CN111639353A - Data management method and device, embedded equipment and storage medium - Google Patents
Data management method and device, embedded equipment and storage medium Download PDFInfo
- Publication number
- CN111639353A CN111639353A CN202010453165.XA CN202010453165A CN111639353A CN 111639353 A CN111639353 A CN 111639353A CN 202010453165 A CN202010453165 A CN 202010453165A CN 111639353 A CN111639353 A CN 111639353A
- Authority
- CN
- China
- Prior art keywords
- file
- app
- app file
- data
- secret key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The invention discloses a data management method, a data management device, embedded equipment and a storage medium, wherein the method comprises the following steps: aiming at each APP file of an application program, performing encryption operation on the APP file by adopting an encryption algorithm, and determining a key factor of the APP file; determining a secret key corresponding to the APP file according to the secret key factor and a secret key generation algorithm; and encrypting and decrypting the data in the APP file by adopting the secret key. Because the key corresponding to each APP file is determined, the data generated in the APP operation process are encrypted by the key corresponding to the APP file, even if the data are maliciously read by other APPs on the embedded device, because other APPs do not have the key corresponding to the APP file, the real data cannot be analyzed, the data stealing by other APPs is prevented, and the data security problem among multiple APPs in the embedded device is solved.
Description
Technical Field
The present invention relates to the field of data management technologies, and in particular, to a data management method and apparatus, an embedded device, and a storage medium.
Background
With the development of embedded devices in recent years, more and more applications APP are installed in the embedded devices. APPs are typically developed by multiple users and run on embedded devices. The embedded device refers to a device or a micro device with a specific control or auxiliary function, such as a security monitoring device, and the embedded device is also called an embedded system. APP refers to application software developed by non-embedded device vendors that may be used for embedded devices.
The APP data management system in the prior art comprises an operating platform, a storage device, a trusted computing unit and an encryption and decryption unit, wherein the trusted computing unit is used for protecting a secret key for encrypting and decrypting data read and written between the operating platform and the storage device, the encryption and decryption unit is used for reading the secret key from the trusted computing unit, and encryption and decryption are performed on the data read and written between the operating platform and the storage device by using an encryption and decryption algorithm.
The prior art solves the data security problem between an operating platform and a storage device, but one embedded device generally comprises a plurality of APPs, and the prior art cannot solve the data security problem between the plurality of APPs in the embedded device.
Disclosure of Invention
The embodiment of the invention provides a data management method and device, embedded equipment and a storage medium, which are used for solving the problem of data security among multiple APPs in the embedded equipment.
The embodiment of the invention provides a data management method, which comprises the following steps:
aiming at each APP file of an application program, performing encryption operation on the APP file by adopting an encryption algorithm, and determining a key factor of the APP file;
determining a secret key corresponding to the APP file according to the secret key factor and a secret key generation algorithm;
and encrypting and decrypting the data in the APP file by adopting the secret key.
Further, the performing an encryption operation on the APP file by using an encryption algorithm to determine a key factor of the APP file includes:
and carrying out hash operation on the APP file by adopting a hash algorithm, and taking the obtained hash value as a secret key factor of the APP file.
Further, the encrypting and decrypting the data in the APP file by using the key includes:
when the data writing operation is carried out on the APP file, the secret key is adopted to carry out encryption processing on the data in the APP file; and when the data reading operation is carried out on the APP file, the secret key is adopted to carry out decryption processing on the data in the APP file.
Further, after the encryption algorithm is used to perform the encryption operation on the APP file, and after the key factor of the APP file is determined, before the key corresponding to the APP file is determined according to the key factor and the key generation algorithm, the method further includes:
writing the secret key factor into a certificate file, encrypting the certificate file by using a private key, and determining the signature of the certificate file;
and when a secret key generation instruction is received, acquiring a public key corresponding to the private key, verifying the signature of the certificate file by adopting the public key, and when the signature verification is successful, analyzing the certificate file to obtain the secret key factor.
Further, before the encrypting and decrypting the data in the APP file by using the key, the method further includes:
and judging whether a certificate file corresponding to the APP file exists or not, if so, starting the APP file, and performing subsequent steps of encrypting and decrypting the data in the APP file by adopting the secret key.
In another aspect, an embodiment of the present invention provides a data management apparatus, where the apparatus includes:
the first determining module is used for performing encryption operation on each application program APP file by adopting an encryption algorithm to determine a key factor of the APP file;
the second determining module is used for determining a secret key corresponding to the APP file according to the secret key factor and a secret key generating algorithm;
and the encryption and decryption module is used for carrying out encryption and decryption processing on the data in the APP file by adopting the secret key.
Further, the first determining module is specifically configured to perform a hash operation on the APP file by using a hash algorithm, and use an obtained hash value as a key factor of the APP file.
Further, the encryption and decryption module is specifically configured to, when performing a data writing operation on the APP file, perform encryption processing on data in the APP file by using the key; and when the data reading operation is carried out on the APP file, the secret key is adopted to carry out decryption processing on the data in the APP file.
Further, the apparatus further comprises:
the signature verification module is used for writing the secret key factor into a certificate file, encrypting the certificate file by using a private key and determining the signature of the certificate file; and when a secret key generation instruction is received, acquiring a public key corresponding to the private key, verifying the signature of the certificate file by adopting the public key, and when the signature verification is successful, analyzing the certificate file to obtain the secret key factor.
Further, the apparatus further comprises:
and the judging module is used for judging whether the certificate file corresponding to the APP file exists or not, starting the APP file if the certificate file exists, and triggering the encryption and decryption module.
On the other hand, the embodiment of the invention provides an embedded device, which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory complete mutual communication through the communication bus;
a memory for storing a computer program;
a processor for implementing any of the above method steps when executing a program stored in the memory.
In another aspect, an embodiment of the present invention provides a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements the method steps of any one of the above.
The embodiment of the invention provides a data management method, a data management device, embedded equipment and a storage medium, wherein the method comprises the following steps: aiming at each APP file of an application program, performing encryption operation on the APP file by adopting an encryption algorithm, and determining a key factor of the APP file; determining a secret key corresponding to the APP file according to the secret key factor and a secret key generation algorithm; and encrypting and decrypting the data in the APP file by adopting the secret key.
In the embodiment of the invention, the key corresponding to each APP file is determined for each APP file, and the data generated in the APP operation process is encrypted by using the key corresponding to the APP file, so that even if the data is maliciously read by other APPs on the embedded device, the real data cannot be analyzed because other APPs do not have the keys corresponding to the APPs, thereby preventing other APPs from stealing data and solving the data security problem among a plurality of APPs in the embedded device.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram of a data management process according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a generation process of a certificate file license according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an APP installation process provided in an embodiment of the present invention;
fig. 4 is a schematic diagram of an APP operation start process provided in the embodiment of the present invention;
fig. 5 is a schematic diagram of a read-write process of an APP provided in an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of a data management apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an embedded device according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the attached drawings, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1:
fig. 1 is a schematic diagram of a data management process provided in an embodiment of the present invention, where the process includes the following steps:
s101: and aiming at each APP file of the application program, carrying out encryption operation on the APP file by adopting an encryption algorithm, and determining a key factor of the APP file.
S102: and determining the key corresponding to the APP file according to the key factor and the key generation algorithm.
S103: and encrypting and decrypting the data in the APP file by adopting the secret key.
The data management method provided by the embodiment of the invention is applied to embedded equipment, and the embedded equipment can be equipment such as a PC (personal computer), a tablet computer and the like.
A plurality of application program APP files are stored in the embedded device, and for each APP file, an encryption algorithm is adopted to perform encryption operation on the APP file. And obtaining the key factor of the APP file through the encryption operation of the APP file. The basic process of the encryption algorithm is to process the APP file according to a certain algorithm to make the APP file become an unreadable segment of code, which is called an encryption factor. The number of encryption factors may be one or more.
And the embedded equipment adopts an encryption algorithm to carry out encryption operation on the APP file to obtain a key factor of the APP file, and then adopts a key generation algorithm to carry out operation on the key factor to generate a key corresponding to the APP file. In the embodiment of the present invention, the encryption algorithm and the key generation algorithm are not limited, and both the key factor and the key may be generated by using an existing algorithm.
After determining the secret key, the embedded device encrypts and decrypts the data in the APP file by using the secret key. Specifically, the encrypting and decrypting the data in the APP file by using the key includes: when the data writing operation is carried out on the APP file, the secret key is adopted to carry out encryption processing on the data in the APP file; and when the data reading operation is carried out on the APP file, the secret key is adopted to carry out decryption processing on the data in the APP file.
In the embodiment of the invention, the key corresponding to each APP file is determined for each APP file, and the data generated in the APP operation process is encrypted by using the key corresponding to the APP file, so that even if the data is maliciously read by other APPs on the embedded device, the real data cannot be analyzed because other APPs do not have the keys corresponding to the APPs, thereby preventing other APPs from stealing data and solving the data security problem among a plurality of APPs in the embedded device.
Example 2:
in order to make the security of the obtained key factor higher, on the basis of the above embodiment, in an embodiment of the present invention, the performing an encryption operation on the APP file by using an encryption algorithm, and determining the key factor of the APP file includes:
and carrying out hash operation on the APP file by adopting a hash algorithm, and taking the obtained hash value as a secret key factor of the APP file.
In the embodiment of the invention, in order to ensure that the security of the obtained key factor is higher, a hash algorithm which is more difficult to crack is adopted to perform hash operation on the APP file, so that different hash values are inevitably obtained for different APP files, and then the obtained hash value is used as the key factor of the APP file. The security of the key factor obtained by the hash algorithm is higher because the security of the hash algorithm is higher. And because the hash algorithm is a one-way unique algorithm, different APP files are guaranteed to obtain different key factors. And the obtained secret keys are different, so that other APPs are further prevented from stealing data, and the problem of data security among multiple APPs in the embedded equipment is solved.
Example 3:
to further ensure the security of the key factor, on the basis of the foregoing embodiments, in an embodiment of the present invention, after the encryption algorithm is used to perform the encryption operation on the APP file, and after the key factor of the APP file is determined, before the key corresponding to the APP file is determined according to the key factor and a key generation algorithm, the method further includes:
writing the secret key factor into a certificate file, encrypting the certificate file by using a private key, and determining the signature of the certificate file;
and when a secret key generation instruction is received, acquiring a public key corresponding to the private key, verifying the signature of the certificate file by adopting the public key, and when the signature verification is successful, analyzing the certificate file to obtain the secret key factor.
In the embodiment of the present invention, in order to further ensure the security of the key factor, the embedded device performs an encryption operation on the APP file by using an encryption algorithm to obtain the key factor of the APP file, then writes the key factor into the certificate file, and then performs an encryption process on the certificate file by using a private key to determine the signature of the certificate file. When the secret key is generated, firstly, the public key corresponding to the private key is adopted to check the certificate file, and the certificate file can be analyzed to obtain the secret key factor stored in the certificate file only after the check is passed. In the embodiment of the invention, the embedded equipment can complete the signature verification to obtain the key factor only by acquiring the public key corresponding to the private key, thereby further ensuring the security of the key factor.
Example 4:
in order to ensure the running security of the APP, on the basis of the foregoing embodiments, in an embodiment of the present invention, before the encrypting and decrypting the data in the APP file by using the key, the method further includes:
and judging whether a certificate file corresponding to the APP file exists or not, if so, starting the APP file, and performing subsequent steps of encrypting and decrypting the data in the APP file by adopting the secret key.
In the embodiment of the invention, before encrypting and decrypting data in an APP file by using a secret key, an embedded device firstly searches whether the certificate file exists in the APP file, if so, determines that the starting condition of the APP exists, at the moment, starts the APP file, and then, after starting the APP file, carries out the subsequent step of encrypting and decrypting the data in the APP file by using the secret key, if the certificate file corresponding to the APP file does not exist, determines that the starting condition of the APP does not exist, at the moment, the APP file is not started.
The following describes the data management process provided by the embodiment of the present invention in detail with reference to the accompanying drawings.
Fig. 2 is a schematic diagram of a generation process of a certificate file license, and as shown in fig. 2, after a user develops an APP, the APP is uploaded to a license application issuance platform. The platform can carry out a series of algorithms such as Hash and the like on the whole file of the APP to obtain a secret key factor, and the secret key factor is crucial to the encryption and decryption of subsequent APP data. The key factor is written to the APP available resource of the license file. And finally, signing the license file to obtain a final license file, and issuing the license file to the user.
Fig. 3 is a schematic diagram of an installation process of an APP, and a user uploads the APP and a license to an embedded device through a web service server, and first checks the license to ensure that the source of the license is trusted. And analyzing the license to obtain a key factor, and obtaining a unique key of the APP according to a key generation algorithm of the equipment for safe reading and writing of subsequent APP data. The APP can be stored in the file system according to the installation flow of the APP.
FIG. 4 is a schematic diagram of an operation starting process of an APP, a user triggers to start the APP, the embedded device starts the APP through an APP management module APP manager, the APP manager acquires an instruction for starting the APP through a web server, in the process of starting the APP, whether a license corresponding to the APP exists or not can be found, if the license is matched, the APP in a file system can be started, and otherwise, the APP cannot be started.
Fig. 5 is a schematic diagram of reading and writing processes of APP, and as shown in fig. 5, APP1 and APP2 are two independent processes. During the operation process, a read or write interface is called to read and write data during the operation process. If the APP1 writes data, it passes through the APP manager module when called into the operating system by the system. The APP manager module finds the corresponding encryption and decryption keys according to the called APP information, encrypts the data and writes the data into the file system. Reading data is the reverse process of writing data.
Based on the APP data management scheme provided by the embodiment of the invention, one APP key can be realized, and the security level is higher. The encrypted data generated in the running process of the APP is maliciously read by other APPs on the equipment, and real data cannot be analyzed, because other APPs do not have keys of the encrypted data. The operation of the APP needs to be bound with the authorized license, and the safety of the APP operation environment is increased invisibly. Data are generated and read in the APP operation process, and are encrypted and decrypted without sensing, and special intervention is not needed by the APP.
Example 5:
fig. 6 is a schematic structural diagram of a data management apparatus according to an embodiment of the present invention, where the apparatus includes:
the first determining module 61 is configured to perform encryption operation on each APP file of the application program by using an encryption algorithm, and determine a key factor of the APP file;
a second determining module 62, configured to determine, according to the key factor and the key generation algorithm, a key corresponding to the APP file;
and the encryption and decryption module 63 is configured to perform encryption and decryption processing on the data in the APP file by using the key.
The first determining module 61 is specifically configured to perform a hash operation on the APP file by using a hash algorithm, and use an obtained hash value as a key factor of the APP file.
The encryption and decryption module 63 is specifically configured to, when performing a data writing operation on the APP file, encrypt data in the APP file by using the key; and when the data reading operation is carried out on the APP file, the secret key is adopted to carry out decryption processing on the data in the APP file.
The device further comprises:
the signature verification module 64 is configured to write the key factor into a certificate file, encrypt the certificate file by using a private key, and determine a signature of the certificate file; and when a secret key generation instruction is received, acquiring a public key corresponding to the private key, verifying the signature of the certificate file by adopting the public key, and when the signature verification is successful, analyzing the certificate file to obtain the secret key factor.
The device further comprises:
and the judging module 65 is used for judging whether the certificate file corresponding to the APP file exists or not, starting the APP file if the certificate file exists, and triggering the encryption and decryption module 63.
Example 6:
on the basis of the foregoing embodiments, an embodiment of the present invention further provides an embedded device, as shown in fig. 7, including: the system comprises a processor 301, a communication interface 302, a memory 303 and a communication bus 304, wherein the processor 301, the communication interface 302 and the memory 303 complete mutual communication through the communication bus 304;
the memory 303 has stored therein a computer program which, when executed by the processor 301, causes the processor 301 to perform the steps of:
aiming at each APP file of an application program, performing encryption operation on the APP file by adopting an encryption algorithm, and determining a key factor of the APP file;
determining a secret key corresponding to the APP file according to the secret key factor and a secret key generation algorithm;
and encrypting and decrypting the data in the APP file by adopting the secret key.
Based on the same inventive concept, the embodiment of the present invention further provides an embedded device, and because the principle of solving the problem of the embedded device is similar to that of the data management method, the implementation of the embedded device may refer to the implementation of the method, and repeated details are not described again.
The embedded device provided by the embodiment of the invention can be a desktop computer, a portable computer, a smart phone, a tablet computer, a Personal Digital Assistant (PDA), a network side device and the like.
The communication bus mentioned in the embedded device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface 302 is used for communication between the embedded device and other devices.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Alternatively, the memory may be at least one memory device located remotely from the processor.
The processor may be a general-purpose processor, including a central processing unit, a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an application specific integrated circuit, a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like.
When the processor executes the program stored in the memory in the embodiment of the invention, the encryption operation of each application program APP file is realized by adopting an encryption algorithm to determine the key factor of the APP file; determining a secret key corresponding to the APP file according to the secret key factor and a secret key generation algorithm; and encrypting and decrypting the data in the APP file by adopting the secret key. In the embodiment of the invention, the key corresponding to each APP file is determined for each APP file, and the data generated in the APP operation process is encrypted by using the key corresponding to the APP file, so that even if the data is maliciously read by other APPs on the embedded device, the real data cannot be analyzed because other APPs do not have the keys corresponding to the APPs, thereby preventing other APPs from stealing data and solving the data security problem among a plurality of APPs in the embedded device.
Example 7:
on the basis of the foregoing embodiments, an embodiment of the present invention further provides a computer storage readable storage medium, in which a computer program executable by an embedded device is stored, and when the program runs on the embedded device, the embedded device is caused to execute the following steps:
aiming at each APP file of an application program, performing encryption operation on the APP file by adopting an encryption algorithm, and determining a key factor of the APP file;
determining a secret key corresponding to the APP file according to the secret key factor and a secret key generation algorithm;
and encrypting and decrypting the data in the APP file by adopting the secret key.
Based on the same inventive concept, embodiments of the present invention further provide a computer-readable storage medium, and since a principle of solving a problem when a processor executes a computer program stored in the computer-readable storage medium is similar to a data management method, implementation of the computer program stored in the computer-readable storage medium by the processor may refer to implementation of the method, and repeated details are omitted.
The computer readable storage medium may be any available medium or data storage device that can be accessed by a processor in an embedded device, including but not limited to magnetic memory such as floppy disks, hard disks, magnetic tape, magneto-optical disks (MO), etc., optical memory such as CDs, DVDs, BDs, HVDs, etc., and semiconductor memory such as ROMs, EPROMs, EEPROMs, nonvolatile memories (NANDFLASH), Solid State Disks (SSDs), etc.
The computer program is stored in the computer readable storage medium provided in the embodiment of the present invention, and when executed by a processor, the computer program implements that for each APP file of an application program, an encryption algorithm is used to perform encryption operation on the APP file, and a key factor of the APP file is determined; determining a secret key corresponding to the APP file according to the secret key factor and a secret key generation algorithm; and encrypting and decrypting the data in the APP file by adopting the secret key. In the embodiment of the invention, the key corresponding to each APP file is determined for each APP file, and the data generated in the APP operation process is encrypted by using the key corresponding to the APP file, so that even if the data is maliciously read by other APPs on the embedded device, the real data cannot be analyzed because other APPs do not have the keys corresponding to the APPs, thereby preventing other APPs from stealing data and solving the data security problem among a plurality of APPs in the embedded device.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (12)
1. A method for managing data, the method comprising:
aiming at each APP file of an application program, performing encryption operation on the APP file by adopting an encryption algorithm, and determining a key factor of the APP file;
determining a secret key corresponding to the APP file according to the secret key factor and a secret key generation algorithm;
and encrypting and decrypting the data in the APP file by adopting the secret key.
2. The method of claim 1, wherein the performing an encryption operation on the APP file using an encryption algorithm, and determining a key factor of the APP file comprises:
and carrying out hash operation on the APP file by adopting a hash algorithm, and taking the obtained hash value as a secret key factor of the APP file.
3. The method of claim 1, wherein the encrypting and decrypting the data in the APP file using the key comprises:
when the data writing operation is carried out on the APP file, the secret key is adopted to carry out encryption processing on the data in the APP file; and when the data reading operation is carried out on the APP file, the secret key is adopted to carry out decryption processing on the data in the APP file.
4. The method according to claim 1 or 2, wherein after the encryption operation is performed on the APP file by using the encryption algorithm, and after the key factor of the APP file is determined, and before the key corresponding to the APP file is determined according to the key factor and the key generation algorithm, the method further includes:
writing the secret key factor into a certificate file, encrypting the certificate file by using a private key, and determining the signature of the certificate file;
and when a secret key generation instruction is received, acquiring a public key corresponding to the private key, verifying the signature of the certificate file by adopting the public key, and when the signature verification is successful, analyzing the certificate file to obtain the secret key factor.
5. The method of claim 4, wherein before the encrypting and decrypting the data in the APP file using the key, the method further comprises:
and judging whether a certificate file corresponding to the APP file exists or not, if so, starting the APP file, and performing subsequent steps of encrypting and decrypting the data in the APP file by adopting the secret key.
6. A data management apparatus, characterized in that the apparatus comprises:
the first determining module is used for performing encryption operation on each application program APP file by adopting an encryption algorithm to determine a key factor of the APP file;
the second determining module is used for determining a secret key corresponding to the APP file according to the secret key factor and a secret key generating algorithm;
and the encryption and decryption module is used for carrying out encryption and decryption processing on the data in the APP file by adopting the secret key.
7. The apparatus according to claim 6, wherein the first determining module is specifically configured to perform a hash operation on the APP file by using a hash algorithm, and use an obtained hash value as a key factor of the APP file.
8. The apparatus according to claim 6, wherein the encryption/decryption module is specifically configured to, when performing a data writing operation on the APP file, perform encryption processing on data in the APP file by using the key; and when the data reading operation is carried out on the APP file, the secret key is adopted to carry out decryption processing on the data in the APP file.
9. The apparatus of claim 6 or 7, wherein the apparatus further comprises:
the signature verification module is used for writing the secret key factor into a certificate file, encrypting the certificate file by using a private key and determining the signature of the certificate file; and when a secret key generation instruction is received, acquiring a public key corresponding to the private key, verifying the signature of the certificate file by adopting the public key, and when the signature verification is successful, analyzing the certificate file to obtain the secret key factor.
10. The apparatus of claim 9, wherein the apparatus further comprises:
and the judging module is used for judging whether the certificate file corresponding to the APP file exists or not, starting the APP file if the certificate file exists, and triggering the encryption and decryption module.
11. The embedded device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing the communication between the processor and the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any one of claims 1 to 5 when executing a program stored in the memory.
12. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010453165.XA CN111639353B (en) | 2020-05-26 | 2020-05-26 | Data management method and device, embedded equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010453165.XA CN111639353B (en) | 2020-05-26 | 2020-05-26 | Data management method and device, embedded equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111639353A true CN111639353A (en) | 2020-09-08 |
| CN111639353B CN111639353B (en) | 2023-08-11 |
Family
ID=72333284
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010453165.XA Active CN111639353B (en) | 2020-05-26 | 2020-05-26 | Data management method and device, embedded equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111639353B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112613071A (en) * | 2020-12-25 | 2021-04-06 | 武汉市多比特信息科技有限公司 | File encryption method and device and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090290707A1 (en) * | 2008-05-22 | 2009-11-26 | James Paul Schneider | Generating and Securing Multiple Archive Keys |
| US8886964B1 (en) * | 2014-04-24 | 2014-11-11 | Flexera Software Llc | Protecting remote asset against data exploits utilizing an embedded key generator |
| JP2015222915A (en) * | 2014-05-23 | 2015-12-10 | パナソニックIpマネジメント株式会社 | Certificate issue system, client terminal, server device, certificate obtaining method and certificate issue method |
| CN105825142A (en) * | 2016-02-22 | 2016-08-03 | 北京启迪思创科技有限公司 | Method and device for encrypting and decrypting documents in mobile terminal |
| CN109462476A (en) * | 2018-11-23 | 2019-03-12 | 成都卫士通信息产业股份有限公司 | Cryptographic key negotiation method, device, terminal and computer readable storage medium |
| CN110417543A (en) * | 2018-04-27 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of data ciphering method, device and storage medium |
| US20200026873A1 (en) * | 2018-07-20 | 2020-01-23 | International Business Machines Corporation | Encryption for a multi-tenant file system |
| CN111079128A (en) * | 2019-12-11 | 2020-04-28 | 腾讯科技(深圳)有限公司 | Data processing method and device, electronic equipment and storage medium |
-
2020
- 2020-05-26 CN CN202010453165.XA patent/CN111639353B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090290707A1 (en) * | 2008-05-22 | 2009-11-26 | James Paul Schneider | Generating and Securing Multiple Archive Keys |
| US8886964B1 (en) * | 2014-04-24 | 2014-11-11 | Flexera Software Llc | Protecting remote asset against data exploits utilizing an embedded key generator |
| JP2015222915A (en) * | 2014-05-23 | 2015-12-10 | パナソニックIpマネジメント株式会社 | Certificate issue system, client terminal, server device, certificate obtaining method and certificate issue method |
| CN105825142A (en) * | 2016-02-22 | 2016-08-03 | 北京启迪思创科技有限公司 | Method and device for encrypting and decrypting documents in mobile terminal |
| CN110417543A (en) * | 2018-04-27 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of data ciphering method, device and storage medium |
| US20200026873A1 (en) * | 2018-07-20 | 2020-01-23 | International Business Machines Corporation | Encryption for a multi-tenant file system |
| CN109462476A (en) * | 2018-11-23 | 2019-03-12 | 成都卫士通信息产业股份有限公司 | Cryptographic key negotiation method, device, terminal and computer readable storage medium |
| CN111079128A (en) * | 2019-12-11 | 2020-04-28 | 腾讯科技(深圳)有限公司 | Data processing method and device, electronic equipment and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112613071A (en) * | 2020-12-25 | 2021-04-06 | 武汉市多比特信息科技有限公司 | File encryption method and device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111639353B (en) | 2023-08-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210294879A1 (en) | Securing executable code integrity using auto-derivative key | |
| KR101608510B1 (en) | System and method for key management for issuer security domain using global platform specifications | |
| KR100792287B1 (en) | Method for security and the security apparatus thereof | |
| CN111723383B (en) | Data storage and verification method and device | |
| US11258591B2 (en) | Cryptographic key management based on identity information | |
| KR102139179B1 (en) | Security subsystem | |
| CN101308538B (en) | Method and apparatus for checking integrity of firmware | |
| US5875248A (en) | Method of counterfeit detection of electronic data stored on a device | |
| CN1329787C (en) | Method of preventing firmware piracy | |
| JP2000516373A (en) | Method and apparatus for secure processing of encryption keys | |
| CN101199159A (en) | Secure boot | |
| JP6072091B2 (en) | Secure access method and secure access device for application programs | |
| EP3316160A1 (en) | Authentication method and apparatus for reinforced software | |
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| CN110245466B (en) | Software integrity protection and verification method, system, device and storage medium | |
| CN106156607B (en) | SElinux secure access method and POS terminal | |
| CN109445705A (en) | Firmware authentication method and solid state hard disk | |
| WO2019186554A1 (en) | Method of secure communication among protected containers and system thereof | |
| CN101447009A (en) | Method, device and system for installing software | |
| JP2009080772A (en) | Software starting system, software starting method and software starting program | |
| US8972745B2 (en) | Secure data handling in a computer system | |
| CN111639353B (en) | Data management method and device, embedded equipment and storage medium | |
| US8844024B1 (en) | Systems and methods for using tiered signing certificates to manage the behavior of executables | |
| CN109583197B (en) | Trusted overlay file encryption and decryption method | |
| KR20210089486A (en) | Apparatus and method for securely managing keys |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |