CN109558743A - Data guard method, device, computer equipment and the storage medium of mobile terminal - Google Patents

Data guard method, device, computer equipment and the storage medium of mobile terminal Download PDF

Info

Publication number
CN109558743A
CN109558743A CN201811422787.5A CN201811422787A CN109558743A CN 109558743 A CN109558743 A CN 109558743A CN 201811422787 A CN201811422787 A CN 201811422787A CN 109558743 A CN109558743 A CN 109558743A
Authority
CN
China
Prior art keywords
data
application program
protection module
safety protection
module
Prior art date
Application number
CN201811422787.5A
Other languages
Chinese (zh)
Inventor
黄士超
索智鑫
杨杰
王嘉延
王辉鹏
罗智慧
Original Assignee
广州供电局有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 广州供电局有限公司 filed Critical 广州供电局有限公司
Priority to CN201811422787.5A priority Critical patent/CN109558743A/en
Publication of CN109558743A publication Critical patent/CN109558743A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application

Abstract

The application provides data guard method, device, computer equipment and the storage medium of a kind of mobile terminal.The method includes starting application program, when starting application program, call data safety protection module, obtain the data of the application program, pass through the data safety protection module, the encryption policy to the data of the application program is obtained, the encryption policy is based on, the data of the application program is encrypted.It can be by when starting application program using this method; call data safety protection module; data in this way in application program pass through data safety protection module; the encryption policy of the data of application program is obtained by data safety protection module; based on the encryption policy; it can be realized and application Program Generating or received data are encrypted; to realize the data protection of mobile terminal; and; without designing encipheror by the corresponding third party developer of the application program, the data encryption of application program can be realized.

Description

Data guard method, device, computer equipment and the storage medium of mobile terminal

Technical field

The present invention relates to data protection technical field more particularly to a kind of data guard methods of mobile terminal, device, meter Calculate machine equipment and storage medium.

Background technique

It is more and more common by the way of mobile device office with the development of electronic equipment, and user would generally be to one A little vital documents are encrypted, to prevent important information from revealing.The mode of mobile terminal data protection is generally used at present and is added File or data is encrypted in secret skill art, to realize the purpose of data protection, in way of realization there are mainly two types of, one It is to cooperate to complete by independent encryption and decryption program, second is that the built-in encryption and decryption code in mobile applications, is realized to application Generate the encryption and decryption of data.When by the way of independent encryption and decryption program, data needs are encrypted at source file end, Then it is decrypted and is checked by the encryption and decryption program on mobile terminal, the data that mobile terminal itself generates cannot achieve automatically Change encipherment protection, when realizing automation encipherment protection, needs to be customized exploitation with mobile terminal device, obtain enough power Limit, current enterprise office realm and BYOD (Bring Your Own Device carries the equipment office of oneself) mode can not Adaptation.Encryption and decryption code is added in mobile process, so that program itself is had the mode of cryptographic capabilities, is suitable for having out in itself The enterprise of hair ability or individual, and it is mostly third party's exploitation that the application program for carrying out data protection is needed in current enterprise, respectively Realize that there are very big difficulty of implementation for encipherment protection.

Summary of the invention

Based on this, data guard method, device, computer equipment and the storage medium of a kind of mobile terminal are provided.

The data guard method for providing a kind of mobile terminal includes:

Start application program.

When starting application program, data safety protection module is called.

Obtain the data of the application program.

By the data safety protection module, the encryption policy to the data of the application program is obtained.

Based on the encryption policy, the data of the application program are encrypted.

It is described by the data safety protection module in one of the embodiments, it obtains to the application program The step of encryption policy of data includes:

Data safety guard process is called by the data safety protection module.

The encryption policy to the data of the application program is obtained by the data safety guard process.

The number obtained by the data safety guard process to the application program in one of the embodiments, According to encryption policy the step of include:

By the data safety guard process from network acquisition to the encryption policy of the data of the application program.

Described when start application program in one of the embodiments, the step of calling data safety protection module, wraps It includes:

When starting application program, the data safety protection module built in the application program is called.

The method of the data protection of the mobile terminal in one of the embodiments, further include:

Obtain the initial installation file of the application program.

Obtain the installation file of the data safety protection module.

Decompiling is carried out to the initial installation file, obtains decompiling file.

The recalls information of the data safety protection module is called in write-in in the decompiling file.

The installation file of the data safety protection module and the decompiling file are packaged and generate compiling installation text Part.

The application program is generated based on compiling installation file installation.

A kind of data protecting device of mobile terminal is provided, comprising:

Starting module, for starting application program.

Calling module, for calling data safety protection module when starting application program.

Data reception module, for obtaining the data of the application program.

