[go: up one dir, main page]

CN114564735A - Database encryption and complete matching retrieval system - Google Patents

Database encryption and complete matching retrieval system Download PDF

Info

Publication number
CN114564735A
CN114564735A CN202210205257.5A CN202210205257A CN114564735A CN 114564735 A CN114564735 A CN 114564735A CN 202210205257 A CN202210205257 A CN 202210205257A CN 114564735 A CN114564735 A CN 114564735A
Authority
CN
China
Prior art keywords
data
encryption
query
unit
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210205257.5A
Other languages
Chinese (zh)
Inventor
龚双喜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xinyishu Beijing Technology Co ltd
Original Assignee
Xinyishu Beijing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xinyishu Beijing Technology Co ltd filed Critical Xinyishu Beijing Technology Co ltd
Priority to CN202210205257.5A priority Critical patent/CN114564735A/en
Publication of CN114564735A publication Critical patent/CN114564735A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2453Query optimisation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computational Linguistics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a database encryption and complete matching retrieval system, and relates to the technical field of data encryption and matching retrieval. The invention comprises a data encryption and storage module and an encrypted data query module; the data encryption and storage module comprises an encryption algorithm initialization unit, a data encryption execution unit, a ciphertext data visualization unit and an encrypted data storage unit; the encrypted data query module comprises a query receiving unit, a query analyzing unit, a data encryption and decryption unit, an encrypted data visualization unit and a query result returning unit. The method can ensure high security of data storage and rapid matching of the ciphertext data by continuously using the database index when completely matching and querying, improves the retrieval efficiency of the ciphertext data under the business scene mainly comprising completely matching and querying, and particularly can greatly improve the user experience under the condition of mass data.

Description

一种数据库加密及完全匹配检索系统A database encryption and exact matching retrieval system

技术领域technical field

本发明属于数据加密及匹配检索技术领域,特别是涉及一种数据库加密及完全匹配检索系统、方法。The invention belongs to the technical field of data encryption and matching retrieval, in particular to a database encryption and complete matching retrieval system and method.

背景技术Background technique

个人信息保护最常用的方法有三种:加密存储数据库中的个人信息;通过数据库防火墙来实现数据防泄漏;通过数据脱敏来实现个人信息的掩盖。其中第一种方法可以保证在数据库数据被窃取的情况下仍然无法解析出加密前的数据而被广泛使用。There are three most commonly used methods for personal information protection: encrypting and storing personal information in the database; implementing data leakage prevention through database firewalls; and concealing personal information through data desensitization. The first method can ensure that the data before encryption cannot be parsed even if the database data is stolen, and is widely used.

市面上各大数据安全厂商都已经推出了数据库加密产品,这些产品在保证数据存储安全的同时也改变了数据在数据库中的一些属性(可比性、有序性、相似性),这使得加密后的数据库很难满足应用系统复杂多样的业务需求。All major data security vendors on the market have launched database encryption products. These products not only ensure data storage security, but also change some attributes of data in the database (comparability, orderliness, similarity). It is difficult for the database to meet the complex and diverse business needs of the application system.

为解决这一问题,大家都将技术的重点放在了如何使密文数据保持和明文数据同样或相似的属性,既让加密后的密文也能和明文一样能够进行复杂的数据库运算或者进行模糊匹配。但是目前国内外的技术发展缓慢,采用这些技术的数据库加密产品在实际使用中往往因为性能或结果匹配问题不能满足业务系统的需求。In order to solve this problem, everyone has focused on how to make the ciphertext data maintain the same or similar properties as the plaintext data, so that the encrypted ciphertext can also perform complex database operations or perform the same as the plaintext. Fuzzy match. However, the development of technology at home and abroad is slow, and database encryption products using these technologies often cannot meet the needs of business systems due to performance or result matching problems in actual use.

