WO2020044095A1 - Procédé et appareil de chiffrement de fichiers, dispositif, terminal, serveur et support d'informations lisible par ordinateur - Google Patents

Procédé et appareil de chiffrement de fichiers, dispositif, terminal, serveur et support d'informations lisible par ordinateur Download PDF

Info

Publication number
WO2020044095A1
WO2020044095A1 PCT/IB2018/057162 IB2018057162W WO2020044095A1 WO 2020044095 A1 WO2020044095 A1 WO 2020044095A1 IB 2018057162 W IB2018057162 W IB 2018057162W WO 2020044095 A1 WO2020044095 A1 WO 2020044095A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
encrypted
encryption
type
information
Prior art date
Application number
PCT/IB2018/057162
Other languages
English (en)
Chinese (zh)
Inventor
姚若旭
Original Assignee
优视科技新加坡有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 优视科技新加坡有限公司 filed Critical 优视科技新加坡有限公司
Publication of WO2020044095A1 publication Critical patent/WO2020044095A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Definitions

  • Embodiments of the present application relate to the field of data processing technologies, and in particular, to a file encryption method, device, device / terminal / server, and computer-readable storage medium. Background technique
  • a large amount of user privacy data is stored in smart devices, such as the user ’s identity data, behavior data, medical data, or other data that the user wants to protect.
  • the data security issues facing smart devices are also diverse. For example, there are Data security threats caused by network hacking attacks, virus intrusions, etc .; there are also data security problems caused by vulnerabilities in intelligent device management and insufficient strength of access control; and the management of high-confidential data storage devices. Coming security risks.
  • one of the technical problems solved by the embodiments of the present application is to provide a file encryption method, device, device / terminal / server, and computer-readable storage medium to ensure the security of user privacy data.
  • a file encryption method including: determining that a file to be encrypted is not saved in a system folder, wherein the file to be encrypted stores user privacy data; and encrypting according to a setting A rule is to perform encryption processing on the data content of the file to be encrypted, and set the file type of the file to be encrypted to a set encryption type after the encryption processing, where the set encryption type and the setting are Corresponding to the predetermined encryption rule, the set encryption type is used to indicate the The encrypted file is encrypted by the set encryption rule; and an encrypted file is generated according to the data content after the encryption process and the modified file type.
  • a file encryption device including: a determining module configured to determine that a file to be encrypted is not saved in a system folder, wherein the file to be encrypted stores user privacy Data; an encryption module configured to perform encryption processing on the data content of the file to be encrypted according to a set encryption rule, and set the file type of the file to be encrypted to the set encryption type after the encryption processing, where The set encryption type corresponds to the set encryption rule, and the set encryption type is used to indicate that the file to be encrypted is encrypted by the set encryption rule; a generating module configured to be configured according to the encrypted processing The data content and the modified file type generate an encrypted file.
  • a device / terminal / server including: one or more processors; a storage device configured to store one or more programs; when the one or more programs Being executed by the one or more processors, so that the one or more processors implement the file encryption method according to the first aspect.
  • a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the file encryption method according to the first aspect is implemented.
  • the file encryption scheme it is first determined that a file to be encrypted is not stored under the system folder, so as to prevent the file to be encrypted that stores user privacy data from leaking through the system folder; then, according to the set encryption rule, The data content of the encrypted file is encrypted and its file type is set to the set encryption type.
  • the set encryption type is different from the conventional file type and corresponds to the set encryption rule. It is used to indicate that the current file has passed the set encryption rule. Encryption.
  • the encrypted file is difficult to be identified and read by general programs, which improves the density.
  • the encryption rules can be clearly marked to provide information for subsequent decryption.
  • the data content and the modified file type generate corresponding encrypted files. It can be seen that the file encryption solution provided in the embodiments of the present application can effectively ensure the security of user privacy data of smart devices and prevent the leakage of user privacy data.
  • FIG. I is a flowchart of steps of a file encryption method according to Embodiment 1 of the present application
  • FIG. 2 is a flowchart of steps of a file encryption method according to Embodiment 2 of the present application;
  • FIG. 3 is a structural block diagram of a file encryption device according to a third embodiment of the present application.
  • FIG. 4 is a structural block diagram of a file encryption device according to a fourth embodiment of the present application.
  • FIG. 5 is a schematic structural diagram of a device / terminal / server according to Embodiment 5 of the present application. detailed description
  • the file encryption method of this embodiment includes the following steps:
  • Step S102 It is determined that the file to be encrypted is not saved in the system folder.
  • the user's privacy data is stored in the file to be encrypted.
  • User privacy data includes, but is not limited to, user identity data, behavior data, medical data, or other data that the user wants to protect.
  • Step S104 The data content of the file to be encrypted is encrypted according to the set encryption rule, and the file type of the file to be encrypted is set to the set encryption type after the encryption process.
  • the set encryption type corresponds to the set encryption rule, and the set encryption type is used to indicate that the file to be encrypted is encrypted by the set encryption rule.
  • Different set encryption rules correspond to different set encryption types.
  • the set encryption type is different from a conventional file type, and a person skilled in the art can customize any appropriate character string to characterize the encryption type as required.
  • the encryption rules can be downloaded and used from the server, or loaded and used after being downloaded locally. Corresponds to the setting of the encryption rule and the setting of the encryption type. On the one hand, the encryption type can reflect the encryption rule. In subsequent decryption, the information of the encryption rule corresponding to the encryption type can be directly obtained or used to quickly and easily encrypt the file. Provide accurate evidence for decryption; On the other hand, if the encryption rules are updated on the server side Then, the encryption type is also updated accordingly. When the client detects that a new encryption type is generated, it can be determined that the encryption rule has been updated, thereby downloading a new encryption rule from the server, and improving the encryption efficiency and security.
  • Step S106 Generate an encrypted file according to the encrypted data content and the modified file type.
  • the final encrypted file can be generated.
  • the file encryption scheme provided by this embodiment, first determine that a file to be encrypted is not saved under the system folder to avoid leakage of the file to be encrypted that contains user privacy data through the system folder; then, according to the set encryption rule, treat the encryption
  • the data content of the file is encrypted and its file type is set to the set encryption type.
  • the set encryption type is different from the conventional file type and corresponds to the set encryption rule. It is used to indicate that the current file has been encrypted by the set encryption rule. Therefore, on the one hand, the encrypted file is difficult to be identified and read by general programs, which improves the density.
  • the encryption rules can be clearly marked to provide information for subsequent decryption.
  • the data content and the modified file type generate corresponding encrypted files. It can be seen that the file encryption scheme provided in this embodiment can effectively ensure the security of the user's privacy data of the smart device and prevent the leakage of the user's privacy data.
  • the file encryption method in this embodiment may be executed by any appropriate device having data processing capabilities, including, but not limited to, various terminal devices or servers, such as a PC, a tablet computer, a mobile terminal, and the like.
  • various terminal devices or servers such as a PC, a tablet computer, a mobile terminal, and the like.
  • the file encryption method of this embodiment includes the following steps:
  • Step S202 Check whether a file to be encrypted is stored in the system folder; if so, remove the file to be encrypted from the system folder, and then perform step S204; if not, directly perform step S204.
  • the user's privacy data is stored in the file to be encrypted.
  • Step S204 The data content of the file to be encrypted is encrypted according to the set encryption rule, and the file type of the file to be encrypted is set to the set encryption type after the encryption process.
  • the set encryption type corresponds to the set encryption rule, and the set encryption type is used to indicate that the file to be encrypted is encrypted by the set encryption rule.
  • this step may be implemented as: obtaining a set encryption rule, where the set encryption rule includes information of an encryption algorithm and information of an encryption type; and according to the encryption algorithm indicated by the encryption algorithm information, The data content is encrypted; then, the file type of the file to be encrypted is set to the encryption type indicated by the encryption type information.
  • the data content of the file to be encrypted represents the actual content of the file to be encrypted, including, but not limited to, user privacy data recorded in the file to be encrypted.
  • the encryption algorithm and the encryption type can be appropriately set by those skilled in the art according to actual needs, and the embodiment of the present application does not limit this.
  • the encryption algorithm may be any appropriate symmetric encryption algorithm, asymmetric encryption algorithm, HASH encryption algorithm, etc. .
  • setting the file type of the file to be encrypted to set the encryption type may include: performing detype processing on the file attribute information of the file to be encrypted, where the detype processing is used to remove the original file type of the file to be encrypted Information; after the detype processing is performed, the file type of the file to be encrypted is set to the set encryption type.
  • the detype processing the original file type of the file to be encrypted can be hidden during encryption, which is difficult to be identified and read, and the degree of encryption can be improved; while decrypting, the original file type can be quickly parsed and restored to improve the efficiency of the decryption operation.
  • the detype processing includes: obfuscating the original file type information identifying the file to be encrypted in the file attribute information of the file to be encrypted, or adding and setting the original file type information identifying the file to be encrypted in the file attribute information of the file to be encrypted.
  • Fixed character processing The set characters may be appropriately set by those skilled in the art according to actual needs, including but not limited to: characters, numbers, symbols, and the like, which are not limited in the embodiment of the present application.
  • Obfuscation is an information protection technology that replaces ideographic character combinations such as names with meaningless character combinations.
  • the obfuscation operation is performed by obfuscating the original file type information.
  • the information of the original file type of the file to be encrypted can be removed, and on the other hand, it also plays a role of data protection to a certain extent.
  • the data content in the file to be encrypted is encrypted, such as local encryption or server encryption; and then, the attribute information of the file to be encrypted is obfuscated to prevent external software from reading it
  • the flag bit may be confused, or characters may be added to remove the original.
  • the original file type flag, and subsequent decryption, the original file type can be parsed.
  • the file type of the file to be encrypted can be set to its own dedicated type (ie, the encryption type is set) to indicate that the file to be encrypted is encrypted by the set encryption rule.
  • the own special type can be directly HardCode to the local, or can be issued by the server for easy expansion.
  • the own dedicated type will add its own type suffix to the file type suffix of the file to be encrypted. If the encryption method is upgraded, the suffix name can be changed, and the server can issue different suffix names and encryption methods for upgrading. Correspondence.
  • Step S206 Generate an encrypted file according to the encrypted data content and the modified file type.
  • the data file in the encrypted file TEST may be first encrypted by the DES encryption algorithm; then, the flag bit corresponding to the original file type of the encrypted file TEST is performed.
  • the obfuscation operation assumes that a 12qi5 character string is generated; then, an encrypted file "TEST.12qi5.xyz" file can be generated according to the above operation and the data content is encrypted.
  • Step S208 Hide the generated encrypted file under the set hidden folder.
  • the setting of the hidden folder can be appropriately set by those skilled in the art according to actual needs, and this embodiment of the present application does not limit this.
  • the folder where the encrypted file is located is set as a hidden folder.
  • the encrypted file may also be hidden to a certain hidden folder.
  • the basic hiding and categorization of encrypted files is achieved.
  • steps S210 may be performed:
  • Step S210 Perform slice processing on the hidden encrypted file to generate multiple encrypted file slices; save the multiple encrypted file slices out of order.
  • storing multiple encrypted file slices out of order may include: obtaining an out of order rule for storing files out of order, and using the out of order rule to save out of order multiple encrypted file slices.
  • the out-of-order rules can be appropriately set by a person skilled in the art according to actual needs, and can be stored locally or on a server, and downloaded from the server when needed.
  • Step S212 Record the encrypted information, save the encrypted information to the server, or save it to a folder different from the folder where the encrypted file is located.
  • the encryption information includes: information for setting encryption rules, information for slice processing, and information stored out of order.
  • a file may be stored, and corresponding to the file, different files may have different combinations of operations.
  • decrypting it will first query the file's encryption combination mode, and then generate a decryption combination for decryption.
  • the decryption "key” is stored in a different place from the folder where the encrypted file is located, which prevents the information leakage that could be caused by placing the encryption and decryption information in one place.
  • the user can effectively encrypt any file, and only save (if any) the key (encryption method, slicing rules, out-of-order rules, etc.) on the server, and do not save the encrypted file.
  • People can decrypt files. To decrypt, you must first get the "key”. When you get the "key”, a person skilled in the art can also set a variety of appropriate verification conditions to ensure that it can only be obtained legally.
  • the trace of the file to be encrypted is first removed in the system, and then the data content is encrypted, and then the file type, slice, and out-of-order storage are re-encrypted to encrypt the encrypted file, and then the encrypted file is encrypted.
  • the keys are stored elsewhere to achieve limited reversible file access control. Effectively guarantee the security of user privacy data of smart devices and prevent the leakage of user privacy data.
  • the file encryption method in this embodiment may be executed by any appropriate device having data processing capabilities, including, but not limited to, various terminal devices or servers, such as a PC, a tablet computer, a mobile terminal, and the like.
  • various terminal devices or servers such as a PC, a tablet computer, a mobile terminal, and the like.
  • the solution in the embodiment of the present application is applicable to a privacy encryption scenario of a local file of any device.
  • Example three
  • the file encryption device of this embodiment includes: a determining module 302 configured to determine that a file to be encrypted is not stored in a system folder, wherein the file to be encrypted stores user privacy data; and an encryption module 304 is configured to follow a set encryption rule The data content of the file to be encrypted is encrypted, and the file type of the file to be encrypted is set to the set encryption type after the encryption process, where the set encryption type and Corresponding to the set encryption rule, the set encryption type is used to indicate that the file to be encrypted is encrypted by the set encryption rule; the generating module 306 is configured to generate an encrypted file according to the encrypted data content and the modified file type.
  • the file encryption device of this embodiment is configured to implement the corresponding file encryption methods in the foregoing multiple method embodiments, and has the beneficial effects of the corresponding method embodiments, and details are not described herein again.
  • the file encryption device of this embodiment includes: a determination module 402 configured to determine that a file to be encrypted is not stored in a system folder, wherein the file to be encrypted stores user privacy data; and an encryption module 404 is configured to follow a set encryption rule The data content of the file to be encrypted is encrypted, and the file type of the file to be encrypted is set to the set encryption type after the encryption process, where the set encryption type corresponds to the set encryption rule, and the set encryption type is used for Indicates that the file to be encrypted is encrypted by a set encryption rule; a generating module 406 is configured to generate an encrypted file according to the encrypted data content and the modified file type.
  • the encryption module 404 includes: an obtaining module 4042 configured to obtain a set encryption rule, wherein the set encryption rule includes information of an encryption algorithm and information of an encryption type; the content processing module 4044 is configured to according to the information of the encryption algorithm The indicated encryption algorithm performs encryption processing on the data content of the file to be encrypted; the type processing module 4046 is configured to set the file type of the file to be encrypted to the encryption type indicated by the information of the encryption type.
  • the type processing module 4046 is configured to perform type elimination processing on the file attribute information of the file to be encrypted, where the type elimination processing is used to remove the original file type information of the file to be encrypted; after the type elimination processing is performed, the to be encrypted The file type of the file is set to set the encryption type.
  • the type removal processing includes: obfuscating the original file type information identifying the file to be encrypted in the file attribute information, or performing set character processing on the original file type information identifying the file to be encrypted in the file attribute information.
  • the file encryption device of this embodiment further includes: a hiding module 408, configured to hide the generated encrypted file under a set hidden folder.
  • the file encryption device of this embodiment further includes: a slicing module 410 configured to perform slicing processing on the encrypted file after the hidden processing, after the hidden module 408 hides the generated encrypted file under a set hidden folder, Generate multiple encrypted file slices; an out-of-order module 412 is configured to save the multiple encrypted file slices out of order.
  • the out-of-order module 412 is configured to obtain out-of-order rules for out-of-order storage files, and use the out-of-order rules to perform out-of-order storage on multiple encrypted file slices.
  • the file encryption device in this embodiment further includes: a recording module 414 configured to record encryption information, where the encryption information includes: information for setting encryption rules, information for slice processing, and information stored out of order; Save the encrypted information to the server, or save it to a folder different from the folder where the encrypted file is located.
  • a recording module 414 configured to record encryption information, where the encryption information includes: information for setting encryption rules, information for slice processing, and information stored out of order; Save the encrypted information to the server, or save it to a folder different from the folder where the encrypted file is located.
  • the determination module 402 is configured to check whether a file to be encrypted is stored in the system folder; if it is, the file to be encrypted is removed from the system folder; if not, the encryption module 404 is executed.
  • the file encryption device in this embodiment is used to implement the corresponding file encryption methods in the foregoing multiple method embodiments, and has the beneficial effects of the corresponding method embodiments, and details are not described herein again.
  • Example 5
  • FIG. 5 a schematic structural diagram of a device / terminal / server according to Embodiment 5 of the present application is shown.
  • the specific embodiment of the present application does not limit the specific implementation of the device / terminal / server.
  • the device / terminal / server may include a processor 502 and a storage device 504.
  • the processor 502 is configured to execute a program 506, and may specifically perform related steps in the foregoing embodiment of the file encryption method.
  • the program 506 may include program code, where the program code includes a computer operation instruction.
  • the processor 502 may be a central processing unit CPU, or an integrated circuit (ASICC Application Specific Integrated Circuit), or one or more integrated circuits configured to implement the embodiments of the present application.
  • One or more processors included in the device / terminal / server which may be processors of the same type, such as one or more CPUs; or processors of different types, such as one or more CPUs and one or more ASICs .
  • the storage device 504 is configured to store one or more programs 506.
  • the storage device 504 may include a high-speed RAM memory, and may also include a non-volatile memory (non-volatile memory), for example, at least one disk memory.
  • the program 506 may be specifically configured to cause the processor 502 to perform the following operations: It is determined that the file to be encrypted is not stored in the system folder, where the user privacy data is stored in the file to be encrypted; and the data content of the file to be encrypted is set according to the set encryption rule. Perform encryption processing, and set the file type of the file to be encrypted to the set encryption type after the encryption processing, where setting the encryption type is opposite to setting the encryption rule.
  • the set encryption type is used to indicate that the file to be encrypted is encrypted by the set encryption rule; and an encrypted file is generated according to the data content of the encryption process and the modified file type.
  • the program 506 is further configured to cause the processor 502 to perform encryption processing on the data content of the file to be encrypted in accordance with the set encryption rule, and set the file type of the file to be encrypted after the encryption processing to
  • a set encryption rule is obtained, where the set encryption rule includes information of the encryption algorithm and information of the encryption type; the encryption algorithm indicates the data content of the encrypted file according to the encryption algorithm indicated by the encryption algorithm information; The file type of the file to be encrypted is set to the encryption type indicated by the encryption type information.
  • the program 506 is further configured to cause the processor 502 to perform detype processing on the file attribute information of the file to be encrypted when the file type of the file to be encrypted is set to the set encryption type, where The type processing is used to remove the original file type information of the file to be encrypted; after the detype processing is performed, the file type of the file to be encrypted is set to a set encryption type.
  • the detype processing includes: obfuscating the original file type information identifying the file to be encrypted in the file attribute information, or performing the original file type information identifying the file to be encrypted in the file attribute information. Add set character processing.
  • the program 506 is further configured to cause the processor 502 to hide the generated encrypted file under a set hidden folder.
  • the program 506 is further configured to cause the processor 502 to perform slice processing on the hidden encrypted file after the generated encrypted file is hidden under the set hidden folder to generate multiple encryptions. File slicing; Save multiple encrypted file slices out of order.
  • the program 506 is further configured to cause the processor 502 to obtain out-of-order rules for out-of-order storage files when storing a plurality of encrypted file slices out-of-order, and use out-of-order rules for multiple Encrypted file slices are stored out of order.
  • the program 506 is further configured to cause the processor 502 to record encryption information, where the encryption information includes: information for setting encryption rules, information for slicing processing, and information stored out of order; encryption Save the information to the server, or save it to a folder different from the folder where the encrypted file is located.
  • the program 506 is further configured to cause the processor 502 to check whether a file to be encrypted is stored in the system folder when it is determined that the file to be encrypted is not stored in the system folder; if it is, it is to be encrypted The file is removed from the system folder; if not, the data content of the file to be encrypted is encrypted according to the set encryption rule, and the operation of setting the file type of the file to be encrypted to the set encryption type is performed after the encryption process. .
  • each step in the program 506 reference may be made to corresponding descriptions in corresponding steps and units in the foregoing embodiment of the file encryption method, and details are not described herein. Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working processes of the devices and modules described above may refer to the corresponding process descriptions in the foregoing method embodiments, and are not repeated here.
  • a file to be encrypted is not stored in the system folder to avoid leakage of the file to be encrypted that stores user privacy data through the system folder; then, according to the set encryption rule, The data content of the encrypted file is encrypted and its file type is set to the set encryption type.
  • the set encryption type is different from the conventional file type and corresponds to the set encryption rule. It is used to indicate that the current file has passed the set encryption rule. Encryption.
  • the encrypted file is difficult to be identified and read by general programs, which improves the density.
  • the encryption rules can be clearly marked to provide information for subsequent decryption.
  • the data content and the modified file type generate corresponding encrypted files.
  • each component / step described in the embodiment of the present application may be split into more components / steps, or two or more components / steps or partial operations of components / steps may be combined into New components / steps to achieve the purpose of the embodiments of the present application.
  • the process described above with reference to the flowchart may be implemented as a computer software program.
  • the embodiment of the present application includes a computer program product including a computer program borne on a computer-readable medium, where the computer program includes program code for executing the methods shown in the foregoing multiple method embodiments.
  • the computer program may be downloaded and installed from a network through a communication section, and / or installed from a removable medium.
  • CPU central processing unit
  • the computer-readable medium described in this application may be a computer-readable signal medium or a computer-readable storage medium or any combination of the foregoing.
  • the computer-readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of computer-readable storage media may include, but are not limited to: electrical connections with one or more wires, portable computer disks, hard disks, random access storage (RAM), read-only storage (ROM), erasable Type programmable read-only storage device (EPROM or flash memory), optical fiber, portable compact disk read-only storage device (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the foregoing.
  • a computer-readable storage medium may be any tangible medium that contains or stores a program, and the program can be instructed to execute a system or device Either the device is used or used in combination.
  • a computer-readable signal medium may include a data signal that is included in baseband or propagated as part of a carrier wave, and which carries computer-readable program code. Such a propagated data signal may take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing.
  • the computer-readable signal medium may also be any computer-readable medium other than a computer-readable storage medium, and the computer-readable medium may send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device .
  • Program code embodied on a computer-readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
  • Computer program code for performing the operations of the present application may be written in one or more programming languages, or a combination thereof, which includes an object-oriented programming language--such as
  • Java, Smalltalk, C ++ also includes regular procedural programming languages such as "C” or similar programming languages.
  • the program code can be executed entirely on the user's computer, partly on the user's computer, as an independent software package, partly on the user's computer, partly on a remote computer, or entirely on a remote computer or server.
  • the remote computer can be connected to the user's computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computer (such as provided by an Internet service) (Commercially connected via the Internet).
  • LAN local area network
  • WAN wide area network
  • an Internet service Commercially connected via the Internet
  • each block in the flowchart or block diagram may represent a module, a program segment, or a part of code, which contains one or more functions for implementing a specified logical function Executable instructions.
  • the functions marked in the boxes may also occur in a different order than those marked in the drawings. For example, two successively represented boxes may actually be executed substantially in parallel, and they may sometimes be executed in the reverse order, depending on the functions involved.
  • each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts may be implemented in a dedicated hardware-based system that performs the specified function or operation. Or, it can be implemented by a combination of dedicated hardware and computer instructions.
  • the units described in the embodiments of the present application may be implemented in a software manner, or may be implemented in a hardware manner.
  • the described unit may also be provided in a processor, for example, it may be described as:
  • a processor includes a determination unit, an encryption unit, and a generation unit.
  • the names of these units do not constitute a limitation on the unit itself in some cases, for example, the determining unit may also be described as "a unit that determines that a file to be encrypted is not saved in a system folder".
  • the present application also provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the method described in any one of the foregoing embodiments is implemented.
  • the present application further provides a computer-readable medium, which may be included in the device described in the foregoing embodiments; or may exist alone without being assembled into the device.
  • the computer-readable medium carries one or more programs, and when the one or more programs are executed by the device, the device is caused to determine that a file to be encrypted is not saved in a system folder, where a file to be encrypted is stored User privacy data; according to the set encryption rule, the data content of the file to be encrypted is encrypted, and the file type of the file to be encrypted is set to the set encryption type after the encryption process, wherein the set encryption type and the set encryption rule Correspondingly, the set encryption type is used to indicate that the file to be encrypted is encrypted by the set encryption rule; and an encrypted file is generated according to the data content of the encryption process and the modified file type.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Des modes de réalisation de la présente invention comprennent un procédé et un appareil de chiffrement de fichiers, un dispositif, un terminal, un serveur et un support d'enregistrement lisible par ordinateur. Le procédé de chiffrement de fichiers comprend les étapes consistant à : déterminer qu'un fichier à chiffrer n'est pas mémorisé dans un dossier système, le fichier mémorisant des données privées d'utilisateur ; exécuter un traitement de chiffrement sur le contenu de données du fichier selon une règle de chiffrement définie, et après que le traitement de chiffrement a été exécuté, configurer un type de fichier du fichier pour pour qu'il soit d'un type de chiffrement défini, le type de chiffrement défini correspondant à la règle de chiffrement définie, et le type de chiffrement défini étant utilisé pour indiquer que le fichier est chiffré par le biais de la la règle de chiffrement définie ; et générer un fichier chiffré selon le contenu de données qui a subi le traitement de chiffrement et le type de fichier modifié. Les modes de réalisation de la présente invention garantissent la sécurité des données privées d'utilisateur sur un dispositif intelligent, évitant de ce fait la fuite de données privées d'utilisateur.
PCT/IB2018/057162 2018-08-27 2018-09-18 Procédé et appareil de chiffrement de fichiers, dispositif, terminal, serveur et support d'informations lisible par ordinateur WO2020044095A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810978593.7A CN109299611A (zh) 2018-08-27 2018-08-27 文件加密方法、装置、设备/终端/服务器及计算机可读存储介质
CN201810978593.7 2018-08-27

Publications (1)

Publication Number Publication Date
WO2020044095A1 true WO2020044095A1 (fr) 2020-03-05

Family

ID=65165476

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/057162 WO2020044095A1 (fr) 2018-08-27 2018-09-18 Procédé et appareil de chiffrement de fichiers, dispositif, terminal, serveur et support d'informations lisible par ordinateur

Country Status (2)

Country Link
CN (1) CN109299611A (fr)
WO (1) WO2020044095A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111031353B (zh) * 2019-12-11 2022-08-23 上海乐相科技有限公司 一种视频加密方法及装置
CN111259432B (zh) * 2020-02-18 2023-09-12 瑞芯微电子股份有限公司 一种模型数据保护方法和可读计算机存储介质
CN111767529A (zh) * 2020-05-18 2020-10-13 广州视源电子科技股份有限公司 文件加密方法、文件解密方法、存储介质和电子设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104134046A (zh) * 2014-07-29 2014-11-05 深圳市中兴移动通信有限公司 加密方法和装置
CN105022936A (zh) * 2014-04-30 2015-11-04 北京畅游天下网络技术有限公司 一种类class文件加密解密方法和装置
CN105100186A (zh) * 2015-04-27 2015-11-25 深圳市美贝壳科技有限公司 一种家庭云照片快速加密解密的方法
CN106250781A (zh) * 2016-07-31 2016-12-21 山东大学 一种基于虚拟机增量镜像的用户信息保护方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103198261A (zh) * 2012-01-09 2013-07-10 鸿富锦精密工业(深圳)有限公司 保护文件内容安全的方法和系统
CN105763525A (zh) * 2014-12-19 2016-07-13 北大方正集团有限公司 一种识别码生成方法和识别码解密方法及装置
CN104573535B (zh) * 2015-01-04 2019-08-16 努比亚技术有限公司 一种移动终端及其提高加密效率的方法和装置
CN108197485B (zh) * 2018-01-29 2020-08-18 世纪龙信息网络有限责任公司 终端数据加密方法和系统、终端数据解密方法和系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105022936A (zh) * 2014-04-30 2015-11-04 北京畅游天下网络技术有限公司 一种类class文件加密解密方法和装置
CN104134046A (zh) * 2014-07-29 2014-11-05 深圳市中兴移动通信有限公司 加密方法和装置
CN105100186A (zh) * 2015-04-27 2015-11-25 深圳市美贝壳科技有限公司 一种家庭云照片快速加密解密的方法
CN106250781A (zh) * 2016-07-31 2016-12-21 山东大学 一种基于虚拟机增量镜像的用户信息保护方法

Also Published As

Publication number Publication date
CN109299611A (zh) 2019-02-01

Similar Documents

Publication Publication Date Title
US11238165B2 (en) File encryption method, file decryption method, electronic device, and storage medium
US8831228B1 (en) System and method for decentralized management of keys and policies
US9906513B2 (en) Network authorization system
US8423789B1 (en) Key generation techniques
US9571471B1 (en) System and method of encrypted transmission of web pages
US9020149B1 (en) Protected storage for cryptographic materials
US20100235649A1 (en) Portable secure data files
US20130290731A1 (en) Systems and methods for storing and verifying security information
CN103731395A (zh) 文件的处理方法及系统
Song et al. A cloud secure storage mechanism based on data dispersion and encryption
Virvilis et al. Secure cloud storage: Available infrastructures and architectures review and evaluation
US20230325516A1 (en) Method for file encryption, terminal, electronic device and computer-readable storage medium
WO2020044095A1 (fr) Procédé et appareil de chiffrement de fichiers, dispositif, terminal, serveur et support d'informations lisible par ordinateur
Bossi et al. What users should know about full disk encryption based on LUKS
CN106682521B (zh) 基于驱动层的文件透明加解密系统及方法
KR102387169B1 (ko) 디지털 포렌식 데이터 복호화 장치
US20130290732A1 (en) Systems and methods for storing and verifying security information
US9697372B2 (en) Methods and apparatuses for securing tethered data
CN103532712A (zh) 数字媒体文件保护方法、系统及客户端
CN111831978A (zh) 一种对配置文件进行保护的方法及装置
CN107391970B (zh) Flash应用程序中的函数访问控制方法及装置
US11455404B2 (en) Deduplication in a trusted execution environment
JP7481076B2 (ja) キー圧縮可能な暗号化
WO2021164167A1 (fr) Procédé, appareil, système et dispositif d'accès à une clé, et support de stockage
CN101018117B (zh) 网页日志加密系统及方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18932271

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18932271

Country of ref document: EP

Kind code of ref document: A1