryption, obtain first
Data, so as to improve the degree of accuracy of data processing.
Corresponding with aforementioned data processing method embodiment, the disclosure additionally provides the embodiment of data processing equipment.
As shown in figure 9, Fig. 9 is a kind of block diagram of data processing equipment of the disclosure according to an exemplary embodiment,
Described device can be applied in terminal, such as:Smart mobile phone of android system or class Unix system etc. is mounted with, and is used for
The data processing method shown in Fig. 1 is performed, described device can include:
Key generation module 91, it is configured as, when detecting that an application writes the first data to database, generating and being used for
Encrypt the first key of first data;
First encrypting module 92, be configured to, with first secret key pair described in the first data be encrypted, after encryption
The first data be the second data, and second data are stored in the specified database;
Second encrypting module 93, it is configured as that first key is encrypted, the first key after encryption is second
Key, and second key is preserved to designated storage area.
As seen from the above-described embodiment, when detecting that an application writes the first data to specified database, generate for adding
First key of close first data, then it is encrypted using first the first data of secret key pair, the first data after encryption are the
Two data, and the second data are stored in specified database, finally the first key is encrypted, the first key after encryption is the
Two keys, and the second key is preserved to designated storage area, it can so avoid terminal from being caused after being opened highest authority
Leaking data, so as to improve the security of data in database.
As shown in Figure 10, Figure 10 is the frame of another data processing equipment of the disclosure according to an exemplary embodiment
Figure, on the basis of foregoing embodiment illustrated in fig. 9, the key generation module 91 can include the embodiment:
First determination sub-module 101, user cipher corresponding to the application and key random number are configured to determine that, it is described
Key random number is that KMS is provided;
First generation submodule 102, it is configured to, with described in the user cipher and the key generating random number the
One key.
As seen from the above-described embodiment, using user cipher and the key of key generating random number first, first so generated
Key is not easy to be cracked, and improves the security of the first key.
As shown in figure 11, Figure 11 is the frame of another data processing equipment of the disclosure according to an exemplary embodiment
Figure, on the basis of earlier figures 9 or embodiment illustrated in fig. 10, first encrypting module 92 can include the embodiment:
Second determination sub-module 111, it is configured to determine that the first AES for encrypting first data;
First encryption submodule 112, is configured to, with first key and first AES to described the
One data are encrypted;
First preserves submodule 113, and the first data being configured as after encryption are the second data, and by second data
It is stored in the specified database.
As seen from the above-described embodiment, the first data are encrypted using using the first key and the first AES, this
First data of sample generation are not easy to be cracked, and improve the security of the first data.
As shown in figure 12, Figure 12 is the frame of another data processing equipment of the disclosure according to an exemplary embodiment
Figure, on the basis of foregoing embodiment illustrated in fig. 10, second encrypting module 93 can include the embodiment:
3rd determination sub-module 121, it is configured to determine that the second AES for encrypting first key;
Second encryption submodule 122, is configured to, with the user cipher and the key random number and described the
First key is encrypted two AESs;
Second preserves submodule 123, and the first key being configured as after encryption is the second key, and by second key
Preserve to designated storage area.
As seen from the above-described embodiment, it is not directly to save the first key for encrypted primary data, but it is sharp
It is encrypted with user cipher and key random number and the second AES, then preserves the second key obtained after encryption, from
And improve the security of key.
As shown in figure 13, Figure 13 is the frame of another data processing equipment of the disclosure according to an exemplary embodiment
Figure, on the basis of foregoing embodiment illustrated in fig. 9, described device can also include the embodiment:
Key read module 131, it is configured as detecting the application needs from described in specified database reading
During the second data, second key is read from the designated storage area;
First deciphering module 132, it is configured as that second key is decrypted, obtains first key;
Second deciphering module 133, be configured to, with first secret key pair described in the second data be decrypted, obtain institute
The first data are stated, and first data are sent to the application.
As seen from the above-described embodiment, when detecting that an application needs to read the second data from specified database, Ke Yicong
Designated storage area reads the second key, and the second key is decrypted, obtains the first key, is counted using the first secret key pair second
According to being decrypted, the first data are obtained, and the first data are sent to application, it is achieved thereby that the reading from specified database
According to improving the reliability of data processing.
As shown in figure 14, Figure 14 is the frame of another data processing equipment of the disclosure according to an exemplary embodiment
Figure, on the basis of foregoing embodiment illustrated in fig. 13, first deciphering module 132 can include the embodiment:
4th determination sub-module 141, user cipher corresponding to the application and key random number are configured to determine that, it is described
Key random number is that KMS is provided;
5th determination sub-module 142, the first decipherment algorithm for decrypting second key is configured to determine that, it is described
First decipherment algorithm is corresponding with second AES;
First decryption submodule 143, is configured to, with the user cipher and the key random number and described the
Second key is decrypted one decipherment algorithm.
As seen from the above-described embodiment, using user cipher and key random number and the first decipherment algorithm to the second key
It is decrypted, obtains the first key, so as to improves the degree of accuracy for obtaining key.
As shown in figure 15, Figure 15 is the frame of another data processing equipment of the disclosure according to an exemplary embodiment
Figure, on the basis of earlier figures 13 or embodiment illustrated in fig. 14, second deciphering module 133 can include the embodiment:
6th determination sub-module 151, the second decipherment algorithm for decrypting second data is configured to determine that, it is described
Second decipherment algorithm is corresponding with first AES;
Second decryption submodule 152, is configured to, with first key and second decryption is calculated to described second
Data are decrypted, and obtain first data;
Sending submodule 153, it is configured as sending first data to the application.
As seen from the above-described embodiment, calculate and the second data are decrypted using the first key and the second decryption, obtain first
Data, so as to improve the degree of accuracy of data processing.
Corresponding with Fig. 9, the disclosure also provides another data processing equipment, and described device includes:
Processor;
For storing the memory of processor-executable instruction;
Wherein, the processor is configured as:
When detecting that an application writes the first data to specified database, generate for encrypt first data the
One key;
It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and
Second data are stored in the specified database;
First key is encrypted, the first key after encryption is the second key, and second key is protected
Deposit to designated storage area.
The function of unit and the implementation process of effect specifically refer to and step are corresponded in the above method in said apparatus
Implementation process, it will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is real referring to method
Apply the part explanation of example.Device embodiment described above is only schematical, wherein illustrating as separating component
Unit can be or may not be physically separate, can be as the part that unit is shown or may not be
Physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to the actual needs
Some or all of module therein is selected to realize the purpose of disclosure scheme.Those of ordinary skill in the art are not paying wound
In the case that the property made is worked, you can to understand and implement.
As shown in figure 16, Figure 16 is that the one kind of the disclosure according to an exemplary embodiment is applied to data processing 1600
Structural representation.For example, device 1600 can be the mobile phone for having routing function, computer, digital broadcast terminal, disappear
Cease transceiver, game console, tablet device, Medical Devices, body-building equipment, personal digital assistant etc..
Reference picture 16, device 1600 can include following one or more assemblies:Processing component 1602, memory 1604,
Power supply module 1606, multimedia groupware 1608, audio-frequency assembly 1610, the interface 1612 of input/output (I/O), sensor cluster
1614, and communication component 1616.
The integrated operation of the usual control device 1600 of processing component 1602, such as communicated with display, call, data,
The operation that camera operation and record operation are associated.Processing component 1602 can include one or more processors 1620 to perform
Instruction, to complete all or part of step of above-mentioned method.In addition, processing component 1602 can include one or more moulds
Block, the interaction being easy between processing component 1602 and other assemblies.For example, processing component 1602 can include multi-media module,
To facilitate the interaction between multimedia groupware 1608 and processing component 1602.
Memory 1604 is configured as storing various types of data to support the operation in device 1600.These data
Example includes being used for the instruction of any application program or method operated on device 1600, contact data, telephone book data,
Message, picture, video etc..Memory 1604 can by any kind of volatibility or non-volatile memory device or they
Combination is realized, such as static RAM (SRAM), Electrically Erasable Read Only Memory (EEPROM), it is erasable can
Program read-only memory (EPROM), programmable read only memory (PROM), read-only storage (ROM), magnetic memory, flash memory
Reservoir, disk or CD.
Power supply module 1606 provides electric power for the various assemblies of device 1600.Power supply module 1606 can include power management
System, one or more power supplys, and other components associated with generating, managing and distributing electric power for device 1600.
Multimedia groupware 1608 is included in the screen of one output interface of offer between described device 1600 and user.
In some embodiments, screen can include liquid crystal display (LCD) and touch panel (TP).If screen includes touch panel,
Screen may be implemented as touch-screen, to receive the input signal from user.Touch panel includes one or more touch and passed
Sensor is with the gesture on sensing touch, slip and touch panel.The touch sensor can not only sensing touch or slip be dynamic
The border of work, but also detect the duration and pressure related to the touch or slide.In certain embodiments, it is more
Media component 1608 includes a front camera and/or rear camera.When device 1600 is in operator scheme, mould is such as shot
When formula or video mode, front camera and/or rear camera can receive outside multi-medium data.Each preposition shooting
Head and rear camera can be a fixed optical lens system or have focusing and optical zoom capabilities.
Audio-frequency assembly 1610 is configured as output and/or input audio signal.For example, audio-frequency assembly 1610 includes a wheat
Gram wind (MIC), when device 1600 is in operator scheme, during such as call model, logging mode and speech recognition mode, microphone quilt
It is configured to receive external audio signal.The audio signal received can be further stored in memory 1604 or via communication
Component 1616 is sent.In certain embodiments, audio-frequency assembly 1610 also includes a loudspeaker, for exports audio signal.
I/O interfaces 1612 provide interface, above-mentioned peripheral interface module between processing component 1602 and peripheral interface module
Can be keyboard, click wheel, button etc..These buttons may include but be not limited to:Home button, volume button, start button and
Locking press button.
Sensor cluster 1614 includes one or more sensors, and the state for providing various aspects for device 1600 is commented
Estimate.For example, sensor cluster 1614 can detect opening/closed mode of device 1600, the relative positioning of component, such as institute
The display and keypad that component is device 1600 are stated, sensor cluster 1614 can be with detection means 1600 or device 1,600 1
The position of individual component changes, the existence or non-existence that user contacts with device 1600, the orientation of device 1600 or acceleration/deceleration and dress
Put 1600 temperature change.Sensor cluster 1614 can include proximity transducer, be configured in no any physics
The presence of object nearby is detected during contact.Sensor cluster 1614 can also include optical sensor, as CMOS or ccd image are sensed
Device, for being used in imaging applications.In certain embodiments, the sensor cluster 1614 can also include acceleration sensing
Device, gyro sensor, Magnetic Sensor, pressure sensor, microwave remote sensor or temperature sensor.
Communication component 1616 is configured to facilitate the communication of wired or wireless way between device 1600 and other equipment.Dress
The wireless network based on communication standard, such as WiFi, 2G or 3G, or combinations thereof can be accessed by putting 1600.It is exemplary at one
In embodiment, communication component 1616 receives broadcast singal or broadcast correlation from external broadcasting management system via broadcast channel
Information.In one exemplary embodiment, the communication component 1616 also includes near-field communication (NFC) module, to promote short distance
Communication.For example, radio frequency identification (RFID) technology, Infrared Data Association (IrDA) technology, ultra wide band can be based in NFC module
(UWB) technology, bluetooth (BT) technology and other technologies are realized.
In the exemplary embodiment, device 1600 can be by one or more application specific integrated circuits (ASIC), numeral
Signal processor (DSP), digital signal processing appts (DSPD), PLD (PLD), field programmable gate array
(FPGA), controller, microcontroller, microprocessor or other electronic components are realized, for performing following methods:
When detecting that an application writes the first data to specified database, generate for encrypt first data the
One key;
It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and
Second data are stored in the specified database;
First key is encrypted, the first key after encryption is the second key, and second key is protected
Deposit to designated storage area.
In the exemplary embodiment, a kind of non-transitorycomputer readable storage medium including instructing, example are additionally provided
Such as include the memory 1604 of instruction, above-mentioned instruction can be performed to complete the above method by the processor 1620 of device 1600.Example
Such as, the non-transitorycomputer readable storage medium can be ROM, it is random access memory (RAM), CD-ROM, tape, soft
Disk and optical data storage devices etc..
Those skilled in the art will readily occur to the disclosure its after considering specification and putting into practice invention disclosed herein
Its embodiment.The disclosure is intended to any modification, purposes or the adaptations of the disclosure, these modifications, purposes or
Person's adaptations follow the general principle of the disclosure and including the undocumented common knowledges in the art of the disclosure
Or conventional techniques.Description and embodiments are considered only as exemplary, and the true scope of the disclosure and spirit are by following
Claim is pointed out.
It should be appreciated that the precision architecture that the disclosure is not limited to be described above and is shown in the drawings, and
And various modifications and changes can be being carried out without departing from the scope.The scope of the present disclosure is only limited by appended claim.
Claims (15)
- A kind of 1. data processing method, it is characterised in that methods described is used for terminal, including:When detecting that an application writes the first data to specified database, generate first secret for encrypt first data Key;It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and by institute State the second data and be stored in the specified database;First key is encrypted, the first key after encryption is the second key, and by second key preserve to Designated storage area.
- 2. according to the method for claim 1, it is characterised in that it is described generate it is first secret for encrypt first data Key, including:User cipher corresponding to the application and key random number are determined, the key random number is that key management service KMS is carried Supply;Utilize the first key described in the user cipher and the key generating random number.
- 3. method according to claim 1 or 2, it is characterised in that described to utilize the first number described in first secret key pair According to being encrypted, including:It is determined that the first AES for encrypting first data;First data are encrypted using first key and first AES.
- 4. according to the method for claim 2, it is characterised in that described that first key is encrypted;It is determined that the second AES for encrypting first key;First key is added using the user cipher and the key random number and second AES It is close.
- 5. according to the method for claim 1, it is characterised in that methods described also includes:When detecting that the application needs to read second data from the specified database, from the designated storage area Read second key;Second key is decrypted, obtains first key;It is decrypted using the second data described in first secret key pair, obtains first data, and by first data Send to the application.
- 6. according to the method for claim 5, it is characterised in that it is described that second key is decrypted, including:User cipher corresponding to the application and key random number are determined, the key random number is that KMS is provided;It is determined that the first decipherment algorithm for decrypting second key, first decipherment algorithm and second AES It is corresponding;Second key is solved using the user cipher and the key random number and first decipherment algorithm It is close.
- 7. the method according to claim 5 or 6, it is characterised in that described to utilize the second number described in first secret key pair According to being decrypted, including:It is determined that the second decipherment algorithm for decrypting second data, second decipherment algorithm and first AES It is corresponding;Calculate and second data are decrypted using first key and second decryption.
- A kind of 8. data processing equipment, it is characterised in that described device is used for terminal, including:Key generation module, it is configured as, when detecting that an application writes the first data to database, generating for encrypting institute State the first key of the first data;First encrypting module, be configured to, with first secret key pair described in the first data be encrypted, first after encryption Data are the second data, and second data are stored in into the specified database;Second encrypting module, it is configured as that first key is encrypted, the first key after encryption is the second key, and Second key is preserved to designated storage area.
- 9. device according to claim 8, it is characterised in that the key generation module includes:First determination sub-module, is configured to determine that user cipher corresponding to the application and key random number, the key with Machine number is that key management service KMS is provided;First generation submodule, is configured to, with the first key described in the user cipher and the key generating random number.
- 10. device according to claim 8 or claim 9, it is characterised in that first encrypting module includes:Second determination sub-module, it is configured to determine that the first AES for encrypting first data;First encryption submodule, is configured to, with first key and first AES enters to first data Row encryption;First preserves submodule, and the first data being configured as after encryption are the second data, and second data are stored in into institute State specified database.
- 11. device according to claim 9, it is characterised in that second encrypting module includes:3rd determination sub-module, it is configured to determine that the second AES for encrypting first key;Second encryption submodule, it is configured to, with the user cipher and the key random number and second encryption First key is encrypted algorithm;Second preserve submodule, be configured as encryption after the first key be the second key, and by second key preserve to Designated storage area.
- 12. device according to claim 8, it is characterised in that described device also includes:Key read module, it is configured as detecting the application needs from specified database reading second data When, read second key from the designated storage area;First deciphering module, it is configured as that second key is decrypted, obtains first key;Second deciphering module, be configured to, with first secret key pair described in the second data be decrypted, obtain described first Data, and first data are sent to the application.
- 13. device according to claim 12, it is characterised in that first deciphering module includes:4th determination sub-module, is configured to determine that user cipher corresponding to the application and key random number, the key with Machine number is that KMS is provided;5th determination sub-module, it is configured to determine that the first decipherment algorithm for decrypting second key, first solution Close algorithm is corresponding with second AES;First decryption submodule, it is configured to, with the user cipher and the key random number and first decryption Second key is decrypted algorithm.
- 14. the device according to claim 12 or 13, it is characterised in that second deciphering module includes:6th determination sub-module, it is configured to determine that the second decipherment algorithm for decrypting second data, second solution Close algorithm is corresponding with first AES;Second decryption submodule, is configured to, with first key and second decryption is calculated and second data are carried out Decryption, obtains first data;Sending submodule, it is configured as sending first data to the application.
- A kind of 15. data processing equipment, it is characterised in that described device is used for terminal, including:Processor;For storing the memory of processor-executable instruction;Wherein, the processor is configured as:When detecting that an application writes the first data to specified database, generate first secret for encrypt first data Key;It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and by institute State the second data and be stored in the specified database;First key is encrypted, the first key after encryption is the second key, and by second key preserve to Designated storage area.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711043857.1A CN107743063A (en) | 2017-10-31 | 2017-10-31 | Data processing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711043857.1A CN107743063A (en) | 2017-10-31 | 2017-10-31 | Data processing method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107743063A true CN107743063A (en) | 2018-02-27 |
Family
ID=61233518
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711043857.1A Pending CN107743063A (en) | 2017-10-31 | 2017-10-31 | Data processing method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107743063A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110417543A (en) * | 2018-04-27 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of data ciphering method, device and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2496525A1 (en) * | 2001-08-24 | 2003-03-06 | First Genetic Trust, Inc. | Methods for indexing and storing genetic data |
US20040250073A1 (en) * | 2003-06-03 | 2004-12-09 | Cukier Johnas I. | Protocol for hybrid authenticated key establishment |
CN101772024A (en) * | 2008-12-29 | 2010-07-07 | 中国移动通信集团公司 | User identification method, device and system |
CN105120452A (en) * | 2015-06-30 | 2015-12-02 | 小米科技有限责任公司 | Information transmission method, device and system |
CN105302822A (en) * | 2014-06-27 | 2016-02-03 | 中兴通讯股份有限公司 | Method for reading and writing data in database and application response apparatus |
CN106971119A (en) * | 2017-02-24 | 2017-07-21 | 江苏信源久安信息科技有限公司 | The key data in database safe read-write authentication method of trusted identity |
-
2017
- 2017-10-31 CN CN201711043857.1A patent/CN107743063A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2496525A1 (en) * | 2001-08-24 | 2003-03-06 | First Genetic Trust, Inc. | Methods for indexing and storing genetic data |
US20040250073A1 (en) * | 2003-06-03 | 2004-12-09 | Cukier Johnas I. | Protocol for hybrid authenticated key establishment |
CN101772024A (en) * | 2008-12-29 | 2010-07-07 | 中国移动通信集团公司 | User identification method, device and system |
CN105302822A (en) * | 2014-06-27 | 2016-02-03 | 中兴通讯股份有限公司 | Method for reading and writing data in database and application response apparatus |
CN105120452A (en) * | 2015-06-30 | 2015-12-02 | 小米科技有限责任公司 | Information transmission method, device and system |
CN106971119A (en) * | 2017-02-24 | 2017-07-21 | 江苏信源久安信息科技有限公司 | The key data in database safe read-write authentication method of trusted identity |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110417543A (en) * | 2018-04-27 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of data ciphering method, device and storage medium |
CN110417543B (en) * | 2018-04-27 | 2022-03-08 | 腾讯科技(深圳)有限公司 | Data encryption method, device and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103916233B (en) | A kind of information ciphering method and device | |
CN104219058B (en) | Authentication, identification authorization method and device | |
CN103914634A (en) | Image encryption method, image encryption device and electronic device | |
CN104486083A (en) | Supervisory video processing method and device | |
WO2016045469A1 (en) | Information encryption method and mobile terminal | |
CN103914541B (en) | The method and device of information search | |
CN106453052A (en) | Message interaction method and apparatus thereof | |
CN104093119B (en) | unlocking method and device | |
CN104318177A (en) | Protection method and protection device for data of terminal equipment | |
WO2020233218A1 (en) | Information encryption method, information decryption method, and terminal | |
CN104331668A (en) | Wrong password prompting method and device | |
CN106372517A (en) | File encryption method, file decryption method, file encryption device and equipment | |
CN105893854B (en) | Encryption and decryption method and device | |
CN107682538A (en) | The display methods and device of application interface | |
CN106778225A (en) | The method and apparatus for processing password | |
CN108022349A (en) | Information input method, equipment, smart lock and storage medium | |
CN106127062A (en) | unlocking method and device | |
CN107491681A (en) | Finger print information processing method and processing device | |
CN104182697B (en) | File encrypting method and device | |
CN106789070A (en) | The decryption method of data, device and terminal | |
CN106060098A (en) | Processing method, processing device and processing system for verification codes | |
CN108900553A (en) | A kind of communication means, device and computer readable storage medium | |
CN106534551A (en) | Information display method and apparatus | |
CN104331672A (en) | Method and device for performing confidential treatment on pictures upon bracelet | |
CN106611112A (en) | Application program safe processing method, device and equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180227 |