CN107451483A - A kind of safe encryption method of data platform - Google Patents

A kind of safe encryption method of data platform Download PDF

Info

Publication number
CN107451483A
CN107451483A CN201710654954.8A CN201710654954A CN107451483A CN 107451483 A CN107451483 A CN 107451483A CN 201710654954 A CN201710654954 A CN 201710654954A CN 107451483 A CN107451483 A CN 107451483A
Authority
CN
China
Prior art keywords
data
abstract fields
inquiry
abstract
fields
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710654954.8A
Other languages
Chinese (zh)
Inventor
张凡伊
张剑
冯焕霞
寇慧
邹雅欣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Foshan Academy Of South Data Sciences
Original Assignee
Foshan Academy Of South Data Sciences
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Foshan Academy Of South Data Sciences filed Critical Foshan Academy Of South Data Sciences
Priority to CN201710654954.8A priority Critical patent/CN107451483A/en
Publication of CN107451483A publication Critical patent/CN107451483A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The invention discloses a kind of safe encryption method of data platform, and database service is configured to provide cloud database service:Inquiry and Query Result are exchanged with the computing device of the subscriber of the cloud database service, the inquiry and Query Result are exchanged with the first encryption format;And the inquiry and Query Result are handled to decrypt the inquiry and encrypt the Query Result.The present invention is by judging that the abstract fields in summary document whether there is corresponding encryption identification to determine whether to encrypt abstract fields, when judging encryption identification corresponding to abstract fields presence, abstract fields are encrypted, and the summary document for carrying abstract fields ciphertext is stored into database.So, when using the account and password login for having administration authority to database into database, it is abstract fields ciphertext in accessed summary document, improves the Information Security of database.

Description

A kind of safe encryption method of data platform
Technical field
The present invention relates to a kind of encryption method, specifically a kind of safe encryption method of data platform.
Background technology
In many calculating applications, it is desirable to keep that data safety.For example, it is specified that requiring safe to use in medical context Measure prevents the patient data from being accessed by unauthorized party.If financial data (the credit number or social security of such as enterprise customers Security number) obtained by malicious parties, then a large amount of financial losses may occur.In order to protect data, enterprise can use various safety Technology is come the unwarranted access of safeguarding themselves computer system to prevent to data.Enterprise can use physics and Electronic technology controls the access to secure data.A kind of replacement method of data is protected (even if can not be hindered in all scenario Only to the access of data) it is to data encryption when storing data in computer system.The data that are already encrypted or Otherwise it is processed as also determining data so as to which even if unauthorized party have accessed the data unauthorized parties Meaning data be sometimes referred to as " ciphertext ".In corporate networks, confidential data can be stored as ciphertext, except in reality When processed.Ciphertext can be converted into the security information (such as encrypting key) of " plaintext " by control, limitation can be passed through Data safety is safeguarded in presence (unless in background of the height limitation of safety) of the data in plaintext.Recently, data just quilt It is stored in " cloud " or is processed in " cloud ".Cloud service supplier (not being the enterprise for having data to processing), which provides, calculates money Source, including processing and database purchase.Cloud service supplier enables computing resource to be used customer, each customer and cloud service Supplier signs service level agreement (SLA) to be able to access that the computing resource to a certain rank.Enterprise by carrying on the internet Hand in homework to access these resources to be handled on the computer resource from cloud service supplier " lease ".For safeguarding number In cloud environment and do not applied to according to the conventional art of peace gold.Although data can transmit on the internet as ciphertext, once Data are received by cloud service supplier, and data are converted into plain text for many operations.As a result, (inherently in enterprise It is outside) employee of cloud service supplier is able to access that clear data and may be able to access that for ciphertext to be converted into plain text Security information.
The content of the invention
It is an object of the invention to provide a kind of safe encryption method of data platform, to solve to carry in above-mentioned background technology The problem of going out.
To achieve the above object, the present invention provides following technical scheme:
A kind of safe encryption method of data platform, database service is configured to provide cloud database service:With it is described The computing device of the subscriber of cloud database service exchanges inquiry and Query Result, the first encryption lattice of the inquiry and Query Result Formula exchanges;And the inquiry and Query Result are handled to decrypt the inquiry and encrypt the Query Result;And with extremely A few query engine exchanges the inquiry through processing and the result by the query engine to the query execution, through processing Inquiry and the result performed are exchanged with least the second encryption format, are encoded to be formed using HASH by file to be encrypted in local and are plucked Will, the summary is sent to remote platform;Obtain and choose instruction;The selected abstract fields of instruction are chosen according to described;By described in Abstract fields are added in summary document;Judge that the abstract fields whether there is corresponding encryption identification;If in the presence of by described in Data corresponding to abstract fields are encrypted to generate data ciphertext, and by data ciphertext storage into platform database with Storage region corresponding to the abstract fields of the summary document.
As the further scheme of the present invention:The HASH codings are encoded using SHA1 or SHA256.
As the further scheme of the present invention:The summary is sent into remote platform to specifically include:Verify the summary Integrality;The summary is done into HASH coding checkouts.
As the further scheme of the present invention:The selection instruction is to detect cursor to plucking in abstract fields set Triggered during the continuous action for wanting field;It is described that the abstract fields are added in summary document, including:When the cursor pair When the continuous action of the abstract fields disappears, if the cursor is plucked in the editing area of the summary document by described Field is wanted to be added in summary document.
As further scheme of the invention:Summary data corresponding to the abstract fields is encrypted and plucked with generating Before wanting data ciphertext, in addition to:Search summary data corresponding with the abstract fields;If not finding, plucked to described Want field to rely on the summary data of field to be calculated to obtain summary data corresponding to the abstract fields, and calculating is obtained The summary data obtained is added in the summary document;If finding, summary data corresponding to the abstract fields is added Into the summary document.
As further scheme of the invention:Also include sending the key data block to purpose terminal;By cipher key number Sent according to the corresponding relation of block and data to be transmitted block to purpose terminal.
Compared with prior art, the beneficial effects of the invention are as follows:The present invention is by judging the abstract fields in summary document Determine whether to encrypt abstract fields with the presence or absence of corresponding encryption identification, judging encryption mark corresponding to abstract fields presence During knowledge, abstract fields are encrypted, and the summary document for carrying abstract fields ciphertext is stored into database.So, It is to pluck in accessed summary document when using the account and password login for having administration authority to database into database Field ciphertext is wanted, improves the Information Security of database.
Embodiment
The technical scheme in the embodiment of the present invention is clearly and completely described below, it is clear that described embodiment Only part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, the common skill in this area The every other embodiment that art personnel are obtained under the premise of creative work is not made, belong to the model that the present invention protects Enclose.
In the embodiment of the present invention, a kind of safe encryption method of data platform, database service is configured to provide cloud number Serviced according to storehouse:Inquiry and Query Result, the inquiry and inquiry are exchanged with the computing device of the subscriber of the cloud database service As a result exchanged with the first encryption format;And the processing inquiry and Query Result are looked into decrypting described in the inquiry and encryption Ask result;And inquiry through processing is exchanged with least one query engine and by the query engine to the query execution Result, the result of inquiry and execution through processing exchanges with least the second encryption format, adopts file to be encrypted in local Encoded to form summary with HASH, the summary is sent to remote platform;Obtain and choose instruction;It is selected according to the selection instruction Abstract fields;The abstract fields are added in summary document;Judge that the abstract fields are marked with the presence or absence of corresponding encryption Know;If in the presence of data corresponding to the abstract fields being encrypted to generate data ciphertext, and the data ciphertext is stored The storage region corresponding with the abstract fields of the summary document into platform database.The HASH codings use SHA1 Or SHA256 codings.The summary is sent into remote platform to specifically include:Verify the integrality of the summary;By the summary Do HASH coding checkouts.The selection instruction is to detect continuous action of the cursor to the abstract fields in abstract fields set When trigger;It is described that the abstract fields are added in summary document, including:When the cursor is held to the abstract fields During continuous event resolves, if the abstract fields are added to summary by the cursor in the editing area of the summary document In document.Summary data corresponding to the abstract fields is encrypted with before generating summary data ciphertext, in addition to:Search Summary data corresponding with the abstract fields;If not finding, the abstract fields are relied on the summary data of field Calculated to obtain summary data corresponding to the abstract fields, and the summary data for calculating acquisition is added to the summary In document;If finding, summary data corresponding to the abstract fields is added in the summary document.
Present invention additionally comprises send the key data block to purpose terminal;By key data block and data to be transmitted block Corresponding relation is sent to purpose terminal.
HASH functions:A kind of mathematical function that a large amount of (being likely to significant amount) data are mapped to small amount data, one The hash functions of individual " good " should evenly spread to hash result at random the scope in resultant field (space).HASH functions are high The one-way function of quality, meet:A small amount of change (even a BIT) to prime information, the great variety of result can be caused. There are SHA1, SHA256 using universal HASH functions now.SHA1 result is 20BYTES, 160BITS, result space 2** 160.Because the capacity of result space is limited, and the data space made a summary is unlimited, so having certainly to different numbers According to input, have identical HASH results.(result of HASH functions is dispersed and one-way function property ensure that such case Small probability, especially taking human as change input the HASH results can not be caused identical).
The core that data are saved from damage is to calculate selected file to the application interface of sensitive data or electronic evidence invoking server Digital finger-print, that is, take SHA1 algorithms to do HASH computings, the summary be then sent to service centre.
In summary, the present invention is by judging that the abstract fields in summary document whether there is corresponding encryption identification come really It is fixed whether abstract fields to be encrypted, when judging encryption identification corresponding to abstract fields presence, abstract fields are encrypted, and The summary document for carrying abstract fields ciphertext is stored into database.So, when use has administration authority to database When account and password login are into database, it is abstract fields ciphertext in accessed summary document, improves database Information Security.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended power Profit requires rather than described above limits, it is intended that all in the implication and scope of the equivalency of claim by falling Change is included in the present invention.Moreover, it will be appreciated that although the present specification is described in terms of embodiments, not each Embodiment only includes an independent technical scheme, and this narrating mode of specification is only this area for clarity Technical staff should be using specification as an entirety, and the technical solutions in the various embodiments may also be suitably combined, forms this The other embodiment that art personnel are appreciated that.

Claims (6)

1. a kind of safe encryption method of data platform, it is characterised in that be configured to database service to provide cloud database clothes Business:Inquiry and Query Result are exchanged with the computing device of the subscriber of the cloud database service, the inquiry and Query Result are used First encryption format exchanges;And the processing inquiry and Query Result are tied with decrypting the inquiry and encrypting the inquiry Fruit;And the inquiry through processing and the knot by the query engine to the query execution are exchanged with least one query engine Fruit, the result of inquiry and execution through processing are exchanged with least the second encryption format, use file to be encrypted in local HASH is encoded to form summary, and the summary is sent into remote platform;Obtain and choose instruction;Selected pluck is instructed according to described choose Want field;The abstract fields are added in summary document;Judge that the abstract fields whether there is corresponding encryption identification; If in the presence of data corresponding to the abstract fields being encrypted to generate data ciphertext, and the data ciphertext storage is arrived Storage region corresponding with the abstract fields of the summary document in platform database.
2. the safe encryption method of data platform according to claim 1, it is characterised in that the HASH codings use SHA1 or SHA256 codings.
3. the safe encryption method of data platform according to claim 1, it is characterised in that be sent to the summary remote Cheng Pingtai is specifically included:Verify the integrality of the summary;The summary is done into HASH coding checkouts.
4. the safe encryption method of data platform according to claim 1, it is characterised in that the selection instruction is to examine Cursor is measured to triggering during the continuous actions of the abstract fields in abstract fields set;It is described to be added to the abstract fields In summary document, including:When the cursor disappears to the continuous action of the abstract fields, if the cursor is in the summary In the editing area of document, then the abstract fields are added in summary document.
5. the safe encryption method of data platform according to claim 1, it is characterised in that the abstract fields are corresponding Summary data be encrypted with before generating summary data ciphertext, in addition to:Search summary corresponding with the abstract fields Data;If not finding, the summary data that the abstract fields are relied on field is calculated to obtain the summary word Summary data corresponding to section, and the summary data for calculating acquisition is added in the summary document;If finding, by described in Summary data corresponding to abstract fields is added in the summary document.
6. the safe encryption method of data platform according to claim 1, it is characterised in that also include sending out to purpose terminal Send the key data block;The corresponding relation of key data block and data to be transmitted block is sent to purpose terminal.
CN201710654954.8A 2017-07-28 2017-07-28 A kind of safe encryption method of data platform Pending CN107451483A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710654954.8A CN107451483A (en) 2017-07-28 2017-07-28 A kind of safe encryption method of data platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710654954.8A CN107451483A (en) 2017-07-28 2017-07-28 A kind of safe encryption method of data platform

Publications (1)

Publication Number Publication Date
CN107451483A true CN107451483A (en) 2017-12-08

Family

ID=60490363

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710654954.8A Pending CN107451483A (en) 2017-07-28 2017-07-28 A kind of safe encryption method of data platform

Country Status (1)

Country Link
CN (1) CN107451483A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108683665A (en) * 2018-05-15 2018-10-19 国家电网公司 Data ciphering method, system in fiber optic communication and data transmitting equipment
CN109711836A (en) * 2018-11-15 2019-05-03 远光软件股份有限公司 A kind of storage method of transaction, storage network and electronic equipment
CN110650191A (en) * 2019-09-20 2020-01-03 浪潮电子信息产业股份有限公司 Data read-write method of distributed storage system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0689316A2 (en) * 1994-06-22 1995-12-27 AT&T Corp. Method and apparatus for user identification and verification of data packets in a wireless communications network
CN102271124A (en) * 2010-06-01 2011-12-07 富士通株式会社 Data processing equipment and data processing method
CN105653973A (en) * 2015-12-16 2016-06-08 金蝶软件(中国)有限公司 Data encryption method and apparatus based on business platform
CN106302449A (en) * 2016-08-15 2017-01-04 中国科学院信息工程研究所 A kind of ciphertext storage cloud service method open with searching ciphertext and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0689316A2 (en) * 1994-06-22 1995-12-27 AT&T Corp. Method and apparatus for user identification and verification of data packets in a wireless communications network
CN102271124A (en) * 2010-06-01 2011-12-07 富士通株式会社 Data processing equipment and data processing method
CN105653973A (en) * 2015-12-16 2016-06-08 金蝶软件(中国)有限公司 Data encryption method and apparatus based on business platform
CN106302449A (en) * 2016-08-15 2017-01-04 中国科学院信息工程研究所 A kind of ciphertext storage cloud service method open with searching ciphertext and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108683665A (en) * 2018-05-15 2018-10-19 国家电网公司 Data ciphering method, system in fiber optic communication and data transmitting equipment
CN109711836A (en) * 2018-11-15 2019-05-03 远光软件股份有限公司 A kind of storage method of transaction, storage network and electronic equipment
CN110650191A (en) * 2019-09-20 2020-01-03 浪潮电子信息产业股份有限公司 Data read-write method of distributed storage system

Similar Documents

Publication Publication Date Title
Venkatesh et al. A study of data storage security issues in cloud computing
US9946895B1 (en) Data obfuscation
KR101769282B1 (en) Data security service
US8850593B2 (en) Data management using a virtual machine-data image
CN107743133A (en) Mobile terminal and its access control method and system based on trustable security environment
CN105610848B (en) Possess the centralized data security method and system of source data Security Assurance Mechanism
Pant et al. Three step data security model for cloud computing based on RSA and steganography
CA2976701A1 (en) Cloud encryption key broker apparatuses, methods and systems
US8990553B2 (en) Perimeter encryption method and system
EP2743842A1 (en) Secure search processing system and secure search processing method
Gupta et al. A probability based model for data leakage detection using bigraph
CN206212040U (en) A kind of real-name authentication system for express delivery industry
CN108768963A (en) The communication means and system of trusted application and safety element
CN107451483A (en) A kind of safe encryption method of data platform
Ahmad et al. Assessment on potential security threats and introducing novel data security model in cloud environment
CN114363013B (en) Supervision-friendly blockchain content privacy protection system, message sending and query method
CN109862009A (en) A kind of client identity method of calibration and device
CN106713372B (en) A kind of method of controlling security and safety control system based on permission control
CN1913547B (en) Card distributing user terminer, paying center, and method and system for protecting repaid card data
Luo et al. Accountable data sharing scheme based on blockchain and SGX
CN114822796A (en) Vaccine distribution management system and method based on intelligent contract and contract platform
Simpson et al. Cloud forensics issues
Vishwakarma et al. Designing a cryptosystem for data at rest encryption in mobile payments
Rupa et al. Study and improved data storage in cloud computing using cryptography
AlShalaan et al. Secure Storage System Using Cryptographic Techniques

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171208