CN110245513A - A kind of Design of Database Encryption - Google Patents

A kind of Design of Database Encryption Download PDF

Info

Publication number
CN110245513A
CN110245513A CN201910550855.4A CN201910550855A CN110245513A CN 110245513 A CN110245513 A CN 110245513A CN 201910550855 A CN201910550855 A CN 201910550855A CN 110245513 A CN110245513 A CN 110245513A
Authority
CN
China
Prior art keywords
key
field
user
encryption
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201910550855.4A
Other languages
Chinese (zh)
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changsha Shu Tong Mdt Infotech Ltd
Original Assignee
Changsha Shu Tong Mdt Infotech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changsha Shu Tong Mdt Infotech Ltd filed Critical Changsha Shu Tong Mdt Infotech Ltd
Priority to CN201910550855.4A priority Critical patent/CN110245513A/en
Publication of CN110245513A publication Critical patent/CN110245513A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Abstract

The invention patent relates to a kind of Design of Database Encryption; the invention proposes a kind of database encryption methods; field key is randomly generated with symmetric encipherment algorithm to encrypt to sensitive field; field key is encrypted using the private key of rivest, shamir, adelman again, the safety of private key is finally protected using user password.

Description

A kind of Design of Database Encryption
Technical field
The present invention relates to informatizations, and in particular to a kind of Design of Database Encryption.
Background technique
With the rapid development of information technology, the safety of data information has become the protrusion that current information society pays special attention to Problem.And in traditional Database Systems, data are stored in the form of plaintext, for some important departments or sensitive neck The safety of the data in domain is must take seriously the problem of.Under the conditions of current technology, data and information are protected most Effective method stores in the database again after exactly encrypting them, because having added close data and information, even if by It steals, obtaining taker can also have no way of finding out about it their corresponding confidential datas because that can not crack the ciphertext stolen.It will be in database Data and information encrypt, must just design a kind of data base encryption mechanism.
Patent of invention content
The invention patent relates to a kind of Design of Database Encryption, and the invention proposes a kind of database encryption methods, i.e., with symmetrical Field key is randomly generated to encrypt to sensitive field in Encryption Algorithm, then using rivest, shamir, adelman private key come to word Section key is encrypted, and the safety of private key is finally protected using user password.
Specific embodiment
The invention patent relates to a kind of Design of Database Encryption, and the invention proposes a kind of database encryption methods, that is, use Field key is randomly generated to encrypt to sensitive field in symmetric encipherment algorithm, then using rivest, shamir, adelman private key come Field key is encrypted, the safety of private key is finally protected using user password.
Further, data base encryption mechanism proposed by the present invention is built upon on the cipher mode based on field. The present invention uses symmetric encipherment algorithm control system that a symmetric key is randomly generated for sensitive field.In tables of data in the field All data, all carry out encryption storage with this symmetric key, which is referred to as field key.With field key pair After field is encrypted, the ownership of the field key will be awarded in authorized user by certain mode.And for not conforming to Method user, including DBA do not authorize the field key.By checking whether user possesses the field key of the field, to judge Data in the whether accessible encrypted fields of one user.Legitimate user can be used field key encryption and decrypt the word Data in section.Field key is that system is randomly generated, user can field key data record in the physical medium of safety or In file, user takes out corresponding key when to be used when.But this mode exists tight in terms of safety and ease for use Weight problem, such as the replacement problem of field key, over-burden by user, safety difference.
Further, the method that the present invention uses rivest, shamir, adelman, encrypts field key with private key, It is inconvenient field key bring can be saved to avoid user oneself.Present invention public key encrypts field key, and legitimate user uses The field key encrypted is decrypted in the private key of oneself, obtains the plaintext version of field key, in this way can be with Good protected field key.
Further, private key cannot be stored in the form of plaintext.Since each database user has one Password, can be with the password of database user come the private key of encipherment protection authorized user.Method is: firstly, whether confirming user Have input correct password.If user password is correct, login successfully;Conversely, login failure, is exited.After user successfully logs in, By its password MD5 algorithm for encryption, the MD5 value of password is obtained.When calling aes algorithm encrypts the private key of authorized user When, this password md5 encryption value is used as key.Secondly, the private key of key form is stored in database.
Further, encryption dictionary is the center for storing encryption information, it is centrally stored, and all pairs of data encrypt Key, all encrypting database authorized users public key and private key and some other necessary information.
Further, it is built upon due to encryption mechanism of the invention on the cipher mode based on field, so, it builds An Encrypted_Field entity is found to describe the field that we need to encrypt.Establish an Encrypt-ed_Table Entity describes the database table there are encrypted fields.An Authorized_User entity is established to describe encrypting database Legitimate user, with public_key and two important attributes of encrypted_private_key.
The above description is only a preferred embodiment of the patent of the present invention, is not intended to limit the invention patent, all at this Made any modifications, equivalent replacements, and improvements etc., should be included in the invention patent within the spirit and principle of patent of invention Protection scope within.

Claims (5)

1. a kind of Design of Database Encryption, which is characterized in that the invention proposes a kind of database encryption methods, i.e., are added with symmetrical Field key is randomly generated to encrypt to sensitive field in close algorithm, then using rivest, shamir, adelman private key come to field Key is encrypted, and the safety of private key is finally protected using user password.
2. a kind of Design of Database Encryption according to claim 1, which is characterized in that data base encryption proposed by the present invention Mechanism is built upon on the cipher mode based on field, and the present invention uses symmetric encipherment algorithm control system for sensitive field A symmetric key is randomly generated.
3. a kind of Design of Database Encryption according to claim 1, which is characterized in that the present invention is calculated using asymmetric encryption The method of method encrypts field key with private key, and it is inconvenient can to save field key bring to avoid user oneself.
4. a kind of Design of Database Encryption according to claim 1, which is characterized in that the present invention is close to field using public key Key encryption, legitimate user are decrypted the field key encrypted using the private key of oneself, obtain the plaintext shape of field key Formula can be very good protected field key in this way.
5. a kind of Design of Database Encryption according to claim 1, which is characterized in that cannot be with the shape of plaintext for private key Formula is stored, and since each database user has a password, can be awarded with the password of database user come encipherment protection Weigh the private key of user;Method is: firstly, whether confirmation user has input correct password;If user password is correct, log at Function;Conversely, login failure, is exited;After user successfully logs in, by its password MD5 algorithm for encryption, the MD5 value of password is obtained;When When aes algorithm being called to encrypt the private key of authorized user, this password md5 encryption value is used as key;Secondly, handle The private key of key form is stored in database.
CN201910550855.4A 2019-06-24 2019-06-24 A kind of Design of Database Encryption Withdrawn CN110245513A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910550855.4A CN110245513A (en) 2019-06-24 2019-06-24 A kind of Design of Database Encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910550855.4A CN110245513A (en) 2019-06-24 2019-06-24 A kind of Design of Database Encryption

Publications (1)

Publication Number Publication Date
CN110245513A true CN110245513A (en) 2019-09-17

Family

ID=67889157

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910550855.4A Withdrawn CN110245513A (en) 2019-06-24 2019-06-24 A kind of Design of Database Encryption

Country Status (1)

Country Link
CN (1) CN110245513A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111639348A (en) * 2020-05-14 2020-09-08 瀚高基础软件股份有限公司 Management method and device of database keys
CN114491580A (en) * 2021-12-30 2022-05-13 深圳市恒创智达信息技术有限公司 Database sensitive information encryption method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111639348A (en) * 2020-05-14 2020-09-08 瀚高基础软件股份有限公司 Management method and device of database keys
CN114491580A (en) * 2021-12-30 2022-05-13 深圳市恒创智达信息技术有限公司 Database sensitive information encryption method and device
CN114491580B (en) * 2021-12-30 2022-10-04 深圳市恒创智达信息技术有限公司 Database sensitive information encryption method and device

Similar Documents

Publication Publication Date Title
RU2718689C2 (en) Confidential communication control
EP2430789B1 (en) Protection of encryption keys in a database
JP5562687B2 (en) Securing communications sent by a first user to a second user
CN104868996A (en) Data encryption and decryption method, device thereof, and terminal
US8051297B2 (en) Method for binding a security element to a mobile device
Deshmukh et al. Transparent Data Encryption--Solution for Security of Database Contents
US20180375652A1 (en) Method for re-keying an encrpyted data file
CN101515319B (en) Cipher key processing method, cipher key cryptography service system and cipher key consultation method
KR20130039354A (en) Database management system and encrypting method thereof
CN102402664A (en) Data access control device and data access control method
CA2714196A1 (en) Information distribution system and program for the same
CN105141593A (en) Private cloud platform secure computation method
CN106533663B (en) Data ciphering method, encryption method, apparatus and data decryption method, decryption method, apparatus
JP6049914B2 (en) Cryptographic system, key generation device, and re-encryption device
US20170351871A1 (en) Data Owner Controlled Data Storage Privacy Protection Technique
TW201003451A (en) Safety storage device with two-stage symmetrical encryption algorithm
CN104866784A (en) BIOS encryption-based safety hard disk, and data encryption and decryption method
CN110245513A (en) A kind of Design of Database Encryption
US11044105B2 (en) System, method, and computer program product for sensitive data recovery in high security systems
US11386429B2 (en) Cryptocurrency securing method and device thereof
CN103530533B (en) Digital copyright management method and again method of commerce
CA2553081A1 (en) A method for binding a security element to a mobile device
US20140075193A1 (en) Storage method
CN100561913C (en) A kind of method of access code equipment
CN105187456A (en) Cloud-drive file data safety protection method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20190917

WW01 Invention patent application withdrawn after publication