CN110245513A - A kind of Design of Database Encryption - Google Patents
A kind of Design of Database Encryption Download PDFInfo
- Publication number
- CN110245513A CN110245513A CN201910550855.4A CN201910550855A CN110245513A CN 110245513 A CN110245513 A CN 110245513A CN 201910550855 A CN201910550855 A CN 201910550855A CN 110245513 A CN110245513 A CN 110245513A
- Authority
- CN
- China
- Prior art keywords
- key
- field
- user
- encryption
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Abstract
The invention patent relates to a kind of Design of Database Encryption; the invention proposes a kind of database encryption methods; field key is randomly generated with symmetric encipherment algorithm to encrypt to sensitive field; field key is encrypted using the private key of rivest, shamir, adelman again, the safety of private key is finally protected using user password.
Description
Technical field
The present invention relates to informatizations, and in particular to a kind of Design of Database Encryption.
Background technique
With the rapid development of information technology, the safety of data information has become the protrusion that current information society pays special attention to
Problem.And in traditional Database Systems, data are stored in the form of plaintext, for some important departments or sensitive neck
The safety of the data in domain is must take seriously the problem of.Under the conditions of current technology, data and information are protected most
Effective method stores in the database again after exactly encrypting them, because having added close data and information, even if by
It steals, obtaining taker can also have no way of finding out about it their corresponding confidential datas because that can not crack the ciphertext stolen.It will be in database
Data and information encrypt, must just design a kind of data base encryption mechanism.
Patent of invention content
The invention patent relates to a kind of Design of Database Encryption, and the invention proposes a kind of database encryption methods, i.e., with symmetrical
Field key is randomly generated to encrypt to sensitive field in Encryption Algorithm, then using rivest, shamir, adelman private key come to word
Section key is encrypted, and the safety of private key is finally protected using user password.
Specific embodiment
The invention patent relates to a kind of Design of Database Encryption, and the invention proposes a kind of database encryption methods, that is, use
Field key is randomly generated to encrypt to sensitive field in symmetric encipherment algorithm, then using rivest, shamir, adelman private key come
Field key is encrypted, the safety of private key is finally protected using user password.
Further, data base encryption mechanism proposed by the present invention is built upon on the cipher mode based on field.
The present invention uses symmetric encipherment algorithm control system that a symmetric key is randomly generated for sensitive field.In tables of data in the field
All data, all carry out encryption storage with this symmetric key, which is referred to as field key.With field key pair
After field is encrypted, the ownership of the field key will be awarded in authorized user by certain mode.And for not conforming to
Method user, including DBA do not authorize the field key.By checking whether user possesses the field key of the field, to judge
Data in the whether accessible encrypted fields of one user.Legitimate user can be used field key encryption and decrypt the word
Data in section.Field key is that system is randomly generated, user can field key data record in the physical medium of safety or
In file, user takes out corresponding key when to be used when.But this mode exists tight in terms of safety and ease for use
Weight problem, such as the replacement problem of field key, over-burden by user, safety difference.
Further, the method that the present invention uses rivest, shamir, adelman, encrypts field key with private key,
It is inconvenient field key bring can be saved to avoid user oneself.Present invention public key encrypts field key, and legitimate user uses
The field key encrypted is decrypted in the private key of oneself, obtains the plaintext version of field key, in this way can be with
Good protected field key.
Further, private key cannot be stored in the form of plaintext.Since each database user has one
Password, can be with the password of database user come the private key of encipherment protection authorized user.Method is: firstly, whether confirming user
Have input correct password.If user password is correct, login successfully;Conversely, login failure, is exited.After user successfully logs in,
By its password MD5 algorithm for encryption, the MD5 value of password is obtained.When calling aes algorithm encrypts the private key of authorized user
When, this password md5 encryption value is used as key.Secondly, the private key of key form is stored in database.
Further, encryption dictionary is the center for storing encryption information, it is centrally stored, and all pairs of data encrypt
Key, all encrypting database authorized users public key and private key and some other necessary information.
Further, it is built upon due to encryption mechanism of the invention on the cipher mode based on field, so, it builds
An Encrypted_Field entity is found to describe the field that we need to encrypt.Establish an Encrypt-ed_Table
Entity describes the database table there are encrypted fields.An Authorized_User entity is established to describe encrypting database
Legitimate user, with public_key and two important attributes of encrypted_private_key.
The above description is only a preferred embodiment of the patent of the present invention, is not intended to limit the invention patent, all at this
Made any modifications, equivalent replacements, and improvements etc., should be included in the invention patent within the spirit and principle of patent of invention
Protection scope within.
Claims (5)
1. a kind of Design of Database Encryption, which is characterized in that the invention proposes a kind of database encryption methods, i.e., are added with symmetrical
Field key is randomly generated to encrypt to sensitive field in close algorithm, then using rivest, shamir, adelman private key come to field
Key is encrypted, and the safety of private key is finally protected using user password.
2. a kind of Design of Database Encryption according to claim 1, which is characterized in that data base encryption proposed by the present invention
Mechanism is built upon on the cipher mode based on field, and the present invention uses symmetric encipherment algorithm control system for sensitive field
A symmetric key is randomly generated.
3. a kind of Design of Database Encryption according to claim 1, which is characterized in that the present invention is calculated using asymmetric encryption
The method of method encrypts field key with private key, and it is inconvenient can to save field key bring to avoid user oneself.
4. a kind of Design of Database Encryption according to claim 1, which is characterized in that the present invention is close to field using public key
Key encryption, legitimate user are decrypted the field key encrypted using the private key of oneself, obtain the plaintext shape of field key
Formula can be very good protected field key in this way.
5. a kind of Design of Database Encryption according to claim 1, which is characterized in that cannot be with the shape of plaintext for private key
Formula is stored, and since each database user has a password, can be awarded with the password of database user come encipherment protection
Weigh the private key of user;Method is: firstly, whether confirmation user has input correct password;If user password is correct, log at
Function;Conversely, login failure, is exited;After user successfully logs in, by its password MD5 algorithm for encryption, the MD5 value of password is obtained;When
When aes algorithm being called to encrypt the private key of authorized user, this password md5 encryption value is used as key;Secondly, handle
The private key of key form is stored in database.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910550855.4A CN110245513A (en) | 2019-06-24 | 2019-06-24 | A kind of Design of Database Encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910550855.4A CN110245513A (en) | 2019-06-24 | 2019-06-24 | A kind of Design of Database Encryption |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110245513A true CN110245513A (en) | 2019-09-17 |
Family
ID=67889157
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910550855.4A Withdrawn CN110245513A (en) | 2019-06-24 | 2019-06-24 | A kind of Design of Database Encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110245513A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111639348A (en) * | 2020-05-14 | 2020-09-08 | 瀚高基础软件股份有限公司 | Management method and device of database keys |
CN114491580A (en) * | 2021-12-30 | 2022-05-13 | 深圳市恒创智达信息技术有限公司 | Database sensitive information encryption method and device |
-
2019
- 2019-06-24 CN CN201910550855.4A patent/CN110245513A/en not_active Withdrawn
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111639348A (en) * | 2020-05-14 | 2020-09-08 | 瀚高基础软件股份有限公司 | Management method and device of database keys |
CN114491580A (en) * | 2021-12-30 | 2022-05-13 | 深圳市恒创智达信息技术有限公司 | Database sensitive information encryption method and device |
CN114491580B (en) * | 2021-12-30 | 2022-10-04 | 深圳市恒创智达信息技术有限公司 | Database sensitive information encryption method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
RU2718689C2 (en) | Confidential communication control | |
EP2430789B1 (en) | Protection of encryption keys in a database | |
JP5562687B2 (en) | Securing communications sent by a first user to a second user | |
CN104868996A (en) | Data encryption and decryption method, device thereof, and terminal | |
US8051297B2 (en) | Method for binding a security element to a mobile device | |
Deshmukh et al. | Transparent Data Encryption--Solution for Security of Database Contents | |
US20180375652A1 (en) | Method for re-keying an encrpyted data file | |
CN101515319B (en) | Cipher key processing method, cipher key cryptography service system and cipher key consultation method | |
KR20130039354A (en) | Database management system and encrypting method thereof | |
CN102402664A (en) | Data access control device and data access control method | |
CA2714196A1 (en) | Information distribution system and program for the same | |
CN105141593A (en) | Private cloud platform secure computation method | |
CN106533663B (en) | Data ciphering method, encryption method, apparatus and data decryption method, decryption method, apparatus | |
JP6049914B2 (en) | Cryptographic system, key generation device, and re-encryption device | |
US20170351871A1 (en) | Data Owner Controlled Data Storage Privacy Protection Technique | |
TW201003451A (en) | Safety storage device with two-stage symmetrical encryption algorithm | |
CN104866784A (en) | BIOS encryption-based safety hard disk, and data encryption and decryption method | |
CN110245513A (en) | A kind of Design of Database Encryption | |
US11044105B2 (en) | System, method, and computer program product for sensitive data recovery in high security systems | |
US11386429B2 (en) | Cryptocurrency securing method and device thereof | |
CN103530533B (en) | Digital copyright management method and again method of commerce | |
CA2553081A1 (en) | A method for binding a security element to a mobile device | |
US20140075193A1 (en) | Storage method | |
CN100561913C (en) | A kind of method of access code equipment | |
CN105187456A (en) | Cloud-drive file data safety protection method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20190917 |
|
WW01 | Invention patent application withdrawn after publication |