随着国家对数据保护的力度不断加强,业务系统必须更加谨慎的使用这些被保护的数据,必须避免因业务需求造成的信息泄露。近年来随着云服务的快速发展,基于云的便民服务也越来越多,支持这些服务的背后正是数据库加密及快速检索技术,如何在数据库加密后提供完全匹配的检索能力是加密产品亟需解决的技术问题。As the country continues to strengthen data protection, business systems must use these protected data more cautiously, and must avoid information leakage due to business needs. In recent years, with the rapid development of cloud services, there are more and more cloud-based convenience services. Behind these services are database encryption and fast retrieval technologies. How to provide fully matched retrieval capabilities after database encryption is an urgent issue for encrypted products. technical issues to be resolved.

解决这一问题最简单的方法是先对加密字段数据进行解密,然后再对解密数据进行检索。这种方法需要对表的所有加密字段进行解密操作,开销巨大,无法在产品中实际应用。The easiest way to solve this problem is to decrypt the encrypted field data first, and then retrieve the decrypted data. This method requires decrypting all encrypted fields of the table, which is expensive and cannot be practically applied in products.

现有的专利中已经公开了一种用于数据库的数据加密及检索方法,包括如下步骤:a)先利用单向加密算法对原数据加密,在保持原数据顺序不变的情况下,生成非解密的可索引头部;b)接着再继续对原数据加密生成可解密的密文数据;c)将可索引头部和可解密的密文数据组合在一起生成加密组合数据存储到数据库中;所述步骤a)中的单向加密算法为MD5、SHA 或HMAC;所述步骤b)中的加密算法为对称密钥加密算法。A kind of data encryption and retrieval method for database has been disclosed in the existing patent, which comprises the following steps: a) firstly utilize a one-way encryption algorithm to encrypt the original data, and under the condition that the order of the original data is kept unchanged, generate an Decrypted indexable header; b) then continue to encrypt the original data to generate decryptable ciphertext data; c) combine the indexable header and the decryptable ciphertext data to generate encrypted combined data and store it in the database; The one-way encryption algorithm in the step a) is MD5, SHA or HMAC; the encryption algorithm in the step b) is a symmetric key encryption algorithm.

以上列出的现有技术在实际产品应用中都存如下缺点:The existing technologies listed above all have the following shortcomings in practical product applications:

先解密再检索的方法虽然简单但仅适用于数据量非常小的场景,无法应用于海量数据的业务环境中;上述公开专利中使用单一加密算法加密原文生成索引并将这部分索引作为加密数据的起始部分存入数据库,这种做法存在如下风险:单向加密算法MD5和SHA存在较大的破解风险,一旦数据内容被泄露则很容易被破解,数据的安全性无法保证;单向加密算法MD5和 SHA都存在冲突的可能,存在降低检索性能的可能。Although the method of first decrypting and then searching is simple, it is only suitable for scenarios with very small amount of data, and cannot be applied in the business environment of massive data; in the above-mentioned published patent, a single encryption algorithm is used to encrypt the original text to generate an index, and this part of the index is used as the index of the encrypted data. The initial part is stored in the database. This approach has the following risks: the one-way encryption algorithm MD5 and SHA have a greater risk of cracking. Once the data content is leaked, it is easy to be cracked, and the security of the data cannot be guaranteed; the one-way encryption algorithm Both MD5 and SHA have the possibility of conflict, which may reduce the retrieval performance.

发明内容SUMMARY OF THE INVENTION

本发明通过利用已有对称加密算法与自有的可视化算法相结合的方式完成对数据库数据的加密以及加密数据的完全匹配检索方法,主要解决数据库数据加密后对加密后数据的快速完全匹配问题,多用于精确查询业务为主的场景。The present invention completes the encryption of the database data and the complete matching retrieval method of the encrypted data by combining the existing symmetric encryption algorithm and the own visualization algorithm, and mainly solves the problem of fast and complete matching of the encrypted data after the database data is encrypted. It is mostly used in scenarios where accurate query business is the mainstay.

为达上述目的,本发明是通过以下技术方案实现的:For reaching the above-mentioned purpose, the present invention is achieved through the following technical solutions:

一种数据库加密及完全匹配检索系统,所述系统包括:A database encryption and exact matching retrieval system, the system includes:

数据加密及存储模块、加密数据查询模块;Data encryption and storage module, encrypted data query module;

所述数据加密及存储模块的具体处理流程如下:The specific processing flow of the data encryption and storage module is as follows:

S101、加密算法初始化,加载常用的对称密钥加密算法;S101: Initialize the encryption algorithm, and load a commonly used symmetric key encryption algorithm;

S102、判断数据库中是否有需要加密的字段,若是则执行S103,否则执行S107;S102, determine whether there is a field that needs to be encrypted in the database, if so, execute S103, otherwise, execute S107;

S103、对需要加密的字段进行加密操作;S103, performing an encryption operation on the field that needs to be encrypted;

S104、对二进制的密文数据进行位置变换;S104, performing position transformation on the binary ciphertext data;

S105、在变换后的二进制密文中写入混淆值;S105, write an obfuscated value in the transformed binary ciphertext;

S106、对新的二进制值进行Base64编码;S106. Perform Base64 encoding on the new binary value;

S107、将处理后的数据存入到数据库中;S107, storing the processed data into the database;

其中步骤S104,S105,S106为自有的可视化算法处理流程;Wherein, steps S104, S105, and S106 are the processing flow of its own visualization algorithm;

步骤S101中,常用的对称密钥加密算法包括AES高级加密标准、SM4 国密算法;In step S101, commonly used symmetric key encryption algorithms include AES advanced encryption standard and SM4 national secret algorithm;

步骤S103中,此步骤使用密文数据可视化单元自有的算法对密文数据进行可视化处理;In step S103, this step uses the ciphertext data visualization unit's own algorithm to visualize the ciphertext data;

所述加密数据查询模块的具体处理流程如下:The specific processing flow of the encrypted data query module is as follows:

S201、初始化加密算法;S201, initialize the encryption algorithm;

S202、初始化查询请求接收引擎,等待接收查询请求;S202, initialize the query request receiving engine, and wait for receiving the query request;

S203、是否接收到查询请求,若是则执行步骤204,否则执行步骤203;S203, whether a query request is received, if so, go to step 204, otherwise go to step 203;

S204、判断查询请求的条件中是否有加密字段,若是则执行步骤205,否则执行步骤209;S204, determine whether there is an encrypted field in the condition of the query request, if so, go to step 205, otherwise go to step 209;

S205、对查询条件字段进行加密处理;S205, encrypting the query condition field;

S206、对二进制的密文数据进行位置变换;S206, performing position transformation on the binary ciphertext data;

S207、在变换后的二进制密文中写入混淆值;S207, write an obfuscated value in the transformed binary ciphertext;

S208、对新的二进制值进行Base64编码得到查询条件值;S208. Perform Base64 encoding on the new binary value to obtain the query condition value;

S209、根据查询条件从数据库中查询数据;S209, query data from the database according to the query condition;

S210、判断查询结果中是否有加密字段,若有则执行步骤211,否则执行步骤215;S210, determine whether there is an encrypted field in the query result, if so, go to step 211, otherwise go to step 215;

S211、将查询结果中需要解密的字段值做Base64解码操作;S211. Perform a Base64 decoding operation on the field value that needs to be decrypted in the query result;

S212、从解码后的值中去掉混淆值;S212, remove the obfuscated value from the decoded value;

S213、还原密文的二进制位置得到密文结果;S213, restore the binary position of the ciphertext to obtain the ciphertext result;

S214、对密文结果进行解密操作得到明文结果;S214. Decrypt the ciphertext result to obtain a plaintext result;

S215、返回查询请求的结果数据并返回到步骤203;S215, return the result data of the query request and return to step 203;

其中,S206,S207,S208为自有的可视化算法处理流程,S211,S212, S213为对应的逆向处理流程。Among them, S206, S207, and S208 are the own visualization algorithm processing flow, and S211, S212, and S213 are the corresponding reverse processing flow.

可选的,所述数据加密及存储模块包括加密算法初始化单元、数据加密执行单元、密文数据可视化单元、加密数据存储单元;Optionally, the data encryption and storage module includes an encryption algorithm initialization unit, a data encryption execution unit, a ciphertext data visualization unit, and an encrypted data storage unit;

所述加密数据查询模块包括查询接收单元、查询解析单元、数据加解密单元、加密数据可视化单元、查询结果返回单元;The encrypted data query module includes a query receiving unit, a query parsing unit, a data encryption and decryption unit, an encrypted data visualization unit, and a query result return unit;

所述数据加密及存储模块用于加密数据库中需要保护的字段;The data encryption and storage module is used to encrypt the fields that need to be protected in the database;

所述加密数据查询模块用来快速完全匹配满足查询条件的数据。The encrypted data query module is used to quickly and completely match the data that satisfies the query condition.

可选的,所述密文数据可视化单元用于密文数据在入库前使用自有算法进行可视化处理,处理之后的字段可以继续使用数据库索引以提高检索效率,提高了在以完全匹配查询为主的业务场景下对密文数据的检索效率,尤其在海量数据情况下更能大大提升应用的用户体验。Optionally, the ciphertext data visualization unit is used for visualizing the ciphertext data using its own algorithm before storage, and the processed fields can continue to use the database index to improve the retrieval efficiency, which improves the efficiency of the retrieval process when the exact match query is used. The retrieval efficiency of ciphertext data in the main business scenario, especially in the case of massive data, can greatly improve the user experience of the application.

可选的,所述数据加密执行单元用于执行对称密钥加密算法。Optionally, the data encryption execution unit is configured to execute a symmetric key encryption algorithm.

可选的,所述加密数据存储单元用于储存被对称密钥加密算法加密后的数据。Optionally, the encrypted data storage unit is configured to store data encrypted by a symmetric key encryption algorithm.

可选的,所述数据加解密单元用于对接收的数据通过加密算法进行加密或通过解密算法进行解密,所述数据加解密单元的加密算法为AES高级加密标准、SM4国密算法中的任意一种。Optionally, the data encryption and decryption unit is used to encrypt or decrypt the received data through an encryption algorithm, and the encryption algorithm of the data encryption and decryption unit is any of the AES advanced encryption standard and the SM4 national encryption algorithm. A sort of.

本发明的实施例具有以下有益效果:Embodiments of the present invention have the following beneficial effects:

本发明的一个实施例通过利用已有对称加密算法与自有的可视化算法相结合的方式即能保证数据存储的高安全性又能保证在完全匹配查询时密文数据可以继续使用数据库索引进行快速匹配,提高了在以完全匹配查询为主的业务场景下对密文数据的检索效率,尤其在海量数据情况下更能大大提升应用的用户体验。In one embodiment of the present invention, by combining the existing symmetric encryption algorithm with its own visualization algorithm, it can not only ensure the high security of data storage, but also ensure that the ciphertext data can continue to use the database index for fast data storage when the query is completely matched. Matching improves the retrieval efficiency of ciphertext data in business scenarios based on complete matching queries, especially in the case of massive data, which can greatly improve the user experience of the application.

当然,实施本发明的任一产品并不一定需要同时达到以上所述的所有优点。Of course, it is not necessary for any product embodying the present invention to achieve all of the advantages described above simultaneously.

附图说明Description of drawings

构成本申请的一部分的说明书附图用来提供对本发明的进一步理解,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The accompanying drawings forming a part of the present application are used to provide further understanding of the present invention, and the exemplary embodiments of the present invention and their descriptions are used to explain the present invention and do not constitute an improper limitation of the present invention. In the attached image:

图1为本发明一实施例的数据加密及存储模块的系统流程示意图;1 is a schematic diagram of a system flow of a data encryption and storage module according to an embodiment of the present invention;

图2为本发明一实施例的加密数据查询模块的系统流程示意图。FIG. 2 is a schematic diagram of a system flow of an encrypted data query module according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本发明一部分实施例,而不是全部的实施例。以下对至少一个示例性实施例的描述实际上仅仅是说明性的,决不作为对本发明及其应用或使用的任何限制。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses.

为了保持本发明实施例的以下说明清楚且简明,本发明省略了已知功能和已知部件的详细说明。In order to keep the following description of the embodiments of the present invention clear and concise, the present invention omits detailed descriptions of well-known functions and well-known components.

请参阅图1-2所示,在本实施例中提供了一种数据库加密及完全匹配检索系统,包括:数据加密及存储模块、加密数据查询模块;Referring to Figures 1-2, in this embodiment, a database encryption and complete matching retrieval system is provided, including: a data encryption and storage module, and an encrypted data query module;

所述数据加密及存储模块的具体处理流程如下:The specific processing flow of the data encryption and storage module is as follows:

S101、加密算法初始化,加载常用的对称密钥加密算法;S101: Initialize the encryption algorithm, and load a commonly used symmetric key encryption algorithm;

S102、判断数据库中是否有需要加密的字段,若是则执行S103,否则执行S105;S102, determine whether there is a field that needs to be encrypted in the database, if so, execute S103, otherwise, execute S105;

S103、对需要加密的字段进行加密操作;S103, performing an encryption operation on the field that needs to be encrypted;

S104、对密文数据进行可视化处理;S104, performing visual processing on the ciphertext data;

S105、将处理后的数据存入到数据库中;S105, storing the processed data into a database;

步骤S101中,常用的对称密钥加密算法包括AES高级加密标准、SM4 国密算法;In step S101, commonly used symmetric key encryption algorithms include AES advanced encryption standard and SM4 national secret algorithm;

步骤S103中,此步骤使用密文数据可视化单元自有的算法对密文数据进行可视化处理;In step S103, this step uses the ciphertext data visualization unit's own algorithm to visualize the ciphertext data;

所述加密数据查询模块的具体处理流程如下:The specific processing flow of the encrypted data query module is as follows:

S201、初始化加密算法;S201, initialize the encryption algorithm;

S202、初始化查询请求接收引擎,等待接收查询请求;S202, initialize the query request receiving engine, and wait for receiving the query request;

S203、是否接收到查询请求,若是则执行S204,否则执行S203;S203, whether a query request is received, if so, execute S204, otherwise, execute S203;

S204、判断查询请求的条件中是否有加密字段,若是则执行S205,否则执行S207;S204, determine whether there is an encrypted field in the condition of the query request, if so, execute S205, otherwise, execute S207;

S205、对查询条件字段进行加密处理;S205, encrypting the query condition field;

S206、使用自有的算法对密文数据进行可视化处理;S206, using its own algorithm to visualize the ciphertext data;

S207、根据查询条件从数据库中查询数据;S207, query data from the database according to the query condition;

S208、判断查询结果中是否有加密字段,若有则执行S209,否则执行 S210;S208, determine whether there is an encrypted field in the query result, if so, execute S209; otherwise, execute S210;

S209、解密查询结果中的密文字段得到明文数据;S209, decrypt the ciphertext field in the query result to obtain plaintext data;

S210、返回查询请求的结果数据并返回到S203。S210. Return the result data of the query request and return to S203.

如图1所示,所述数据加密及存储模块包括加密算法初始化单元、数据加密执行单元、密文数据可视化单元、加密数据存储单元;As shown in Figure 1, the data encryption and storage module includes an encryption algorithm initialization unit, a data encryption execution unit, a ciphertext data visualization unit, and an encrypted data storage unit;

所述加密数据查询模块包括查询接收单元、查询解析单元、数据加解密单元、加密数据可视化单元、查询结果返回单元;The encrypted data query module includes a query receiving unit, a query parsing unit, a data encryption and decryption unit, an encrypted data visualization unit, and a query result return unit;

所述数据加密及存储模块用于加密数据库中需要保护的字段;The data encryption and storage module is used to encrypt the fields that need to be protected in the database;

所述加密数据查询模块用来快速完全匹配满足查询条件的数据。The encrypted data query module is used to quickly and completely match the data that satisfies the query condition.

市面上各大数据安全厂商都已经推出了数据库加密产品,这些产品在保证数据存储安全的同时也改变了数据在数据库中的一些属性(可比性、有序性、相似性),这使得加密后的数据库很难满足应用系统复杂多样的业务需求。All major data security vendors on the market have launched database encryption products. These products not only ensure data storage security, but also change some attributes of data in the database (comparability, orderliness, similarity). It is difficult for the database to meet the complex and diverse business needs of the application system.

为解决这一问题,大家都将技术的重点放在了如何使密文数据保持和明文数据同样或相似的属性,既让加密后的密文也能和明文一样能够进行复杂的数据库运算或者进行模糊匹配。但是目前国内外的技术发展缓慢,采用这些技术的数据库加密产品在实际使用中往往因为性能或结果匹配问题不能满足业务系统的需求;In order to solve this problem, everyone has focused on how to make the ciphertext data maintain the same or similar properties as the plaintext data, so that the encrypted ciphertext can also perform complex database operations or perform the same as the plaintext. Fuzzy match. However, the technology development at home and abroad is slow at present, and database encryption products using these technologies are often unable to meet the needs of business systems due to performance or result matching problems in actual use;

而本方案通过利用已有对称加密算法与自有的可视化算法相结合的方式即能保证数据存储的高安全性又能保证在完全匹配查询时密文数据可以继续使用数据库索引进行快速匹配,提高了在以完全匹配查询为主的业务场景下对密文数据的检索效率,尤其在海量数据情况下更能大大提升应用的用户体验。By combining the existing symmetric encryption algorithm with its own visualization algorithm, this scheme can not only ensure high security of data storage, but also ensure that the ciphertext data can continue to use the database index for fast matching when the query is completely matched. It improves the retrieval efficiency of ciphertext data in the business scenario based on complete matching query, especially in the case of massive data, which can greatly improve the user experience of the application.

如图1所示,所述密文数据可视化单元用于密文数据在入库前使用自有算法进行可视化处理,处理之后的字段可以继续使用数据库索引以提高检索效率。As shown in FIG. 1 , the ciphertext data visualization unit is used to visualize the ciphertext data using its own algorithm before storage, and the processed fields can continue to use the database index to improve retrieval efficiency.

如图2所示,所述数据加密执行单元用于执行对称密钥加密算法,所述加密数据存储单元用于储存被对称密钥加密算法加密后的数据。As shown in FIG. 2 , the data encryption execution unit is configured to execute a symmetric key encryption algorithm, and the encrypted data storage unit is configured to store data encrypted by the symmetric key encryption algorithm.

如图1-2所示,所述数据加解密单元用于对接收的数据通过加密算法进行加密或通过解密算法进行解密,所述数据加解密单元的加密算法为AES 高级加密标准、SM4国密算法中的任意一种。As shown in Figure 1-2, the data encryption and decryption unit is used to encrypt or decrypt the received data through an encryption algorithm, and the encryption algorithm of the data encryption and decryption unit is AES Advanced Encryption Standard, SM4 National Code any of the algorithms.

以上所述仅是本发明的较佳实施例而已,并非对本发明作任何形式上的限制,虽然本发明已以较佳实施例揭露如上,然而并非用以限定本发明,任何熟悉本专利的技术人员在不脱离本发明技术方案范围内,当可利用上述提示的技术内容作出些许更动或修饰为等同变化的等效实施例,上述实施例中的实施方案也可以进一步组合或者替换,但凡是未脱离本发明技术方案的内容,依据本发明的技术实质对以上实施例所作的任何简单修改、等同变化与修饰,均仍属于本发明方案的范围内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention in any form. Although the present invention has been disclosed above with preferred embodiments, it is not intended to limit the present invention. Without departing from the scope of the technical solution of the present invention, when the technical content indicated above can be used to make some changes or modifications to equivalent examples of equivalent changes, the implementations in the above-mentioned examples can also be further combined or replaced, but any Without departing from the content of the technical solution of the present invention, any simple modifications, equivalent changes and modifications made to the above embodiments according to the technical essence of the present invention still fall within the scope of the solution of the present invention.

Claims (7)

1. A database encryption and perfect match retrieval system, the system comprising:
the system comprises a data encryption and storage module, an encrypted data query module and a database module;
the data encryption and storage module comprises an encryption algorithm initialization unit, a data encryption execution unit, a ciphertext data visualization unit and an encrypted data storage unit;
the encrypted data query module comprises a query receiving unit, a query analyzing unit, a data encryption and decryption unit, an encrypted data visualization unit and a query result returning unit;
the data encryption and storage module is used for encrypting fields needing to be protected in the database module;
the encrypted data query module is used for quickly and completely matching data meeting query conditions;
the database module is used for receiving and storing data.
2. The database encryption and perfect-match retrieval system of claim 1, wherein the ciphertext data visualization unit is configured to perform visualization processing on the ciphertext data before being put in storage by using an own algorithm.
3. The system for database encryption and perfect match retrieval as claimed in claim 1, wherein the specific process flow of the data encryption and storage module is as follows:
s101, initializing an encryption algorithm, and loading a common symmetric key encryption algorithm;
s102, judging whether a field needing to be encrypted exists in the database, if so, executing S103, otherwise, executing S107;
s103, carrying out encryption operation on fields needing to be encrypted;
s104, performing position transformation on the binary ciphertext data;
s105, writing an obfuscated value in the transformed binary ciphertext;
s106, carrying out Base64 coding on the new binary value;
s107, storing the processed data into a database;
wherein, the steps S104, S105 and S106 are the own visualization algorithm processing flow.
4. The database encryption and perfect-match retrieval system according to claim 3, wherein in step S101, the commonly used symmetric key encryption algorithm includes AES advanced encryption standard, SM4 national encryption algorithm, the data encryption execution unit is configured to execute the symmetric key encryption algorithm, and the encrypted data storage unit is configured to store the data encrypted by the symmetric key encryption algorithm.
5. The database encryption and perfect-match retrieval system of claim 1, wherein the specific processing flow of the encrypted data query module is as follows:
s201, initializing an encryption algorithm;
s202, initializing a query request receiving engine, and waiting for receiving a query request;
s203, whether a query request is received or not is judged, if yes, step 204 is executed, and if not, step 203 is executed;
s204, judging whether the condition of the query request has an encrypted field, if so, executing a step 205, otherwise, executing a step 209;
s205, encrypting the query condition field;
s206, carrying out position transformation on the binary ciphertext data;
s207, writing an obfuscated value in the transformed binary ciphertext;
s208, carrying out Base64 encoding on the new binary value to obtain a query condition value;
s209, inquiring data from the database according to the inquiry condition;
s210, judging whether an encrypted field exists in the query result, if so, executing a step 211, otherwise, executing a step 215;
s211, performing Base64 decoding operation on the field value needing to be decrypted in the query result;
s212, removing an aliasing value from the decoded value;
s213, restoring the binary position of the ciphertext to obtain a ciphertext result;
s214, carrying out decryption operation on the ciphertext result to obtain a plaintext result;
s215, returning result data of the query request and returning to the step 203;
wherein, S206, S207, S208 are own visualization algorithm processing flows, and S211, S212, S213 are corresponding inverse processing flows.
6. The database encryption and perfect match retrieval system of claim 1, wherein the data encryption and decryption unit is configured to encrypt the received data by an encryption algorithm or decrypt the received data by a decryption algorithm.
7. The database encryption and perfect match retrieval system of claim 6, wherein the encryption algorithm of the data encryption and decryption unit is any one of AES advanced encryption Standard, SM4 national encryption Algorithm.
CN202210205257.5A 2022-03-02 2022-03-02 Database encryption and complete matching retrieval system Pending CN114564735A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210205257.5A CN114564735A (en) 2022-03-02 2022-03-02 Database encryption and complete matching retrieval system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210205257.5A CN114564735A (en) 2022-03-02 2022-03-02 Database encryption and complete matching retrieval system

Publications (1)

Publication Number Publication Date
CN114564735A true CN114564735A (en) 2022-05-31

