CN112632590A - Automatic encryption and decryption method and device for database parameters of embedded terminal equipment - Google Patents
Automatic encryption and decryption method and device for database parameters of embedded terminal equipment Download PDFInfo
- Publication number
- CN112632590A CN112632590A CN202110000903.XA CN202110000903A CN112632590A CN 112632590 A CN112632590 A CN 112632590A CN 202110000903 A CN202110000903 A CN 202110000903A CN 112632590 A CN112632590 A CN 112632590A
- Authority
- CN
- China
- Prior art keywords
- parameter
- configuration file
- parameter name
- encrypted
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000012545 processing Methods 0.000 claims description 11
- 230000003068 static effect Effects 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 5
- 230000007246 mechanism Effects 0.000 description 11
- 230000006870 function Effects 0.000 description 8
- 238000006073 displacement reaction Methods 0.000 description 4
- 230000005055 memory storage Effects 0.000 description 4
- 238000001914 filtration Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000007781 pre-processing Methods 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for automatically encrypting and decrypting database parameters of embedded terminal equipment, wherein the method comprises the following steps: an encryption device reads an initial configuration file and obtains a parameter name and a parameter value in the initial configuration file; accessing the pointer address of the parameter name, and encrypting the parameter name according to an access result; encrypting the parameter values using an encryption algorithm; generating an encryption configuration file according to the encrypted parameter name and the encrypted parameter value; the decryption device downloads the encrypted configuration file and decrypts the parameter name in the encrypted configuration file; decrypting the parameter values in the encrypted configuration file by using a decryption algorithm; and generating a decryption configuration file according to the decrypted parameter name and the decrypted parameter value, and updating the equipment data based on the decryption configuration file. The method improves the security of the embedded terminal equipment database.
Description
Technical Field
The invention relates to the technical field of encryption and decryption, in particular to an automatic encryption and decryption method and device for database parameters of embedded terminal equipment.
Background
The database mode of the existing embedded terminal device uses XML (XML refers to extensible markup language, which is a markup language, the design purpose of XML is to transmit data but not display data, XML tags are not predefined and need to define tags by themselves, XML is designed to have self-descriptive property, and XML is the recommendation standard of W3C) as the structural design of its own database, XML documents are widely applied in lightweight data storage scenarios because of the advantages of complete separation of content and structure, strong interoperability, unified specification, support of multiple codes, strong extensibility, and the like, the simple database mode has the advantages of low cost, wide range (can be used for any operating system and software platform), and the disadvantages of clear text coding and extremely low security.
In the prior art, an access limiting mechanism is to perform access limitation on database contents by user rights, when different users download database backups, the number of parameters and the content of the parameters output to an XML document by an embedded terminal device are divided differently according to user grades, a high-rights user has access rights to all parameters or most key parameters, and a low-rights user only has access rights to general parameters; the sensitive parameter filtering mechanism is that when downloading database backup, parameters output to XML documents by the embedded terminal device can filter parameters related to device security or sensitive parameters according to keyword indexes preset by a program, and the parameters do not exist in the output XML document backup.
Subjectivity, the user right is taken as a technical means for guaranteeing the safety of the database, only the contact crowd is directly divided by the account, and it seems that only the crowd mastering the management account can check all database parameters, but the super account password of a mainstream chip factory or a mainstream operator can be searched on the internet, and a person who can start safety attack generally has the working experience of the internet communication industry, the acquisition of related information is not laborious at all, and the protection of the whole mechanism on the safety of equipment is nearly zero; objectively, the sensitive parameters are filtered, so that although data are prevented from leaking, the backup recovery function of the whole database loses the core significance, the core significance is remained, the shielded parameter magnitude is seen, and the more the shielded parameters are, the more the whole function is lost.
Therefore, how to guarantee the security of the database and further improve the security of the embedded terminal device is a problem to be urgently solved by technical personnel in the field.
Disclosure of Invention
In view of the above problems, an object of the present invention is to solve the problems that in the prior art, a management account password of a database is easy to obtain, a management mechanism of the database cannot guarantee the security of an embedded terminal device, and backup recovery cannot be performed on less than all database parameters.
The embodiment of the invention provides an automatic encryption and decryption method for database parameters of embedded terminal equipment, which comprises the following steps:
the encryption device reads the initial configuration file and obtains the parameter name and the parameter value of the security parameter;
accessing the pointer address of the parameter name, encrypting the parameter name according to an access result, and generating an encrypted parameter name;
encrypting the parameter value by using an encryption algorithm to generate an encrypted parameter value;
generating an encryption configuration file according to the encrypted parameter name and the encrypted parameter value;
the decryption device downloads the encrypted configuration file, decrypts the parameter name in the encrypted configuration file and generates a decrypted parameter name;
decrypting the parameter values in the encrypted configuration file by using a decryption algorithm to generate decrypted parameter values;
and generating a decryption configuration file according to the decrypted parameter name and the decrypted parameter value, and updating the equipment data based on the decryption configuration file.
In one embodiment, the encrypting apparatus reads an initial configuration file, and obtains a parameter name and a parameter value in the initial configuration file, including:
reading the initial configuration file, and storing the initial configuration file to a buffer area;
and generating the parameter name and the parameter value based on the initial configuration file.
In one embodiment, the accessing the pointer address of the parameter name, encrypting the parameter name according to the access result, and generating an encrypted parameter name includes:
accessing a pointer address corresponding to the parameter name, and comparing the parameter name character string with a preset character string;
selecting safety parameters according to the comparison result, generating parameter name types, and selecting corresponding parameter name encryption branches according to the parameter name types;
and encrypting the parameter name based on the parameter name encryption branch to generate an encrypted parameter name.
In one embodiment, the encryption process includes:
parameter name field equipotential processing and parameter name internal storage encryption.
In one embodiment, the downloading the encrypted configuration file by the decryption device, decrypting the parameter names in the encrypted configuration file, and generating decrypted parameter names includes:
downloading the encrypted configuration file, and reading the buffer area address of the encrypted configuration file;
and traversing and decrypting the parameter names in the encrypted configuration file according to a static encryption table based on the buffer area address to generate decrypted parameter names.
In a second aspect, the present invention further provides an apparatus for automatically encrypting and decrypting a database parameter of an embedded terminal device, including:
the file reading module is used for reading an initial configuration file and acquiring a parameter name and a parameter value in the initial configuration file;
the parameter name encryption module is used for accessing the pointer address of the parameter name, encrypting the parameter name according to an access result and generating an encrypted parameter name;
the parameter value encryption module is used for encrypting the parameter value by using an encryption algorithm to generate an encrypted parameter value;
the encrypted configuration file generating module is used for generating an encrypted configuration file according to the encrypted parameter name and the encrypted parameter value;
the parameter name decryption module is used for downloading the encrypted configuration file, decrypting the parameter names in the encrypted configuration file and generating decrypted parameter names;
the parameter value decryption module is used for decrypting the parameter values in the encrypted configuration file by using a decryption algorithm to generate decrypted parameter values;
and the data updating module is used for generating a decryption configuration file according to the decrypted parameter name and the decrypted parameter value, and updating the equipment data based on the decryption configuration file.
In one embodiment, the file reading module includes:
the storage unit is used for reading the initial configuration file and storing the initial configuration file to a buffer area;
and the acquisition unit is used for generating the parameter name and the parameter value based on the initial configuration file. In one embodiment, the parameter name encryption module includes:
the access unit is used for accessing the pointer address corresponding to the parameter name and generating a parameter name type;
the selection unit is used for selecting a corresponding parameter name encryption branch according to the parameter name type;
and the parameter name encryption unit is used for encrypting the parameter name based on the parameter name encryption branch to generate an encrypted parameter name.
In one embodiment, the encryption process includes:
parameter name field equipotential processing and parameter name internal storage encryption.
In one embodiment, the parameter name decryption module includes:
the downloading unit is used for downloading the encrypted configuration file and reading the buffer area address of the encrypted configuration file;
and the parameter name decryption unit is used for traversing and decrypting the parameter names in the encrypted configuration file according to the static encryption table based on the buffer area address to generate decrypted parameter names.
The technical scheme provided by the embodiment of the invention has the beneficial effects that at least:
the method solves the problem of the security of the database of the high-authority account by respectively decrypting and decrypting the parameter name and the parameter value in the aspect of access limiting mechanism, only reads and analyzes the security data in the configuration file in the aspect of contrast sensitive parameter filtering mechanism, can ensure the security problem under the condition that the key parameter is not removed, updates the equipment data based on the decrypted parameter name and the parameter value, ensures the security of the database, and further improves the security of the embedded terminal equipment.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
fig. 1 is a flowchart of an automatic encryption and decryption method for database parameters of an embedded terminal device according to an embodiment of the present invention;
FIG. 2 is a flowchart of a step S101 provided in an embodiment of the present invention;
FIG. 3 is a flowchart of step S102 according to an embodiment of the present invention;
FIG. 4 is a flowchart of traversal decryption provided by an embodiment of the present invention;
FIG. 5 is a flowchart of parameter name decryption according to an embodiment of the present invention;
fig. 6 is a block diagram of an apparatus for automatically encrypting and decrypting a database parameter of an embedded terminal device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
It should be noted that, in the present invention, about 3400 configuration parameters that can be read and written in the database of an ONT device is represented by using an ONT (Optical network terminal) as a typical embedded terminal device, and these parameters and corresponding parameter values are all recorded in the XML document in the form of plaintext. According to technical requirements of PON equipment in China telecom and technical specifications of ONT equipment formulated by BT (British telecom), about 90 parameters in total of seven functional classes with safety requirements are selected as application items of an encryption and decryption mechanism in the implementation method of the mechanism; the ONT is a product in an xpon network access scheme, and generally speaking, the ONT is an optical network terminal for a user terminal.
Referring to fig. 1, an embodiment of the present invention provides an automatic encryption and decryption method for database parameters of an embedded terminal device, where the method includes: S101-S107;
s101, the encryption device reads an initial configuration file and obtains a parameter name and a parameter value in the initial configuration file.
S102, accessing the pointer address of the parameter name, encrypting the parameter name according to an access result, and generating an encrypted parameter name.
S103, encrypting the parameter value by using an encryption algorithm to generate an encrypted parameter value.
Specifically, the parameter value is encrypted by adopting a 13-displacement encryption algorithm.
Further, referring to the following table, based on the ASCII code english dominant character, the characters in the interval from 32 to 126 are selected, and the 13-shift encryption algorithm is to subtract 13 from the current character.
Further, when the 13-bit shift encryption algorithm is performed in the interval 32-44, the obtained characters cannot be normally output in the XML document, and a loop boundary needs to be set, that is, the recessive characters in the interval 19-31 are mapped into the interval 114-126, so that a complete encryption algorithm is completed, and whether the length is controllable or not does not need to be considered, and the following table is a 13-bit shift encryption algorithm raw code table:
and S104, generating an encryption configuration file according to the encrypted parameter name and the encrypted parameter value.
S105, downloading the encrypted configuration file by a decryption device, decrypting the parameter name in the encrypted configuration file, and generating the decrypted parameter name.
S106, decrypting the parameter values in the encrypted configuration file by using a decryption algorithm to generate decrypted parameter values.
Specifically, a 13-displacement decryption algorithm is adopted to decrypt the parameter values in the encrypted configuration file.
Further, the 13-shift decryption algorithm is to perform a restore operation on the dominant character of the ASCII code, and when the character processing boundary involved in the encryption operation exceeds 127, perform preprocessing (strong rotation) using an unsigned character type, and then perform decryption, the following is a 13-shift decryption decoding table:
s107, generating a decryption configuration file according to the decrypted parameter name and the decrypted parameter value, and updating the equipment data based on the decryption configuration file.
In the embodiment, in the aspect of an access limiting mechanism, the security problem of the database of the high-authority account is solved by respectively decrypting and decrypting the parameter name and the parameter value, in the aspect of a contrast sensitive parameter filtering mechanism, the security problem can be guaranteed under the condition that the key parameter is not removed only by reading and analyzing the security data in the configuration file, and the security of the database is guaranteed by updating the device data based on the decrypted parameter name and the decrypted parameter value, so that the security of the embedded terminal device is improved.
In an embodiment, referring to fig. 2, in the step S101, the reading, by the encryption apparatus, an initial configuration file, and obtaining a parameter name and a parameter value in the initial configuration file includes:
s1011, reading the initial configuration file, and storing the initial configuration file into a buffer area.
Specifically, the initial configuration file is read line by line, and the read content is stored in a temporary buffer (buffer).
S1012, generating the parameter name and the parameter value based on the initial configuration file.
Specifically, the contents of each line are composed of the parameter name and the plaintext of the parameter value.
In an embodiment, referring to fig. 3, the accessing the pointer address of the parameter name in step S102, and encrypting the parameter name according to the access result to generate an encrypted parameter name includes:
s1021, accessing the pointer address corresponding to the parameter name, and comparing the parameter name character string with a preset character string.
Specifically, if the parameter name character string is consistent with a preset character string, the parameter corresponding to the parameter name is set as a safety parameter; and if the parameter name character string does not accord with the preset character string, setting the parameter corresponding to the parameter name as other parameters.
S1022, selecting security parameters (related to security parameters or parameters of which the client has security requirements) according to the comparison result, generating parameter name types, and selecting corresponding parameter name encryption branches according to the parameter name types.
Specifically, each security parameter is a character string with different lengths, for example, the parameter name acs _ url belongs to the type PRI _ length _ send, and the function of the type value is to ensure that the parameters are encrypted according to the length bits represented by the type value when encrypting the parameter name.
Further, the number of the parameter name encryption branches depends on the number of the security parameters, taking a PON terminal embedded device as an example, it has 3000 database parameters, and the number of the security parameters is about 70, so that there are 70 templates of the encryption library (that is, the number of the parameter name encryption branches is 70), and after accessing these 3000 parameters, only 70 parameters with encryption requirements are accessed successfully, and a successful pointer address is returned to perform corresponding encryption.
S1023, the parameter names are encrypted based on the parameter name encryption branch, and encrypted parameter names are generated.
Specifically, the encryption processing includes: parameter name field equipotential processing and parameter name internal storage encryption.
For example, acl _ url, which represents the meaning of "acl address", has a length of 7 bits, and it is sufficient to copy 7 bits of custom encryption field (the copy is a memory copy rather than a string copy, which means a memory storage meaning, and the custom encryption field is an encryption meaning) at the same time during encryption, and after the parameter name field is processed with the same number of bits and the parameter name is encrypted with the memory storage meaning, it becomes EXP _099 in the output document.
Specifically, the encryption parameters corresponding to the parameter name types in the static password table are searched, the searched encryption parameters are correspondingly encrypted, and a global variable is defined for counting the total times of encryption. In the embodiment, because the XML text content is directly read into the character string array in a text mode, if no meaningless character is predefined in the machine (namely the character is used as a judgment bit and has no practical significance), the character is required to be a constant-bit encryption parameter name, so that the interface universality can be kept in the reading and writing process, and the original data interface and various auditing mechanisms are not damaged; because the encrypted parameter name relates to character string operation, the method does not use a character string function, because the function of the type can be used for automatically adding '\ 0', if '\ 0' is not processed, firstly, the covering operation can be caused, secondly, the character string searching function can not be used for complete searching, but if additional processing is added, the complexity of the whole software can be increased, and when a memory operation function is used, the length is executed according to the setting during the operation, and redundant behaviors can not exist.
In one embodiment, referring to fig. 4 to 5, in the step S105, the downloading of the encrypted configuration file by the decryption apparatus, decrypting the parameter names in the encrypted configuration file, and generating decrypted parameter names includes:
s1051, downloading the encrypted configuration file, and reading the buffer area (buffer) address of the encrypted configuration file.
S1052, based on the buffer area address, traversing and decrypting the parameter name in the encryption configuration file according to the static encryption table, and generating the decrypted parameter name.
In the implementation, the embedded terminal equipment relates to the network communication industry, the intelligent home industry, the Internet of things industry and the like, the security protocol standard and the regional security protocol standard of each industry are different, a uniform fixed value cannot exist, the static encryption table is adopted to decrypt the parameter name, and the transportability and the wide universality of the system are ensured to the greatest extent.
Based on the same inventive concept, the embodiment of the invention also provides an automatic encryption and decryption device for database parameters of the embedded terminal equipment, and as the principle of the problem solved by the device is similar to the automatic encryption and decryption method for database parameters of the embedded terminal equipment, the implementation of the device can refer to the implementation of the method, and repeated parts are not repeated.
The automatic encryption and decryption device for database parameters of an embedded terminal device provided by the embodiment of the invention, as shown in fig. 6, includes:
the file reading module 61 is configured to read an initial configuration file, and obtain a parameter name and a parameter value in the initial configuration file.
And the parameter name encryption module 62 is configured to access the pointer address of the parameter name, encrypt the parameter name according to an access result, and generate an encrypted parameter name.
And a parameter value encryption module 63, configured to encrypt the parameter value by using an encryption algorithm to generate an encrypted parameter value.
Specifically, the parameter value is encrypted by adopting a 13-displacement encryption algorithm.
Further, referring to the following table, based on the ASCII code english dominant character, the characters in the interval from 32 to 126 are selected, and the 13-shift encryption algorithm is to subtract 13 from the current character.
Further, when the 13-bit shift encryption algorithm is performed in the interval 32-44, the obtained characters cannot be normally output in the XML document, and a loop boundary needs to be set, that is, the recessive characters in the interval 19-31 are mapped into the interval 114-126, so that a complete encryption algorithm is completed, and whether the length is controllable or not does not need to be considered, and the following table is a 13-bit shift encryption algorithm raw code table:
and an encryption configuration file generating module 64, configured to generate an encryption configuration file according to the encrypted parameter name and the encrypted parameter value.
And the parameter name decryption module 65 is configured to download the encrypted configuration file, decrypt the parameter name in the encrypted configuration file, and generate a decrypted parameter name.
Specifically, a 13-displacement decryption algorithm is adopted to decrypt the parameter values in the encrypted configuration file.
Further, the 13-shift decryption algorithm is to perform a restore operation on the dominant character of the ASCII code, and when the character processing boundary involved in the encryption operation exceeds 127, perform preprocessing (strong rotation) using an unsigned character type, and then perform decryption, the following is a 13-shift decryption decoding table:
and the parameter value decryption module 66 is configured to decrypt the parameter values in the encrypted configuration file by using a decryption algorithm to generate decrypted parameter values.
And the data updating module 67 is configured to generate a decryption configuration file according to the decrypted parameter name and the decrypted parameter value, and update the device data based on the decryption configuration file.
In one embodiment, the file reading module 61 includes:
the reading unit 611 is configured to read the initial configuration file, and store the initial configuration file in a buffer.
Specifically, the initial configuration file is read line by line, and the read content is stored in a temporary buffer (buffer).
An obtaining unit 612, configured to generate the parameter name and the parameter value based on the initial configuration file.
Specifically, the contents of each line are composed of the parameter name and the plaintext of the parameter value.
In one embodiment, the parameter name encryption module 62 includes:
and the access unit 621 is configured to access the pointer address corresponding to the parameter name, and compare the parameter name character string with a preset character string.
Specifically, if the parameter name character string is consistent with a preset character string, the parameter corresponding to the parameter name is set as a safety parameter; and if the parameter name character string does not accord with the preset character string, setting the parameter corresponding to the parameter name as other parameters.
And the selecting unit 622 is configured to select a security parameter according to the comparison result, generate a parameter name type, and select a corresponding parameter name encryption branch according to the parameter name type.
Specifically, each security parameter is a character string with different lengths, for example, the parameter name acs _ url belongs to the type PRI _ length _ send, and the function of the type value is to ensure that the parameters are encrypted according to the length bits represented by the type value when encrypting the parameter name.
Further, the number of the parameter name encryption branches depends on the number of the security parameters, taking a PON terminal embedded device as an example, it has 3000 database parameters, and the number of the security parameters is about 70, so that there are 70 templates of the encryption library (that is, the number of the parameter name encryption branches is 70), and after accessing these 3000 parameters, only 70 parameters with encryption requirements are accessed successfully, and a successful pointer address is returned to perform corresponding encryption.
And a parameter name encryption unit 623, configured to encrypt the parameter name based on the parameter name encryption branch, and generate an encrypted parameter name.
Specifically, the encryption processing includes: parameter name field equipotential processing and parameter name internal storage encryption.
For example, acl _ url, which represents the meaning of "acl address", has a length of 7 bits, and it is sufficient to copy 7 bits of custom encryption field (the copy is a memory copy rather than a string copy, which means a memory storage meaning, and the custom encryption field is an encryption meaning) at the same time during encryption, and after the parameter name field is processed with the same number of bits and the parameter name is encrypted with the memory storage meaning, it becomes EXP _099 in the output document.
Specifically, the encryption parameters corresponding to the parameter name types in the static password table are searched, the searched encryption parameters are correspondingly encrypted, and a global variable is defined for counting the total times of encryption.
In one embodiment, the parameter name decryption module 65 includes:
a downloading unit 651, configured to download the encrypted configuration file, and read a buffer (buffer) address of the encrypted configuration file;
and the parameter name decryption unit 652 is configured to perform traversal decryption on the parameter names in the encrypted configuration file according to the static encryption table based on the buffer addresses, and generate decrypted parameter names.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. An automatic encryption and decryption method for database parameters of embedded terminal equipment is characterized by comprising the following steps:
an encryption device reads an initial configuration file and obtains a parameter name and a parameter value in the initial configuration file;
accessing the pointer address of the parameter name, encrypting the parameter name according to an access result, and generating an encrypted parameter name;
encrypting the parameter value by using an encryption algorithm to generate an encrypted parameter value;
generating an encryption configuration file according to the encrypted parameter name and the encrypted parameter value;
the decryption device downloads the encrypted configuration file, decrypts the parameter name in the encrypted configuration file and generates a decrypted parameter name;
decrypting the parameter values in the encrypted configuration file by using a decryption algorithm to generate decrypted parameter values;
and generating a decryption configuration file according to the decrypted parameter name and the decrypted parameter value, and updating the equipment data based on the decryption configuration file.
2. The method of claim 1, wherein the encrypting apparatus reads an initial configuration file, and obtains parameter names and parameter values in the initial configuration file, and comprises:
reading the initial configuration file, and storing the initial configuration file to a buffer area;
and generating the parameter name and the parameter value based on the initial configuration file.
3. The method of claim 1, wherein accessing the pointer address of the parameter name, encrypting the parameter name based on the access result, and generating an encrypted parameter name comprises:
accessing a pointer address corresponding to the parameter name, and comparing the parameter name character string with a preset character string;
selecting safety parameters according to the comparison result, generating parameter name types, and selecting corresponding parameter name encryption branches according to the parameter name types;
and encrypting the parameter name based on the parameter name encryption branch to generate an encrypted parameter name.
4. The method of claim 3, wherein the cryptographic process comprises:
parameter name field equipotential processing and parameter name internal storage encryption.
5. The method of claim 1, wherein the decrypting means downloading the encrypted configuration file, decrypting the parameter names in the encrypted configuration file, and generating decrypted parameter names comprises:
downloading the encrypted configuration file, and reading the buffer area address of the encrypted configuration file;
and traversing and decrypting the parameter names in the encrypted configuration file according to a static encryption table based on the buffer area address to generate decrypted parameter names.
6. An automatic encryption and decryption device for database parameters of embedded terminal equipment is characterized by comprising:
the file reading module is used for reading an initial configuration file and acquiring a parameter name and a parameter value in the initial configuration file;
the parameter name encryption module is used for accessing the pointer address of the parameter name, encrypting the parameter name according to an access result and generating an encrypted parameter name;
the parameter value encryption module is used for encrypting the parameter value by using an encryption algorithm to generate an encrypted parameter value;
the encrypted configuration file generating module is used for generating an encrypted configuration file according to the encrypted parameter name and the encrypted parameter value;
the parameter name decryption module is used for downloading the encrypted configuration file, decrypting the parameter names in the encrypted configuration file and generating decrypted parameter names;
the parameter value decryption module is used for decrypting the parameter values in the encrypted configuration file by using a decryption algorithm to generate decrypted parameter values;
and the data updating module is used for generating a decryption configuration file according to the decrypted parameter name and the decrypted parameter value, and updating the equipment data based on the decryption configuration file.
7. The apparatus of claim 6, wherein the file reading module comprises:
the storage unit is used for reading the initial configuration file and storing the initial configuration file to a buffer area;
and the acquisition unit is used for generating the parameter name and the parameter value based on the initial configuration file.
8. The apparatus of claim 6, wherein the parameter name encryption module comprises:
the access unit is used for accessing the pointer address corresponding to the parameter name and comparing the parameter name character string with a preset character string;
the selection unit is used for selecting the safety parameters according to the comparison result, generating parameter name types and selecting corresponding parameter name encryption branches according to the parameter name types;
and the parameter name encryption unit is used for encrypting the parameter name based on the parameter name encryption branch to generate an encrypted parameter name.
9. The apparatus of claim 8, wherein the cryptographic process comprises:
parameter name field equipotential processing and parameter name internal storage encryption.
10. The apparatus of claim 6, wherein the parameter name decryption module comprises:
the downloading unit is used for downloading the encrypted configuration file and reading the buffer area address of the encrypted configuration file;
and the parameter name decryption unit is used for traversing and decrypting the parameter names in the encrypted configuration file according to the static encryption table based on the buffer area address to generate decrypted parameter names.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110000903.XA CN112632590A (en) | 2021-01-04 | 2021-01-04 | Automatic encryption and decryption method and device for database parameters of embedded terminal equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110000903.XA CN112632590A (en) | 2021-01-04 | 2021-01-04 | Automatic encryption and decryption method and device for database parameters of embedded terminal equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112632590A true CN112632590A (en) | 2021-04-09 |
Family
ID=75290847
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110000903.XA Pending CN112632590A (en) | 2021-01-04 | 2021-01-04 | Automatic encryption and decryption method and device for database parameters of embedded terminal equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112632590A (en) |
Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004362002A (en) * | 2003-05-30 | 2004-12-24 | Ntt Docomo Inc | Service brokerage device, communication device and method |
CN102542143A (en) * | 2010-12-27 | 2012-07-04 | 北京北方微电子基地设备工艺研究中心有限责任公司 | Method and device for acquiring and storing process data, and system for processing process data |
CN103117998A (en) * | 2012-11-28 | 2013-05-22 | 北京用友政务软件有限公司 | Safety reinforcing method based on JavaEE application system |
CN104022894A (en) * | 2014-05-12 | 2014-09-03 | 东软熙康健康科技有限公司 | Method for managing application configuration parameters in concentrated mode and method for configuring application parameters |
CN104657670A (en) * | 2013-11-19 | 2015-05-27 | 北京天地超云科技有限公司 | Data encryption based safety use method of configuration file |
US20160203457A1 (en) * | 2015-01-09 | 2016-07-14 | Seiko Epson Corporation | Transaction system, processing device, and control device |
CN105897402A (en) * | 2016-04-05 | 2016-08-24 | 乐视控股(北京)有限公司 | Parameter encryption method and parameter encryption device |
CN107145597A (en) * | 2017-05-31 | 2017-09-08 | 吉林建筑大学 | A kind of online testing method based on jsp technologies and wherein server and client side's verification method |
CN107948170A (en) * | 2017-11-30 | 2018-04-20 | 中国平安人寿保险股份有限公司 | Interface requests parameter encryption method, device, equipment and readable storage medium storing program for executing |
US10348702B1 (en) * | 2016-11-16 | 2019-07-09 | Amazon Technologies, Inc. | Command parameter resolution for command invocations |
CN110427779A (en) * | 2019-08-13 | 2019-11-08 | 威富通科技有限公司 | A kind of the Encrypt and Decrypt method and data server of database table field |
CN110704863A (en) * | 2019-08-23 | 2020-01-17 | 深圳市随手科技有限公司 | Configuration information processing method and device, computer equipment and storage medium |
CN110890979A (en) * | 2019-11-14 | 2020-03-17 | 光通天下网络科技股份有限公司 | Automatic deploying method, device, equipment and medium for fortress machine |
CN111400760A (en) * | 2020-03-17 | 2020-07-10 | 深圳市随手金服信息科技有限公司 | Method, device, server and storage medium for web application to access database |
CN112016102A (en) * | 2019-05-30 | 2020-12-01 | 中移(苏州)软件技术有限公司 | Parameter configuration method and device and computer readable storage medium |
-
2021
- 2021-01-04 CN CN202110000903.XA patent/CN112632590A/en active Pending
Patent Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004362002A (en) * | 2003-05-30 | 2004-12-24 | Ntt Docomo Inc | Service brokerage device, communication device and method |
CN102542143A (en) * | 2010-12-27 | 2012-07-04 | 北京北方微电子基地设备工艺研究中心有限责任公司 | Method and device for acquiring and storing process data, and system for processing process data |
CN103117998A (en) * | 2012-11-28 | 2013-05-22 | 北京用友政务软件有限公司 | Safety reinforcing method based on JavaEE application system |
CN104657670A (en) * | 2013-11-19 | 2015-05-27 | 北京天地超云科技有限公司 | Data encryption based safety use method of configuration file |
CN104022894A (en) * | 2014-05-12 | 2014-09-03 | 东软熙康健康科技有限公司 | Method for managing application configuration parameters in concentrated mode and method for configuring application parameters |
US20160203457A1 (en) * | 2015-01-09 | 2016-07-14 | Seiko Epson Corporation | Transaction system, processing device, and control device |
CN105897402A (en) * | 2016-04-05 | 2016-08-24 | 乐视控股(北京)有限公司 | Parameter encryption method and parameter encryption device |
US10348702B1 (en) * | 2016-11-16 | 2019-07-09 | Amazon Technologies, Inc. | Command parameter resolution for command invocations |
CN107145597A (en) * | 2017-05-31 | 2017-09-08 | 吉林建筑大学 | A kind of online testing method based on jsp technologies and wherein server and client side's verification method |
CN107948170A (en) * | 2017-11-30 | 2018-04-20 | 中国平安人寿保险股份有限公司 | Interface requests parameter encryption method, device, equipment and readable storage medium storing program for executing |
CN112016102A (en) * | 2019-05-30 | 2020-12-01 | 中移(苏州)软件技术有限公司 | Parameter configuration method and device and computer readable storage medium |
CN110427779A (en) * | 2019-08-13 | 2019-11-08 | 威富通科技有限公司 | A kind of the Encrypt and Decrypt method and data server of database table field |
CN110704863A (en) * | 2019-08-23 | 2020-01-17 | 深圳市随手科技有限公司 | Configuration information processing method and device, computer equipment and storage medium |
CN110890979A (en) * | 2019-11-14 | 2020-03-17 | 光通天下网络科技股份有限公司 | Automatic deploying method, device, equipment and medium for fortress machine |
CN111400760A (en) * | 2020-03-17 | 2020-07-10 | 深圳市随手金服信息科技有限公司 | Method, device, server and storage medium for web application to access database |
Non-Patent Citations (2)
Title |
---|
王应军;傅建明;姜百合;: "基于随机化参数名的跨站请求伪造防御方法", 计算机工程, no. 11 * |
谢秀颖;王敏;王少林;唐威;: "改进的AES算法在智慧住区门户中的应用与实现", 计算机系统应用, no. 10 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20230315917A1 (en) | Structured data folding with transmutations | |
US8166313B2 (en) | Method and apparatus for dump and log anonymization (DALA) | |
JP5536067B2 (en) | Apparatus, system, method and corresponding software component for encrypting and processing data | |
US8135948B2 (en) | Method and system for transparently encrypting sensitive information | |
DE602004004335T2 (en) | Method and device for the secure provisioning and rights management of digital content by means of document indexing | |
US20070074038A1 (en) | Method, apparatus and program storage device for providing a secure password manager | |
CA2649445A1 (en) | Method, system, and computer-readable medium to maintain and/or purge files of a document management system | |
WO2014189900A1 (en) | Protecting data | |
CN113569269B (en) | Encryption method, device, equipment and readable medium for code obfuscation | |
WO2013014430A1 (en) | Anonymisation and filtering data | |
JP2003508995A (en) | System and method for securely storing, transferring and retrieving content-referenced information | |
CN109962908B (en) | Rights management method, device, equipment and storage medium based on token | |
CN106326691B (en) | Encryption and decryption function realization method and device and server | |
CN109510702B (en) | Key storage and use method based on computer feature codes | |
EA006790B1 (en) | Method for creating and processing data streams that contain encrypted and decrypted data | |
CN110855433A (en) | Data encryption method and device based on encryption algorithm and computer equipment | |
CN111212033A (en) | Page display method and device based on combined web crawler defense technology and electronic equipment | |
CN116015767A (en) | Data processing method, device, equipment and medium | |
US20220414261A1 (en) | Masking sensitive data for logging | |
CN111984989B (en) | Method, device, system and medium for self-checking publishing and accessing URL | |
CN112632590A (en) | Automatic encryption and decryption method and device for database parameters of embedded terminal equipment | |
CN108319821A (en) | A kind of software activation method and device | |
CN111104693A (en) | Android platform software data cracking method, terminal device and storage medium | |
CN113658709A (en) | Method, device, computer equipment and storage medium for medical data information query | |
CN113434884B (en) | Encryption method, decryption method and related device for configuration file |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Country or region after: China Address after: 518000 3rd floor, building 15, Wangtang Industrial Zone, Xili street, Nanshan District, Shenzhen City, Guangdong Province Applicant after: Shenzhen Yilian Unlimited Technology Co.,Ltd. Address before: 518000 3rd floor, building 15, Wangtang Industrial Zone, Xili street, Nanshan District, Shenzhen City, Guangdong Province Applicant before: SHENZHEN COMNECT TECHNOLOGY CO.,LTD. Country or region before: China |
|
CB02 | Change of applicant information |