Encryption policy obtains module, for obtaining the number to the application program by the data safety protection module According to encryption policy.

Encrypting module encrypts the data of the application program for being based on the encryption policy.

The encryption policy acquisition module includes: in one of the embodiments,

For calling data safety guard process by the data safety protection module, protected by the data safety Program obtains the encryption policy to the data of the application program.

The data protecting device of the mobile terminal in one of the embodiments, further include:

Initial installation file obtains module, for obtaining the initial installation file of the application program.

Installation file obtains module, for obtaining the installation file of the data safety protection module.

Decompilation module obtains decompiling file for carrying out decompiling to the initial installation file.

Writing module, the calling letter for the write-in calling data safety protection module in the decompiling file Breath.

Packetization module, for the installation file of the data safety protection module and the decompiling file to be packaged life At compiling installation file.

Module is installed, for generating the application program based on compiling installation file installation.

There is provided a kind of computer equipment, including memory, processor and storage can transport on a memory and on a processor Capable computer program, the processor perform the steps of when executing the computer program

Start application program.

When starting application program, data safety protection module is called.

Obtain the data of the application program.

By the data safety protection module, the encryption policy to the data of the application program is obtained.

Based on the encryption policy, the data of the application program are encrypted.

A kind of computer readable storage medium is provided, computer program is stored thereon with, the computer program is processed Device performs the steps of when executing

Start application program.

When starting application program, data safety protection module is called.

Obtain the data of the application program.

By the data safety protection module, the encryption policy to the data of the application program is obtained.

Based on the encryption policy, the data of the application program are encrypted.

The method of the data protection of above-mentioned mobile terminal, by when starting application program, calling data safety protection Module, the data in such application program are obtained by data safety protection module by data safety protection module and apply journey The encryption policy of the data of sequence is based on the encryption policy, can be realized and adds to application Program Generating or received data It is close, to realize the data protection of mobile terminal, also, without adding by the corresponding third party developer's design of the application program The data encryption of application program can be realized in close program.

Detailed description of the invention

Fig. 1 is the applied environment figure of the data protection of mobile terminal in one embodiment;

Fig. 2 is the flow diagram of the data guard method of one embodiment mobile terminal;

Fig. 3 is the flow diagram of the data guard method of mobile terminal in another embodiment;

Fig. 4 is the structural block diagram of the data guard method of mobile terminal in one embodiment;

Fig. 5 is the internal structure chart of computer equipment in one embodiment.

Specific embodiment

In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the present invention, not For limiting the present invention.

The data guard method of mobile terminal provided by the present application can be applied in application environment as shown in Figure 1.Its In, terminal 102 is communicated with server 104 by network by network.Terminal starts application program, and applies journey in starting When sequence, data safety protection module is called, terminal obtains the data of the application program, and server sends encryption plan to terminal Slightly, the data safety protection module of terminal is based on the encryption policy, encrypts to the data of the application program.Wherein, Terminal 102, which can be, but not limited to, to be various personal computers, laptop, smart phone, tablet computer and portable wears Equipment is worn, server 104 can be realized with the server cluster of the either multiple server compositions of independent server.

For example, a kind of method of the data protection of mobile terminal, comprising the following steps:

Start application program;When starting application program, data safety protection module is called;Obtain the application program Data;By the data safety protection module, the encryption policy to the data of the application program is obtained;Based on the encryption Strategy encrypts the data of the application program.

The method of the data protection of above-mentioned mobile terminal, by when starting application program, calling data safety protection Module, the data in such application program are obtained by data safety protection module by data safety protection module and apply journey The encryption policy of the data of sequence is based on the encryption policy, can be realized and adds to application Program Generating or received data It is close, to realize the data protection of mobile terminal, also, without adding by the corresponding third party developer's design of the application program The data encryption of application program can be realized in close program.

In one of the embodiments, referring to Fig. 2, providing a kind of method of the data protection of mobile terminal, including with Lower step:

Step 110, start application program.

It is worth mentioning, several application programs is installed in mobile terminal, application program is also referred to as application software or APP (Application), application program refers to the software write in electronic equipment for certain application purpose, passes through application program The Demand and service to user may be implemented.For example, user can also pass through communication class by office class application program office Application program carries out chat communication or transmits file, can also download file etc. by browser class application program.Specifically, In the present embodiment, start the wherein a application program in mobile terminal.Start application program, i.e. operation application program, into One step refers to the application program in the state of operation, wherein application program can be in front stage operation, and application program can also be Running background.

Step 120, when starting application program, data safety protection module is called.

Specifically, data safety protection module be one can by the engine of protecting data encryption, when starting application program, Call data safety protection module, that is, while starting application program, operation data safety protection module further passes through When application program launching is written, the recalls information of data safety protection module is called in write-in, may be implemented in starting application program When, data safety protection module is called, is worth mentioning, by calling data safety protection module when starting application program, So that application program and data safety protection module communicate, the data of application program pass through data safety protection module.

Step 130, the data of the application program are obtained.

Specifically, the data of application program refer to the data and/or file for receiving or generating in application program operational process, For example, communication class application program, data can be the chat record between user, be also possible to the text transmitted between user Shelves, in another example, browser class application program, data can be browsing trace, be also possible to some files downloaded on the net, again For example, drawing class application program, data can be the file that user is made by the application program.

Step 140, by the data safety protection module, the encryption policy to the data of the application program is obtained.

Specifically, the encryption policy refer to the data for encrypting the application program be required Encryption Algorithm and Encryption type, in one embodiment, the encryption policy using AES (Advanced Encryption Standard, it is advanced Encryption standard) Encryption Algorithm, In yet another embodiment, the encryption policy uses DES (Data Encryption Standard, data encryption standards) Encryption Algorithm, in another is implemented, the encryption policy uses DSA (Digital Signature Algorithm, Digital Signature Algorithm) Encryption Algorithm.It is worth mentioning, data safety protection module can pass through The encryption policy that server is sent is received to encrypt the data of application program, it can also be pre- according to data safety protection module If encryption policy data are encrypted, in one embodiment, user can according to self-demand select encryption plan Slightly.

Step 150, it is based on the encryption policy, the data of the application program are encrypted.

In this step, Encryption Algorithm and encryption type based on encryption policy encrypt the data of application program.By All pass through data safety protection module in the data of application program, in this way, allowing data safety protection module that will apply journey The data for receiving or generating in sequence encrypt, to realize the function of the data protection of mobile terminal.

The method of the data protection of above-mentioned mobile terminal, by when starting application program, calling data safety protection Module, the data in such application program are obtained by data safety protection module by data safety protection module and apply journey The encryption policy of the data of sequence is based on the encryption policy, can be realized and adds to application Program Generating or received data It is close, to realize the data protection of mobile terminal, also, without adding by the corresponding third party developer's design of the application program The data encryption of application program can be realized in close program.

It is described by the data safety protection module in one of the embodiments, for the ease of obtaining encryption policy, It obtains and includes: to the step of encryption policies of the data of the application program

Data safety guard process is called by the data safety protection module.

The encryption policy to the data of the application program is obtained by the data safety guard process.

Specifically, data safety guard process is a kind of APP that can be encrypted to the data of application program, pass through number Data safety guard process is called according to safety protection module, is obtained by the data safety guard process to the application program Data encryption policy, consequently facilitating obtain encryption policy.

In order to further be convenient for data safety guard process obtain application program data encryption policy, one wherein In embodiment, described the step of being obtained by the data safety guard process to the encryption policies of the data of the application program Include:

By the data safety guard process from network acquisition to the encryption policy of the data of the application program.

Specifically, network is information transmission, receives, shared virtual platform, refer to computer network, in one embodiment In, the network is internet, i.e., described to be obtained by the data safety guard process to the data of the application program The step of encryption policy includes: the data obtained from internet by the data safety guard process to the application program Encryption policy.In this way, data safety guard process obtains the encryption policy of application program by network, thus further convenient for number The encryption policy of the data of application program is obtained according to security protection program, and data safety guard process can be in real time according to network Newest encryption policy is obtained, to realize the function of synchronized update encryption policy.

It is described in one of the embodiments, for the ease of calling data safety protection module when starting application program When starting application program, call data safety protection module the step of include:

When starting application program, the data safety protection module built in the application program is called.

Specifically, the data safety protection module is set in the application program, the application program implants institute Data safety protection module is stated, by when starting application program, calling the data safety built in the application program anti- Module is protected, consequently facilitating calling data safety protection module when starting application program.

In order to obtain the application program, in wherein one implementation, referring to Fig. 3, the step of the starting application program Before rapid further include:

Step 210, the initial installation file of the application program is obtained.

It should be understood that the initial installation file of the application program, the i.e. original installation file of application program, are free from The installation file of data safety protection module.The initial installation file of the application program is obtained, can be downloaded and be obtained by network The initial installation file for obtaining the application program, can also be transmitted by data, obtain the initial installation text of the application program Part.In one embodiment, the application program is operated in Android system, and corresponding installation file is Android installation text Part.In one embodiment, the application program operates in Microsoft Windows System, and corresponding installation file is Microsoft's Window Installation file.In the present embodiment, the application program is used in Android system.

Step 220, the installation file of the data safety protection module is obtained.

The data safety protection module is called data safety protection engine DSE (data security engine).

Step 230, decompiling is carried out to the initial installation file, obtains decompiling file.

Specifically, the i.e. reversed compiling of decompiling, refers to that by the target program to application program, i.e. executable program carries out Conversed analysis, research process, to derive thinking used in corresponding application program, principle, structure, algorithm, processed The design elements such as journey and operation method, can derive source code in certain special cases.In one embodiment, Android is answered Decompiling is carried out with the installation file of program, i.e., the file of the DEX format in the installation file of Android application program is carried out anti- Compiling, specifically, DEX format makes the type for referring to executable file on Android platform.In one embodiment, in one embodiment In, it is described that decompiling is carried out to the initial installation file, obtain decompiling Files step, comprising: right by disassembler The initial installation file carries out decompiling, obtains decompiling file.

Step 240, the recalls information for calling the data safety protection module is written in the decompiling file.

Specifically, recalls information, which refers to, is starting the application program, the information of data safety protection module is called, that is, When starting the application program, while the information of log-on data safety protection module, in this way, in this way, in the decompiling text Write-in calls the recalls information of the data safety protection module so as to realize when running the application program in part, adjusts With the data safety protection module.In the present embodiment embodiment, the information of data safety protection module is written to decompiling In the smali file of file.

Step 250, the installation file of the data safety protection module and the decompiling file are packaged to generate and are compiled Translate installation file.

Data safety protection engine DSE is added in the present embodiment, in the file after decompiling in a manner of add-on assemble (data security engine), and the installation file of decompiling file and data safety protection module is packaged to generation jointly Compile installation file.

Packing refers to a series of files, and the single software release image that can be downloaded is fabricated to according to certain format The process of file, specific packing process are the prior art, and this will not be repeated here for the embodiment of the present invention.

Step 260, the application program is generated based on compiling installation file installation.

By obtaining decompiling file for the initial installation file progress decompiling of application program, in decompiling file, The recalls information of data safety protection module is called in write-in, and decompiling file is packaged, and is generated compiling installation file, is passed through The compiling installation file is installed, so that application program is obtained, in this way, can be realized by starting application program in starting institute When stating application program, the data safety protection module is called.

It is described in one of the embodiments, to prevent the data safety in order to enable applications to normal mounting The installation file and the decompiling file for protecting module are packaged after generation compiling installation file step, further include, will be described Compiling installation file is signed.

It should be understood that the compiling installation file is signed, i.e., the compiling installation file is subjected to digital label Name, specifically, the digital signature is equivalent to the identification code or digital certificate of application program, in one embodiment In, the application program operates in Android system, since Android system not will be installed the application program of not digital certificate, if answering Do not signed with program, then can not normal mounting, by the way that the compiling installation file is signed so that using Program being capable of normal mounting.

The compiling installation file is obtained for the ease of user, it is described to pacify the data in wherein one implementation The installation file of full protection module and the decompiling file are packaged after generation compiling installation file step, further include, will The compiling installation file is issued.

In one embodiment, the compiling installation file is issued, i.e., be published to the compiling installation file On network, in another embodiment, the compiling installation file is issued, i.e., the compiling file is uploaded to service In device, by issuing the compiling installation file, user can download the compiling installation file by network, thus The compiling installation file is obtained convenient for user.

It is anti-by the data safety described in one of the embodiments, in order to realize encryption policy synchronized update Before the step of protecting module, obtaining the encryption policy to the data of the application program, comprising:

By the data safety protection module, detect whether the encryption policy has update;

When the encryption policy, which exists, to be updated, the updated encryption policy to the data of the application program is obtained.

It should be understood that detecting whether the encryption policy has update, that is, detect whether new encryption policy, specifically , whether server issues new encryption policy, in this way, obtaining by the data safety protection module to application program Data encryption policy the step of before, detect whether the encryption policy has update, so as to make user run application When program, newest encryption policy is obtained, to realize the synchronized update of encryption policy, promotes user experience.

In order to preferably protect the data of mobile terminal, in one of the embodiments, described in starting application program When, call data safety protection module the step of before, further includes:

Whether the running environment for detecting the application program has exception.

When the application program running environment is deposited when abnormal, then stop the application program operation.

It should be understood that the running environment when application program is deposited when abnormal, it can refer to that application program is in infection wooden horse Or when virus, when can refer to that system locating for application program is in infection wooden horse or virus, it can also refer to the application of application program Environment is cracked, and the operation program of application program is easy to be tampered at this time, so that the data of application program are stolen, passes through Whether the running environment for detecting application program is normal, when the application program running environment is deposited when abnormal, stops the application Program operation, in this way can be to avoid the leakage of data, to preferably protect mobile terminal data.

For the data of further protection mobile terminal, the detection application in one of the embodiments, Whether the running environment of program is abnormal, when the application program running environment is deposited when abnormal, then stops the application program fortune Row step, comprising:

Whether the locating running environment for detecting the application program obtains system permission, when the operation of the application program When environment obtains system permission, then stop the application program operation.

Specifically, obtaining all administration authorities that system permission refers to the then available system of user, then user possesses Permission deletes or distorts application program, and the cipher round results of application program is caused to fail, and user possesses permission and deletes or usurp Change system file, system is caused to be damaged completely, can not be used again.It is worth mentioning, running environment locating for application program obtains When taking system permission, it is easy infection wooden horse or virus, causes the leaking data of application program, therefore, by detecting the application Whether the locating running environment of program obtains system permission, when the running environment of the application program obtains system permission, Stop the application program operation, can further protect the data of mobile terminal.

For the data of protection mobile terminal more further, answered described in the detection in one of the embodiments, It is whether abnormal with the running environment of program, when the application program running environment is deposited when abnormal, then stop the application program Operating procedure, comprising:

Detect whether the application program runs on simulator, when the application program is run on simulator, then Stop the application program operation.

Specifically, simulator, that is, simulation program, refer to through the function of software analog hardware processor and instruction system Program enables computer or other multimedia platforms to run the software on other platforms, then application program is on simulator Operation, is equivalent to and runs on third party software, then the data that the application program generates have the possibility of leakage, then passes through detection Whether the application program runs on simulator, when the application program is when simulator is run, then stops described using journey Sort run, can more further protection mobile terminal data.

It should be understood that although each step in the flow chart of Fig. 2 is successively shown according to the instruction of arrow, this A little steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly state otherwise herein, these steps It executes there is no the limitation of stringent sequence, these steps can execute in other order.Moreover, at least part in Fig. 2 Step may include that perhaps these sub-steps of multiple stages or stage are executed in synchronization to multiple sub-steps It completes, but can execute at different times, the execution sequence in these sub-steps or stage, which is also not necessarily, successively to be carried out, But it can be executed in turn or alternately at least part of the sub-step or stage of other steps or other steps.

In one of the embodiments, referring to Fig. 4, providing a kind of data protecting device 30 of mobile terminal, comprising:

Starting module 310, for starting application program.

Calling module 320, for calling data safety protection module when starting application program.

Data reception module 330, for obtaining the data of the application program.

Encryption policy obtains module 340, for obtaining to the application program by the data safety protection module The encryption policy of data.

Encrypting module 350 encrypts the data of the application program for being based on the encryption policy.

The encryption policy obtains module for passing through the data safety protection module tune in one of the embodiments, With data safety guard process, the encryption plan to the data of the application program is obtained by the data safety guard process Slightly.

In one of the embodiments, the encryption policy obtain module be used for by the data safety guard process from Network obtains the encryption policy to the data of the application program.

The calling module is used for when starting application program in one of the embodiments, calls the application program The built-in data safety protection module.

The data protecting device of the mobile terminal in one of the embodiments, further includes:

Initial installation file obtains module, for obtaining the initial installation file of the application program.

Installation file obtains module, for obtaining the installation file of the data safety protection module.

Decompilation module obtains decompiling file for carrying out decompiling to the initial installation file.

Writing module, the calling letter for the write-in calling data safety protection module in the decompiling file Breath.

Packetization module, for the installation file of the data safety protection module and the decompiling file to be packaged life At compiling installation file.

Module is installed, for generating the application program based on compiling installation file installation.

The data protecting device of the mobile terminal in one of the embodiments, further include: signature blocks, being used for will The compiling installation file is signed.

The data protecting device of the mobile terminal in one of the embodiments, further include: release module, being used for will The compiling installation file is issued.

The data protecting device of the mobile terminal in one of the embodiments, further include: first detection module is used Whether there is update in the detection encryption policy;When the encryption policy, which exists, to be updated, updated encryption policy is obtained.

The data protecting device of the mobile terminal in one of the embodiments, further include: the second detection module is used Whether there is exception in the running environment for detecting the application program;When the application program running environment is deposited when abnormal, then stop The only application program operation.

Second detection module is used to detect the locating operation ring of the application program in one of the embodiments, Whether border obtains system permission, when the running environment of the application program obtains system permission, then stops the application program Operation.

Whether second detection module is for detecting the application program in simulator in one of the embodiments, Operation then stops the application program operation when the application program is run on simulator.

The specific of data protecting device about mobile terminal limits the data that may refer to above for mobile terminal The restriction of guard method, details are not described herein.Modules in the data protecting device of above-mentioned mobile terminal can whole or portion Divide and is realized by software, hardware and combinations thereof.Above-mentioned each module can be embedded in the form of hardware or independently of computer equipment In processor in, can also be stored in a software form in the memory in computer equipment, in order to processor calling hold The corresponding operation of the above modules of row.

In one embodiment, a kind of computer equipment is provided, internal structure chart can be as shown in Figure 5.The calculating Machine equipment includes processor, memory, network interface, display screen and the input unit connected by system bus.Wherein, the meter The processor of machine equipment is calculated for providing calculating and control ability.The memory of the computer equipment includes that non-volatile memories are situated between Matter, built-in storage.The non-volatile memory medium is stored with operating system and computer program.The built-in storage is non-volatile The operation of operating system and computer program in storage medium provides environment.The network interface of the computer equipment be used for it is outer The terminal in portion passes through network connection communication.It is protected when the computer program is executed by processor with the data for realizing a kind of mobile terminal Maintaining method.The display screen of the computer equipment can be liquid crystal display or electric ink display screen, the computer equipment Input unit can be the touch layer covered on display screen, be also possible to the key being arranged on computer equipment shell, trace ball Or Trackpad, it can also be external keyboard, Trackpad or mouse etc..

It will be understood by those skilled in the art that structure shown in Fig. 5, only part relevant to application scheme is tied The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.

In one embodiment, a kind of computer equipment is provided, including memory, processor and storage are on a memory simultaneously The computer program that can be run on a processor, the processor perform the steps of when executing the computer program

Start application program.

When starting application program, data safety protection module is called.

Obtain the data of the application program.

By the data safety protection module, the encryption policy to the data of the application program is obtained.

Based on the encryption policy, the data of the application program are encrypted.

It also performs the steps of when processor executes computer program in one of the embodiments, through the data Safety protection module calls data safety guard process, is obtained by the data safety guard process to the application program The encryption policy of data.

It also performs the steps of when processor executes computer program in one of the embodiments, through the data Security protection program obtains the encryption policy to the data of the application program from network.

It is also performed the steps of when processor executes computer program in one of the embodiments, and calls the application The data safety protection module built in program.

It is also performed the steps of when processor executes computer program in one of the embodiments,

Obtain the initial installation file of the application program.

Obtain the installation file of the data safety protection module.

Decompiling is carried out to the initial installation file, obtains decompiling file.

The recalls information of the data safety protection module is called in write-in in the decompiling file.

The installation file of the data safety protection module and the decompiling file are packaged and generate compiling installation text Part.

The application program is generated based on compiling installation file installation.

It is also performed the steps of when processor executes computer program in one of the embodiments, and pacifies the compiling Dress file is signed.

It is also performed the steps of when processor executes computer program in one of the embodiments, and pacifies the compiling Dress file is issued.

It also performs the steps of when processor executes computer program in one of the embodiments, through the data Safety protection module;Detect whether the encryption policy has update;When the encryption policy, which exists, to be updated, acquisition is answered described With the updated encryption policy of the data of program.

The detection application is also performed the steps of when processor executes computer program in one of the embodiments, Whether the running environment of program has exception;When the application program running environment is deposited when abnormal, then stop the application program Operation.

The detection application is also performed the steps of when processor executes computer program in one of the embodiments, Whether the locating running environment of program obtains system permission, when the running environment of the application program obtains system permission, Then stop the application program operation.

The detection application is also performed the steps of when processor executes computer program in one of the embodiments, Whether program runs on simulator, when the application program is run on simulator, then stops the application program operation.

In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated Machine program performs the steps of when being executed by processor

Start application program.

When starting application program, data safety protection module is called.

Obtain the data of the application program.

By the data safety protection module, the encryption policy to the data of the application program is obtained.

Based on the encryption policy, the data of the application program are encrypted.

It also performs the steps of when computer program is executed by processor in one of the embodiments, through the number Data safety guard process is called according to safety protection module, is obtained by the data safety guard process to the application program Data encryption policy.

It also performs the steps of when computer program is executed by processor in one of the embodiments, through the number According to security protection program from network acquisition to the encryption policy of the data of the application program.

It also performs the steps of when computer program is executed by processor in one of the embodiments, and is answered described in calling With the data safety protection module built in program.

It is also performed the steps of when computer program is executed by processor in one of the embodiments,

Obtain the initial installation file of the application program.

Obtain the installation file of the data safety protection module.

Decompiling is carried out to the initial installation file, obtains decompiling file.

The recalls information of the data safety protection module is called in write-in in the decompiling file.

The installation file of the data safety protection module and the decompiling file are packaged and generate compiling installation text Part.

The application program is generated based on compiling installation file installation.

It is also performed the steps of when computer program is executed by processor in one of the embodiments, by the compiling Installation file is signed.

