CN109344656A - A kind of data encrypting/de-encrypling method of database, device and equipment - Google Patents

A kind of data encrypting/de-encrypling method of database, device and equipment Download PDF

Info

Publication number
CN109344656A
CN109344656A CN201811446034.8A CN201811446034A CN109344656A CN 109344656 A CN109344656 A CN 109344656A CN 201811446034 A CN201811446034 A CN 201811446034A CN 109344656 A CN109344656 A CN 109344656A
Authority
CN
China
Prior art keywords
data
database
key
encryption
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811446034.8A
Other languages
Chinese (zh)
Other versions
CN109344656B (en
Inventor
纪森
钱海锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Tuya Information Technology Co Ltd
Original Assignee
Hangzhou Tuya Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Tuya Information Technology Co Ltd filed Critical Hangzhou Tuya Information Technology Co Ltd
Priority to CN201811446034.8A priority Critical patent/CN109344656B/en
Publication of CN109344656A publication Critical patent/CN109344656A/en
Application granted granted Critical
Publication of CN109344656B publication Critical patent/CN109344656B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

This application discloses a kind of data ciphering methods of database, comprising: calls handler processor corresponding with the data type of first object data, device encrypts first object data with scheduled cipher mode through this process.Disclosed herein as well is a kind of data decryption methods, comprising: determines the data type of the second target data;Handler processor corresponding with data type is called, device is decrypted the second target data according to scheduled manner of decryption through this process.It can be seen that, in this programme, for the data for reading or being written from database, it is the encryption and decryption realized by handler processor to data, this encryption and decryption mode is easy to use, the encryption and decryption of data can be completed in the complex logic for making developer be not necessarily to pay close attention to bottom, while guaranteeing the high security of data.Disclosed herein as well is the data encryption/decryption devices and equipment of a kind of database, are equally able to achieve above-mentioned technical effect.

Description

A kind of data encrypting/de-encrypling method of database, device and equipment
Technical field
This application involves database encryption technology fields, more specifically to a kind of data encryption/decryption of database Method, apparatus and equipment.
Background technique
With the rapidly development of internet in recent years, incident is more and more information security issues, therefore, letter The secure access problem of breath resource becomes increasingly conspicuous.Encryption is one of key problem of database security, and database encryption technology is A kind of effective means of sensitive information safety in the database is stored in guarantee.Although at present there are more Encryption Algorithm, It is that current Encryption Algorithm has that access is difficult, the encryption of data could be completed by needing to do a large amount of work.
Therefore, how encryption and decryption simply and effectively to be carried out to the data of database, is that those skilled in the art need to solve The problem of.
Summary of the invention
The data encrypting/de-encrypling method, device and equipment for being designed to provide a kind of database of the application, to realize letter It is single that encryption and decryption effectively is carried out to the data of database.
To achieve the above object, the embodiment of the present application provides following technical solution:
A kind of data ciphering method of database, comprising:
Determine the data type of the first object data of database to be written;
Handler processor corresponding with the data type is called, is added by handler processor according to scheduled Close mode encrypts the first object data;
Database is written into encrypted first object data.
Wherein, described to call handler processor corresponding with the data type, pass through handler processor root The first object data are encrypted according to scheduled cipher mode, comprising:
Handler processor corresponding with the data type is called, is added by handler processor according to scheduled Close mode obtains key from encryption key library, encrypts to the first object data.
Wherein it is determined that before the data type of the first object data of database to be written, further includes:
Judge whether data encryption mode is handler mode;
If so, the step of executing the data type of the first object data of determination database to be written;
If it is not, then calls tool class, obtains key from encryption key library by the tool-class, to the first object Data are encrypted.
Wherein, this programme further include:
Receive the addition instruction for carrying new key;
The new key is added to encryption key library, to encrypt using new key to new data.
Wherein, this programme further include:
Being detected using scheduled duration as interval whether there is invalid key in the encryption key library;The invalid key is Expired key or the key revealed;
If it exists, then pending data corresponding with the invalid key is determined from the database;
Decryption oprerations are executed to the pending data using the invalid key, and using in the encryption key library After data after effective key pair decryption execute cryptographic operation, stored again to the database.
A kind of data decryption method of database, comprising:
The second target data is read from database;
Determine the data type of second target data;
Handler processor corresponding with the data type is called, by handler processor according to scheduled solution Second target data is decrypted in close mode.
A kind of data encryption device of database, comprising:
First determining module, the data type of the first object data for determining database to be written;
Encrypting module is handled for calling handler processor corresponding with the data type by handler Device encrypts the first object data according to scheduled cipher mode;
Data write. module, for database to be written in encrypted first object data.
A kind of data decryption apparatus of database, comprising:
Data read module, for reading the second target data from database;
Second determining module, for determining the data type of second target data;
Deciphering module is handled for calling handler processor corresponding with the data type by handler Device is decrypted second target data according to scheduled manner of decryption.
A kind of data encryption equipment of database, comprising:
Memory, for storing computer program;
Processor, when for executing the computer program the step of realization such as data ciphering method of above-mentioned database.
A kind of data decryption apparatus of database, comprising:
Memory, for storing computer program;
Processor, when for executing the computer program the step of realization such as data decryption method of above-mentioned database.
By above scheme it is found that a kind of data ciphering method of database provided by the embodiments of the present application, comprising: determine The data type of the first object data of database to be written;Handler processor corresponding with data type is called, is passed through Handler processor encrypts first object data according to scheduled cipher mode;By encrypted first object data Database is written.The embodiment of the present application also provides a kind of data decryption method of database, comprising: reads the second mesh from database Mark data;Determine the data type of the second target data;Handler processor corresponding with data type is called, is passed through Handler processor is decrypted the second target data according to scheduled manner of decryption.
As it can be seen that in the present solution, being by handler processor for from data database reading or be written Realize the encryption and decryption to data, this encryption and decryption mode is easy to use, and developer is made to be not necessarily to pay close attention to the complex logic of bottom The encryption and decryption of data can be completed, while guaranteeing the high security of data.Disclosed herein as well is a kind of data of database to add Close/decryption device and equipment, are equally able to achieve above-mentioned technical effect.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of application for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of data ciphering method flow diagram of database disclosed in the embodiment of the present application;
Fig. 2 is the data ciphering method flow diagram of another kind database disclosed in the embodiment of the present application;
Fig. 3 is a kind of data encryption device structural schematic diagram of database disclosed in the embodiment of the present application;
Fig. 4 is a kind of data decryption method flow diagram of database disclosed in the embodiment of the present application;
Fig. 5 is the data decryption method flow diagram of another kind database disclosed in the embodiment of the present application;
Fig. 6 is a kind of data decryption apparatus structural schematic diagram of database disclosed in the embodiment of the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall in the protection scope of this application.
The embodiment of the present application discloses the data encrypting/de-encrypling method, device and equipment of a kind of database, simple to realize Encryption and decryption effectively is carried out to the data of database.
Referring to Fig. 1, a kind of data ciphering method of database provided by the embodiments of the present application, comprising:
S101, determine database to be written first object data data type;
Specifically, the first object data in this programme are the data of database to be written, to pass through JDBC (Java DataBase Connectivity, java database connection) update or insertion etc. forms write-in database data, also It is to say, as long as write-in database and the data for needing to encrypt, can be described as first object data;Encryption behaviour is executed in order to determine The handler processor of work, it is thus necessary to determine that the data type of first object data, the data type can be integer, double Etc. types, it is not specific herein to limit.
S102, handler processor corresponding with the data type is called, by handler processor according to pre- Fixed cipher mode encrypts the first object data;
It should be noted that can be called according to different data types after the data type of determining first object data Different handler processors, handler processor add first object data according to preset cipher mode It is close.The preset cipher mode can be common AES (Advanced Encryption Standard, Advanced Encryption The Encryption Algorithm such as Standard), are also possible to tool-class, not specific herein to limit.
Wherein, described to call handler processor corresponding with the data type, pass through handler processor root The first object data are encrypted according to scheduled cipher mode, comprising: call corresponding with the data type Handler processor obtains key from encryption key library by handler processor according to scheduled cipher mode, to institute First object data are stated to be encrypted.
In the present embodiment, it in order to guarantee the safety of key, is not stolen by other people, all key storages is being encrypted Cipher key store, the key for being stored in encryption key library are encrypted by special algorithm;When carrying out the encryption of data, need first from adding The key is obtained in close cipher key store, is then executed cryptographic operation by the key pair first object data obtained, is further increased The safety of the data stored in database.
S103, database is written into encrypted first object data.
It is understood that needing the number that will be encrypted after encrypting by handler processor to first object data According to write-in database, such as: encrypted data are updated, are inserted into database.
As can be seen that this programme encrypts data by this mode easy to use so that developer without The encryption of data can be completed in the complex logic that bottom need to be paid close attention to, while guaranteeing the high security of data.In addition to this, this implementation Example in cipher mode also supports key rotate, when original key expiration or reveal after, the key of data can be changed into it is new, Encrypted component use is not influenced.
Referring to fig. 2, the data ciphering method of a kind of database provided by the embodiments of the present application, comprising:
S201, judge whether data encryption mode is handler mode;If so, executing S202;If it is not, then executing S204;
S202, determine database to be written first object data data type;
S203, handler processor corresponding with the data type is called, by handler processor according to pre- Fixed cipher mode encrypts the first object data, and executes S205;
S204, calls tool class obtain key from encryption key library by the tool-class, to the first object number According to being encrypted, and execute S205;
S205, database is written into encrypted first object data.
It should be noted that in the present embodiment, proposing two kinds of encryption modes, one kind is handler mode, another For general mode;Therefore, before encrypting to first object data, need to judge that the cipher mode of first object data is Which kind of encryption mode.If determining in S201, data encryption mode is handler mode, executes S202-S203, passes through Data are encrypted in handler processor, if it is determined that not being handler mode, then explanation is general mode, is at this moment held Row S204 encrypts data by tool-class.The determination of the encryption mode, it is preset to can be administrative staff, It can be what system was automatically determined according to attribute informations such as size of data, the data types of first object data, so as to allow use Family flexibly selects encryption mode, increases user experience.
Based on above-mentioned any means embodiment, in the present embodiment, this programme further include:
Receive the addition instruction for carrying new key;
New key is added to encryption key library, to encrypt using new key to new data.
In the present embodiment, it needs to detect in encryption key library by interval of scheduled duration with the presence or absence of expired close Key or the key revealed;If it is present adding new key to encryption key library;Therefore, if this programme receives Addition instruction then needs the new key carried in instruction being added to encryption key library, when in this way encrypting new data, just It needs to be encrypted by this data key, to be further reduced data risk.
It should be noted that cipher mode all in this programme supports key to rotate, the original in encryption key library After having key expiration or leakage, new key can will be converted into the key of data encryption, that is to say, that either pass through Handler processor encrypts new data or calls tool class encrypts new data, is required to from database Middle acquisition new key improves the safety of data encryption to not influence encrypted component use.
Based on above-mentioned any embodiment, in the present embodiment, further includes:
Being detected using scheduled duration as interval whether there is invalid key in the encryption key library;The invalid key is Expired key or the key revealed;
If it exists, then pending data corresponding with the invalid key is determined from the database;
Decryption oprerations are executed to the pending data using the invalid key, and using in the encryption key library After data after effective key pair decryption execute cryptographic operation, stored again to the database.
It should be noted that for storing data in the database, in order to avoid there are out of date or for its key The problem of leakage, so that the security risk for generating data storage needs to be periodically detected in encryption key library in the present embodiment With the presence or absence of invalid key, which is the key for having expired key or revealed in this programme;If plus There are invalid keys in close cipher key store, then firstly the need of pending data determining from database, which is to deposit in database The data of storage encrypted by invalid key, and then after needing through invalid key to the decryption of the pending data of acquisition, again It is encrypted using the data of effective key pair decryption in encryption key library, and is stored again into database.
Cryptographic operation and decryption oprerations in the present embodiment, can through the foregoing embodiment in any way execute, That is: it after decryption oprerations being executed to pending data by handler processor, then is executed and is added by handler processor Close operation after can also executing decryption oprerations to pending data by tool-class, then by tool-class executes cryptographic operation;When It so executes cryptographic operation by other means and decryption oprerations can also be to be only illustrated by taking above-mentioned two situations as an example herein.
It is detected it is understood that being periodically detected as by interval of scheduled duration, which can be according to reality Situation is adaptively adjusted;Invalid key in encryption key library is the key for having expired key or having revealed, accordingly , effective key is then key that is not out of date in encryption key library and not revealing, for invalid key, by effective Storage after data encryption can be improved the safety of data storage by key;That is, by will data weight corresponding with invalid key The safety of data storage can be improved, even if data are obtained by attacker, due to the encryption key of data in the mode newly encrypted It is effective key, it is ensured that data can not be decrypted, and further improve the safety of data.
Data encryption device provided by the embodiments of the present application is introduced below, data encryption device described below with Above-described data ciphering method can be cross-referenced.
Referring to Fig. 3, a kind of data encryption device of database provided by the embodiments of the present application, comprising:
First determining module 110, the data type of the first object data for determining database to be written;
First encrypting module 120 passes through for calling handler processor corresponding with the data type Handler processor encrypts the first object data according to scheduled cipher mode;
Data write. module 130, for database to be written in encrypted first object data.
Wherein, the first encrypting module is specifically used for: calling handler processor corresponding with the data type, leads to Handler processor is crossed according to scheduled cipher mode, obtains key from encryption key library, to the first object data into Row encryption.
Wherein, this programme further include:
Command reception module is added, for receiving the addition instruction for carrying new key;
New key adds adding module, for new key to be added to encryption key library, to utilize new key to new data It is encrypted.
Wherein, this programme further include:
First judgment module, for judging whether data encryption mode is handler mode;
First determining module, for determining database to be written when data encryption mode is handler mode The data type of first object data;
Second encrypting module, for when data encryption mode is not handler mode, calls tool class, by described Tool-class obtains key from encryption key library, encrypts to the first object data.
Wherein, this programme further include:
Detection module whether there is invalid key for detecting using scheduled duration as interval in the encryption key library;Institute Stating invalid key is the key for having expired key or having revealed;
Pending data determining module, in the encryption key library there are when invalid key, from the database Middle determination pending data corresponding with the invalid key;
Data decryption module, for executing decryption oprerations to the pending data using the invalid key;
Data encryption module, for executing encryption using the data after effective key pair decryption in the encryption key library Operation;
Data memory module, for being stored encrypted data again to the database.
The embodiment of the present application also discloses a kind of data encryption equipment of database, comprising:
Memory, for storing computer program;
Processor is realized when for executing the computer program such as the data ciphering method in above method embodiment Step.
The embodiment of the present application also discloses a kind of computer readable storage medium, deposits on the computer readable storage medium Computer program is contained, is realized when the computer program is executed by processor such as the data encryption side in above method embodiment The step of method.
Wherein, the storage medium may include: USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. are various can store program The medium of code.
Referring to fig. 4, the data decryption method of a kind of database provided by the embodiments of the present application;It should be noted that this reality The data ciphering method applied in the data decryption method and above-described embodiment in example can be cross-referenced, and same section is herein just not It repeats;The data decryption method specifically includes:
S301, the second target data is read from database;
S302, the data type for determining second target data;
S303, handler processor corresponding with the data type is called, by handler processor according to pre- Second target data is decrypted in fixed manner of decryption.
Wherein, this programme calls corresponding with data type handler processor, by handler processor according to The second target data is decrypted in scheduled manner of decryption, specifically includes: calling at handler corresponding with data type It manages device and obtains key from encryption key library by handler processor according to scheduled manner of decryption, to first mesh Mark data are decrypted.
Specifically, decryption method provided by the present embodiment is corresponded to each other with the encryption method in above-described embodiment, therefore, After database the second target data of reading, also need to be called according to the data type of the second target data corresponding Handler processor is decrypted the second target data according to scheduled manner of decryption by handler processor, also, In order to guarantee the safety of key, do not stolen by other people, by all key storages in encryption key library, in the solution for carrying out data When close, need first to obtain the key from encryption key library, decryption is then executed by the second target data of key pair obtained Operation.As can be seen that this programme encrypts data by this mode easy to use, so that developer is without closing The encryption of data can be completed in the complex logic of note bottom, while guaranteeing the high security of data.
Referring to Fig. 5, the data decryption method of another kind database provided by the embodiments of the present application, comprising:
S401, the second target data is read from database;
S402, judge whether data deciphering mode is handler mode;If so, executing S403;If it is not, then executing S405;
S403, the data type for determining second target data;
S404, handler processor corresponding with the data type is called, by handler processor according to pre- Second target data is decrypted in fixed manner of decryption.
S405, calls tool class obtain key from encryption key library by the tool-class, to second number of targets According to being decrypted.
Likewise, it is similar with encryption mode, when data being decrypted in the present embodiment, equally exist two kinds of decryption Mode, one kind are handler mode, and another kind is general mode;If determining in S402, data manner of decryption is handler mould Formula then executes S403-S404, and data are decrypted by handler processor, if it is determined that be not handler mode, Then explanation is general mode, at this moment executes S405, data are decrypted by tool-class.The determination of the decryption mode, can root It is determined according to the pattern identification carried in the second target data, the pattern identification added mode mark when being the data encryption When knowing, used encryption mode when for indicating the data encryption, therefore decrypting, decryption identical with encryption mode may be selected Mode;Likewise, the decryption mode is also possible to that administrative staff are preset or system is according to the number of the second target data It is automatically determined according to attribute informations such as size, data types, so as to allow the selection decryption mode of user flexibility, increases user's body It tests.
Data decryption apparatus provided by the embodiments of the present application is introduced below, data decryption apparatus described below with Above-described data decryption method can be cross-referenced.
Referring to Fig. 6, a kind of database provided by the embodiments of the present application wherein, comprising:
Data read module 210, for reading the second target data from database;
Second determining module 220, for determining the data type of second target data;
First deciphering module 230 passes through for calling handler processor corresponding with the data type Handler processor is decrypted second target data according to scheduled manner of decryption.
Wherein, the first deciphering module is specifically used for: calling handler processor corresponding with the data type, leads to Handler processor is crossed according to scheduled manner of decryption, obtains key from encryption key library, to second target data into Row decryption.
Wherein, the data decryption apparatus further include:
Second judgment module, for judging whether data deciphering mode is handler mode;
Second determining module, for determining second number of targets when data deciphering mode is handler mode According to data type;
Second deciphering module, for when data deciphering mode is not handler mode, calls tool class, by described Tool-class obtains key from encryption key library, and second target data is decrypted.
The embodiment of the present application also discloses a kind of data decryption apparatus of database, comprising:
Memory, for storing computer program;
Processor is realized when for executing the computer program such as the data decryption method in above method embodiment Step.
The embodiment of the present application also discloses a kind of computer readable storage medium, deposits on the computer readable storage medium Computer program is contained, is realized when the computer program is executed by processor such as the data deciphering side in above method embodiment The step of method.
Wherein, the storage medium may include: USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. are various can store program The medium of code.
As can be seen that data encrypting/de-encrypling method, device, equipment and the computer of this database that this programme proposes Readable storage medium storing program for executing can all handle the data such as the reading, modification, insertion of Mybatis data by corresponding handler Device carries out encryption and decryption by handler processor come the data to different types of data, developer can be made without paying close attention to bottom Complex logic the encryption and decryption of data can be completed, while guaranteeing the high security of data.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with other The difference of embodiment, the same or similar parts in each embodiment may refer to each other.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one The widest scope of cause.

Claims (10)

1. a kind of data ciphering method of database characterized by comprising
Determine the data type of the first object data of database to be written;
Handler processor corresponding with the data type is called, by handler processor according to scheduled encryption side Formula encrypts the first object data;
Database is written into encrypted first object data.
2. data ciphering method according to claim 1, which is characterized in that the calling is corresponding with the data type Handler processor, the first object data are added according to scheduled cipher mode by handler processor It is close, comprising:
Handler processor corresponding with the data type is called, by handler processor according to scheduled encryption side Formula obtains key from encryption key library, encrypts to the first object data.
3. data ciphering method according to claim 1 or 2, which is characterized in that the of the determination database to be written Before the data type of one target data, further includes:
Judge whether data encryption mode is handler mode;
If so, the step of executing the data type of the first object data of determination database to be written;
If it is not, then calls tool class, obtains key from encryption key library by the tool-class, to the first object data It is encrypted.
4. data ciphering method according to claim 3, which is characterized in that further include:
Receive the addition instruction for carrying new key;
The new key is added to encryption key library, to encrypt using the new key to new data.
5. data ciphering method according to claim 3, which is characterized in that further include:
Being detected using scheduled duration as interval whether there is invalid key in the encryption key library;The invalid key is out of date Key or the key revealed;
If it exists, then pending data corresponding with the invalid key is determined from the database;
Decryption oprerations are executed to the pending data using the invalid key, and are utilized effective in the encryption key library After data after key pair decryption execute cryptographic operation, stored again to the database.
6. a kind of data decryption method of database characterized by comprising
The second target data is read from database;
Determine the data type of second target data;
Handler processor corresponding with the data type is called, by handler processor according to scheduled decryption side Second target data is decrypted in formula.
7. a kind of data encryption device of database characterized by comprising
First determining module, the data type of the first object data for determining database to be written;
Encrypting module passes through handler processor root for calling handler processor corresponding with the data type The first object data are encrypted according to scheduled cipher mode;
Data write. module, for database to be written in encrypted first object data.
8. a kind of data decryption apparatus of database characterized by comprising
Data read module, for reading the second target data from database;
Second determining module, for determining the data type of second target data;
Deciphering module passes through handler processor root for calling handler processor corresponding with the data type Second target data is decrypted according to scheduled manner of decryption.
9. a kind of data encryption equipment of database characterized by comprising
Memory, for storing computer program;
Processor realizes that the data of database as described in any one of claim 1 to 5 add when for executing the computer program The step of decryption method.
10. a kind of data decryption apparatus of database characterized by comprising
Memory, for storing computer program;
Processor realizes the data decryption method of database as claimed in claim 6 when for executing the computer program Step.
CN201811446034.8A 2018-11-29 2018-11-29 Database data encryption/decryption method, device and equipment Active CN109344656B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811446034.8A CN109344656B (en) 2018-11-29 2018-11-29 Database data encryption/decryption method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811446034.8A CN109344656B (en) 2018-11-29 2018-11-29 Database data encryption/decryption method, device and equipment

Publications (2)

Publication Number Publication Date
CN109344656A true CN109344656A (en) 2019-02-15
CN109344656B CN109344656B (en) 2021-10-22

Family

ID=65318745

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811446034.8A Active CN109344656B (en) 2018-11-29 2018-11-29 Database data encryption/decryption method, device and equipment

Country Status (1)

Country Link
CN (1) CN109344656B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111079188A (en) * 2019-12-27 2020-04-28 苏州海管家物流科技有限公司 mybatis field encryption and decryption device and encryption and decryption system
CN113722743A (en) * 2021-09-14 2021-11-30 刘晓冰 File encryption and decryption method and related equipment and system
CN115023920A (en) * 2021-11-05 2022-09-06 富途网络科技(深圳)有限公司 Method and device for data processing in stock right incentive system

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119193A (en) * 2006-08-02 2008-02-06 成都若谷科技开发有限公司 Digital player with copyright protection and its complement software
CN101594229A (en) * 2009-06-30 2009-12-02 华南理工大学 A kind of trusted network connection system and method based on combined public key
US20120089839A1 (en) * 2010-10-06 2012-04-12 General Instrument Corporation Online secure device provisioning with online device binding using whitelists
CN103036884A (en) * 2012-12-14 2013-04-10 中国科学院上海微系统与信息技术研究所 Data protection method and system based on homomorphic encryption
CN105022966A (en) * 2015-07-21 2015-11-04 郭俊雄 Database data encryption and decryption method and system
CN105843609A (en) * 2016-03-18 2016-08-10 浪潮软件集团有限公司 MVC frame based on Spring and MyBatis
US20170104746A1 (en) * 2015-10-08 2017-04-13 American Express Travel Related Services Company, Inc. System and method for data security on big data sets
CN107454590A (en) * 2017-07-26 2017-12-08 上海斐讯数据通信技术有限公司 A kind of data ciphering method, decryption method and wireless router
CN207083085U (en) * 2017-08-04 2018-03-09 重庆万里高科技有限公司 A kind of multi-standard data radio station system
CN107995147A (en) * 2016-10-27 2018-05-04 中国电信股份有限公司 Metadata encryption and decryption method and system based on distributed file system
CN108600416A (en) * 2018-07-06 2018-09-28 杭州涂鸦信息技术有限公司 A kind of method that internet of things equipment MAC Address dynamically distributes

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119193A (en) * 2006-08-02 2008-02-06 成都若谷科技开发有限公司 Digital player with copyright protection and its complement software
CN101594229A (en) * 2009-06-30 2009-12-02 华南理工大学 A kind of trusted network connection system and method based on combined public key
US20120089839A1 (en) * 2010-10-06 2012-04-12 General Instrument Corporation Online secure device provisioning with online device binding using whitelists
CN103036884A (en) * 2012-12-14 2013-04-10 中国科学院上海微系统与信息技术研究所 Data protection method and system based on homomorphic encryption
CN105022966A (en) * 2015-07-21 2015-11-04 郭俊雄 Database data encryption and decryption method and system
US20170104746A1 (en) * 2015-10-08 2017-04-13 American Express Travel Related Services Company, Inc. System and method for data security on big data sets
CN105843609A (en) * 2016-03-18 2016-08-10 浪潮软件集团有限公司 MVC frame based on Spring and MyBatis
CN107995147A (en) * 2016-10-27 2018-05-04 中国电信股份有限公司 Metadata encryption and decryption method and system based on distributed file system
CN107454590A (en) * 2017-07-26 2017-12-08 上海斐讯数据通信技术有限公司 A kind of data ciphering method, decryption method and wireless router
CN207083085U (en) * 2017-08-04 2018-03-09 重庆万里高科技有限公司 A kind of multi-standard data radio station system
CN108600416A (en) * 2018-07-06 2018-09-28 杭州涂鸦信息技术有限公司 A kind of method that internet of things equipment MAC Address dynamically distributes

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
FANGZHOU YAO 等: "CryptVMI: Encrypted Virtual Machine Introspection in the Cloud", 《2014 IEEE 7TH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING》 *
乱舞狂刀: "mybatis进阶之typeHandler", 《HTTPS://MY.OSCHINA.NET/FIRSTBING/BLOG/1593353》 *
谢鑫 等: "一种基于虚拟机Handler动态加解密的软件保护方法及实现", 《计算机应用与软件》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111079188A (en) * 2019-12-27 2020-04-28 苏州海管家物流科技有限公司 mybatis field encryption and decryption device and encryption and decryption system
CN111079188B (en) * 2019-12-27 2022-04-15 苏州海管家物流科技有限公司 mybatis field encryption and decryption device and encryption and decryption system
CN113722743A (en) * 2021-09-14 2021-11-30 刘晓冰 File encryption and decryption method and related equipment and system
CN115023920A (en) * 2021-11-05 2022-09-06 富途网络科技(深圳)有限公司 Method and device for data processing in stock right incentive system
WO2023077445A1 (en) * 2021-11-05 2023-05-11 富途网络科技(深圳)有限公司 Method and apparatus for processing data in equity incentive system
CN115023920B (en) * 2021-11-05 2024-01-19 富途网络科技(深圳)有限公司 Method and device for data processing in a equity incentive system

Also Published As

Publication number Publication date
CN109344656B (en) 2021-10-22

Similar Documents

Publication Publication Date Title
CN104156642B (en) A kind of security password input system and method based on safe touch screen control chip
US10341091B2 (en) Secure memory storage
KR101391152B1 (en) Method and apparatus for protecting digital contents stored in USB Mass Storage device
CN107078904B (en) Hybrid cryptographic key derivation
US7194633B2 (en) Device and method with reduced information leakage
CN105450620A (en) Information processing method and device
JP6046360B2 (en) Sensitive data encryption and storage
Chatzikonstantinou et al. Evaluation of cryptography usage in android applications
JP2019505887A (en) Mobile device with reliable execution environment
TW201723920A (en) Hardware enforced one-way cryptography
EP3625720B1 (en) Reducing compromise of sensitive data in virtual machine
US10250387B1 (en) Quantum computer resistant algorithm cryptographic key generation, storage, and transfer device
CN106416124A (en) Semi-deterministic digital signature generation
CN103378971B (en) A kind of data encryption system and method
CN103210396A (en) Method and apparatus including architecture for protecting sensitive code and data
CN109344656A (en) A kind of data encrypting/de-encrypling method of database, device and equipment
CN204242180U (en) A kind of security password input system based on safe touch screen control chip
WO2016190924A2 (en) Side channel analysis resistant architecture
CN110287208A (en) The method and apparatus of database field encryption, storage medium
Lee et al. Security issues on the CNG cryptography library (Cryptography API: Next Generation)
CN107563226B (en) Memory controller, processor module and key updating method
CN106548351A (en) A kind of optimization method and terminal of fingerprint payment flow
JP2010217975A (en) Information processor, application program, and method for executing application program
JP6899308B2 (en) Information processing device and data processing method of information processing device
US9122504B2 (en) Apparatus and method for encryption in virtualized environment using auxiliary medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant