CN103164659A - Method for realizing data storage safety and electronic device - Google Patents

Method for realizing data storage safety and electronic device Download PDF

Info

Publication number
CN103164659A
CN103164659A CN2011104151651A CN201110415165A CN103164659A CN 103164659 A CN103164659 A CN 103164659A CN 2011104151651 A CN2011104151651 A CN 2011104151651A CN 201110415165 A CN201110415165 A CN 201110415165A CN 103164659 A CN103164659 A CN 103164659A
Authority
CN
China
Prior art keywords
data
electronic equipment
file system
driving module
calling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011104151651A
Other languages
Chinese (zh)
Inventor
宋祎斐
彭绍平
杨建起
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN2011104151651A priority Critical patent/CN103164659A/en
Publication of CN103164659A publication Critical patent/CN103164659A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention provides a method for realizing data storage safety and an electronic device. The method is applied to the electronic device which comprises an inner core unit and a file system driving module, wherein the inner core unit provides safe access to electronic device hardware for application programs running on the electronic device, and the inner core unit supports the file system driving module which supports data access. The method comprises that the fact that the file system driving module calls data is detected; a calling type corresponding to the calling is inquired; in the calling type, data storage corresponds to an encryption operation, and data extraction corresponds to a decryption operation; and current data called by the file system driving module are processed according to the encryption operation or the decryption operation corresponding to the calling type. In the process that the inner core unit supports the file system driving module to call data, data encryption and decryption operations are realized in the inner core unit and are invisible to a user, using of other functions of the electronic device are not affected, and data safety is improved at the same time.

Description

A kind of method and electronic equipment of realizing the data storage security
Technical field
The present invention relates to Technology On Data Encryption, refer to especially a kind of method and electronic equipment of realizing the data storage security.
Background technology
Electronic equipment-particularly intelligent mobile terminal is widely used, and a lot of individual privacy data all can be stored in electronic equipment; After development of Mobile Internet technology was universal, it is particularly important that the security of electronic equipment seems.
Existing carry out in the technology of safeguard protection for the data of electronic equipment, the encryption of data is nearly all realized in application layer.
There are the following problems for prior art: be nearly all to realize in application layer to the encryption of data, and for application layer to carry out security attack be the relatively simple and ubiquitous problem of technology, so the security of data and integrality can not be guaranteed.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of method and electronic equipment of realizing the data storage security, be used for solving prior art, nearly all to realize in application layer to the encryption of data, effective guarding network attack, the defective that the security of data and integrality can not be guaranteed.
For solving the problems of the technologies described above, embodiments of the invention provide a kind of method that realizes the data storage security, be applied to electronic equipment, described electronic equipment comprises: a kernel unit, it is the part of the operating system of described electronic equipment, provide secure access to electronic equipment hardware for running on application program on described electronic equipment, and, at least one file system driving module operation supported; Described file system driving module support is with the Organization of Data form access data of correspondence; Method comprises: a file system driving module calling data detected; Inquire about the described corresponding call type of calling; Described call type comprises at least store data and extracts data, the corresponding cryptographic operation of described store data, the corresponding decryption oprerations of described extraction data; The cryptographic operation corresponding according to described call type or decryption oprerations are processed the current data of calling of described file system driving module.
In described method, the cryptographic operation corresponding according to described call type or decryption oprerations are processed the current data of calling of described file system driving module, specifically comprise: in described cryptographic operation, receive the clear data that described application transfer is come, call a cryptographic algorithm, described clear data is encrypted rear generating ciphertext data, described encrypt data is stored in storage unit corresponding to described application program.
In described method, the cryptographic operation corresponding according to described call type or decryption oprerations are processed the current data of calling of described file system driving module, specifically comprise: in described decryption oprerations, find storage unit corresponding to described application program, and call encrypt data in described storage unit, call a decipherment algorithm, described encrypt data is decrypted rear generation clear data; Notify described application program to process described clear data.
In described method, a file system driving module calling data detected, also comprise: after described electronic equipment electrifying startup before, when being in BOOT LOADER during the stage, receive the key of input, described key is the encryption key of described cryptographic operation, and the decruption key of decryption oprerations.
In described method, the cryptographic operation corresponding according to described call type or decryption oprerations are processed the current data of calling of described file system driving module, specifically comprise: the current operable key that do not have detected, prompting need to receive key from a SIM card by electronic equipment interfaces.
In described method, inquire about the described call type of calling correspondence and also comprise: when the data of query calls are system data, do not carry out subsequent step, when the data of query calls are the application data of application program, carry out subsequent step.
A kind of electronic equipment has an operating system, comprising: kernel unit, it is the part of described operating system, provide secure access to electronic equipment hardware for running on application program on described electronic equipment, and, at least one file system driving module operation supported; File system driving module is used for support with the Organization of Data form access data of correspondence; Detecting unit is for detection of to a file system driving module calling data is arranged; Inquire about the described corresponding call type of calling; Described call type comprises at least store data and extracts data, the corresponding cryptographic operation of described store data, the corresponding decryption oprerations of described extraction data; The data security unit is used for cryptographic operation or the decryption oprerations corresponding according to described call type the current data of calling of described file system driving module is processed.
In described electronic equipment, described data security unit comprises: encrypting module, be used at described cryptographic operation, receive the clear data that described application transfer is come, call a cryptographic algorithm, described clear data is encrypted rear generating ciphertext data, described encrypt data is stored in storage unit corresponding to described application program.
In described electronic equipment, described data security unit comprises: deciphering module, be used in described decryption oprerations, find storage unit corresponding to described application program, and call encrypt data in described storage unit, call a decipherment algorithm, described encrypt data is decrypted rear generation clear data; Notify described application program to process described clear data.
In described electronic equipment, also comprise: the BOOT unit is used for after described electronic equipment electrifying startup, when being in BOOT LOADER during the stage, receive the key of input, described key is the encryption key of described cryptographic operation, and the decruption key of decryption oprerations.
The beneficial effect of technique scheme of the present invention is as follows: in the process that kernel support one file system driving module is called data, realize the encrypting and decrypting operation to data in kernel, and this encrypting and decrypting operation is sightless for the user, when not affecting other functions of using electronic equipment, improved data security.
Description of drawings
Fig. 1 represents a kind of method flow schematic diagram of realizing the data storage security;
Fig. 2 represents electronic equipment internal function logic distribution schematic diagram;
Fig. 3 represents a kind of inner structure schematic diagram of electronic equipment.
Embodiment
For making the technical problem to be solved in the present invention, technical scheme and advantage clearer, be described in detail below in conjunction with the accompanying drawings and the specific embodiments.
Operating system (Operating System, OS) is the system level program of managing electronic device hardware and program, its administration configuration internal memory, the priority ranking of decision systems resource supply and demand, control inputs and output, supervising the network and file system provide interface with system interaction etc.
Kernel is the core of operating system, owing to being directly very complicated to hardware operation, so kernel provides a kind of method of hardware abstraction to complete these operations usually, this hardware abstraction has been hidden the complicacy of hardware operation, for succinct unified interface is provided between application program and hardware, make design application more simple; Kernel comprises each funtion part of diode-capacitor storage, file system, peripheral hardware and system resource, and the functions such as hardware abstraction layer, disk and file system control, multi-task parallel processing are provided; Kernel support operation process, and communication between process is provided, for application program provides secure access to computer hardware, this secure access is limited access, and kernel determines that when to certain hardware operation how long an application program.Kernel is not complete operating system, and the operating system based on linux kernel is called (SuSE) Linux OS or GNU/Linux.
The embodiment of the present invention provides a kind of method that realizes the data storage security, is applied to electronic equipment, and as shown in Figure 1, electronic equipment comprises:
One kernel unit is the part of the operating system of described electronic equipment, provides secure access to electronic equipment hardware for running on application program on described electronic equipment, and, support at least one file system driving module operation; Described file system driving module support is with the Organization of Data form access data of correspondence;
Method comprises:
Step 101 has detected a file system driving module calling data;
Step 102 is inquired about the described corresponding call type of calling; Described call type comprises at least store data and extracts data, the corresponding cryptographic operation of described store data, the corresponding decryption oprerations of described extraction data;
Step 103, the cryptographic operation corresponding according to described call type or decryption oprerations are encrypted or decipher the current data of calling of described file system driving module.
The technical scheme that provides is provided, in the process that kernel support one file system driving module is called data, realize the encrypting and decrypting operation to data in kernel, and this encrypting and decrypting operation is sightless for the user, when not affecting other functions of using electronic equipment, improved data security.
The data that electronic equipment relates to comprise: application data and system data, application data comprise the Cache data, the data that application program is used, and user data; System data is the data that the operating system of system program-is for example used, essential record the value of various state parameters of electronic equipment; Wherein, the unencrypted application data is called clear data, and the application data after encryption is called encrypt data.File system driving module is supported Organization of Data form access application data and the system data with correspondence.
In a preferred embodiment, the cryptographic operation corresponding according to described call type or decryption oprerations are encrypted or decipher the current data of calling of described file system driving module, specifically comprise:
In described cryptographic operation, receive the clear data that described application transfer is come, call a cryptographic algorithm, described clear data is encrypted rear generating ciphertext data, described encrypt data is stored in storage unit corresponding to described application program.
In a preferred embodiment, the cryptographic operation corresponding according to described call type or decryption oprerations are encrypted or decipher the current data of calling of described file system driving module, specifically comprise:
In described decryption oprerations, find storage unit corresponding to described application program, and call the encrypt data in described storage unit, call a decipherment algorithm, described encrypt data is decrypted rear generation clear data; Notify described application program to process described clear data.
In a preferred embodiment, inquiring about the described call type of calling correspondence also comprises: when the data of query calls are system data, do not carry out subsequent step;
When the data of query calls are the application data of application program, carry out subsequent step.
In electronic equipment, storage unit comprises several subregions, and wherein, some subregions are deposited application data, some subregion storage system data.
When the data of query calls are system data, system data are not encrypted or decipher;
When the data of query calls are the application data of application program, if deposit application data, be encrypted operation, if extract application data, be decrypted operation.
In a preferred embodiment, a file system driving module calling data detected, also comprised before:
After described electronic equipment electrifying startup, when being in BOOT LOADER during the stage, receive the key of input, described key is the encryption key of cryptographic operation, and the decruption key of decryption oprerations.
In a preferred embodiment, the cryptographic operation corresponding according to described call type or decryption oprerations are encrypted or decipher the current data of calling of described file system driving module, specifically comprise:
The current operable key that do not have detected, prompting need to receive key from a SIM card by electronic equipment interfaces.
In electronic equipment, as shown in Figure 2, run application in the user area of electronic equipment internal, different application programs may use different file system driving module, such as FAT file system, YAFFS file system, EXT file system and new technology file system etc.
Different file system driving module all is in kernel unit to be moved, cryptographic operation or decryption oprerations also are in kernel unit and move, that is, carry out cryptographic operation or decryption oprerations in kernel unit, file system driving module is all supported cryptographic operation or decryption oprerations;
When application program needs the access application data, can call the file system driving module that is in kernel unit, any one file system driving module can be carried out cryptographic operation to clear data in the process of carrying out data access, perhaps encrypt data is carried out decryption oprerations.
In an application scenarios, electronic equipment is mobile terminal specifically, and the workflow after mobile terminal powers on comprises:
Step 201, mobile terminal powers on, power supply begins to mainboard and the power supply of other device, due to spread of voltage this moment, control chip group on mainboard can be sent and keep a replacement (RESET) signal to CPU, allow CPU automatically restore to original state, but CPU can not carry out instruction this moment at once.
Step 202, system's guiding loads the key equipment initialization operation that (BOOT LOADER) at first carries out CPU, internal memory, memory controller etc.Wherein, BOOT LOADER is one section small routine of operation before the operating system nucleus operation, this section small routine can initiating hardware equipment, set up the mapping graph of memory headroom, thereby take the hardware environment of system to a suitable state, in order to be ready to correct environment for final call operation system kernel.
Step 203, system BOOT LOADER, initialization video card, display screen and touch panel device, this moment, video card all can demonstrate some initialization LOGO of manufacturer on screen.
And, be in this BOOT LOADER during the stage, show the interface of an input key, the prompting user inputs key; Mobile terminal receives the key of input, and described key is the encryption key of described cryptographic operation, the decruption key of decryption oprerations.
Step 205, the kernel unit of system BOOT LOADER load operation system is prepared to transfer the control of mobile terminal to operating system; Specifically comprise:
System BOOT LOADER upgrades the information of passing to the operating system nucleus unit, comprises facility information, memory size, partition information etc., and these information exchanges are crossed parameter and passed to kernel unit.
Step 206, the start-up code of system BOOT LOADER will jump to kernel unit at last, complete selling of control, be about to control and transfer operating system to.
Step 207, then some important system datas of operating system initialization demonstrate the interface of operating system, and proceed guiding and the initial work of graphic user interface (GUI) part.
Step 208 starts one or more application program, inquires about the described corresponding call type of calling, and the call type of this application program is specifically called application data.
Step 209 in decryption oprerations, finds the user area of storage unit corresponding to application program, and the encrypt data in the invoke user district,
Call a decipherment algorithm, described encrypt data is decrypted rear generation clear data; Wherein, the key that adopts is from the key of being inputted by the user in the BOOT LOADER stage in step 203;
Notification application is processed described clear data.
Step 210 is carried out cryptographic operation, in cryptographic operation, receives the clear data that described application transfer is come,
Call a cryptographic algorithm, clear data is encrypted rear generating ciphertext data, be stored in the user area of storage unit.
The technical scheme that the embodiment of the present invention provides, not only can be applied in mobile terminal, can also be applied in desk-top electronic equipment, such as all can application data being encrypted operation or decryption oprerations in the equipment such as computing machine, in an application scenarios, the workflow of computing machine comprises:
Step 301, electronic equipment powers on, power supply begins to mainboard and miscellaneous equipment power supply, due to spread of voltage this moment, control chip group on mainboard can be sent and keep a replacement (RESET) signal to CPU, allow CPU automatically restore to original state, but CPU can not carry out instruction this moment at once.
The rear self check (POST) that powers on of step 302, the start-up code of system bios, in the main detected electrons equipment of POST, whether some key equipments as internal memory and video card etc. exist and work.
Step 303, system bios is searched display card BIOS, the start address of for example depositing the rom chip of display card BIOS is located at the C0000H place usually, system bios just calls its setup code after this start address finds display card BIOS, come the initialization video card by display card BIOS, this moment, video card all can demonstrate some initialization informations on screen, introduced the contents such as production firm, graphic chips type.
And, be in this BIOS during the stage, show the interface of an input key, the prompting user inputs key; Electronic equipment receives the key of input, and described key is the encryption key of described cryptographic operation, the decruption key of decryption oprerations.
Step 304, system bios detect and show type and the frequency of operation of CPU, until that all hardware all configures after testing is complete.
Step 305, the kernel unit of system bios and operating system are carried out alternately, prepare to transfer the control of electronic equipment to operating system; Specifically comprise:
System bios upgrades expanding system configuration data (ESCD, Extended System Configuration Data), and ESCD is that system bios is used for a kind of means with operating system switching hardware configuration information, and these data are stored among CMOS.
Step 306, the start-up code of system bios will be carried out last work, and namely the boot sequence according to appointment starts from USB, hard disk or CD-ROM drive.
Step 307, operating system be some important system datas of initialization at first, then demonstrate the interface of operating system, and proceed guiding and the initial work of graphic user interface (GUI) part.
Step 308 starts one or more application program, inquires about the described corresponding call type of calling, and the call type of this application program is specifically called application data.
Step 309 in decryption oprerations, finds the user area of storage unit corresponding to application program, and the encrypt data in the invoke user district,
Call a decipherment algorithm, encrypt data is decrypted rear generation clear data; Wherein, the key that adopts is from the key of being inputted by the user in the BIOS stage in step 303;
Notification application is processed clear data.
Step 310 is carried out cryptographic operation, in cryptographic operation, receives the clear data that application transfer is come, and calls a cryptographic algorithm, and clear data is encrypted rear generating ciphertext data, is stored in the user area of storage unit.
The embodiment of the present invention provides a kind of electronic equipment, as shown in Figure 3, has an operating system, comprising:
Kernel unit 01 is the part of described operating system, provides secure access to electronic equipment hardware for running on application program on described electronic equipment, and, support at least one file system driving module 02 operation;
File system driving module 02, operation in described kernel unit 01, the data that are used for supporting described application program are carried out access with the Organization of Data form of correspondence;
Detecting unit 03 is for detection of to file system driving module 02 calling data is arranged;
Inquire about the described corresponding call type of calling; Described call type comprises at least store data and extracts data, the corresponding cryptographic operation of described store data, the corresponding decryption oprerations of described extraction data;
Data security unit 04, operation in described kernel unit 01 is used for cryptographic operation or the decryption oprerations corresponding according to described call type the current data of calling of described file system driving module 02 is processed.
In a preferred embodiment, the data security unit in electronic equipment 04 comprises:
Encrypting module 041 is used at described cryptographic operation, receives the clear data that described application transfer is come,
Call a cryptographic algorithm, described clear data be encrypted rear generating ciphertext data,
Described encrypt data is stored in storage unit corresponding to described application program 05.
In a preferred embodiment, data security unit 04 comprises:
Deciphering module 042 is used in described decryption oprerations, and find storage unit corresponding to described application program 05, and call the encrypt data in described storage unit 05,
Call a decipherment algorithm, described encrypt data is decrypted rear generation clear data; Notify described application program to process described clear data.
The BOOT unit is used for after described electronic equipment electrifying startup, when being in BOOT LOADER during the stage, receives the key of input, and described key is the encryption key of described cryptographic operation, and the decruption key of decryption oprerations.
Adopt the advantage after this programme to be: the encryption and decryption of the data that electronic equipment is related to all realizes in kernel, the encryption and decryption operation is sightless for the user, all reading and writing data completed by the encryption and decryption filtration drive in kernel, and this technology is optionally encrypted application data, do not carry out encryption and decryption for system data, when not affecting the user and using other experience of electronic equipment, improved data security.
The above is the preferred embodiment of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from principle of the present invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.

Claims (10)

1. a method that realizes the data storage security, be applied to electronic equipment, it is characterized in that, described electronic equipment comprises:
One kernel unit is the part of the operating system of described electronic equipment, provides secure access to electronic equipment hardware for running on application program on described electronic equipment, and, support at least one file system driving module operation; Described file system driving module support is with the Organization of Data form access data of correspondence;
Method comprises:
A file system driving module calling data detected;
Inquire about the described corresponding call type of calling; Described call type comprises at least store data and extracts data, the corresponding cryptographic operation of described store data, the corresponding decryption oprerations of described extraction data;
The cryptographic operation corresponding according to described call type or decryption oprerations are processed the current data of calling of described file system driving module.
2. method according to claim 1, is characterized in that, the cryptographic operation corresponding according to described call type or decryption oprerations are processed the current data of calling of described file system driving module, specifically comprise:
In described cryptographic operation, receive the clear data that described application transfer is come,
Call a cryptographic algorithm, described clear data be encrypted rear generating ciphertext data,
Described encrypt data is stored in storage unit corresponding to described application program.
3. method according to claim 1, is characterized in that, the cryptographic operation corresponding according to described call type or decryption oprerations are processed the current data of calling of described file system driving module, specifically comprise:
In described decryption oprerations, find storage unit corresponding to described application program, and call the encrypt data in described storage unit,
Call a decipherment algorithm, described encrypt data is decrypted rear generation clear data;
Notify described application program to process described clear data.
4. method according to claim 1, is characterized in that, a file system driving module calling data detected, also comprises before:
After described electronic equipment electrifying startup, when being in BOOT LOADER during the stage, receive the key of input, described key is the encryption key of described cryptographic operation, and the decruption key of decryption oprerations.
5. method according to claim 1, is characterized in that, the cryptographic operation corresponding according to described call type or decryption oprerations are processed the current data of calling of described file system driving module, specifically comprise:
The current operable key that do not have detected,
Prompting need to receive key from a SIM card by electronic equipment interfaces.
6. method according to claim 1, is characterized in that, inquires about the described call type of calling correspondence and also comprise:
When the data of query calls are system data, do not carry out subsequent step,
When the data of query calls are the application data of application program, carry out subsequent step.
7. an electronic equipment, is characterized in that, has an operating system, comprising:
Kernel unit is the part of described operating system, provides secure access to electronic equipment hardware for running on application program on described electronic equipment, and, support at least one file system driving module operation;
File system driving module is used for support with the Organization of Data form access data of correspondence;
Detecting unit is for detection of to a file system driving module calling data is arranged;
Inquire about the described corresponding call type of calling; Described call type comprises at least store data and extracts data, the corresponding cryptographic operation of described store data, the corresponding decryption oprerations of described extraction data;
The data security unit is used for cryptographic operation or the decryption oprerations corresponding according to described call type the current data of calling of described file system driving module is processed.
8. electronic equipment according to claim 7, is characterized in that, described data security unit comprises:
Encrypting module is used at described cryptographic operation, receives the clear data that described application transfer is come,
Call a cryptographic algorithm, described clear data be encrypted rear generating ciphertext data,
Described encrypt data is stored in storage unit corresponding to described application program.
9. electronic equipment according to claim 7, is characterized in that, described data security unit comprises:
Deciphering module is used in described decryption oprerations, and find storage unit corresponding to described application program, and call the encrypt data in described storage unit,
Call a decipherment algorithm, described encrypt data is decrypted rear generation clear data;
Notify described application program to process described clear data.
10. electronic equipment according to claim 7, is characterized in that, also comprises:
The BOOT unit is used for after described electronic equipment electrifying startup, when being in BOOT LOADER during the stage, receives the key of input, and described key is the encryption key of described cryptographic operation, and the decruption key of decryption oprerations.
CN2011104151651A 2011-12-13 2011-12-13 Method for realizing data storage safety and electronic device Pending CN103164659A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011104151651A CN103164659A (en) 2011-12-13 2011-12-13 Method for realizing data storage safety and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011104151651A CN103164659A (en) 2011-12-13 2011-12-13 Method for realizing data storage safety and electronic device

Publications (1)

Publication Number Publication Date
CN103164659A true CN103164659A (en) 2013-06-19

Family

ID=48587736

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011104151651A Pending CN103164659A (en) 2011-12-13 2011-12-13 Method for realizing data storage safety and electronic device

Country Status (1)

Country Link
CN (1) CN103164659A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104915235A (en) * 2015-06-15 2015-09-16 深圳市九洲电器有限公司 Terminal device application program upgrading method and terminal device application program upgrading system
CN104992124A (en) * 2015-08-03 2015-10-21 电子科技大学 Document safety access method for cloud storage environment
CN105678190A (en) * 2016-03-01 2016-06-15 福建省闽保信息技术股份有限公司 Data storage auditing system
CN106953728A (en) * 2017-03-28 2017-07-14 联想(北京)有限公司 A kind of data transmission method and electronic equipment
CN107133517A (en) * 2017-05-08 2017-09-05 成都德涵信息技术有限公司 A kind of data restoration method encrypted and calculated based on data in EMS memory
CN108090368A (en) * 2017-12-20 2018-05-29 北京小牛互联科技有限公司 The guard method of APK program files and system
CN110399744A (en) * 2019-07-31 2019-11-01 上海商米科技集团股份有限公司 Data ciphering method and device, mobile terminal and computer-readable medium
CN113221171A (en) * 2021-05-21 2021-08-06 杭州弗兰科信息安全科技有限公司 Encrypted file reading and writing method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030056095A1 (en) * 2001-09-14 2003-03-20 International Business Machines Corporation Securing decrypted files in a shared environment
CN1928881A (en) * 2006-09-26 2007-03-14 南京擎天科技有限公司 Computer data security protective method
CN101447007A (en) * 2008-10-31 2009-06-03 东莞市智盾电子技术有限公司 Safe outward communication method of active data safe storing equipment
CN101453327A (en) * 2007-11-29 2009-06-10 北京鼎信高科信息技术有限公司 Information leakage prevention system
CN101729550A (en) * 2009-11-09 2010-06-09 西北大学 Digital content safeguard system based on transparent encryption and decryption method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030056095A1 (en) * 2001-09-14 2003-03-20 International Business Machines Corporation Securing decrypted files in a shared environment
CN1928881A (en) * 2006-09-26 2007-03-14 南京擎天科技有限公司 Computer data security protective method
CN101453327A (en) * 2007-11-29 2009-06-10 北京鼎信高科信息技术有限公司 Information leakage prevention system
CN101447007A (en) * 2008-10-31 2009-06-03 东莞市智盾电子技术有限公司 Safe outward communication method of active data safe storing equipment
CN101729550A (en) * 2009-11-09 2010-06-09 西北大学 Digital content safeguard system based on transparent encryption and decryption method thereof

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104915235A (en) * 2015-06-15 2015-09-16 深圳市九洲电器有限公司 Terminal device application program upgrading method and terminal device application program upgrading system
CN104992124A (en) * 2015-08-03 2015-10-21 电子科技大学 Document safety access method for cloud storage environment
CN105678190A (en) * 2016-03-01 2016-06-15 福建省闽保信息技术股份有限公司 Data storage auditing system
CN106953728A (en) * 2017-03-28 2017-07-14 联想(北京)有限公司 A kind of data transmission method and electronic equipment
CN107133517A (en) * 2017-05-08 2017-09-05 成都德涵信息技术有限公司 A kind of data restoration method encrypted and calculated based on data in EMS memory
CN107133517B (en) * 2017-05-08 2020-01-07 成都德涵信息技术有限公司 Data recovery method based on data encryption and calculation in memory
CN108090368A (en) * 2017-12-20 2018-05-29 北京小牛互联科技有限公司 The guard method of APK program files and system
CN110399744A (en) * 2019-07-31 2019-11-01 上海商米科技集团股份有限公司 Data ciphering method and device, mobile terminal and computer-readable medium
CN110399744B (en) * 2019-07-31 2022-02-01 上海商米科技集团股份有限公司 Data encryption method and device, mobile terminal and computer readable medium
CN113221171A (en) * 2021-05-21 2021-08-06 杭州弗兰科信息安全科技有限公司 Encrypted file reading and writing method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN103164659A (en) Method for realizing data storage safety and electronic device
US10684865B2 (en) Access isolation for multi-operating system devices
EP2648129B1 (en) Method and apparatus for securing touch input
EP3163492B1 (en) Dynamic pre-boot storage encryption key
US9779032B2 (en) Protecting storage from unauthorized access
US20150046712A1 (en) Method of operating data security and electronic device supporting the same
US20190012464A1 (en) Method and device for ensuring security of firmware of pos machine
CN108898005B (en) Hard disk identification method, system, equipment and computer readable storage medium
US20090240953A1 (en) On-disk software image encryption
CN103309721A (en) Virtual machine monitor management system and method
EP3066604B1 (en) Data accessibility control
CN103810434A (en) Information processing apparatus with hibernation function, control method therefor, and storage medium storing control program therefor
CN107908957B (en) Safe operation management method and system of intelligent terminal
WO2017105706A1 (en) Processor state integrity protection using hash verification
CN101950345A (en) Hardware decryption-based high-reliability terminal equipment and working method thereof
CN106326782A (en) Information processing method and electronic device
TWI716320B (en) Security task processing method, device, electronic equipment and storage medium
CN105592033B (en) trusted service management system and method
CN103020509A (en) Terminal equipment encryption and decryption method, device and terminal equipment
CN102542213A (en) Information security processor and method for realizing secrecy of context information in process of operating
KR101552557B1 (en) Service Server for Preventing Mobile Application Decompiled and Method thereof
KR101552556B1 (en) Method for Preventing Mobile Application Decompiled and Program Publishing Server for Storing Launcher therefor
CN105790953A (en) Dual-interface authentication device and working method thereof
CN111142912A (en) BIOS refreshing method, device and equipment
CN115525913A (en) Encryption and decryption method, device and medium based on virtual file system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20130619