CN112800475A - Data encryption method and device, electronic equipment and medium - Google Patents

Data encryption method and device, electronic equipment and medium Download PDF

Info

Publication number
CN112800475A
CN112800475A CN202110312541.8A CN202110312541A CN112800475A CN 112800475 A CN112800475 A CN 112800475A CN 202110312541 A CN202110312541 A CN 202110312541A CN 112800475 A CN112800475 A CN 112800475A
Authority
CN
China
Prior art keywords
encryption
operation type
data operation
onion
current data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110312541.8A
Other languages
Chinese (zh)
Inventor
李天宇
傅敏杰
姚亦凡
李思纤
彭炜舟
俞睿默
黄静韬
周晓鹂
黄烨
陈晓露
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Shanghai Electric Power Co Ltd
Original Assignee
State Grid Shanghai Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Shanghai Electric Power Co Ltd filed Critical State Grid Shanghai Electric Power Co Ltd
Priority to CN202110312541.8A priority Critical patent/CN112800475A/en
Publication of CN112800475A publication Critical patent/CN112800475A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • G06F16/2433Query languages
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/28Databases characterised by their database models, e.g. relational or object models
    • G06F16/284Relational databases
    • G06F16/285Clustering or classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The embodiment of the invention discloses a data encryption method, a data encryption device, electronic equipment and a medium, wherein the method comprises the following steps: determining at least one current data operation type corresponding to a current database query statement; encrypting the query body field under the current database query statement through a pre-configured onion encryption model according to the at least one current data operation type; and generating a data encryption result corresponding to the query scene under the current database query statement. By executing the technical scheme, different encryption method combinations can be realized by utilizing the classification and nesting characteristics of the onion models, and the encryption performance and the ciphertext safety are considered while the ciphertext operation requirements of different scenes are met.

Description

Data encryption method and device, electronic equipment and medium
Technical Field
The embodiment of the invention relates to the field of data processing, in particular to a data encryption method, a data encryption device, electronic equipment and a medium.
Background
Cloud computing presents many challenges while providing near unlimited storage capacity, powerful computing power, and economic benefits, with security issues being considered the biggest challenge facing current cloud computing. Because the server is considered to be untrustworthy in the cloud environment and does not have the authority of obtaining the secret key, the cloud server cannot analyze the encrypted data, and the processing capacity of the cloud platform on the data is limited. Therefore, it is necessary to allow the cloud server to perform a relational operation on ciphertext data while ensuring privacy of a user, so as to implement various conditional queries. The existing order-preserving encryption and homomorphic encryption can support ciphertext operation, but the operation functions of the existing order-preserving encryption and homomorphic encryption are usually specific to a specific application scene, and the existing order-preserving encryption and homomorphic encryption have great disadvantages in safety and encryption performance due to the particularity of a construction function.
Disclosure of Invention
The embodiment of the invention provides a data encryption method, a data encryption device, electronic equipment and a data encryption medium, which are used for achieving the technical effects of realizing combination of different encryption methods by using classification and nesting characteristics of onion models, meeting the requirements of ciphertext operation in different scenes and simultaneously giving consideration to both encryption performance and ciphertext safety.
In a first aspect, an embodiment of the present invention provides a data encryption method, including:
determining at least one current data operation type corresponding to a current database query statement;
encrypting the query body field under the current database query statement through a pre-configured onion encryption model according to the at least one current data operation type;
and generating a data encryption result corresponding to the query scene under the current database query statement.
In a second aspect, an embodiment of the present invention further provides a data encryption apparatus, including:
the type determining module is used for determining at least one current data operation type corresponding to the current database query statement;
the encryption processing module is used for encrypting the query body field under the current database query statement through a pre-configured onion encryption model according to the at least one current data operation type;
and the result generation module is used for generating a data encryption result corresponding to the query scene under the current database query statement.
In a third aspect, an embodiment of the present invention further provides an electronic device, including:
one or more processors;
storage means for storing one or more programs;
the one or more programs are executable by the one or more processors to cause the one or more processors to implement a data encryption method as provided in any embodiment of the invention.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium on which a computer program is stored, which when executed by a processor, implements the data encryption method as provided in any of the embodiments of the present invention.
The embodiment of the invention provides a data encryption method, which comprises the steps of determining at least one current data operation type corresponding to a current database query statement, encrypting a query main body field under the current database query statement through a pre-configured onion encryption model according to the at least one current data operation type, and finally generating a data encryption result corresponding to a query scene under the current database query statement.
By adopting the technical scheme, the query main body fields can be classified according to the data operation types of the query sentences of the database, the onion encryption models are nested, the combination of different encryption methods is realized, the ciphertext operation requirements of different scenes can be met under different query sentence scenes, and the encryption performance and the ciphertext safety are improved through the combination of the classified and nested encryption methods.
The above summary of the present invention is merely an overview of the technical solutions of the present invention, and the present invention can be implemented in accordance with the content of the description in order to make the technical means of the present invention more clearly understood, and the above and other objects, features, and advantages of the present invention will be more clearly understood.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart of a data encryption method according to an embodiment of the present application;
fig. 2 is a flowchart of another data encryption method provided in the second embodiment of the present application;
fig. 3 is a diagram of an onion encryption model according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a data encryption device according to a third embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present application.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Example one
Fig. 1 is a flowchart of a data encryption method provided in one embodiment of the present invention, where the method is applicable to query encryption of a database through a data query statement, and the method is performed by a data encryption apparatus, which may be implemented by software and/or hardware and may be integrated in an electronic device. As shown in fig. 1, the data encryption method in this embodiment includes the following steps:
s110, determining at least one current data operation type corresponding to the current database query statement.
In a cloud database security model, where a ciphertext query database system is defined as a level 3 database protection mechanism, a cloud database system that is capable of providing such protection can only be defined as a secure cloud database system. Therefore, the importance degree of the support of ciphertext query on the safety of the cloud database system is shown. Although the existing order-preserving encryption and homomorphic encryption can support ciphertext operation, the operation functions of the existing order-preserving encryption and homomorphic encryption are always specific to a specific application scene, and the existing order-preserving encryption and homomorphic encryption have disadvantages in safety and encryption performance due to the structural function particularity. In the use process of the database, a query statement may have various mathematical operations, such as SELECT SUM (SALARY) FROM EMPLOYEE WHERE SALARY >500, and the SALARY field needs to be added and compared in size in the query statement. Under the condition that the encryption algorithm does not make a major breakthrough, a combined encryption scheme is designed to meet the requirement of complex query scenes, and various data operations are supported to the maximum extent by utilizing the characteristics of different encryption algorithms.
The data encryption system determines at least one current data operation type corresponding to a current database query statement, wherein the database query statement can be an SQL conditional query statement, and the data operation type can be equivalence matching, numerical comparison, numerical addition and numerical multiplication. Illustratively, the SALARY field is subjected to both an addition and a size comparison in a conditional query statement "SELECT SUM (SALARY) FROM EMPLOYEE WHERE SALARY > 500".
In an alternative of the present embodiment, it may be combined with one or more of the alternatives of the present embodiment. Determining at least one current data operation type corresponding to the current database query statement may include steps a1-a 2:
step A1, determining at least one current query condition included in the current database query statement;
step A2, determining at least one current data operation type corresponding to the current database query statement according to the data operation type to which the at least one current query condition belongs.
Wherein, at least one current query condition in the database query statement can be equivalence query, duplication removal query, link query, size comparison, sorting, range query, summation, average, product and the like. The current data operation types corresponding to the equivalence query, the duplication elimination query and the connection query are equivalence matching. The current data operation types corresponding to the size comparison, the sorting and the range query are numerical value comparison. The type of current data operation to which the sum and average corresponds is a numerical addition. The current numerical operation type corresponding to the product is numerical multiplication.
And S120, encrypting the query body field under the current database query statement through a pre-configured onion encryption model according to the at least one current data operation type.
The data encryption system encrypts a query body field under a current database query statement through a pre-configured onion encryption model according to at least one current data operation type. For example, in the example conditional query statement "SELECT SUM (search) FROM applications WHERE SALARY > 500", there are two current data operation types, i.e., addition and size comparison, and therefore two body fields search need to be encrypted by using corresponding onion models respectively.
By adopting the technical scheme, the query body field under the database query statement is encrypted through the pre-configured onion encryption model according to the current data operation type of the database query statement, and the classification and nesting characteristics of the onion model are utilized to realize a combined encryption scheme under a complex query scene.
And S130, generating a data encryption result corresponding to the query scene under the current database query statement.
The data encryption system generates data encryption results corresponding to query scenes in current database query sentences, different database query sentences can correspond to different query scenes, and the data encryption results corresponding to different query scenes are completely different.
According to the technical scheme, at least one current data operation type corresponding to a current database query statement is determined, a query main body field under the current database query statement is encrypted through a pre-configured onion encryption model according to the current data operation type, a data encryption result corresponding to a query scene under the current database query statement is generated, a combined encryption scheme under a complex query scene is realized by utilizing the classification and nesting characteristics of the onion model, and the encryption safety is improved while functional encryption is ensured.
Example two
Fig. 2 is a flowchart of another data encryption method provided in the second embodiment of the present application. Embodiments of the present invention are further optimized on the basis of the above-mentioned embodiments, and the embodiments of the present invention may be combined with various alternatives in one or more of the above-mentioned embodiments. As shown in fig. 2, the data encryption method provided in the embodiment of the present invention may include the following steps:
s210, determining at least one current data operation type corresponding to the current database query statement.
S220, according to the at least one current data operation type, determining a target onion encryption model matched with the current data operation type from the preset onion encryption models.
The data encryption system selects a target onion encryption model matched with the current data operation type from the preset onion encryption models according to at least one current data operation type, as shown in fig. 3, the preset four onion encryption models respectively correspond to four data operation types, each onion model respectively has different encryption levels, and each layer is set according to different functions and safety requirements.
In an alternative of the present embodiment, it may be combined with one or more of the alternatives of the present embodiment. Determining a target onion encryption model matched with the current data operation type from preconfigured onion encryption models according to the at least one current data operation type, wherein the method comprises the following steps: when the current data operation type is equal matching, selecting an equal matching onion model as a target onion encryption model; or when the current data operation type is numerical comparison, selecting a numerical comparison onion model as a target onion encryption model; or when the current data operation type is a numerical value, selecting a numerical value addition onion model as a target onion encryption model; or when the current data operation type is numerical multiplication, selecting a numerical multiplication onion model as a target onion encryption model.
The method comprises the steps of selecting a matched target onion model according to data operation types, and respectively corresponding to an equivalent matching onion model (Equal onion model), a numerical comparison onion model (Order onion model), a numerical addition onion model (Add onion model) and a numerical multiplication onion model (Mul onion model) according to the four data operation types of equivalent matching, numerical comparison, numerical addition and numerical multiplication.
By adopting the technical scheme, the matched target onion model is selected according to the data operation type, and the query scene of the current database query statement is encrypted through the selected target onion model, so that different encryption effect requirements under different scenes are met.
And S230, encrypting the query body field corresponding to the current data operation type in the current database query statement through the target onion encryption model matched with the current data operation type.
In an alternative of the present embodiment, it may be combined with one or more of the alternatives of the present embodiment. The encrypting the query body field corresponding to the current data operation type in the current database query statement according to the target onion encryption model matched with the current data operation type may include steps B1-B3:
and step B1, if the equivalent matching onion model is selected as the target onion encryption model, performing outermost encryption on the query body field corresponding to the current data operation type through a probabilistic randomness encryption function to form a random encryption layer.
And step B2, performing intermediate-layer encryption on the query body field corresponding to the current data operation type through a homomorphic encryption algorithm to form a matched encryption layer.
And step B3, performing innermost layer encryption on the query body field corresponding to the current data operation type through a homomorphic encryption algorithm to form a query encryption layer.
The method comprises the steps of selecting an equivalent matching onion model (Equal onion model) as a target onion model according to an equivalent matching data operation type, wherein as shown in fig. 3, the outermost layer of the Equal onion model is an RND (radio network identification) layer which can be called as a non-special functional layer, a probability randomness encryption function can be used for encrypting Plaintext, the RND layer is the layer with the highest security in the encryption model, the IND-CPA (INDUSGUISHABILITY UNDER AN Adaptive Chosen-plain Attack) level security of encrypted data can be guaranteed, the encryption function has randomness, the fact that two identical plaintexts are encrypted and then have the maximum probability to be mapped into different ciphertexts is meant, and the encryption layer does not support any ciphertext level operation. The layer can be realized by using an AES-CBC encryption algorithm, and an initialization vector IV is randomly generated during encryption to ensure the randomness of the algorithm.
The intermediate DET layer of the equivalent matching onion model is a matching encryption layer, and intermediate layer encryption can be performed on the query body field corresponding to the current data operation type by adopting a homomorphic encryption algorithm, wherein the homomorphic encryption algorithm can be a scheme supporting homomorphic encryption, a scheme for adding homomorphic encryption and a scheme for multiplying homomorphic encryption. The JOIN layer of the innermost query encryption layer can also be encrypted by adopting a homomorphic encryption algorithm.
Illustratively, for the query statement "SELECT SUM (SALARY) FROM entities WHERE SALARY > 500", it will be possible to encrypt it, and there will be two different kinds of onion models respectively encrypting the corresponding body fields, the summed "SALARY" field is encrypted by using the numerical addition onion model (Add model), the "SALARY" field of the comparison size is encrypted by using the numerical comparison onion model (Order model), and the final encryption result is composed of two different kinds of onion encryption models.
In order to solve the security problem, the nested encryption mode of the onion encryption model organizes encryption algorithms with different security layer by layer like an onion. Encryption algorithms closer to the outer layer are more secure and less functional, and encryption algorithms closer to the inner layer are more functional but less secure. The outer-layer encrypted data is adopted when extra operation is not needed, and the inner-layer encrypted data is selected when special operation requirements exist, so that the functionality of the ciphertext can be guaranteed, and the encryption safety can be guaranteed.
In an alternative of the present embodiment, it may be combined with one or more of the alternatives of the present embodiment. Wherein, the encrypting the query body field corresponding to the current data operation type in the current database query statement through the target onion encryption model matched with the current data operation type may include C1-C2:
and step C1, if the numerical comparison onion model is selected as the target onion encryption model, performing outermost encryption on the query body field corresponding to the current data operation type through a probabilistic randomness encryption function to form a random encryption layer.
And step C2, performing innermost layer encryption on the query body field corresponding to the current data operation type through a homomorphic encryption algorithm to form a comparison encryption layer.
As shown in fig. 3, the outermost encryption layer of the numerical comparison onion model may also be a random encryption layer, and the outermost encryption layer may be performed on the query body field corresponding to the current data operation type through a probabilistic randomness encryption function. The OPE layer may also perform innermost layer encryption using a homomorphic encryption algorithm to form the opd layer.
In an alternative of the present embodiment, it may be combined with one or more of the alternatives of the present embodiment. The method for encrypting the query body field corresponding to the current data operation type in the current database query statement by using the target onion encryption model matched with the current data operation type comprises the following steps: and if the numerical value addition onion model is selected as the target onion encryption model, encrypting the corresponding field by a homomorphic encryption algorithm to form an addition encryption layer.
The Add encryption layer Add layer may encrypt through a homomorphic encryption algorithm, and the homomorphic encryption algorithm may include a scheme supporting homomorphic encryption, an Add homomorphic encryption scheme, and a multiply homomorphic encryption scheme.
In an alternative of the present embodiment, it may be combined with one or more of the alternatives of the present embodiment. The method for encrypting the query body field corresponding to the current data operation type in the current database query statement by using the target onion encryption model matched with the current data operation type comprises the following steps: and if the numerical value multiplication onion model is selected as the target onion encryption model, encrypting the query body field corresponding to the current data operation type through a homomorphic encryption algorithm to form a multiplication encryption layer.
The Mul layer of the multiplication encryption layer can also encrypt through a homomorphic encryption algorithm, and the homomorphic encryption algorithm can support a homomorphic encryption scheme, an addition homomorphic encryption scheme and a multiplication homomorphic encryption scheme.
In an alternative of the present embodiment, it may be combined with one or more of the alternatives of the present embodiment. Data which is not used in query is only encrypted by RND without special function, and if a certain column of data is used as a condition of equivalent query, equivalent matching DET encryption is also required to be performed on the column. The combined encryption processing mode based on query perception can reduce extra operation overhead and reduce the types of encryption algorithms used as much as possible.
And S240, generating a data encryption result corresponding to the query scene under the current database query statement.
The technical scheme of the embodiment includes that a target onion encryption model matched with a current data operation type is determined from onion encryption models configured in advance according to the current data operation type, a query main body field corresponding to the current data operation type in a current database query statement is encrypted through the target onion encryption model matched with the current data operation type, different target onion encryption models have different hierarchical encryption structures, query result data in a scene of each database query statement is encrypted into four onions at most, encryption algorithms with different safety are organized layer by layer in a nested encryption mode of the onion encryption models to solve safety problems, the higher the safety of the encryption algorithm closer to an outer layer is, the worse the functionality is, the stronger the functionality of the encryption algorithm closer to the inner layer is, but the worse the safety is, and the outer layer encryption data is adopted when extra operation is not needed, when special operation requirements exist, the inner layer encryption data is selected, so that the functionality of the ciphertext can be guaranteed, and the encryption safety can be guaranteed.
EXAMPLE III
Fig. 4 is a schematic structural diagram of a data encryption apparatus according to a third embodiment of the present invention. The device can be applied to the condition of carrying out query encryption on the database through data query statements, can be realized by software and/or hardware, and is integrated in the electronic equipment. The device is used for realizing the data encryption method provided by the embodiment. As shown in fig. 4, the data encryption apparatus provided in this embodiment includes:
a type determining module 410, configured to determine at least one current data operation type corresponding to a current database query statement;
the encryption processing module 420 is configured to encrypt the query body field in the current database query statement according to the at least one current data operation type through a preconfigured onion encryption model;
and the result generating module 430 is configured to generate a data encryption result corresponding to the query scenario in the current database query statement.
On the basis of the foregoing embodiment, optionally, the type determining module 410 is configured to:
determining at least one current query condition included in a current database query statement;
and determining at least one current data operation type corresponding to the current database query statement according to the data operation type to which the at least one current query condition belongs.
On the basis of the foregoing embodiment, optionally, the encryption processing module 420 is configured to:
determining at least one current query condition included in a current database query statement;
and determining at least one current data operation type corresponding to the current database query statement according to the data operation type to which the at least one current query condition belongs.
On the basis of the foregoing embodiment, optionally, the encryption processing module 420 is further configured to:
when the current data operation type is equal matching, selecting an equal matching onion model as a target onion encryption model; alternatively, the first and second electrodes may be,
when the current data operation type is numerical comparison, selecting a numerical comparison onion model as a target onion encryption model; alternatively, the first and second electrodes may be,
when the current data operation type is a numerical value, selecting a numerical value addition onion model as a target onion encryption model; alternatively, the first and second electrodes may be,
and when the current data operation type is numerical multiplication, selecting a numerical multiplication onion model as a target onion encryption model.
On the basis of the foregoing embodiment, optionally, the encryption processing module 420 is further configured to:
if the equivalent matching onion model is selected as the target onion encryption model, performing outermost layer encryption on the query body field corresponding to the current data operation type through a probabilistic randomness encryption function to form a random encryption layer;
performing intermediate layer encryption on the query body field corresponding to the current data operation type through a homomorphic encryption algorithm to form a matched encryption layer;
and performing innermost layer encryption on the query body field corresponding to the current data operation type through a homomorphic encryption algorithm to form a query encryption layer.
On the basis of the foregoing embodiment, optionally, the encryption processing module 420 is further configured to:
if the numerical comparison onion model is selected as the target onion encryption model, performing outermost layer encryption on the query body field corresponding to the current data operation type through a probabilistic randomness encryption function to form a random encryption layer;
and performing innermost layer encryption on the query body field corresponding to the current data operation type through a homomorphic encryption algorithm to form a comparison encryption layer.
On the basis of the foregoing embodiment, optionally, the encryption processing module 420 is further configured to:
and if the numerical value addition onion model is selected as the target onion encryption model, encrypting the corresponding field by a homomorphic encryption algorithm to form an addition encryption layer.
On the basis of the foregoing embodiment, optionally, the encryption processing module 420 is further configured to:
and if the numerical value multiplication onion model is selected as the target onion encryption model, encrypting the query body field corresponding to the current data operation type through a homomorphic encryption algorithm to form a multiplication encryption layer.
The data encryption device provided in the embodiment of the present invention may execute the data encryption method provided in any embodiment of the present invention, and has corresponding functions and beneficial effects for executing the data encryption method, and the detailed process refers to the related operations of the data encryption method in the foregoing embodiments.
Example four
Fig. 5 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present application. The embodiment of the application provides electronic equipment, and the data encryption device provided by the embodiment of the application can be integrated in the electronic equipment. As shown in fig. 5, the present embodiment provides an electronic device 500, which includes: one or more processors 520; the storage 510 is configured to store one or more programs, and when the one or more programs are executed by the one or more processors 520, the one or more processors 520 implement the data encryption method provided in the embodiment of the present application, the method includes:
determining at least one current data operation type corresponding to a current database query statement;
encrypting the query body field under the current database query statement through a pre-configured onion encryption model according to the at least one current data operation type;
and generating a data encryption result corresponding to the query scene under the current database query statement.
Of course, those skilled in the art can understand that the processor 520 also implements the technical solution of the data encryption method provided in any embodiment of the present application.
The electronic device 500 shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 5, the electronic device 500 includes a processor 520, a storage 510, an input 530, and an output 540; the number of the processors 520 in the electronic device may be one or more, and one processor 520 is taken as an example in fig. 5; the processor 520, the storage 510, the input device 530, and the output device 540 in the electronic apparatus may be connected by a bus or other means, and are exemplified by a bus 550 in fig. 5.
The storage device 510 is a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and module units, such as program instructions corresponding to the data encryption method in the embodiment of the present application.
The storage device 510 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the storage 510 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, storage 510 may further include memory located remotely from processor 520, which may be connected via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 530 may be used to receive input numbers, character information, or voice information, and to generate key signal inputs related to user settings and function control of the electronic apparatus. The output device 540 may include a display screen, speakers, etc. of electronic equipment.
The electronic equipment provided by the embodiment of the application can achieve the technical effects that different encryption method combinations are realized by utilizing the classification and nesting characteristics of the onion models, the requirements of ciphertext operation in different scenes are met, and meanwhile, the encryption performance and the ciphertext safety are considered.
EXAMPLE five
An embodiment of the present invention provides a computer-readable medium, on which a computer program is stored, the computer program being executed by a processor to perform a data encryption method, the method including:
determining at least one current data operation type corresponding to a current database query statement;
encrypting the query body field under the current database query statement through a pre-configured onion encryption model according to the at least one current data operation type;
and generating a data encryption result corresponding to the query scene under the current database query statement.
Optionally, the program, when executed by the processor, may be further configured to perform a data encryption method provided in any embodiment of the present invention.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read Only Memory (ROM), an Erasable Programmable Read Only Memory (EPROM), a flash Memory, an optical fiber, a portable CD-ROM, an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. A computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take a variety of forms, including, but not limited to: an electromagnetic signal, an optical signal, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, Radio Frequency (RF), etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (11)

1. A method for data encryption, comprising:
determining at least one current data operation type corresponding to a current database query statement;
encrypting the query body field under the current database query statement through a pre-configured onion encryption model according to the at least one current data operation type;
and generating a data encryption result corresponding to the query scene under the current database query statement.
2. The method of claim 1, wherein determining at least one current data operation type corresponding to a current database query statement comprises:
determining at least one current query condition included in a current database query statement;
and determining at least one current data operation type corresponding to the current database query statement according to the data operation type to which the at least one current query condition belongs.
3. The method of claim 1, wherein encrypting the query body field of the current database query statement according to the at least one current data operation type via a pre-configured onion encryption model comprises:
determining a target onion encryption model matched with the current data operation type from preset onion encryption models according to the at least one current data operation type;
and encrypting the query body field corresponding to the current data operation type in the current database query statement through a target onion encryption model matched with the current data operation type.
4. The method of claim 3, wherein determining a target onion cryptographic model from the preconfigured onion cryptographic models that matches the current data operation type based on the at least one current data operation type comprises:
when the current data operation type is equal matching, selecting an equal matching onion model as a target onion encryption model; alternatively, the first and second electrodes may be,
when the current data operation type is numerical comparison, selecting a numerical comparison onion model as a target onion encryption model; alternatively, the first and second electrodes may be,
when the current data operation type is a numerical value, selecting a numerical value addition onion model as a target onion encryption model; alternatively, the first and second electrodes may be,
and when the current data operation type is numerical multiplication, selecting a numerical multiplication onion model as a target onion encryption model.
5. The method of claim 3, wherein encrypting the query body field corresponding to the current data operation type in the current database query statement by using the target onion encryption model matched with the current data operation type comprises:
if the equivalent matching onion model is selected as the target onion encryption model, performing outermost layer encryption on the query body field corresponding to the current data operation type through a probabilistic randomness encryption function to form a random encryption layer;
performing intermediate layer encryption on the query body field corresponding to the current data operation type through a homomorphic encryption algorithm to form a matched encryption layer;
and performing innermost layer encryption on the query body field corresponding to the current data operation type through a homomorphic encryption algorithm to form a query encryption layer.
6. The method of claim 3, wherein encrypting the query body field corresponding to the current data operation type in the current database query statement by using the target onion encryption model matched with the current data operation type comprises:
if the numerical comparison onion model is selected as the target onion encryption model, performing outermost layer encryption on the query body field corresponding to the current data operation type through a probabilistic randomness encryption function to form a random encryption layer;
and performing innermost layer encryption on the query body field corresponding to the current data operation type through a homomorphic encryption algorithm to form a comparison encryption layer.
7. The method of claim 3, wherein encrypting the query body field corresponding to the current data operation type in the current database query statement by using the target onion encryption model matched with the current data operation type comprises:
and if the numerical value addition onion model is selected as the target onion encryption model, encrypting the corresponding field by a homomorphic encryption algorithm to form an addition encryption layer.
8. The method of claim 3, wherein encrypting the query body field corresponding to the current data operation type in the current database query statement by using the target onion encryption model matched with the current data operation type comprises:
and if the numerical value multiplication onion model is selected as the target onion encryption model, encrypting the query body field corresponding to the current data operation type through a homomorphic encryption algorithm to form a multiplication encryption layer.
9. An apparatus for encrypting data, the apparatus comprising:
the type determining module is used for determining at least one current data operation type corresponding to the current database query statement;
the encryption processing module is used for encrypting the query body field under the current database query statement through a pre-configured onion encryption model according to the at least one current data operation type;
and the result generation module is used for generating a data encryption result corresponding to the query scene under the current database query statement.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the data encryption method of any one of claims 1-8.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the data encryption method of any one of claims 1 to 8.
CN202110312541.8A 2021-03-24 2021-03-24 Data encryption method and device, electronic equipment and medium Pending CN112800475A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110312541.8A CN112800475A (en) 2021-03-24 2021-03-24 Data encryption method and device, electronic equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110312541.8A CN112800475A (en) 2021-03-24 2021-03-24 Data encryption method and device, electronic equipment and medium

Publications (1)

Publication Number Publication Date
CN112800475A true CN112800475A (en) 2021-05-14

Family

ID=75815642

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110312541.8A Pending CN112800475A (en) 2021-03-24 2021-03-24 Data encryption method and device, electronic equipment and medium

Country Status (1)

Country Link
CN (1) CN112800475A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113392416A (en) * 2021-06-28 2021-09-14 北京恒安嘉新安全技术有限公司 Method, device, equipment and storage medium for acquiring application program encryption and decryption data
CN114025347A (en) * 2021-11-03 2022-02-08 苏州欧清电子有限公司 Encryption method, device, equipment and storage medium for Bluetooth equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104657413A (en) * 2013-11-22 2015-05-27 Sap欧洲公司 Encrypted in-memory column-store
CN104881280A (en) * 2015-05-13 2015-09-02 南京邮电大学 Multi-search supporting design method for encrypted database middleware
US20160132692A1 (en) * 2014-11-06 2016-05-12 Florian Kerschbaum Searchable encryption for infrequent queries in adjustable encrypted databases
CN105610793A (en) * 2015-12-18 2016-05-25 江苏大学 Outsourced data encrypted storage and cryptograph query system and application method therefor

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104657413A (en) * 2013-11-22 2015-05-27 Sap欧洲公司 Encrypted in-memory column-store
US20160132692A1 (en) * 2014-11-06 2016-05-12 Florian Kerschbaum Searchable encryption for infrequent queries in adjustable encrypted databases
CN104881280A (en) * 2015-05-13 2015-09-02 南京邮电大学 Multi-search supporting design method for encrypted database middleware
CN105610793A (en) * 2015-12-18 2016-05-25 江苏大学 Outsourced data encrypted storage and cryptograph query system and application method therefor

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
李子臣 等: "基于洋葱加密模型的同态云平台设计", 计算机工程, vol. 44, no. 8, pages 2 *
王福超;牛长春;: "基于加密数据库的快速查询方法研究", 网络安全技术与应用, no. 04 *
陈萍;张涛;赵敏;袁志坚;杨兰娟;: "面向托管的数据库即服务系统及其隐私保护技术", 计算机科学, no. 11 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113392416A (en) * 2021-06-28 2021-09-14 北京恒安嘉新安全技术有限公司 Method, device, equipment and storage medium for acquiring application program encryption and decryption data
CN113392416B (en) * 2021-06-28 2024-03-22 北京恒安嘉新安全技术有限公司 Method, device, equipment and storage medium for acquiring application program encryption and decryption data
CN114025347A (en) * 2021-11-03 2022-02-08 苏州欧清电子有限公司 Encryption method, device, equipment and storage medium for Bluetooth equipment
CN114025347B (en) * 2021-11-03 2023-12-01 苏州欧清电子有限公司 Encryption method, device and equipment of Bluetooth equipment and storage medium

Similar Documents

Publication Publication Date Title
EP3916604B1 (en) Method and apparatus for processing privacy data of block chain, device, storage medium and computer program product
Narayanan et al. A novel system architecture for secure authentication and data sharing in cloud enabled Big Data Environment
TWI745861B (en) Data processing method, device and electronic equipment
Yang et al. Semantic keyword searchable proxy re‐encryption for postquantum secure cloud storage
CN107612683B (en) Encryption and decryption method, device, system, equipment and storage medium
Wu et al. Provably secure authentication key exchange scheme using fog nodes in vehicular ad hoc networks
CN111371545B (en) Encryption method and system based on privacy protection
US11296881B2 (en) Using IP heuristics to protect access tokens from theft and replay
EP3100432A1 (en) Virtual identity of a user based on disparate identity services
US20150193486A1 (en) Method and system to perform secure boolean search over encrypted documents
CN112800475A (en) Data encryption method and device, electronic equipment and medium
US20210117533A1 (en) Private password constraint validation
Feng et al. Privacy-preserving computation in cyber-physical-social systems: A survey of the state-of-the-art and perspectives
CN114969128B (en) Secure multi-party computing technology-based secret query method, system and storage medium
Shariq et al. ESRAS: An efficient and secure ultra-lightweight RFID authentication scheme for low-cost tags
Gahi et al. Privacy preserving scheme for location-based services
CN114564735A (en) Database encryption and complete matching retrieval system
CN111901097B (en) White box implementation method and device, electronic equipment and computer storage medium
US20200293911A1 (en) Performing data processing based on decision tree
Kjamilji et al. Secure matrix operations for machine learning classifications over encrypted data in post quantum industrial IoT
CN112948878A (en) Privacy-protecting set intersection calculation method and device
WO2022213577A1 (en) Method and apparatus for querying spatial text
CN115567193A (en) Optimization method, system, equipment and storage medium for lightweight block cipher linear layer hardware
CN112507357B (en) Multi-stage interface design method based on key generator
EP3907616A1 (en) Generation of optimal program variation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination