METHOD, APPARATUS, AND SYSTEM OF DETEC TING DATA

SECURITY

CROS S-REFERENCES TO RELATED APPLICATIONS

[0001] This application claims priority to Chinese Patent Application No. 201310323073.X, filed on July 29, 2013, the entire contents of which are incorporated herein by reference.

FIELD OF THE DISCLOSURE

[0002] The present disclosure relates to the field of communication technology and, more particularly, relates to methods, apparatus, and systems of detecting data security.

BACKGROUND

[0003] With the development of communication technology, data security is getting more and more attention from people. In an example of online games, for certain purposes, some players may cheat, usually by plug-ins. This type of plug-in technology needs to use memory modification tools to modify the key data of the games on a client terminal. This is not only a undermining of fair play, but also a threatening to data security. Anti-plug-in strategies are thus currently developed. Generally, a set of anti-plug-in logic closely related to game logic needs to be developed

independently for varies games. Such set of anti-plug-in logic may be installed on a server for the server to operate and verify the data to prevent players from cheating in the game.

[0004] However, current strategies are developed for each individual game. The logic used is complicated and cannot be generalized to different games. In addition, a large amount of server resources are used, when the server operates and verifies the data for prevent cheating in the game.

BRIEF SUMMARY OF THE DISCLOSURE

[0005] According to various embodiments, there is provided a method of detecting data security. Data for detection are acquired. The data for detection include data that need a security detection and that need to be updated. Whether the data for detection are to be updated for a first time is then determined. When the data for detection are to be updated for the first time is determined, the data for detection can be updated to obtain the updated data for detection, which can then be encrypted to provide first encrypted data. The first encrypted data can be stored. When the data for detection are not to be updated for the first time is determined, an original value of the data for detection can be acquired and encrypted to provide second encrypted data. The stored first encrypted data can be acquired. When the second encrypted data do not equal to the first encrypted data is determined, the data for detection have been unauthorizedly modified can be determined.

[0006] All data that need to be updated can be used as the data for detection. Alternatively, in order to reduce the burden of detection and improve system performance, only key data are detected and updated, while regular data other than the key data can be updated using conventional methods.

[0007] What need for detection that can be configured, according to specific practical applications. The configuration can be configured directly in the client or be issued by a server. For example, before acquiring data for detection, the method of detecting data security further includes: receiving address configuration information of data that need to be monitored from the server.

Whether the security detection is needed for the data can be determined according to the address configuration information of the data. The acquiring of data for detection can include acquiring the data for detection after the need of security detection is determined for the data.

[0008] Optionally, when the second encrypted data do not equal to the first encrypted data is determined, the second encrypted data may also be stored.

[0009] After that the data have been unauthorizedly modified is determined, a message indicating the unauthorizedly modification of the data can be notified to the server. For example, after determining that the data have been unauthorizedly modified, the method may further include: sending a notification message to the server. The notification message indicates that the data have been unauthorizedly modified.

[0010] According to various embodiments, there is provided an apparatus of detecting data security. The apparatus of detecting data security includes an acquiring unit, a determining unit, a first processing unit, and a second processing unit.

[0011] The acquiring unit is configured to acquire data for detection. The data for detection include data that need a security detection and that need to be updated. The determining unit is configured to determine whether the data for detection are to be updated for a first time. The first processing unit is configured, after determining that the data for detection are to be updated for the first time, to update the data for detection, to obtain the updated data for detection, to encrypt the updated data for detection to provide first encrypted data, and to save the first encrypted data. The second processing unit is configured, after determining that the data for detection are not to be updated for the first time, to acquire an original value of the data for detection, to encrypt the original value to provide second encrypted data, to acquire the stored first encrypted data, and to determine that the data for detection have been unauthorizedly modified, after determining that the second encrypted data do not equal to the first encrypted data.

[0012] The acquiring unit is further configured to acquire data that need to be updated, and determine that the data that need to be updated are the data for detection. The acquiring unit is further configured to acquire data that need to be updated, and, after determining that the data that need to be updated are key data, determine that the data that need to be updated are the data for detection. [0013] The apparatus of detecting data security further includes a receiving unit and a determining unit. The receiving unit is configured to receive address configuration information of data that need to be monitored sent from a server. The determining unit is configured to determine whether the security detection is needed for the data, according to the address configuration information of the data. The acquiring unit is configured, after determining that the security detection is needed for the data, to acquire the data as the data for detection.

[0014] The second processing unit is further configured to send a notification message to the server after determining that the data for detection have been unauthorizedly modified. The notification message indicates that the data have been unauthorizedly modified.

[0015] Optionally, the second processing unit is further configured to store the second encrypted data, when that the second encrypted data do not equal to the first encrypted data is determined.

[0016] According to various embodiments, there is provided a communication system including the disclosed apparatus of detecting data security.

[0017] Other aspects or embodiments of the present disclosure can be understood by those skilled in the art in light of the description, the claims, and the drawings of the present disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

[0018] The following drawings are merely examples for illustrative purposes according to various disclosed embodiments and are not intended to limit the scope of the present disclosure.

[0019] FIG. 1 depicts an exemplary method of detecting data security consistent with various disclosed embodiments;

[0020] FIG. 2a depicts an exemplary client consistent with various disclosed embodiments;

[0021] FIG. 2b depicts another exemplary method of detecting data security consistent with various disclosed embodiments;

[0022] FIG. 3 depicts another exemplary method of detecting data security consistent with various disclosed embodiments;

[0023] FIG. 4 depicts an exemplary apparatus of detecting data security consistent with various disclosed embodiments;

[0024] FIG. 5 depicts an exemplary terminal device consistent with various disclosed embodiments; and

[0025] FIG. 6 depicts an exemplary environment incorporating certain disclosed

embodiments.

DETAILED DESCRIPTION

[0026] Reference will now be made in detail to exemplary embodiments of the disclosure, which are illustrated in the accompanying drawings. Wherever possible, the same reference numbers will be used throughout the drawings to refer to the same or like parts. [0027] FIGS. 1-5 depict exemplary methods and apparatus of detecting data security in accordance with various disclosed embodiments. The exemplary methods and apparatus can be implemented, for example, in an exemplary environment 600 as shown in FIG. 6.

[0028] As shown in FIG. 6, the environment 600 can include a server 604, a terminal 606, and a communication network 602. The server 604 and the terminal 606 may be coupled through the communication network 602 for information exchange, for example, Internet searching, webpage browsing, etc. Although only one terminal 606 and one server 604 are shown in the environment 600, any number of terminals 606 or servers 604 may be included, and other devices may also be included.

[0029] The communication network 602 may include any appropriate type of communication network for providing network connections to the server 604 and terminal 606 or among multiple servers 604 or terminals 606. For example, the communication network 602 may include the Internet or other types of computer networks or telecommunication networks, either wired or wireless.

[0030] A terminal, as used herein, may refer to any appropriate user terminal device with certain computing capabilities, for example, a personal computer (PC), a work station computer, a notebook computer, a car computer (e.g., carrying in a car or other vehicles), a server computer, a hand-held computing device (e.g., a tablet computer), a mobile terminal (e.g., a mobile phone, a smart phone, an iPad, and/or an aPad), a POS (i.e., point of sale) device, or any other user-side computing device. In various embodiments, the terms "terminal" and "terminal device" can be used interchangeably.

[0031] A server, as used herein, may refer one or more server computers configured to provide certain server functionalities, for example, search engines and database management. A server may also include one or more processors to execute computer programs in parallel. The server 604 and the terminal 606 may be implemented on any appropriate computing platform, e.g., as shown in FIG. 5.

[0032] In operation, the terminal 606 may cause the server 604 to perform certain actions, for example, an Internet search or other database operations. The server 604 may be configured to provide structures and functions for such actions and operations. More particularly, the server 604 may include a data searching system for real-time database searching. In various embodiments, a terminal, for example, a mobile terminal involved in the disclosed methods and systems can include the terminal 606.

[0033] Methods, apparatus, and systems of detecting data security are provided. Exemplary apparatus of detecting data security can be integrated in a client. The client can be installed in a terminal device. The terminal device can include, but is not limited to, smart phones, tablet computers, e-book readers, moving picture experts group audio layer III (MP3) players, moving picture experts group audio layer IV (MP4) players, laptops, and/or desktop computers. The terminal device can be any device as depicted in FIG. 6.

[0034] In an exemplary method of detecting data security, data for detection are acquired.

The data for detection include data that need a security detection and that need to be updated.

Whether the data for detection are to be updated for a first time is then determined. When the data for detection are to be updated for the first time is determined, the data for detection can be updated to obtain the updated data for detection, which can then be encrypted to provide first encrypted data. The first encrypted data can be stored. When the data for detection are not to be updated for the first time is determined, an original value of the data for detection can be acquired and encrypted to provide second encrypted data. The stored first encrypted data can be acquired. When the second encrypted data do not equal to the first encrypted data is determined, the data for detection have been unauthorizedly modified can be determined.

[0035] FIG. 1 depicts an exemplary method of detecting data security consistent with various disclosed embodiments. In Step 101, data for detection are acquired. The data for detection include data that need a security detection and that need to be updated.

[0036] For example, all data that need to be updated can be taken as the data for detection.

Alternatively, in order to reduce the burden of detection and improve system performance, only key data are detected and updated, while regular data other than the key data can be updated using conventional methods.

[0037] For example, Step 101 of acquiring data for detection can include the following. Data that need to be updated is acquired and determined as the data for detection. Or, data that need to be updated is acquired and also determined as the key data, such data can be determined as the data for detection.

[0038] Further, what data need for detection that can be configured, according to specific practical applications. The configuration can be configured directly in the client or be issued by a server. For example, before acquiring data for detection, the method of detecting data security further includes: receiving address configuration information of data that need to be monitored from the server. Whether the security detection is needed for the data can be determined according to the address configuration information of the data. The acquiring of data for detection can include acquiring the data for detection after the need of security detection is determined for the data.

[0039] In Step 102, it is determined whether the data for detection acquired from Step 101 are to be updated for a first time. When it is the first time to be updated, Step 103 can be executed. When it is not the first time to be updated, Step 104 can be executed.

[0040] For example, a record of update history can be searched for the data for detection.

When a historical record of update exists, it is determined that the data for detection are not to be updated for the first time. When the historic record of update does not exist, it is determined that the data for detection are to be updated for the first time.

[0041] In another example, whether the data for detection has corresponding updated data can be searched. When the corresponding updated data exist, it is determined that the data for detection are not to be updated for the first time. When the corresponding updated data do not exist, it is determined that the data for detection are to be updated for the first time. Of course, other suitable methods of determining whether the data for detection are to be updated for the first time can be used and included without limitation.

[0042] In Step 103, when the data for detection are to be updated for the first time, the data for detection can be updated to obtain updated data for detection. The updated data for detection can be encrypted to provide first encrypted data. The first encrypted data can be stored.

[0043] For example, an encryption algorithm can be configured according to specific practical applications. The storing method and storing address of the first encrypted data can be configured according to actual needs. For example, the first encrypted data can be stored in a certain address of a memory

[0044] In Step 104, when it is determined that the data for detection are not to be updated for the first time, an original value of the data for detection can be acquired and encrypted to provide second encrypted data. The stored first encrypted data can be acquired (e.g., the first encrypted data stored when previously updated, e.g., for the first time). It is determined whether the second encrypted data equal to the first encrypted data. When the second encrypted data equal to the first encrypted data, the data for detection that are not to be updated for the first time (or have otherwise been updated previously) can be determined having had an authorized update. When the second encrypted data do not equal to the first encrypted data, the data for detection that are not to be updated for the first time (or have otherwise been updated previously) can be determined having been unauthorizedly modified.

[0045] For example, the encryption algorithm can be configured according to specific practical applications and can be consistent with the encryption algorithm depicted in Step 103.

[0046] Optionally, when the second encrypted data do not equal to the first encrypted data is determined, the second encrypted data can also be stored. The storing method and storing address of the second encrypted data can be configured according to specific practical applications. For example, the second encrypted data can be stored in a certain address of a memory.

[0047] Further, after that the data have been unauthorizedly modified is determined, a message indicating the unauthorizedly modification of the data can be notified to the server. For example, after determining that the data have been unauthorizedly modified, the method of detecting data security may further include: sending a notification message to the server. The notification message indicates that the data have been unauthorizedly modified. [0048] In this manner, data for detection are acquired. Whether the data for detection are to be updated for a first time is determined. When the data for detection are to be updated for the first time, the data for detection can be updated to obtain updated data for detection, which can then be encrypted to provide first encrypted data. The first encrypted data can be stored. When the data for detection are not to be updated for the first time, an original value of the data for detection can be acquired and encrypted to provide second encrypted data. The second encrypted data are compared with the stored first encrypted data. When the second encrypted data do not equal to the first encrypted data, then the data that are not to be updated for the first time can be determined having been unauthorizedly modified.

[0049] The disclosed method is simple to be implemented without relying on specific logical of a certain application (e.g. a game). Indeed, the disclosed method can be applied and generalized to any applications. For example, even if the applied application changes its version, there is no need to re-design detecting logic according to the changed version of the application. Development and maintenance costs can be reduced significantly. Further, since most operations and verifications as disclosed do not need to be implemented by the server, occupancy of server resources can be reduced, and system performance and user experience can be improved.

[0050] Exemplary methods of detecting data security can also be provided in FIGS. 2-3. In one embodiment, the disclosed methods can be applied to game data and an apparatus for

implementing the disclosed methods can be integrated into a client.

[00 1] As depicted in FIG. 2a, a client may include a game logic module, a game data managing module, and a detecting module. The detecting module may include a WriteValue interface.

[0052] The game logic module is configured to read and write game data through the game

Data managing module, to run the game data, and to update game data normally (or regularly) when the detecting module determines that the game data do not need data security detecting. The game data managing module is configured to manage the game data, e.g., to provide the game data to the game logic module or the detecting module.

[0053] The detecting module can be an anti-plug-in module. The detecting module may include the WriteValue interface. The WriteValue interface is used to register monitoring SetValue event to the game data managing module, to receive the data for detection sent from the game data managing module through the WriteValue interface when the game data is determined that needs to conduct a security detection, and to conduct the security detection and data update for the data for detection. For example, whether the data for detection are to be updated for a first time can be determined.

[0054] When the data for detection are to be updated for the first time, the data for detection can be updated to obtain the updated data for detection. The updated data for detection can then be encrypted to provide first encrypted data. The first encrypted data can be stored. When the data for detection are not to be updated for the first time, an original value of the data for detection can be acquired and encrypted to provide second encrypted data. The stored first encrypted data can be acquired. When the second encrypted data do not equal to the first encrypted data, the data for detection can be determined that have been unauthorizedly modified.

[0055] Based on the configuration of the above client, FIG. 2b depicts an exemplary method of detecting data security. In Step 201, the game logical module receives a game data updating request.

[0056] In Step 202, the game logic module acquires data that need to be updated through the

Data Managing module according to the game data updating request, and determines whether the data that need to be updated is the key data of the game. When it is determined as the key data of the game, the data that need to be updated is determined to be data for detection. The WriteValue interface of detecting module can be called; and Step 203 can be executed. When it is determined the data that need to be updated is not the key data of the game, the data that need to be updated can be updated as usual. For example, any suitable data updating methods can be used and encompassed according to various embodiments.

[0057] It should be appreciated that this step can be optional. For example, it is not necessary to determine whether the data that need to be updated are key data, but all data that need to be updated can be used as data for detection.

[0058] In Step 203, the WriteValue interface of the detecting module acquires data for detection through the game date managing module, and determines whether the data for detection are to be updated for a first time. When it is the first time to be updated, Step 204 can be executed. When it is not the first time to be updated, Step 205 can be executed.

[0059] For example, a record of update history can be searched for the data for detection.

When a historical record of update exists, it is determined that the data for detection are not to be updated for the first time. When the historic record of update does not exist, it is determined that the data for detection are to be updated for the first time.

[0060] In another example, whether the data for detection has corresponding updated data can be searched. When the corresponding updated data exist, it is determined that the data for detection are not to be updated for the first time. When the corresponding updated data do not exist, it is determined that the data for detection are to be updated for the first time. Of course, other suitable methods of determining whether the data for detection are to be updated for the first time can be used and included without limitation.

[0061] In Step 204, when the WriteValue interface of the detecting module determines the data for detection are to be updated for the first time, the data for detection can be updated to obtain the updated data for detection. The updated data for detection can be encrypted to provide first encrypted data.

[0062] For example, an encryption algorithm can be configured according to specific practical applications. The storing method and storing address of the first encrypted data can be configured according to actual needs. For example, the first encrypted data can be stored in a certain address of a memory.

[0063] In Step 205, when the WriteValue interface of the detecting module determines that the data for detection are not to be updated for the first time, an original value of the data for detection can be acquired and encrypted to provide second encrypted data. The stored first encrypted data can be acquired (e.g., the first encrypted data stored when previously updated, e.g., for the first time). It is determined whether the second encrypted data equal to the first encrypted data. When the second encrypted data equal to the first encrypted data, the data for detection that are not to be updated for the first time (or have otherwise been updated previously) can be determined having had an authorized update. When the second encrypted data do not equal to the first encrypted data, the data for detection that are not to be updated for the first time (or have otherwise been updated previously) can be determined having been unauthorizedly modified.

[0064] For example, the encryption algorithm can be configured according to specific practical applications and can be consistent with the encryption algorithm depicted in Step 204. Optionally, when the second encrypted data do not equal to the first encrypted data is determined, the second encrypted data can also be stored. The storing method and storing address of the second encrypted data can be configured according to specific practical applications. For example, the second encrypted data can be stored in a certain address of a memory.

[0065] In Step 206, the WriteValue interface of the detecting module sends a notification message to the server. The notification message indicates that the data have been unauthorizedly modified.

[0066] In this manner, the detecting module takes over operations for updating game data, e.g., that used to be executed by a game logic module. The detecting module acquires data for detection. Whether the data for detection are to be updated for a first time is determined. When the data for detection are to be updated for the first time, the data for detection can be updated to obtain updated data for detection, which can then be encrypted to provide first encrypted data. The first encrypted data can be stored. When the data for detection are not to be updated for the first time, an original value of the data for detection can be acquired and encrypted to provide second encrypted data. The second encrypted data are compared with the stored first encrypted data. When the second encrypted data do not equal to the first encrypted data, then the data that are not to be updated for the first time can be determined having been unauthorizedly modified. The disclosed method is simple to be implemented without relying on specific logical of a certain application (e.g. a game). [0067] Indeed, the disclosed method can be applied and generalized to any applications. For example, even if the applied application changes its version, there is no need to re-design detecting logic according to the changed version of the application. Development and maintenance costs can be reduced significantly. Further, since most operations and verifications as disclosed do not need to be implemented by the server, occupancy of server resources can be reduced, and system

performance and user experience can be improved.

[0068] Optionally, what data need for detection that can be configured, according to specific practical applications. The configuration can be configured directly in the client or be issued by a server. The following example is based on issuing configuration by the server.

[0069] Similar to the embodiment as depicted in FIG. 2B, for illustration purposes, the exemplary method in FIG. 3 can be described based on the client as depicted in FIG. 2a. FIG. 3 depicts another exemplary method of detecting data security consistent with various disclosed embodiments.

[0070] In Step 301, a server reads game data address, which needs to be monitored, from a pre-set configuration file.

[0071] In Step 302, the server sends the configuration information of the data address that needs to be monitored to a game logic module. The configuration information of the data address that needs to be monitored includes the game data address that needs to be monitored as read in Step 301.

[0072] In Step 303, the game logic module receives a game data updating request (or a request for updating game data).

[0073] In Step 304, the game logic module acquires data that need to be updated through the

Data Managing module according to the game data updating request, and determines whether the data that need to be updated need data security detection according to the configuration information of the data address received in Step 302. When the data need to conduct data security detection, then Step 305 can be executed. When the data do not need to conduct data security detection, the data that need to be updated can be updated as usual. For example, any suitable data updating methods can be used and encompassed according to various embodiments.

[0074] In Step 305, the game logic module determines whether the data that need to be updated is the key data of the game. When it is determined as the key data of the game, the data that need to be updated is determined to be data for detection. The WriteValue interface of detecting module can be called, and Step 306 can be executed. When it is determined the data that need to be updated is not the key data of the game, the data that need to be updated can be updated as usual. For example, any suitable data updating methods can be used and encompassed according to various embodiments. [0075] It should be appreciated that this step can be optional. For example, it is not necessary to determine whether the data that need to be updated are key data, but all data that need to be updated can be used as data for detection.

[0076] In Step 306, the WriteValue interface of the detecting module acquires data for detection through the game date managing module. It is determined whether the data for detection are to be updated for a first time. When it is the first time to be updated, Step 307 can be executed. When it is not the first time to be updated, Step 308 can be executed.

[0077] For example, a record of update history can be searched for the data for detection.

When a historical record of update exists, it is determined that the data for detection are not to be updated for the first time. When the historic record of update does not exist, it is determined that the data for detection are to be updated for the first time.

[0078] In another example, whether the data for detection has corresponding updated data can be searched. When the corresponding updated data exist, it is determined that the data for detection are not to be updated for the first time. When the corresponding updated data do not exist, it is determined that the data for detection are to be updated for the first time. Of course, other suitable methods of determining whether the data for detection are to be updated for the first time can be used and included without limitation.

[0079] In Step 307, when the WriteValue interface of the detecting module determines the data for detection are to be updated for the first time, the data for detection can be updated to obtain the updated data for detection. The updated data for detection can be encrypted to provide first encrypted data.

[0080] For example, an encryption algorithm can be configured according to specific practical applications. The storing method and storing address of the first encrypted data can be configured according to actual needs. For example, the first encrypted data can be stored in a certain address of a memory.

[0081] In Step 308, when the WriteValue interface of the detecting module determines the data for detection are not to be updated for the first time, an original value of the data for detection can be acquired and encrypted to provide second encrypted data. The stored first encrypted data can be acquired (e.g., the first encrypted data stored when previously updated, e.g., for the first time). It is determined whether the second encrypted data equal to the first encrypted data. When the second encrypted data equal to the first encrypted data, the data for detection that are not to be updated for the first time (or have otherwise been updated previously) can be determined having had an authorized update. When the second encrypted data do not equal to the first encrypted data, the data for detection that are not to be updated for the first time (or have otherwise been updated previously) can be determined having been unauthorizedly modified, e.g. via the plug- in technique. [0082] For example, the encryption algorithm can be configured according to specific practical applications and can be consistent with the encryption algorithm depicted in Step 307.

[0083] Optionally, when the second encrypted data do not equal to the first encrypted data is determined, the second encrypted data can also be stored. The storing method and storing address of the second encrypted data can be configured according to specific practical applications. For example, the second encrypted data can be stored in a certain address of a memory.

[0084] In Step 309, the WriteValue interface of the detecting module sends a notification message to the server. The notification message indicates that the data have been unauthorizedly modified.

[0085] In this manner, the server is configured to issue the configuration file, and the detecting module takes over operations for updating game data, e.g., that used to be executed by a game logic module. The detecting module acquires data for detection. Whether the data for detection are to be updated for a first time is determined. When the data for detection are to be updated for the first time, the data for detection can be updated to obtain updated data for detection, which can then be encrypted to provide first encrypted data. The first encrypted data can be stored. When the data for detection are not to be updated for the first time, an original value of the data for detection can be acquired and encrypted to provide second encrypted data. The second encrypted data are compared with the stored first encrypted data. When the second encrypted data do not equal to the first encrypted data, then the data that are not to be updated for the first time can be determined having been unauthorizedly modified.

[0086] The disclosed method is simple to be implemented without relying on specific logical of a certain application (e.g. a game). Indeed, the disclosed method can be applied and generalized to any applications. For example, even if the applied application changes its version, there is no need to re-design detecting logic according to the changed version of the application. Development and maintenance costs can be reduced significantly. Further, since most operations and verifications as disclosed do not need to be implemented by the server, occupancy of server resources can be reduced, and system performance and user experience can be improved.

[0087] Various embodiments further provide an exemplary apparatus of detecting data security. As depicted in FIG. 4, an exemplary apparatus of detecting data security includes an acquiring unit 401, a determining unit 402, a first processing unit 403, and a second processing unit 404.

[0088] The acquiring unit 401 is configured to acquire data for detection. The data for detection include data that need a security detection and that need to be updated.

[0089] For example, all data that need to be updated can be taken as the data for detection.

Alternatively, in order to reduce the burden of detection and improve system performance, only key data are detected and updated, while regular data other than the key data can be updated using conventional methods.

[0090] The acquiring unit 401 is configured to acquire data that need to be updated, which is determined as the data for detection. Or the acquiring unit 401 can acquire data that need to be updated, and determine that the data that need to be updated is data for detection after the data that need to be updated is determined to be key data.

[0091] The determining unit 402 is configured to determine whether the data for detection acquired by the acquiring unit 401 are to be updated for a first time. For example, the determining unit 402 can search a record of update history for the data for detection. When a historical record of update exists, it is determined that the data for detection are not to be updated for the first time. When the historic record of update does not exist, it is determined that the data for detection are to be updated for the first time.

[0092] In another example, the determining unit 402 can search for whether the data for detection has corresponding updated data. When the corresponding updated data exist, it is determined that the data for detection are not to be updated for the first time. When the

corresponding updated data do not exist, it is determined that the data for detection are to be updated for the first time. Of course, other suitable methods of determining whether the data for detection are to be updated for the first time can be used and included without limitation.

[0093] The first processing unit 403 is configured to, when the data for detection are determined to be updated for the first time by the determining unit 402, to update the data for detection, to obtain the updated data for detection, to encrypt the updated data for detection to provide first encrypted data, and to store the first encrypted data.

[0094] For example, an encryption algorithm can be configured according to specific practical applications. The storing method and storing address of the first encrypted data can be configured according to actual needs. For example, the first encrypted data can be stored in a certain address of a memory.

[0095] The second processing unit 404 is configured to, when the data for detection are determined not be updated for the first time by the determining unit 402, to acquire original value of the data for detection, to encrypt the original value to provide second encrypted data, to acquire the stored first encrypted data, to determine that the data for detection have been unauthorizedly modified when the second encrypted data do not equal to the first encrypted data.

[0096] For example, the encryption algorithm can be configured according to specific practical applications and can be consistent with the encryption algorithm depicted in Step 103.

[0097] Optionally, when the second encrypted data do not equal to the first encrypted data is determined, the second encrypted data can also be stored. For example, the second processing unit 404 can be configured to store the second encrypted when the second encrypted is determined that do not equal to the first encrypted data.

[0098] Further, the storing method and storing address of the second encrypted data can be configured according to specific practical applications. For example, the second encrypted data can be stored in a certain address of a memory.

[0099] Further, after that the data have been unauthorizedly modified is determined, a message indicating the unauthorizedly modification of the data can be notified to the server. For example, after determining that the data have been unauthorizedly modified, the second processing unit 404 can be configured to send a notification message to the server. The notification message indicates that the data have been unauthorizedly modified.

[00100] Optionally, what data need for detection that can be configured, according to specific practical applications. The configuration can be configured directly in the client or be issued by a server. For example, the apparatus of detecting data security can further include a receiving unit and a Confirming Unit.

[00101] The receiving unit is configured to receive the address configuration information of data that need to be monitored from the server.

[00102] The determining unit is configured to determine whether the security detection is needed for that data according to the address configuration information of the data received from the receiving unit. The acquiring unit 401 is configured to acquire the data for detection after the need of security detection is determined for the data.

[00103] In varied embodiments, the units disclosed herein can be implemented either alone, or in combination according to the disclosed methods. The units disclosed herein be implemented as a same unit or multiple unites. For example, the client shown in FIGS. 2-3 can be used.

[00104] The apparatus of detecting data security can be integrated in a client. The client can be installed in a terminal device. The terminal device can include, but is not limited to, smart phones, tablet computers, e-book readers, MP3 players, MP4 players, laptops, and desktop computers.

[00105] In this manner, the acquiring unit 401 of the exemplary apparatus of detecting data security acquires data for detection. The determining unit 402 determines whether the data for detection are to be updated for a first time. When the data for detection are to be updated for the first time, the data for detection can be updated to obtain updated data for detection by the first processing unit 403. The updated data for detection can then be encrypted to provide first encrypted data. The first encrypted data can be stored. When the data for detection are not to be updated for the first time, an original value of the data for detection can be acquired and encrypted to provide second encrypted data by the second first processing unit 404. The second encrypted data are compared with the stored first encrypted data. When the second encrypted data do not equal to the first encrypted data, then the data that are not to be updated for the first time can be determined having been unauthorizedly modified.

[00106] The disclosed method is simple to be implemented without relying on specific logical of a certain application (e.g. a game). Indeed, the disclosed method can be applied and generalized to any applications. For example, even if the applied application changes its version, there is no need to re-design detecting logic according to the changed version of the application. Development and maintenance costs can be reduced significantly. Further, since most operations and verifications as disclosed do not need to be implemented by the server, occupancy of server resources can be reduced, and system performance and user experience can be improved.

[00107] Accordingly, an exemplary communication system can be provided. The exemplary communication system can include any apparatus of detecting data security. Further, the

communication system may also include other apparatus, such as a server.

[00108] The server may be configured to receive the notification message sent by the apparatus of detecting data security (e.g., the second processing unit 404 of the apparatus of detecting data security). The notification message indicates that the data have been unauthorizedly modified.

[00109] Optionally, the server can be configured to read game data address that need to monitored from the pre-set configuration file, and to send the configuration information of the data that need to be monitored to the apparatus of detecting data security (e.g., in particular, the acquiring unit 401 of the apparatus of detecting data security). The configuration information of the data that need to be monitored includes the game data address that need to be monitored, read in Step 301.

[00110] Specific implementation of each apparatus can be referred to the above-described embodiments. Since the communication system includes any apparatus of detecting data security provided by various embodiments, the communication system can achieve the same positive effect as the apparatus of detecting dada security provided by various embodiments.

[00111] FIG. 5 is a structural diagram of an exemplary terminal device 500 consistent with various disclosed embodiments. The disclosed apparatus can be included in the exemplary terminal device 500.

[00112] The exemplary terminal device 500 can include an RF (Radio Frequency) circuit 501, a memory device 502 including one or more computer-readable storage media, an input unit 503, a display unit 504, a sensor 505, an audio circuit 506, a WIFI (Wireless Fidelity) module 507, a processor 508 including one or more processing cores, a power supply 509, and/or other components. In various embodiments, the terminal device(s) described herein can include more or less

components as depicted in FIG. 5. Certain parts can be omitted, combined, replaced, and/or added.

[00113] The RF circuit 501 may be used to send and receive information or send and receive signal during communication. In particular, after receiving downlink information from a base station, such information can be processed by the one or more processors 508. Further, the data related to the uplink can be sent to the base station. Generally, the RF circuit 501 can include, but be not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, user identity module (SIM) card, a transceiver, a coupler, LNA (i.e., Low Noise Amplifier), duplexer, etc. In addition, the RF circuit 501 may communicate with other devices via a wireless communication network. The wireless communication may use any communication standards or protocols, including but not limited to, GSM (Global System for Mobile Communications), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), e-mail, SMS (Short Messaging Service), etc.

[00114] The memory device 502 can be used for storing software programs and modules, such as those software programs and modules corresponding to the terminal device and the third party service provider as described in FIGS. 3-5 for business processing. By running software programs and modules stored in the memory device 502, the processor 508 can perform various functional applications and data processing to achieve business processing. The memory device 502 can include a program storage area and a data storage area. The program storage area can store the operating system, applications (such as sound playback, image playback, etc.) required by at least one function. The data storage area can store data (such as audio data, phone book, etc.) created when using the terminal device 500. In addition, the memory device 502 may include a high-speed random access memory, a non-volatile memory, such as at least one disk memory, flash memory, and/or other volatile solid-state memory elements. Accordingly, the memory device 502 may further include a memory controller to provide the processor 508 and the input unit 503 with access to the memory device 502.

[00115] The input unit 503 can be used to receive inputted numeric or character information, and to generate signal input of keyboard, mouse, joystick, and trackball or optical signal input related to the user settings and function controls. Specifically, the input unit 503 may include a touch sensitive surface and other input device(s). The touch-sensitive surface, also known as a touch screen or touch panel, may collect touch operations that a user conducts on or near the touch- sensitive surface. For example, a user may use a finger, a stylus, and any other suitable object or attachment on the touch-sensitive surface or on an area near the touch-sensitive surface. The touch- sensitive surface may drive a connecting device based on a preset program. Optionally, the touch sensitive surface may include a touch detection device and a touch controller. The touch detection device can detect user's touch position and detect a signal due to a touch operation and send the signal to the touch controller. The touch controller can receive touch information from the touch detection device, convert the touch information into contact coordinates to send to the processor 508, and receive commands sent from the processor 508 to execute. Furthermore, the touch sensitive surface can be realized by resistive, capacitive, infrared surface acoustic wave, and/or other types of surface touch. In addition to the touch sensitive surface, the input unit 503 may also include other input device(s). Specifically, the other input device(s) may include, but be not limited to, a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), a trackball, a mouse, an operating lever, or combinations thereof.

[00116] The display unit 504 can be used to display information inputted by the user, information provided to the user, and a variety of graphical user interfaces of the terminal device 500. These graphical user interfaces can be formed by images, text, icons, videos, and/or any

combinations thereof. The display unit 504 may include a display panel configured by, e.g., LCD (Liquid Crystal Display), OLED (Organic Light-Emitting Diode), etc. Further, the touch sensitive surface may cover the display unit 504. When the touch sensitive surface detects a touch operation on or near the touch sensitive surface, the touch operation can be sent to the processor 508 to determine a type of the touch operation. Accordingly, the processor 508 can provide visual output on the display unit 504. Although in FIG. 5 the touch-sensitive surface and the display panel are shown as two separate components to achieve input and output functions, in some embodiments, the touch sensitive surface and the display panel can be integrated to perform input and output functions.

[00117] The terminal device 500 may further include at least one sensor 505, such as optical sensors, motion sensors, and other suitable sensors. Specifically, the optical sensors may include an ambient optical sensor and a proximity sensor. The ambient optical sensor may adjust brightness of the display panel according to the brightness of ambient light. The proximity sensor can turn off the display panel and/or turn backlighting, when the terminal device 500 moves to an ear. As a type of motion sensor, a gravity sensor may detect amount of an acceleration in each direction (e.g., including three axis) and detect magnitude and direction of gravity when in stationary. The gravity sensor can be used to identify phone posture (for example, switching between horizontal and vertical screens, related games, magnetometer calibration posture, etc.), vibration recognition related functions (e.g., pedometer, percussion, etc.), etc. The terminal device 500 can also be configured with, e.g., a gyroscope, a barometer, a hygrometer, a thermometer, an infrared sensor, and/or other sensors.

[00118] The audio circuit 506, the speaker, and the microphone may provide an audio interface between the user and terminal device 500. The audio circuit 506 may transmit an electrical signal converted from the received audio data to the speaker to convert into audio signal output. On the other hand, the microphone can convert the collected sound signal to an electrical signal, which can be received by the audio circuit 506 to convert into audio data. The audio data can be output to the processor 508 for processing and then use the RF circuit 501 to transmit to, e.g., another terminal device. Alternatively, the audio data can be output to the memory device 502 for further processing. The audio circuit 506 may also include an earplug jack to provide communications between the peripheral headset and the terminal device 500. [00119] WiFi is used as a short-range wireless transmission technology. The terminal device

500 may use the WIFI module 507 to help users send and receive emails, browse websites, access streaming media, etc. The WIFI module 507 can provide users with a wireless or wired broadband Internet access. In various embodiments, the transport module 507 can be configured within or outside of the terminal device 500 as depicted in FIG. 5.

[00120] The processor 508 can be a control center of the terminal device 500: using a variety of interfaces and circuits to connect various parts, e.g., throughout a mobile phone; running or executing software programs and/or modules stored in the memory device 502; calling the stored data in the memory device 502; and/or performing various functions and data processing of the terminal device 500 to monitor the overall mobile phone. Optionally, the processor 508 may include one or more processing cores. In an exemplary embodiment, the processor 508 may integrate application processor with modulation and demodulation processor. The application processor is mainly used to process operating system, user interface, and applications. The modulation and demodulation processor is mainly used to deal with wireless communications. In various embodiments, the modulation and demodulation processor may or may not be integrated into the processor 508.

[00121] The terminal device 500 may further include a power supply 509 (such as a battery) to power various components of the terminal device. In an exemplary embodiment, the power supply can be connected to the processor 508 via the power management system, and thus use the power management system to manage charging, discharging, and/or power management functions. The power supply 509 may also include one or more DC or AC power supplies, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator and/or any other suitable components.

[00122] Although not shown in FIG. 5, the terminal device 500 can further include a camera, a

Bluetooth module, etc. without limitation. Specifically, the processor 508 of the terminal device can follow the instructions below to load executable files corresponding to one or more application programs into the memory 502. The processor 508 can execute application programs stored in the memory 502 to achieve various functions.

[00123] Although not shown in FIG. 5, the terminal device 500 can further include a camera, a

Bluetooth module, etc. without limitation. Specifically, the terminal device can have a display unit of a touch screen display, a memory, and one or more programs stored in the memory. The terminal device can be configured to use one or more processor to execute the one or more programs stored in the memory.

[00124] In an exemplary method, data for detection are acquired. The data for detection include data that need a security detection and that need to be updated. Whether the data for detection are to be updated for a first time is then determined. When the data for detection are to be updated for the first time is determined, the data for detection can be updated to obtain the updated data for detection, which can then be encrypted to provide first encrypted data. The first encrypted data can be stored. When the data for detection are not to be updated for the first time is determined, an original value of the data for detection can be acquired and encrypted to provide second encrypted data. The stored first encrypted data can be acquired. When the second encrypted data do not equal to the first encrypted data is determined, the data for detection have been unauthorizedly modified can be determined.

[00125] Further, all data that need to be updated can be taken as the data for detection.

Alternatively, in order to reduce the burden of detection and improve system performance, only key data are detected and updated, while regular data other than the key data can be updated using conventional methods.

[00126] What need for detection that can be configured, according to specific practical applications. The configuration can be configured directly in the client or be issued by a server. For example, before acquiring data for detection, the method of detecting data security further includes: receiving address configuration information of data that need to be monitored from the server.

Whether the security detection is needed for the data can be determined according to the address configuration information of the data. The acquiring of data for detection can include acquiring the data for detection after the need of security detection is determined for the data.

[00127] Optionally, when the second encrypted data do not equal to the first encrypted data is determined, the second encrypted data may also be stored. Further, after that the data have been unauthorizedly modified is determined, a message indicating the unauthorizedly modification of the data can be notified to the server. For example, after determining that the data have been unauthorizedly modified, the method may further includes: sending a notification message to the server. The notification message indicates that the data have been unauthorizedly modified. Specific implementation of each step can be referred to above embodiments.

[00128] In this manner, the terminal device acquires data for detection. Whether the data for detection are to be updated for a first time is determined. When the data for detection are to be updated for the first time, the data for detection can be updated to obtain updated data for detection, which can then be encrypted to provide first encrypted data. The first encrypted data can be stored. When the data for detection are not to be updated for the first time, an original value of the data for detection can be acquired and encrypted to provide second encrypted data. The second encrypted data are compared with the stored first encrypted data. When the second encrypted data do not equal to the first encrypted data, then the data that are not to be updated for the first time can be determined having been unauthorizedly modified.

[00129] The disclosed method is simple to be implemented without relying on specific logical of a certain application (e.g. a game). Indeed, the disclosed method can be applied and generalized to any applications. For example, even if the applied application changes its version, there is no need to re-design detecting logic according to the changed version of the application. Development and maintenance costs can be reduced significantly. Further, since most operations and verifications as disclosed do not need to be implemented by the server, occupancy of server resources can be reduced, and system performance and user experience can be improved.

[00130] It should be noted that, in the present disclosure each embodiment is progressively described, i.e., each embodiment is described and focused on difference between embodiments.

Similar and/or the same portions between various embodiments can be referred to with each other. In addition, exemplary apparatus (e.g., a server) is described with respect to corresponding methods.

[00131] The disclosed methods, and/or apparatus can be implemented in a suitable computing environment. The disclosure can be described with reference to symbol(s) and step(s) performed by one or more computers, unless otherwise specified. Therefore, steps and/or implementations described herein can be described for one or more times and executed by computer(s). As used herein, the term "executed by computer(s)" includes an execution of a computer processing unit on electronic signals of data in a structured type. Such execution can convert data or maintain the data in a position in a memory system (or storage device) of the computer, which can be reconfigured to alter the execution of the computer as appreciated by those skilled in the art. The data structure maintained by the data includes a physical location in the memory, which has specific properties defined by the data format. However, the embodiments described herein are not limited. The steps and implementations described herein may be performed by hardware.

[00132] A person of ordinary skill in the art can understand that the modules included herein are described according to their functional logic, but are not limited to the above descriptions as long as the modules can implement corresponding functions. Further, the specific name of each functional module is used for distinguishing from on another without limiting the protection scope of the present disclosure.

[00133] As used herein, the term "module" can be software objects executed on a computing system. A variety of components described herein including elements, modules, units, engines, and services can be executed in the computing system. The apparatus, devices, and/or methods can be implemented in a software manner. Of course, the apparatus, devices, and/or methods can be implemented using hardware. All of which are within the scope of the present disclosure.

[00134] In various embodiments, the disclosed modules can be configured in one apparatus

(e.g., a processing unit) or configured in multiple apparatus as desired. The modules disclosed herein can be integrated in one module or in multiple modules. Each of the modules disclosed herein can be divided into one or more sub-modules, which can be recombined in any manner.

[00135] One of ordinary skill in the art would appreciate that suitable software and/or hardware (e.g., a universal hardware platform) may be included and used in the disclosed methods and systems. For example, the disclosed embodiments can be implemented by hardware only, which alternatively can be implemented by software products only. The software products can be stored in a computer-readable storage medium including, e.g., ROM/RAM, magnetic disk, optical disk, etc. The software products can include suitable commands to enable a terminal device (e.g., including a mobile phone, a personal computer, a server, or a network device, etc.) to implement the disclosed embodiments.

[00136] Note that, the term "comprising", "including" or any other variants thereof are intended to cover a non-exclusive inclusion, such that the process, method, article, or apparatus containing a number of elements also include not only those elements, but also other elements that are not expressly listed; or further include inherent elements of the process, method, article or apparatus. Without further restrictions, the statement "includes a " does not exclude other elements included in the process, method, article, or apparatus having those elements.

[00137] The embodiments disclosed herein are exemplary only. Other applications, advantages, alternations, modifications, or equivalents to the disclosed embodiments are obvious to those skilled in the art and are intended to be encompassed within the scope of the present disclosure.

INDUSTRIAL APPLICABILITY AND ADVANTAGEOUS EFFECTS

[00138] Without limiting the scope of any claim and/or the specification, examples of industrial applicability and certain advantageous effects of the disclosed embodiments are listed for illustrative purposes. Various alternations, modifications, or equivalents to the technical solutions of the disclosed embodiments can be obvious to those skilled in the art and can be included in this disclosure.

[00139] In the disclosed methods, apparatus and system of detecting data security, data for detection are acquired. Whether the data for detection are to be updated for a first time is determined. When the data for detection are to be updated for the first time, the data for detection can be updated to obtain updated data for detection, which can then be encrypted to provide first encrypted data. The first encrypted data can be stored. When the data for detection are not to be updated for the first time, an original value of the data for detection can be acquired and encrypted to provide second encrypted data. The second encrypted data are compared with the stored first encrypted data. When the second encrypted data do not equal to the first encrypted data, then the data that are not to be updated for the first time can be determined having been unauthorizedly modified.

[00140] The disclosed methods, apparatus and system are simple to be implemented without relying on specific logical of a certain application (e.g. a game). Indeed, the disclosed method can be applied and generalized to any applications. For example, even if the applied application changes its version, there is no need to re-design detecting logic according to the changed version of the application. Development and maintenance costs can be reduced significantly. Further, since most operations and verifications as disclosed do not need to be implemented by the server, occupancy of server resources can be reduced, and system performance and user experience can be improved.

REFERENCE SIGN LIST

Acquiring unit 401

Determining unit 402

First processing unit 403

Second processing unit 404

RF (Radio Frequency) circuit 501

Memory device 502

Input unit 503

Display unit 504

Sensor 505

Audio circuit 506

WIFI (Wireless Fidelity) module 507

Processor 508

Power supply 509

Environment 600

Communication network 602

Server 604

Terminal 606