CN107678886A - A kind of method and terminal device for preserving, recovering application data - Google Patents

A kind of method and terminal device for preserving, recovering application data Download PDF

Info

Publication number
CN107678886A
CN107678886A CN201710931615.XA CN201710931615A CN107678886A CN 107678886 A CN107678886 A CN 107678886A CN 201710931615 A CN201710931615 A CN 201710931615A CN 107678886 A CN107678886 A CN 107678886A
Authority
CN
China
Prior art keywords
submodule
data
terminal device
default
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710931615.XA
Other languages
Chinese (zh)
Other versions
CN107678886B (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201710931615.XA priority Critical patent/CN107678886B/en
Publication of CN107678886A publication Critical patent/CN107678886A/en
Application granted granted Critical
Publication of CN107678886B publication Critical patent/CN107678886B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/62Uninstallation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention discloses a kind of method and terminal device for preserving, recovering application data, belongs to areas of information technology.Terminal device disclosed by the invention includes preserving module and recovery module, and preserving module includes:Create submodule, assembling submodule, addition submodule, setting submodule, the first encryption submodule, the first labeling submodule, the second labeling submodule;Recovery module includes:First acquisition submodule, the first checking submodule, the first reading submodule, the second reading submodule, the first decryption submodule.Technical scheme disclosed by the invention, can be applied routine data when terminal device reinstalls application program from secure storage areas, without user cumbersome ground data memory, make the process simplification for reinstalling application program, improve Consumer's Experience.

Description

A kind of method and terminal device for preserving, recovering application data
Technical field
The present invention relates to a kind of method of data in areas of information technology, more particularly to preservation, recovery application program and end End equipment.
Background technology
In the prior art, after the application program in terminal device is unloaded, the related data in application program is lost therewith Lose, when reinstalling application program, data before can not be recovered, and cause user to add data to new installation again Application program in, when the data being related to are more, bad memory, if some loss of vital data, user can be caused Very big influence.In particular for the application program of the dynamic token of safety certification, after terminal device unloading application program, Server corresponding to the producer to application program or application program it must apply activating again again when reinstalling application program One token number, installation procedure is cumbersome, causes Consumer's Experience bad.
The content of the invention
The present invention provides a kind of method and terminal device for preserving, recovering application data.
A kind of method for preserving, recovering application data provided by the invention, including terminal device unloading application program Before, application data is preserved;And the terminal device is when reinstalling the application program, to the application Routine data is recovered;
The terminal device carries out preservation to the application data and specifically includes following steps:
Step S1:The terminal device creates storage object;
Step S2:The application data is assembled into the storage object by the terminal device;
Step S3:The storage object is added in the secure storage areas of itself by the terminal device;
After the step S1, before step S3, in addition to:The storage object is arranged to default by the terminal device Encryption type;Also include in the step S3:The terminal device is deposited according to the default encryption type to the safety The application data in the storage object in storage area is encrypted;
Also include before the step S3:The terminal device is using default Data Identification in the storage object The application data is identified, and the storage object is identified using default object identity;
The terminal device carries out recovery to the application data and specifically includes following steps:
Step A0:The terminal device obtains the mark of the application program of data to be restored according to preset path, according to obtaining The mark of the application program taken finds the First Certificate of itself preservation, and data to be restored are answered using the First Certificate Verified with program, step A1 is performed when being verified;
Step A1:The terminal device is deposited according to reading in the secure storage areas the default object identity Store up object;
Step A2:The terminal device reads the application encrypted in the storage object according to the default Data Identification Routine data, using decipherment algorithm corresponding with the default encryption type to the encryption in the storage object should Decrypted to obtain the application data with routine data.
Alternatively, before above-mentioned terminal device is identified using default Data Identification to the application data, Also include:The terminal device generates the default Data Identification according to the first preset algorithm;
Correspondingly, above-mentioned terminal device according to the default Data Identification read data in the storage object it Before, in addition to:The terminal device generates the default Data Identification according to first preset algorithm.
Alternatively, before above-mentioned terminal device is identified using default object identity to the storage object, also wrap Include:The terminal device generates the default object identity according to the second preset algorithm;
Correspondingly, above-mentioned terminal device is deposited according to reading in the secure storage areas the default object identity Before storing up object, in addition to:The terminal device generates the default object identity according to second preset algorithm.
Alternatively, before above-mentioned terminal device is identified using default object identity to the storage object, also wrap Include:The terminal device sends to corresponding server according to predetermined server address and obtains object identity request, described in reception The default object identity that corresponding server returns;
Correspondingly, above-mentioned terminal device is deposited according to reading in the secure storage areas the default object identity Before storing up object, in addition to:The terminal device sends acquisition pair according to the predetermined server address to corresponding server As identification request, the default object identity that the corresponding server returns is received.
Alternatively, before above-mentioned steps S3, in addition to:
Step H1:The terminal device judges whether there is the default object identity in the secure storage areas;
Step H2:When the terminal device judges to have in the secure storage areas object identity, the peace is deleted Storage object corresponding to the object identity and the object identity in full memory block.
Alternatively, before above-mentioned steps S3, in addition to:The terminal device judges whether have in the secure storage areas The default object identity;
Correspondingly, above-mentioned steps S3 is specially:The terminal device judges there is the object in the secure storage areas During mark, object identity described in the secure storage areas is updated using the storage object including the application data Corresponding storage object.
In the present invention, above-mentioned application data can be for token serial number or user name and private key or including use Name in an account book and user cipher, when the data of application program include username and password, the application data also includes company One or more in address, Corporation web site, telephone number, email address, contact person.
In the present invention, when preservation be the application data of dynamic token when, recover application data when need not Again apply activating token number again to the producer of application program, simplify installation procedure, improve Consumer's Experience.
In the present invention, the application data being assembled into above-mentioned steps S2 in storage object in above-mentioned steps A2 with decrypting Obtained application data is consistent.
Alternatively, after above-mentioned steps A2, in addition to:
Step A3:Terminal device server according to corresponding to accessing predetermined server address, by described corresponding The application data that server obtains to decryption is verified, judges whether that receiving the corresponding server returns The notice being proved to be successful, be then recover data success, otherwise recover data failure.
In the present invention, when the application data that above-mentioned decryption obtains is token serial number, above-mentioned steps A3 tools Body is:
The token serial number is sent to token server by the terminal device according to default token server address, is led to Cross the token server to verify the token serial number, judge whether to receive testing for the token server return Card successfully notifies, is then to recover data success, otherwise recovers data failure;
When the application data that above-mentioned decryption obtains is user name and private key, above-mentioned steps A3 is specifically included:
Step A31:The terminal device obtains to be signed according to default address of the authentication server to certificate server transmission Request of data, and receive the data to be signed that the certificate server returns;
Step A32:The terminal device is signed using the private key to the data to be signed, will signature result and The user name is sent to the certificate server, and the signature result is verified by the certificate server, judged The notice being proved to be successful that the certificate server returns whether is received, is then to recover data success, otherwise recovers data and lose Lose.
When the application data that above-mentioned decryption obtains includes user name and user cipher, the step A3 is specific For:
The user name and the password are sent to corresponding service by the terminal device according to predetermined server address Device, the user name and the password are verified by the corresponding server, judge whether to receive the service The notice being proved to be successful that device returns, it is then to recover data success, otherwise recovers data failure.
Alternatively, after above-mentioned steps A2, in addition to:The application program number that the terminal device display decryption obtains According to.
In the present invention, also include in the step A0:The terminal device obtains according to the mark of the application program Second certificate and corresponding second code signed data;
Correspondingly, in above-mentioned steps A0, above-mentioned terminal device is answered the data to be restored using the First Certificate Verified with program, be specially:
The First Certificate that the terminal device uses the first public key in the First Certificate to preserve itself is corresponding First code signature file be decrypted, obtain the first ciphertext data;Using the second public key in second certificate to institute State second code signed data to be decrypted, obtain the second ciphertext data, judge first ciphertext data whether with described Two ciphertext datas are consistent, are, are verified, and otherwise verify and do not pass through.
Further, above-mentioned terminal device is tested the application program of the data to be restored using the First Certificate Before card, in addition to:The terminal device obtains the root certificate of second certificate of itself preservation, uses the root certificate pair Second certificate is verified, step A0 is performed when being verified, is otherwise terminated.
Specifically, in above-mentioned second certificate including the use of the 3rd private key in the root certificate of second certificate to described Content in two certificates is signed the second obtained signed data;
Correspondingly, above-mentioned terminal device is verified using the root certificate to second certificate, is specially:The end End equipment is decrypted to obtain the 3rd ciphertext data using the 3rd public key in the root certificate to second signed data;It is right Content in second certificate carries out computing according to the 5th preset algorithm and obtains the 3rd operation result, judges the 3rd decryption Whether data are consistent with the 3rd operation result, are to be verified, otherwise verify and do not pass through.
Alternatively, also include before above-mentioned steps S3:The terminal device applies journey according to the 3rd preset algorithm to described Ordinal number encrypts application data according to generation first is encrypted;
Correspondingly, be added in the storage object in the secure storage areas in above-mentioned steps S3 described applies journey Ordinal number is according to the specially described first application data encrypted;
In above-mentioned steps A2, terminal device use decipherment algorithm corresponding with the default encryption type is to described The application data of the encryption in storage object is decrypted to obtain the application data, is specially:The terminal is set The standby application program using decipherment algorithm corresponding with the default encryption type to the encryption in the storage object Data deciphering obtains the first encryption application data;
Also include in the step A2:The terminal device is to the application program of the described first encryption according to the 4th pre- imputation Method is decrypted to obtain the application data.
A kind of terminal device for preserving, recovering application data provided by the invention includes preserving module and recovers mould Block, the preserving module include:
Submodule is created, for creating storage object;
Submodule is assembled, for application data to be assembled into the storage object of the establishment submodule establishment In;
Submodule is added, for the application data to be assembled into the establishment submodule in the assembling submodule After in the storage object created, the storage object is added in the secure storage areas of terminal device;
Submodule is set, and the storage object for the establishment submodule to be created is arranged to default encryption class Type;
First encryption submodule, the default encryption type for being set according to the setting submodule add to described The application data for adding submodule to be added in the storage object in the secure storage areas is encrypted;
First labeling submodule, for being assembled into the storage pair to the assembling submodule using default Data Identification The application data as in is identified;
Second labeling submodule, for the storage pair created using default object identity to the establishment submodule As being identified;
The recovery module includes:
First acquisition submodule, the mark of the application program for obtaining data to be restored according to preset path, according to obtaining The mark of the application program taken finds the First Certificate of itself preservation;
First checking submodule, for the First Certificate using first acquisition submodule acquisition to number to be restored According to application program verified;
First reading submodule, for when the described first checking submodule the result is is verified, according to described Default object identity reads the storage object in the secure storage areas;
Second reading submodule, read for reading first reading submodule according to the default Data Identification The storage object in the application data encrypted;
First decryption submodule, for corresponding using the default encryption type set with the setting submodule The application data for the encryption that decipherment algorithm is read to second reading submodule, which is decrypted to obtain, described applies journey Ordinal number evidence.
The beneficial effects of the invention are as follows:Terminal device is by application program before application program unloading in terminal device Data are saved in the secure storage areas of itself, and can be applied program when reinstalling application program from secure storage areas Data, without user cumbersome ground data memory, make the process simplification for reinstalling application program, improve Consumer's Experience.
Brief description of the drawings
Fig. 1 show a kind of method flow diagram for preserving application data in the embodiment of the present invention 1;
Fig. 2 show a kind of method flow diagram for recovering application data in the embodiment of the present invention 1;
Fig. 3 show a kind of modular organisation for the terminal device for preserving, recovering application data in the embodiment of the present invention 2 Block diagram.
Embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to embodiment party of the present invention Formula is described in further detail.
Embodiment 1
The present embodiment provides a kind of method for preserving, recovering application data, including terminal device unloading application program Before, application data is preserved;And terminal device is carried out to application data when reinstalling application program Recover;
As shown in figure 1, terminal device, which preserves application data, specifically includes following steps:
Step 101:Terminal device creates storage object.
Specifically, terminal device creates storage object, is specially:Terminal device creates storage pair according to default form As.Further, terminal device creates the storage object of the preset format of predetermined number.
For example, when predetermined number is 1, the storage object of preset format is specifically as follows:Data Identification=;Using journey Ordinal number evidence=;};Or the storage object of preset format is specifically as follows:{ Data Identification 1=;Application data 1=;Data Identify 2=;Application data 2=;……}.Wherein the structure of application data can be { data1=;, or { data1=;Data2=;……}.
When predetermined number is 2, the storage object of preset format is specifically as follows:Data Identification=;Application data =;, { Data Identification 2=;Application data 2=;……}.Wherein the structure of application data can be { data1 =;, or { data1=;Data2=;……}.
In the present embodiment, the storage object of preset format also has a mark of storage object, and the mark of storage object can be with , can also be inside storage object outside storage object.For example, when storage object mark is outside storage object, lattice are preset The storage object of formula is:Storage object identifies:Data Identification=;Application data=;, storage object mark is in storage pair During as the inside, the storage object of preset format is:Object identity=;Data Identification=;Application data=;}.
Step 102:Storage object is arranged to default encryption type by terminal device.
Specifically, terminal device is arranged to preset value to the encryption type of storage object.
In the present embodiment, encryption type can be preset for the first predetermined encryption type, the second predetermined encryption type, the 3rd to be added One of which in close type, the 4th predetermined encryption type, the 5th predetermined encryption type.Specifically:Terminal device will encrypt class When the value of type is arranged to the first preset value, encryption type is the first predetermined encryption type;The value of encryption type is arranged to second During preset value, encryption type is the second predetermined encryption type;When the value of encryption type is arranged into three preset values, encryption type For the 3rd predetermined encryption type;When the value of encryption type is arranged into four preset values, encryption type is the 4th predetermined encryption class Type;When the value of encryption type is arranged into five preset values, encryption type is the 5th predetermined encryption type.
In the present embodiment, when having multiple storage objects, terminal device sets default encryption respectively to each storage object Type.
Step 103:Terminal device judges whether there is default object identity in secure storage areas, is then to perform step 104, Otherwise step 105 is performed.
Specifically, terminal device calls the reading interface of secure storage areas, reads the data in secure storage areas, judges safety Whether there is default object identity in the data of memory block, be then to perform step 104, otherwise perform step 105.For example, terminal The default object identity of equipment is 0001, judges whether there is object identity 0001 in secure storage areas, is, performs step 104, otherwise perform step 105.
Step 104:Terminal device deletes default object identity and corresponding storage object in secure storage areas, performs Step 105.
Specifically, terminal device calls the deletion interface of secure storage areas to preset target object identity in secure storage areas And corresponding storage object is deleted.
Step 105:Terminal device is identified using default object identity to storage object, uses default data mark Knowledge is identified to the data in application program.
In the present embodiment, when having multiple default object identities and/or multiple Data Identifications, step 101 is specially:Eventually End equipment creates the storage object of predetermined number, and correspondingly, step 105 is specially:Terminal device uses the first predetermined number Default object identity is identified to the storage object of the first predetermined number respectively, uses the default number of the second predetermined number The data in application program are identified respectively according to mark.
For example, when the quantity of default Data Identification is 1, the quantity of default object identity is 1, object identity is used It is specially to storage object mark:{ object identity=0001;Data Identification=0010;Application data=;, 0001 is pair As mark, 0010 is Data Identification;
When the quantity of preset data mark is 2, the quantity of default object identity is 1, using object identity to storage pair As mark is specially:{ object identity=0001;Data Identification 1=0010;Application data 1=;Data Identification 2=0011; Application data 1=;, 0001 is object identity, and 0010 and 0011 is Data Identification;
When the quantity of preset data mark is 2, the quantity of default object identity is 4, using object identity to storage pair As mark is specially:{ object identity 1=0001;Data Identification 1=0010;Application data 1=;Data Identification 2= 0011;Application data 2=;, { object identity 2=0002;Data Identification 3=0100;Application data 3=;Data Identify 4=0101;Application data 4=;, 0001,0002 is object identity, and 0010,0011,0100,0101 is data mark Know.
Further, step 105 can be specially:Terminal device is by the account attributes item corresponding to default encryption type Value be arranged to default object identity, the value of the Service Properties item corresponding to the default encryption type of storage object is set For default Data Identification.It should be noted that in the present embodiment, each encryption type all has corresponding account attributes item With service attribute item, the ident value of above-mentioned storage object can be the value of account attributes item, above-mentioned application data ident value It can be the value of Service Properties item.
Step 106:Terminal device is by the data assembling in application program into storage object.
Specifically, the data in application program are assembled into the data storage of storage object by terminal device according to preset format Area.For example, when data in application program include token number, private key, user name, terminal device is by token number
Token=bc906717191c532bc76cd8c4e7a520587e90d4a385b43863f3 c1da6c406ed2 83rd, it is private Key private=D89207D55DB1FEA62D16CF5E8D4DEDECD19
CAAF041CF06A083D65574CD8F913B, user name username=123 are assembled into according to preset format and deposited The data storage area of storage object is specially:{ Token=bc906717191c
532bc76cd8c4e7a520587e90d4a385b43863f3c1da6c406ed283;Private=D89
207D55DB1FEA62D16CF5E8D4DEDECD19CAAF041CF06A083D65574CD8F913B; Username=123 }.
In the present embodiment, the order of step 105 and step 106 can exchange, i.e., perform step when step 103 is judged as NO Then 106 perform step 105 again, step 106 is performed after step 104 and then performs step 105 again.
In the present embodiment, terminal device is identified using default object identity to storage object, uses default number According to mark to data of the tissue after corresponding data are identified into storage object can with it is specific as follows object identity= 0001;Data Identification=0010;Token=bc906
717191c532bc76cd8c4e7a520587e90d4a385b43863f3c1da6c406ed283;
Private=D89207D55DB1FEA62D16CF5E8D4DEDECD19CAAF041CF06A0 83D65574CD8F 913B;Username=123 }.
Step 107:Storage object is added in secure storage areas by terminal device, and according to default encryption type to peace The application data encrypted is encrypted in the data of application program in full memory block in storage object.
Specifically, when default encryption type is the first encryption type, terminal device is according to default encryption type pair The application data encrypted is encrypted in application data in secure storage areas in storage object, is specially:Eventually End equipment application data is encrypted according to preset algorithm corresponding with default encryption type the application encrypted Routine data.
In the present embodiment, the judged result of above-mentioned steps 103 is that when being, can also carry out step 105- steps 107, and step 107 replace with:Terminal device uses object identity in the storage object renewal secure storage areas for include application data corresponding Storage object.
Specifically, terminal device uses object identity in the storage object renewal secure storage areas for include application data Corresponding storage object, it is specially:Terminal device, which calls the more new interface of secure storage areas to use, includes application data Storage object corresponding to object identity in storage object renewal secure storage areas.
As shown in Fig. 2 terminal device carries out recovery to application data specifically includes following steps:
Step 200:Terminal device obtains the mark of the application program of data to be restored according to preset path, according to acquisition The mark of application program finds the First Certificate of itself preservation, and the application program of data to be restored is tested using First Certificate Card, then execution step 201 is verified, is verified not by then terminating.
Further, also include in step 200:Terminal device obtains the second certificate and application according to the mark of application program The second code signed data of program;
Correspondingly, in step 200, terminal device is verified using First Certificate to the application program of data to be restored, Specially:Terminal device uses first code corresponding to the First Certificate that the first public key in First Certificate preserves to itself to sign File is decrypted, and obtains the first ciphertext data;Second code signed data is carried out using the second public key in the second certificate Decryption, obtains the second ciphertext data, judges whether the first ciphertext data matches with the second ciphertext data, be to be verified, Otherwise verify and do not pass through.
Further, before terminal device is verified using First Certificate to the application program of data to be restored, also wrap Include:Terminal device obtains the root certificate of the second certificate of itself preservation, and the second certificate is verified using root certificate, and checking is logical Out-of-date continuation, otherwise terminates.
Specifically, in above-mentioned second certificate including the use of the 3rd private key in the root certificate of the second certificate in the second certificate Content signed the second obtained signed data;Correspondingly, above-mentioned terminal device is carried out using root certificate to the second certificate Checking, it is specially:The second signed data is decrypted using the 3rd public key in root certificate to obtain the 3rd decryption for terminal device Data;Computing is carried out according to the 5th preset algorithm to the content in the second certificate and obtains the 3rd operation result, judges the 3rd decryption Whether data are consistent with the 3rd operation result, are to be verified, otherwise verify and do not pass through.
Specifically, in step 200, terminal device obtains the mark of the application program of data to be restored according to preset path, Specially:Terminal device finds the first configuration file according to preset path, and data to be restored are obtained from the first configuration file The mark of application program.
Specifically, above-mentioned terminal device obtains the second code of the second certificate and application program according to the mark of application program Signed data, it is specially:Terminal device finds the second configuration file according to the mark of application program, is obtained from the second configuration file Take the second certificate and the second code signed data of application program.Further, terminal device is looked for according to the mark of application program To the second configuration file, it is specially:Terminal device finds the application for including matching with the mark of application program of itself preservation Second configuration file of mark.In the present embodiment, terminal device is found according to the mark of application program before the second configuration file Also include:Terminal device judges itself whether preserve the application identities to match with the mark of application program, is to continue, no Then terminate.
When being verified in the step 200 of the present embodiment, also include before step 201:Terminal device is literary from the second configuration The second device identification is obtained in part, the first device identification is obtained from the first configuration file, judges the second device identification obtained Whether match with the first device identification, be then to perform step 201, otherwise terminate.
Step 201:Terminal device reads the data in secure storage areas.
Specifically, terminal device, which calls, reads interface, reads the data in secure storage areas.
Step 202:Terminal device judges whether there is default object identity in secure storage areas, is then to perform step 203, Otherwise terminate.
For example, when default object identity is 0001, terminal device judges the storage object mark in secure storage areas In whether have 0001, be then execution step 203, otherwise terminate.
Step 203:Terminal device reads the storage object in secure storage areas according to default object identity.
For example, terminal device reads corresponding storage object { object identity=0001 according to default object identity 0001; Data Identification=0010;Token=bc906717191c532bc76cd8c4e7a520587e90d4a385b43863f3 c1da6 c406ed283;Private=D89207D55DB1FEA62D16CF5E8D4DEDECD19CAAF041CF06A0 83D65574CD 8F913B;Size=3;Username=123 }.
Step 204:Terminal device judges whether there is default Data Identification in storage object, is then to perform step 205, Otherwise terminate.
For example, when default Data Identification is 0010, terminal device judges whether there are default data in storage object Mark 0010, it is then to perform step 205, otherwise terminates.
Step 205:Terminal device reads the application data encrypted in storage object according to default Data Identification, makes The application data decryption of the encryption in storage object is applied with decipherment algorithm corresponding with default encryption type Routine data.
For example, terminal device reads the application program number encrypted in storage object according to default Data Identification 0010 According to decrypting what is obtained using the application data of the encryption in decipherment algorithm storage object corresponding with default encryption type Application data is specially:{ Token=bc906717191c532bc76cd8c4e7a520587e90d4a385b43863f3 c1da6c406ed283;
Private=D89207D55DB1FEA62D16CF5E8D4DEDECD19CAAF041CF06A0 83D65574CD8F 913B;Username=123 }, by Token=bc906717191c532b
C76cd8c4e7a520587e90d4a385b43863f3c1da6c406ed283 as token number, by private =D89207D55DB1FEA62D16CF5E8D4DEDECD19CAAF041CF06A083D65574 CD8F913B are as private key, general Username=123 is as user name.
In the present embodiment, it can also include:Obtained application data is saved in the application journey of operation by terminal device In sequence.Can be directly using the data for being stored in application program during follow-up operation application program.
Alternatively, in the step 105 of the present embodiment above method, terminal device is using default Data Identification to using journey Before ordinal number evidence is identified, in addition to:Terminal device generates default Data Identification according to the first preset algorithm;Correspondingly, Before above-mentioned steps 204, in addition to:Terminal device generates default Data Identification according to the first preset algorithm.
Specifically, above-mentioned terminal device generates default Data Identification according to the first preset algorithm, is specially:The terminal Equipment carries out computing according to the first preset algorithm to preset data, using obtained operation result as default Data Identification.Example Such as, the first preset algorithm is SHA256, preset data is when being 123456, and terminal device is carried out using algorithm SHA256 to 123456 Computing, using obtained operation result as default Data Identification.
Alternatively, in the step 105 of the present embodiment above method, terminal device is using default object identity to storage pair As before being identified, in addition to:Terminal device generates default object identity according to the second preset algorithm;Correspondingly, it is above-mentioned Before step 202, in addition to:Terminal device generates default object identity according to the second preset algorithm.
Specifically, above-mentioned terminal device generates default object identity according to the second preset algorithm, is specially:Terminal device Computing is carried out to preset data according to the second preset algorithm, using operation result as default object identity.
Alternatively, in step 105, before terminal device is identified using default object identity to storage object, also Including:Terminal device sends to corresponding server according to predetermined server address and obtains object identity request, receives corresponding clothes The default object identity that business device returns;Correspondingly, before above-mentioned steps 202, in addition to:Terminal device is according to predetermined server Address is sent to corresponding server obtains object identity request, receives the default object identity that corresponding server returns.This In embodiment, when application data includes private key and user name, object identity is specially private key mark, and terminal device generates Private key mark corresponding to generation during private key, and private key mark is uploaded to corresponding server.
Alternatively, after above-mentioned steps 205, in addition to:The application data that terminal device display recovers.
Alternatively, also include after above-mentioned steps 205:
Step 206:Terminal device server according to corresponding to accessing predetermined server address, passes through corresponding server pair Decrypt obtained application data to be verified, judge whether to receive the notice being proved to be successful of server return, be then Recover data success, otherwise recover data failure.
When the application data that decryption obtains is token serial number, step 206 is specially:Terminal device is according to default Token serial number is sent to token server by token server address, and token serial number is tested by token server Card, judge whether to receive the notice being proved to be successful of token server return, be then to recover data success, otherwise recover data Failure.
When the application data that decryption obtains is user name and private key, step 206 specifically includes:
Step A31:Terminal device sends to certificate server according to default address of the authentication server and obtains data to be signed Request, and receive the data to be signed of certificate server return;
Step A32:Terminal device is signed using private key to data to be signed, and signature result and user name are sent to Certificate server, signature result is verified by certificate server, judges whether to receive testing for certificate server return Card successfully notifies, is then to recover data success, otherwise recovers data failure.
In the present embodiment, when certificate server receives the signature result of terminal device, sign test is carried out to signature result, tested The notice for successfully then returning and being proved to be successful to terminal device is signed, sign test failure then returns to the notice of authentication failed to terminal device. Specifically, certificate server carries out sign test to signature result, is specially:Certificate server use public key pair corresponding with user name Signature result is decrypted to obtain ciphertext data, judges whether ciphertext data is identical with data to be signed, is then sign test success, no Then sign test fails.
When the application data that decryption obtains includes user name and user cipher, step 206 is specially:Terminal Username and password is sent to corresponding server by equipment according to predetermined server address, by corresponding server to user Name and password are verified, judge whether to receive the notice being proved to be successful of server return, are then to recover data success, no Then recover data failure.Further, application data also includes CompanyAddress, Corporation web site, telephone number, mailbox One or more in location, contact person.In the present embodiment, when server receives the username and password of terminal device, judge Whether the username and password of reception is consistent with the username and password that itself is preserved, and is, returns and is proved to be successful to terminal device Notice, otherwise to terminal device return authentication failed notice.
In the present embodiment, above-mentioned application data can include private key and/or token number.
Further, above-mentioned application data can also include user name, CompanyAddress, Corporation web site, user cipher, One or more of which in telephone number, contact person, email address.For example, application data can include private key, user Name, or including token number, user name.The data that application data is included according to be actually needed setting, it is not another herein One enumerates.
Alternatively, also include before above-mentioned steps 107:Terminal device enters according to the 3rd preset algorithm to application data The application data of row encryption the first encryption of generation;Correspondingly, the storage being added in above-mentioned steps 107 in secure storage areas Application data in object is specially the application data of the first encryption;The application that terminal obtains in above-mentioned steps 205 Routine data is specially the application data of the first encryption;Also include in step 205:Terminal device is according to the 4th preset algorithm The routine data that is applied is decrypted according to the 4th preset algorithm to the application program of the first encryption.In the present embodiment, the 4th Preset algorithm is decipherment algorithm corresponding with the 3rd preset algorithm;3rd preset algorithm and the 4th preset algorithm can be symmetrical AES, i.e. the 3rd preset algorithm are identical with the 4th preset algorithm;Can also be asymmetrical AES, i.e., the 3rd is default Algorithm and the 4th preset algorithm are different.
In the present embodiment, when preservation be the application data of dynamic token when, recover application data when be not required to Again to apply activating token number again to the producer of application program, simplify installation procedure, improve Consumer's Experience.
Embodiment 2
The present embodiment provides a kind of terminal device for preserving, recovering application data, including preserving module and recovery mould Block, preserving module include:
Submodule 101 is created, for creating storage object;
Submodule 102 is assembled, is created for application data to be assembled into the storage object that submodule 101 creates;
Submodule 103 is added, for application data to be assembled into establishment submodule in above-mentioned assembling submodule 102 After in 101 storage objects created, storage object is added in the secure storage areas of terminal device;
Submodule 104 is set, and the storage object for establishment submodule 101 to be created is arranged to default encryption type;
First encryption submodule 105, for according to set submodule 104 set default encryption type to add submodule The application data that block 103 is added in the storage object in secure storage areas is encrypted;
First labeling submodule 106, for being assembled into storage object to assembling submodule 102 using default Data Identification In application data be identified;
Second labeling submodule 107, for the storage object created using default object identity to creating submodule 101 It is identified;
Recovery module includes:
First acquisition submodule 108, the mark of the application program for obtaining data to be restored according to preset path, according to The mark of the application program of acquisition finds the First Certificate of itself preservation;
First checking submodule 109, for the First Certificate using the acquisition of the first acquisition submodule 108 to data to be restored Application program verified;
First reading submodule 110, for when the first checking submodule 109 the result is is verified, according to pre- If object identity read secure storage areas in storage object;
Second reading submodule 111, for reading what the first reading submodule 110 was read according to default Data Identification The application data encrypted in storage object;
First decryption submodule 112, for being solved using the default encryption type with setting the setting of submodule 104 is corresponding The application data of encryption in the storage object that close algorithm is read to the second reading submodule 111 decrypts the journey that is applied Ordinal number evidence.
Alternatively, above-mentioned preserving module also includes the first generation submodule, and above-mentioned recovery module also includes the second generation Module;
First generation submodule, for generating default Data Identification according to the first preset algorithm;
Above-mentioned first labeling submodule 106, specifically for the default Data Identification generated using the first generation submodule The application data being assembled into assembling submodule 102 in storage object is identified;
Second generation submodule, for generating default Data Identification according to the first preset algorithm;
Above-mentioned second reading submodule 111, specifically for the default Data Identification generated according to the second generation submodule Read the application data encrypted in the storage object that the first reading submodule 110 is read.
Alternatively, above-mentioned preserving module also includes the 3rd generation submodule;Above-mentioned recovery module also includes the 4th generation Module;
3rd generation submodule, for generating default object identity according to the second preset algorithm;
Above-mentioned second labeling submodule 107, specifically for the default object identity generated using the 3rd generation submodule The storage object created to creating submodule 101 is identified;
4th generation submodule, for generating default object identity according to the second preset algorithm;
Above-mentioned first reading submodule 110, specifically for being verified when the first checking submodule 109 the result When, the default object identity generated according to the 4th generation submodule reads the storage object in secure storage areas.
Alternatively, above-mentioned preserving module also includes the first object identity acquisition submodule;Above-mentioned recovery module also includes the Two object identity acquisition submodules;
First object identity acquisition submodule, for sending acquisition pair to corresponding server according to predetermined server address As identification request, the default object identity that corresponding server returns is received;
Above-mentioned second labeling submodule 107, it is default specifically for being received using the first object identity acquisition submodule Object identity is identified to creating the storage object that submodule 101 creates;
Second object identity acquisition submodule, for sending acquisition pair to corresponding server according to predetermined server address As identification request, the default object identity that corresponding server returns is received;
Above-mentioned first reading submodule 110, specifically for being verified when the first checking submodule 109 the result When, the default object identity received according to the second object identity acquisition submodule reads the storage object in secure storage areas.
Alternatively, above-mentioned preserving module also includes the first judging submodule and deletes submodule;
First judging submodule, for storage object to be added to the safety storage of terminal device in addition submodule 103 Before in area, judge whether there is default object identity in secure storage areas;
Delete submodule, for the first judging submodule judge secure storage areas in there is default object identity when, Delete storage object corresponding to the object identity and object identity in secure storage areas.
Alternatively, above-mentioned preserving module also includes the second judging submodule;
Second judging submodule, for storage object to be added to the safety storage of terminal device in addition submodule 103 Before in area, judge whether there is default object identity in secure storage areas;
Above-mentioned addition submodule 103, specifically for having object mark in judging secure storage areas in the second judging submodule During knowledge, storage object corresponding to object identity in the storage object renewal secure storage areas including application data is used.
Alternatively, above-mentioned recovery module also includes the second checking submodule;
Second checking submodule, for the server according to corresponding to the access of predetermined server address, pass through corresponding service The application data that device obtains to the first decryption submodule 112 is verified, judges whether that receiving corresponding server returns The notice being proved to be successful returned, it is then to recover data success, otherwise recovers data failure.
It is above-mentioned when the application data that above-mentioned first decryption submodule 112 obtains is token serial number in the present embodiment Second checking submodule is specifically used for token serial number is sent into token server according to default token server address, passes through Token server is verified to token serial number, judges whether to receive the notice being proved to be successful of token server return, It is then to recover data success, otherwise recovers data failure.
When the application data that above-mentioned first decryption submodule 112 obtains is user name and private key, above-mentioned second checking Submodule, which is specifically used for being sent to certificate server according to default address of the authentication server, obtains data to be signed request, and receives The data to be signed that certificate server returns;Data to be signed are signed using private key, signature result and user name are sent out Certificate server is given, signature result is verified by certificate server, judges whether to receive certificate server return The notice being proved to be successful, be then recover data success, otherwise recover data failure.
When the above-mentioned obtained application data of first decryption submodule 112 includes user name and user cipher, above-mentioned the Two checking submodules are specifically used for username and password is sent into corresponding server according to predetermined server address, by right The server answered is verified to username and password, is judged whether to receive the notice being proved to be successful of server return, is Then recover data success, otherwise recover data failure.
Further, the application data that above-mentioned first decryption submodule 112 obtains also includes CompanyAddress, corporate network One or more in location, telephone number, email address, contact person.
Alternatively, above-mentioned recovery module also includes display sub-module;
Display sub-module, for showing that the first decryption submodule 112 decrypts obtained application data.
Alternatively, above-mentioned recovery module also includes the second acquisition submodule;
Second acquisition submodule, the mark of the application program for being obtained according to the first acquisition submodule 108 obtain second Certificate and corresponding second code signed data;
Above-mentioned first checking submodule 109, specifically in the First Certificate using the acquisition of the first acquisition submodule 108 First code signature file is decrypted corresponding to the First Certificate that first public key preserves to itself, obtains the first ciphertext data; Second code signed data is decrypted the second public key in the second certificate obtained using the second acquisition submodule, obtains the Two ciphertext datas, judge whether the first ciphertext data is consistent with the second ciphertext data, be to be verified, otherwise verify and do not lead to Cross.
Further, above-mentioned recovery module is on the basis of including the second acquisition submodule, in addition to the 3rd obtains submodule Block, preserve submodule and the 3rd checking submodule;
Submodule is preserved, for preserving the root certificate of the second certificate;
3rd acquisition submodule, the root certificate for the second certificate that submodule preserves is preserved for obtaining;
3rd verifies submodule, and the root certificate for being obtained using the 3rd acquisition submodule is verified to the second certificate, The checking of triggering first submodule 109 when being verified.
Specifically, in the root certificate in the second certificate that above-mentioned 3rd acquisition submodule obtains including the use of the second certificate The second signed data that 3rd private key is signed to obtain to the content in the second certificate;
Correspondingly, above-mentioned 3rd checking submodule, specifically in the root certificate using the acquisition of the 3rd acquisition submodule The second signed data is decrypted to obtain the 3rd ciphertext data for 3rd public key;The second certificate obtained to the second acquisition submodule In content according to the 5th preset algorithm carry out computing obtain the 3rd operation result, judge the 3rd ciphertext data whether with the 3rd transport It is consistent to calculate result, is to be verified, otherwise verifies and do not pass through.
Alternatively, above-mentioned preserving module also includes the second encryption submodule;Above-mentioned recovery module also includes the second decryption Module;
Second encryption submodule, for application data being encrypted according to the 3rd preset algorithm the encryption of generation first Application data;
Correspondingly, above-mentioned addition submodule 103 is added to the application data in the storage object in secure storage areas The application data of specially first encryption;
Above-mentioned first decryption submodule 112 is specifically used for using the default encryption type with setting submodule 104 to set The application data for the encryption that corresponding decipherment algorithm is read to the second reading submodule 111 decrypts to obtain the first encryption should Use routine data;
Second decryption submodule, for first decryption submodule 112 decrypt obtain first encryption application program by The routine data that is applied is decrypted according to the 4th preset algorithm.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be defined by scope of the claims.

Claims (32)

  1. A kind of 1. method for preserving, recovering application data, it is characterised in that including:Terminal device unloading application program it Before, application data is preserved;And the terminal device applies journey when reinstalling the application program to described Ordinal number is according to being recovered;
    The terminal device carries out preservation to the application data and specifically includes following steps:
    Step S1:The terminal device creates storage object;
    Step S2:The application data is assembled into the storage object by the terminal device;
    Step S3:The storage object is added in the secure storage areas of itself by the terminal device;
    After the step S1, before step S3, in addition to:The storage object is arranged to default and added by the terminal device Close type;Also include in the step S3:The terminal device is according to the default encryption type to the secure storage areas In the storage object in the application data be encrypted;
    Also include before the step S3:The terminal device is using default Data Identification to described in the storage object Application data is identified, and the storage object is identified using default object identity;
    The terminal device carries out recovery to the application data and specifically includes following steps:
    Step A0:The terminal device obtains the mark of the application program of data to be restored according to preset path, according to acquisition The mark of the application program finds the First Certificate of itself preservation, uses application journey of the First Certificate to data to be restored Sequence is verified, step A1 is performed when being verified;
    Step A1:The terminal device reads the storage pair in the secure storage areas according to the default object identity As;
    Step A2:The terminal device reads the application program encrypted in the storage object according to the default Data Identification Data, the application journey using decipherment algorithm corresponding with the default encryption type to the encryption in the storage object Sequence data deciphering obtains the application data.
  2. 2. according to the method for claim 1, it is characterised in that the terminal device is using default Data Identification to described Before application data is identified, in addition to:The terminal device generates the default number according to the first preset algorithm According to mark;
    Before the terminal device reads the data in the storage object according to the default Data Identification, in addition to:Institute State terminal device and generate the default Data Identification according to first preset algorithm.
  3. 3. method according to claim 1 or 2, it is characterised in that the terminal device uses default object identity pair Before the storage object is identified, in addition to:It is described default right that the terminal device generates according to the second preset algorithm As mark;
    Before the terminal device reads the storage object in the secure storage areas according to the default object identity, Also include:The terminal device generates the default object identity according to second preset algorithm.
  4. 4. method according to claim 1 or 2, it is characterised in that the terminal device uses default object identity pair Before the storage object is identified, in addition to:The terminal device is according to predetermined server address to corresponding server Send and obtain object identity request, receive the default object identity that the corresponding server returns;
    Before the terminal device reads the storage object in the secure storage areas according to the default object identity, Also include:The terminal device sends to corresponding server according to the predetermined server address and obtains object identity request, Receive the default object identity that the corresponding server returns.
  5. 5. according to the method for claim 1, it is characterised in that before the step S3, in addition to:
    Step H1:The terminal device judges whether there is the default object identity in the secure storage areas;
    Step H2:When the terminal device judges to have in the secure storage areas object identity, delete the safety and deposit Storage object corresponding to the object identity and the object identity in storage area.
  6. 6. according to the method for claim 1, it is characterised in that before the step S3, in addition to:The terminal device is sentenced Whether there is the default object identity in the disconnected secure storage areas;
    The step S3 is specially:When the terminal device judges to have in the secure storage areas object identity, use The storage object including the application data updates storage corresponding to object identity described in the secure storage areas Object.
  7. 7. according to the method for claim 1, it is characterised in that after the step A2, in addition to:
    Step A3:Terminal device server according to corresponding to accessing predetermined server address, passes through the corresponding service The application data that device obtains to decryption is verified, judges whether to receive testing for the corresponding server return Card successfully notifies, is then to recover data success, otherwise recovers data failure.
  8. 8. according to the method for claim 7, it is characterised in that the application data for decrypting to obtain is sequence of tokens Number when, the step A3 is specially:
    The token serial number is sent to token server by the terminal device according to default token server address, passes through institute Token server is stated to verify the token serial number, judge whether to receive checking that the token server returns into The notice of work(, it is then to recover data success, otherwise recovers data failure.
  9. 9. according to the method for claim 7, it is characterised in that decrypt the obtained application data for user name and During private key, the step A3 is specifically included:
    Step A31:The terminal device sends to certificate server according to default address of the authentication server and obtains data to be signed Request, and receive the data to be signed that the certificate server returns;
    Step A32:The terminal device is signed using the private key to the data to be signed, will signature result and described User name is sent to the certificate server, and the signature result is verified by the certificate server, judged whether The notice being proved to be successful that the certificate server returns is received, is then to recover data success, otherwise recovers data failure.
  10. 10. according to the method for claim 7, it is characterised in that the application data for decrypting to obtain includes user When name and user cipher, the step A3 is specially:
    The user name and the password are sent to corresponding server by the terminal device according to predetermined server address, are led to Cross the corresponding server to verify the user name and the password, judge whether that receiving the server returns The notice being proved to be successful, be then recover data success, otherwise recover data failure.
  11. 11. according to the method for claim 10, it is characterised in that the application data also includes CompanyAddress, public affairs The one or more taken charge of in network address, telephone number, email address, contact person.
  12. 12. according to the method described in any one claim in claim 1,8,10,11, it is characterised in that the step After A2, in addition to:The application data that the terminal device display decryption obtains.
  13. 13. according to the method for claim 1, it is characterised in that also include in the step A0:The terminal device according to The mark of the application program obtains the second certificate and corresponding second code signed data;
    In the step A0, the terminal device is tested the application program of the data to be restored using the First Certificate Card, it is specially:
    The terminal device uses corresponding to the First Certificate that is preserved to itself of the first public key in the First Certificate the One code signature file is decrypted, and obtains the first ciphertext data;Using the second public key in second certificate to described Two code signature data are decrypted, and obtain the second ciphertext data, judge whether first ciphertext data solves with described second Ciphertext data is consistent, is, is verified, and otherwise verifies and does not pass through.
  14. 14. according to the method for claim 13, it is characterised in that the terminal device is using the First Certificate to described Before the application program of data to be restored is verified, in addition to:The terminal device obtains second card of itself preservation The root certificate of book, second certificate is verified using the root certificate, step A0 is performed when being verified, is otherwise tied Beam.
  15. 15. according to the method for claim 14, it is characterised in that including the use of second certificate in second certificate Root certificate in the 3rd private key the second signed data for being signed to obtain to the content in second certificate;
    The terminal device is verified using the root certificate to second certificate, is specially:The terminal device uses The 3rd public key in the root certificate is decrypted to obtain the 3rd ciphertext data to second signed data;Demonstrate,prove described second Content in book carries out computing according to the 5th preset algorithm and obtains the 3rd operation result, judge the 3rd ciphertext data whether with 3rd operation result is consistent, is to be verified, otherwise verifies and do not pass through.
  16. 16. according to the method for claim 1, it is characterised in that also include before the step S3:The terminal device is pressed The application data is encrypted according to the 3rd preset algorithm the encryption application data of generation first;
    The application data being added in the step S3 in the storage object in the secure storage areas is specific For the described first encryption application data;
    In the step A2, terminal device use decipherment algorithm corresponding with the default encryption type is to the storage The application data of the encryption in object is decrypted to obtain the application data, is specially:The terminal device makes Application data with decipherment algorithm corresponding with the default encryption type to the encryption in the storage object Decryption obtains the first encryption application data;
    Also include in the step A2:The terminal device is carried out to the described first encryption application program according to the 4th preset algorithm Decryption obtains the application data.
  17. A kind of 17. terminal device for preserving, recovering application data, it is characterised in that including preserving module and recovery module, The preserving module includes:
    Submodule is created, for creating storage object;
    Submodule is assembled, for application data to be assembled into the storage object that the establishment submodule creates;
    Submodule is added, is created for the application data to be assembled into the establishment submodule in the assembling submodule The storage object in after, the storage object is added in the secure storage areas of terminal device;
    Submodule is set, and the storage object for the establishment submodule to be created is arranged to default encryption type;
    First encryption submodule, the default encryption type for being set according to the setting submodule are sub to the addition The application data that module is added in the storage object in the secure storage areas is encrypted;
    First labeling submodule, for being assembled into using default Data Identification to the assembling submodule in the storage object The application data be identified;
    Second labeling submodule, the storage object for being created using default object identity to the establishment submodule are entered Line identifier;
    The recovery module includes:
    First acquisition submodule, the mark of the application program for obtaining data to be restored according to preset path, according to acquisition The mark of the application program finds the First Certificate of itself preservation;
    First checking submodule, for the First Certificate using first acquisition submodule acquisition to data to be restored Application program is verified;
    First reading submodule, for when the described first checking submodule the result is is verified, being preset according to described Object identity read the storage object in the secure storage areas;
    Second reading submodule, for the institute read according to the default Data Identification reading first reading submodule State the application data encrypted in storage object;
    First decryption submodule, for being decrypted using the default encryption type set with the setting submodule is corresponding The application data for the encryption that algorithm is read to second reading submodule is decrypted to obtain the application program number According to.
  18. 18. terminal device according to claim 17, it is characterised in that the preserving module also includes the first generation submodule Block;The recovery module also includes the second generation submodule;
    The first generation submodule, for generating the default Data Identification according to the first preset algorithm;
    First labeling submodule, specifically for the default Data Identification generated using the described first generation submodule The application data being assembled into the assembling submodule in the storage object is identified;
    The second generation submodule, for generating the default Data Identification according to first preset algorithm;
    Second reading submodule, specifically for the default Data Identification generated according to the described second generation submodule Read the application data encrypted in the storage object that first reading submodule is read.
  19. 19. the terminal device according to claim 17 or 18, it is characterised in that the preserving module also includes the 3rd generation Submodule;The recovery module also includes the 4th generation submodule;
    The 3rd generation submodule, for generating the default object identity according to the second preset algorithm;
    Second labeling submodule, specifically for the default object identity generated using the described 3rd generation submodule The storage object created to the establishment submodule is identified;
    The 4th generation submodule, for generating the default object identity according to second preset algorithm;
    First reading submodule, specifically for when the described first checking submodule the result is is verified, according to The default object identity of the 4th generation submodule generation reads the storage object in the secure storage areas.
  20. 20. the terminal device according to claim 17 or 18, it is characterised in that the preserving module also includes the first object Identify acquisition submodule;The recovery module also includes the second object identity acquisition submodule;
    The first object identity acquisition submodule, for sending acquisition pair to corresponding server according to predetermined server address As identification request, the default object identity that the corresponding server returns is received;
    Second labeling submodule, it is described default specifically for being received using the first object identity acquisition submodule The storage object that object identity creates to the establishment submodule is identified;
    The second object identity acquisition submodule, obtained for being sent according to the predetermined server address to corresponding server Take object identity to ask, receive the default object identity that the corresponding server returns;
    First reading submodule, specifically for when the described first checking submodule the result is is verified, according to The default object identity that the second object identity acquisition submodule receives reads described in the secure storage areas Storage object.
  21. 21. terminal device according to claim 17, it is characterised in that the preserving module also judges submodule including first Block and deletion submodule;
    First judging submodule, for the storage object to be added to the safety of terminal device in the addition submodule Before in memory block, judge whether there is the default object identity in the secure storage areas;
    The deletion submodule, it is described default for having in judging the secure storage areas in first judging submodule During object identity, storage object corresponding to the object identity and the object identity in the secure storage areas is deleted.
  22. 22. terminal device according to claim 17, it is characterised in that the preserving module also judges submodule including second Block;
    Second judging submodule, for the storage object to be added to the safety of terminal device in the addition submodule Before in memory block, judge whether there is the default object identity in the secure storage areas;
    The addition submodule, it is described right specifically for having in judging the secure storage areas in second judging submodule During as mark, object mark described in the secure storage areas is updated using the storage object including the application data Storage object corresponding to knowledge.
  23. 23. terminal device according to claim 17, it is characterised in that the recovery module also includes the second checking submodule Block;
    The second checking submodule, for the server according to corresponding to the access of predetermined server address, by described corresponding Server verifies to the described first obtained application data of decryption submodule, and it is described right to judge whether to receive The notice being proved to be successful that the server answered returns, it is then to recover data success, otherwise recovers data failure.
  24. 24. terminal device according to claim 23, it is characterised in that it is described first decryption submodule obtain it is described should When with routine data being token serial number, the second checking submodule is specifically used for institute according to default token server address State token serial number and be sent to token server, the token serial number is verified by the token server, judge The notice being proved to be successful that the token server returns whether is received, is then to recover data success, otherwise recovers data and lose Lose.
  25. 25. terminal device according to claim 23, it is characterised in that it is described first decryption submodule obtain it is described should When with routine data being user name and private key, the second checking submodule be specifically used for according to default address of the authentication server to Certificate server, which is sent, obtains data to be signed request, and receives the data to be signed that the certificate server returns;Using institute State private key to sign to the data to be signed, signature result and the user name are sent to the certificate server, led to Cross the certificate server to verify the signature result, judge whether to receive the checking that the certificate server returns Successfully notice, it is then to recover data success, otherwise recovers data failure.
  26. 26. terminal device according to claim 23, it is characterised in that it is described first decryption submodule obtain it is described should When including user name and user cipher with routine data, the second checking submodule is specifically used for according to predetermined server address The user name and the password are sent to corresponding server, by the corresponding server to the user name and institute State password to be verified, judge whether to receive the notice being proved to be successful that the server returns, be then to recover data success, Otherwise data failure is recovered.
  27. 27. terminal device according to claim 26, it is characterised in that it is described first decryption submodule obtain it is described should Also include the one or more in CompanyAddress, Corporation web site, telephone number, email address, contact person with routine data.
  28. 28. according to the terminal device described in any one claim in claim 17,24,26,27, it is characterised in that institute Stating recovery module also includes display sub-module;
    The display sub-module, for showing that the first decryption submodule decrypts the obtained application data.
  29. 29. terminal device according to claim 17, it is characterised in that the recovery module also includes second and obtains submodule Block;
    Second acquisition submodule, the mark of the application program for being obtained according to first acquisition submodule obtain Second certificate and corresponding second code signed data;
    The first checking submodule, specifically for the in the First Certificate that is obtained using first acquisition submodule First code signature file corresponding to the First Certificate that one public key preserves to itself is decrypted, and obtains the first decryption number According to;The second public key in second certificate obtained using second acquisition submodule is to the second code signed data It is decrypted, obtains the second ciphertext data, judges whether first ciphertext data is consistent with second ciphertext data, is then It is verified, otherwise verifies and do not pass through.
  30. 30. terminal device according to claim 29, it is characterised in that the recovery module also includes the 3rd and obtains submodule Block, preserve submodule and the 3rd checking submodule;
    The preservation submodule, for preserving the root certificate of second certificate;
    3rd acquisition submodule, the root certificate of second certificate preserved for obtaining the preservation submodule;
    The 3rd checking submodule, for being demonstrate,proved using the root certificate that the 3rd acquisition submodule obtains described second Book is verified, the first checking submodule is triggered when being verified.
  31. 31. terminal device according to claim 30, it is characterised in that the 3rd acquisition submodule obtain described the The content in second certificate is signed including the use of the 3rd private key in the root certificate of second certificate in two certificates The second signed data that name obtains;
    The 3rd checking submodule, specifically for the 3rd in the root certificate using the 3rd acquisition submodule acquisition Public key is decrypted to obtain the 3rd ciphertext data to second signed data;Described in being obtained to second acquisition submodule Content in second certificate carries out computing according to the 5th preset algorithm and obtains the 3rd operation result, judges the 3rd ciphertext data It is whether consistent with the 3rd operation result, it is to be verified, otherwise verifies and do not pass through.
  32. 32. terminal device according to claim 17, it is characterised in that the preserving module also includes the second encryption submodule Block, the recovery module also include the second decryption submodule;
    The second encryption submodule, for generation first to be encrypted to the application data according to the 3rd preset algorithm Encrypt application data;
    The addition submodule is added to the application data tool in the storage object in the secure storage areas Body is the application data of the described first encryption;
    The first decryption submodule, specifically for using the default encryption type pair set with the setting submodule The application data for the encryption that the decipherment algorithm answered is read to second reading submodule is decrypted to obtain described One encryption application data;
    The second decryption submodule, for the first encryption application program for decrypting to obtain to the described first decryption submodule It is decrypted to obtain the application data according to the 4th preset algorithm.
CN201710931615.XA 2017-10-09 2017-10-09 Method for storing and recovering application program data and terminal equipment Active CN107678886B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710931615.XA CN107678886B (en) 2017-10-09 2017-10-09 Method for storing and recovering application program data and terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710931615.XA CN107678886B (en) 2017-10-09 2017-10-09 Method for storing and recovering application program data and terminal equipment

Publications (2)

Publication Number Publication Date
CN107678886A true CN107678886A (en) 2018-02-09
CN107678886B CN107678886B (en) 2020-02-21

Family

ID=61139724

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710931615.XA Active CN107678886B (en) 2017-10-09 2017-10-09 Method for storing and recovering application program data and terminal equipment

Country Status (1)

Country Link
CN (1) CN107678886B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109189406A (en) * 2018-07-27 2019-01-11 努比亚技术有限公司 A kind of application management method, terminal and computer readable storage medium
CN109819018A (en) * 2018-12-29 2019-05-28 飞天诚信科技股份有限公司 A kind of hot update method that realizing smart card executable file and device
CN111221985A (en) * 2019-11-14 2020-06-02 网易(杭州)网络有限公司 Data processing method and device based on operating system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120017114A1 (en) * 2010-07-19 2012-01-19 Veeam Software International Ltd. Systems, Methods, and Computer Program Products for Instant Recovery of Image Level Backups
CN104123199A (en) * 2014-07-03 2014-10-29 可牛网络技术(北京)有限公司 Method and device for recovering application program and mobile terminal
CN105721162A (en) * 2016-01-30 2016-06-29 飞天诚信科技股份有限公司 Method and device for automatically importing digital certificate to application program
CN107066346A (en) * 2016-09-27 2017-08-18 阿里巴巴集团控股有限公司 A kind of data back up method, data reconstruction method and device
CN107168699A (en) * 2017-04-28 2017-09-15 北京五八信息技术有限公司 application program repairing method and terminal device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120017114A1 (en) * 2010-07-19 2012-01-19 Veeam Software International Ltd. Systems, Methods, and Computer Program Products for Instant Recovery of Image Level Backups
CN104123199A (en) * 2014-07-03 2014-10-29 可牛网络技术(北京)有限公司 Method and device for recovering application program and mobile terminal
CN105721162A (en) * 2016-01-30 2016-06-29 飞天诚信科技股份有限公司 Method and device for automatically importing digital certificate to application program
CN107066346A (en) * 2016-09-27 2017-08-18 阿里巴巴集团控股有限公司 A kind of data back up method, data reconstruction method and device
CN107168699A (en) * 2017-04-28 2017-09-15 北京五八信息技术有限公司 application program repairing method and terminal device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
闫海忠: "一种深度备份应用程序和数据的方法", 《电脑编程技巧与维护》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109189406A (en) * 2018-07-27 2019-01-11 努比亚技术有限公司 A kind of application management method, terminal and computer readable storage medium
CN109819018A (en) * 2018-12-29 2019-05-28 飞天诚信科技股份有限公司 A kind of hot update method that realizing smart card executable file and device
CN109819018B (en) * 2018-12-29 2021-06-08 飞天诚信科技股份有限公司 Method and device for realizing hot updating of executable file of smart card
CN111221985A (en) * 2019-11-14 2020-06-02 网易(杭州)网络有限公司 Data processing method and device based on operating system
CN111221985B (en) * 2019-11-14 2024-04-12 网易(杭州)网络有限公司 Data processing method and device based on operating system

Also Published As

Publication number Publication date
CN107678886B (en) 2020-02-21

Similar Documents

Publication Publication Date Title
CN106161359B (en) It authenticates the method and device of user, register the method and device of wearable device
CN103685282B (en) A kind of identity identifying method based on single-sign-on
US8051297B2 (en) Method for binding a security element to a mobile device
CN104468627B (en) A kind of data ciphering method and system carrying out terminal data backup by server
CN105022966B (en) Database data encryption decryption method and system
CN109981255B (en) Method and system for updating key pool
CN101771699A (en) Method and system for improving SaaS application security
CN112000975A (en) Key management system
CN106713508A (en) Data access method and system based on cloud server
US11831753B2 (en) Secure distributed key management system
CN109144552A (en) A kind of boot firmware method for refreshing and device
CN107888381A (en) A kind of implementation method of key importing, apparatus and system
CN109816383A (en) A kind of block chain endorsement method, block chain wallet and block chain
CN109684129B (en) Data backup recovery method, storage medium, encryption machine, client and server
CN101515319A (en) Cipher key processing method, cipher key cryptography service system and cipher key consultation method
CN113472793A (en) Personal data protection system based on hardware password equipment
CN103701596A (en) Document access method, system and equipment and document access request response method, system and equipment
CN107678886A (en) A kind of method and terminal device for preserving, recovering application data
CN108270568A (en) A kind of mobile digital certificate device and its update method
CN112866227A (en) File authorization protection method and system
JP2001103045A (en) Storage device for backing up cryptographic key
CN104955029A (en) Address book protection method, address book protection device and communication system
CN114697082A (en) Production and application method of encryption and decryption device in server-free environment
CN109040111A (en) Data ciphering method, device, computer equipment and storage medium
CA2553081A1 (en) A method for binding a security element to a mobile device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant