[go: up one dir, main page]

CN119089479B - Space database encryption method, equipment and medium - Google Patents

Space database encryption method, equipment and medium Download PDF

Info

Publication number
CN119089479B
CN119089479B CN202411546965.0A CN202411546965A CN119089479B CN 119089479 B CN119089479 B CN 119089479B CN 202411546965 A CN202411546965 A CN 202411546965A CN 119089479 B CN119089479 B CN 119089479B
Authority
CN
China
Prior art keywords
sequence
wkb
encryption
point
byte
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202411546965.0A
Other languages
Chinese (zh)
Other versions
CN119089479A (en
Inventor
马照亭
樊泽宇
赵园春
方驰宇
王旭
刘勇
马小龙
王柳
雍琦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chinese Academy of Surveying and Mapping
Original Assignee
Chinese Academy of Surveying and Mapping
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chinese Academy of Surveying and Mapping filed Critical Chinese Academy of Surveying and Mapping
Priority to CN202411546965.0A priority Critical patent/CN119089479B/en
Publication of CN119089479A publication Critical patent/CN119089479A/en
Application granted granted Critical
Publication of CN119089479B publication Critical patent/CN119089479B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a space database encryption method, equipment and medium, and relates to the technical field of space databases. The method mainly comprises the steps of adopting a ciphertext block linking mode of an SM4 algorithm, generating a coordinate ciphertext sequence according to a coordinate sequence to be encrypted, adopting an SM3 algorithm, generating a summary value according to a binary sequence of a WKB space field, recombining the coordinate ciphertext sequence and the summary value according to encryption expansion WKB structures corresponding to different geometric types, generating a geometric object ciphertext sequence, adopting a sequence preserving encryption algorithm, generating a space index according to a minimum circumscribed rectangular object, storing the space index into a newly built index field in a space database table, and storing the geometric object ciphertext sequence into the space field of the space database table. The application can ensure the safety of the space data and simultaneously affect the usability and the use efficiency of the space database as little as possible.

Description

Space database encryption method, equipment and medium
Technical Field
The present application relates to the field of spatial database technologies, and in particular, to a spatial database encryption method, device, and medium.
Background
The geospatial data is used as a carrier for supporting information such as socioeconomic performance, resource environment, ecological civilization and the like, and is an important work result for mapping geographic information enterprises. With the advancement of informatization process and the upgrading and upgrading of mapping equipment, the precision and the dimension of the geospatial data are continuously increased, the form is continuously enriched, and the data value of the geospatial data serving as digital assets is also higher and higher. However, the popularity and popularity of this trend is also facing a series of data security risks while introducing opportunities. In this context, how to guarantee data security in data processing activities becomes one of the important factors restricting geospatial data effort application and the development of the geographic information industry.
Commercial cryptographic techniques include symmetric cryptographic algorithms for data confidentiality protection, asymmetric (public key) cryptographic algorithms, and hash algorithms for data integrity verification. Common symmetric cryptographic algorithms mainly include block cryptographic algorithms such as advanced encryption standard (Advanced Encryption Standard, AES), commercial cryptographic Algorithm version 4 (Commercial Cryptographic Algorithm SM, SM 4), etc., and stream cryptographic algorithms such as the progenitor Algorithm, etc., public key cryptographic algorithms mainly include elliptic curve cryptography (Elliptic Curve Cryptography, ECC), commercial cryptographic Algorithm version 2 (Commercial Cryptographic Algorithm SM, SM 2), commercial cryptographic Algorithm version 9 (Commercial Cryptographic Algorithm SM, SM 9), etc., and hash algorithms mainly include message digest Algorithm version 5 (MESSAGE DIGEST Algorithm 5, md5), commercial cryptographic Algorithm version 3 (Commercial Cryptographic Algorithm SM, SM 3), etc. The block cipher efficiency is high, and the block cipher can be used for various data encryption scenes, and is the most common cipher technology for encrypting vector data. However, when the confidentiality of vector data is protected by using a commercial cryptographic technique, the encryption and decryption efficiency problem caused by the black box type and coarse granularity encryption mode is one of reasons for preventing the wide application of the password in the field of mapping geographic information due to the characteristics of huge data volume, complex data structure and the like of geographic space data.
Different from important business data in the industries of finance, electric power and the like, the geospatial data has the characteristics of huge scale, high complexity, strong timeliness and the like, so that a general password application strategy is difficult to directly apply when the geospatial data is encrypted and controlled. The current encryption technology method considering the structural characteristics of the vector objects is mostly biased to the spatial data files, and the research on the fine granularity encryption method of the spatial database is relatively less. Although spatial databases are widely used in various scenes, the encryption method still has some problems to be solved. For example, when the commercial cryptographic algorithm is directly applied to vector data encryption, the original data structure is destroyed, the access control granularity is thicker, the efficiency and the flexibility are lower, after the commercial cryptographic algorithm is directly adopted to encrypt vector fields in a space database, ciphertext fields cannot maintain the original space data structure and space field coding standards, so that the situation that data items cannot be stored is caused, after the space fields in a large amount of space databases are encrypted, the whole database or data table is required to be decrypted when space retrieval is carried out, and the whole decryption operation inevitably reduces the retrieval efficiency greatly. In these cases, encryption has a non-negligible effect on the structure and retrieval of space, and the occurrence of these problems means that the trade-off between security, usability and efficiency of use needs to be emphasized in the formulation of the encryption scheme.
Disclosure of Invention
The application aims to provide a space database encryption method, equipment and medium, which can ensure the safety of space data and simultaneously influence the usability and the use efficiency of the space database as little as possible.
In order to achieve the above object, the present application provides the following.
The space database encryption method comprises the steps of obtaining space data to be processed, extracting a WKB space field binary sequence, analyzing the WKB space field binary sequence, extracting a geometric type, a minimum circumscribed rectangular object and a coordinate sequence to be encrypted, generating a coordinate ciphertext sequence according to the coordinate sequence to be encrypted by adopting a ciphertext grouping link mode of an SM4 algorithm, generating abstract values according to the WKB space field binary sequence by adopting an SM3 algorithm, recombining the coordinate ciphertext sequence and the abstract values according to encryption expansion WKB structures corresponding to different geometric types to generate a geometric object ciphertext sequence, generating a space index according to the minimum circumscribed rectangular object by adopting a sequence preserving encryption algorithm, storing the space index into a newly built index field in a space database table, and storing the geometric object ciphertext sequence into the space field of the space database table.
The method comprises the steps of submitting a key generation request to a key management system, calling a server cipher machine by the key management system to generate a 128-bit symmetric key as a main key, dividing the main key into 4 32-bit words, generating a round key of each round through iterative application of a key expansion algorithm and a round constant to serve as a sub-key, taking a 128-bit binary code coordinate pair of each point element in the coordinate sequence to be encrypted as an encryption group, performing exclusive OR operation on the encryption group corresponding to each point element and a target vector respectively, and performing iterative round transformation operation by adopting a 32-round nonlinear iterative structure based on the sub-key to generate a 128-bit ciphertext corresponding to each point element, wherein a target vector corresponding to a first point element is an initial vector, and a target vector corresponding to a residual point element is a 128-bit ciphertext corresponding to a previous point element.
Optionally, an SM3 algorithm is adopted to generate a digest value according to the WKB space field binary sequence, wherein the method comprises the steps of grouping the WKB space field binary sequence by taking 512 bits as a group, filling the grouping with less than 512 bits to obtain 512-bit calculation groups, initializing 256-bit parameters, and carrying out iterative compression operation on the 512-bit calculation groups and the 256-bit parameters to generate 256-bit hash values as the digest value.
Optionally, a sequence-preserving encryption algorithm is adopted, and a spatial index is generated according to the minimum circumscribed rectangular object, wherein the method comprises the steps of converting the minimum circumscribed rectangular object into a WKT format, extracting corner coordinates of the minimum circumscribed rectangular object in the WKT format, carrying out sequence-preserving encryption on the corner coordinates to obtain an encrypted minimum circumscribed rectangular object, and recombining the encrypted minimum circumscribed rectangular object in the WKB format to generate the spatial index.
Optionally, the geometric type comprises points, multiple points, lines, multiple lines, polygons and multiple polygons, the multiple polygons comprise multiple polygons, the polygon comprises at least one ring, the multiple lines comprise multiple lines, the ring, the lines and the multiple points are all composed of multiple point coordinate sequences, the point coordinate sequences of the rings are connected end to end, the geometric type is expressed in a WKB structure in the form of object codes, the point object codes are 1, the multiple point object codes are 4, the line object codes are 2, the multiple line object codes are 5, the polygon object codes are 3, and the multiple polygon object codes are 6.
The encryption expansion WKB structure of the point sequentially comprises a byte sequence of 1 byte, a multi-point object code of 4 bytes, the point number of 4 bytes, a ciphertext sequence corresponding to the point object WKB code, block encryption padding, an SM3 hash value a and an SM3 hash value b.
The multi-point encryption expansion WKB structure sequentially comprises a 1-byte sequence, a 4-byte multi-point object code, a 4-byte point number +3, a ciphertext sequence corresponding to the point object WKB code, a block encryption pad, an SM3 hash value a and an SM3 hash value b, wherein coordinates in the point object WKB code represent single point coordinates.
The encryption extension WKB structure of the line sequentially comprises a 1-byte order, a 4-byte line object code, a 4-byte point number num+3, a 16 Xnum byte ciphertext sequence, a 16-byte block encryption pad and a 32-byte SM3 hash value.
The multi-line encryption expansion WKB structure sequentially comprises a 1-byte sequence, a 4-byte multi-line object code, a 4-byte line number +1, a ciphertext sequence corresponding to the line object WKB code, a 1-byte sequence, a 4-byte line object code, a 4-byte point number, a 16-byte block encryption pad and a 32-byte SM3 hash value, wherein a coordinate sequence in the line object WKB code represents a plurality of point coordinates forming a line.
The encryption expansion WKB structure of the polygon sequentially comprises a byte order of 1 byte, a polygon object code of 4 bytes, a ring number of 4 bytes+1, a cipher text sequence of a plurality of groups of 4-byte point numbers numi and 16× numi bytes, a point number num0 of 4 bytes, a group encryption pad of 16 bytes and an SM3 hash value of 32 bytes.
The encryption expansion WKB structure of the multi-polygon sequentially comprises a 1-byte sequence, a 4-byte multi-polygon object code, a 4-byte polygon number +1, a ciphertext sequence corresponding to the polygon object WKB code, block encryption filling and SM3 hash values, wherein a coordinate sequence in the polygon object WKB code represents a plurality of point coordinates forming a polygon.
The SM3 hash value is the digest value, and the SM3 hash value a and the SM3 hash value b are obtained by decomposing the SM3 hash value.
The round transformation operation is realized by adopting a round transformation function, the round transformation function is composed of an exclusive-or operation unit, a nonlinear transformation unit and a linear transformation unit, the exclusive-or operation unit is used for carrying out exclusive-or operation on words participating in the operation and corresponding subkeys, the nonlinear transformation unit is composed of 4 parallel S boxes, the S boxes replace the words participating in the operation in units of bytes, the linear transformation unit is used for carrying out linear transformation on the words generated after the S boxes are replaced, and the linear transformation comprises shift operation and exclusive-or operation.
Optionally, obtaining the spatial data to be processed and extracting the WKB spatial field binary sequence includes parsing the structured query language statement sent by the client to obtain the spatial data to be processed and extracting the WKB spatial field binary sequence.
Optionally, storing the geometric object ciphertext sequence to a space field of a space database table comprises rewriting the structured query language statement according to the geometric object ciphertext sequence to store the geometric object ciphertext sequence to a space field of a space database table.
In a second aspect, the application provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor executing the computer program to implement the spatial database encryption method.
In a third aspect, the present application provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the spatial database encryption method.
According to the specific embodiment of the application, the space database encryption method, equipment and medium have the following technical effects that a cipher text grouping link mode of an SM4 algorithm is adopted, a coordinate cipher text sequence is generated according to a coordinate sequence to be encrypted, an SM3 algorithm is adopted, a summary value is generated according to a WKB space field binary sequence, and a WKB structure is expanded according to encryption corresponding to different geometric types, the coordinate cipher text sequence and the summary value are recombined to generate a geometric object cipher text sequence, the process can store more byte information in the space structure by extracting the coordinate sequence in the space field structure and conducting grouping encryption in a mode of increasing the number of nodes of the geometric object, the influence of cipher text expansion such as grouping filling encryption, hash value recording and the like on the space structure is solved, the space data security is ensured, the usability and applicability are improved, the number of encrypted groups is reduced, the encryption efficiency is improved, in addition, a sequence-preserving encryption algorithm is adopted, a space index is generated according to a minimum external rectangular object, and the space index is stored in a newly-built index field, and the space search operation efficiency is improved on the premise that the space index or space data is not required to be decrypted. Therefore, the space database encryption method, the space database encryption equipment and the space database encryption medium can ensure the safety of space data and simultaneously influence the availability and the use efficiency of the space database as little as possible.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a spatial database encryption method provided by the application.
Fig. 2 is a detailed flowchart of the spatial database encryption method provided by the application.
Fig. 3 is a schematic diagram of a structure of a point object WKB provided in the present application.
Fig. 4 is a schematic structural diagram of a point object EEWKB according to the present application.
Fig. 5 is a schematic diagram of a structure of a multi-point object WKB according to the present application.
Fig. 6 is a schematic structural diagram of a multipoint object EEWKB according to the present application.
Fig. 7 is a schematic diagram of a line object WKB structure provided in the present application.
Fig. 8 is a schematic structural diagram of a line object EEWKB according to the present application.
Fig. 9 is a schematic diagram of a multi-line object WKB structure provided by the present application.
Fig. 10 is a schematic structural diagram of a multi-line object EEWKB provided in the present application.
FIG. 11 is a schematic diagram of a structure of a polygonal object WKB according to the present application.
Fig. 12 is a schematic structural diagram of a polygonal object EEWKB according to the present application.
FIG. 13 is a diagram illustrating a structure of a multi-polygon object WKB according to the present application.
Fig. 14 is a schematic structural diagram of a multiple polygon object EEWKB according to the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In the spatial database, the existence form of the vector geographic spatial data comprises a spatial field for expressing geometric objects, an attribute field and an index field for improving the efficiency of spatial query. Wherein the space field of the geometric object describes the geometric characteristics of a geographic entity (such as a point, a line, a polygon, etc.) and is used for representing various space elements on a map, such as traffic lights, buildings, roads, rivers, etc. The index field is usually automatically generated when the space field is put in storage, and is mainly used for improving the query efficiency of massive space data, and when the space field in the space database is modified, the space index is usually changed.
At present, geometric objects of a spatial database are stored in spatial fields of a data table in a canonical coded form. When the geometric object is encrypted, the encoding form of the geometric object is changed and cannot be normally stored in the space field. And the space database is fully encrypted or a certain data table of the space database is fully encrypted, so that the encryption data is wasted, and the query and retrieval efficiency of the space database is greatly reduced. Therefore, the application provides a space database encryption method, equipment and medium, which take the structural characteristics of vector objects into consideration, realize the efficient encryption of the space database, and can ensure the safety of the space data and influence the availability and the use efficiency of the space database as little as possible.
In order that the above-recited objects, features and advantages of the present application will become more readily apparent, a more particular description of the application will be rendered by reference to the appended drawings and appended detailed description.
In an exemplary embodiment, the present application provides a spatial database encryption method, which is executed by a computer device, specifically, may be executed by a computer device such as a terminal or a server, or may be executed by the terminal and the server together, and in an embodiment of the present application, as shown in fig. 1 and fig. 2, the method includes the following steps 1 to 8.
Step 1, acquiring space data to be processed, and extracting a binary sequence of a WKB space field.
And analyzing a structured query language (Structured Query Language, SQL) statement (such as spatial data warehouse entry, data update and the like) sent by the client to acquire spatial data to be processed, and extracting a WKB spatial field binary sequence.
The WKB (Well-Known Binary) is a data specification proposed by the open geospatial information alliance (Open Geospatial Consortium, OGC), which specifies the organization of coordinate sequences corresponding to different geometric objects, and analyzes the data according to the data format required by the specification.
And 2, analyzing the binary sequence of the WKB space field, and extracting the geometric type, the minimum circumscribed rectangle (Minimum Bounding Rectangle, MBR) object and the coordinate sequence to be encrypted.
Extracting the spatial field coordinate sequence and encrypting only it is critical to achieve efficient encryption of the database. Spatial databases typically store spatial objects in the WKB format. The WKB mainly relates to two numerical types, namely a type 32 which occupies 4 bytes and is used for storing information such as node number, geometric type and the like, and a type double which occupies 8 bytes and is used for storing node coordinate values. The encoded composition of WKB expression space objects typically includes byte order, geometry type, node number, and coordinate sequence. The byte sequence refers to the arrangement sequence of multi-byte data in the process of computer storage or transmission, and generally comprises a big end sequence and a small end sequence, wherein the geometric type defines the types of specific geometric objects represented, such as points, lines, planes and the like, the node number is used for expressing the number of nodes required for forming the space object, and the coordinate sequence is in a binary coding form of the position coordinates of each node. By analyzing the binary sequence of the WKB space field, the whole space field coordinate sequence can be extracted and expressed as a binary sequence formed by a plurality of point element coordinates.
And 3, generating a coordinate ciphertext sequence according to the coordinate sequence to be encrypted by adopting a ciphertext block chaining (Cipher Block Chaining, CBC) mode of the SM4 algorithm.
The coordinate sequence extracted in step 2 is composed of a plurality of dot element coordinates, each dot being represented as an 8-byte X coordinate and an 8-byte Y coordinate, constituting a 128-bit (8-bit per byte) binary sequence. The method takes 128-bit binary coded coordinate pairs of each point element as an encryption packet, and encrypts the encryption packet by adopting an SM4-CBC mode, and the specific steps are as follows.
And 3.1, symmetric key generation. And submitting a key generation request to a key management system, and calling a server cipher machine to generate a 128-bit symmetric key as a master key by the key management system.
Step 3.2, key expansion. Dividing the main key into 4 words with 32 bits, and generating a round key of each round as a sub-key by iteratively applying a key expansion algorithm and a round constant. The key expansion algorithm of SM4 includes round constant addition, byte substitution, linear transformation, and the like for each 32-bit word.
And 3.3, a coordinate sequence block encryption and ciphertext block link mode. And performing exclusive OR operation on the encryption group corresponding to each point element and the target vector respectively, performing iterative round transformation operation by adopting a 32-round nonlinear iterative structure based on the subkey to generate 128-bit ciphertext corresponding to each point element, wherein the 128-bit ciphertext corresponding to all the point elements forms a coordinate ciphertext sequence. The target vector corresponding to the first point element is an initial vector, and the target vector corresponding to the remaining point elements is 128-bit ciphertext corresponding to the previous point element.
The round transformation operation is realized by adopting a round transformation function, and the round transformation function consists of an exclusive OR operation unit, a nonlinear transformation unit and a linear transformation unit. The exclusive-or operation unit performs exclusive-or operation on the word participating in the operation and the corresponding subkey. The nonlinear transformation unit is composed of 4 parallel S boxes (Substitution-boxes), wherein the S boxes are tables which are replaced by bytes and are used for replacing words participating in operation. The linear transformation unit performs linear transformation on the word generated after the S-box substitution, and the linear transformation includes a shift operation and an exclusive-or operation.
In SM4-CBC mode, the plaintext of each packet is xored with the ciphertext of the previous packet before being encrypted by SM4, and the first packet is xored with a randomly generated initial vector. For example, for a geometric object composed of 4 point elements, the coordinate sequence is extracted and then divided into 4 encryption groups, and the encryption process of the SM4-CBC mode of the coordinate sequence is that 1) the encryption group composed of the first point element coordinate is firstly subjected to exclusive OR operation with an initial vector, the generated 128-bit sequence is input into an SM4 encryption module for encryption and a 128-bit ciphertext sequence is output, 2) the second point element coordinate is firstly subjected to exclusive OR operation with the 128-bit ciphertext generated by the previous operation and then is input into the SM4 encryption module for encryption, and 3) for the subsequent point element coordinate, the encryption flow of each plaintext block is the same as that of the previous operation, and the process is repeatedly performed on each plaintext block.
And 4, generating a digest value according to the binary sequence of the WKB space field by adopting an SM3 algorithm.
The digest value is used to implement integrity protection for the space field, generated by the WKB field of the space object. The specific procedure for generating the digest value is as follows.
And 4.1, grouping the WKB space field binary sequence by taking 512 bits as a group, and filling the grouping with less than 512 bits to obtain a 512-bit calculation grouping.
Wherein the padding operation is implemented by adding padding bits, zero bits, and length information, including 1) adding a "1" bit, 2) adding zero bits until the data length satisfies the condition (i.e., length modulo 512 equals 448), 3) adding a 64-bit length field representing the bit length of the original message.
Initializing 256-bit parameters, and carrying out iterative compression operation on the 512-bit calculation packet and the 256-bit parameters to generate 256-bit hash values serving as digest values.
And 5, recombining the coordinate ciphertext sequence and the abstract value according to encryption expansion WKB (ENCRYPTED EXTENDED WKB, EEWKB) structures corresponding to different geometric types to generate a geometric object ciphertext sequence.
In order to meet the constraint of the database on the space field structure, the ciphertext coordinate sequence and the abstract value generated by encryption need to be reorganized according to the space data structure after encryption processing. For different geometric types of WKB coding formats, corresponding encryption expansion methods, namely EEWKB, are respectively provided. The encryption expansion method enables the space field of the database to allow more bytes to be stored by increasing the number of geometric element nodes. The structure of WKB and EEWKB for a common geometry is as follows.
The geometric types include points, multi-points, lines, multi-lines, polygons, and multiple polygons. The multiple polygon comprises a plurality of polygons, the polygon comprises at least one ring, the multiple lines comprise a plurality of lines, the rings, the lines and the multiple points are all formed by a plurality of point coordinate sequences, the point coordinate sequences of the rings are connected end to end, the geometric type is expressed in a WKB structure in the form of object codes, the point object codes are 1, the multiple point object codes are 4, the line object codes are 2, the multiple line object codes are 5, the polygon object codes are 3, and the multiple polygon object codes are 6.
(1) Point POINT.
The geometric type code of POINT in WKB is 1, and its basic structure includes byte order, geometric type (POINT object code), and coordinates (X-coordinate and Y-coordinate). The space field of the POINT type represents a single POINT object, so the coordinates in its WKB are only the coordinate pairs of a single POINT. The WKB structure of POINT is shown in FIG. 3.
Since the packet encryption algorithm requires that the length of the incoming data must be an integer multiple of the packet length, when the data does not meet this requirement, additional bytes must be added to meet the length requirement, this portion of the additional bytes being called padding. In EEWKB, ciphertext expansion from padding and hash fields is considered. The structure of the POINT element allows only a single POINT coordinate to be stored, and thus in the encryption extension structure of POINT, object encoding needs to be modified to MULTIPOINT with the number of POINTs of 1+3=4, thereby storing hash values with added nodes and packet encryption padding. The EEWKB structure of POINT is shown in fig. 4. The cipher text sequence, the packet encryption padding, the SM3 hash value a and the SM3 hash value b are all formed by replacing 16 byte sequences to coordinate positions of the POINT corresponding to WKB, the SM3 hash value a and the SM3 hash value b are two 16 byte parts split by 32 byte SM3 hash values, and the 32 byte SM3 hash value is a digest value.
As shown in fig. 4, the encrypted extension WKB structure of the dots sequentially includes a byte order of 1 byte, a multi-point object encoding of 4 bytes, a dot number (4) of 4 bytes, and a ciphertext sequence corresponding to the WKB encoding of the dot object (i.e., dot element), a block encryption pad, an SM3 hash value a, and an SM3 hash value b.
(2) Multiple points MULTIPOINT.
MULTIPOINT the geometric type code in WKB is 4, and its basic structure includes byte order, geometric type (multi-point object code), number of points, and coordinate sequence (point sequence). The WKB structure of MULTIPOINT is seen in fig. 5.
Similar to the encryption extension of POINT, the EEWKB structure of MULTIPOINT is shown in fig. 6.
As shown in FIG. 6, the multi-point encryption extension WKB structure sequentially comprises a 1-byte sequence, a 4-byte multi-point object code, a 4-byte point number +3, a ciphertext sequence corresponding to the point object WKB code, a block encryption pad, an SM3 hash value a and an SM3 hash value b, wherein coordinates in the point object WKB code represent single point coordinates.
(3) Line LINESTRING.
LINESTRING the geometric type code in WKB is 2, and its basic structure includes byte order, geometric type (line object code), number of points and coordinate sequence (X1 coordinate, Y1 coordinate, X2 coordinate, Y2 coordinate, etc.). A LINESTRING type of spatial field represents a single line element (i.e., line object) whose sequence of coordinates stored in WKB is a plurality of point coordinates that make up the line. The WKB structure of LINESTRING is seen in fig. 7.
For LINESTRING, only 3 nodes need to be added to the data structure to store more bytes of information. LINESTRING to EEWKB is shown in fig. 8.
As shown in fig. 8, the encryption extension WKB structure of the line sequentially includes a byte order of 1 byte, a line object code of 4 bytes, a point number num+3 of 4 bytes, a ciphertext sequence of 16×num bytes, a block encryption pad of 16 bytes, and an SM3 hash value of 32 bytes.
(4) Multiline MULTILINESTRING.
MULTILINESTRING the geometry type code in the WKB is 5, its basic structure includes the endian, geometry type (multi-line object code), line number and WKB code (line object sequence) of each line organized by LINSTRING, the WKB structure of MULTILINESTRING is seen in fig. 9.
In the encryption extension structure of MULTILINESTRING, a separate LINSTRING object needs to be defined to store an extension field, where the ciphertext sequence is the ciphertext generated by encrypting and replacing only the sequence of the coordinates for the original LINESTRING _wkb (line object WKB). MULTILINESTRING is shown in fig. 10 for EEWKB structure. MULTILINESTRING is formed by combining a plurality of LINESTRING structures, in the data encryption structure, a ciphertext sequence represents ciphertext generated by encrypting and replacing only a coordinate sequence, and the ciphertext expansion is stored (the part after LINESTRING _WKB in the structure) by newly defining a line element, so that the line number is +1, the ciphertext filling occupies 48 bytes, and the point number is=3.
As shown in FIG. 10, the multi-line encryption extension WKB structure sequentially comprises a 1-byte order, 4-byte multi-line object codes, 4-byte line number +1, a ciphertext sequence corresponding to the line object WKB codes, 1-byte order, 4-byte line object codes, 4-byte point number (3), 16-byte block encryption padding and 32-byte SM3 hash values, wherein a coordinate sequence in the line object WKB codes represents a plurality of point coordinates forming a line.
(5) Polygonal POLYGON.
POLYGON the geometric type code in WKB is 3, and its basic structure includes byte order, geometric type (polygon object code), number of rings, number of points corresponding to each ring, and coordinate sequence. The geometry type expresses only a single polygonal geometry object, which may contain a plurality of rings, each consisting of a plurality of sequences of point coordinates. The WKB structure of POLYGON is seen in fig. 11.
POLYGON expresses the planar geographic entity through the number of the points corresponding to each ring and the coordinate sequence of the points, and when encrypting the planar geographic entity, the encryption expansion mode enables the WKB to store more bytes by increasing the number of 1 ring. POLYGON to EEWKB is shown in fig. 12.
Unlike the LINESTRING coordinate sequence, POLYGON requires that the closure of the geometric object is guaranteed, so that the starting point coordinates of the coordinate sequence should be guaranteed to be the same as the ending point coordinates, and the processing of the corresponding ciphertext should also be guaranteed to be the same. In the CBC block encryption mode, the same plaintext block encrypted at the same time has different corresponding encrypted ciphertext results, and the closing of the point element ciphertext sequence constituting the face cannot be ensured. Therefore, it is necessary to ensure that the starting ciphertext sequence is identical to the ending point in the coordinate extraction and reassembly data format. The processing procedure is that 1) the number of points of the ith ring is numi, the (numi-1) multiplied by 16 byte sequence is extracted from the ith ring, 2) the extracted coordinate sequence is encrypted, the ciphertext sequence C 0 is output, the coordinate sequence C and the last grouping sequence P containing filling are separated from the C 0, 3) when the coordinates are recombined, the (numi-1) multiplied by 16 byte sequence intercepted from the C is added after the number of points numi in sequence, the intercepted first 16 bytes are added to the end of the sequence, 4) the step 3) is repeated until the sequence C is completely extracted, and the hash values of the sequence P and the SM3 are added to the end of the sequence.
As shown in fig. 12, the encryption extension WKB structure of the polygon sequentially includes a 1-byte endian, a 4-byte polygon object code, a 4-byte ring number rings+1, a number of 4-byte point numbers numi and a 16× numi-byte ciphertext sequence, a 4-byte point number num0, a 16-byte block encryption pad, and a 32-byte SM3 hash value.
(6) Multiple polygons MULTIPOLYGON.
MULTIPOLYGON the geometry type code in the WKB is 6, its basic structure includes the endian, geometry type (multiple polygon object code), number of polygons, and WKB code (polygon sequence) with each polygon organized by POLYGON. The WKB structure of MULTIPOLYGON is shown in fig. 13.
Similar to the cryptographic extension structure of MULTILINESTRING, in the cryptographic extension structure of MULTIPOLYGON, a separate POLYGON object needs to be defined to store the extension field. In contrast, the storage of POLYGON _wkb (polygon object WKB) of the extension field needs to ensure the closure of POLYGON objects, so that a block encryption padding part needs to be added to the end of the sequence, and the ciphertext sequence is ciphertext generated by encrypting and replacing only the sequence of coordinates for the original POLYGON _wkb. MULTIPOLYGON to EEWKB is shown in fig. 14.
As shown in FIG. 14, the encryption extension WKB structure of the multiple polygons sequentially comprises a 1-byte order, a 4-byte multiple polygon object code, a 4-byte polygon number +1, a ciphertext sequence corresponding to the polygon object WKB code, a block encryption pad and an SM3 hash value, wherein the coordinate sequence in the polygon object WKB code represents a plurality of point coordinates forming a polygon.
And 6, generating a spatial index according to the minimum circumscribed rectangular object by adopting a sequence-preserving encryption algorithm.
The encryption method proposed in step 3-5 is encryption of the spatial data itself. When the space data is encrypted, the index field is also automatically updated according to the encrypted ciphertext content, and the space database usually uses the space index when executing the range query, but the index is destroyed due to encryption. The common spatial index of the database, such as R-tree and its variants, has leaf nodes that typically contain circumscribed rectangles of geometric objects. The application maintains the normal use of the database space retrieval function by creating the index field before the database is encrypted. The order-preserving encryption flow based on the vector object space index is as follows.
And 6.1, converting the minimum circumscribed rectangular object into a WKT format, and extracting corner coordinates of the minimum circumscribed rectangular object in the WKT format.
And 6.2, performing order-preserving encryption on the corner coordinates to obtain an encrypted minimum circumscribed rectangular object.
And 6.3, reorganizing the encrypted minimum circumscribed rectangular object in a WKB format to generate a spatial index.
Wherein WKT (Well-Known Text) is a text markup language formulated for OGC and is used for representing vector geometric objects, space reference systems and transitions between space reference systems. WKB is a binary representation form of WKT, solves the problem of redundancy of the WKT expression mode, and is convenient for transmitting and storing the same information in a database.
And 7, storing the spatial index into an index field newly built in a spatial database table.
The Encryption process comprises 1) establishing an mbr index field in a space database table, 2) reading a WKB sequence A_ WKB of a geometric object A, calculating an external rectangle A_mbr of the geometric object A to form a polygon coordinate pair series, 3) converting the A_mbr into a WKT format, extracting corner coordinates, encrypting by adopting an Order-preserving Encryption (OPE) algorithm, reorganizing the encrypted coordinate points into the WKB format and storing the WKB index field, and storing an Encryption key in an Encryption key table key_table.
Correspondingly, the space inquiry and decryption flow comprises 1) intercepting a search SQL sentence and extracting a search rectangle M, wherein the search rectangle M is usually represented as point coordinates (such as upper left and lower right) of two opposite angles of the rectangle, 2) calling an encryption key table key_table of an OPE algorithm, encrypting the M corner coordinates in a sequence preserving manner, and reorganizing the encrypted coordinates into a space rectangle M ', 3) taking M' as a search rectangle, taking an mbr field as a searched field, and rewriting the search SQL sentence, 4) restoring an initial ciphertext sequence according to the inverse process of the encryption process in the steps 1-5 by searching the unique value id of the record corresponding to the ciphertext space field, and carrying out integrity verification and calling symmetric key decryption.
And 8, storing the geometrical object ciphertext sequence into a space field of a space database table.
And rewriting the SQL sentence according to the geometrical object ciphertext sequence to store the geometrical object ciphertext sequence, namely EEWKB encrypted data, into a space field of a space database table.
On the basis of deeply analyzing the structural characteristics of the vector object, the application deeply fuses the commercial cryptographic algorithm with the structural characteristics of the space field, and provides an encryption method capable of considering the structural characteristics of the data of the space field of the vector object based on the SM4-CBC mode, so that the encryption calculation process of other unnecessary data except the geometric characteristics is reduced, the encryption efficiency is improved, and the problems of low encryption efficiency and space field data structure destruction in the traditional mode are solved. In addition, aiming at the problem of low efficiency of the range query of the ciphertext space database, a space index-based order-preserving encryption scheme is provided, and the safe and efficient range query of the space field is realized. Compared with the prior art, the application has the following advantages.
(1) The confidentiality and the integrity of the space field of the database are guaranteed, and compared with the traditional method, the method is more available and applicable.
Under the traditional method, the encryption method aiming at the spatial database generally encrypts the database body and the data table integrally, and has low encryption and decryption efficiency and inconvenient database operation. In order to improve encryption and decryption efficiency, there is also a method of directly converting geometric object data in a space field into a binary sequence for encryption processing. However, in the whole encryption process of the space field, the encryption operation will destroy the data structure, and the ciphertext field without the canonical structure cannot be stored into the data item because of the strict data structure constraint of the space database on the space field. Thus, current commercial cryptography products either suffer from inefficiency, inconvenience of operation due to overall encryption, or do not support encryption of database space fields.
In order to solve the dilemma of data structure destruction and incapability of storing data items caused by the traditional encryption mode, the application provides an encryption expansion structure-EEWKB of WKB. The coordinate sequences in the space field structure are extracted and grouped, and more byte information can be stored in the space structure by adopting a mode of increasing the number of geometric object nodes, so that the influence of ciphertext expansion such as block filling encryption, hash value recording and the like on the space structure is solved, and compared with the traditional commercial password encryption method, the method has the advantages of availability and applicability.
(2) The method has higher efficiency in geometric object encryption and space retrieval compared with the traditional encryption scheme.
In terms of data encryption efficiency, when a database is encrypted in a whole library or a whole table by a traditional commercial encryption method, a great amount of unnecessary redundancy exists in encryption operation. In contrast, the encryption method provided by the application reduces the number of encrypted packets by extracting the coordinate sequence in the space field and encrypting only the sequence, thus being more superior in encryption efficiency.
In terms of data retrieval efficiency, in a database environment with spatial expansion capability, when a spatial field is modified and restored, its spatial index will change accordingly. Thus, the spatial index when protecting data using conventional encryption methods will lose its availability. The traditional database searching scheme is to decrypt the whole data table field into the memory and then search the data content. Due to the huge volume of vector data, the whole table has long decryption time, and the efficiency is very low when only a small number of local geometric objects are queried. The space index-based order-preserving encryption method provided by the application can execute space inquiry operation on the premise of not decrypting space indexes or space data, and only performs decryption operation on space data records searched and inquired according to space positions, so that the search efficiency is obviously improved.
In an exemplary embodiment, the application also provides a computer device, including a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the method embodiments described above when the processor executes the computer program.
In an exemplary embodiment, the application also provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
In an exemplary embodiment, the application also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
In the present application, all the actions of obtaining signals, information or data are performed under the premise of conforming to the corresponding data protection regulation policy of the country of the location and obtaining the authorization given by the owner of the corresponding device. It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are both information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data are required to meet the related legal requirements.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (RESISTIVE RANDOM ACCESS MEMORY, reRAM), magneto-resistive Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (PHASE CHANGE Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc.
The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The principles and embodiments of the present application have been described herein with reference to specific examples, which are intended to facilitate an understanding of the principles and concepts of the application and are to be varied in scope and detail by persons of ordinary skill in the art based on the teachings herein. In view of the foregoing, this description should not be construed as limiting the application.

Claims (9)

1. A method for encrypting a spatial database, comprising:
acquiring space data to be processed, and extracting a binary sequence of a WKB space field;
Analyzing the binary sequence of the WKB space field, and extracting a geometric type, a minimum circumscribed rectangular object and a coordinate sequence to be encrypted;
A ciphertext block link mode of an SM4 algorithm is adopted, and a coordinate ciphertext sequence is generated according to the coordinate sequence to be encrypted;
adopting an SM3 algorithm, and generating a summary value according to the binary sequence of the WKB space field;
according to the encryption expansion WKB structures corresponding to different geometric types, the coordinate ciphertext sequence and the abstract value are recombined to generate a geometric object ciphertext sequence;
generating a spatial index according to the minimum circumscribed rectangular object by adopting a sequence-preserving encryption algorithm;
Storing the spatial index into an index field newly built in a spatial database table;
storing the geometric object ciphertext sequence into a space field of a space database table;
the geometric type comprises points, multiple points, lines, multiple lines, polygons and multiple polygons, wherein the multiple polygons comprise a plurality of polygons, the polygons comprise at least one ring, the multiple lines comprise a plurality of lines, the rings, the lines and the multiple points are all composed of a plurality of point coordinate sequences, the point coordinate sequences of the rings are connected end to end, the geometric type is expressed in a WKB structure in an object coding mode, the point object code is 1, the multiple point object code is 4, the line object code is 2, the multiple line object code is 5, the polygon object code is 3, and the multiple polygon object code is 6;
The encryption expansion WKB structure of the point sequentially comprises a byte sequence of 1 byte, a multi-point object code of 4 bytes, a point number of 4 bytes, a ciphertext sequence corresponding to the point object WKB code, block encryption filling, an SM3 hash value a and an SM3 hash value b;
The multi-point encryption expansion WKB structure sequentially comprises a 1-byte sequence, a 4-byte multi-point object code, a 4-byte point number +3, a ciphertext sequence corresponding to the point object WKB code, a block encryption pad, an SM3 hash value a and an SM3 hash value b, wherein coordinates in the point object WKB code represent single point coordinates;
The encryption expansion WKB structure of the line sequentially comprises a byte sequence of 1 byte, a line object code of 4 bytes, a point number num+3 of 4 bytes, a ciphertext sequence of 16 Xnum bytes, a group encryption pad of 16 bytes and an SM3 hash value of 32 bytes;
the multi-line encryption expansion WKB structure sequentially comprises a 1-byte sequence, a 4-byte multi-line object code, a 4-byte line number +1, a ciphertext sequence corresponding to the line object WKB code, a 1-byte sequence, a 4-byte line object code, a 4-byte point number, a 16-byte block encryption pad and a 32-byte SM3 hash value, wherein a coordinate sequence in the line object WKB code represents a plurality of point coordinates forming a line;
The encryption expansion WKB structure of the polygon sequentially comprises a byte sequence of 1 byte, a polygon object code of 4 bytes, a ring number +1 of 4 bytes, a cipher text sequence of a plurality of groups of 4-byte point numbers numi and 16× numi bytes, a point number num0 of 4 bytes, a group encryption pad of 16 bytes and an SM3 hash value of 32 bytes;
The encryption expansion WKB structure of the multi-polygon sequentially comprises a byte sequence of 1 byte, multi-polygon object codes of 4 bytes, a polygon number +1 of 4 bytes, a ciphertext sequence corresponding to the polygon object WKB codes, block encryption filling and SM3 hash values, wherein the coordinate sequence in the polygon object WKB codes represents a plurality of point coordinates forming a polygon;
the SM3 hash value is the digest value, and the SM3 hash value a and the SM3 hash value b are obtained by decomposing the SM3 hash value.
2. The spatial database encryption method according to claim 1, wherein generating a coordinate ciphertext sequence from the coordinate sequence to be encrypted using a ciphertext block chaining mode of an SM4 algorithm comprises:
Submitting a key generation request to a key management system, and calling a server cipher machine by the key management system to generate a 128-bit symmetric key as a master key;
dividing the main key into 4 words with 32 bits, and generating round keys of each round as sub keys by iteratively applying a key expansion algorithm and round constants;
taking 128-bit binary coding coordinate pairs of each point element in the coordinate sequence to be encrypted as an encrypted packet;
And performing exclusive OR operation on the encryption group corresponding to each point element and a target vector respectively, and performing iterative round transformation operation by adopting a 32-round nonlinear iterative structure based on the subkey to generate 128-bit ciphertext corresponding to each point element, wherein the 128-bit ciphertext corresponding to all the point elements forms a coordinate ciphertext sequence, the target vector corresponding to the first point element is an initial vector, and the target vector corresponding to the rest point elements is the 128-bit ciphertext corresponding to the previous point element.
3. The spatial database encryption method according to claim 1, wherein generating a digest value from the WKB spatial field binary sequence using SM3 algorithm comprises:
grouping the WKB space field binary sequences by taking 512 bits as a group, and filling the groups with less than 512 bits to obtain 512-bit calculation groups;
initializing 256-bit parameters, and performing iterative compression operation on the 512-bit calculation packet and the 256-bit parameters to generate 256-bit hash values as digest values.
4. The spatial database encryption method according to claim 1, wherein generating a spatial index from the minimum bounding rectangular object using a sequence preserving encryption algorithm comprises:
converting the minimum circumscribed rectangular object into a WKT format, and extracting corner coordinates of the minimum circumscribed rectangular object in the WKT format;
performing order-preserving encryption on the corner coordinates to obtain an encrypted minimum circumscribed rectangular object;
And reorganizing the encrypted minimum circumscribed rectangular object in a WKB format to generate a spatial index.
5. The spatial database encryption method according to claim 2, wherein the round transformation operation is implemented by a round transformation function, the round transformation function is composed of an exclusive-or operation unit, a nonlinear transformation unit and a linear transformation unit, the exclusive-or operation unit performs exclusive-or operation on a word participating in the operation and a corresponding subkey, the nonlinear transformation unit is composed of 4 parallel S boxes, the S boxes replace the word participating in the operation in units of bytes, and the linear transformation unit performs linear transformation on the word generated after the S boxes replace, wherein the linear transformation includes a shift operation and an exclusive-or operation.
6. The spatial database encryption method according to claim 1, wherein acquiring spatial data to be processed and extracting a WKB spatial field binary sequence comprises:
And analyzing the structured query language statement sent by the client to acquire the space data to be processed, and extracting the binary sequence of the WKB space field.
7. The spatial database encryption method of claim 6, wherein storing the geometric object ciphertext sequence into a spatial field of a spatial database table comprises:
and rewriting the structured query language statement according to the geometrical object ciphertext sequence to store the geometrical object ciphertext sequence into a space field of a space database table.
8. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor executes the computer program to implement the spatial database encryption method of any one of claims 1-7.
9. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the spatial database encryption method of any one of claims 1-7.
CN202411546965.0A 2024-11-01 2024-11-01 Space database encryption method, equipment and medium Active CN119089479B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411546965.0A CN119089479B (en) 2024-11-01 2024-11-01 Space database encryption method, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411546965.0A CN119089479B (en) 2024-11-01 2024-11-01 Space database encryption method, equipment and medium

Publications (2)

Publication Number Publication Date
CN119089479A CN119089479A (en) 2024-12-06
CN119089479B true CN119089479B (en) 2025-01-28

Family

ID=93667255

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411546965.0A Active CN119089479B (en) 2024-11-01 2024-11-01 Space database encryption method, equipment and medium

Country Status (1)

Country Link
CN (1) CN119089479B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108090150A (en) * 2017-12-11 2018-05-29 厦门亿力吉奥信息科技有限公司 GIS spatial objects storage method and its system
CN113901159A (en) * 2021-09-29 2022-01-07 中南大学 A Local Encryption and Decryption Method for Vector Data Network Transmission Based on Multilevel Spatial Index

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8239368B2 (en) * 2007-08-29 2012-08-07 International Business Machines Corporation Apparatus, system, and method for executing a distributed spatial data query
CN110716952A (en) * 2019-09-24 2020-01-21 中国电子科技集团公司电子科学研究院 Multi-source heterogeneous data processing method and device and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108090150A (en) * 2017-12-11 2018-05-29 厦门亿力吉奥信息科技有限公司 GIS spatial objects storage method and its system
CN113901159A (en) * 2021-09-29 2022-01-07 中南大学 A Local Encryption and Decryption Method for Vector Data Network Transmission Based on Multilevel Spatial Index

Also Published As

Publication number Publication date
CN119089479A (en) 2024-12-06

Similar Documents

Publication Publication Date Title
US11709948B1 (en) Systems and methods for generation of secure indexes for cryptographically-secure queries
CN108667595B (en) A compression and encryption method for large data files
Li et al. L-EncDB: A lightweight framework for privacy-preserving data queries in cloud computing
US9355271B2 (en) System and method for dynamic, non-interactive, and parallelizable searchable symmetric encryption
US8949625B2 (en) Systems for structured encryption using embedded information in data strings
US8533489B2 (en) Searchable symmetric encryption with dynamic updating
KR101403745B1 (en) Encrypted data search
US20140143553A1 (en) Method and Apparatus for Encapsulating and Encrypting Files in Computer Device
CN106571905A (en) Numeric data homomorphic order-preserving encryption method
US8769302B2 (en) Encrypting data and characterization data that describes valid contents of a column
CN105959098A (en) Format-reserved encryption algorithm based on multi-segmented Feistel network
Dowsley et al. A survey on design and implementation of protected searchable data in the cloud
Zhan et al. MDOPE: Efficient multi-dimensional data order preserving encryption scheme
US20220209945A1 (en) Method and device for storing encrypted data
CN106874516A (en) Efficient cipher text retrieval method based on KCB trees and Bloom filter in a kind of cloud storage
CN112583809A (en) Data encryption and decryption method of non-immersion multiple encryption algorithms
US11886617B1 (en) Protecting membership and data in a secure multi-party computation and/or communication
CN117932678A (en) Private data storage method, reading method, device and computer equipment
CN114564735A (en) Database encryption and complete matching retrieval system
CN119089479B (en) Space database encryption method, equipment and medium
US20230315896A1 (en) Systems and methods for end-to end-encryption with encrypted multi-maps
US20230325524A1 (en) Systems and methods for end-to end-encryption with encrypted multi-maps
US20230315897A1 (en) Systems and methods for end-to end-encryption with encrypted multi-maps
CN118363986B (en) Encryption and decryption method and device for secret database
US12047490B2 (en) Length-preserving encryption for database tables

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant