WO2015176531A1 - Terminal data writing and reading methods and devices - Google Patents

Terminal data writing and reading methods and devices Download PDF

Info

Publication number
WO2015176531A1
WO2015176531A1 PCT/CN2014/094550 CN2014094550W WO2015176531A1 WO 2015176531 A1 WO2015176531 A1 WO 2015176531A1 CN 2014094550 W CN2014094550 W CN 2014094550W WO 2015176531 A1 WO2015176531 A1 WO 2015176531A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
identification information
written
identifier information
read
Prior art date
Application number
PCT/CN2014/094550
Other languages
French (fr)
Chinese (zh)
Inventor
何伟
惠文武
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2015176531A1 publication Critical patent/WO2015176531A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity

Abstract

A terminal data writing method, a terminal data reading method, and devices. The method comprises the steps of: when a data writing instruction is detected, acquiring first identification information of data to be written and second identification information of a storage device for writing, the second identification information being corresponding to the writing instruction; and when the first identification information is consistent with the second identification information, encrypting the data to be written and writing the encrypted data to be written into the storage device for writing.

Description

终端数据写入、读取的方法及装置Method and device for writing and reading terminal data 技术领域Technical field
本发明涉及终端数据处理的技术领域,尤其涉及终端数据写入、读取的方法及装置。The present invention relates to the technical field of terminal data processing, and in particular, to a method and an apparatus for writing and reading terminal data.
背景技术Background technique
随着科学技术的不断发展,越来越多的电子终端进入人们的日常生活、工作当中。人们可以通过电子终端与外界交互,在交互的过程当中,会在电子终端产生并保留一些数据。当这些数据所在的文件被拷贝到其他终端或者非法用户将该电子终端上的存储设备直接拆除到其他终端时,这些数据可以被直接读取,导致了用户隐私的泄露。With the continuous development of science and technology, more and more electronic terminals have entered people's daily life and work. People can interact with the outside world through an electronic terminal, and during the interaction process, some data is generated and retained in the electronic terminal. When the file where the data is located is copied to another terminal or the illegal user directly removes the storage device on the electronic terminal to another terminal, the data can be directly read, resulting in leakage of user privacy.
目前终端上数据的保护主要是通过以下两种方式进行:A、对终端设置访问权限的方式;B、通过加密软件对目标文件进行手动加密的方式。Currently, the protection of data on the terminal is mainly performed in the following two ways: A. A method of setting access rights to the terminal; B. A method of manually encrypting the target file by using encryption software.
上述两种方式都存在不同程度的缺陷,A方式的缺陷在于:A1、无法保护将终端上的数据所在的文件,直接拷贝到其他终端上的情况;A2、也无法保护将终端上的存储设备拆除下来放到其他终端上的情况。The above two methods have different degrees of defects. The defects of the A mode are: A1, the file where the data on the terminal is located cannot be directly copied to other terminals; A2, the storage device on the terminal cannot be protected. Remove it and put it on other terminals.
B方式的缺陷在于:B1、由于这些加密软件都是通过应用层软件对文件本身进行加密,所以容易被破解,安全级别不够;B2、加密不能与特定终端绑定,无法满足终端与数据所在的文件的一一对应保护;B3、在终端使用第三方软件要读取加密过的文件时,还需要用户提前手工将待读取数据解密后才能被第三方软件访问,效率较低,操作不方便。The disadvantage of the B method is that B1, because these encryption softwares encrypt the file itself through the application layer software, it is easy to be cracked, and the security level is not enough; B2, encryption cannot be bound to a specific terminal, and the terminal and the data cannot be satisfied. One-to-one correspondence protection of files; B3. When third-party software is used to read encrypted files, the user also needs to manually decrypt the data to be read before being accessed by third-party software, which is inefficient and inconvenient to operate. .
上述内容仅用于辅助理解本发明的技术方案,并不代表承认上述内容是现有技术。The above content is only used to assist in understanding the technical solutions of the present invention, and does not constitute an admission that the above is prior art.
发明内容Summary of the invention
本发明实施例提供一种终端数据写入、读取的方法及装置,旨在实现数据与终端的一一对应,防止终端数据被拷贝至其他终端或保存数据的存储设备被拔除放到其他终端导致数据泄露的技术问题,进而提高终端数据的安全 性。The embodiment of the invention provides a method and a device for writing and reading terminal data, aiming at realizing one-to-one correspondence between data and a terminal, preventing the terminal data from being copied to other terminals or storing the data storage device and being removed to other terminals. Technical problems that lead to data leakage, thereby improving the security of terminal data Sex.
本发明实施例提供终端数据写入的方法,包括:The embodiment of the invention provides a method for writing terminal data, including:
当监控到数据的写入指令时,获取待写入数据的第一标识信息及与所述写入指令对应的待写入存储设备的第二标识信息;When the write command of the data is monitored, the first identifier information of the data to be written and the second identifier information of the storage device to be written corresponding to the write command are acquired;
在所述第一标识信息与所述第二标识信息一致时,对所述待写入数据进行加密,并将加密后的所述待写入数据写入所述待写入存储设备。And when the first identifier information is consistent with the second identifier information, the data to be written is encrypted, and the encrypted data to be written is written into the storage device to be written.
可选地,所述获取待写入数据的第一标识信息及与所述写入指令对应的待写入存储设备的第二标识信息的步骤之后,该方法还包括:Optionally, after the step of acquiring the first identifier information of the data to be written and the second identifier information of the storage device to be written corresponding to the write command, the method further includes:
在所述第一标识信息与第二标识信息不一致时,判定所述第一标识信息为非法标识信息,提示用户数据写入失败。When the first identifier information and the second identifier information are inconsistent, the first identifier information is determined to be illegal identifier information, and the user data write failure is prompted.
可选地,所述当监控到数据的写入指令时,获取所述待写入数据的第一标识信息及与所述写入指令对应的待写入存储设备的第二标识信息的步骤之前,该方法还包括:Optionally, the step of acquiring the first identification information of the data to be written and the second identification information of the to-be-written storage device corresponding to the write instruction is performed when the write instruction of the data is monitored The method further includes:
根据所述第二标识信息创建加密模块,将创建的加密模块添加至内核层。And creating an encryption module according to the second identification information, and adding the created encryption module to the kernel layer.
本发明实施例还提供一种终端数据读取的方法,包括:The embodiment of the invention further provides a method for reading data of a terminal, comprising:
当监控到数据的读取指令时,获取所述读取指令对应的第三标识信息及与所述读取指令对应的待读取数据的第四标识信息;And acquiring, when the read command of the data is read, the third identifier information corresponding to the read command and the fourth identifier information of the data to be read corresponding to the read command;
在所述第三标识信息与所述第四标识信息一致时,对待读取数据进行解密,并显示解密后的所述待读取数据。When the third identification information is consistent with the fourth identification information, the data to be read is decrypted, and the decrypted data to be read is displayed.
可选地,所述当监控到数据的读取指令时,获取所述读取指令对应的第三标识信息及与所述读取指令对应的待读取存储设备的第四标识信息的步骤之后,该方法还包括:Optionally, after the step of acquiring the third instruction information corresponding to the read instruction and the fourth identification information of the storage device to be read corresponding to the read instruction, The method further includes:
在所述第三标识信息与所述第四标识信息不一致时,判定所述第三标识信息为非法标识信息,提示用户数据读取失败。When the third identifier information is inconsistent with the fourth identifier information, determining that the third identifier information is illegal identifier information, prompting the user that the data reading fails.
本发明实施例还提出一种终端数据写入的装置,该装置包括:The embodiment of the invention further provides a device for writing terminal data, the device comprising:
第一获取模块,设置为:当监控到数据的写入指令时,获取待写入数据的第一标识信息及与所述写入指令对应的待写入存储设备的第二标识信息; The first obtaining module is configured to: when the write command of the data is monitored, obtain the first identifier information of the data to be written and the second identifier information to be written into the storage device corresponding to the write command;
加密模块,设置为:在所述第一标识信息与所述第二标识信息一致时,对所述待写入数据进行加密;以及The encryption module is configured to: when the first identifier information is consistent with the second identifier information, encrypt the to-be-written data;
写入模块,设置为:将加密后的所述待写入数据写入所述待写入存储设备。The writing module is configured to: write the encrypted data to be written to the storage device to be written.
可选地,该装置还包括:第一提示模块,Optionally, the device further includes: a first prompt module,
所述第一提示模块设置为:在所述第一标识信息与第二标识信息不一致时,判定所述第一标识信息为非法标识信息,提示用户数据写入失败。The first prompting module is configured to: when the first identifier information and the second identifier information are inconsistent, determine that the first identifier information is illegal identifier information, and prompt the user data to fail to write.
可选地,该装置还包括第一创建模块,Optionally, the device further includes a first creation module,
所述第一创建模块设置为:根据所述第二标识信息创建加密模块,将创建的加密模块添加至内核层。The first creating module is configured to: create an encryption module according to the second identifier information, and add the created encryption module to the kernel layer.
本发明实施例还提出一种终端数据读取的装置,该装置包括:The embodiment of the invention further provides a device for reading terminal data, the device comprising:
第二获取模块设置为:当监控到数据的读取指令时,获取所述读取指令对应的第三标识信息及与所述读取指令对应的待读取存储设备的第四标识信息;The second obtaining module is configured to: acquire the third identification information corresponding to the read instruction and the fourth identification information of the storage device to be read corresponding to the read instruction when the read instruction of the data is monitored;
解密模块设置为:在所述第三标识信息与所述第四标识信息一致时,对待读取数据进行解密;以及The decryption module is configured to: when the third identifier information is consistent with the fourth identifier information, decrypt the data to be read;
读取模块设置为:显示解密后的所述待读取数据。The reading module is configured to: display the decrypted data to be read.
可选地,该装置还包括第二提示模块,Optionally, the device further includes a second prompt module,
所述第二提示模块设置为:在所述第三标识信息与所述第四标识信息不一致时,判定所述第三标识信息为非法标识信息,提示用户数据读取失败。The second prompting module is configured to: when the third identifier information is inconsistent with the fourth identifier information, determine that the third identifier information is illegal identifier information, and prompt the user data to fail to read.
本发明实施例还提供一种实现上述方法的计算机程序。The embodiment of the invention also provides a computer program for implementing the above method.
本发明实施例还提供一种存储所述计算机程序的计算机可读存储介质。Embodiments of the present invention also provide a computer readable storage medium storing the computer program.
本发明实施例通过在写入数据时,对待写入的数据的标识信息进行合法性判定,在待写入数据的标识信息合法时,授权所述待写入数据的写入,并自动对所述待写入数据加密。实现数据与终端的一一对应,防止终端数据被拷贝至其他终端或保存数据的存储设备被拔除放到其他终端导致数据泄露的技术问题,进而提高终端数据的安全性。 In the embodiment of the present invention, when the data is written, the identification information of the data to be written is legally determined, and when the identification information of the data to be written is legal, the writing of the data to be written is authorized, and the information is automatically Write data encryption is described. The one-to-one correspondence between the data and the terminal is realized, and the technical problem that the terminal data is copied to other terminals or the storage device that saves the data is removed and put on other terminals causes data leakage, thereby improving the security of the terminal data.
附图概述BRIEF abstract
图1为本发明终端数据写入的方法实施例的流程示意图;1 is a schematic flow chart of an embodiment of a method for writing terminal data according to the present invention;
图2为本发明终端数据读取的方法实施例的流程示意图;2 is a schematic flowchart diagram of an embodiment of a method for reading terminal data according to the present invention;
图3为本发明终端数据写入的装置实施例的功能模块示意图;3 is a schematic diagram of functional modules of an apparatus for writing terminal data according to the present invention;
图4为本发明终端数据读取的装置实施例的功能模块示意图。4 is a schematic diagram of functional modules of an apparatus for reading terminal data according to the present invention.
本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The implementation, functional features, and advantages of the present invention will be further described in conjunction with the embodiments.
本发明的较佳实施方式Preferred embodiment of the invention
应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
如图1所示,为本发明终端数据写入的方法实施例的流程示意图。FIG. 1 is a schematic flowchart diagram of an embodiment of a method for writing terminal data according to the present invention.
当监控到数据的写入指令时,获取待写入数据的第一标识信息及与所述写入指令对应的待写入存储设备的第二标识信息;在所述第一标识信息与所述第二标识信息一致时,对所述待写入数据进行加密,并将加密后的所述待写入数据写入所述待写入存储设备。Obtaining first identifier information of the data to be written and second identifier information to be written to the storage device corresponding to the write command when the write command of the data is monitored; the first identifier information and the When the second identifier information is consistent, the data to be written is encrypted, and the encrypted data to be written is written into the storage device to be written.
以下是本实施例逐步实现读取终端用户数据的步骤:The following steps are performed to gradually read the user data of the terminal in this embodiment:
步骤S10,当监控到数据的写入指令时,获取待写入数据的第一标识信息及与所述写入指令对应的待写入存储设备的第二标识信息;In step S10, when the write command of the data is monitored, the first identifier information of the data to be written and the second identifier information of the storage device to be written corresponding to the write command are acquired;
用户可以通过电子终端与外界交互,在交互的过程当中,会在电子终端产生并保留一些用户数据。这些用户数据对终端用户来说,属于比较隐私的数据,需要采取安全保护,以防止其他用户进行这些数据的读取、写入等操作。在本发明实施例中,为了保证用户数据的安全性,先为终端的存储设备设置一个第二标识信息,所述第二标识信息可以是终端ID,例如,移动设备国际身份码(International Mobile Equipment Identity,IMEI)、台式机/笔记本电脑的IP地址等能将所述终端与其他终端区分出来的标识信息。所述终端的存储设备可以是终端自带的硬盘或者移动连接的U盘、移动硬盘等存储介质。根据所述第二标识信息创建加密模块,即将终端的标识信息加入到加密 模块里面去,在启动加密模块之前,会先对所述第二标识信息进行验证,即对终端的标识信息进行验证,在所述第二标识信息验证通过后,才调用加密模块进行数据的加密操作。将创建的加密模块添加至内核层,以通过创建的加密模块对用户写入的数据进行加密操作。通过在加密模块中添加所述第二标识信息,例如,终端的ID等,在将用户数据拷贝至其他终端进行读取、修改时,因用户通过其他终端读取、修改时,携带的只能是自身的标识信息,无法携带所述第二标识信息,因此在读取过程中,其他终端无法读取拷贝至其存储设备上保存的用户数据。The user can interact with the outside world through the electronic terminal, and during the interaction process, some user data is generated and retained in the electronic terminal. These user data are relatively private data for the end user, and need to be secured to prevent other users from reading and writing the data. In the embodiment of the present invention, in order to ensure the security of the user data, a second identifier information is first set for the storage device of the terminal, and the second identifier information may be a terminal ID, for example, an international identity code of the mobile device (International Mobile Equipment) Identity, IMEI), the IP address of the desktop/laptop, and other identification information that can distinguish the terminal from other terminals. The storage device of the terminal may be a hard disk that is provided by the terminal or a storage medium such as a U disk or a mobile hard disk that is connected to the mobile device. Creating an encryption module according to the second identifier information, that is, adding the identifier information of the terminal to the encryption In the module, before the encryption module is started, the second identification information is first verified, that is, the identification information of the terminal is verified, and after the second identification information is verified, the encryption module is called to encrypt the data. operating. Add the created cryptographic module to the kernel layer to encrypt the data written by the user through the created cryptographic module. By adding the second identification information, for example, the ID of the terminal, in the encryption module, when the user data is copied to other terminals for reading or modifying, when the user reads or modifies through other terminals, It is its own identification information, and the second identification information cannot be carried. Therefore, during the reading process, other terminals cannot read the user data saved on the storage device.
为了能实现终端数据的安全保护,用户在通过终端向终端的存储设备写入数据时,需携带所述终端的标识信息,即第一标识信息,即为待写入数据设置了所述第一标识信息。所述第一标识信息可以是终端ID,例如,IMEI、台式机/笔记本电脑的IP地址等能将所述终端与其他终端区分出来的标识信息。对用户写入数据的事件进行监控,当监控到用户数据的写入指令时,获取所述写入指令携带的第一标识信息及与所述写入指令对应的待写入存储设备的第二标识信息。In order to implement the security protection of the terminal data, when the user writes data to the storage device of the terminal through the terminal, the user needs to carry the identification information of the terminal, that is, the first identification information, that is, the first is set for the data to be written. Identification information. The first identification information may be a terminal ID, for example, an IMEI, an IP address of a desktop/notebook, and the like, which can distinguish the terminal from other terminals. The event that the user writes the data is monitored, and when the write command of the user data is monitored, the first identifier information carried by the write command and the second to be written to the storage device corresponding to the write command are acquired. Identification information.
步骤S20,判断所述第一标识信息是否与所述第二标识信息一致;若是,则执行步骤S30,若否,则执行步骤S40。In step S20, it is determined whether the first identification information is consistent with the second identification information; if yes, step S30 is performed, and if no, step S40 is performed.
步骤S30,对所述待写入数据进行加密,并将加密后的所述待写入数据写入所述待写入存储设备;Step S30, encrypting the data to be written, and writing the encrypted data to be written into the storage device to be written;
步骤S40,判定所述第一标识信息为非法标识信息,提示用户数据写入失败。Step S40, determining that the first identification information is illegal identification information, prompting the user that the data writing fails.
在所述第一标识信息与所述第二标识信息一致时,判定所述第一标识信息为合法的标识信息,对所述待写入数据进行加密,并将加密后的所述待写入数据写入所述待写入存储设备。具体的,对所述待写入数据进行的过程为:调用内核层的加密模块对所述待写入数据进行加密,并将加密后的所述待写入数据写入所述待写入存储设备,例如,写入终端的硬盘或者与终端移动连接的U盘、移动硬盘上。可以理解的是,用户可以通过应用层软件在所述待写入存储设备写入数据,例如,通过应用层的Word软件、Text软件或PDF软件等在所述待写入存储设备写入数据。When the first identification information is consistent with the second identification information, determining that the first identification information is legal identification information, encrypting the to-be-written data, and encrypting the to-be-written Data is written to the storage device to be written. Specifically, the process of the data to be written is: calling an encryption module of the kernel layer to encrypt the data to be written, and writing the encrypted data to be written into the storage to be written The device, for example, is written to the hard disk of the terminal or a USB disk or a mobile hard disk that is connected to the terminal. It can be understood that the user can write data in the storage device to be written through the application layer software, for example, write data in the storage device to be written by using Word software, Text software or PDF software of the application layer.
在所述第一标识信息与所述第二标识信息不一致时,判定所述第一标识 信息为非法的标识信息,此时,用户无法通过应用层软件在所述待写入存储设备写入数据,提示用户所述待写入数据写入失败。例如,在用户通过与终端通信连接的其他终端远程在所述终端上写入数据时,因其他终端携带的标识信息与所述终端的标识信息不一致,因此,无法再所述终端中写入数据。再例如,在用户将其他终端拷贝至所述终端上时,因其他终端的数据中包括的标识信息与所述终端的存储设备中包括的信息不一致,因此,拷贝的数据写入不到所述终端上。所述待写入数据的写入包括新数据的写入,也可以包括对保存的数据的修改写入。Determining the first identifier when the first identifier information is inconsistent with the second identifier information The information is illegal identification information. At this time, the user cannot write data to the storage device to be written through the application layer software, and prompts the user that the write data to be written fails. For example, when the user writes data on the terminal remotely through other terminals connected to the terminal, the identification information carried by the other terminal is inconsistent with the identification information of the terminal, and therefore, the data cannot be written in the terminal. . For example, when the user copies other terminals to the terminal, the identification information included in the data of the other terminal is inconsistent with the information included in the storage device of the terminal, and therefore, the copied data cannot be written. On the terminal. The writing of the data to be written includes writing of new data, and may also include modified writing of the saved data.
本发明实施例通过在写入数据时,对待写入的数据的标识信息进行合法性判定,在待写入数据的标识信息合法时,授权所述待写入数据的写入,并自动对所述待写入数据加密。实现数据与终端的一一对应,防止终端数据被拷贝至其他终端或保存数据的存储设备被拔除放到其他终端导致数据泄露的技术问题,进而提高终端数据的安全性。In the embodiment of the present invention, when the data is written, the identification information of the data to be written is legally determined, and when the identification information of the data to be written is legal, the writing of the data to be written is authorized, and the information is automatically Write data encryption is described. The one-to-one correspondence between the data and the terminal is realized, and the technical problem that the terminal data is copied to other terminals or the storage device that saves the data is removed and put on other terminals causes data leakage, thereby improving the security of the terminal data.
如图2所示,为本发明终端数据读取的方法较佳实施例的流程示意图。基于上述终端数据写入的方法,该终端数据读取的方法包括步骤:FIG. 2 is a schematic flowchart diagram of a preferred embodiment of a method for reading terminal data according to the present invention. Based on the method for writing terminal data, the method for reading data of the terminal includes the following steps:
步骤S50,当监控到数据的读取指令时,获取所述读取指令对应的第三标识信息及与所述读取指令对应的待读取数据的第四标识信息;In step S50, when the read command of the data is monitored, the third identifier information corresponding to the read command and the fourth identifier information of the data to be read corresponding to the read command are acquired;
在对写入待存储设备的数据按照上述终端数据写入的方法进行写入之后,对用户读取数据的事件进行监控,当监控到数据的读取指令时,获取所述读取指令对应的第三标识信息及与所述读取指令对应的待读取数据的第四标识信息。即获取所述读取指令携带的第三标识信息,及待读取存储设备中的待读取数据的第四标识信息。所述第三、第四标识信息可以是终端ID,例如,IMEI码、台式机/笔记本电脑的IP地址等能将所述终端与其他终端区分出来的标识信息。After the data written to the device to be stored is written according to the method for writing the terminal data, the event of reading the data by the user is monitored, and when the read command of the data is monitored, the corresponding command of the read command is acquired. And third identification information and fourth identification information of the data to be read corresponding to the read instruction. That is, the third identifier information carried by the read command and the fourth identifier information of the data to be read in the storage device to be read are obtained. The third and fourth identification information may be a terminal ID, for example, an IMEI code, an IP address of a desktop/laptop computer, and the like, which can distinguish the terminal from other terminals.
步骤S60,判断所述第三标识信息是否与所述第四标识信息一致;若是则执行步骤S70,若否,则执行步骤S80。Step S60, determining whether the third identification information is consistent with the fourth identification information; if yes, executing step S70; if not, executing step S80.
步骤S70,对待读取数据进行解密,并显示解密后的所述待读取数据;Step S70, decrypting the data to be read, and displaying the data to be read after decryption;
步骤S80,判定所述第三标识信息为非法标识信息,提示用户数据读取失败。 Step S80, determining that the third identification information is illegal identification information, prompting the user that the data reading fails.
在所述第三标识信息与所述第四标识信息一致时,判定所述第三标识信息为合法的标识信息,对所述待读取数据进行解密,并显示解密后的所述待读取数据。具体的,对所述待读取数据进行解密的过程为:调用内核层的解密模块对所述待读取数据进行解密。从终端的硬盘或者移动连接的U盘、移动硬盘中读取所述待读取数据,且是在终端上通过应用层的第三方软件进行所述待读取数据的读取。例如,通过应用层的Word软件、Text软件或PDF软件等在所述待读取存储设备中读取所述待读取数据。When the third identifier information is consistent with the fourth identifier information, determining that the third identifier information is legal identifier information, decrypting the data to be read, and displaying the decrypted file to be read data. Specifically, the process of decrypting the data to be read is: calling a decryption module of the kernel layer to decrypt the data to be read. The data to be read is read from the hard disk of the terminal or the U disk and the mobile hard disk that are connected to the mobile terminal, and the data to be read is read by the third-party software of the application layer on the terminal. For example, the data to be read is read in the storage device to be read by the Word software of the application layer, the Text software, or the PDF software.
在所述第三标识信息与所述第四标识信息不一致时,判定所述第三标识信息为非法的标识信息,此时,用户无法通过应用层软件读取所述待读取数据,提示用户所述待读取数据读取失败。When the third identifier information is inconsistent with the fourth identifier information, the third identifier information is determined to be illegal identifier information. At this time, the user cannot read the data to be read through the application layer software, and prompt the user. The data to be read is read unsuccessfully.
在本发明其他实施例中,为了保证终端数据的安全性,也还可以是获取所述待读取数据所在的待读取存储设备的第五标识信息,判断所述第三标识信息与所述第五标识信息是否一致;在所述第三标识信息与所述第三标识信息一致时,对所述待读取数据进行解密,并显示解密后的所述待读取数据;在所述第三标识信息与所述第五标识信息不一致时,提示用户读取数据失败。即这种情况为将一个终端上的硬盘或者移动连接的U盘、移动硬盘拔除至其他终端进行读取的过程。所述第五标识信息可以是终端ID,例如,IMEI码、台式机/笔记本电脑的IP地址等能将所述终端与其他终端区分出来的标识信息。In other embodiments of the present invention, in order to ensure the security of the terminal data, the fifth identifier information of the storage device to be read where the data to be read is located may be obtained, and the third identifier information and the Whether the fifth identification information is consistent; when the third identification information is consistent with the third identification information, decrypting the to-be-read data, and displaying the decrypted data to be read; When the three identification information is inconsistent with the fifth identification information, the user is prompted to read the data. That is to say, this is a process of extracting a hard disk or a mobile connected USB flash drive or a mobile hard disk on one terminal to another terminal for reading. The fifth identification information may be a terminal ID, for example, an IMEI code, an IP address of a desktop/laptop computer, and the like, which can distinguish the terminal from other terminals.
本发明实施例通过在读取数据时,对待读取数据的标识信息进行合法性判定,在待读取数据的标识信息合法时,授权所述待读取数据的读取,并自动对所述待读取数据解密。实现数据与终端的一一对应,防止终端数据被拷贝至其他终端或保存数据的存储设备被拔除放到其他终端导致数据泄露的技术问题,进而提高终端数据的安全性。The embodiment of the present invention determines the legality of the identification information of the data to be read when the data is read, and authorizes the reading of the data to be read when the identification information of the data to be read is legal, and automatically The data to be read is decrypted. The one-to-one correspondence between the data and the terminal is realized, and the technical problem that the terminal data is copied to other terminals or the storage device that saves the data is removed and put on other terminals causes data leakage, thereby improving the security of the terminal data.
如图3所示,为本发明终端数据写入的装置较佳实施例的功能模块示意图。该装置包括第一获取模块100、加密模块200、写入模块300及第一提示模块400。FIG. 3 is a schematic diagram of functional modules of a preferred embodiment of a device for writing terminal data according to the present invention. The device includes a first obtaining module 100, an encryption module 200, a writing module 300, and a first prompting module 400.
所述第一获取模块100,设置为当监控到数据的写入指令时,获取待写入数据的第一标识信息及与所述写入指令对应的待写入存储设备的第二标识 信息;The first obtaining module 100 is configured to: when the write command of the data is monitored, obtain the first identifier information of the data to be written and the second identifier of the storage device to be written corresponding to the write command information;
用户可以通过电子终端与外界交互,在交互的过程当中,会在电子终端产生并保留一些用户数据。这些用户数据对终端用户来说,属于比较隐私的数据,需要采取安全保护,以防止其他用户进行这些数据的读取、写入等操作。在本发明实施例中,为了保证用户数据的安全性,先为终端的存储设备设置一个第二标识信息,所述第二标识信息可以是终端ID,例如,IMEI码、台式机/笔记本电脑的IP地址等能将所述终端与其他终端区分出来的标识信息。所述终端的存储设备可以是终端自带的硬盘或者移动连接的U盘、移动硬盘等存储介质。根据所述第二标识信息创建加密模块,即将终端的标识信息加入到加密模块里面去,在启动加密模块之前,会先对所述第二标识信息进行验证,即对终端的标识信息进行验证,在所述第二标识信息验证通过后,才调用加密模块进行数据的加密操作。将创建的加密模块添加至内核层,以通过创建的加密模块对用户写入的数据进行加密操作。通过在加密模块中添加所述第二标识信息,例如,终端的ID等,在将用户数据拷贝至其他终端进行读取、修改时,因用户通过其他终端读取、修改时,携带的只能是自身的标识信息,无法携带所述第二标识信息,因此在读取过程中,其他终端无法读取拷贝至其存储设备上保存的用户数据。The user can interact with the outside world through the electronic terminal, and during the interaction process, some user data is generated and retained in the electronic terminal. These user data are relatively private data for the end user, and need to be secured to prevent other users from reading and writing the data. In the embodiment of the present invention, in order to ensure the security of the user data, a second identifier information is first set for the storage device of the terminal, and the second identifier information may be a terminal ID, for example, an IMEI code, a desktop/laptop computer. An identification information that can distinguish the terminal from other terminals, such as an IP address. The storage device of the terminal may be a hard disk that is provided by the terminal or a storage medium such as a U disk or a mobile hard disk that is connected to the mobile device. And the cryptographic module is created according to the second identifier information, that is, the identifier information of the terminal is added to the cryptographic module. Before the cryptographic module is started, the second identifier information is verified, that is, the identifier information of the terminal is verified. After the second identification information is verified, the encryption module is invoked to perform data encryption operation. Add the created cryptographic module to the kernel layer to encrypt the data written by the user through the created cryptographic module. By adding the second identification information, for example, the ID of the terminal, in the encryption module, when the user data is copied to other terminals for reading or modifying, when the user reads or modifies through other terminals, It is its own identification information, and the second identification information cannot be carried. Therefore, during the reading process, other terminals cannot read the user data saved on the storage device.
为了能实现终端数据的安全保护,用户在通过终端向终端的存储设备写入数据时,需携带所述终端的标识信息,即第一标识信息,即为待写入数据设置了所述第一标识信息。所述第一标识信息可以是终端ID,例如,IMEI码、台式机/笔记本电脑的IP地址等能将所述终端与其他终端区分出来的标识信息。对用户写入数据的事件进行监控,当监控到用户数据的写入指令时,第一获取模块100获取所述写入指令携带的第一标识信息及与所述写入指令对应的待写入存储设备的第二标识信息。In order to implement the security protection of the terminal data, when the user writes data to the storage device of the terminal through the terminal, the user needs to carry the identification information of the terminal, that is, the first identification information, that is, the first is set for the data to be written. Identification information. The first identification information may be a terminal ID, for example, an IMEI code, an IP address of a desktop/laptop computer, and the like, which can distinguish the terminal from other terminals. The event that the user writes the data is monitored. When the write command of the user data is monitored, the first obtaining module 100 acquires the first identifier information carried by the write command and the to-be-written corresponding to the write command. The second identification information of the storage device.
所述加密模块200,设置为在所述第一标识信息与所述第二标识信息一致时,对所述待写入数据进行加密;The encryption module 200 is configured to encrypt the data to be written when the first identification information and the second identification information are consistent;
所述写入模块300,设置为将加密后的所述待写入数据写入所述待写入存储设备;The writing module 300 is configured to write the encrypted data to be written into the storage device to be written;
所述第一提示模块400,设置为在所述第一标识信息与第二标识信息不一致时,判定所述第一标识信息为非法标识信息,提示用户数据写入失败。 The first prompting module 400 is configured to determine that the first identifier information is illegal identifier information when the first identifier information is inconsistent with the second identifier information, and prompts the user data to fail to write.
在所述第一标识信息与所述第二标识信息一致时,判定所述第一标识信息为合法的标识信息,加密模块200对所述待写入数据进行加密,并通过写入模块300将加密后的所述待写入数据写入所述待写入存储设备。具体的,写入模块300对所述待写入数据进行的过程为:写入模块300调用内核层的加密模块对所述待写入数据进行加密,并将加密后的所述待写入数据写入所述待写入存储设备,例如,写入终端的硬盘或者与终端移动连接的U盘、移动硬盘上。可以理解的是,用户可以通过应用层软件在所述待写入存储设备写入数据,例如,通过应用层的Word软件、Text软件或PDF软件等在所述待写入存储设备写入数据。When the first identifier information is consistent with the second identifier information, the first identifier information is determined to be legal identifier information, and the encryption module 200 encrypts the data to be written and writes through the writing module 300. The encrypted data to be written is written to the storage device to be written. Specifically, the process performed by the writing module 300 on the data to be written is: the writing module 300 invokes an encryption module of the kernel layer to encrypt the data to be written, and the encrypted data to be written Write to the storage device to be written, for example, a hard disk written to the terminal or a USB disk or a mobile hard disk that is connected to the terminal. It can be understood that the user can write data in the storage device to be written through the application layer software, for example, write data in the storage device to be written by using Word software, Text software or PDF software of the application layer.
在所述第一标识信息与所述第二标识信息不一致时,第一提示模块400判定所述第一标识信息为非法的标识信息,此时,用户无法通过应用层软件在所述待写入存储设备写入数据,第一提示模块400提示用户所述待写入数据写入失败。例如,在用户通过与终端通信连接的其他终端远程在所述终端上写入数据时,因其他终端携带的标识信息与所述终端的标识信息不一致,因此,无法再所述终端中写入数据。再例如,在用户将其他终端拷贝至所述终端上时,因其他终端的数据中包括的标识信息与所述终端的存储设备中包括的信息不一致,因此,拷贝的数据写入不到所述终端上。所述待写入数据的写入包括新数据的写入,也可以包括对保存的数据的修改写入。When the first identification information is inconsistent with the second identification information, the first prompting module 400 determines that the first identification information is illegal identification information, and at this time, the user cannot write the information to be written through the application layer software. The storage device writes data, and the first prompting module 400 prompts the user that the data to be written is failed to be written. For example, when the user writes data on the terminal remotely through other terminals connected to the terminal, the identification information carried by the other terminal is inconsistent with the identification information of the terminal, and therefore, the data cannot be written in the terminal. . For example, when the user copies other terminals to the terminal, the identification information included in the data of the other terminal is inconsistent with the information included in the storage device of the terminal, and therefore, the copied data cannot be written. On the terminal. The writing of the data to be written includes writing of new data, and may also include modified writing of the saved data.
本发明实施例通过在写入数据时,对待写入的数据的标识信息进行合法性判定,在待写入数据的标识信息合法时,授权所述待写入数据的写入,并自动对所述待写入数据加密。实现数据与终端的一一对应,防止终端数据被拷贝至其他终端或保存数据的存储设备被拔除放到其他终端导致数据泄露的技术问题,进而提高终端数据的安全性。In the embodiment of the present invention, when the data is written, the identification information of the data to be written is legally determined, and when the identification information of the data to be written is legal, the writing of the data to be written is authorized, and the information is automatically Write data encryption is described. The one-to-one correspondence between the data and the terminal is realized, and the technical problem that the terminal data is copied to other terminals or the storage device that saves the data is removed and put on other terminals causes data leakage, thereby improving the security of the terminal data.
如图4所示,为本发明终端数据读取的装置较佳实施例的功能模块示意图。该装置包括:第二获取模块500、解密密模块600、读取模块700及第二提示模块800。FIG. 4 is a schematic diagram of functional modules of a preferred embodiment of a device for reading terminal data according to the present invention. The device includes a second obtaining module 500, a decryption module 600, a reading module 700, and a second prompt module 800.
所述第二获取模块500,设置为当监控到数据的读取指令时,获取所述读取指令对应的第三标识信息及与所述读取指令对应的待读取数据的第四标识信息; The second obtaining module 500 is configured to acquire, when the read command of the data is monitored, the third identifier information corresponding to the read command and the fourth identifier information of the data to be read corresponding to the read command. ;
在对写入待存储设备的数据按照上述终端数据写入的方法进行写入之后,对用户读取数据的事件进行监控,当监控到数据的读取指令时,第二获取模块500获取所述读取指令对应的第三标识信息及与所述读取指令对应的待读取数据的第四标识信息。即获取所述读取指令携带的第三标识信息,及待读取存储设备中的待读取数据的第四标识信息。所述第三、第四标识信息可以是终端ID,例如,IMEI码、台式机/笔记本电脑的IP地址等能将所述终端与其他终端区分出来的标识信息。After the data written to the device to be stored is written according to the method for writing the terminal data, the event of the user reading the data is monitored, and when the read command of the data is monitored, the second obtaining module 500 acquires the And reading third identification information corresponding to the instruction and fourth identification information of the data to be read corresponding to the read instruction. That is, the third identifier information carried by the read command and the fourth identifier information of the data to be read in the storage device to be read are obtained. The third and fourth identification information may be a terminal ID, for example, an IMEI code, an IP address of a desktop/laptop computer, and the like, which can distinguish the terminal from other terminals.
所述解密模块600,设置为在所述第三标识信息与所述第四标识信息一致时,对待读取数据进行解密;The decryption module 600 is configured to decrypt the data to be read when the third identifier information is consistent with the fourth identifier information;
所述读取模块700,设置为显示解密后的所述待读取数据;The reading module 700 is configured to display the decrypted data to be read;
所述第二提示模块800,设置为在所述第三标识信息与所述第四标识信息不一致时,判定所述第三标识信息为非法标识信息,提示用户数据读取失败。The second prompting module 800 is configured to determine that the third identifier information is illegal identifier information when the third identifier information is inconsistent with the fourth identifier information, and prompts the user data to fail to read.
在所述第三标识信息与所述第四标识信息一致时,判定所述第三标识信息为合法的标识信息,解密模块600对所述待读取数据进行解密,并通过读取模块700显示解密后的所述待读取数据。可选的,解密模块600对所述待读取数据进行解密的过程为:解密模块600调用内核层的解密模块对所述待读取数据进行解密。从终端的硬盘或者移动连接的U盘、移动硬盘中读取所述待读取数据,且读取模块700是在终端上通过应用层的第三方软件进行所述待读取数据的读取。例如,通过应用层的Word软件、Text软件或PDF软件等在所述待读取存储设备中读取所述待读取数据。When the third identifier information is consistent with the fourth identifier information, the third identifier information is determined to be legal identifier information, and the decryption module 600 decrypts the to-be-read data and displays it by the reading module 700. The decrypted data to be read. Optionally, the process of decrypting the data to be read by the decryption module 600 is: the decryption module 600 calls a decryption module of the kernel layer to decrypt the data to be read. The data to be read is read from the hard disk of the terminal or the U disk and the mobile hard disk of the mobile connection, and the reading module 700 reads the data to be read through the third layer software of the application layer on the terminal. For example, the data to be read is read in the storage device to be read by the Word software of the application layer, the Text software, or the PDF software.
在所述第三标识信息与所述第四标识信息不一致时,第二提示模块800判定所述第三标识信息为非法的标识信息,此时,用户无法通过应用层软件读取所述待读取数据,第二提示模块800提示用户所述待读取数据读取失败。When the third identifier information is inconsistent with the fourth identifier information, the second prompting module 800 determines that the third identifier information is illegal identifier information. At this time, the user cannot read the to-be read by the application layer software. Taking the data, the second prompting module 800 prompts the user that the reading of the data to be read fails.
在本发明其他实施例中,为了保证终端数据的安全性,也还可以是获取所述待读取数据所在的待读取存储设备的第五标识信息,判断所述第三标识信息与所述第五标识信息是否一致;在所述第三标识信息与所述第三标识信息一致时,解密模块600对所述待读取数据进行解密,并通过读取模块700显示解密后的所述待读取数据;在所述第三标识信息与所述第五标识信息不一致时,第二提示模块800提示用户读取数据失败。即这种情况为将一个终 端上的硬盘或者移动连接的U盘、移动硬盘拔除至其他终端进行读取的过程。所述第五标识信息可以是终端ID,例如,IMEI码、台式机/笔记本电脑的IP地址等能将所述终端与其他终端区分出来的标识信息。在本发明其他实施例中,也可以是存在一个终端数据读取、写入的装置,该装置具有一个获取模块、加密模块、写入模块、解密模块、读取模块和提示模块,所述获取模块为与第一获取模块和第二获取模块的功能相同的模块,所述提示模块为与第一提示模块和第二提示模块的功能相同的模块、在进行数据写入操作时,调用获取模块、加密模块、写入模块和提示模块执行数据写入的操作,各模块实现分别与上述终端数据写入的装置中的各个模块对应;在进行数据读取操作时,调用获取模块、解密模块、读取模块和提示模块执行数据读取的操作,各模块实现分别与上述终端数据读取的装置中的各个模块对应。In other embodiments of the present invention, in order to ensure the security of the terminal data, the fifth identifier information of the storage device to be read where the data to be read is located may be obtained, and the third identifier information and the Whether the fifth identifier information is consistent; when the third identifier information is consistent with the third identifier information, the decryption module 600 decrypts the data to be read, and displays the decrypted candidate by the reading module 700. The data is read; when the third identifier information is inconsistent with the fifth identifier information, the second prompting module 800 prompts the user to read the data. That is, this situation will be one end The process of reading the hard disk or the mobile connected USB flash drive and the removable hard disk to other terminals for reading. The fifth identification information may be a terminal ID, for example, an IMEI code, an IP address of a desktop/laptop computer, and the like, which can distinguish the terminal from other terminals. In other embodiments of the present invention, there may be a device for reading and writing terminal data, the device having an obtaining module, an encryption module, a writing module, a decrypting module, a reading module, and a prompting module, and the obtaining The module is the same function as the first obtaining module and the second obtaining module, and the prompting module is the same function as the first prompting module and the second prompting module, and when the data writing operation is performed, the acquiring module is called. The encryption module, the writing module and the prompting module perform data writing operations, and each module respectively corresponds to each module in the device for writing the terminal data; when the data reading operation is performed, the acquiring module, the decrypting module, The reading module and the prompting module perform an operation of reading data, and each module implements a corresponding one of each of the devices in which the terminal data is read.
本发明实施例通过在读取数据时,对待读取数据的标识信息进行合法性判定,在待读取数据的标识信息合法时,授权所述待读取数据的读取,并自动对所述待读取数据解密。实现数据与终端的一一对应,防止终端数据被拷贝至其他终端或保存数据的存储设备被拔除放到其他终端导致数据泄露的技术问题,进而提高终端数据的安全性。The embodiment of the present invention determines the legality of the identification information of the data to be read when the data is read, and authorizes the reading of the data to be read when the identification information of the data to be read is legal, and automatically The data to be read is decrypted. The one-to-one correspondence between the data and the terminal is realized, and the technical problem that the terminal data is copied to other terminals or the storage device that saves the data is removed and put on other terminals causes data leakage, thereby improving the security of the terminal data.
本领域普通技术人员可以理解上述实施例的全部或部分步骤可以使用计算机程序流程来实现,所述计算机程序可以存储于一计算机可读存储介质中,所述计算机程序在相应的硬件平台上(如系统、设备、装置、器件等)执行,在执行时,包括方法实施例的步骤之一或其组合。One of ordinary skill in the art will appreciate that all or a portion of the steps of the above-described embodiments can be implemented using a computer program flow, which can be stored in a computer readable storage medium, such as on a corresponding hardware platform (eg, The system, device, device, device, etc. are executed, and when executed, include one or a combination of the steps of the method embodiments.
可选地,上述实施例的全部或部分步骤也可以使用集成电路来实现,这些步骤可以被分别制作成一个个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。Alternatively, all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve. Thus, the invention is not limited to any specific combination of hardware and software.
上述实施例中的各装置/功能模块/功能单元可以采用通用的计算装置来实现,它们可以集中在单个的计算装置上,也可以分布在多个计算装置所组成的网络上。The devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
上述实施例中的各装置/功能模块/功能单元以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。 上述提到的计算机可读取存储介质可以是只读存储器,磁盘或光盘等。When each device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. The above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
工业实用性Industrial applicability
本发明实施例实现数据与终端的一一对应,防止终端数据被拷贝至其他终端或保存数据的存储设备被拔除放到其他终端导致数据泄露的技术问题,进而提高终端数据的安全性。 The embodiment of the present invention implements a one-to-one correspondence between the data and the terminal, and prevents the terminal data from being copied to other terminals or the storage device that saves the data is removed and put into other terminals to cause data leakage, thereby improving the security of the terminal data.

Claims (12)

  1. 一种终端数据写入的方法,包括:A method for writing terminal data includes:
    当监控到数据的写入指令时,获取待写入数据的第一标识信息及与所述写入指令对应的待写入存储设备的第二标识信息;When the write command of the data is monitored, the first identifier information of the data to be written and the second identifier information of the storage device to be written corresponding to the write command are acquired;
    在所述第一标识信息与所述第二标识信息一致时,对所述待写入数据进行加密,并将加密后的待写入数据写入所述待写入存储设备。And when the first identifier information is consistent with the second identifier information, the data to be written is encrypted, and the encrypted data to be written is written into the storage device to be written.
  2. 如权利要求1所述的终端数据写入的方法,其中,所述获取待写入数据的第一标识信息及与所述写入指令对应的待写入存储设备的第二标识信息的步骤之后,该方法还包括:The method for writing terminal data according to claim 1, wherein the step of acquiring first identification information of data to be written and second identification information of a storage device to be written corresponding to the write instruction The method further includes:
    在所述第一标识信息与第二标识信息不一致时,判定所述第一标识信息为非法标识信息,提示用户数据写入失败。When the first identifier information and the second identifier information are inconsistent, the first identifier information is determined to be illegal identifier information, and the user data write failure is prompted.
  3. 如权利要求1或2所述的终端数据读取的方法,其中,所述当监控到数据的写入指令时,获取所述待写入数据的第一标识信息及与所述写入指令对应的待写入存储设备的第二标识信息的步骤之前,该方法还包括:The method for reading data of a terminal according to claim 1 or 2, wherein when the write command of the data is monitored, the first identification information of the data to be written is acquired and corresponding to the write command Before the step of writing the second identification information of the storage device, the method further includes:
    根据所述第二标识信息创建加密模块,将创建的加密模块添加至内核层。And creating an encryption module according to the second identification information, and adding the created encryption module to the kernel layer.
  4. 一种终端数据读取的方法,包括:A method for reading terminal data includes:
    当监控到数据的读取指令时,获取所述读取指令对应的第三标识信息及与所述读取指令对应的待读取存储设备的第四标识信息;When the read instruction of the data is monitored, the third identifier information corresponding to the read command and the fourth identifier information of the storage device to be read corresponding to the read command are acquired;
    在所述第三标识信息与所述第四标识信息一致时,对待读取数据进行解密,并显示解密后的待读取数据。When the third identification information is consistent with the fourth identification information, the data to be read is decrypted, and the data to be read after decryption is displayed.
  5. 如权利要求4所述的终端数据读取的方法,其中,所述当监控到数据的读取指令时,获取所述读取指令对应的第三标识信息及与所述读取指令对应的待读取存储设备的第四标识信息的步骤之后,该方法还包括:The method of reading data of a terminal according to claim 4, wherein the third identification information corresponding to the read instruction and the corresponding to the read instruction are acquired when the read instruction of the data is monitored After the step of reading the fourth identification information of the storage device, the method further includes:
    在所述第三标识信息与所述第四标识信息不一致时,判定所述第三标识信息为非法标识信息,提示用户数据读取失败。 When the third identifier information is inconsistent with the fourth identifier information, determining that the third identifier information is illegal identifier information, prompting the user that the data reading fails.
  6. 一种终端数据写入的装置,包括:A device for writing terminal data, comprising:
    第一获取模块,其设置为:当监控到数据的写入指令时,获取待写入数据的第一标识信息及与所述写入指令对应的待写入存储设备的第二标识信息;a first obtaining module, configured to: obtain first identification information of the data to be written and second identification information to be written to the storage device corresponding to the write instruction when the write instruction of the data is monitored;
    加密模块,其设置为:在所述第一标识信息与所述第二标识信息一致时,对所述待写入数据进行加密;以及An encryption module, configured to: encrypt the data to be written when the first identification information is consistent with the second identification information;
    写入模块,其设置为:将加密后的待写入数据写入所述待写入存储设备。And a write module, configured to: write the encrypted data to be written to the storage device to be written.
  7. 如权利要求6所述的终端数据写入的装置,该装置还包括:第一提示模块,The apparatus for writing terminal data according to claim 6, further comprising: a first prompting module,
    所述第一提示模块设置为:在所述第一标识信息与第二标识信息不一致时,判定所述第一标识信息为非法标识信息,提示用户数据写入失败。The first prompting module is configured to: when the first identifier information and the second identifier information are inconsistent, determine that the first identifier information is illegal identifier information, and prompt the user data to fail to write.
  8. 如权利要求6或7所述的终端数据读取的装置,该装置还包括第一创建模块,The apparatus for reading terminal data according to claim 6 or 7, further comprising a first creation module,
    所述第一创建模块设置为:根据所述第二标识信息创建加密模块,将创建的加密模块添加至内核层。The first creating module is configured to: create an encryption module according to the second identifier information, and add the created encryption module to the kernel layer.
  9. 一种终端数据读取的装置,该装置包括:A device for reading terminal data, the device comprising:
    第二获取模块,其设置为:当监控到数据的读取指令时,获取所述读取指令对应的第三标识信息及与所述读取指令对应的待读取存储设备的第四标识信息;a second acquiring module, configured to: acquire third identification information corresponding to the read instruction and fourth identification information of the storage device to be read corresponding to the read instruction, when the read instruction of the data is monitored ;
    解密模块,其设置为:在所述第三标识信息与所述第四标识信息一致时,对待读取数据进行解密;以及a decryption module, configured to: when the third identification information is consistent with the fourth identification information, decrypt the data to be read;
    读取模块,其设置为:显示解密后的待读取数据。The reading module is configured to: display the decrypted data to be read.
  10. 如权利要求9所述的终端用户数据读取的装置,该装置还包括第二提示模块,The apparatus for reading end user data according to claim 9, further comprising a second prompting module,
    所述第二提示模块设置为:在所述第三标识信息与所述第四标识信息不 一致时,判定所述第三标识信息为非法标识信息,提示用户数据读取失败。The second prompting module is configured to: the third identifier information and the fourth identifier information are not When the information is consistent, the third identification information is determined to be illegal identification information, and the user data reading failure is prompted.
  11. 一种实现权利要求1-5任一项所述方法的计算机程序。A computer program for implementing the method of any of claims 1-5.
  12. 一种存储权利要求11所述计算机程序的计算机可读存储介质。 A computer readable storage medium storing the computer program of claim 11.
PCT/CN2014/094550 2014-05-21 2014-12-22 Terminal data writing and reading methods and devices WO2015176531A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410216403.X 2014-05-21
CN201410216403.XA CN105095784A (en) 2014-05-21 2014-05-21 Terminal data writing and reading methods and devices

Publications (1)

Publication Number Publication Date
WO2015176531A1 true WO2015176531A1 (en) 2015-11-26

Family

ID=54553379

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/094550 WO2015176531A1 (en) 2014-05-21 2014-12-22 Terminal data writing and reading methods and devices

Country Status (2)

Country Link
CN (1) CN105095784A (en)
WO (1) WO2015176531A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111104097A (en) * 2019-12-13 2020-05-05 上海众源网络有限公司 Data writing and reading method and device
CN112152888A (en) * 2019-06-28 2020-12-29 广东美的制冷设备有限公司 Information writing method and device for household appliance and equipment

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107609422B (en) * 2017-09-29 2019-03-05 维沃移动通信有限公司 A kind of file management method and mobile terminal
CN109145623A (en) * 2018-08-24 2019-01-04 深圳竹云科技有限公司 A kind of equipment Id encryption technology based on Android kernel
CN112685756B (en) * 2020-12-30 2021-09-21 北京海泰方圆科技股份有限公司 Data writing and reading method, device, medium and equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1551184A (en) * 1998-01-20 2004-12-01 ��ʿͨ��ʽ���� Data storage device and control method therefor
CN101057498A (en) * 2004-11-10 2007-10-17 汤姆森许可贸易公司 Device, system and method for the presentation of a signal having an audio-visual content
CN101296231A (en) * 2008-05-30 2008-10-29 深圳华为通信技术有限公司 Data card operation method and data card
CN101441603A (en) * 2007-11-20 2009-05-27 三星电子株式会社 Storage device, terminal device and method of using a storage device
CN201917912U (en) * 2010-12-14 2011-08-03 航天信息股份有限公司 Monitoring and management system of USB (Universal Serial Bus) storage device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101174941B (en) * 2006-11-01 2012-07-04 北京书生电子技术有限公司 Off-line digital copyright protection method and device for mobile terminal document
CN101989321A (en) * 2010-11-05 2011-03-23 上海传知信息科技发展有限公司 Electronic book offline reading copyright protection system and method thereof
CN103714017B (en) * 2012-10-09 2017-06-30 中兴通讯股份有限公司 A kind of authentication method, authentication device and authenticating device
CN103235906B (en) * 2013-03-27 2016-01-13 广东欧珀移动通信有限公司 A kind of application program encryption, decryption method and encryption, decryption device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1551184A (en) * 1998-01-20 2004-12-01 ��ʿͨ��ʽ���� Data storage device and control method therefor
CN101057498A (en) * 2004-11-10 2007-10-17 汤姆森许可贸易公司 Device, system and method for the presentation of a signal having an audio-visual content
CN101441603A (en) * 2007-11-20 2009-05-27 三星电子株式会社 Storage device, terminal device and method of using a storage device
CN101296231A (en) * 2008-05-30 2008-10-29 深圳华为通信技术有限公司 Data card operation method and data card
CN201917912U (en) * 2010-12-14 2011-08-03 航天信息股份有限公司 Monitoring and management system of USB (Universal Serial Bus) storage device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112152888A (en) * 2019-06-28 2020-12-29 广东美的制冷设备有限公司 Information writing method and device for household appliance and equipment
CN111104097A (en) * 2019-12-13 2020-05-05 上海众源网络有限公司 Data writing and reading method and device
CN111104097B (en) * 2019-12-13 2023-06-30 上海众源网络有限公司 Data writing and reading method and device

Also Published As

Publication number Publication date
CN105095784A (en) 2015-11-25

Similar Documents

Publication Publication Date Title
CN107659632B (en) File encryption and decryption method and device and computer readable storage medium
WO2016173264A1 (en) Electronic data protection method and device, and terminal device
WO2015176531A1 (en) Terminal data writing and reading methods and devices
US9660986B2 (en) Secure access method and secure access device for an application program
TWI436235B (en) Data encryption method and system, data decryption method
WO2017215148A1 (en) File protection method and device
JP2017521795A (en) A device using flash memory to store important or sensitive technical information and other data
US20150319147A1 (en) System and method for file encrypting and decrypting
US9292708B2 (en) Protection of interpreted source code in virtual appliances
TWI644229B (en) Data center with data encryption and operating method thererfor
US9805186B2 (en) Hardware protection for encrypted strings and protection of security parameters
JP6751856B2 (en) Information processing equipment and information processing system
TW201344488A (en) Method and system for protecting PHP program
WO2015154469A1 (en) Database operation method and device
JP2007048008A (en) External storage, computer, and sbc control method
TW201738802A (en) A removable security device and a method to prevent unauthorized exploitation and control access to files
JP2006146358A (en) Usb peripheral equipment control system and usb peripheral equipment control method
WO2016184213A1 (en) Method and apparatus for improving access security of wireless network and mobile terminal
CN107688729B (en) Application program protection system and method based on trusted host
TW201642621A (en) Key protecting device and key protecting method
JP6215468B2 (en) Program protector
CN102938044B (en) A kind of method and device file being carried out to management and control
CN109598154B (en) Credible full-disk encryption and decryption method
TWI393007B (en) Information access controllable storage device, information access control method and information protection method
TWI644204B (en) Method for partitioning memory area of non-volatile memory

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14892742

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14892742

Country of ref document: EP

Kind code of ref document: A1