CN102426637B - A kind of embedded database cryptographic storage method - Google Patents
A kind of embedded database cryptographic storage method Download PDFInfo
- Publication number
- CN102426637B CN102426637B CN201110339485.3A CN201110339485A CN102426637B CN 102426637 B CN102426637 B CN 102426637B CN 201110339485 A CN201110339485 A CN 201110339485A CN 102426637 B CN102426637 B CN 102426637B
- Authority
- CN
- China
- Prior art keywords
- encryption
- pattern
- database
- cryptographic storage
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000012795 verification Methods 0.000 claims description 4
- 230000002708 enhancing effect Effects 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 44
- 238000004590 computer program Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of embedded database cryptographic storage method, at least comprise following steps: during initialization data storehouse, specify cryptographic storage pattern, described cryptographic storage pattern comprises not encryption mode, Custom Encryption pattern and default encryption pattern; When being appointed as described Custom Encryption pattern, by User Defined encryption function and decryption function.The present invention is the cryptographic storage scheme that embedded database provides complete set, user selects both providing basic default encryption pattern during data encryption, further provide the interface of the User Defined encryption and decryption function of enhancing and extended pattern, achieve the multilayer flexible configuration of cryptographic storage.
Description
Technical field
The present invention relates to a kind of easily extensible cryptographic storage method being applied to embedded database storage encryption, belong to database storage techniques field.
Background technology
Embedded database conventional in prior art is as SQLite, eXtremDB etc., and data file generally stores on a storage medium with plaintext version.But this storage mode also exists very large potential safety hazard, without the data file of encryption once by unauthorized access or accidentally lose, the safety of data just has no guarantee and can say.
Meanwhile, for the embedded database having basic cryptographic algorithm to store, the different demands that some pays much attention to the client of security sometimes cannot be met.Therefore, be necessary outside basic cryptographic algorithm, provide the cryptographic algorithm of the greater strength can developed for user's choice for use oneself, to realize the flexible switching between basic cryptographic algorithm and User Defined cryptographic algorithm.
In the master thesis " safety research of embedded database SQLite " (Kunming University of Science and Technology authorizes for 2010) of Liu Lin, by the research to frequently-used data storehouse security strategy, successfully safety practice is achieved to embedded database SQLite.By encryption, make the storage content of embedded database become ciphertext, thus the loss caused because storage medium is stolen or lose can be reduced.
Summary of the invention
In order to meet user for the more and more higher cryptographic storage requirement of embedded database data file, and switching flexibly between basic cryptographic algorithm and User Defined cryptographic algorithm, the present invention proposes a kind of embedded database cryptographic storage method.
For realizing above-mentioned goal of the invention, the present invention adopts following technical scheme:
A kind of embedded database cryptographic storage method, at least comprises following steps:
During initialization data storehouse, specify cryptographic storage pattern, described cryptographic storage pattern comprises not encryption mode, Custom Encryption pattern and default encryption pattern;
When being appointed as described Custom Encryption pattern, by User Defined encryption function and decryption function.
Wherein, when specifying cryptographic storage pattern to be described not encryption mode, database stores data with plaintext version; When specify cryptographic storage pattern be described Custom Encryption pattern or described default encryption pattern time, database stores data with ciphertext form.
When specifying cryptographic storage pattern to be described Custom Encryption pattern, need checking encryption function and decryption function before again opening database, if this encryption function and decryption function are by possessing the user-defined of authority and being verified, then database is opened.
The described user possessing authority is registered user.
When specifying cryptographic storage pattern to be described default encryption pattern, need checking encryption function and decryption function before again opening database, as this encryption function and deciphering function validates are passed through, then database is opened.
Concrete verification method is, when specify cryptographic storage pattern be described Custom Encryption pattern or described default encryption pattern time, a standard plaintext and a standard ciphertext is preserved in database, described standard ciphertext is expressly generated through specifying the encryption function adopted in cryptographic storage pattern to encrypt by described standard, before again opening database, use after specifying cryptographic storage pattern to be expressly encrypted operation to described standard and the described standard ciphertext of preserving in database contrasts, the two is unanimously then verified.
Use the embedded database easily extensible cryptographic storage scheme in the present invention, not only can realize the high strength encrypting of data file, and there is the dirigibility of Choice encryption algorithm, greatly improve the security of embedded database storage data, be also convenient to user and operate according to concrete encryption requirements.
Accompanying drawing explanation
Below in conjunction with accompanying drawing and instantiation, the present invention is described in further detail.
Fig. 1 is the encryption and decryption architectural schematic of embedded database in the present invention;
Fig. 2 is the encryption flow figure of embedded database in the present invention.
Embodiment
Figure 1 shows that the encryption and decryption architectural schematic of embedded database in the present invention.Memory mirror/buffer zone 100, security module 200, database file district 300 is comprised in database, according to the difference of encryption mode, encryption and decryption function in security module can be set as acquiescence encryption and decryption function and User Defined encryption and decryption function, use encryption function to complete encryption, decryption function completes deciphering.Meanwhile, what database can also provide the inspection of encryption and decryption function when opening the database file of the encryption existed and user key gives mechanism for change.
As shown in Figure 2, be the encryption flow figure of embedded database in the present invention.In this embodiment, embedded database cryptographic storage method at least comprises following steps:
Step S10, initialization data storehouse.
Step S11, specifies encryption mode.During initialization data storehouse, database can point out user to specify cryptographic storage pattern, and cryptographic storage pattern comprises not encryption mode, Custom Encryption pattern and default encryption pattern;
Step S12, definition encryption function, decryption function.When user is appointed as Custom Encryption pattern, next need by User Defined encryption function and decryption function.If User Defined encryption function and decryption function, need before so again opening database to verify this encryption function and decryption function, if this encryption function and decryption function are by possessing the user-defined of authority and being verified, then database is opened.Otherwise database can not be opened.
When user be appointed as not encryption mode time, data store do not encrypt.
When user is appointed as default encryption pattern, data store and encrypt in the mode of system default.
That is, not under encryption mode, database stores data with plaintext version; Under Custom Encryption pattern or default encryption pattern, database stores data with ciphertext form.
Step S20, opens database.
When specify cryptographic storage pattern be not encryption mode time, user opens database without the need to verifying.
When specifying cryptographic storage pattern to be default encryption pattern, the encryption function needing verification system to give tacit consent to before opening database and decryption function, as this encryption function and deciphering function validates are passed through, then database is opened.
When specifying cryptographic storage pattern to be Custom Encryption pattern, the authority verifying this encryption function and decryption function and user is needed before opening database, if this encryption function and decryption function are by possessing the user-defined of authority and being verified, then database is opened.In this embodiment, the user possessing authority is registered user.
The mode of checking encryption function and decryption function can be diversified.Such as, in this embodiment, concrete verification method is: when specify cryptographic storage pattern be described Custom Encryption pattern or described default encryption pattern time, a standard plaintext and a standard ciphertext is preserved in database, described standard ciphertext is expressly generated through specifying the encryption function adopted in cryptographic storage pattern to encrypt by described standard, before again opening database, use after specifying cryptographic storage pattern to be expressly encrypted operation to described standard and the described standard ciphertext of preserving in database contrasts, the two is unanimously then verified.
Similar, the validity of decryption function can also be detected.In addition, can also retain the ciphertext of the user key of current use in database file, it uses current encryption function of specifying and enterprise secret key to be encrypted operation to generate.
In sum, the present invention is a set of easily extensible cryptographic storage scheme being applicable to embedded database.Specifically, when data base initialize, can specify do not encrypt, default encryption pattern and User Defined encryption mode Three models.If be appointed as not encryption mode, then use clear-text way storing data files.If be appointed as default encryption pattern, then use the cryptographic algorithm data file encryption of acquiescence, with ciphertext form storing data files.If be appointed as User Defined encryption mode, then after initialization, must registered user's Custom Encryption function and decryption function, such Database Systems will use user-defined encryption function data file encryption, with ciphertext form storing data files.Like this, in an encrypted mode, both provided basic default encryption pattern, and further provided the registration interface of the User Defined encryption and decryption function of enhancing and extended pattern, thus achieve the multilayer flexible configuration of cryptographic storage.
Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disk memory and optical memory etc.) of computer usable program code.
Above embedded database cryptographic storage method provided by the present invention is described in detail.To those skilled in the art, to any apparent change that it does under the prerequisite not deviating from connotation of the present invention, all by formation to infringement of patent right of the present invention, corresponding legal liabilities will be born.
Claims (3)
1. an embedded database cryptographic storage method, is characterized in that comprising following steps:
During initialization data storehouse, specify cryptographic storage pattern, described cryptographic storage pattern comprises not encryption mode, Custom Encryption pattern and default encryption pattern;
When being appointed as described Custom Encryption pattern, by User Defined encryption function and decryption function; Described encryption function and enterprise secret key are encrypted the ciphertext operating the user key generating current use, and are kept in database file;
When specify cryptographic storage pattern be described Custom Encryption pattern or described default encryption pattern time, checking encryption function and decryption function is needed before again opening database, if this encryption function and decryption function are by possessing the user-defined of authority and being verified, then database is opened;
Verification method is: preserve a standard plaintext and a standard ciphertext in database, described standard ciphertext is expressly generated through specifying the encryption function adopted in cryptographic storage pattern to encrypt by described standard, before again opening database, use after specifying cryptographic storage pattern to be expressly encrypted operation to described standard and the described standard ciphertext of preserving in database contrasts, the two is unanimously then verified.
2. embedded database cryptographic storage method as claimed in claim 1, is characterized in that,
When specifying cryptographic storage pattern to be described not encryption mode, database stores data with plaintext version; When specify cryptographic storage pattern be described Custom Encryption pattern or described default encryption pattern time, database stores data with ciphertext form.
3. embedded database cryptographic storage method as claimed in claim 1, is characterized in that,
The described user possessing authority is registered user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110339485.3A CN102426637B (en) | 2011-11-01 | 2011-11-01 | A kind of embedded database cryptographic storage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110339485.3A CN102426637B (en) | 2011-11-01 | 2011-11-01 | A kind of embedded database cryptographic storage method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102426637A CN102426637A (en) | 2012-04-25 |
| CN102426637B true CN102426637B (en) | 2016-04-13 |
Family
ID=45960616
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110339485.3A Active CN102426637B (en) | 2011-11-01 | 2011-11-01 | A kind of embedded database cryptographic storage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102426637B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103106372B (en) * | 2013-01-17 | 2015-10-28 | 上海交通大学 | For lightweight privacy data encryption method and the system of android system |
| CN105389319A (en) * | 2014-09-09 | 2016-03-09 | 中兴通讯股份有限公司 | Database operation method and device |
| CN104679816B (en) * | 2014-12-17 | 2018-02-06 | 上海彩亿信息技术有限公司 | A kind of SQLITE database application methods under embedded system |
| CN105574429A (en) * | 2015-11-30 | 2016-05-11 | 东莞酷派软件技术有限公司 | Method, device and terminal for file data encryption and decryption processing |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1501263A (en) * | 2002-11-13 | 2004-06-02 | �������ʿƿƼ�����˾ | Method of actualizing safety data storage and algorithm storage in virtue of semiconductor memory device |
| CN101782910A (en) * | 2009-01-15 | 2010-07-21 | 盛冠商务咨询(上海)有限公司 | SQLite visual management method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005101231A1 (en) * | 2004-04-08 | 2005-10-27 | Quick Vault, Llc | Apparatus and method for backing up computer files |
-
2011
- 2011-11-01 CN CN201110339485.3A patent/CN102426637B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1501263A (en) * | 2002-11-13 | 2004-06-02 | �������ʿƿƼ�����˾ | Method of actualizing safety data storage and algorithm storage in virtue of semiconductor memory device |
| CN101782910A (en) * | 2009-01-15 | 2010-07-21 | 盛冠商务咨询(上海)有限公司 | SQLite visual management method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102426637A (en) | 2012-04-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105391840B (en) | Automatically create destination application | |
| CN103106372B (en) | For lightweight privacy data encryption method and the system of android system | |
| US9448949B2 (en) | Mobile data vault | |
| US9020149B1 (en) | Protected storage for cryptographic materials | |
| WO2019152201A1 (en) | Secure crypto system attributes | |
| WO2017041603A1 (en) | Data encryption method and apparatus, mobile terminal, and computer storage medium | |
| WO2020192406A1 (en) | Method and apparatus for data storage and verification | |
| CN104794388B (en) | application program access protection method and application program access protection device | |
| CN104090853A (en) | Solid-state disc encryption method and system | |
| Dmitrienko et al. | Secure free-floating car sharing for offline cars | |
| CN103067160A (en) | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) | |
| CN101582109A (en) | Data encryption method and device, data decryption method and device and solid state disk | |
| CN103914662A (en) | Access control method and device of file encrypting system on the basis of partitions | |
| CN102567688A (en) | File confidentiality keeping system and file confidentiality keeping method on Android operating system | |
| US20170111172A1 (en) | Method and system for encrypted data synchronization for secure data management | |
| US20150326402A1 (en) | Authentication Systems | |
| CN107508801A (en) | A kind of file tamper-proof method and device | |
| EP3292654B1 (en) | A security approach for storing credentials for offline use and copy-protected vault content in devices | |
| CN104333545A (en) | Method for encrypting cloud storage file data | |
| CN102426637B (en) | A kind of embedded database cryptographic storage method | |
| US8745375B2 (en) | Handling of the usage of software in a disconnected computing environment | |
| US8499357B1 (en) | Signing a library file to verify a callback function | |
| WO2015154469A1 (en) | Database operation method and device | |
| CN101795194B (en) | Method for protecting multi-digital certificate of intelligent card | |
| CN110855429A (en) | Software key protection method based on TPM |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 100102 201, 2 / F, 101, No. 5 building, No. 7 Rongda Road, Chaoyang District, Beijing Patentee after: China Electronics Technology Group Jincang (Beijing) Technology Co.,Ltd. Country or region after: China Address before: Room 601, Building 4, No. 8 Shangdi West Road, Haidian District, Beijing Patentee before: BEIJING KINGBASE INFORMATION TECHNOLOGIES Inc. Country or region before: China |