Family

ID=81717043

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210205257.5A Pending CN114564735A (en) 2022-03-02 2022-03-02 Database encryption and complete matching retrieval system

Country Status (1)

Country Link
CN (1) CN114564735A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115033925A (en) * 2022-08-11 2022-09-09 三未信安科技股份有限公司 Database security retrieval method
CN115544498A (en) * 2022-11-24 2022-12-30 华控清交信息科技(北京)有限公司 Ciphertext data visual monitoring method and device and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927357A (en) * 2014-04-15 2014-07-16 上海新炬网络技术有限公司 Data encryption and retrieval method for database
CN106446196A (en) * 2016-09-29 2017-02-22 北京许继电气有限公司 Self-controllable database data encryption retrieval method and system based on random salt
CN110933108A (en) * 2019-09-26 2020-03-27 腾讯科技(深圳)有限公司 Data processing method and device based on block chain network, electronic equipment and storage medium
CN113434555A (en) * 2021-07-09 2021-09-24 支付宝(杭州)信息技术有限公司 Data query method and device based on searchable encryption technology

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927357A (en) * 2014-04-15 2014-07-16 上海新炬网络技术有限公司 Data encryption and retrieval method for database
CN106446196A (en) * 2016-09-29 2017-02-22 北京许继电气有限公司 Self-controllable database data encryption retrieval method and system based on random salt
CN110933108A (en) * 2019-09-26 2020-03-27 腾讯科技(深圳)有限公司 Data processing method and device based on block chain network, electronic equipment and storage medium
CN113434555A (en) * 2021-07-09 2021-09-24 支付宝(杭州)信息技术有限公司 Data query method and device based on searchable encryption technology

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115033925A (en) * 2022-08-11 2022-09-09 三未信安科技股份有限公司 Database security retrieval method
CN115033925B (en) * 2022-08-11 2022-10-28 三未信安科技股份有限公司 Database security retrieval method
CN115544498A (en) * 2022-11-24 2022-12-30 华控清交信息科技(北京)有限公司 Ciphertext data visual monitoring method and device and electronic equipment

Similar Documents

Publication Publication Date Title
US12212666B2 (en) Cryptographic key generation for logically sharded data stores
AU2018367363B2 (en) Processing data queries in a logically sharded data store
US12045361B1 (en) Methods and apparatus for encrypted indexing and searching encrypted data
CN110689349B (en) Method and device for storing and searching transaction hash value in blockchain
US10275611B1 (en) Methods and apparatus for sharing and searching encrypted data
CN112800445B (en) Boolean query method for forward and backward security and verifiability of ciphertext data
CN109361644B (en) Fuzzy attribute based encryption method supporting rapid search and decryption
CA3065767C (en) Cryptographic key generation for logically sharded data stores
US8769302B2 (en) Encrypting data and characterization data that describes valid contents of a column
CN114564735A (en) Database encryption and complete matching retrieval system
CN106778292B (en) A kind of quick restoring method of Word encrypted document
US11455404B2 (en) Deduplication in a trusted execution environment
Ahmad et al. Convergent encryption enabled secure data deduplication algorithm for cloud environment
Sun et al. Research of data security model in cloud computing platform for SMEs
CN115694921A (en) Data storage method, device and medium
Xie et al. Assured Deletion: A Scheme Based on Strong Nonseparability
CN119089479B (en) Space database encryption method, equipment and medium
Aslam et al. Data deduplication with encrypted big data management in cloud computing
Yong-Xia The technology of database encryption
CN119311644A (en) A homomorphic encryption ciphertext retrieval method and system based on hardware encryption card
CN118886029A (en) A method and device for splitting encryption and ciphertext retrieval of sensitive data
CN117033466A (en) Encryption query method, device, storage medium and apparatus
CN116127498A (en) Multi-keyword searchable encryption method capable of verifying ciphertext search result
Rezapour et al. Efficient common prefix search on encrypted data as an additional service on the top of the storage providers
CN116628739A (en) File retrieval method based on privacy protection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination