CN109840424A - A kind of data base encryption and the system that desensitizes - Google Patents
A kind of data base encryption and the system that desensitizes Download PDFInfo
- Publication number
- CN109840424A CN109840424A CN201811550475.2A CN201811550475A CN109840424A CN 109840424 A CN109840424 A CN 109840424A CN 201811550475 A CN201811550475 A CN 201811550475A CN 109840424 A CN109840424 A CN 109840424A
- Authority
- CN
- China
- Prior art keywords
- data
- module
- desensitization
- database
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention discloses a kind of data base encryption and desensitization system, including user log-in block, authentication module and enterprise information security manage platform, and user log-in block is connect with authentication module, and authentication module manages platform with enterprise information security and connect;Enterprise information security management platform includes data input module, sensitive judgment module, data encryption module, database expansion module, database management module, key management module and desensitization process module, and data input module is connect with sensitive judgment module.The present invention is encrypted by enterprise information security management platform to the data in database and desensitization process; with the protection that encrypts and desensitize to data information; improve the safety and concealment of data; and encryption key is automatically updated by automatically updating module; reduction encryption key is not modified for a long time and there are the risks of leaking data, improves the safety of database data.
Description
Technical field
The invention belongs to technical field of data processing, it is related to a kind of data base encryption and desensitization system.
Background technique
Data information resource-sharing application is the basic principle of informatization.There is the system, enterprise of oneself in each enterprise
System, for store it is some can disclose or not ostensible information, with information-based deep development, these information resources are total to
The demand enjoyed and applied is increasingly vigorous, but there are the shared operation system information securities using relevant information resource of certain amount to protect
Barrier ability is on the weak side, and security risk form is severe.If the safety problem of leakage and abuse occurs for some data informations, can directly produce
Raw severe social influence.
As what database technology was applied in daily economic life is continuously increased, database security has become people pass
The hot spot of note.And at present there is safety difference in the data of database, and after encrypting to database, encryption key is deposited
Persistently constant, there are the risks of leaking data, and partial data will be caused without desensitization process once being obtained by other people
The risk that data leak greatly reduces the safety of data in database.
Summary of the invention
The purpose of the present invention is to provide data base encryption and desensitization system, solve encryption key in existing database
It can not update, cause data that there is the risk of leakage, and desensitization process can not be carried out to data, ask there are Information Security is low
Topic.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of data base encryption and the system that desensitizes, including user log-in block, authentication module and enterprise information security
Platform is managed, user log-in block is connect with authentication module, and authentication module and enterprise information security management platform connect
It connects;
The user log-in block is for carrying out user's login page, into after user's login page, carries out user identity
Certification;
The authentication module is used to input title, the password of user, and whether the title of input and password are met
It is required that being verified, if being verified, otherwise Entry Firm information security management platform continues to verify, until time of verifying
Number is more than the verifying frequency threshold value of setting, then stops authentication;
Enterprise information security management platform is used to encrypt the data in enterprise's information, desensitization process.
Further, enterprise information security management platform includes that data input module, sensitive judgment module, data add
Close module, database expansion module, database management module, key management module and desensitization process module;
Data input module is connect with sensitive judgment module, sensitive judgment module difference data encryption module and desensitization process
Module connection, database expansion module connect with key management module, desensitization process module respectively, database management module with it is close
The connection of key management module;
Data input module is used to receive the data information in user's input database, and the data information of typing is sent
To sensitive judgment module;
Sensitive judgment module is used to receive the logging data information of data input module transmission, to the data information of typing with
The be-encrypted data type stored in database compares, if the corresponding data type of the data information of typing and database expand
The type of the be-encrypted data stored in exhibition module is identical, then data type to the data for sending control extension instruction and typing add
Close module, and judge that the desensitization data information stored in the data information and database expansion module of typing compares, if phase
Together, then desensitization control instruction is sent to desensitization process module;
Data encryption module is used to receive the data type of control extension instruction and typing that sensitive judgment module is sent, right
The data type of typing is encrypted, and the data type of typing and the corresponding encryption key of logging data type is anti-
It is fed to database expansion module;
The data type of the database expansion module typing that encrypting module is fed back for receiving data and the data of typing
The corresponding encryption key of type is simultaneously stored, and one-to-one relationship between data information and encryption key to be encrypted, and
It is stored with desensitization data information and the corresponding hand over word of desensitization data, the data that desensitize are to the hand over word of drink with " * " table
Show;
Database management module is used to whether meet encryption data according to database search request and ask to database search
It asks and carries out keyword screening, extract the maximum encryption data of matching degree coefficient of keyword screening and be sent to key management mould
Block;
Key management module receives the maximum encryption data of matching degree coefficient that database management module is sent and extracts and is somebody's turn to do
The corresponding encryption key of encryption data;
Desensitization process module is used to receive the desensitization control instruction that sensitive judgment module is sent, to the data information of typing with
The desensitization data stored in database expansion module compare, and to desensitization data conversion at the character of setting.
Further, enterprise information security management platform further includes automatically updating module, automatically updates module and database
Expansion module connection, for the fixed cycle to the corresponding encryption key of be-encrypted data stored in database expansion module into
Row updates.
Further, the corresponding pass of the data type that stores in the word and database expansion module of described search request input
Key word is compared one by one, to screen the most data type of the identical quantity of keyword.
Beneficial effects of the present invention:
Data base encryption provided by the invention and desensitization system manage platform in database by enterprise information security
Data carry out encryption and desensitization process, with the protection that encrypts and desensitize to data information, improve the safeties of data with
Concealment, and encryption key is automatically updated by automatically updating module, it reduces encryption key and does not modify and deposit for a long time
In the risk of leaking data, the safety of database data is improved.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, will be described below to embodiment required
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for ability
For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to these attached drawings other attached
Figure.
Fig. 1 is a kind of schematic diagram of data base encryption and desensitization system in the present invention;
Fig. 2 is the schematic diagram that enterprise information security manages platform in the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts all other
Embodiment shall fall within the protection scope of the present invention.
It please refers to shown in Fig. 1 and 2, a kind of data base encryption and the system that desensitizes, including user log-in block, authentication mould
Block and enterprise information security manage platform, and user log-in block is connect with authentication module, and authentication module and enterprise believe
Cease safety management platform connection;
The user log-in block is for carrying out user's login page, into after user's login page, carries out user identity
Certification;
The authentication module is used to input title, the password of user, and whether the title of input and password are met
It is required that being verified, if being verified, otherwise Entry Firm information security management platform continues to verify, until time of verifying
Number is more than the verifying frequency threshold value of setting, then stops authentication;
Enterprise information security management platform be used for enterprise information in data encrypted, desensitization process, to improve data
The safety of data in library.
Enterprise information security management platform includes data input module, sensitive judgment module, data encryption module, database
Expansion module, key management module, automatically updates module and desensitization process module at database management module;
Data input module is connect with sensitive judgment module, sensitive judgment module difference data encryption module and desensitization process
Module connection, database expansion module respectively with key management module, desensitization process module and automatically update module and connect, data
Database management module is connect with key management module.
Data input module is used to receive the data information in user's input database, and the data information of typing is sent
To sensitive judgment module;
Sensitive judgment module is used to receive the logging data information of data input module transmission, to the data information of typing with
The be-encrypted data type stored in database compares, if the corresponding data type of the data information of typing and database expand
The type of the be-encrypted data stored in exhibition module is identical, then data type to the data for sending control extension instruction and typing add
Close module, and judge that the desensitization data information stored in the data information and database expansion module of typing compares, if phase
Together, then desensitization control instruction is sent to desensitization process module;
Data encryption module is used to receive the data type of control extension instruction and typing that sensitive judgment module is sent, right
The data type of typing is encrypted, and the data type of typing and the corresponding encryption key of logging data type is anti-
It is fed to database expansion module;
The data type of the database expansion module typing that encrypting module is fed back for receiving data and the data of typing
The corresponding encryption key of type is simultaneously stored, and one-to-one relationship between data information and encryption key to be encrypted, and
It is stored with desensitization data information and the corresponding hand over word of desensitization data, the data that desensitize are to the hand over word of drink with " * " table
Show;
Database management module is used to whether meet encryption data according to database search request and ask to database search
It asks and carries out keyword screening, extract the maximum encryption data of matching degree coefficient of keyword screening and be sent to key management mould
Block, wherein the corresponding keyword progress of the data type that stores is one by one in the word and database expansion module of searching request input
Comparison, to screen the most data type of the identical quantity of keyword.
Key management module receives the maximum encryption data of matching degree coefficient that database management module is sent and extracts and is somebody's turn to do
The corresponding encryption key of encryption data;
Module is automatically updated to connect with database expansion module, for the fixed cycle to being stored in database expansion module
The corresponding encryption key of be-encrypted data be updated, and fixed cycle time be 2h/ time, realize encryption data it is corresponding adds
Key automatically updates, and reduces encryption key and does not modify and existing leaking data risk for a long time, improves database sector
The safety of business.
Desensitization process module is used to receive the desensitization control instruction that sensitive judgment module is sent, to the data information of typing with
The desensitization data stored in database expansion module compare, and to desensitization data conversion at the character of setting, de- to realize
Quick processing improves the safety of data in database.
Data base encryption provided by the invention and desensitization system manage platform in database by enterprise information security
Data carry out encryption and desensitization process, with the protection that encrypts and desensitize to data information, improve the safeties of data with
Concealment, and encryption key is automatically updated by automatically updating module, it reduces encryption key and does not modify and deposit for a long time
In the risk of leaking data, the safety of database data is improved.
The above content is just an example and description of the concept of the present invention, affiliated those skilled in the art
It makes various modifications or additions to the described embodiments or is substituted in a similar manner, without departing from invention
Design or beyond the scope defined by this claim, be within the scope of protection of the invention.
Claims (4)
1. a kind of data base encryption and desensitization system, it is characterised in that: including user log-in block, authentication module and enterprise
Information security management platform, user log-in block are connect with authentication module, authentication module and enterprise information security pipe
Platform connection;
The user log-in block is for carrying out user's login page, into after user's login page, carries out user identity authentication;
The authentication module is used to input title, the password of user, and whether the title of input and password are met the requirements
It is verified, if being verified, otherwise Entry Firm information security management platform continues to verify, until the number of verifying is super
The verifying frequency threshold value for crossing setting, then stop authentication;
Enterprise information security management platform is used to encrypt the data in enterprise's information, desensitization process.
2. a kind of data base encryption according to claim 1 and desensitization system, it is characterised in that: the enterprise information security
Management platform includes data input module, sensitive judgment module, data encryption module, database expansion module, data base administration
Module, key management module and desensitization process module;
Data input module is connect with sensitive judgment module, sensitive judgment module difference data encryption module and desensitization process module
Connection, database expansion module are connect with key management module, desensitization process module respectively, database management module and key pipe
Manage module connection;
Data input module is used to receive data information in user's input database, and the data information of typing is sent to quick
Feel judgment module;
Sensitive judgment module is used to receive the logging data information of data input module transmission, to the data information and data of typing
The be-encrypted data type stored in library compares, if the corresponding data type of the data information of typing and database expanded mode
The type of the be-encrypted data stored in block is identical, then sends control extension and instruct and the data type of typing to data encryption mould
Block, and judge that the desensitization data information stored in the data information and database expansion module of typing compares, if they are the same, then
Desensitization control instruction is sent to desensitization process module;
Data encryption module is used to receive the data type of control extension instruction and typing that sensitive judgment module is sent, to typing
Data type be encrypted, and the data type of typing and the corresponding encryption key of logging data type are fed back to
Database expansion module;
The data type of the database expansion module typing that encrypting module is fed back for receiving data and the data type of typing
Corresponding encryption key is simultaneously stored, and one-to-one relationship between data information and encryption key to be encrypted, and is stored
There are desensitization data information and the corresponding hand over word of desensitization data, desensitization data indicate the hand over word of drink with " * ";
Database management module be used to whether meet encryption data according to database search request and to database search request into
The screening of row keyword extracts the maximum encryption data of matching degree coefficient of keyword screening and is sent to key management module;
Key management module receives the maximum encryption data of matching degree coefficient that database management module is sent and extracts the encryption
The corresponding encryption key of data;
Desensitization process module is used to receive the desensitization control instruction that sensitive judgment module is sent, to the data information and data of typing
The desensitization data stored in the expansion module of library compare, and to desensitization data conversion at the character of setting.
3. a kind of data base encryption according to claim 2 and desensitization system, it is characterised in that: enterprise information security management
Platform further includes automatically updating module, automatically updates module and connect with database expansion module, is used for the fixed cycle to data
The corresponding encryption key of the be-encrypted data stored in the expansion module of library is updated.
4. a kind of data base encryption according to claim 2 and desensitization system, it is characterised in that: described search request input
Word and database expansion module in the corresponding keyword of the data type that stores compared one by one, it is identical to screen keyword
The most data type of quantity.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811550475.2A CN109840424A (en) | 2018-12-18 | 2018-12-18 | A kind of data base encryption and the system that desensitizes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811550475.2A CN109840424A (en) | 2018-12-18 | 2018-12-18 | A kind of data base encryption and the system that desensitizes |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109840424A true CN109840424A (en) | 2019-06-04 |
Family
ID=66883294
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811550475.2A Pending CN109840424A (en) | 2018-12-18 | 2018-12-18 | A kind of data base encryption and the system that desensitizes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109840424A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111581632A (en) * | 2020-03-26 | 2020-08-25 | 大连交通大学 | Automatic text selection encryption system |
| CN112183496A (en) * | 2020-11-06 | 2021-01-05 | 平安科技(深圳)有限公司 | Secondary encryption method, device and equipment for face recognition information and storage medium |
| CN112417406A (en) * | 2020-12-04 | 2021-02-26 | 中国电子信息产业集团有限公司第六研究所 | Data desensitization method and device, readable storage medium and electronic equipment |
| CN112488638A (en) * | 2019-09-11 | 2021-03-12 | 杭州云想企业管理有限公司 | Enterprise process electronic management system and method |
| CN113691366A (en) * | 2020-05-16 | 2021-11-23 | 成都天瑞芯安科技有限公司 | Desensitized secure biometric identity authentication system |
| CN115314288A (en) * | 2022-08-08 | 2022-11-08 | 广州晁沓科技有限公司 | Data tracing system and method based on block chain technology |
| CN117235682A (en) * | 2023-11-15 | 2023-12-15 | 张家港金典软件有限公司 | Enterprise data sharing method and system based on intelligent enterprise management platform |
| CN117235682B (en) * | 2023-11-15 | 2024-05-28 | 张家港金典软件有限公司 | Enterprise data sharing method and system based on intelligent enterprise management platform |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104965868A (en) * | 2015-06-09 | 2015-10-07 | 广西中烟工业有限责任公司 | Data inquiring and analyzing system and method based on WeChat public platform |
| CN106095954A (en) * | 2016-06-14 | 2016-11-09 | 成都镜杰科技有限责任公司 | Data base management method for enterprise supply chain |
| CN107196951A (en) * | 2017-06-12 | 2017-09-22 | 北京明朝万达科技股份有限公司 | The implementation method and firewall system of a kind of HDFS systems fire wall |
| CN108134791A (en) * | 2017-12-22 | 2018-06-08 | 郑州云海信息技术有限公司 | A kind of data center's total management system login validation method |
| CN108877904A (en) * | 2018-06-06 | 2018-11-23 | 天津阿贝斯努科技有限公司 | A kind of clinical trial information's cloud platform and clinical trial information's cloud management method |
-
2018
- 2018-12-18 CN CN201811550475.2A patent/CN109840424A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104965868A (en) * | 2015-06-09 | 2015-10-07 | 广西中烟工业有限责任公司 | Data inquiring and analyzing system and method based on WeChat public platform |
| CN106095954A (en) * | 2016-06-14 | 2016-11-09 | 成都镜杰科技有限责任公司 | Data base management method for enterprise supply chain |
| CN107196951A (en) * | 2017-06-12 | 2017-09-22 | 北京明朝万达科技股份有限公司 | The implementation method and firewall system of a kind of HDFS systems fire wall |
| CN108134791A (en) * | 2017-12-22 | 2018-06-08 | 郑州云海信息技术有限公司 | A kind of data center's total management system login validation method |
| CN108877904A (en) * | 2018-06-06 | 2018-11-23 | 天津阿贝斯努科技有限公司 | A kind of clinical trial information's cloud platform and clinical trial information's cloud management method |
Non-Patent Citations (1)
| Title |
|---|
| 尚金成等: "《电力市场技术支持系统设计与关键技术研究》", 31 August 2002, 密钥及证书的自动更新 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112488638A (en) * | 2019-09-11 | 2021-03-12 | 杭州云想企业管理有限公司 | Enterprise process electronic management system and method |
| CN111581632A (en) * | 2020-03-26 | 2020-08-25 | 大连交通大学 | Automatic text selection encryption system |
| CN113691366A (en) * | 2020-05-16 | 2021-11-23 | 成都天瑞芯安科技有限公司 | Desensitized secure biometric identity authentication system |
| CN112183496A (en) * | 2020-11-06 | 2021-01-05 | 平安科技(深圳)有限公司 | Secondary encryption method, device and equipment for face recognition information and storage medium |
| CN112183496B (en) * | 2020-11-06 | 2023-06-20 | 平安科技(深圳)有限公司 | Face recognition information secondary encryption method, device, equipment and storage medium |
| CN112417406A (en) * | 2020-12-04 | 2021-02-26 | 中国电子信息产业集团有限公司第六研究所 | Data desensitization method and device, readable storage medium and electronic equipment |
| CN115314288A (en) * | 2022-08-08 | 2022-11-08 | 广州晁沓科技有限公司 | Data tracing system and method based on block chain technology |
| CN115314288B (en) * | 2022-08-08 | 2023-11-10 | 上海好剧影视发行有限公司 | Data tracing system and method based on encryption verification technology |
| CN117235682A (en) * | 2023-11-15 | 2023-12-15 | 张家港金典软件有限公司 | Enterprise data sharing method and system based on intelligent enterprise management platform |
| CN117235682B (en) * | 2023-11-15 | 2024-05-28 | 张家港金典软件有限公司 | Enterprise data sharing method and system based on intelligent enterprise management platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109840424A (en) | A kind of data base encryption and the system that desensitizes | |
| US11438383B2 (en) | Controlling permissible actions a computing device can perform on a data resource based on a use policy evaluating an authorized context of the device | |
| US10356094B2 (en) | Uniqueness and auditing of a data resource through an immutable record of transactions in a hash history | |
| US20200119904A1 (en) | Tamper-proof privileged user access system logs | |
| WO2019205849A1 (en) | Authentication method and apparatus for blockchain access, and storage medium and electronic apparatus | |
| CN111988338B (en) | Permission-controllable Internet of things cloud platform based on block chain and data interaction method | |
| CN109766673A (en) | A kind of alliance's formula audio-video copyright block catenary system and audio-video copyright cochain method | |
| US20160344550A1 (en) | Authentication of a user and/or a device through parallel synchronous update of immutable hash histories | |
| CN101997876B (en) | Attribute-based access control model and cross domain access method thereof | |
| US8365298B2 (en) | Comprehensive security architecture for dynamic, web service based virtual organizations | |
| US20220263660A1 (en) | Authentication through use of an unforgable hash function based credential | |
| JP2002539538A (en) | System, method and computer program product for enabling access to corporate resources using a biometric device | |
| US20210328772A1 (en) | Blockchain Management Platform for Performing Asset Adjustment, Cross Sectional Editing, and Bonding | |
| US11018848B2 (en) | Blockchain management platform for performing asset adjustment, cross sectional editing, and bonding | |
| CN110809006A (en) | Block chain-based Internet of things access control architecture and method | |
| CN105610780A (en) | Interoperation platform among clouds used for education mechanism and method thereof | |
| CN112053274A (en) | Construction guide method and device for government affair block chain network | |
| CN111767568B (en) | Charity project management method, node and system based on alliance chain | |
| CN104580081A (en) | Integrated SSO (single sign on) system | |
| CN113626853A (en) | Searchable encryption method based on block chain and information data processing terminal | |
| CN113722722A (en) | Block chain-based high-security-level access control method and system | |
| CN114913013A (en) | House renting transaction system and house renting transaction method based on block chain | |
| CN113221175A (en) | Authorization method and system based on block chain | |
| CN105635156B (en) | A kind of large-scale distributed financial terminal system | |
| US11012232B2 (en) | Blockchain management platform for performing asset adjustment, cross sectional editing, and bonding |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190604 |