1# Data Reliability and Security Overview 2 3## Introduction 4 5During system running, a database fault may occur due to storage damage, insufficient storage space, file system permission, or system power-off. The database fault may cause data loss. For example, the database corruption of Contacts causes the loss of Contacts data. The data management subsystem provides the following solutions and capabilities to ensure data reliability and security: 6 7- Data backup and restoration: Critical data (such as the bank information) can be backed up and restored from the backup to prevent data loss. 8 9- Database encryption: The database that stores sensitive information, such as authentication credentials and financial data, can be encrypted to improve data security. 10 11- Access control by device and data level: The access to data across devices is controlled based on the device security level and data security labels. 12 13In addition, the backup database is stored in the application sandbox. When the storage space is insufficient, you can delete the local database backup to release space. 14 15 16## Basic Concepts 17 18Before developing functions related to data reliability and security, understand the following concepts. 19 20 21### Database Backup and Restoration 22 23- Database backup: OpenHarmony provides full backup of database files. 24 When backing up a database, you only need to invoke the backup API of the database, without closing the database. 25 26- Database restoration: You can restore a database from a database backup file. 27 28 29### Database Encryption 30 31The entire database file can be encrypted to enhance the database security. 32 33 34### Data Rating 35 36In distributed scenarios, the access to data is controlled based on the device security level and data security labels. 37 38A higher data security label and device security level indicate stricter encryption and access control measures and higher data security. 39 40 41## Working Principles 42 43 44### Database Backup and Restoration Mechanism 45 46The data of a database is backed up to the specified file. Subsequent operations on the database do not affect the backup file. The database is overwritten by the specified backup file only when a restoration is performed. 47 48- KV store backup directory: **/data/service/el1(el2)/public/database/...{appId}/kvdb/backup/...{storeId}** 49 50- RDB store backup directory: **/data/app/el1(el2)/100/database/...{bundlename}/rdb** 51 52 53### Database Encryption Mechanism 54 55When encrypting a database, you do not need to pass in the key for encryption. The only thing you need to do is set the database encryption status. The system automatically calls the [HUKS APIs](../reference/apis/js-apis-huks.md) to generate a key and encrypt the database. 56 57 58## Constraints 59 60- The database encryption key is automatically changed once a year. 61 62- A maximum of five backup files can be retained for a KV store. 63 64- Automatic backup of a KV store must be performed when the device is charging and the screen is off. 65