CN107451483A - A kind of safe encryption method of data platform - Google Patents
A kind of safe encryption method of data platform Download PDFInfo
- Publication number
- CN107451483A CN107451483A CN201710654954.8A CN201710654954A CN107451483A CN 107451483 A CN107451483 A CN 107451483A CN 201710654954 A CN201710654954 A CN 201710654954A CN 107451483 A CN107451483 A CN 107451483A
- Authority
- CN
- China
- Prior art keywords
- data
- abstract fields
- inquiry
- abstract
- fields
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a kind of safe encryption method of data platform, and database service is configured to provide cloud database service:Inquiry and Query Result are exchanged with the computing device of the subscriber of the cloud database service, the inquiry and Query Result are exchanged with the first encryption format;And the inquiry and Query Result are handled to decrypt the inquiry and encrypt the Query Result.The present invention is by judging that the abstract fields in summary document whether there is corresponding encryption identification to determine whether to encrypt abstract fields, when judging encryption identification corresponding to abstract fields presence, abstract fields are encrypted, and the summary document for carrying abstract fields ciphertext is stored into database.So, when using the account and password login for having administration authority to database into database, it is abstract fields ciphertext in accessed summary document, improves the Information Security of database.
Description
Technical field
The present invention relates to a kind of encryption method, specifically a kind of safe encryption method of data platform.
Background technology
In many calculating applications, it is desirable to keep that data safety.For example, it is specified that requiring safe to use in medical context
Measure prevents the patient data from being accessed by unauthorized party.If financial data (the credit number or social security of such as enterprise customers
Security number) obtained by malicious parties, then a large amount of financial losses may occur.In order to protect data, enterprise can use various safety
Technology is come the unwarranted access of safeguarding themselves computer system to prevent to data.Enterprise can use physics and
Electronic technology controls the access to secure data.A kind of replacement method of data is protected (even if can not be hindered in all scenario
Only to the access of data) it is to data encryption when storing data in computer system.The data that are already encrypted or
Otherwise it is processed as also determining data so as to which even if unauthorized party have accessed the data unauthorized parties
Meaning data be sometimes referred to as " ciphertext ".In corporate networks, confidential data can be stored as ciphertext, except in reality
When processed.Ciphertext can be converted into the security information (such as encrypting key) of " plaintext " by control, limitation can be passed through
Data safety is safeguarded in presence (unless in background of the height limitation of safety) of the data in plaintext.Recently, data just quilt
It is stored in " cloud " or is processed in " cloud ".Cloud service supplier (not being the enterprise for having data to processing), which provides, calculates money
Source, including processing and database purchase.Cloud service supplier enables computing resource to be used customer, each customer and cloud service
Supplier signs service level agreement (SLA) to be able to access that the computing resource to a certain rank.Enterprise by carrying on the internet
Hand in homework to access these resources to be handled on the computer resource from cloud service supplier " lease ".For safeguarding number
In cloud environment and do not applied to according to the conventional art of peace gold.Although data can transmit on the internet as ciphertext, once
Data are received by cloud service supplier, and data are converted into plain text for many operations.As a result, (inherently in enterprise
It is outside) employee of cloud service supplier is able to access that clear data and may be able to access that for ciphertext to be converted into plain text
Security information.
The content of the invention
It is an object of the invention to provide a kind of safe encryption method of data platform, to solve to carry in above-mentioned background technology
The problem of going out.
To achieve the above object, the present invention provides following technical scheme:
A kind of safe encryption method of data platform, database service is configured to provide cloud database service:With it is described
The computing device of the subscriber of cloud database service exchanges inquiry and Query Result, the first encryption lattice of the inquiry and Query Result
Formula exchanges;And the inquiry and Query Result are handled to decrypt the inquiry and encrypt the Query Result;And with extremely
A few query engine exchanges the inquiry through processing and the result by the query engine to the query execution, through processing
Inquiry and the result performed are exchanged with least the second encryption format, are encoded to be formed using HASH by file to be encrypted in local and are plucked
Will, the summary is sent to remote platform;Obtain and choose instruction;The selected abstract fields of instruction are chosen according to described;By described in
Abstract fields are added in summary document;Judge that the abstract fields whether there is corresponding encryption identification;If in the presence of by described in
Data corresponding to abstract fields are encrypted to generate data ciphertext, and by data ciphertext storage into platform database with
Storage region corresponding to the abstract fields of the summary document.
As the further scheme of the present invention:The HASH codings are encoded using SHA1 or SHA256.
As the further scheme of the present invention:The summary is sent into remote platform to specifically include:Verify the summary
Integrality;The summary is done into HASH coding checkouts.
As the further scheme of the present invention:The selection instruction is to detect cursor to plucking in abstract fields set
Triggered during the continuous action for wanting field;It is described that the abstract fields are added in summary document, including:When the cursor pair
When the continuous action of the abstract fields disappears, if the cursor is plucked in the editing area of the summary document by described
Field is wanted to be added in summary document.
As further scheme of the invention:Summary data corresponding to the abstract fields is encrypted and plucked with generating
Before wanting data ciphertext, in addition to:Search summary data corresponding with the abstract fields;If not finding, plucked to described
Want field to rely on the summary data of field to be calculated to obtain summary data corresponding to the abstract fields, and calculating is obtained
The summary data obtained is added in the summary document;If finding, summary data corresponding to the abstract fields is added
Into the summary document.
As further scheme of the invention:Also include sending the key data block to purpose terminal;By cipher key number
Sent according to the corresponding relation of block and data to be transmitted block to purpose terminal.
Compared with prior art, the beneficial effects of the invention are as follows:The present invention is by judging the abstract fields in summary document
Determine whether to encrypt abstract fields with the presence or absence of corresponding encryption identification, judging encryption mark corresponding to abstract fields presence
During knowledge, abstract fields are encrypted, and the summary document for carrying abstract fields ciphertext is stored into database.So,
It is to pluck in accessed summary document when using the account and password login for having administration authority to database into database
Field ciphertext is wanted, improves the Information Security of database.
Embodiment
The technical scheme in the embodiment of the present invention is clearly and completely described below, it is clear that described embodiment
Only part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, the common skill in this area
The every other embodiment that art personnel are obtained under the premise of creative work is not made, belong to the model that the present invention protects
Enclose.
In the embodiment of the present invention, a kind of safe encryption method of data platform, database service is configured to provide cloud number
Serviced according to storehouse:Inquiry and Query Result, the inquiry and inquiry are exchanged with the computing device of the subscriber of the cloud database service
As a result exchanged with the first encryption format;And the processing inquiry and Query Result are looked into decrypting described in the inquiry and encryption
Ask result;And inquiry through processing is exchanged with least one query engine and by the query engine to the query execution
Result, the result of inquiry and execution through processing exchanges with least the second encryption format, adopts file to be encrypted in local
Encoded to form summary with HASH, the summary is sent to remote platform;Obtain and choose instruction;It is selected according to the selection instruction
Abstract fields;The abstract fields are added in summary document;Judge that the abstract fields are marked with the presence or absence of corresponding encryption
Know;If in the presence of data corresponding to the abstract fields being encrypted to generate data ciphertext, and the data ciphertext is stored
The storage region corresponding with the abstract fields of the summary document into platform database.The HASH codings use SHA1
Or SHA256 codings.The summary is sent into remote platform to specifically include:Verify the integrality of the summary;By the summary
Do HASH coding checkouts.The selection instruction is to detect continuous action of the cursor to the abstract fields in abstract fields set
When trigger;It is described that the abstract fields are added in summary document, including:When the cursor is held to the abstract fields
During continuous event resolves, if the abstract fields are added to summary by the cursor in the editing area of the summary document
In document.Summary data corresponding to the abstract fields is encrypted with before generating summary data ciphertext, in addition to:Search
Summary data corresponding with the abstract fields;If not finding, the abstract fields are relied on the summary data of field
Calculated to obtain summary data corresponding to the abstract fields, and the summary data for calculating acquisition is added to the summary
In document;If finding, summary data corresponding to the abstract fields is added in the summary document.
Present invention additionally comprises send the key data block to purpose terminal;By key data block and data to be transmitted block
Corresponding relation is sent to purpose terminal.
HASH functions:A kind of mathematical function that a large amount of (being likely to significant amount) data are mapped to small amount data, one
The hash functions of individual " good " should evenly spread to hash result at random the scope in resultant field (space).HASH functions are high
The one-way function of quality, meet:A small amount of change (even a BIT) to prime information, the great variety of result can be caused.
There are SHA1, SHA256 using universal HASH functions now.SHA1 result is 20BYTES, 160BITS, result space 2**
160.Because the capacity of result space is limited, and the data space made a summary is unlimited, so having certainly to different numbers
According to input, have identical HASH results.(result of HASH functions is dispersed and one-way function property ensure that such case
Small probability, especially taking human as change input the HASH results can not be caused identical).
The core that data are saved from damage is to calculate selected file to the application interface of sensitive data or electronic evidence invoking server
Digital finger-print, that is, take SHA1 algorithms to do HASH computings, the summary be then sent to service centre.
In summary, the present invention is by judging that the abstract fields in summary document whether there is corresponding encryption identification come really
It is fixed whether abstract fields to be encrypted, when judging encryption identification corresponding to abstract fields presence, abstract fields are encrypted, and
The summary document for carrying abstract fields ciphertext is stored into database.So, when use has administration authority to database
When account and password login are into database, it is abstract fields ciphertext in accessed summary document, improves database
Information Security.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended power
Profit requires rather than described above limits, it is intended that all in the implication and scope of the equivalency of claim by falling
Change is included in the present invention.Moreover, it will be appreciated that although the present specification is described in terms of embodiments, not each
Embodiment only includes an independent technical scheme, and this narrating mode of specification is only this area for clarity
Technical staff should be using specification as an entirety, and the technical solutions in the various embodiments may also be suitably combined, forms this
The other embodiment that art personnel are appreciated that.
Claims (6)
1. a kind of safe encryption method of data platform, it is characterised in that be configured to database service to provide cloud database clothes
Business:Inquiry and Query Result are exchanged with the computing device of the subscriber of the cloud database service, the inquiry and Query Result are used
First encryption format exchanges;And the processing inquiry and Query Result are tied with decrypting the inquiry and encrypting the inquiry
Fruit;And the inquiry through processing and the knot by the query engine to the query execution are exchanged with least one query engine
Fruit, the result of inquiry and execution through processing are exchanged with least the second encryption format, use file to be encrypted in local
HASH is encoded to form summary, and the summary is sent into remote platform;Obtain and choose instruction;Selected pluck is instructed according to described choose
Want field;The abstract fields are added in summary document;Judge that the abstract fields whether there is corresponding encryption identification;
If in the presence of data corresponding to the abstract fields being encrypted to generate data ciphertext, and the data ciphertext storage is arrived
Storage region corresponding with the abstract fields of the summary document in platform database.
2. the safe encryption method of data platform according to claim 1, it is characterised in that the HASH codings use
SHA1 or SHA256 codings.
3. the safe encryption method of data platform according to claim 1, it is characterised in that be sent to the summary remote
Cheng Pingtai is specifically included:Verify the integrality of the summary;The summary is done into HASH coding checkouts.
4. the safe encryption method of data platform according to claim 1, it is characterised in that the selection instruction is to examine
Cursor is measured to triggering during the continuous actions of the abstract fields in abstract fields set;It is described to be added to the abstract fields
In summary document, including:When the cursor disappears to the continuous action of the abstract fields, if the cursor is in the summary
In the editing area of document, then the abstract fields are added in summary document.
5. the safe encryption method of data platform according to claim 1, it is characterised in that the abstract fields are corresponding
Summary data be encrypted with before generating summary data ciphertext, in addition to:Search summary corresponding with the abstract fields
Data;If not finding, the summary data that the abstract fields are relied on field is calculated to obtain the summary word
Summary data corresponding to section, and the summary data for calculating acquisition is added in the summary document;If finding, by described in
Summary data corresponding to abstract fields is added in the summary document.
6. the safe encryption method of data platform according to claim 1, it is characterised in that also include sending out to purpose terminal
Send the key data block;The corresponding relation of key data block and data to be transmitted block is sent to purpose terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710654954.8A CN107451483A (en) | 2017-07-28 | 2017-07-28 | A kind of safe encryption method of data platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710654954.8A CN107451483A (en) | 2017-07-28 | 2017-07-28 | A kind of safe encryption method of data platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107451483A true CN107451483A (en) | 2017-12-08 |
Family
ID=60490363
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710654954.8A Pending CN107451483A (en) | 2017-07-28 | 2017-07-28 | A kind of safe encryption method of data platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107451483A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108683665A (en) * | 2018-05-15 | 2018-10-19 | 国家电网公司 | Data ciphering method, system in fiber optic communication and data transmitting equipment |
CN109711836A (en) * | 2018-11-15 | 2019-05-03 | 远光软件股份有限公司 | A kind of storage method of transaction, storage network and electronic equipment |
CN110650191A (en) * | 2019-09-20 | 2020-01-03 | 浪潮电子信息产业股份有限公司 | Data read-write method of distributed storage system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0689316A2 (en) * | 1994-06-22 | 1995-12-27 | AT&T Corp. | Method and apparatus for user identification and verification of data packets in a wireless communications network |
CN102271124A (en) * | 2010-06-01 | 2011-12-07 | 富士通株式会社 | Data processing equipment and data processing method |
CN105653973A (en) * | 2015-12-16 | 2016-06-08 | 金蝶软件(中国)有限公司 | Data encryption method and apparatus based on business platform |
CN106302449A (en) * | 2016-08-15 | 2017-01-04 | 中国科学院信息工程研究所 | A kind of ciphertext storage cloud service method open with searching ciphertext and system |
-
2017
- 2017-07-28 CN CN201710654954.8A patent/CN107451483A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0689316A2 (en) * | 1994-06-22 | 1995-12-27 | AT&T Corp. | Method and apparatus for user identification and verification of data packets in a wireless communications network |
CN102271124A (en) * | 2010-06-01 | 2011-12-07 | 富士通株式会社 | Data processing equipment and data processing method |
CN105653973A (en) * | 2015-12-16 | 2016-06-08 | 金蝶软件(中国)有限公司 | Data encryption method and apparatus based on business platform |
CN106302449A (en) * | 2016-08-15 | 2017-01-04 | 中国科学院信息工程研究所 | A kind of ciphertext storage cloud service method open with searching ciphertext and system |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108683665A (en) * | 2018-05-15 | 2018-10-19 | 国家电网公司 | Data ciphering method, system in fiber optic communication and data transmitting equipment |
CN109711836A (en) * | 2018-11-15 | 2019-05-03 | 远光软件股份有限公司 | A kind of storage method of transaction, storage network and electronic equipment |
CN110650191A (en) * | 2019-09-20 | 2020-01-03 | 浪潮电子信息产业股份有限公司 | Data read-write method of distributed storage system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Venkatesh et al. | A study of data storage security issues in cloud computing | |
US9946895B1 (en) | Data obfuscation | |
KR101769282B1 (en) | Data security service | |
US8850593B2 (en) | Data management using a virtual machine-data image | |
CN107743133A (en) | Mobile terminal and its access control method and system based on trustable security environment | |
CN105610848B (en) | Possess the centralized data security method and system of source data Security Assurance Mechanism | |
Pant et al. | Three step data security model for cloud computing based on RSA and steganography | |
CA2976701A1 (en) | Cloud encryption key broker apparatuses, methods and systems | |
US8990553B2 (en) | Perimeter encryption method and system | |
EP2743842A1 (en) | Secure search processing system and secure search processing method | |
Gupta et al. | A probability based model for data leakage detection using bigraph | |
CN206212040U (en) | A kind of real-name authentication system for express delivery industry | |
CN108768963A (en) | The communication means and system of trusted application and safety element | |
CN107451483A (en) | A kind of safe encryption method of data platform | |
Ahmad et al. | Assessment on potential security threats and introducing novel data security model in cloud environment | |
CN114363013B (en) | Supervision-friendly blockchain content privacy protection system, message sending and query method | |
CN109862009A (en) | A kind of client identity method of calibration and device | |
CN106713372B (en) | A kind of method of controlling security and safety control system based on permission control | |
CN1913547B (en) | Card distributing user terminer, paying center, and method and system for protecting repaid card data | |
Luo et al. | Accountable data sharing scheme based on blockchain and SGX | |
CN114822796A (en) | Vaccine distribution management system and method based on intelligent contract and contract platform | |
Simpson et al. | Cloud forensics issues | |
Vishwakarma et al. | Designing a cryptosystem for data at rest encryption in mobile payments | |
Rupa et al. | Study and improved data storage in cloud computing using cryptography | |
AlShalaan et al. | Secure Storage System Using Cryptographic Techniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171208 |