CN107743063A - Data processing method and device - Google Patents

Data processing method and device Download PDF

Info

Publication number
CN107743063A
CN107743063A CN201711043857.1A CN201711043857A CN107743063A CN 107743063 A CN107743063 A CN 107743063A CN 201711043857 A CN201711043857 A CN 201711043857A CN 107743063 A CN107743063 A CN 107743063A
Authority
CN
China
Prior art keywords
key
data
encryption
random number
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711043857.1A
Other languages
Chinese (zh)
Inventor
李明浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Mobile Software Co Ltd
Original Assignee
Beijing Xiaomi Mobile Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Mobile Software Co Ltd filed Critical Beijing Xiaomi Mobile Software Co Ltd
Priority to CN201711043857.1A priority Critical patent/CN107743063A/en
Publication of CN107743063A publication Critical patent/CN107743063A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords

Abstract

The disclosure is directed to a kind of data processing method and device, methods described is used for terminal, including:When detecting that an application writes the first data to specified database, the first key for encrypting first data is generated;It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and second data are stored in into the specified database;First key is encrypted, the first key after encryption is the second key, and second key is preserved to designated storage area.Therefore, the disclosure can avoid terminal opened after highest authority caused by leaking data, so as to improve the security of data in database.

Description

Data processing method and device
Technical field
This disclosure relates to communication technical field, more particularly to a kind of data processing method and device.
Background technology
With the continuous development of the communication technology, the application of smart mobile phone is also more and more extensive.At present, many smart mobile phones Significant data, such as:Short message, telephone number etc., all it is to be stored in customer data base in clear text manner.But when intelligent hand Machine is once opened highest authority (root), then the security of customer data base can also reduce, and easily cause leaking data.
The content of the invention
To overcome problem present in correlation technique, the embodiment of the present disclosure provides a kind of data processing method and device.
According to the first aspect of the embodiment of the present disclosure, there is provided a kind of data processing method, methods described are used for terminal, bag Include:
When detecting that an application writes the first data to specified database, generate for encrypt first data the One key;
It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and Second data are stored in the specified database;
First key is encrypted, the first key after encryption is the second key, and second key is protected Deposit to designated storage area.
Alternatively, first key generated for encrypting first data, including:
User cipher corresponding to the application and key random number are determined, the key random number is key management service What KMS was provided;
Utilize the first key described in the user cipher and the key generating random number.
Alternatively, it is described to be encrypted using the first data described in first secret key pair, including:
It is determined that the first AES for encrypting first data;
First data are encrypted using first key and first AES.
Alternatively, it is described that first key is encrypted;
It is determined that the second AES for encrypting first key;
First key is entered using the user cipher and the key random number and second AES Row encryption.
Alternatively, methods described also includes:
When detecting that the application needs to read second data from the specified database, from the specified storage Read second key in region;
Second key is decrypted, obtains first key;
It is decrypted using the second data described in first secret key pair, obtains first data, and by described first Data are sent to the application.
Alternatively, it is described that second key is decrypted, including:
User cipher corresponding to the application and key random number are determined, the key random number is that KMS is provided;
It is determined that the first decipherment algorithm for decrypting second key, first decipherment algorithm and the described second encryption Algorithm is corresponding;
Second key is entered using the user cipher and the key random number and first decipherment algorithm Row decryption.
Alternatively, it is described to be decrypted using the second data described in first secret key pair, including:
It is determined that the second decipherment algorithm for decrypting second data, second decipherment algorithm and the described first encryption Algorithm is corresponding;
Calculate and second data are decrypted using first key and second decryption.
According to the second aspect of the embodiment of the present disclosure, there is provided a kind of data processing equipment, described device are used for terminal, bag Include:
Key generation module, it is configured as, when detecting that an application writes the first data to database, generating for adding First key of close first data;
First encrypting module, be configured to, with first secret key pair described in the first data be encrypted, after encryption First data are the second data, and second data are stored in into the specified database;
Second encrypting module, it is configured as that first key is encrypted, the first key after encryption is second secret Key, and second key is preserved to designated storage area.
Alternatively, the key generation module includes:
First determination sub-module, user cipher corresponding to the application and key random number are configured to determine that, it is described secret Key random number is that key management service KMS is provided;
First generation submodule, it is secret to be configured to, with described in the user cipher and the key generating random number first Key.
Alternatively, first encrypting module includes:
Second determination sub-module, it is configured to determine that the first AES for encrypting first data;
First encryption submodule, is configured to, with first key and first AES and is counted to described first According to being encrypted;
First preserves submodule, and the first data being configured as after encryption are the second data, and second data are deposited Enter the specified database.
Alternatively, second encrypting module includes:
3rd determination sub-module, it is configured to determine that the second AES for encrypting first key;
Second encryption submodule, is configured to, with the user cipher and the key random number and described second First key is encrypted AES;
First preserves submodule, and the first data being configured as after encryption are the second data, and second data are deposited Enter the specified database.
Alternatively, described device also includes:
Key read module, it is configured as detecting the application needs from specified database reading described second During data, second key is read from the designated storage area;
First deciphering module, it is configured as that second key is decrypted, obtains first key;
Second deciphering module, be configured to, with first secret key pair described in the second data be decrypted, obtain described First data, and first data are sent to the application.
Alternatively, first deciphering module includes:
4th determination sub-module, user cipher corresponding to the application and key random number are configured to determine that, it is described secret Key random number is that KMS is provided;
5th determination sub-module, is configured to determine that the first decipherment algorithm for decrypting second key, described One decipherment algorithm is corresponding with second AES;
First decryption submodule, is configured to, with the user cipher and the key random number and described first Second key is decrypted decipherment algorithm.
Alternatively, second deciphering module includes:
6th determination sub-module, is configured to determine that the second decipherment algorithm for decrypting second data, described Two decipherment algorithms are corresponding with first AES;
Second decryption submodule, is configured to, with first key and second decryption is calculated to second data It is decrypted, obtains first data;
Sending submodule, it is configured as sending first data to the application.
According to the third aspect of the embodiment of the present disclosure, there is provided a kind of data processing equipment, described device are used for terminal, bag Include:
Processor;
For storing the memory of processor-executable instruction;
Wherein, the processor is configured as:
When detecting that an application writes the first data to specified database, generate for encrypt first data the One key;
It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and Second data are stored in the specified database;
First key is encrypted, the first key after encryption is the second key, and second key is protected Deposit to designated storage area.
The technical scheme provided by this disclosed embodiment can include the following benefits:
Terminal can be generated for encrypting when detecting that an application writes the first data to specified database in the disclosure First key of the first data, then it is encrypted using first the first data of secret key pair, the first data after encryption are second Data, and the second data are stored in specified database, finally the first key is encrypted, the first key after encryption is second Key, and the second key is preserved to designated storage area, so terminal can be avoided to be opened caused by after highest authority Leaking data, so as to improve the security of data in database.
Terminal can also utilize user cipher and the key of key generating random number first, first so generated in the disclosure Key is not easy to be cracked, and improves the security of the first key.
Terminal can also utilize the first key and the first AES that the first data are encrypted in the disclosure, so raw Into the first data be not easy to be cracked, improve the security of the first data.
Terminal can not also directly save the first key for encrypted primary data in the disclosure, but utilize User cipher and key random number and the second AES are encrypted, then preserve the second key obtained after encryption, so as to Improve the security of key.
Terminal can deposit when detecting that an application needs to read the second data from specified database from specifying in the disclosure The second key is read in storage area domain, and the second key is decrypted, obtains the first key, is carried out using first the second data of secret key pair Decryption, obtains the first data, and the first data are sent to application, it is achieved thereby that reading data from specified database, improves The reliability of data processing.
Terminal can also utilize user cipher and key random number and the first decipherment algorithm to the second key in the disclosure It is decrypted, obtains the first key, so as to improves the degree of accuracy for obtaining key.
Terminal can also utilize the first key and the second decryption to calculate and the second data are decrypted in the disclosure, obtain first Data, so as to improve the degree of accuracy of data processing.
It should be appreciated that the general description and following detailed description of the above are only exemplary and explanatory, not The disclosure can be limited.
Brief description of the drawings
Accompanying drawing herein is merged in specification and forms the part of this specification, shows the implementation for meeting the present invention Example, and for explaining principle of the invention together with specification.
Fig. 1 is a kind of flow chart of data processing method of the disclosure according to an exemplary embodiment;
Fig. 2A is an a kind of application scenario diagram of data processing method of the disclosure according to an exemplary embodiment;
Fig. 2 B are a kind of another application scene graph of data processing method of the disclosure according to an exemplary embodiment;
Fig. 2 C are a kind of another application scene graph of data processing method of the disclosure according to an exemplary embodiment;
Fig. 3 is the flow chart of another data processing method of the disclosure according to an exemplary embodiment;
Fig. 4 is the flow chart of another data processing method of the disclosure according to an exemplary embodiment;
Fig. 5 is the flow chart of another data processing method of the disclosure according to an exemplary embodiment;
Fig. 6 is the flow chart of another data processing method of the disclosure according to an exemplary embodiment;
Fig. 7 is the flow chart of another data processing method of the disclosure according to an exemplary embodiment;
Fig. 8 is the flow chart of another data processing method of the disclosure according to an exemplary embodiment;
Fig. 9 is a kind of block diagram of data processing equipment of the disclosure according to an exemplary embodiment;
Figure 10 is the block diagram of another data processing equipment of the disclosure according to an exemplary embodiment;
Figure 11 is the block diagram of another data processing equipment of the disclosure according to an exemplary embodiment;
Figure 12 is the block diagram of another data processing equipment of the disclosure according to an exemplary embodiment;
Figure 13 is the block diagram of another data processing equipment of the disclosure according to an exemplary embodiment;
Figure 14 is the block diagram of another data processing equipment of the disclosure according to an exemplary embodiment;
Figure 15 is the block diagram of another data processing equipment of the disclosure according to an exemplary embodiment;
Figure 16 is a kind of structural representation suitable for data processing equipment of the disclosure according to an exemplary embodiment Figure.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the disclosure.On the contrary, they be only with it is such as appended The example of the consistent apparatus and method of some aspects be described in detail in claims, the disclosure.
It is only merely for the purpose of description specific embodiment in the term that the disclosure uses, and is not intended to be limiting the disclosure. " one kind " of singulative used in disclosure and the accompanying claims book, " described " and "the" are also intended to including majority Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wrapped Containing the associated list items purpose of one or more, any or all may be combined.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the disclosure A little information should not necessarily be limited by these terms.These terms are only used for same type of information being distinguished from each other out.For example, do not departing from In the case of disclosure scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on linguistic context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determining ".
Fig. 1 is a kind of flow chart of data processing method of the disclosure according to an exemplary embodiment, and Fig. 2A is root According to a kind of scene graph of data processing method shown in an exemplary embodiment;The data processing method can be applied in terminal, Such as:It is mounted with smart mobile phone of android system or class Unix system etc..As shown in figure 1, the data processing method includes writing The processing procedure of data, specifically includes following steps:
In step 110, when detecting that an application writes the first data to specified database, generate for encrypting first First key of data.
In the embodiment of the present disclosure, specified database can be the customer data base on smart mobile phone, and the database is used for Preserve the data Jing Guo encryption.
In the step 120, it is encrypted using first the first data of secret key pair, the first data after encryption are the second number According to, and the second data are stored in specified database.
In step 130, the first key is encrypted, the first key after encryption is the second key, and secret by second Key is preserved to designated storage area.
In the embodiment of the present disclosure, designated storage area can be in specified database;Can not also in specified database, But an individual region, i.e., only it is used for preserving the region of key.
In an exemplary scene, as shown in Figure 2 A, including user, the smart mobile phone as terminal.When user needs newly When building contact person, the user can first click on this application of contact person, as shown in Figure 2 B, then be inputted in contact person interface newly-built It is people's information, is not to be directly stored in specified database after terminal receives newly-built associated person information as shown in Figure 2 C, but it is raw Into the first key for encrypting newly-built associated person information, then added using the newly-built associated person information of the first secret key pair It is close, then the newly-built associated person information of encryption is stored in specified database;The first key can be also encrypted simultaneously, and will encryption Key afterwards is preserved to designated storage area.
As seen from the above-described embodiment, when detecting that an application writes the first data to specified database, generate for adding First key of close first data, then it is encrypted using first the first data of secret key pair, the first data after encryption are the Two data, and the second data are stored in specified database, finally the first key is encrypted, the first key after encryption is the Two keys, and the second key is preserved to designated storage area, it can so avoid terminal from being caused after being opened highest authority Leaking data, so as to improve the security of data in database.
In one embodiment, in above-mentioned steps 110, when generation is used for the first key of encrypted primary data, can adopt With but be not limited to implementations below, as shown in Figure 3:
In the step 310, user cipher corresponding to the application and key random number are determined, the key random number is KMS (Key Management Service, key management service) provides.
In the embodiment of the present disclosure, user cipher can be corresponding with terminal user, i.e. the corresponding use of a terminal user Family password;Can also be corresponding with application, i.e., the corresponding user cipher of one application, the user cipher can be user first Secondary to log in the password inputted during the application, user cipher can be with identical or different corresponding to different applications.
Key random number can be corresponding with terminal user, i.e. the corresponding key random number of a terminal user;Also may be used With corresponding with application, i.e., the corresponding key random number of one application, the key random number can be that user logs in for the first time The password inputted during the application, user cipher can be with identical or different corresponding to different applications.
In step 320, user cipher and the key of key generating random number first are utilized.
In the embodiment of the present disclosure, have much using user cipher and key generating random number the first key method, such as:It is logical The TZ (Trust Zone, safely can be with performing environment) provided on smart mobile phone is provided and generates the first key, and the disclosure is not made to have The method limitation of body.
As seen from the above-described embodiment, using user cipher and the key of key generating random number first, first so generated Key is not easy to be cracked, and improves the security of the first key.
In one embodiment, in above-mentioned steps 120, when being encrypted using first the first data of secret key pair, can adopt With but be not limited to implementations below, as shown in Figure 4:
In step 410, it is determined that the first AES for encrypted primary data.
In the embodiment of the present disclosure, the first AES has a lot, such as:AES(Advanced Encryption Standard, Advanced Encryption Standard) AES or DES (Data Encryption Standard, data encryption standards) plus Close algorithm, and the disclosure does not make specific algorithm limitation.
At step 420, the first data are encrypted using the first key and the first AES.
As seen from the above-described embodiment, the first data are encrypted using the first key and the first AES, it is so raw Into the first data be not easy to be cracked, improve the security of the first data.
In one embodiment, in above-mentioned steps 130, when the first key is encrypted, can use but be not limited to Lower implementation, as shown in Figure 5:
In step 510, it is determined that for encrypt the first key the second AES.
In the embodiment of the present disclosure, the second AES has a lot, can be with identical with the first AES, can also be different.
In step 520, the first key is added using user cipher and key random number and the second AES It is close.
In the embodiment of the present disclosure, user cipher can be corresponding with terminal user;Can also be corresponding with application.Similarly, Key random number can be corresponding with terminal user;Can also be corresponding with application.
As seen from the above-described embodiment, it is not directly to save the first key for encrypted primary data, but it is sharp It is encrypted with user cipher and key random number and the second AES, then preserves the second key obtained after encryption, from And improve the security of key.
In one embodiment, the data processing method also includes the processing procedure for reading data, specifically includes following steps, such as Shown in Fig. 6:
In step 610, when detecting that an application needs to read the second data from specified database, from designated storage area Read the second key in domain.
In step 620, the second key is decrypted, obtains the first key.
In act 630, it is decrypted using first the second data of secret key pair, obtains the first data, and by the first data Send to application.
As seen from the above-described embodiment, when detecting that an application needs to read the second data from specified database, Ke Yicong Designated storage area reads the second key, and the second key is decrypted, obtains the first key, is counted using the first secret key pair second According to being decrypted, the first data are obtained, and the first data are sent to application, it is achieved thereby that the reading from specified database According to improving the reliability of data processing.
In one embodiment, in above-mentioned steps 620, when the second key is decrypted, can use but be not limited to Lower implementation, as shown in Figure 7:
In step 720, it is determined that user cipher and key random number corresponding to application, the key random number are that KMS is provided 's.
In step 720, it is determined that for decrypt the second key the first decipherment algorithm, first decipherment algorithm with second add Close algorithm is corresponding.
In the embodiment of the present disclosure, first decipherment algorithm is identical with the type of the second AES.Such as:Second encryption is calculated Method is AES encryption algorithm, then the first decipherment algorithm is AES decipherment algorithms.
In step 730, the second key is solved using user cipher and key random number and the first decipherment algorithm It is close.
As seen from the above-described embodiment, using user cipher and key random number and the first decipherment algorithm to the second key It is decrypted, obtains the first key, so as to improves the degree of accuracy for obtaining key.
In one embodiment, in above-mentioned steps 630, when being decrypted using first the second data of secret key pair, can adopt With but be not limited to implementations below, as shown in Figure 8:
In step 810, it is determined that for decrypt the second data the second decipherment algorithm, second decipherment algorithm with first add Close algorithm is corresponding.
In the embodiment of the present disclosure, second decipherment algorithm is identical with the type of the first AES.Such as:First encryption is calculated Method is AES encryption algorithm, then the second decipherment algorithm is AES decipherment algorithms.
In step 820, calculate and the second data are decrypted using the first key and the second decryption.
As seen from the above-described embodiment, calculate and the second data are decrypted using the first key and the second decryption, obtain first Data, so as to improve the degree of accuracy of data processing.
Corresponding with aforementioned data processing method embodiment, the disclosure additionally provides the embodiment of data processing equipment.
As shown in figure 9, Fig. 9 is a kind of block diagram of data processing equipment of the disclosure according to an exemplary embodiment, Described device can be applied in terminal, such as:Smart mobile phone of android system or class Unix system etc. is mounted with, and is used for The data processing method shown in Fig. 1 is performed, described device can include:
Key generation module 91, it is configured as, when detecting that an application writes the first data to database, generating and being used for Encrypt the first key of first data;
First encrypting module 92, be configured to, with first secret key pair described in the first data be encrypted, after encryption The first data be the second data, and second data are stored in the specified database;
Second encrypting module 93, it is configured as that first key is encrypted, the first key after encryption is second Key, and second key is preserved to designated storage area.
As seen from the above-described embodiment, when detecting that an application writes the first data to specified database, generate for adding First key of close first data, then it is encrypted using first the first data of secret key pair, the first data after encryption are the Two data, and the second data are stored in specified database, finally the first key is encrypted, the first key after encryption is the Two keys, and the second key is preserved to designated storage area, it can so avoid terminal from being caused after being opened highest authority Leaking data, so as to improve the security of data in database.
As shown in Figure 10, Figure 10 is the frame of another data processing equipment of the disclosure according to an exemplary embodiment Figure, on the basis of foregoing embodiment illustrated in fig. 9, the key generation module 91 can include the embodiment:
First determination sub-module 101, user cipher corresponding to the application and key random number are configured to determine that, it is described Key random number is that KMS is provided;
First generation submodule 102, it is configured to, with described in the user cipher and the key generating random number the One key.
As seen from the above-described embodiment, using user cipher and the key of key generating random number first, first so generated Key is not easy to be cracked, and improves the security of the first key.
As shown in figure 11, Figure 11 is the frame of another data processing equipment of the disclosure according to an exemplary embodiment Figure, on the basis of earlier figures 9 or embodiment illustrated in fig. 10, first encrypting module 92 can include the embodiment:
Second determination sub-module 111, it is configured to determine that the first AES for encrypting first data;
First encryption submodule 112, is configured to, with first key and first AES to described the One data are encrypted;
First preserves submodule 113, and the first data being configured as after encryption are the second data, and by second data It is stored in the specified database.
As seen from the above-described embodiment, the first data are encrypted using using the first key and the first AES, this First data of sample generation are not easy to be cracked, and improve the security of the first data.
As shown in figure 12, Figure 12 is the frame of another data processing equipment of the disclosure according to an exemplary embodiment Figure, on the basis of foregoing embodiment illustrated in fig. 10, second encrypting module 93 can include the embodiment:
3rd determination sub-module 121, it is configured to determine that the second AES for encrypting first key;
Second encryption submodule 122, is configured to, with the user cipher and the key random number and described the First key is encrypted two AESs;
Second preserves submodule 123, and the first key being configured as after encryption is the second key, and by second key Preserve to designated storage area.
As seen from the above-described embodiment, it is not directly to save the first key for encrypted primary data, but it is sharp It is encrypted with user cipher and key random number and the second AES, then preserves the second key obtained after encryption, from And improve the security of key.
As shown in figure 13, Figure 13 is the frame of another data processing equipment of the disclosure according to an exemplary embodiment Figure, on the basis of foregoing embodiment illustrated in fig. 9, described device can also include the embodiment:
Key read module 131, it is configured as detecting the application needs from described in specified database reading During the second data, second key is read from the designated storage area;
First deciphering module 132, it is configured as that second key is decrypted, obtains first key;
Second deciphering module 133, be configured to, with first secret key pair described in the second data be decrypted, obtain institute The first data are stated, and first data are sent to the application.
As seen from the above-described embodiment, when detecting that an application needs to read the second data from specified database, Ke Yicong Designated storage area reads the second key, and the second key is decrypted, obtains the first key, is counted using the first secret key pair second According to being decrypted, the first data are obtained, and the first data are sent to application, it is achieved thereby that the reading from specified database According to improving the reliability of data processing.
As shown in figure 14, Figure 14 is the frame of another data processing equipment of the disclosure according to an exemplary embodiment Figure, on the basis of foregoing embodiment illustrated in fig. 13, first deciphering module 132 can include the embodiment:
4th determination sub-module 141, user cipher corresponding to the application and key random number are configured to determine that, it is described Key random number is that KMS is provided;
5th determination sub-module 142, the first decipherment algorithm for decrypting second key is configured to determine that, it is described First decipherment algorithm is corresponding with second AES;
First decryption submodule 143, is configured to, with the user cipher and the key random number and described the Second key is decrypted one decipherment algorithm.
As seen from the above-described embodiment, using user cipher and key random number and the first decipherment algorithm to the second key It is decrypted, obtains the first key, so as to improves the degree of accuracy for obtaining key.
As shown in figure 15, Figure 15 is the frame of another data processing equipment of the disclosure according to an exemplary embodiment Figure, on the basis of earlier figures 13 or embodiment illustrated in fig. 14, second deciphering module 133 can include the embodiment:
6th determination sub-module 151, the second decipherment algorithm for decrypting second data is configured to determine that, it is described Second decipherment algorithm is corresponding with first AES;
Second decryption submodule 152, is configured to, with first key and second decryption is calculated to described second Data are decrypted, and obtain first data;
Sending submodule 153, it is configured as sending first data to the application.
As seen from the above-described embodiment, calculate and the second data are decrypted using the first key and the second decryption, obtain first Data, so as to improve the degree of accuracy of data processing.
Corresponding with Fig. 9, the disclosure also provides another data processing equipment, and described device includes:
Processor;
For storing the memory of processor-executable instruction;
Wherein, the processor is configured as:
When detecting that an application writes the first data to specified database, generate for encrypt first data the One key;
It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and Second data are stored in the specified database;
First key is encrypted, the first key after encryption is the second key, and second key is protected Deposit to designated storage area.
The function of unit and the implementation process of effect specifically refer to and step are corresponded in the above method in said apparatus Implementation process, it will not be repeated here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part is real referring to method Apply the part explanation of example.Device embodiment described above is only schematical, wherein illustrating as separating component Unit can be or may not be physically separate, can be as the part that unit is shown or may not be Physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to the actual needs Some or all of module therein is selected to realize the purpose of disclosure scheme.Those of ordinary skill in the art are not paying wound In the case that the property made is worked, you can to understand and implement.
As shown in figure 16, Figure 16 is that the one kind of the disclosure according to an exemplary embodiment is applied to data processing 1600 Structural representation.For example, device 1600 can be the mobile phone for having routing function, computer, digital broadcast terminal, disappear Cease transceiver, game console, tablet device, Medical Devices, body-building equipment, personal digital assistant etc..
Reference picture 16, device 1600 can include following one or more assemblies:Processing component 1602, memory 1604, Power supply module 1606, multimedia groupware 1608, audio-frequency assembly 1610, the interface 1612 of input/output (I/O), sensor cluster 1614, and communication component 1616.
The integrated operation of the usual control device 1600 of processing component 1602, such as communicated with display, call, data, The operation that camera operation and record operation are associated.Processing component 1602 can include one or more processors 1620 to perform Instruction, to complete all or part of step of above-mentioned method.In addition, processing component 1602 can include one or more moulds Block, the interaction being easy between processing component 1602 and other assemblies.For example, processing component 1602 can include multi-media module, To facilitate the interaction between multimedia groupware 1608 and processing component 1602.
Memory 1604 is configured as storing various types of data to support the operation in device 1600.These data Example includes being used for the instruction of any application program or method operated on device 1600, contact data, telephone book data, Message, picture, video etc..Memory 1604 can by any kind of volatibility or non-volatile memory device or they Combination is realized, such as static RAM (SRAM), Electrically Erasable Read Only Memory (EEPROM), it is erasable can Program read-only memory (EPROM), programmable read only memory (PROM), read-only storage (ROM), magnetic memory, flash memory Reservoir, disk or CD.
Power supply module 1606 provides electric power for the various assemblies of device 1600.Power supply module 1606 can include power management System, one or more power supplys, and other components associated with generating, managing and distributing electric power for device 1600.
Multimedia groupware 1608 is included in the screen of one output interface of offer between described device 1600 and user. In some embodiments, screen can include liquid crystal display (LCD) and touch panel (TP).If screen includes touch panel, Screen may be implemented as touch-screen, to receive the input signal from user.Touch panel includes one or more touch and passed Sensor is with the gesture on sensing touch, slip and touch panel.The touch sensor can not only sensing touch or slip be dynamic The border of work, but also detect the duration and pressure related to the touch or slide.In certain embodiments, it is more Media component 1608 includes a front camera and/or rear camera.When device 1600 is in operator scheme, mould is such as shot When formula or video mode, front camera and/or rear camera can receive outside multi-medium data.Each preposition shooting Head and rear camera can be a fixed optical lens system or have focusing and optical zoom capabilities.
Audio-frequency assembly 1610 is configured as output and/or input audio signal.For example, audio-frequency assembly 1610 includes a wheat Gram wind (MIC), when device 1600 is in operator scheme, during such as call model, logging mode and speech recognition mode, microphone quilt It is configured to receive external audio signal.The audio signal received can be further stored in memory 1604 or via communication Component 1616 is sent.In certain embodiments, audio-frequency assembly 1610 also includes a loudspeaker, for exports audio signal.
I/O interfaces 1612 provide interface, above-mentioned peripheral interface module between processing component 1602 and peripheral interface module Can be keyboard, click wheel, button etc..These buttons may include but be not limited to:Home button, volume button, start button and Locking press button.
Sensor cluster 1614 includes one or more sensors, and the state for providing various aspects for device 1600 is commented Estimate.For example, sensor cluster 1614 can detect opening/closed mode of device 1600, the relative positioning of component, such as institute The display and keypad that component is device 1600 are stated, sensor cluster 1614 can be with detection means 1600 or device 1,600 1 The position of individual component changes, the existence or non-existence that user contacts with device 1600, the orientation of device 1600 or acceleration/deceleration and dress Put 1600 temperature change.Sensor cluster 1614 can include proximity transducer, be configured in no any physics The presence of object nearby is detected during contact.Sensor cluster 1614 can also include optical sensor, as CMOS or ccd image are sensed Device, for being used in imaging applications.In certain embodiments, the sensor cluster 1614 can also include acceleration sensing Device, gyro sensor, Magnetic Sensor, pressure sensor, microwave remote sensor or temperature sensor.
Communication component 1616 is configured to facilitate the communication of wired or wireless way between device 1600 and other equipment.Dress The wireless network based on communication standard, such as WiFi, 2G or 3G, or combinations thereof can be accessed by putting 1600.It is exemplary at one In embodiment, communication component 1616 receives broadcast singal or broadcast correlation from external broadcasting management system via broadcast channel Information.In one exemplary embodiment, the communication component 1616 also includes near-field communication (NFC) module, to promote short distance Communication.For example, radio frequency identification (RFID) technology, Infrared Data Association (IrDA) technology, ultra wide band can be based in NFC module (UWB) technology, bluetooth (BT) technology and other technologies are realized.
In the exemplary embodiment, device 1600 can be by one or more application specific integrated circuits (ASIC), numeral Signal processor (DSP), digital signal processing appts (DSPD), PLD (PLD), field programmable gate array (FPGA), controller, microcontroller, microprocessor or other electronic components are realized, for performing following methods:
When detecting that an application writes the first data to specified database, generate for encrypt first data the One key;
It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and Second data are stored in the specified database;
First key is encrypted, the first key after encryption is the second key, and second key is protected Deposit to designated storage area.
In the exemplary embodiment, a kind of non-transitorycomputer readable storage medium including instructing, example are additionally provided Such as include the memory 1604 of instruction, above-mentioned instruction can be performed to complete the above method by the processor 1620 of device 1600.Example Such as, the non-transitorycomputer readable storage medium can be ROM, it is random access memory (RAM), CD-ROM, tape, soft Disk and optical data storage devices etc..
Those skilled in the art will readily occur to the disclosure its after considering specification and putting into practice invention disclosed herein Its embodiment.The disclosure is intended to any modification, purposes or the adaptations of the disclosure, these modifications, purposes or Person's adaptations follow the general principle of the disclosure and including the undocumented common knowledges in the art of the disclosure Or conventional techniques.Description and embodiments are considered only as exemplary, and the true scope of the disclosure and spirit are by following Claim is pointed out.
It should be appreciated that the precision architecture that the disclosure is not limited to be described above and is shown in the drawings, and And various modifications and changes can be being carried out without departing from the scope.The scope of the present disclosure is only limited by appended claim.

Claims (15)

  1. A kind of 1. data processing method, it is characterised in that methods described is used for terminal, including:
    When detecting that an application writes the first data to specified database, generate first secret for encrypt first data Key;
    It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and by institute State the second data and be stored in the specified database;
    First key is encrypted, the first key after encryption is the second key, and by second key preserve to Designated storage area.
  2. 2. according to the method for claim 1, it is characterised in that it is described generate it is first secret for encrypt first data Key, including:
    User cipher corresponding to the application and key random number are determined, the key random number is that key management service KMS is carried Supply;
    Utilize the first key described in the user cipher and the key generating random number.
  3. 3. method according to claim 1 or 2, it is characterised in that described to utilize the first number described in first secret key pair According to being encrypted, including:
    It is determined that the first AES for encrypting first data;
    First data are encrypted using first key and first AES.
  4. 4. according to the method for claim 2, it is characterised in that described that first key is encrypted;
    It is determined that the second AES for encrypting first key;
    First key is added using the user cipher and the key random number and second AES It is close.
  5. 5. according to the method for claim 1, it is characterised in that methods described also includes:
    When detecting that the application needs to read second data from the specified database, from the designated storage area Read second key;
    Second key is decrypted, obtains first key;
    It is decrypted using the second data described in first secret key pair, obtains first data, and by first data Send to the application.
  6. 6. according to the method for claim 5, it is characterised in that it is described that second key is decrypted, including:
    User cipher corresponding to the application and key random number are determined, the key random number is that KMS is provided;
    It is determined that the first decipherment algorithm for decrypting second key, first decipherment algorithm and second AES It is corresponding;
    Second key is solved using the user cipher and the key random number and first decipherment algorithm It is close.
  7. 7. the method according to claim 5 or 6, it is characterised in that described to utilize the second number described in first secret key pair According to being decrypted, including:
    It is determined that the second decipherment algorithm for decrypting second data, second decipherment algorithm and first AES It is corresponding;
    Calculate and second data are decrypted using first key and second decryption.
  8. A kind of 8. data processing equipment, it is characterised in that described device is used for terminal, including:
    Key generation module, it is configured as, when detecting that an application writes the first data to database, generating for encrypting institute State the first key of the first data;
    First encrypting module, be configured to, with first secret key pair described in the first data be encrypted, first after encryption Data are the second data, and second data are stored in into the specified database;
    Second encrypting module, it is configured as that first key is encrypted, the first key after encryption is the second key, and Second key is preserved to designated storage area.
  9. 9. device according to claim 8, it is characterised in that the key generation module includes:
    First determination sub-module, is configured to determine that user cipher corresponding to the application and key random number, the key with Machine number is that key management service KMS is provided;
    First generation submodule, is configured to, with the first key described in the user cipher and the key generating random number.
  10. 10. device according to claim 8 or claim 9, it is characterised in that first encrypting module includes:
    Second determination sub-module, it is configured to determine that the first AES for encrypting first data;
    First encryption submodule, is configured to, with first key and first AES enters to first data Row encryption;
    First preserves submodule, and the first data being configured as after encryption are the second data, and second data are stored in into institute State specified database.
  11. 11. device according to claim 9, it is characterised in that second encrypting module includes:
    3rd determination sub-module, it is configured to determine that the second AES for encrypting first key;
    Second encryption submodule, it is configured to, with the user cipher and the key random number and second encryption First key is encrypted algorithm;
    Second preserve submodule, be configured as encryption after the first key be the second key, and by second key preserve to Designated storage area.
  12. 12. device according to claim 8, it is characterised in that described device also includes:
    Key read module, it is configured as detecting the application needs from specified database reading second data When, read second key from the designated storage area;
    First deciphering module, it is configured as that second key is decrypted, obtains first key;
    Second deciphering module, be configured to, with first secret key pair described in the second data be decrypted, obtain described first Data, and first data are sent to the application.
  13. 13. device according to claim 12, it is characterised in that first deciphering module includes:
    4th determination sub-module, is configured to determine that user cipher corresponding to the application and key random number, the key with Machine number is that KMS is provided;
    5th determination sub-module, it is configured to determine that the first decipherment algorithm for decrypting second key, first solution Close algorithm is corresponding with second AES;
    First decryption submodule, it is configured to, with the user cipher and the key random number and first decryption Second key is decrypted algorithm.
  14. 14. the device according to claim 12 or 13, it is characterised in that second deciphering module includes:
    6th determination sub-module, it is configured to determine that the second decipherment algorithm for decrypting second data, second solution Close algorithm is corresponding with first AES;
    Second decryption submodule, is configured to, with first key and second decryption is calculated and second data are carried out Decryption, obtains first data;
    Sending submodule, it is configured as sending first data to the application.
  15. A kind of 15. data processing equipment, it is characterised in that described device is used for terminal, including:
    Processor;
    For storing the memory of processor-executable instruction;
    Wherein, the processor is configured as:
    When detecting that an application writes the first data to specified database, generate first secret for encrypt first data Key;
    It is encrypted using the first data described in first secret key pair, the first data after encryption are the second data, and by institute State the second data and be stored in the specified database;
    First key is encrypted, the first key after encryption is the second key, and by second key preserve to Designated storage area.
CN201711043857.1A 2017-10-31 2017-10-31 Data processing method and device Pending CN107743063A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711043857.1A CN107743063A (en) 2017-10-31 2017-10-31 Data processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711043857.1A CN107743063A (en) 2017-10-31 2017-10-31 Data processing method and device

Publications (1)

Publication Number Publication Date
CN107743063A true CN107743063A (en) 2018-02-27

Family

ID=61233518

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711043857.1A Pending CN107743063A (en) 2017-10-31 2017-10-31 Data processing method and device

Country Status (1)

Country Link
CN (1) CN107743063A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110417543A (en) * 2018-04-27 2019-11-05 腾讯科技(深圳)有限公司 A kind of data ciphering method, device and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2496525A1 (en) * 2001-08-24 2003-03-06 First Genetic Trust, Inc. Methods for indexing and storing genetic data
US20040250073A1 (en) * 2003-06-03 2004-12-09 Cukier Johnas I. Protocol for hybrid authenticated key establishment
CN101772024A (en) * 2008-12-29 2010-07-07 中国移动通信集团公司 User identification method, device and system
CN105120452A (en) * 2015-06-30 2015-12-02 小米科技有限责任公司 Information transmission method, device and system
CN105302822A (en) * 2014-06-27 2016-02-03 中兴通讯股份有限公司 Method for reading and writing data in database and application response apparatus
CN106971119A (en) * 2017-02-24 2017-07-21 江苏信源久安信息科技有限公司 The key data in database safe read-write authentication method of trusted identity

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2496525A1 (en) * 2001-08-24 2003-03-06 First Genetic Trust, Inc. Methods for indexing and storing genetic data
US20040250073A1 (en) * 2003-06-03 2004-12-09 Cukier Johnas I. Protocol for hybrid authenticated key establishment
CN101772024A (en) * 2008-12-29 2010-07-07 中国移动通信集团公司 User identification method, device and system
CN105302822A (en) * 2014-06-27 2016-02-03 中兴通讯股份有限公司 Method for reading and writing data in database and application response apparatus
CN105120452A (en) * 2015-06-30 2015-12-02 小米科技有限责任公司 Information transmission method, device and system
CN106971119A (en) * 2017-02-24 2017-07-21 江苏信源久安信息科技有限公司 The key data in database safe read-write authentication method of trusted identity

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110417543A (en) * 2018-04-27 2019-11-05 腾讯科技(深圳)有限公司 A kind of data ciphering method, device and storage medium
CN110417543B (en) * 2018-04-27 2022-03-08 腾讯科技(深圳)有限公司 Data encryption method, device and storage medium

Similar Documents

Publication Publication Date Title
CN103916233B (en) A kind of information ciphering method and device
CN104219058B (en) Authentication, identification authorization method and device
CN103914634A (en) Image encryption method, image encryption device and electronic device
CN104486083A (en) Supervisory video processing method and device
WO2016045469A1 (en) Information encryption method and mobile terminal
CN103914541B (en) The method and device of information search
CN106453052A (en) Message interaction method and apparatus thereof
CN104093119B (en) unlocking method and device
CN104318177A (en) Protection method and protection device for data of terminal equipment
WO2020233218A1 (en) Information encryption method, information decryption method, and terminal
CN104331668A (en) Wrong password prompting method and device
CN106372517A (en) File encryption method, file decryption method, file encryption device and equipment
CN105893854B (en) Encryption and decryption method and device
CN107682538A (en) The display methods and device of application interface
CN106778225A (en) The method and apparatus for processing password
CN108022349A (en) Information input method, equipment, smart lock and storage medium
CN106127062A (en) unlocking method and device
CN107491681A (en) Finger print information processing method and processing device
CN104182697B (en) File encrypting method and device
CN106789070A (en) The decryption method of data, device and terminal
CN106060098A (en) Processing method, processing device and processing system for verification codes
CN108900553A (en) A kind of communication means, device and computer readable storage medium
CN106534551A (en) Information display method and apparatus
CN104331672A (en) Method and device for performing confidential treatment on pictures upon bracelet
CN106611112A (en) Application program safe processing method, device and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180227