CN111639353B - Data management method and device, embedded equipment and storage medium - Google Patents
Data management method and device, embedded equipment and storage medium Download PDFInfo
- Publication number
- CN111639353B CN111639353B CN202010453165.XA CN202010453165A CN111639353B CN 111639353 B CN111639353 B CN 111639353B CN 202010453165 A CN202010453165 A CN 202010453165A CN 111639353 B CN111639353 B CN 111639353B
- Authority
- CN
- China
- Prior art keywords
- app
- file
- data
- key
- secret key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The invention discloses a data management method, a device, an embedded device and a storage medium, wherein the method comprises the following steps: for each application program APP file, carrying out encryption operation on the APP file by adopting an encryption algorithm, and determining a key factor of the APP file; determining a secret key corresponding to the APP file according to the secret key factors and a secret key generation algorithm; and encrypting and decrypting the data in the APP file by adopting the secret key. Because for every APP file, confirm have the secret key that APP file corresponds, the data that APP operation in-process generated all adopt secret key that APP corresponds carries out encryption processing, even by other APP malicious reading on the embedded equipment, because other APP does not have secret key that APP corresponds, consequently also can't parse out real data, prevented other APP steal data, solved the data security problem between a plurality of APP in the embedded equipment.
Description
Technical Field
The present invention relates to the field of data management technologies, and in particular, to a data management method, a data management device, an embedded device, and a storage medium.
Background
With the development of embedded devices in recent years, the application programs APP installed in the embedded devices are increasing. APP is typically developed by multiple users and runs on embedded devices. The embedded device refers to a device or a micro device with a specific control or auxiliary function, such as a security monitoring device, and is also called an embedded system. APP refers to application software developed by non-embedded device manufacturers that can be used with embedded devices.
The APP data management system in the prior art comprises an operation platform, a storage device, a trusted computing unit and an encryption and decryption unit, wherein the trusted computing unit is used for protecting a secret key for encrypting and decrypting data read and written between the operation platform and the storage device, the encryption and decryption unit is used for reading the secret key from the trusted computing unit, and an encryption and decryption algorithm is utilized for encrypting and decrypting the data read and written between the operation platform and the storage device.
The prior art solves the problem of data security between an operation platform and a storage device, but one embedded device generally comprises a plurality of APP, and the prior art cannot solve the problem of data security between a plurality of APP in the embedded device.
Disclosure of Invention
The embodiment of the invention provides a data management method, a device, an embedded device and a storage medium, which are used for solving the data security problem among a plurality of APP in the embedded device.
The embodiment of the invention provides a data management method, which comprises the following steps:
for each application program APP file, carrying out encryption operation on the APP file by adopting an encryption algorithm, and determining a key factor of the APP file;
determining a secret key corresponding to the APP file according to the secret key factors and a secret key generation algorithm;
and encrypting and decrypting the data in the APP file by adopting the secret key.
Further, the encryption algorithm is adopted to encrypt the APP file, and determining the key factor of the APP file includes:
and carrying out hash operation on the APP file by adopting a hash algorithm, and taking the obtained hash value as a key factor of the APP file.
Further, the encrypting and decrypting the data in the APP file by adopting the secret key comprises:
when the APP file is subjected to data writing operation, the secret key is adopted to encrypt data in the APP file; and when the APP file is subjected to data reading operation, the data in the APP file is decrypted by adopting the secret key.
Further, the encryption algorithm is adopted to encrypt the APP file, and after the key factor of the APP file is determined, the method further comprises, before determining the key corresponding to the APP file according to the key factor and the key generation algorithm:
writing the secret key factor into a certificate file, and encrypting the certificate file by adopting a private key to determine the signature of the certificate file;
when a key generation instruction is received, a public key corresponding to the private key is obtained, signature verification is carried out on the signature of the certificate file by adopting the public key, and when the signature verification is successful, the certificate file is analyzed to obtain the key factor.