It is also performed the steps of when computer program is executed by processor in one of the embodiments, by the compiling Installation file is issued.

It also performs the steps of when computer program is executed by processor in one of the embodiments, through the number According to safety protection module;Detect whether the encryption policy has update;When the encryption policy, which exists, to be updated, obtain to described The updated encryption policy of the data of application program.

It also performs the steps of when computer program is executed by processor in one of the embodiments, and is answered described in detection Whether there is exception with the running environment of program;When the application program running environment is deposited when abnormal, then stop described using journey Sort run.

It also performs the steps of when computer program is executed by processor in one of the embodiments, and is answered described in detection Whether system permission is obtained with the locating running environment of program, when the running environment of the application program obtains system permission When, then stop the application program operation.

It also performs the steps of when computer program is executed by processor in one of the embodiments, and is answered described in detection Whether run on simulator with program, when the application program is run on simulator, then stops the application program fortune Row.

Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, To any reference of memory, storage, database or other media used in each embodiment provided herein, Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM (PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms, Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..

Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited In contradiction, all should be considered as described in this specification.

The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection of the invention Range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.

Claims (10)

1. a kind of data guard method of mobile terminal characterized by comprising
Start application program;
When starting application program, data safety protection module is called;
Obtain the data of the application program;
By the data safety protection module, the encryption policy to the data of the application program is obtained;
Based on the encryption policy, the data of the application program are encrypted.
2. the data guard method of mobile terminal according to claim 1, which is characterized in that described to be pacified by the data Full protection module, obtains and includes: to the step of encryption policies of the data of the application program
Data safety guard process is called by the data safety protection module;
The encryption policy to the data of the application program is obtained by the data safety guard process.
3. the data guard method of mobile terminal according to claim 2, which is characterized in that described to be pacified by the data Full protection program is obtained includes: to the step of encryption policies of the data of the application program
By the data safety guard process from network acquisition to the encryption policy of the data of the application program.
4. the data guard method of mobile terminal according to claim 1, which is characterized in that described in starting application program When, call data safety protection module the step of include:
When starting application program, the data safety protection module built in the application program is called.
5. according to claim 1 to the data guard method of mobile terminal described in 4 any one, which is characterized in that described to open Before the step of dynamic application program further include:
Obtain the initial installation file of the application program;
Obtain the installation file of the data safety protection module;
Decompiling is carried out to the initial installation file, obtains decompiling file;
The recalls information of the data safety protection module is called in write-in in the decompiling file;
The installation file of the data safety protection module and the decompiling file are packaged and generate compiling installation file;
The application program is generated based on compiling installation file installation.
6. a kind of data protecting device of mobile terminal characterized by comprising
Starting module, for starting application program;
Calling module, for calling data safety protection module when starting application program;
Data reception module, for obtaining the data of the application program;
Encryption policy obtains module, for obtaining to the data of the application program by the data safety protection module Encryption policy;
Encrypting module encrypts the data of the application program for being based on the encryption policy.
7. the data protecting device of mobile terminal according to claim 6, which is characterized in that the encryption policy obtains mould Block includes:
For calling data safety guard process by the data safety protection module, pass through the data safety guard process Obtain the encryption policy to the data of the application program.
8. the data protecting device of mobile terminal according to claim 6 or 7, which is characterized in that further include:
Initial installation file obtains module, for obtaining the initial installation file of the application program;
Installation file obtains module, for obtaining the installation file of the data safety protection module;
Decompilation module obtains decompiling file for carrying out decompiling to the initial installation file;
Writing module, the recalls information for the write-in calling data safety protection module in the decompiling file;
Packetization module is compiled for the installation file of the data safety protection module and the decompiling file to be packaged to generate Translate installation file;
Module is installed, for generating the application program based on compiling installation file installation.
9. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor Calculation machine program, which is characterized in that the processor realizes any one of claims 1 to 5 institute when executing the computer program The step of stating method.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program The step of method described in any one of claims 1 to 5 is realized when being executed by processor.
CN201811422787.5A 2018-11-27 2018-11-27 Data guard method, device, computer equipment and the storage medium of mobile terminal CN109558743A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811422787.5A CN109558743A (en) 2018-11-27 2018-11-27 Data guard method, device, computer equipment and the storage medium of mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811422787.5A CN109558743A (en) 2018-11-27 2018-11-27 Data guard method, device, computer equipment and the storage medium of mobile terminal

Publications (1)

Publication Number Publication Date
CN109558743A true CN109558743A (en) 2019-04-02

Family

ID=65867467

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811422787.5A CN109558743A (en) 2018-11-27 2018-11-27 Data guard method, device, computer equipment and the storage medium of mobile terminal

Country Status (1)

Country Link
CN (1) CN109558743A (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043323A (en) * 2007-03-13 2007-09-26 宁波大学 Information safety service method facing to wireless mobile terminal
CN102098295A (en) * 2010-12-28 2011-06-15 上海华御信息技术有限公司 Method for improving data security under SaaS application
US20130117579A1 (en) * 2011-11-08 2013-05-09 Samsung Electronics Co. Ltd. Apparatus and method of portable terminal for application data protection
CN103544046A (en) * 2013-10-25 2014-01-29 苏州通付盾信息技术有限公司 Mobile application software reinforcement method
CN104021321A (en) * 2014-06-17 2014-09-03 北京奇虎科技有限公司 Reinforcing protection method and device for software installation package
CN104392188A (en) * 2014-11-06 2015-03-04 三星电子(中国)研发中心 Security data storage method and system
CN106845256A (en) * 2017-01-24 2017-06-13 腾讯科技(深圳)有限公司 A kind of method and terminal of encryption and decryption data in the application
CN107153791A (en) * 2017-03-27 2017-09-12 联想(北京)有限公司 A kind of data presentation method and electronic equipment
CN107895116A (en) * 2017-11-29 2018-04-10 山东渔翁信息技术股份有限公司 APP data guard methods, equipment, mobile terminal and computer-readable recording medium
CN108512830A (en) * 2018-02-26 2018-09-07 平安普惠企业管理有限公司 Information cipher processing method, device, computer equipment and storage medium

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043323A (en) * 2007-03-13 2007-09-26 宁波大学 Information safety service method facing to wireless mobile terminal
CN102098295A (en) * 2010-12-28 2011-06-15 上海华御信息技术有限公司 Method for improving data security under SaaS application
US20130117579A1 (en) * 2011-11-08 2013-05-09 Samsung Electronics Co. Ltd. Apparatus and method of portable terminal for application data protection
CN103544046A (en) * 2013-10-25 2014-01-29 苏州通付盾信息技术有限公司 Mobile application software reinforcement method
CN104021321A (en) * 2014-06-17 2014-09-03 北京奇虎科技有限公司 Reinforcing protection method and device for software installation package
CN104392188A (en) * 2014-11-06 2015-03-04 三星电子(中国)研发中心 Security data storage method and system
CN106845256A (en) * 2017-01-24 2017-06-13 腾讯科技(深圳)有限公司 A kind of method and terminal of encryption and decryption data in the application
CN107153791A (en) * 2017-03-27 2017-09-12 联想(北京)有限公司 A kind of data presentation method and electronic equipment
CN107895116A (en) * 2017-11-29 2018-04-10 山东渔翁信息技术股份有限公司 APP data guard methods, equipment, mobile terminal and computer-readable recording medium
CN108512830A (en) * 2018-02-26 2018-09-07 平安普惠企业管理有限公司 Information cipher processing method, device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
US10491379B2 (en) System, device, and method of secure entry and handling of passwords
US10025597B2 (en) System and method for wiping encrypted data on a device having file-level content protection
US20180241556A1 (en) System and method for content protection based on a combination of a user pin and a device specific identifier
ES2680660T3 (en) Systems and methods to secure and restore virtual machines
Li et al. The emperor’s new password manager: Security analysis of web-based password managers
KR101712784B1 (en) System and method for key management for issuer security domain using global platform specifications
Stefan et al. Protecting Users by Confining JavaScript with {COWL}
JP4916584B2 (en) Method for secret sealing about the calling program
Jung et al. Repackaging attack on android banking applications and its countermeasures
US9202051B2 (en) Auditing a device
KR101471589B1 (en) Method for Providing Security for Common Intermediate Language Program
US9148415B2 (en) Method and system for accessing e-book data
US8412934B2 (en) System and method for backing up and restoring files encrypted with file-level content protection
US8589680B2 (en) System and method for synchronizing encrypted data on a device having file-level content protection
CN101894224B (en) Protecting content on client platforms
US20130254536A1 (en) Secure server side encryption for online file sharing and collaboration
US9396325B2 (en) Provisioning an app on a device and implementing a keystore
US9135434B2 (en) System and method for third party creation of applications for mobile appliances
CN101272237B (en) Method and system for automatically generating and filling login information
Strackx et al. Efficient isolation of trusted subsystems in embedded systems
US8353046B2 (en) System and method for delivery of a modular operating system
US7428306B2 (en) Encryption apparatus and method for providing an encrypted file system
JP2013545182A (en) Method and apparatus including architecture for protecting sensitive code and data
KR100996784B1 (en) Saving and retrieving data based on public key encryption
US20130159732A1 (en) Password-less security and protection of online digital assets

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination