CN106446713A - Encryption method and system for database content - Google Patents

Encryption method and system for database content Download PDF

Info

Publication number
CN106446713A
CN106446713A CN201610884734.XA CN201610884734A CN106446713A CN 106446713 A CN106446713 A CN 106446713A CN 201610884734 A CN201610884734 A CN 201610884734A CN 106446713 A CN106446713 A CN 106446713A
Authority
CN
China
Prior art keywords
information
encryption
password
symmetric key
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610884734.XA
Other languages
Chinese (zh)
Inventor
胡建国
梁津铨
李仕仁
陈伟强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Smart City Development Research Institute
Guangzhou Shizhen Information Technology Co Ltd
Original Assignee
Guangzhou Smart City Development Research Institute
Guangzhou Shizhen Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Smart City Development Research Institute, Guangzhou Shizhen Information Technology Co Ltd filed Critical Guangzhou Smart City Development Research Institute
Priority to CN201610884734.XA priority Critical patent/CN106446713A/en
Publication of CN106446713A publication Critical patent/CN106446713A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an encryption method and system for database content, wherein the method comprises the following steps: verifying user identity information, after the verification is passed, allowing a user to write primary data information to a database; carrying out symmetrical secret key encryption on the primary data information to obtain symmetrical secret key encryption data information; carrying out password encryption on the symmetrical secret key encryption data information to obtain password encryption data information. In the embodiment of the invention, firstly, the user identity information is verified, and then the symmetrical encryption is carried out on the data information, finally, the password encryption is carried out to ensure the safety of the data information input in the database by the user and further ensure the data information input in the database by the user to be difficultly stolen by other users or hackers.

Description

A kind of data-base content encryption method and system
Technical field
The present invention relates to data encryption technology field, more particularly, to a kind of data-base content encryption method and system.
Background technology
Encryption, is not a strange vocabulary in computer realm already.Software protection legal system due to current China Also less sound, the awareness of the legal system of people is also thinner, and computer software is a kind of special commodity, easily replicates, So encryption just becomes a kind of necessary means of protection software.Software majority popular currently on the market all takes certain Encryption method, its purpose is that the interests of protection software developer, prevents software pirate version.
Developing rapidly with computer technology, the application of database is quite varied, has been deep into every field.Special It is not to enter cloud era and after the big data epoch, the important data that gets more and more incorporates in database.But, if government's machine Some policies and regulations of structure, topsecret papers, some business secrets of commercial undertaking, the personal information of financial institution and financial assets The various sensitive data of information etc. is all stored with plaintext version, and that will be catastrophic.As long as somewhat having a point data base Professional knowledge is it is possible to the easy to do information getting the ups and downs that these are related to nation's security, enterprise.Therefore, such as What ensures the safety of Database Systems effectively, realizes confidentiality, integrality, validity and the availability of database, has become Important topic for people in the industry's research.
Content of the invention
It is an object of the invention to overcoming the deficiencies in the prior art, the invention provides a kind of data-base content encryption method And system, it is ensured that the security of data message in user input database, is difficult to be stolen by other users or hacker.
In order to solve above-mentioned technical problem, the invention provides a kind of data-base content encryption method, methods described bag Include:
Subscriber identity information is verified, it is allowed to described user writes initial data letter to database after checking Breath;
Described primary data information (pdi) is carried out with symmetric key encryption process, obtains symmetric key encryption data message;
Described symmetric key encryption data message is carried out with password encryption process, obtains password encryption data message.
Preferably, described subscriber identity information is verified, including:
User passes through with input login account information and login password information;
Login account information described in described user input and described login password information are uploaded to database server and enter Row coupling;
The match is successful, then described subscriber identity information is verified, and otherwise, described subscriber identity information checking is not passed through.
Preferably, described symmetric key encryption is AES, ARIA, SEED, TDES or DES.
Preferably, described password encryption process is carried out to described symmetric key encryption data message, including:
Obtain the password information that user input is encrypted to described symmetric key encryption data message;
Described encrypted ones information processing is processed using one-way function, described symmetric key encryption data message is carried out add Close, obtain password encryption data message.
In addition, present invention also offers a kind of data-base content encryption system, described system includes:
Authentication module:For verifying to subscriber identity information, it is allowed to described user is to data after checking Storehouse writes primary data information (pdi);
Symmetrical encryption module:For described primary data information (pdi) is carried out with symmetric key encryption process, obtain symmetric key Ciphered data information;
Password encryption module:For described symmetric key encryption data message is carried out with password encryption process, obtain password Ciphered data information.
Preferably, described authentication module includes:
Log in unit:Pass through with input login account information and login password information for user;
Matching unit:For login account information described in described user input and described login password information are uploaded to number Mated according to storehouse server, the match is successful, then described subscriber identity information is verified, otherwise, described subscriber identity information Checking is not passed through.
Preferably, described symmetric key encryption is AES, ARIA, SEED, TDES or DES.
Preferably, described password encryption module includes:
Information acquisition unit:For obtaining the password letter that user input is encrypted to described symmetric key encryption data message Breath;
Ciphering unit:For described encrypted ones information processing is processed using one-way function, to described symmetric key encryption Data message is encrypted, and obtains password encryption data message.
In embodiments of the present invention, first pass through the identity information to user to verify, then data message is carried out Symmetric cryptography is processed, and last password encryption processes the security it is ensured that data message in user input database, is difficult by it His user or hacker steal.
Brief description
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing Have technology description in required use accompanying drawing be briefly described it is clear that, drawings in the following description be only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, acceptable Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of the data-base content encryption method in the embodiment of the present invention;
Fig. 2 is the structure composition schematic diagram of the data-base content encryption system in the embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is all other that those of ordinary skill in the art are obtained under the premise of not making creative work Embodiment, broadly falls into the scope of protection of the invention.
Fig. 1 is the schematic flow sheet of the data-base content encryption method in the embodiment of the present invention, as shown in figure 1, described side Method includes:
S11:Subscriber identity information is verified, it is allowed to described user writes original number to database after checking It is believed that breath;
S12:Described data message is carried out with symmetric key encryption process, obtains symmetric key encryption data message;
S13:Described symmetric key encryption data message is carried out with password encryption process, obtains password encryption data message.
S11 is described further:
User passes through with input login account information and login password information;Login account described in described user input is believed Breath and described login password information are uploaded to database server and are mated;The match is successful, then described subscriber identity information is tested Card passes through, and otherwise, described subscriber identity information checking is not passed through;Pass through afterwards, user can be allowed to step in subscriber authentication Record database, and write primary data information (pdi) in this database.
Further, user is being entered by terminal (described terminal includes being not limited to PC end, smart mobile phone, panel computer) During Database Systems, database ejects needs user to carry out authentication, needs the account information of user input log database With this account information corresponding login password information, database getting the account information of user and this account information is corresponding After encrypted message, above- mentioned information is fed back in database server, server is first in the account information according to user input Comparing coupling, check whether there is this account information, if not existing, needing not continue to mate account information and input The corresponding encrypted message of this account information;If existing, continue coupling account information corresponding close with this account information of input Code information, if the match is successful then it is assumed that the identity information of user is verified it is allowed to this database of User logs in;If testing Card unsuccessful then it is assumed that subscriber authentication is not passed through, do not allow this database of User logs in;Pass through it in subscriber authentication Afterwards, this database of User logs in, and write corresponding primary data information (pdi) to this database.
S12 is described further:
By way of symmetric key, the primary data information (pdi) of user input is encrypted, and obtains corresponding Encrypted data information is piled after encryption;State symmetric key encryption be AES, ARIA, SEED, TDES, 3DES or Person DES.
Further, in embodiments of the present invention, using 3DES algorithm, initial data is encrypted;3DES also known as Triple DES, is a kind of pattern of des encryption algorithm, and this algorithm is to carry out three times using the data key of three 168 Encryption, is implemented as:If Ek () and Dk () represents the encryption and decryption processes of 3DES algorithm, k represents the use of 3DES algorithm Key, P represents plaintext, C represents ciphertext, and ciphering process is as follows:
C=Ek3 (Dk2 (Ek1 (P)));
Decrypting process is as follows:
P=Dk1 (EK2 (Dk3 (C)));
By above-mentioned specific implementation process, initial data is encrypted accordingly, prevent disabled user from breaking through by force After database defence, the corresponding data message of direct access.
S13 is described further:
Obtain the password information that user input is encrypted to described symmetric key encryption data message;Processed using one-way function Described encrypted ones information processing, is encrypted to described symmetric key encryption data message, obtains password encryption data message.
Further, obtain symmetric key encryption data message first from above-mentioned S12, in order to ensure the private of password encryption Close property, employs a kind of method for " one-way function " and processes password information, be briefly easy to extrapolate from password information Functional value, but it is difficult to extrapolate password information from functional value;Although these seemingly do not have any use from the surface Function, but be really widely used in ensureing the integrality of system password, the password of One-Way Encryption once falls into third-party In hand, due to can not be reduced in plain text, so also without what big use;When verifying the password of user input, user's Input adopt be also one-way algorithm, if input with store encrypted after password match, the message inputting is certain It is correct;Using one-way algorithm function be:
F (X)=Y0+Y1*x1+Y2*x2+Y3*x3…..Yn*xn
Wherein, coefficient Yi, i=1,2,3 ... n is defined as inequality and relatively prime number, xj, j=1,2,3 ... n is then encryption Content.
Described encrypted ones information processing is processed using above-mentioned one-way function, described symmetric key encryption data message is entered Row encryption, obtains password encryption data message.
Fig. 2 is the structure composition schematic diagram of the data-base content encryption system in the embodiment of the present invention, as shown in Fig. 2 this Invention additionally provides a kind of data-base content encryption system, and described system includes:
Authentication module 11:For verifying to subscriber identity information, it is allowed to described user is to number after checking Write primary data information (pdi) according to storehouse;
Symmetrical encryption module 12:For described primary data information (pdi) is carried out with symmetric key encryption process, obtain symmetrically close Key ciphered data information;
Password encryption module 13:For described symmetric key encryption data message is carried out with password encryption process, obtain mouth Make ciphered data information.
Preferably, described authentication module 11 includes:
Log in unit:Pass through with input login account information and login password information for user;
Matching unit:For login account information described in described user input and described login password information are uploaded to number Mated according to storehouse server, the match is successful, then described subscriber identity information is verified, otherwise, described subscriber identity information Checking is not passed through.
Preferably, described symmetric key encryption is AES, ARIA, SEED, TDES, 3DES or DES.
Preferably, described password encryption module 13 includes:
Information acquisition unit:For obtaining the password letter that user input is encrypted to described symmetric key encryption data message Breath;
Ciphering unit:For described encrypted ones information processing is processed using one-way function, to described symmetric key encryption Data message is encrypted, and obtains password encryption data message.
In embodiments of the present invention, first pass through the identity information to user to verify, then data message is carried out Symmetric cryptography is processed, and last password encryption processes the security it is ensured that data message in user input database, is difficult by it His user or hacker steal.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can Completed with the hardware instructing correlation by program, this program can be stored in a computer-readable recording medium, storage Medium can include:Read-only storage (ROM, Read Only Memory), random access memory (RAM, Random Access Memory), disk or CD etc..
In addition, a kind of above data-base content encryption method that the embodiment of the present invention is provided and system have been carried out in detail Introduce, specific case should be employed herein the principle of the present invention and embodiment are set forth, the saying of above example Bright it is only intended to help and understands the method for the present invention and its core concept;Simultaneously for one of ordinary skill in the art, foundation The thought of the present invention, all will change in specific embodiments and applications, and in sum, this specification content is not It is interpreted as limitation of the present invention.

Claims (8)

1. a kind of data-base content encryption method is it is characterised in that methods described includes:
Subscriber identity information is verified, it is allowed to described user writes primary data information (pdi) to database after checking;
Described primary data information (pdi) is carried out with symmetric key encryption process, obtains symmetric key encryption data message;
Described symmetric key encryption data message is carried out with password encryption process, obtains password encryption data message.
2. data-base content encryption method according to claim 1 is it is characterised in that described carried out to subscriber identity information Checking, including:
User passes through with input login account information and login password information;
Login account information described in described user input and described login password information are uploaded to database server carry out Join;
The match is successful, then described subscriber identity information is verified, and otherwise, described subscriber identity information checking is not passed through.
3. data-base content encryption method according to claim 1 it is characterised in that described symmetric key encryption be AES, ARIA, SEED, TDES or DES.
4. data-base content encryption method according to claim 1 it is characterised in that described to described symmetric key encryption Data message carries out password encryption process, including:
Obtain the password information that user input is encrypted to described symmetric key encryption data message;
Described encrypted ones information processing is processed using one-way function, described symmetric key encryption data message is encrypted, Obtain password encryption data message.
5. a kind of data-base content encryption system is it is characterised in that described system includes:
Authentication module:For verifying to subscriber identity information, it is allowed to described user is to database write after checking Enter primary data information (pdi);
Symmetrical encryption module:For described primary data information (pdi) is carried out with symmetric key encryption process, obtain symmetric key encryption Data message;
Password encryption module:For described symmetric key encryption data message is carried out with password encryption process, obtain password encryption Data message.
6. data-base content encryption system according to claim 5 is it is characterised in that described authentication module includes:
Log in unit:Pass through with input login account information and login password information for user;
Matching unit:For login account information described in described user input and described login password information are uploaded to database Server is mated, and the match is successful, then described subscriber identity information is verified, otherwise, described subscriber identity information checking Do not pass through.
7. data-base content encryption system according to claim 5 it is characterised in that described symmetric key encryption be AES, ARIA, SEED, TDES or DES.
8. data-base content encryption system according to claim 5 is it is characterised in that described password encryption module includes:
Information acquisition unit:For obtaining the password information that user input is encrypted to described symmetric key encryption data message;
Ciphering unit:For described encrypted ones information processing is processed using one-way function, to described symmetric key encryption data Information is encrypted, and obtains password encryption data message.
CN201610884734.XA 2016-10-10 2016-10-10 Encryption method and system for database content Pending CN106446713A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610884734.XA CN106446713A (en) 2016-10-10 2016-10-10 Encryption method and system for database content

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610884734.XA CN106446713A (en) 2016-10-10 2016-10-10 Encryption method and system for database content

Publications (1)

Publication Number Publication Date
CN106446713A true CN106446713A (en) 2017-02-22

Family

ID=58173055

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610884734.XA Pending CN106446713A (en) 2016-10-10 2016-10-10 Encryption method and system for database content

Country Status (1)

Country Link
CN (1) CN106446713A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553557A (en) * 2022-02-24 2022-05-27 广东电网有限责任公司 Key calling method, key calling device, computer equipment and storage medium
CN113779601B (en) * 2021-09-10 2023-10-10 百融至信(北京)科技有限公司 Data confidentiality method and system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105262743A (en) * 2015-10-10 2016-01-20 山东超越数控电子有限公司 Data storage method, safety device and network storage system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105262743A (en) * 2015-10-10 2016-01-20 山东超越数控电子有限公司 Data storage method, safety device and network storage system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113779601B (en) * 2021-09-10 2023-10-10 百融至信(北京)科技有限公司 Data confidentiality method and system
CN114553557A (en) * 2022-02-24 2022-05-27 广东电网有限责任公司 Key calling method, key calling device, computer equipment and storage medium
CN114553557B (en) * 2022-02-24 2024-04-30 广东电网有限责任公司 Key calling method, device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
US11743041B2 (en) Technologies for private key recovery in distributed ledger systems
US20180227130A1 (en) Electronic identification verification methods and systems
CN108833114A (en) A kind of decentralization identity authorization system and method based on block chain
US9275257B2 (en) Secure communication architecture
US20080216172A1 (en) Systems, methods, and apparatus for secure transactions in trusted systems
CN108989346A (en) The effective identity trustship agility of third party based on account concealment authenticates access module
US8312288B2 (en) Secure PIN character retrieval and setting using PIN offset masking
CN111210287A (en) Tax UKey-based invoicing method and system
CN101335754B (en) Method for information verification using remote server
US11068570B1 (en) Authentication using third-party data
US20140108791A1 (en) Secure Communication Architecture Including Sniffer
CN108092764A (en) A kind of cipher management method, equipment and the device with store function
US8219826B2 (en) Secure pin character retrieval and setting
CN103532979A (en) Method for generating and verifying multi-conversation verification codes under CGI (common gateway interface) for web
CN106446713A (en) Encryption method and system for database content
US11671475B2 (en) Verification of data recipient
US10771970B2 (en) Method of authenticating communication of an authentication device and at least one authentication server using local factor
CN103178955B (en) A kind of authentication method, equipment and system
CN106533685B (en) Identity authentication method, device and system
Alese et al. Multilevel authentication system for stemming crime in online banking
US10491391B1 (en) Feedback-based data security
CN117522417B (en) Transaction security verification method and device based on quantum encryption
CN107360183A (en) A kind of method and device of hiding checking information
TWI670618B (en) Login system implemented along with a mobile device without password and method thereof
CN117834242A (en) Verification method, device, apparatus, storage medium, and program product

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170222

WD01 Invention patent application deemed withdrawn after publication