Further, before the encryption and decryption processing is performed on the data in the APP file by adopting the secret key, the method further includes:
judging whether a certificate file corresponding to the APP file exists, if so, starting the APP file, and carrying out subsequent encryption and decryption processing on data in the APP file by adopting the secret key.
In another aspect, an embodiment of the present invention provides a data management apparatus, including:
the first determining module is used for carrying out encryption operation on the APP files by adopting an encryption algorithm aiming at each application program APP file to determine the key factors of the APP files;
the second determining module is used for determining a secret key corresponding to the APP file according to the secret key factor and the secret key generation algorithm;
and the encryption and decryption module is used for encrypting and decrypting the data in the APP file by adopting the secret key.
Further, the first determining module is specifically configured to perform hash operation on the APP file by using a hash algorithm, and use the obtained hash value as a key factor of the APP file.
Further, the encryption and decryption module is specifically configured to encrypt data in the APP file by using the secret key when performing a data writing operation on the APP file; and when the APP file is subjected to data reading operation, the data in the APP file is decrypted by adopting the secret key.
Further, the apparatus further comprises:
the signature verification module is used for writing the secret key factor into a certificate file, and carrying out encryption processing on the certificate file by adopting a private key to determine the signature of the certificate file; when a key generation instruction is received, a public key corresponding to the private key is obtained, signature verification is carried out on the signature of the certificate file by adopting the public key, and when the signature verification is successful, the certificate file is analyzed to obtain the key factor.
Further, the apparatus further comprises:
the judging module is used for judging whether a certificate file corresponding to the APP file exists or not, if so, starting the APP file and triggering the encryption and decryption module.
On the other hand, the embodiment of the invention provides an embedded device, which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
a processor for implementing any of the method steps described above when executing a program stored on a memory.
In another aspect, embodiments of the present invention provide a computer-readable storage medium having a computer program stored therein, which when executed by a processor, implements the method steps of any of the above.
The embodiment of the invention provides a data management method, a device, an embedded device and a storage medium, wherein the method comprises the following steps: for each application program APP file, carrying out encryption operation on the APP file by adopting an encryption algorithm, and determining a key factor of the APP file; determining a secret key corresponding to the APP file according to the secret key factors and a secret key generation algorithm; and encrypting and decrypting the data in the APP file by adopting the secret key.
Because in the embodiment of the invention, the secret key corresponding to each APP file is determined, and the data generated in the APP operation process is encrypted by adopting the secret key corresponding to the APP, even if the data are maliciously read by other APP on the embedded equipment, the other APP cannot analyze the real data because the secret key corresponding to the APP is not available, thereby preventing the other APP from stealing the data and solving the data security problem among a plurality of APP in the embedded equipment.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a data management process according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a generation process of a certificate document license provided in an embodiment of the present invention;
fig. 3 is a schematic diagram of an APP installation process provided in an embodiment of the present invention;
FIG. 4 is a schematic diagram of an APP operation start-up procedure provided by an embodiment of the present invention;
fig. 5 is a schematic diagram of an APP read-write process provided by an embodiment of the present invention;
FIG. 6 is a schematic diagram of a data management device according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an embedded device according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail below with reference to the attached drawings, wherein it is apparent that the embodiments described are only some, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1:
fig. 1 is a schematic diagram of a data management process according to an embodiment of the present invention, where the process includes the following steps:
s101: and (3) for each application program APP file, carrying out encryption operation on the APP file by adopting an encryption algorithm, and determining the key factor of the APP file.
S102: and determining the secret key corresponding to the APP file according to the secret key factors and the secret key generation algorithm.
S103: and encrypting and decrypting the data in the APP file by adopting the secret key.
The data management method provided by the embodiment of the invention is applied to the embedded equipment, and the embedded equipment can be PC, tablet personal computer and other equipment.
And a plurality of application program APP files are stored in the embedded equipment, and encryption algorithm is adopted for each APP file to carry out encryption operation on the APP files. And (3) obtaining the key factor of the APP file through encryption operation on the APP file. The basic process of the encryption algorithm is to process the APP file according to a certain algorithm to make the APP file an unreadable code, which is called an encryption factor. The number of encryption factors may be one or a plurality.
And the embedded equipment performs encryption operation on the APP file by adopting an encryption algorithm, and then performs operation on the key factor by adopting a key generation algorithm after obtaining the key factor of the APP file, so as to generate a key corresponding to the APP file. In the embodiment of the invention, the encryption algorithm and the key generation algorithm are not limited, and the existing algorithm can be adopted to generate the key factors and the keys.
After determining the secret key, the embedded device adopts the secret key to encrypt and decrypt the data in the APP file. Specifically, the encrypting and decrypting the data in the APP file by using the secret key includes: when the APP file is subjected to data writing operation, the secret key is adopted to encrypt data in the APP file; and when the APP file is subjected to data reading operation, the data in the APP file is decrypted by adopting the secret key.
Because in the embodiment of the invention, the secret key corresponding to each APP file is determined, and the data generated in the APP operation process is encrypted by adopting the secret key corresponding to the APP, even if the data are maliciously read by other APP on the embedded equipment, the other APP cannot analyze the real data because the secret key corresponding to the APP is not available, thereby preventing the other APP from stealing the data and solving the data security problem among a plurality of APP in the embedded equipment.
Example 2:
in order to make the obtained secret key factor higher in security, based on the above embodiment, in the embodiment of the present invention, the encryption algorithm is used to encrypt the APP file, and determining the secret key factor of the APP file includes:
and carrying out hash operation on the APP file by adopting a hash algorithm, and taking the obtained hash value as a key factor of the APP file.
In the embodiment of the invention, in order to ensure that the obtained secret key factor has higher security, hash operation is carried out on the APP file by adopting a hash algorithm which is more difficult to crack, so that different hash values are necessarily obtained for different APP files, and then the obtained hash values are used as the secret key factor of the APP file. The security of the key factor obtained by the hash algorithm is higher because the security of the hash algorithm is higher. And because the hash algorithm is a unidirectional unique algorithm, different APP files are ensured to be necessarily obtained with different key factors. The obtained secret keys are different, so that other APP data theft is further prevented, and the problem of data security among a plurality of APP in the embedded equipment is solved.
Example 3:
in order to further ensure the security of the key factor, in the above embodiments, in the embodiments of the present invention, the encryption algorithm is used to encrypt the APP file, and after determining the key factor of the APP file, the method further includes, before determining, according to the key factor and the key generation algorithm, a key corresponding to the APP file:
writing the secret key factor into a certificate file, and encrypting the certificate file by adopting a private key to determine the signature of the certificate file;
when a key generation instruction is received, a public key corresponding to the private key is obtained, signature verification is carried out on the signature of the certificate file by adopting the public key, and when the signature verification is successful, the certificate file is analyzed to obtain the key factor.
In the embodiment of the invention, in order to further ensure the security of the key factor, the embedded device adopts an encryption algorithm to encrypt the APP file, writes the key factor into the certificate file after obtaining the key factor of the APP file, and then adopts a private key to encrypt the certificate file to determine the signature of the certificate file. When the secret key is generated, the public key corresponding to the private key is adopted to sign the certificate file, and the signature verification can analyze the certificate file to obtain the secret key factor stored in the certificate file. In the embodiment of the invention, the embedded equipment can complete signature verification only by acquiring the public key corresponding to the private key, so as to acquire the secret key factor, and further ensure the security of the secret key factor.
Example 4:
in order to ensure the operation security of the APP, in the embodiments of the present invention, before the encryption and decryption processing is performed on the data in the APP file by using the key, the method further includes:
judging whether a certificate file corresponding to the APP file exists, if so, starting the APP file, and carrying out subsequent encryption and decryption processing on data in the APP file by adopting the secret key.
In the embodiment of the invention, before the embedded device adopts a secret key to encrypt and decrypt data in an APP file, firstly, whether the data exist in a certificate file corresponding to the APP file is searched, if the data exist, the APP file is started at the moment if the data exist, the APP file is started, the step of carrying out subsequent encryption and decryption processing on the data in the APP file by adopting the secret key is carried out after the APP file is started, if the data do not exist in the certificate file corresponding to the APP file, the starting condition of the APP is determined not to exist, and at the moment, the APP file is not started.
The following describes in detail the data management procedure provided in the embodiment of the present invention with reference to the accompanying drawings.
Fig. 2 is a schematic diagram of a generation process of a certificate file license, and as shown in fig. 2, after a user has developed an APP, the APP is uploaded to a license application issuing platform. The platform can carry out a series of algorithms such as hash and the like on the whole APP file to obtain a key factor, and the key factor is crucial to encryption and decryption of subsequent APP data. And writing the key factor into APP available resources of the license file. And finally signing the license file to obtain a final license file, and issuing the final license file to a user.
Fig. 3 is a schematic diagram of an installation process of an APP, and a user uploads the APP and a license to an embedded device through a web server, and first, the license is checked, so that the source of the license is ensured to be credible. And analyzing license to obtain a key factor, and obtaining a unique key of the APP according to a key generation algorithm of the equipment, wherein the unique key is used for the subsequent secure reading and writing of APP data. And the APP is stored in the file system according to the installation flow of the APP.
Fig. 4 is a schematic diagram of an APP operation starting process, where a user triggers to start the APP, the embedded device starts the APP through an APP management module APP manager, the APP manager obtains an instruction for starting the APP through a web server, in the APP starting process, the APP manager searches whether there is a license corresponding to the APP, and if the license is matched, the APP in the file system is started, otherwise, the APP cannot be started.
Fig. 5 is a schematic diagram of an APP read-write process, and as shown in fig. 5, APP1 and APP2 are two independent processes. The read or write interface is called in the running process to read and write the data in the running process. If APP1 writes data, it passes through the APP manager module when it is called into the operating system by the system. And the APP manager module finds out a corresponding encryption key according to the called APP information, encrypts data, and writes the data into a file system. Reading data is the reverse of writing data.
Based on the APP data management scheme provided by the embodiment of the invention, one APP can be realized, and the security level is higher. The encrypted data generated in the APP operation process is maliciously read by other APPs on the device, and real data cannot be analyzed, because other APPs have no key of the encrypted data. The APP operation needs to be bound with the authorized license, so that the security of the APP operation environment is increased intangibly. The data is generated and read in the APP operation process, encrypted and decrypted without perception, and the APP does not need special intervention.
Example 5:
fig. 6 is a schematic structural diagram of a data management device according to an embodiment of the present invention, where the device includes:
a first determining module 61, configured to perform encryption operation on each APP file by using an encryption algorithm, to determine a key factor of the APP file;
a second determining module 62, configured to determine, according to the key factor and the key generation algorithm, a key corresponding to the APP file;
and the encryption and decryption module 63 is used for encrypting and decrypting the data in the APP file by adopting the secret key.
The first determining module 61 is specifically configured to perform a hash operation on the APP file by using a hash algorithm, and use the obtained hash value as a key factor of the APP file.
The encryption and decryption module 63 is specifically configured to encrypt data in the APP file by using the secret key when performing a data writing operation on the APP file; and when the APP file is subjected to data reading operation, the data in the APP file is decrypted by adopting the secret key.
The apparatus further comprises:
the signature verification module 64 is configured to write the key factor into a certificate file, encrypt the certificate file with a private key, and determine a signature of the certificate file; when a key generation instruction is received, a public key corresponding to the private key is obtained, signature verification is carried out on the signature of the certificate file by adopting the public key, and when the signature verification is successful, the certificate file is analyzed to obtain the key factor.
The apparatus further comprises:
the judging module 65 is configured to judge whether a certificate file corresponding to the APP file exists, and if so, start the APP file, and trigger the encryption and decryption module 63.
Example 6:
on the basis of the foregoing embodiments, an embodiment of the present invention further provides an embedded device, as shown in fig. 7, including: processor 301, communication interface 302, memory 303 and communication bus 304, wherein processor 301, communication interface 302, memory 303 complete the communication each other through communication bus 304;
the memory 303 has stored therein a computer program which, when executed by the processor 301, causes the processor 301 to perform the steps of:
for each application program APP file, carrying out encryption operation on the APP file by adopting an encryption algorithm, and determining a key factor of the APP file;
determining a secret key corresponding to the APP file according to the secret key factors and a secret key generation algorithm;
and encrypting and decrypting the data in the APP file by adopting the secret key.
Based on the same inventive concept, the embodiment of the present invention further provides an embedded device, and since the principle of solving the problem of the embedded device is similar to that of the data management method, implementation of the embedded device may refer to implementation of the method, and repeated descriptions are omitted.
The embedded device provided by the embodiment of the invention can be a desktop computer, a portable computer, a smart phone, a tablet personal computer, a personal digital assistant (Personal Digital Assistant, PDA), network side equipment and the like.
The communication bus mentioned for the embedded device may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface 302 is used for communication between the embedded device and other devices described above.
The Memory may include random access Memory (Random Access Memory, RAM) or may include Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit, a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processing, DSP), application specific integrated circuits, field programmable gate arrays or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
When a processor executes a program stored in a memory, the embodiment of the invention realizes that an encryption algorithm is adopted to encrypt an APP file aiming at each application program APP file, and the key factor of the APP file is determined; determining a secret key corresponding to the APP file according to the secret key factors and a secret key generation algorithm; and encrypting and decrypting the data in the APP file by adopting the secret key. Because in the embodiment of the invention, the secret key corresponding to each APP file is determined, and the data generated in the APP operation process is encrypted by adopting the secret key corresponding to the APP, even if the data are maliciously read by other APP on the embedded equipment, the other APP cannot analyze the real data because the secret key corresponding to the APP is not available, thereby preventing the other APP from stealing the data and solving the data security problem among a plurality of APP in the embedded equipment.
Example 7:
on the basis of the above embodiments, the embodiments of the present invention further provide a computer storage readable storage medium, in which a computer program executable by an embedded device is stored, which when run on the embedded device, causes the embedded device to perform the following steps:
for each application program APP file, carrying out encryption operation on the APP file by adopting an encryption algorithm, and determining a key factor of the APP file;
determining a secret key corresponding to the APP file according to the secret key factors and a secret key generation algorithm;
and encrypting and decrypting the data in the APP file by adopting the secret key.
Based on the same inventive concept, the embodiment of the present invention further provides a computer readable storage medium, and since the principle of solving the problem when the processor executes the computer program stored on the computer readable storage medium is similar to that of the data management method, the implementation of the processor executing the computer program stored on the computer readable storage medium can refer to the implementation of the method, and the repetition is omitted.
The computer readable storage medium may be any available medium or data storage device that can be accessed by a processor in an embedded device, including but not limited to magnetic memories such as floppy disks, hard disks, magnetic tapes, magneto-optical disks (MO), etc., optical memories such as CD, DVD, BD, HVD, etc., and semiconductor memories such as ROM, EPROM, EEPROM, nonvolatile memories (NAND FLASH), solid State Disks (SSD), etc.
The computer readable storage medium provided by the embodiment of the invention stores a computer program, when the computer program is executed by a processor, the APP files are encrypted by adopting an encryption algorithm for each application program, and the key factors of the APP files are determined; determining a secret key corresponding to the APP file according to the secret key factors and a secret key generation algorithm; and encrypting and decrypting the data in the APP file by adopting the secret key. Because in the embodiment of the invention, the secret key corresponding to each APP file is determined, and the data generated in the APP operation process is encrypted by adopting the secret key corresponding to the APP, even if the data are maliciously read by other APP on the embedded equipment, the other APP cannot analyze the real data because the secret key corresponding to the APP is not available, thereby preventing the other APP from stealing the data and solving the data security problem among a plurality of APP in the embedded equipment.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. A method of data management, the method comprising:
for each application program APP file, carrying out encryption operation on the APP file by adopting an encryption algorithm, and determining a key factor of the APP file;
determining a secret key corresponding to the APP file according to the secret key factors and a secret key generation algorithm;
encrypting and decrypting the data in the APP file by adopting the secret key;
the method comprises the steps of carrying out encryption operation on the APP file by adopting an encryption algorithm, determining a key factor of the APP file, and determining a key corresponding to the APP file according to the key factor and a key generation algorithm, wherein the method further comprises:
writing the secret key factor into a certificate file, and encrypting the certificate file by adopting a private key to determine the signature of the certificate file;
when a key generation instruction is received, a public key corresponding to the private key is obtained, signature verification is carried out on the signature of the certificate file by adopting the public key, and when the signature verification is successful, the certificate file is analyzed to obtain the key factor.
2. The method of claim 1, wherein said encrypting the APP file using an encryption algorithm, determining a key factor for the APP file comprises:
and carrying out hash operation on the APP file by adopting a hash algorithm, and taking the obtained hash value as a key factor of the APP file.
3. The method of claim 1, wherein encrypting and decrypting the data in the APP file using the key comprises:
when the APP file is subjected to data writing operation, the secret key is adopted to encrypt data in the APP file; and when the APP file is subjected to data reading operation, the data in the APP file is decrypted by adopting the secret key.
4. The method of claim 1, wherein prior to encrypting and decrypting the data in the APP file using the key, the method further comprises:
judging whether a certificate file corresponding to the APP file exists, if so, starting the APP file, and carrying out subsequent encryption and decryption processing on data in the APP file by adopting the secret key.
5. A data management apparatus, the apparatus comprising:
the first determining module is used for carrying out encryption operation on the APP files by adopting an encryption algorithm aiming at each application program APP file to determine the key factors of the APP files;
the second determining module is used for determining a secret key corresponding to the APP file according to the secret key factor and the secret key generation algorithm;
the encryption and decryption module is used for encrypting and decrypting the data in the APP file by adopting the secret key;
the apparatus further comprises:
the signature verification module is used for writing the secret key factor into a certificate file, and carrying out encryption processing on the certificate file by adopting a private key to determine the signature of the certificate file; when a key generation instruction is received, a public key corresponding to the private key is obtained, signature verification is carried out on the signature of the certificate file by adopting the public key, and when the signature verification is successful, the certificate file is analyzed to obtain the key factor.
6. The apparatus of claim 5, wherein the first determining module is specifically configured to perform a hash operation on the APP file using a hash algorithm, and use the obtained hash value as a key factor of the APP file.
7. The device of claim 5, wherein the encryption and decryption module is specifically configured to encrypt data in the APP file by using the key when performing a data writing operation on the APP file; and when the APP file is subjected to data reading operation, the data in the APP file is decrypted by adopting the secret key.
8. The apparatus of claim 5, wherein the apparatus further comprises:
the judging module is used for judging whether a certificate file corresponding to the APP file exists or not, if so, starting the APP file and triggering the encryption and decryption module.
9. The embedded device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any one of claims 1-4 when executing a program stored on a memory.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored therein a computer program which, when executed by a processor, implements the method steps of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010453165.XA CN111639353B (en) | 2020-05-26 | 2020-05-26 | Data management method and device, embedded equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010453165.XA CN111639353B (en) | 2020-05-26 | 2020-05-26 | Data management method and device, embedded equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111639353A CN111639353A (en) | 2020-09-08 |
| CN111639353B true CN111639353B (en) | 2023-08-11 |
Family
ID=72333284
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010453165.XA Active CN111639353B (en) | 2020-05-26 | 2020-05-26 | Data management method and device, embedded equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111639353B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112613071A (en) * | 2020-12-25 | 2021-04-06 | 武汉市多比特信息科技有限公司 | File encryption method and device and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8886964B1 (en) * | 2014-04-24 | 2014-11-11 | Flexera Software Llc | Protecting remote asset against data exploits utilizing an embedded key generator |
| JP2015222915A (en) * | 2014-05-23 | 2015-12-10 | パナソニックIpマネジメント株式会社 | Certificate issue system, client terminal, server device, certificate obtaining method and certificate issue method |
| CN105825142A (en) * | 2016-02-22 | 2016-08-03 | 北京启迪思创科技有限公司 | Method and device for encrypting and decrypting documents in mobile terminal |
| CN109462476A (en) * | 2018-11-23 | 2019-03-12 | 成都卫士通信息产业股份有限公司 | Cryptographic key negotiation method, device, terminal and computer readable storage medium |
| CN110417543A (en) * | 2018-04-27 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of data ciphering method, device and storage medium |
| CN111079128A (en) * | 2019-12-11 | 2020-04-28 | 腾讯科技(深圳)有限公司 | Data processing method and device, electronic equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8694798B2 (en) * | 2008-05-22 | 2014-04-08 | Red Hat, Inc. | Generating and securing multiple archive keys |
| US10936745B2 (en) * | 2018-07-20 | 2021-03-02 | International Business Machines Corporation | Encryption for a multi-tenant file system |
-
2020
- 2020-05-26 CN CN202010453165.XA patent/CN111639353B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8886964B1 (en) * | 2014-04-24 | 2014-11-11 | Flexera Software Llc | Protecting remote asset against data exploits utilizing an embedded key generator |
| JP2015222915A (en) * | 2014-05-23 | 2015-12-10 | パナソニックIpマネジメント株式会社 | Certificate issue system, client terminal, server device, certificate obtaining method and certificate issue method |
| CN105825142A (en) * | 2016-02-22 | 2016-08-03 | 北京启迪思创科技有限公司 | Method and device for encrypting and decrypting documents in mobile terminal |
| CN110417543A (en) * | 2018-04-27 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of data ciphering method, device and storage medium |
| CN109462476A (en) * | 2018-11-23 | 2019-03-12 | 成都卫士通信息产业股份有限公司 | Cryptographic key negotiation method, device, terminal and computer readable storage medium |
| CN111079128A (en) * | 2019-12-11 | 2020-04-28 | 腾讯科技(深圳)有限公司 | Data processing method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111639353A (en) | 2020-09-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112074836B (en) | Apparatus and method for protecting data through trusted execution environment | |
| KR100792287B1 (en) | Method for security and the security apparatus thereof | |
| KR102139179B1 (en) | Security subsystem | |
| CN1329787C (en) | Method of preventing firmware piracy | |
| CN101199159A (en) | Secure boot | |
| US20200082088A1 (en) | User/Enterprise Data Protection Preventing Non-Authorized Firmware Modification | |
| EP3316160A1 (en) | Authentication method and apparatus for reinforced software | |
| CN109284585B (en) | Script encryption method, script decryption operation method and related device | |
| US11824967B2 (en) | Electronic device using homomorphic encryption and encrypted data processing method thereof | |
| JP2010517448A (en) | Secure file encryption | |
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| CN110245466B (en) | Software integrity protection and verification method, system, device and storage medium | |
| TW201939337A (en) | Behavior recognition, data processing method and apparatus | |
| CN109445705A (en) | Firmware authentication method and solid state hard disk | |
| CN101447009A (en) | Method, device and system for installing software | |
| CN111639353B (en) | Data management method and device, embedded equipment and storage medium | |
| US8972745B2 (en) | Secure data handling in a computer system | |
| US11533172B2 (en) | Apparatus and method for securely managing keys | |
| CN111628863B (en) | Data signature method and device, electronic equipment and storage medium | |
| CN113342425A (en) | Starting method, device and storage medium of Linux embedded system | |
| CN109583197B (en) | Trusted overlay file encryption and decryption method | |
| CN112000933A (en) | Application software activation method and device, electronic equipment and storage medium | |
| CN108363912B (en) | Program code secret protection method and device | |
| CN107861892B (en) | Method and terminal for realizing data processing | |
| CN116821923A (en) | Protection method and device for protecting computer memory data security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |