Method, mobile terminal, device, and readable storage medium for preventing accessed data from being tampered with

US 10,320,556 B2
Filed: 01/23/2017
Issued: 06/11/2019
Est. Priority Date: 01/25/2016
Status: Active Grant

First Claim

Patent Images

1. A method of preventing to-be-accessed data from being tampered with in an offline cache, comprising:

receiving, by a mobile terminal, a data server access instruction triggered by a user for a web-based application on the mobile terminal;

acquiring, from a data server, a corresponding configuration file of the web-based application and a version control file carrying a verification ciphertext in response to the data server access instruction before accessing the data server;

encrypting, by the mobile terminal, the acquired configuration file according to a preset encryption method to obtain a corresponding first encrypted value of the configuration file;

extracting, by the mobile terminal, the verification ciphertext from the acquired version control file and decrypting the extracted verification ciphertext to obtain a corresponding plaintext encrypted value of the verification ciphertext; and

analyzing, by the mobile terminal, whether the first encrypted value and the plaintext encrypted value are consistent or not, and allowing the web-based application to access the to-be-accessed data in response to determining that the first encrypted value and the plaintext encrypted value are consistent.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are a method, a mobile terminal, a device, as well as a readable storage medium for preventing accessed data from being tampered with. The mobile terminal can: receive a data server access instruction triggered by a user for an application on the mobile terminal, and acquire from the data server a corresponding configuration file of the application and a version control file carrying verification ciphertext; encrypt the acquired configuration file according to a preset encryption method to obtain a corresponding first encrypted value of the configuration file; extract the verification ciphertext from the acquired version control file and decrypt the verification ciphertext to obtain a corresponding plaintext encrypted value; and analyze the consistency between the first encrypted value and the plaintext encrypted value and finally allow the application to access the corresponding accessed data when determining the first encrypted value and the plaintext encrypted value are consistent.

Citations

12 Claims

1. A method of preventing to-be-accessed data from being tampered with in an offline cache, comprising:
- receiving, by a mobile terminal, a data server access instruction triggered by a user for a web-based application on the mobile terminal;
  
  acquiring, from a data server, a corresponding configuration file of the web-based application and a version control file carrying a verification ciphertext in response to the data server access instruction before accessing the data server;
  
  encrypting, by the mobile terminal, the acquired configuration file according to a preset encryption method to obtain a corresponding first encrypted value of the configuration file;
  
  extracting, by the mobile terminal, the verification ciphertext from the acquired version control file and decrypting the extracted verification ciphertext to obtain a corresponding plaintext encrypted value of the verification ciphertext; and
  
  analyzing, by the mobile terminal, whether the first encrypted value and the plaintext encrypted value are consistent or not, and allowing the web-based application to access the to-be-accessed data in response to determining that the first encrypted value and the plaintext encrypted value are consistent.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - rejecting, by the mobile terminal, the web-based application access to the to-be-accessed data when an analyzing result is that the first encrypted value and the plaintext encrypted value are inconsistent;
      
      or generating a reminder message to alert the user that the to-be-accessed data is at a risk of being tampered with.
  - 3. The method of claim 2, wherein extracting the verification ciphertext and decrypting the extracted verification ciphertext comprises:
    - extracting, by the mobile terminal, the verification ciphertext from the version control file and decrypting the extracted verification ciphertext using a public key generated in advance by a key generator, to obtain the corresponding plaintext encrypted value of the verification ciphertext, wherein the public key is matched with a private key in a key pair to which the public key belongs, and the public key is prestored in a corresponding preset type file of the web-based application.
  - 4. The method of claim 3, further comprising, prior to receiving the data server access instruction and acquiring the corresponding configuration file and the version control file:
    - building, by the mobile terminal, the to-be-accessed data of the web-based application, and encrypting the configuration file of the to-be-accessed data according to the preset encryption method, to obtain the corresponding plaintext encrypted value of the configuration file;
      
      encrypting the obtained plaintext encrypted value using the private key generated in advance by the key generator, to obtain the corresponding verification ciphertext of the plaintext encrypted value; and
      
      putting the verification ciphertext in the version control file of the to-be-accessed data, and distributing the to-be-accessed data, the version control file carrying the verification ciphertext, as well as the configuration file to the data server.
  - 5. The method of claim 1, wherein extracting the verification ciphertext and decrypting the extracted verification ciphertext comprises:
    - extracting, by the mobile terminal, the verification ciphertext from the version control file and decrypting the extracted verification ciphertext using a public key generated in advance by a key generator, to obtain the corresponding plaintext encrypted value of the verification ciphertext, wherein the public key is matched with a private key in a key pair to which the public key belongs, and the public key is prestored in a corresponding preset type file of the web-based application.
  - 6. The method of claim 5, further comprising, prior to receiving the data server access instruction and acquiring the corresponding configuration file and the version control file:
    - building, by the mobile terminal, the to-be-accessed data of the web-based application, and encrypting the configuration file of the to-be-accessed data according to the preset encryption method, to obtain the corresponding plaintext encrypted value of the configuration file;
      
      encrypting the obtained plaintext encrypted value using the private key generated in advance by the key generator, to obtain the corresponding verification ciphertext of the plaintext encrypted value; and
      
      putting the verification ciphertext in the version control file of the to-be-accessed data, and distributing the to-be-accessed data, the version control file carrying the verification ciphertext, as well as the configuration file to the data server.
  - 7. The method of claim 1, wherein the preset encryption method comprises a message digest algorithm.

8. A device for preventing to-be-accessed data from being tampered with in an offline cache, the device comprising a processing unit, as well as a system for preventing the to-be-accessed data from being tampered with, an input/output unit, a communication unit, and a storage unit that are coupled to the processing unit, wherein the input/output unit is configured for inputting a user instruction and outputting response data of the device for preventing the to-be-accessed data from being tampered with to the input user instruction;
- the communication unit is configured for a communicative connection with a mobile terminal or a background server;
  
  the storage unit is configured for storing the system for preventing the to-be-accessed data from being tampered with as well as operating data of the system;
  
  the processor unit is configured for executing the system for preventing the to-be-accessed data from being tampered with,wherein, the device is configured forreceiving a data server access instruction triggered by a user for a web-based application, and acquiring from the data server a corresponding configuration file of the application and a version control file carrying verification ciphertext;
  
  encrypting the acquired configuration file according to a preset encryption method to obtain a corresponding first encrypted value of the configuration file;
  
  extracting from the acquired version control file the verification ciphertext and decrypting the extracted verification ciphertext to obtain a corresponding plaintext encrypted value of the verification ciphertext; and
  
  analyzing whether the first encrypted value and the plaintext encrypted value are consistent or not and allowing the web-based application to access the to-be-accessed data in response to determining that the first encrypted value and the plaintext encrypted value are consistent.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The device of claim 8, wherein the processing unit is further configured for executing the system for preventing the to-be-accessed data from being tampered with to cause the device to perform the following operations:
    - rejecting the web-based application access to the to-be-accessed data when an analyzing result is that the first encrypted value and the plaintext encrypted value are inconsistent;
      
      or generating a reminder message to alert the user that the to-be-accessed data is at a risk of being tampered with.
  - 10. The device of claim 8, wherein extracting the verification ciphertext and decrypting the extracted verification ciphertext comprises:
    - extracting the verification ciphertext from the version control file and decrypting the extracted verification ciphertext using a public key generated in advance by a key generator, to obtain the corresponding plaintext encrypted value of the verification ciphertext, wherein the public key is matched with a private key in a key pair to which the public key belongs, and the public key is prestored in a corresponding preset type file of the web-based application.
  - 11. The device of claim 10, wherein the processing unit is further configured for executing the system for preventing the to-be-accessed data from being tampered with to cause the device to perform the following operations:
    - building the to-be-accessed data of the web-based application, and encrypting the configuration file of the to-be-accessed data according to the preset encryption method, to obtain the corresponding plaintext encrypted value of the configuration file;
      
      encrypting the obtained plaintext encrypted value using the private key generated in advance by the key generator, to obtain the corresponding verification ciphertext of the plaintext encrypted value; and
      
      putting the verification ciphertext in the version control file of the to-be-accessed data, and distributing the to-be-accessed data, the version control file carrying the verification ciphertext, as well as the configuration file to the data server.
  - 12. The device of claim 8, wherein the preset encryption method comprises a message digest algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ping An Technology (Shenzhen) Co., Ltd. (Ping An Insurance (Group) Company of China, Ltd.)
Original Assignee
Ping An Technology (Shenzhen) Co., Ltd. (Ping An Insurance (Group) Company of China, Ltd.)
Inventors
Chen, Jianwei, Cao, Huiling
Primary Examiner(s)
Kabir, Jahangir

Application Number

US15/736,364
Publication Number

US 20180183575A1
Time in Patent Office

869 Days
Field of Search

713189, 713193, 713194
US Class Current
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/3228   One-time or temporary data,...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

H04W 12/03   Protecting confidentiality,...

H04W 12/08   Access security

H04W 12/106   Packet or message integrity

H04W 12/12   Detection or prevention of ...

H04W 88/02   Terminal devices

Method, mobile terminal, device, and readable storage medium for preventing accessed data from being tampered with

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method, mobile terminal, device, and readable storage medium for preventing accessed data from being tampered with

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links