CN106446713A - Encryption method and system for database content - Google Patents
Encryption method and system for database content Download PDFInfo
- Publication number
- CN106446713A CN106446713A CN201610884734.XA CN201610884734A CN106446713A CN 106446713 A CN106446713 A CN 106446713A CN 201610884734 A CN201610884734 A CN 201610884734A CN 106446713 A CN106446713 A CN 106446713A
- Authority
- CN
- China
- Prior art keywords
- information
- encryption
- password
- symmetric key
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an encryption method and system for database content, wherein the method comprises the following steps: verifying user identity information, after the verification is passed, allowing a user to write primary data information to a database; carrying out symmetrical secret key encryption on the primary data information to obtain symmetrical secret key encryption data information; carrying out password encryption on the symmetrical secret key encryption data information to obtain password encryption data information. In the embodiment of the invention, firstly, the user identity information is verified, and then the symmetrical encryption is carried out on the data information, finally, the password encryption is carried out to ensure the safety of the data information input in the database by the user and further ensure the data information input in the database by the user to be difficultly stolen by other users or hackers.
Description
Technical field
The present invention relates to data encryption technology field, more particularly, to a kind of data-base content encryption method and system.
Background technology
Encryption, is not a strange vocabulary in computer realm already.Software protection legal system due to current China
Also less sound, the awareness of the legal system of people is also thinner, and computer software is a kind of special commodity, easily replicates,
So encryption just becomes a kind of necessary means of protection software.Software majority popular currently on the market all takes certain
Encryption method, its purpose is that the interests of protection software developer, prevents software pirate version.
Developing rapidly with computer technology, the application of database is quite varied, has been deep into every field.Special
It is not to enter cloud era and after the big data epoch, the important data that gets more and more incorporates in database.But, if government's machine
Some policies and regulations of structure, topsecret papers, some business secrets of commercial undertaking, the personal information of financial institution and financial assets
The various sensitive data of information etc. is all stored with plaintext version, and that will be catastrophic.As long as somewhat having a point data base
Professional knowledge is it is possible to the easy to do information getting the ups and downs that these are related to nation's security, enterprise.Therefore, such as
What ensures the safety of Database Systems effectively, realizes confidentiality, integrality, validity and the availability of database, has become
Important topic for people in the industry's research.
Content of the invention
It is an object of the invention to overcoming the deficiencies in the prior art, the invention provides a kind of data-base content encryption method
And system, it is ensured that the security of data message in user input database, is difficult to be stolen by other users or hacker.
In order to solve above-mentioned technical problem, the invention provides a kind of data-base content encryption method, methods described bag
Include:
Subscriber identity information is verified, it is allowed to described user writes initial data letter to database after checking
Breath;
Described primary data information (pdi) is carried out with symmetric key encryption process, obtains symmetric key encryption data message;
Described symmetric key encryption data message is carried out with password encryption process, obtains password encryption data message.
Preferably, described subscriber identity information is verified, including:
User passes through with input login account information and login password information;
Login account information described in described user input and described login password information are uploaded to database server and enter
Row coupling;
The match is successful, then described subscriber identity information is verified, and otherwise, described subscriber identity information checking is not passed through.
Preferably, described symmetric key encryption is AES, ARIA, SEED, TDES or DES.
Preferably, described password encryption process is carried out to described symmetric key encryption data message, including:
Obtain the password information that user input is encrypted to described symmetric key encryption data message;
Described encrypted ones information processing is processed using one-way function, described symmetric key encryption data message is carried out add
Close, obtain password encryption data message.
In addition, present invention also offers a kind of data-base content encryption system, described system includes:
Authentication module:For verifying to subscriber identity information, it is allowed to described user is to data after checking
Storehouse writes primary data information (pdi);
Symmetrical encryption module:For described primary data information (pdi) is carried out with symmetric key encryption process, obtain symmetric key
Ciphered data information;
Password encryption module:For described symmetric key encryption data message is carried out with password encryption process, obtain password
Ciphered data information.
Preferably, described authentication module includes:
Log in unit:Pass through with input login account information and login password information for user;
Matching unit:For login account information described in described user input and described login password information are uploaded to number
Mated according to storehouse server, the match is successful, then described subscriber identity information is verified, otherwise, described subscriber identity information
Checking is not passed through.
Preferably, described symmetric key encryption is AES, ARIA, SEED, TDES or DES.
Preferably, described password encryption module includes:
Information acquisition unit:For obtaining the password letter that user input is encrypted to described symmetric key encryption data message
Breath;
Ciphering unit:For described encrypted ones information processing is processed using one-way function, to described symmetric key encryption
Data message is encrypted, and obtains password encryption data message.
In embodiments of the present invention, first pass through the identity information to user to verify, then data message is carried out
Symmetric cryptography is processed, and last password encryption processes the security it is ensured that data message in user input database, is difficult by it
His user or hacker steal.
Brief description
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
Have technology description in required use accompanying drawing be briefly described it is clear that, drawings in the following description be only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, acceptable
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of the data-base content encryption method in the embodiment of the present invention;
Fig. 2 is the structure composition schematic diagram of the data-base content encryption system in the embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is all other that those of ordinary skill in the art are obtained under the premise of not making creative work
Embodiment, broadly falls into the scope of protection of the invention.
Fig. 1 is the schematic flow sheet of the data-base content encryption method in the embodiment of the present invention, as shown in figure 1, described side
Method includes:
S11:Subscriber identity information is verified, it is allowed to described user writes original number to database after checking
It is believed that breath;
S12:Described data message is carried out with symmetric key encryption process, obtains symmetric key encryption data message;
S13:Described symmetric key encryption data message is carried out with password encryption process, obtains password encryption data message.
S11 is described further:
User passes through with input login account information and login password information;Login account described in described user input is believed
Breath and described login password information are uploaded to database server and are mated;The match is successful, then described subscriber identity information is tested
Card passes through, and otherwise, described subscriber identity information checking is not passed through;Pass through afterwards, user can be allowed to step in subscriber authentication
Record database, and write primary data information (pdi) in this database.
Further, user is being entered by terminal (described terminal includes being not limited to PC end, smart mobile phone, panel computer)
During Database Systems, database ejects needs user to carry out authentication, needs the account information of user input log database
With this account information corresponding login password information, database getting the account information of user and this account information is corresponding
After encrypted message, above- mentioned information is fed back in database server, server is first in the account information according to user input
Comparing coupling, check whether there is this account information, if not existing, needing not continue to mate account information and input
The corresponding encrypted message of this account information;If existing, continue coupling account information corresponding close with this account information of input
Code information, if the match is successful then it is assumed that the identity information of user is verified it is allowed to this database of User logs in;If testing
Card unsuccessful then it is assumed that subscriber authentication is not passed through, do not allow this database of User logs in;Pass through it in subscriber authentication
Afterwards, this database of User logs in, and write corresponding primary data information (pdi) to this database.
S12 is described further:
By way of symmetric key, the primary data information (pdi) of user input is encrypted, and obtains corresponding
Encrypted data information is piled after encryption;State symmetric key encryption be AES, ARIA, SEED, TDES, 3DES or
Person DES.
Further, in embodiments of the present invention, using 3DES algorithm, initial data is encrypted;3DES also known as
Triple DES, is a kind of pattern of des encryption algorithm, and this algorithm is to carry out three times using the data key of three 168
Encryption, is implemented as:If Ek () and Dk () represents the encryption and decryption processes of 3DES algorithm, k represents the use of 3DES algorithm
Key, P represents plaintext, C represents ciphertext, and ciphering process is as follows:
C=Ek3 (Dk2 (Ek1 (P)));
Decrypting process is as follows:
P=Dk1 (EK2 (Dk3 (C)));
By above-mentioned specific implementation process, initial data is encrypted accordingly, prevent disabled user from breaking through by force
After database defence, the corresponding data message of direct access.
S13 is described further:
Obtain the password information that user input is encrypted to described symmetric key encryption data message;Processed using one-way function
Described encrypted ones information processing, is encrypted to described symmetric key encryption data message, obtains password encryption data message.
Further, obtain symmetric key encryption data message first from above-mentioned S12, in order to ensure the private of password encryption
Close property, employs a kind of method for " one-way function " and processes password information, be briefly easy to extrapolate from password information
Functional value, but it is difficult to extrapolate password information from functional value;Although these seemingly do not have any use from the surface
Function, but be really widely used in ensureing the integrality of system password, the password of One-Way Encryption once falls into third-party
In hand, due to can not be reduced in plain text, so also without what big use;When verifying the password of user input, user's
Input adopt be also one-way algorithm, if input with store encrypted after password match, the message inputting is certain
It is correct;Using one-way algorithm function be:
F (X)=Y0+Y1*x1+Y2*x2+Y3*x3…..Yn*xn;
Wherein, coefficient Yi, i=1,2,3 ... n is defined as inequality and relatively prime number, xj, j=1,2,3 ... n is then encryption
Content.
Described encrypted ones information processing is processed using above-mentioned one-way function, described symmetric key encryption data message is entered
Row encryption, obtains password encryption data message.
Fig. 2 is the structure composition schematic diagram of the data-base content encryption system in the embodiment of the present invention, as shown in Fig. 2 this
Invention additionally provides a kind of data-base content encryption system, and described system includes:
Authentication module 11:For verifying to subscriber identity information, it is allowed to described user is to number after checking
Write primary data information (pdi) according to storehouse;
Symmetrical encryption module 12:For described primary data information (pdi) is carried out with symmetric key encryption process, obtain symmetrically close
Key ciphered data information;
Password encryption module 13:For described symmetric key encryption data message is carried out with password encryption process, obtain mouth
Make ciphered data information.
Preferably, described authentication module 11 includes:
Log in unit:Pass through with input login account information and login password information for user;
Matching unit:For login account information described in described user input and described login password information are uploaded to number
Mated according to storehouse server, the match is successful, then described subscriber identity information is verified, otherwise, described subscriber identity information
Checking is not passed through.
Preferably, described symmetric key encryption is AES, ARIA, SEED, TDES, 3DES or DES.
Preferably, described password encryption module 13 includes:
Information acquisition unit:For obtaining the password letter that user input is encrypted to described symmetric key encryption data message
Breath;
Ciphering unit:For described encrypted ones information processing is processed using one-way function, to described symmetric key encryption
Data message is encrypted, and obtains password encryption data message.
In embodiments of the present invention, first pass through the identity information to user to verify, then data message is carried out
Symmetric cryptography is processed, and last password encryption processes the security it is ensured that data message in user input database, is difficult by it
His user or hacker steal.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can
Completed with the hardware instructing correlation by program, this program can be stored in a computer-readable recording medium, storage
Medium can include:Read-only storage (ROM, Read Only Memory), random access memory (RAM, Random
Access Memory), disk or CD etc..
In addition, a kind of above data-base content encryption method that the embodiment of the present invention is provided and system have been carried out in detail
Introduce, specific case should be employed herein the principle of the present invention and embodiment are set forth, the saying of above example
Bright it is only intended to help and understands the method for the present invention and its core concept;Simultaneously for one of ordinary skill in the art, foundation
The thought of the present invention, all will change in specific embodiments and applications, and in sum, this specification content is not
It is interpreted as limitation of the present invention.
Claims (8)
1. a kind of data-base content encryption method is it is characterised in that methods described includes:
Subscriber identity information is verified, it is allowed to described user writes primary data information (pdi) to database after checking;
Described primary data information (pdi) is carried out with symmetric key encryption process, obtains symmetric key encryption data message;
Described symmetric key encryption data message is carried out with password encryption process, obtains password encryption data message.
2. data-base content encryption method according to claim 1 is it is characterised in that described carried out to subscriber identity information
Checking, including:
User passes through with input login account information and login password information;
Login account information described in described user input and described login password information are uploaded to database server carry out
Join;
The match is successful, then described subscriber identity information is verified, and otherwise, described subscriber identity information checking is not passed through.
3. data-base content encryption method according to claim 1 it is characterised in that described symmetric key encryption be AES,
ARIA, SEED, TDES or DES.
4. data-base content encryption method according to claim 1 it is characterised in that described to described symmetric key encryption
Data message carries out password encryption process, including:
Obtain the password information that user input is encrypted to described symmetric key encryption data message;
Described encrypted ones information processing is processed using one-way function, described symmetric key encryption data message is encrypted,
Obtain password encryption data message.
5. a kind of data-base content encryption system is it is characterised in that described system includes:
Authentication module:For verifying to subscriber identity information, it is allowed to described user is to database write after checking
Enter primary data information (pdi);
Symmetrical encryption module:For described primary data information (pdi) is carried out with symmetric key encryption process, obtain symmetric key encryption
Data message;
Password encryption module:For described symmetric key encryption data message is carried out with password encryption process, obtain password encryption
Data message.
6. data-base content encryption system according to claim 5 is it is characterised in that described authentication module includes:
Log in unit:Pass through with input login account information and login password information for user;
Matching unit:For login account information described in described user input and described login password information are uploaded to database
Server is mated, and the match is successful, then described subscriber identity information is verified, otherwise, described subscriber identity information checking
Do not pass through.
7. data-base content encryption system according to claim 5 it is characterised in that described symmetric key encryption be AES,
ARIA, SEED, TDES or DES.
8. data-base content encryption system according to claim 5 is it is characterised in that described password encryption module includes:
Information acquisition unit:For obtaining the password information that user input is encrypted to described symmetric key encryption data message;
Ciphering unit:For described encrypted ones information processing is processed using one-way function, to described symmetric key encryption data
Information is encrypted, and obtains password encryption data message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610884734.XA CN106446713A (en) | 2016-10-10 | 2016-10-10 | Encryption method and system for database content |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610884734.XA CN106446713A (en) | 2016-10-10 | 2016-10-10 | Encryption method and system for database content |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106446713A true CN106446713A (en) | 2017-02-22 |
Family
ID=58173055
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610884734.XA Pending CN106446713A (en) | 2016-10-10 | 2016-10-10 | Encryption method and system for database content |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106446713A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114553557A (en) * | 2022-02-24 | 2022-05-27 | 广东电网有限责任公司 | Key calling method, key calling device, computer equipment and storage medium |
CN113779601B (en) * | 2021-09-10 | 2023-10-10 | 百融至信(北京)科技有限公司 | Data confidentiality method and system |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105262743A (en) * | 2015-10-10 | 2016-01-20 | 山东超越数控电子有限公司 | Data storage method, safety device and network storage system |
-
2016
- 2016-10-10 CN CN201610884734.XA patent/CN106446713A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105262743A (en) * | 2015-10-10 | 2016-01-20 | 山东超越数控电子有限公司 | Data storage method, safety device and network storage system |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113779601B (en) * | 2021-09-10 | 2023-10-10 | 百融至信(北京)科技有限公司 | Data confidentiality method and system |
CN114553557A (en) * | 2022-02-24 | 2022-05-27 | 广东电网有限责任公司 | Key calling method, key calling device, computer equipment and storage medium |
CN114553557B (en) * | 2022-02-24 | 2024-04-30 | 广东电网有限责任公司 | Key calling method, device, computer equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11743041B2 (en) | Technologies for private key recovery in distributed ledger systems | |
US20180227130A1 (en) | Electronic identification verification methods and systems | |
CN108833114A (en) | A kind of decentralization identity authorization system and method based on block chain | |
US9275257B2 (en) | Secure communication architecture | |
US20080216172A1 (en) | Systems, methods, and apparatus for secure transactions in trusted systems | |
CN108989346A (en) | The effective identity trustship agility of third party based on account concealment authenticates access module | |
US8312288B2 (en) | Secure PIN character retrieval and setting using PIN offset masking | |
CN111210287A (en) | Tax UKey-based invoicing method and system | |
CN101335754B (en) | Method for information verification using remote server | |
US11068570B1 (en) | Authentication using third-party data | |
US20140108791A1 (en) | Secure Communication Architecture Including Sniffer | |
CN108092764A (en) | A kind of cipher management method, equipment and the device with store function | |
US8219826B2 (en) | Secure pin character retrieval and setting | |
CN103532979A (en) | Method for generating and verifying multi-conversation verification codes under CGI (common gateway interface) for web | |
CN106446713A (en) | Encryption method and system for database content | |
US11671475B2 (en) | Verification of data recipient | |
US10771970B2 (en) | Method of authenticating communication of an authentication device and at least one authentication server using local factor | |
CN103178955B (en) | A kind of authentication method, equipment and system | |
CN106533685B (en) | Identity authentication method, device and system | |
Alese et al. | Multilevel authentication system for stemming crime in online banking | |
US10491391B1 (en) | Feedback-based data security | |
CN117522417B (en) | Transaction security verification method and device based on quantum encryption | |
CN107360183A (en) | A kind of method and device of hiding checking information | |
TWI670618B (en) | Login system implemented along with a mobile device without password and method thereof | |
CN117834242A (en) | Verification method, device, apparatus, storage medium, and program product |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170222 |
|
WD01 | Invention patent application deemed withdrawn after publication |