[go: up one dir, main page]

CN106446196A - Self-controllable database data encryption retrieval method and system based on random salt - Google Patents

Self-controllable database data encryption retrieval method and system based on random salt Download PDF

Info

Publication number
CN106446196A
CN106446196A CN201610866064.9A CN201610866064A CN106446196A CN 106446196 A CN106446196 A CN 106446196A CN 201610866064 A CN201610866064 A CN 201610866064A CN 106446196 A CN106446196 A CN 106446196A
Authority
CN
China
Prior art keywords
database
data
plaintext
encryption
field
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610866064.9A
Other languages
Chinese (zh)
Inventor
杨利兵
王艳
缪燕
刘红超
刘浩
张学深
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Beijing Xuji Electric Co Ltd
Original Assignee
State Grid Corp of China SGCC
Beijing Xuji Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Beijing Xuji Electric Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201610866064.9A priority Critical patent/CN106446196A/en
Publication of CN106446196A publication Critical patent/CN106446196A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides an autonomous controllable database data encryption and retrieval method and system based on random salt. The system comprises a database internal processing subsystem and a data encryption subsystem. The database internal processing subsystem comprises an external interface calling module for calling the database encryption subsystem to encrypt/decrypt data, a database view decryption calling module for encrypting a plaintext database, a database trigger encryption calling module for encrypting the data when the data in the database calls a trigger, and an extension index interface encryption indexing module for generating indexes for the encrypted data. The data encryption subsystem comprises a strategy management module, a data encryption module and a data decryption module.

Description

基于随机盐的自主可控数据库数据加密检索方法和系统Self-controllable database data encryption retrieval method and system based on random salt

技术领域technical field

本发明属于涉及信息安全技术领域,尤其涉及一种基于随机盐的自主可控数据库数据加密检索方法和系统。The invention belongs to the technical field of information security, in particular to a random salt-based self-controllable database data encryption retrieval method and system.

背景技术Background technique

随着信息技术的在广泛的运用,越来越多的重要数据以电子化的形式存储和处理,而这种数据的存储和处理方式虽然能够提高便利性,但是却很容易导致数据被窃取和篡改。而现有技术中窃取和篡改数据最常见的方式是攻击数据库,因此如何同时保障数据库的安全和数据库的工作效率是当前的一个主要研究方向。这是由于:解决数据库安全性能最有效的问题方法就是对数据库中存储的数据进行加密;但是一旦对所有数据都进行加密后就很难进行有效的检索,导致数据库的工作效率急剧下降。With the widespread use of information technology, more and more important data are stored and processed electronically. Although this data storage and processing method can improve convenience, it is easy to lead to data theft and tamper. In the prior art, the most common way to steal and tamper with data is to attack the database, so how to ensure the security of the database and the working efficiency of the database at the same time is a main research direction at present. This is because: the most effective way to solve the problem of database security performance is to encrypt the data stored in the database; but once all data is encrypted, it is difficult to perform effective retrieval, resulting in a sharp decline in the work efficiency of the database.

发明内容Contents of the invention

针对现有技术中存在数据库很难同时保证数据的安全性和易用性的问题,本发明要解决的技术问题是提供一种更为有效且高效的基于随机盐的自主可控数据库数据加密检索方法和系统,以解决数据库的数据泄密问题、加密数据检索问题、数据库性能问题。Aiming at the problem in the prior art that it is difficult for the database to ensure data security and usability at the same time, the technical problem to be solved by the present invention is to provide a more effective and efficient self-controllable database data encryption retrieval based on random salt Methods and systems to solve data leakage problems, encrypted data retrieval problems, and database performance problems of databases.

为了解决上述问题,本发明实施例提出了一种基于随机盐的自主可控数据库数据加密检索系统,包括:数据库内部处理子系统和数据加密子系统;In order to solve the above problems, the embodiment of the present invention proposes an autonomous and controllable database data encryption retrieval system based on random salt, including: database internal processing subsystem and data encryption subsystem;

其中所述数据库内部处理子系统包括:用于调用所述数据加密子系统以对数据进行加密/解密的外部接口调用模块、用于对明文数据库表进行加密处理的数据库视图解密调用模块、用于在数据库中的数据调用触发器时对所述数据进行加密的数据库触发器加密调用模块、用于对加密数据生成索引的扩展索引接口加密索引模块;其中,Wherein the internal processing subsystem of the database includes: an external interface calling module for calling the data encryption subsystem to encrypt/decrypt data, a database view decryption calling module for encrypting plaintext database tables, A database trigger encryption call module for encrypting the data when the data in the database calls the trigger, and an extended index interface encryption index module for generating an index on the encrypted data; wherein,

数据库视图解密调用模块,用于将明文数据库表复制到预设位置,并重命名该明文数据库表且建立与该明文数据库表同名的视图,并将该明文数据库表中需要加密的明文字段发送到所述数据加密子系统,并将所述明文字段替换为所述数据加密子系统确定的与所述明文字段对应的屏蔽字段,并将该明文字段内的数据替换为加密后的数据;The database view decryption calling module is used to copy the plaintext database table to a preset location, rename the plaintext database table and establish a view with the same name as the plaintext database table, and send the plaintext fields that need to be encrypted in the plaintext database table to the The data encryption subsystem, and replace the plaintext field with the mask field corresponding to the plaintext field determined by the data encryption subsystem, and replace the data in the plaintext field with encrypted data;

扩展索引接口加密索引模块,用于判断待查询的字段是否为加密字段,如果不是加密字段,则利用数据库的bitmap scan扩展检索接口执行视图查询后,将视图发送到数据加密子系统进行解密处理;如果是加密字段,则根据数据加密子系统中存储的明文字段与屏蔽字段之间的对应关系确定明文数据库中的屏蔽字段,并将该明文数据库中的明文字段的列中的数据进行解密处理;The extended index interface encryption index module is used to judge whether the field to be queried is an encrypted field. If it is not an encrypted field, use the bitmap scan extended search interface of the database to execute the view query, and then send the view to the data encryption subsystem for decryption processing; If it is an encrypted field, then determine the masked field in the plaintext database according to the corresponding relationship between the plaintext field and the masked field stored in the data encryption subsystem, and decrypt the data in the column of the plaintext field in the plaintext database;

其中所述数据加密子系统包括:Wherein said data encryption subsystem includes:

策略管理模块,用于提供登录界面以使用户输入加密策略,其中所述加密策略至少包括以下的至少一种:需要加密的明文字段、是否保存明文数据库表;A policy management module, configured to provide a login interface for users to input an encryption policy, wherein the encryption policy includes at least one of the following: plaintext fields that need to be encrypted, whether to save plaintext database tables;

数据加密模块,用于根据接收到的数据库内部处理子系统的指令,对数据库中需要加密的明文字段更换为屏蔽字段,且将明文字段与屏蔽字段之间的对应关系进行存储;还用于通过MD5加随机盐的算法对明文字段的列中的数据进行加密;The data encryption module is used to replace the plaintext fields in the database that need to be encrypted with shielded fields according to the received instructions of the internal processing subsystem of the database, and store the corresponding relationship between the plaintext fields and the shielded fields; The MD5 plus random salt algorithm encrypts the data in the column of the plaintext field;

数据解密模块,用于根据接收到的数据库内部处理子系统的指令,对数据库中加密的数据进行解密。The data decryption module is used for decrypting the encrypted data in the database according to the received instruction of the internal processing subsystem of the database.

其中,所述数据加密子系统还包括:Wherein, the data encryption subsystem also includes:

权限管理模块,用于对登录账号密码进行认证和对加密/解密权限进行管理;其中所述权限管理模块采用RSA非对称加密算法或者外接数字证书接口认证方式对登录账号密码进行认证。The authority management module is used to authenticate the login account password and manage the encryption/decryption authority; wherein the authority management module uses the RSA asymmetric encryption algorithm or an external digital certificate interface authentication method to authenticate the login account password.

其中,所述数据库内部处理子系统还包括用于在对明文数据库表进行更改时对数据进行加密的数据库触发器加密调用模块,所述数据库触发器加密调用模块用于判断数据库是否调用了触发器,如果是则调用数据加密子系统对数据进行加密。Wherein, the database internal processing subsystem also includes a database trigger encryption call module for encrypting data when the plaintext database table is changed, and the database trigger encryption call module is used to determine whether the database has called a trigger , if yes, call the data encryption subsystem to encrypt the data.

同时,本发明实施例还提出了一种基于随机盐的自主可控数据库数据加密检索方法,包括:At the same time, the embodiment of the present invention also proposes an autonomous and controllable database data encryption retrieval method based on random salt, including:

明文数据库表处理步骤,用于将明文数据库表复制到预设位置,并重命名该明文数据库表且建立与该明文数据库表同名的视图,并将该明文数据库表中需要加密的明文字段发送到所述数据加密子系统,并将所述明文字段替换为所述数据加密子系统确定的与所述明文字段对应的屏蔽字段,并将该明文字段内的数据替换为加密后的数据;The plaintext database table processing step is used to copy the plaintext database table to a preset location, rename the plaintext database table and establish a view with the same name as the plaintext database table, and send the plaintext fields that need to be encrypted in the plaintext database table to all The data encryption subsystem, and replace the plaintext field with the mask field corresponding to the plaintext field determined by the data encryption subsystem, and replace the data in the plaintext field with encrypted data;

检索步骤,用于判断待查询的字段是否为加密字段,如果不是加密字段,则利用数据库的bitmap scan扩展检索接口执行视图查询后,将视图发送到数据加密子系统进行解密处理;如果是加密字段,则根据数据加密子系统中存储的明文字段与屏蔽字段之间的对应关系确定明文数据库中的屏蔽字段,并将该明文数据库中的屏蔽字段列中的数据进行解密处理;The retrieval step is used to determine whether the field to be queried is an encrypted field. If it is not an encrypted field, use the bitmap scan extended retrieval interface of the database to execute the view query, and then send the view to the data encryption subsystem for decryption processing; if it is an encrypted field , then determine the masked field in the plaintext database according to the corresponding relationship between the plaintext field and the masked field stored in the data encryption subsystem, and decrypt the data in the masked field column in the plaintext database;

触发器加密调用步骤,本功能模块的主要功能是判断是否调用触发器,当调用触发器时,由触发器调用加解密软件的加密模块对数据进行加密。The trigger encryption call step, the main function of this function module is to judge whether to call the trigger, when the trigger is called, the trigger calls the encryption module of the encryption and decryption software to encrypt the data.

策略管理步骤,用于提供登录界面以使用户输入加密策略,其中所述加密策略至少包括以下的至少一种:需要加密的明文字段、是否保存明文数据库表;The policy management step is used to provide a login interface for users to input an encryption policy, wherein the encryption policy includes at least one of the following: plaintext fields that need to be encrypted, whether to save plaintext database tables;

数据加密步骤,用于根据接收到的数据库内部处理子系统的指令,对数据库中需要加密的明文字段更换为屏蔽字段,且将明文字段与屏蔽字段之间的对应关系进行存储;还用于通过MD5加随机盐的算法对明文字段的列中的数据进行加密;The data encryption step is used to replace the plaintext fields in the database that need to be encrypted with shielded fields according to the received instructions of the internal processing subsystem of the database, and store the corresponding relationship between the plaintext fields and the shielded fields; The MD5 plus random salt algorithm encrypts the data in the column of the plaintext field;

数据解密步骤,用于根据接收到的数据库内部处理子系统的指令,对数据库中加密的数据进行解密。The data decryption step is used to decrypt the encrypted data in the database according to the received instruction of the internal processing subsystem of the database.

其中所述方法还包括:Wherein said method also comprises:

登录认证管理模块,用于对登录账号密码进行认证和对加密/解密权限进行管理;其中所述权限管理模块采用RSA非对称加密算法或者外接数字证书接口认证方式对登录账号密码进行认证。The login authentication management module is used to authenticate the login account password and manage the encryption/decryption authority; wherein the authority management module uses the RSA asymmetric encryption algorithm or an external digital certificate interface authentication method to authenticate the login account password.

本发明的上述技术方案的有益效果如下:本发明实施例提出了一种基于随机盐的自主可控数据库数据加密检索方法和系统,能够对明文数据库表的预设字段进行屏蔽处理,并对该预设字段列内的数据进行加密。同时在检索时又可以快速的根据屏蔽字段获取对应的明文字段,并对该明文字列内的数据进行解密。上述方案能够兼顾安全性和检索效果。The beneficial effects of the above-mentioned technical solution of the present invention are as follows: the embodiment of the present invention proposes an autonomously controllable database data encryption retrieval method and system based on random salt, which can shield the preset fields of the plaintext database table, and The data in the default field column is encrypted. At the same time, the corresponding plaintext field can be quickly obtained according to the shielded field during retrieval, and the data in the plaintext string can be decrypted. The above scheme can take both security and retrieval effect into consideration.

附图说明Description of drawings

图1为本发明实施例的系统结构拓扑图。Fig. 1 is a system structure topology diagram of an embodiment of the present invention.

具体实施方式detailed description

为使本发明要解决的技术问题、技术方案和优点更加清楚,下面将结合附图及具体实施例进行详细描述。In order to make the technical problems, technical solutions and advantages to be solved by the present invention clearer, the following will describe in detail with reference to the drawings and specific embodiments.

本发明实施例提出了一种基于随机盐的自主可控数据库数据加密检索系统,包括:数据库内部处理子系统和数据加密子系统;The embodiment of the present invention proposes an autonomous and controllable database data encryption retrieval system based on random salt, including: a database internal processing subsystem and a data encryption subsystem;

其中所述数据库内部处理子系统包括:用于调用所述数据加密子系统以对数据进行加密/解密的外部接口调用模块、用于对明文数据库表进行加密处理的数据库视图解密调用模块、用于在数据库中的数据调用触发器时对所述数据进行加密的数据库触发器加密调用模块、用于对加密数据生成索引的扩展索引接口加密索引模块;其中,Wherein the internal processing subsystem of the database includes: an external interface calling module for calling the data encryption subsystem to encrypt/decrypt data, a database view decryption calling module for encrypting plaintext database tables, A database trigger encryption call module for encrypting the data when the data in the database calls the trigger, and an extended index interface encryption index module for generating an index on the encrypted data; wherein,

数据库视图解密调用模块,用于将明文数据库表复制到预设位置,并重命名该明文数据库表且建立与该明文数据库表同名的视图,并将该明文数据库表中需要加密的明文字段发送到所述数据加密子系统,并将所述明文字段替换为所述数据加密子系统确定的与所述明文字段对应的屏蔽字段,并将该明文字段内的数据替换为加密后的数据;The database view decryption calling module is used to copy the plaintext database table to a preset location, rename the plaintext database table and establish a view with the same name as the plaintext database table, and send the plaintext fields that need to be encrypted in the plaintext database table to the The data encryption subsystem, and replace the plaintext field with the mask field corresponding to the plaintext field determined by the data encryption subsystem, and replace the data in the plaintext field with encrypted data;

扩展索引接口加密索引模块,用于判断待查询的字段是否为加密字段,如果不是加密字段,则利用数据库的bitmap scan扩展检索接口执行视图查询后,将视图发送到数据加密子系统进行解密处理;如果是加密字段,则根据数据加密子系统中存储的明文字段与屏蔽字段之间的对应关系确定明文数据库中的屏蔽字段,并将该明文数据库中的明文字段的列中的数据进行解密处理;The extended index interface encryption index module is used to judge whether the field to be queried is an encrypted field. If it is not an encrypted field, use the bitmap scan extended search interface of the database to execute the view query, and then send the view to the data encryption subsystem for decryption processing; If it is an encrypted field, then determine the masked field in the plaintext database according to the corresponding relationship between the plaintext field and the masked field stored in the data encryption subsystem, and decrypt the data in the column of the plaintext field in the plaintext database;

其中所述数据加密子系统包括:Wherein said data encryption subsystem includes:

策略管理模块,用于提供登录界面以使用户输入加密策略,其中所述加密策略至少包括以下的至少一种:需要加密的明文字段、是否保存明文数据库表;A policy management module, configured to provide a login interface for users to input an encryption policy, wherein the encryption policy includes at least one of the following: plaintext fields that need to be encrypted, whether to save plaintext database tables;

数据加密模块,用于根据接收到的数据库内部处理子系统的指令,对数据库中需要加密的明文字段更换为屏蔽字段,且将明文字段与屏蔽字段之间的对应关系进行存储;还用于通过MD5加随机盐的算法对明文字段的列中的数据进行加密;The data encryption module is used to replace the plaintext fields in the database that need to be encrypted with shielded fields according to the received instructions of the internal processing subsystem of the database, and store the corresponding relationship between the plaintext fields and the shielded fields; The MD5 plus random salt algorithm encrypts the data in the column of the plaintext field;

数据解密模块,用于根据接收到的数据库内部处理子系统的指令,对数据库中加密的数据进行解密。The data decryption module is used for decrypting the encrypted data in the database according to the received instruction of the internal processing subsystem of the database.

其中,所述数据加密子系统还包括:Wherein, the data encryption subsystem also includes:

权限管理模块,用于对登录账号密码进行认证和对加密/解密权限进行管理;其中所述权限管理模块采用RSA非对称加密算法或者外接数字证书接口认证方式对登录账号密码进行认证。The authority management module is used to authenticate the login account password and manage the encryption/decryption authority; wherein the authority management module uses the RSA asymmetric encryption algorithm or an external digital certificate interface authentication method to authenticate the login account password.

其中,所述数据库内部处理子系统还包括用于在对明文数据库表进行更改时对数据进行加密的数据库触发器加密调用模块,所述数据库触发器加密调用模块用于判断数据库是否调用了触发器,如果是则调用数据加密子系统对数据进行加密。Wherein, the database internal processing subsystem also includes a database trigger encryption call module for encrypting data when the plaintext database table is changed, and the database trigger encryption call module is used to determine whether the database has called a trigger , if yes, call the data encryption subsystem to encrypt the data.

同时,本发明实施例还提出了一种基于随机盐的自主可控数据库数据加密检索方法,包括:At the same time, the embodiment of the present invention also proposes an autonomous and controllable database data encryption retrieval method based on random salt, including:

明文数据库表处理步骤,用于将明文数据库表复制到预设位置,并重命名该明文数据库表且建立与该明文数据库表同名的视图,并将该明文数据库表中需要加密的明文字段发送到所述数据加密子系统,并将所述明文字段替换为所述数据加密子系统确定的与所述明文字段对应的屏蔽字段,并将该明文字段内的数据替换为加密后的数据;The plaintext database table processing step is used to copy the plaintext database table to a preset location, rename the plaintext database table and establish a view with the same name as the plaintext database table, and send the plaintext fields that need to be encrypted in the plaintext database table to all The data encryption subsystem, and replace the plaintext field with the mask field corresponding to the plaintext field determined by the data encryption subsystem, and replace the data in the plaintext field with encrypted data;

检索步骤,用于判断待查询的字段是否为加密字段,如果不是加密字段,则利用数据库的bitmap scan扩展检索接口执行视图查询后,将视图发送到数据加密子系统进行解密处理;如果是加密字段,则根据数据加密子系统中存储的明文字段与屏蔽字段之间的对应关系确定明文数据库中的屏蔽字段,并将该明文数据库中的屏蔽字段列中的数据进行解密处理;The retrieval step is used to determine whether the field to be queried is an encrypted field. If it is not an encrypted field, use the bitmap scan extended retrieval interface of the database to execute the view query, and then send the view to the data encryption subsystem for decryption processing; if it is an encrypted field , then determine the masked field in the plaintext database according to the corresponding relationship between the plaintext field and the masked field stored in the data encryption subsystem, and decrypt the data in the masked field column in the plaintext database;

触发器加密调用步骤,本功能模块的主要功能是判断是否调用触发器,当调用触发器时,由触发器调用加解密软件的加密模块对数据进行加密。The trigger encryption call step, the main function of this function module is to judge whether to call the trigger, when the trigger is called, the trigger calls the encryption module of the encryption and decryption software to encrypt the data.

策略管理步骤,用于提供登录界面以使用户输入加密策略,其中所述加密策略至少包括以下的至少一种:需要加密的明文字段、是否保存明文数据库表;The policy management step is used to provide a login interface for users to input an encryption policy, wherein the encryption policy includes at least one of the following: plaintext fields that need to be encrypted, whether to save plaintext database tables;

数据加密步骤,用于根据接收到的数据库内部处理子系统的指令,对数据库中需要加密的明文字段更换为屏蔽字段,且将明文字段与屏蔽字段之间的对应关系进行存储;还用于通过MD5加随机盐的算法对明文字段的列中的数据进行加密;The data encryption step is used to replace the plaintext fields in the database that need to be encrypted with shielded fields according to the received instructions of the internal processing subsystem of the database, and store the corresponding relationship between the plaintext fields and the shielded fields; The MD5 plus random salt algorithm encrypts the data in the column of the plaintext field;

数据解密步骤,用于根据接收到的数据库内部处理子系统的指令,对数据库中加密的数据进行解密。The data decryption step is used to decrypt the encrypted data in the database according to the received instruction of the internal processing subsystem of the database.

其中所述方法还包括:Wherein said method also comprises:

登录认证管理模块,用于对登录账号密码进行认证和对加密/解密权限进行管理;其中所述权限管理模块采用RSA非对称加密算法或者外接数字证书接口认证方式对登录账号密码进行认证。The login authentication management module is used to authenticate the login account password and manage the encryption/decryption authority; wherein the authority management module uses the RSA asymmetric encryption algorithm or an external digital certificate interface authentication method to authenticate the login account password.

如图1所示的,下面以一个具体的例子进行说明,在本例子中使用现有的面向企业级应用的分析型数据库管理软件,该软件是以先进的开源数据库PostgreSQL为核心进行二次开发和封装而成,集成易学、易用、好用的管理界面和辅助工具,满足电力行业对数据库软件产品要求的稳定性、安全性和简敏性。在保证管理软件的安全性、高可用性和扩展性的同时,开发团队尽量降低软件的整体成本,增强软件的易用性。该数据库管理软件根据处理流程以及功能划分,将管理系统划分为连接管理系统、编译执行系统、存储管理系统、事务管理系统、系统表五大部分组成。当然,这只是举例说明,本领域内技术人员可以理解本发明实施例的方法可以使用在任何数据库管理软件中。As shown in Figure 1, a specific example will be used to illustrate the following. In this example, the existing analytical database management software for enterprise-level applications is used. The software uses the advanced open source database PostgreSQL as the core for secondary development. It integrates easy-to-learn, easy-to-use, and easy-to-use management interfaces and auxiliary tools to meet the stability, security, and simplicity required by the power industry for database software products. While ensuring the security, high availability and scalability of the management software, the development team tries to reduce the overall cost of the software and enhance the ease of use of the software. According to the processing flow and function division, the database management software divides the management system into five parts: connection management system, compilation and execution system, storage management system, transaction management system, and system table. Of course, this is just an example, and those skilled in the art can understand that the method of the embodiment of the present invention can be used in any database management software.

在本例子中,通过修改数据库管理系统(DBMS)的内核来调用数据库管理软件外置的加解密软件实现对数据库的加解密检索等功能。此发明加密功能强,不影响数据库管理系统(DBMS)正常使用,实现加解密技术和数据库管理系统完美无缝的结合。In this example, by modifying the kernel of the database management system (DBMS) to call the encryption and decryption software external to the database management software to realize functions such as encryption, decryption and retrieval of the database. The invention has a strong encryption function, does not affect the normal use of the database management system (DBMS), and realizes the perfect and seamless combination of the encryption and decryption technology and the database management system.

数据库管理软件部分:其是在现有的数据库管理系统的基础上,修改数据库的内核来支持数据库加解密软件的调用。Database management software part: it modifies the kernel of the database to support the call of the database encryption and decryption software on the basis of the existing database management system.

数据库视图解密调用模块:Database view decryption call module:

数据库管理系统(DBMS)的视图是一个虚表,对数据库的操作,系统需要根据视图定义操作和视图相关联的基表。充分利用数据库视图的原理对实现对表内加密数据的过滤、投影、聚集、关联和函数运算。The view of the database management system (DBMS) is a virtual table. For the operation of the database, the system needs to define the base table associated with the operation and the view according to the view definition. Make full use of the principle of the database view to realize the filtering, projection, aggregation, association and function operation of the encrypted data in the table.

该模块的主要的功能是当判断出用户的加密数据需要明文备份时,把明文数据表复制到指定的路径,重名命名表,建立和表同名的视图,调用触发器的加密调用模块进行数据加密处理。当判断用户明文数据,不需要明文备份的时候,直接重命名表,建立和表同名的视图,在视图内调用外置的加解密软件的解密模块对数据进行解密。可以实现对数据库表的某个字段加密。The main function of this module is to copy the plaintext data table to the specified path when it is judged that the encrypted data of the user needs to be backed up in plaintext, rename the table, create a view with the same name as the table, and call the encrypted call module of the trigger to perform data backup. Encryption processing. When it is judged that the plaintext data of the user does not need plaintext backup, directly rename the table, create a view with the same name as the table, and call the decryption module of the external encryption and decryption software in the view to decrypt the data. Encryption of a field in a database table can be achieved.

数据库触发器加密调用模块:Database trigger encryption call module:

本功能模块的主要功能是判断是否调用触发器,当调用触发器时,由触发器调用加解密软件的加密模块对数据进行加密。数据库的触发器是数据库操作发生时被自动调用的函数。对于“BEFORE”和“INSTEAD OF”这类行级别的触发器进行判断,当返回的结果是NULL时,则表示忽略对当前行的操作,如果是返回非NULL的行,对于INSERT、UPDATE操作,触发器调用加解密软件的加密模块对数据进行加密。The main function of this functional module is to judge whether to call the trigger. When the trigger is called, the trigger calls the encryption module of the encryption and decryption software to encrypt the data. A database trigger is a function that is called automatically when a database operation occurs. For row-level triggers such as "BEFORE" and "INSTEAD OF", when the returned result is NULL, it means that the operation on the current row is ignored. If the row returns non-NULL, for INSERT and UPDATE operations, The trigger invokes the encryption module of the encryption and decryption software to encrypt the data.

扩展索引接口加密索引模块Extended Index Interface Encrypted Index Module

数据库管理系统(DBMS)扩展索引接口加密索引模块执行对加密数据索引。数据库管理系统(DBMS)有五类索引,最常用的索引是B-tree,Index Scan是从头到位遍历整张数据表的所有行,从头到尾,因此在数据量很大时效率并不是很高;bitmap scan一次性将满足条件的索引项全部取出,并在内存中进行排序,然后根据取出的索引项访问表数据。本专利采用bitmap scan机进行加密检索。自行编写索引在Create Index、Insert、Delete、Update语句执行、以及bitmap scan执行的相应处理代码。通过该机制,可以使用自定义的扩展加密索引,该索引对加密数据进行检索时,由于bitmap scan一次性将满足条件的索引项全部取出,并在内存中进行排序,解决了加密后数据检索的难题,大幅度提升了密文检索的效率。The database management system (DBMS) extended index interface encryption index module performs indexing on encrypted data. There are five types of indexes in the database management system (DBMS). The most commonly used index is B-tree. Index Scan traverses all the rows of the entire data table from beginning to end, so the efficiency is not very high when the amount of data is large. ;bitmap scan takes out all the index items that meet the conditions at one time, sorts them in memory, and then accesses the table data according to the index items taken out. This patent uses a bitmap scan machine for encrypted retrieval. Write the corresponding processing code for the execution of the index in the Create Index, Insert, Delete, Update statements, and bitmap scan execution. Through this mechanism, you can use a custom extended encryption index. When the index retrieves encrypted data, because the bitmap scan takes out all the index items that meet the conditions at one time and sorts them in memory, it solves the problem of data retrieval after encryption. problem, greatly improving the efficiency of ciphertext retrieval.

外部接口调用模块,主要提供连接加解密算法、加解密软件的接口,实现对加解密软件调用、独立于数据库的权限控制、加密算法的其他软件的接口。实现这一目的的技术关键是外部程序调用和外部通讯支持。在数据库中支持外部程序调用,首先要定义好通讯接口。通过接口把数据库加密函数和解密函数做成外部调用,编写成一个独立的数据库加解密软件,运行在独立的服务器上面;权限校验过程对超级用户的权限进行限制,从而达到提高数据库管理软件性能的效果。The external interface calling module mainly provides interfaces for connecting encryption and decryption algorithms and encryption and decryption software, and realizes calls to encryption and decryption software, authority control independent of the database, and interfaces for other software of encryption algorithms. The technical key to realize this purpose is external program calling and external communication support. To support external program calls in the database, the communication interface must first be defined. Through the interface, the database encryption function and decryption function are made into external calls, and an independent database encryption and decryption software is written to run on an independent server; the authority verification process limits the authority of the super user, so as to improve the performance of the database management software Effect.

数据库加密解密部分:Database encryption and decryption part:

账户权限管理模块Account authority management module

账户和权限管理模块的主要功能用于用户的登陆账户密码管理和加解密的权限管理。身份认证采用RSA非对称加密算法或者外接数字证书接口认证方式。The main functions of the account and authority management module are used for user login account password management and encryption and decryption authority management. Identity authentication adopts RSA asymmetric encryption algorithm or external digital certificate interface authentication method.

策略设置模块Policy setting module

该功能模块是用户自定义界面设置,用户定义设置加密的数据库对象:设置用户自定义加密的列。用户是否保存明文等策略配置。This function module is user-defined interface setting, user-defined setting encrypted database object: setting user-defined encrypted column. Whether the user saves plaintext and other policy configurations.

数据库加密模块Database encryption module

该功能模块采用MD5加随机盐的方式对数据库的数据进行加密。当用户INSERT、UPDATE数据时,把相应的列名进行重命名计算处理,例如身份证重名计算处理变成大槐树等。把相应列的数据进行加密列函数计算加随机盐之后MD5计算的方式进行数据加密。例如:MD5(f(X)+随机盐)This function module uses MD5 plus random salt to encrypt the data in the database. When users INSERT and UPDATE data, the corresponding column names are renamed and calculated, for example, the ID card with the same name is calculated and processed as a big pagoda tree, etc. The data in the corresponding column is encrypted by calculating the function of the column and adding random salt, and then encrypting the data by means of MD5 calculation. For example: MD5(f(X)+random salt)

由于数据库里面数据是海量,采取其他加密算法,计算量太大。因此采用MD5加随机盐的方式提高安全性能。Due to the massive amount of data in the database, using other encryption algorithms requires too much calculation. Therefore, MD5 plus random salt is used to improve security performance.

数据库解密模块Database decryption module

当视图提出解密请求的时候,调用数据库加解密软件的进行解密。进行MD5解密函数解密数据;取模去盐;反加密列函数计算。When the view makes a decryption request, it calls the database encryption and decryption software to decrypt. Perform MD5 decryption function to decrypt data; take modulo and desalt; anti-encryption column function calculation.

本发明的方法可以包括:The method of the present invention may comprise:

1、身份认证登录1. Identity authentication login

数据库加解密软件通过RSA身份认证或者UKRY认证等,否则拒绝登陆;The database encryption and decryption software has passed RSA identity authentication or UKRY authentication, otherwise the login is refused;

确定加密对象,由用户选择相应的加密数据库、表、列,是否保存明文的策略选项。对于新用户设置加密策略;To determine the encrypted object, the user selects the corresponding encrypted database, table, column, and whether to save the policy option of plain text. Set encryption policy for new users;

2、加密判断2. Encryption judgment

判断用户是否需要加密数据:当用户不需要加密数据,发送相应的请求给数据库管理系统(DBMS),执行数据库的操作,退出流程。当用户需要加密数据时,发送请求给明文备份判断进行处理;Determine whether the user needs to encrypt data: When the user does not need to encrypt data, send a corresponding request to the database management system (DBMS), perform database operations, and exit the process. When the user needs to encrypt data, send a request to the plaintext backup judgment for processing;

3、明文备份判断3. Plaintext backup judgment

加密请求判断完毕之后,数据库加解密软件第一次判断明文是否需要备份明文;如果用户需要明文时候,发送请求给触发器,把明文视图同名复制到指定的路径,对需要加密的表的视图重命名,对需要加密的字段名称进行屏蔽处理:例如:字段身份证变成字段苹果树。After the encryption request is judged, the database encryption and decryption software judges for the first time whether the plaintext needs to be backed up; if the user needs the plaintext, send a request to the trigger, copy the plaintext view with the same name to the specified path, and redo the view of the table that needs to be encrypted. Naming, mask the field names that need to be encrypted: for example: the field ID card becomes the field apple tree.

当用户提出插入和更新等请求时,判断明文备份请求;如果用户有明文备份请求,调用数据库的触发器发送插入和更新等命令数据进明文表,发送加密请求给加密模块进行加密处理;如果没有明文备份策略,发送加密请求给加密模块进行加密处理加密模块;When the user requests insert and update, judge the plaintext backup request; if the user has a plaintext backup request, call the database trigger to send the insert and update command data into the plaintext table, and send the encryption request to the encryption module for encryption processing; if not Plain text backup strategy, send encryption request to encryption module for encryption processing encryption module;

4、加密处理4. Encryption processing

经过加密判断,明文备份判断之后,加密模块,进行如下处理:加密字段匹配,加密字段在数据库加解密软件中存储的是明文,对加密字段进行匹配之后,对需要加密的字段名称进行屏蔽处理;在加解密软件中生成随机盐和加密字段ID随机盐关联数据库。对相关字段的数值的明文进行函数处理之后加随机盐生成新的数据;之后组合成的数据进行MD5的处理,把加密后的数据值由数据库的触发器执行到加密视图,由数据库的机制进行相关存储操作After the encryption judgment and the plaintext backup judgment, the encryption module performs the following processing: the encrypted field is matched, the encrypted field is stored in the plaintext in the database encryption and decryption software, and after the encrypted field is matched, the field name that needs to be encrypted is masked; Generate random salt and encrypted field ID random salt association database in encryption and decryption software. Perform function processing on the plain text of the value of the relevant field and then add random salt to generate new data; then the combined data is processed by MD5, and the encrypted data value is executed by the trigger of the database to the encrypted view, which is carried out by the mechanism of the database Related Storage Operations

5、加密数据触发器处理5. Encrypted data trigger processing

经过加密处理带屏蔽字段名称和加密处理后的数据由数据库加解密软件发送操作请求数据库加解密接口,加解密接口发送请求给数据库触发器,触发器按照数据机制进行相关操作。整个加密过程完成;The encrypted data with masked field names and encrypted data is sent by the database encryption and decryption software to the database encryption and decryption interface, and the encryption and decryption interface sends the request to the database trigger, and the trigger performs related operations according to the data mechanism. The entire encryption process is completed;

6、解密数据视图处理6. Decrypted data view processing

当用户在数据库加解密软件中提出查询select请求包括过滤、投影、聚集、关联和函数运算等,流程如下:When the user makes a query select request in the database encryption and decryption software, including filtering, projection, aggregation, association and function operation, etc., the process is as follows:

用户在加解密软件中提出查询请求,先判断查询的字段是否是加密字段,如果不是加密字段,直接发送请求给数据库bitmap scan扩展检索接口,bitmap scan扩展检索按照数据库的机制执行视图查询后,数据库视图发送解密请求给数据库加解密接口调用数据库加解密软件的解密程序;解密程序先encode MD5解密后,取模去盐,进行反向加密列函数计算返回数据。如果加密字段,对字段进行屏蔽函数处理后,在加解密软件中查询随机盐和加密字段ID随机盐关联数据库之后,把经过屏蔽函数处理的数值加了随机盐之后进行MD5加密之后的发送给数据库bitmap scan扩展检索接口,bitmap scan扩展检索按照数据库的机制执行视图查询,,视图发送解密请求给数据库加解密接口调用数据库加解密软件的解密程序;解密程序先Encode MD5解密后,取模去盐,进行反向加密列函数计算返回数据。When the user makes a query request in the encryption and decryption software, first determine whether the query field is an encrypted field. If it is not an encrypted field, directly send the request to the database bitmap scan extended search interface. After the bitmap scan extended search executes the view query according to the database mechanism, the database The view sends a decryption request to the database encryption and decryption interface to call the decryption program of the database encryption and decryption software; the decryption program first encodes MD5 to decrypt, then takes the modulus and removes the salt, and performs reverse encryption column function calculation to return data. If the field is encrypted, after processing the field with a masking function, query the random salt and encrypted field ID random salt associated database in the encryption and decryption software, add the random salt to the value processed by the masking function, and then send it to the database after MD5 encryption Bitmap scan extended retrieval interface, bitmap scan extended retrieval performs view query according to the database mechanism, and the view sends a decryption request to the database encryption and decryption interface to call the decryption program of the database encryption and decryption software; the decryption program first Encode MD5 decryption, then take the model and remove the salt, Perform reverse encryption column function calculation to return data.

以上所述是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明所述原理的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The above description is a preferred embodiment of the present invention, it should be pointed out that for those of ordinary skill in the art, without departing from the principle of the present invention, some improvements and modifications can also be made, and these improvements and modifications can also be made. It should be regarded as the protection scope of the present invention.

Claims (5)

1.一种基于随机盐的自主可控数据库数据加密检索系统,其特征在于,包括:数据库内部处理子系统和数据加密子系统;1. An autonomous and controllable database data encryption retrieval system based on random salt, characterized in that, comprising: a database internal processing subsystem and a data encryption subsystem; 其中所述数据库内部处理子系统包括:用于调用所述数据加密子系统以对数据进行加密/解密的外部接口调用模块、用于对明文数据库表进行加密处理的数据库视图解密调用模块、用于在数据库中的数据调用触发器时对所述数据进行加密的数据库触发器加密调用模块、用于对加密数据生成索引的扩展索引接口加密索引模块;其中,Wherein the internal processing subsystem of the database includes: an external interface calling module for calling the data encryption subsystem to encrypt/decrypt data, a database view decryption calling module for encrypting plaintext database tables, A database trigger encryption call module for encrypting the data when the data in the database calls the trigger, and an extended index interface encryption index module for generating an index on the encrypted data; wherein, 数据库视图解密调用模块,用于将明文数据库表复制到预设位置,并重命名该明文数据库表且建立与该明文数据库表同名的视图,并将该明文数据库表中需要加密的明文字段发送到所述数据加密子系统,并将所述明文字段替换为所述数据加密子系统确定的与所述明文字段对应的屏蔽字段,并将该明文字段内的数据替换为加密后的数据;The database view decryption calling module is used to copy the plaintext database table to a preset location, rename the plaintext database table and establish a view with the same name as the plaintext database table, and send the plaintext fields that need to be encrypted in the plaintext database table to the The data encryption subsystem, and replace the plaintext field with the mask field corresponding to the plaintext field determined by the data encryption subsystem, and replace the data in the plaintext field with encrypted data; 扩展索引接口加密索引模块,用于判断待查询的字段是否为加密字段,如果不是加密字段,则利用数据库的bitmap scan扩展检索接口执行视图查询后,将视图发送到数据加密子系统进行解密处理;如果是加密字段,则根据数据加密子系统中存储的明文字段与屏蔽字段之间的对应关系确定明文数据库中的屏蔽字段,并将该明文数据库中的明文字段的列中的名称进行解密处理;The extended index interface encryption index module is used to judge whether the field to be queried is an encrypted field. If it is not an encrypted field, use the bitmap scan extended search interface of the database to execute the view query, and then send the view to the data encryption subsystem for decryption processing; If it is an encrypted field, then determine the masked field in the plaintext database according to the corresponding relationship between the plaintext field and the masked field stored in the data encryption subsystem, and decrypt the name in the column of the plaintext field in the plaintext database; 其中所述数据加密子系统包括:Wherein said data encryption subsystem includes: 策略管理模块,用于提供登录界面以使用户制定加密策略,其中所述加密策略至少包括以下的至少一种:设置需要加密的字段、设置是否保存明文数据;The policy management module is used to provide a login interface to enable users to formulate encryption policies, wherein the encryption policies include at least one of the following: setting fields that need to be encrypted, setting whether to save plaintext data; 数据加密模块,用于根据接收到的数据库内部处理子系统的指令,对数据库中需要加密的明文字段更换为屏蔽字段,且将明文字段与屏蔽字段之间的对应关系进行存储;还用于通过MD5加随机盐的算法对明文字段的列中的数据进行加密;The data encryption module is used to replace the plaintext fields in the database that need to be encrypted with shielded fields according to the received instructions of the internal processing subsystem of the database, and store the corresponding relationship between the plaintext fields and the shielded fields; The MD5 plus random salt algorithm encrypts the data in the column of the plaintext field; 数据解密模块,用于根据接收到的数据库内部处理子系统的指令,对数据库中加密的数据进行解密。The data decryption module is used for decrypting the encrypted data in the database according to the received instruction of the internal processing subsystem of the database. 2.根据权利要求1所述的基于随机盐的自主可控数据库数据加密检索系统,其特征在于,所述数据加密子系统还包括:2. The autonomous controllable database data encryption retrieval system based on random salt according to claim 1, wherein the data encryption subsystem also includes: 权限管理模块,用于对登录账号密码进行认证和对加密/解密权限进行管理;其中所述权限管理模块采用RSA非对称加密算法或者外接数字证书接口认证方式对登录账号密码进行认证。The authority management module is used to authenticate the login account password and manage the encryption/decryption authority; wherein the authority management module uses the RSA asymmetric encryption algorithm or an external digital certificate interface authentication method to authenticate the login account password. 3.根据权利要求1所述的基于随机盐的自主可控数据库数据加密检索系统,其特征在于,所述数据库内部处理子系统还包括用于在对明文数据库表进行更改时对数据进行加密的数据库触发器加密调用模块,所述数据库触发器加密调用模块用于判断数据库是否调用了触发器,如果是则调用数据加密子系统对数据进行加密。3. The self-controllable database data encryption retrieval system based on random salt according to claim 1, characterized in that, the internal processing subsystem of the database also includes a device for encrypting data when the plaintext database table is changed. The database trigger encryption calling module is used to judge whether the database has called the trigger, and if so, call the data encryption subsystem to encrypt the data. 4.一种基于随机盐的自主可控数据库数据加密检索方法,其特征在于,包括:4. An autonomous and controllable database data encryption retrieval method based on random salt, characterized in that it comprises: 明文数据库表处理步骤,用于将明文数据库表复制到预设位置,并重命名该明文数据库表且建立与该明文数据库表同名的视图,并将该明文数据库表中需要加密的明文字段发送到所述数据加密子系统,并将所述明文字段替换为所述数据加密子系统确定的与所述明文字段对应的屏蔽字段,并将该明文字段内的数据替换为加密后的数据;The plaintext database table processing step is used to copy the plaintext database table to a preset location, rename the plaintext database table and establish a view with the same name as the plaintext database table, and send the plaintext fields that need to be encrypted in the plaintext database table to all The data encryption subsystem, and replace the plaintext field with the mask field corresponding to the plaintext field determined by the data encryption subsystem, and replace the data in the plaintext field with encrypted data; 检索步骤,用于判断待查询的字段是否为加密字段,如果不是加密字段,则利用数据库的bitmap scan扩展检索接口执行视图查询后,将视图发送到数据加密子系统进行解密处理;如果是加密字段,则根据数据加密子系统中存储的明文字段与屏蔽字段之间的对应关系确定明文数据库中的屏蔽字段,并将该明文数据库中的屏蔽字段列中的数据进行解密处理;The retrieval step is used to determine whether the field to be queried is an encrypted field. If it is not an encrypted field, use the bitmap scan extended retrieval interface of the database to execute the view query, and then send the view to the data encryption subsystem for decryption processing; if it is an encrypted field , then determine the masked field in the plaintext database according to the corresponding relationship between the plaintext field and the masked field stored in the data encryption subsystem, and decrypt the data in the masked field column in the plaintext database; 检索判断步骤,用于在对密文数据库表进行检索判断;具体包括:判断数据库是否调用了触发器,如果是则对数据进行加密。The search and judgment step is used for searching and judging the ciphertext database table; specifically includes: judging whether the database has invoked a trigger, and if so, encrypting the data. 策略管理步骤,用于提供登录界面以使用户输入加密策略,其中所述加密策略至少包括以下的至少一种:需要加密的明文字段、是否保存明文数据库表;The policy management step is used to provide a login interface for users to input an encryption policy, wherein the encryption policy includes at least one of the following: plaintext fields that need to be encrypted, whether to save plaintext database tables; 数据加密步骤,用于根据接收到的数据库内部处理子系统的指令,对数据库中需要加密的明文字段更换为屏蔽字段,且将明文字段与屏蔽字段之间的对应关系进行存储;还用于通过MD5加随机盐的算法对明文字段的列中的数据进行加密;The data encryption step is used to replace the plaintext fields in the database that need to be encrypted with shielded fields according to the received instructions of the internal processing subsystem of the database, and store the corresponding relationship between the plaintext fields and the shielded fields; The MD5 plus random salt algorithm encrypts the data in the column of the plaintext field; 数据解密步骤,用于根据接收到的数据库内部处理子系统的指令,对数据库中加密的数据进行解密。The data decryption step is used to decrypt the encrypted data in the database according to the received instruction of the internal processing subsystem of the database. 5.根据权利要求4所述的基于随机盐的自主可控数据库数据加密检索方法,其特征在于,还包括:5. the random salt-based autonomous controllable database data encryption retrieval method according to claim 4, is characterized in that, also comprises: 登录认证管理模块,用于对登录账号密码进行认证和对加密/解密权限进行管理;其中所述权限管理模块采用RSA非对称加密算法或者外接数字证书接口认证方式对登录账号密码进行认证。The login authentication management module is used to authenticate the login account password and manage the encryption/decryption authority; wherein the authority management module uses the RSA asymmetric encryption algorithm or an external digital certificate interface authentication method to authenticate the login account password.
CN201610866064.9A 2016-09-29 2016-09-29 Self-controllable database data encryption retrieval method and system based on random salt Pending CN106446196A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610866064.9A CN106446196A (en) 2016-09-29 2016-09-29 Self-controllable database data encryption retrieval method and system based on random salt

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610866064.9A CN106446196A (en) 2016-09-29 2016-09-29 Self-controllable database data encryption retrieval method and system based on random salt

Publications (1)

Publication Number Publication Date
CN106446196A true CN106446196A (en) 2017-02-22

Family

ID=58171278

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610866064.9A Pending CN106446196A (en) 2016-09-29 2016-09-29 Self-controllable database data encryption retrieval method and system based on random salt

Country Status (1)

Country Link
CN (1) CN106446196A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107480552A (en) * 2017-07-26 2017-12-15 北京北信源软件股份有限公司 Database encryption method and device
CN109684854A (en) * 2018-11-20 2019-04-26 华中科技大学 A kind of bottom data encryption method suitable for management information system in enterprise
CN111984978A (en) * 2020-08-13 2020-11-24 成都安恒信息技术有限公司 High-expansibility password encryption storage method
CN114564735A (en) * 2022-03-02 2022-05-31 信弈数(北京)科技有限责任公司 Database encryption and complete matching retrieval system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101504668A (en) * 2009-03-24 2009-08-12 北京理工大学 Cryptograph index supported database transparent encryption method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101504668A (en) * 2009-03-24 2009-08-12 北京理工大学 Cryptograph index supported database transparent encryption method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
屈力: "密文数据库系统的研究与实现", 《中国优秀硕士学位论文全文数据库》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107480552A (en) * 2017-07-26 2017-12-15 北京北信源软件股份有限公司 Database encryption method and device
CN109684854A (en) * 2018-11-20 2019-04-26 华中科技大学 A kind of bottom data encryption method suitable for management information system in enterprise
CN109684854B (en) * 2018-11-20 2022-02-11 华中科技大学 A low-level data encryption method suitable for enterprise management information system
CN111984978A (en) * 2020-08-13 2020-11-24 成都安恒信息技术有限公司 High-expansibility password encryption storage method
CN114564735A (en) * 2022-03-02 2022-05-31 信弈数(北京)科技有限责任公司 Database encryption and complete matching retrieval system

Similar Documents

Publication Publication Date Title
CN111191286B (en) Hyperledger Fabric blockchain privacy data storage and access system and method
CN105787387B (en) A kind of database encryption method and the encrypting database querying method
CN101639882B (en) Database security and confidentiality system based on storage encryption
CN102170440B (en) Method suitable for safely migrating data between storage clouds
CN106934030B (en) Ciphertext indexing method for database encryption and in-library encryption system
CN104881280B (en) A kind of design method for supporting the ciphertext database middleware of inquiry more
CN102855448B (en) A kind of Field-level database encryption device
CN103106372A (en) Lightweight class privacy data encryption method and system for Android system
CN106446196A (en) Self-controllable database data encryption retrieval method and system based on random salt
CN101504668A (en) Cryptograph index supported database transparent encryption method
WO2017128720A1 (en) Vtpm-based method and system for virtual machine security and protection
Wang et al. Operon: An encrypted database for ownership-preserving data management
CN107168998A (en) A kind of database transparent encryption method based on reservation form
CN118260264A (en) User-friendly encrypted storage system and method for distributed file system
CN101162493A (en) Method and system for maintaining the safe of data base
CN108763401A (en) A kind of reading/writing method and equipment of file
CN108572861A (en) Protection method, system, device and storage medium of a virtual root of trust
CN117763614A (en) SQL statement interception and rewriting method
CN107094075A (en) A kind of data block dynamic operation method based on convergent encryption
WO2015180459A1 (en) Method for verifying license of web system based on multiway tree search
CN114564735A (en) Database encryption and complete matching retrieval system
RU2739135C1 (en) Method and system for secure management of backup copies of states of remote computing devices, with the function of encryption of random access memory on a central processing unit, using quantum key distribution
Tian et al. Trustworthiness study of HDFS data storage based on trustworthiness metrics and KMS encryption
US9058503B2 (en) Systems and methods for secure storage on a mobile device
CN117971798A (en) Data isolation method, system and equipment for multi-technology fusion of SaaS software

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170222