CN116011007B - Storage encryption method, decryption method, system and equipment - Google Patents
Storage encryption method, decryption method, system and equipment Download PDFInfo
- Publication number
- CN116011007B CN116011007B CN202211646581.7A CN202211646581A CN116011007B CN 116011007 B CN116011007 B CN 116011007B CN 202211646581 A CN202211646581 A CN 202211646581A CN 116011007 B CN116011007 B CN 116011007B
- Authority
- CN
- China
- Prior art keywords
- public key
- key
- private key
- data
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 230000005540 biological transmission Effects 0.000 claims description 26
- 230000008901 benefit Effects 0.000 description 7
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Abstract
The application relates to a database storage encryption method, a decryption method, a system and equipment, which aim at the confidentiality requirement of information, realize storage encryption and provide more reliable protection for private data of users; the encryption method is a double encryption method which depends on both algorithms and passwords, and even if the encryption algorithm is recognized by an attacker, the attacker cannot read the data file under the condition of no key; meanwhile, the storage encryption mode is optimized, and the operation efficiency of the whole system is slightly influenced after encryption is started.
Description
Technical Field
The application belongs to the technical field of data storage, and particularly relates to a database storage encryption method, a database storage decryption system and database storage equipment.
Background
In the current database data encryption process, an encryption process is usually set for data encryption or for a database access process, and the method has the problems of single encryption mode and small decoding difficulty after the data is intercepted. The other mode is to store the public key and the private key respectively, when encryption or decryption is needed, the secret key is obtained from the storage device, the method can improve the data security to a certain extent, however, when the secret key is obtained by a third party, the encryption algorithm is recognized and the information still faces the risk of leakage.
Therefore, an encryption method is needed, which can effectively improve the data security, reduce the risk of decoding after data leakage, and not increase the storage pressure and the process pressure of the system.
Disclosure of Invention
In order to solve the problems, the application provides a database storage encryption method, a decryption method, a system and equipment, which aim at the confidentiality requirement of information, realize storage encryption and provide more reliable protection for private data of users; the encryption method is a double encryption method which depends on both algorithms and passwords, and even if the encryption algorithm is recognized by an attacker, the attacker cannot read the data file under the condition of no key; meanwhile, the storage encryption mode is optimized, and the operation efficiency of the whole system is slightly influenced after encryption is started.
A database storage encryption method, wherein the database storage encryption method uses public key crossing equipment and private key storage equipment; the method performs the steps of:
s1, a database receives and stores data transmitted by terminal equipment, and confirms a data transmission mode;
s2, determining a public key crossing mode based on the data transmission mode, wherein the public key determined by the public key crossing is an application encryption public key;
s3, encrypting the data by using the public key determined by the public key crossing;
s4, confirming a private key based on the public key crossing mode;
s5, requesting the private key from the private key storage device;
s6, forming a public key in another public key crossing mode, encrypting the private key, transmitting the encrypted private key to a client for storage, and forming the public key in the other public key crossing mode into a secret key encryption public key.
Further, S21, two public key crossing modes are adopted, and one mode is to splice two different effective public keys; the other is to splice one valid public key in the front and the other invalid public key in the back;
further, S22, splicing the two different effective public keys into a first public key crossing mode; and splicing a mode that one valid public key is in front and the other invalid public key is in back into a second public key crossing mode.
Further, S31, encrypting the data by using a later spliced public key in the public key splicing when the application encryption public key confirmed by the first public key crossing mode is encrypted;
and S32, when the application encryption public key confirmed by the second public key crossing mode is encrypted, encrypting the data by using the effective public key.
Further, S41, if the data mode of the terminal equipment transmitted to the database is wire transmission, selecting the first public key crossing mode, and encrypting the received data by using the application encryption public key confirmed by the first public key crossing mode;
further, s42, if the data transmission mode of the terminal device to the database is wireless transmission, selecting the second public key crossing mode, and encrypting the received data by using the application encryption public key confirmed by the second public key crossing mode.
Further, s61, if the data encryption is that the application encryption public key confirmed by the first public key crossing mode encrypts the received data, after determining the first private key, encrypting the first private key by using the second public key crossing mode, and confirming the second private key;
further, s62, if the data encryption is that the application encryption public key confirmed by the second public key crossing mode encrypts the received data, after determining the third private key, encrypting the third private key by using the first public key crossing mode, and confirming the fourth private key.
Further, when the client accesses the data stored in the database, based on the encrypted first private key, looking up a table to obtain the second private key, requesting the second private key from the private key storage device, decrypting the second private key to obtain the first private key, and decrypting the data stored in the database;
further, when the client accesses the data stored in the database, based on the encrypted third private key, the client looks up a table to obtain the fourth private key, requests the fourth private key from the private key storage device, decrypts the fourth private key to obtain the third private key, and decrypts the data stored in the database.
Further, the client obtains a decryption private key aiming at the received private key through looking up a table in the private key storage device, decrypts to obtain a decryption private key of the accessed encrypted data, obtains the accessed encrypted data, and decrypts the data through the decryption private key.
Further, the system comprises a database, a client, a public key interleaving device and a private key storage device.
Further, the public key crossing device performs a splicing process on the public key;
the private key storage device stores private keys corresponding to the public keys.
The application has the advantages that:
1. through the process of public key cross-splice, under the condition of not occupying excessive system storage resources, the public key applied to encrypt the data can be protected, and even if the application encryption public key confirmed by utilizing a public key cross mode is acquired, a third party cannot effectively acquire an effective public key, so that the protection of the data stored in the database is more powerful.
2. The private key is encrypted by the key encryption public key which is confirmed by other public key crossing modes of the corresponding private key of the effective public key, so that the private key can be protected, and a third party cannot effectively decrypt data after acquiring related key information.
3. The intersection mode of the public key is determined through different data transmission modes of wired transmission and wireless transmission, so that the uncertainty of data encryption can be increased, and the same data is obtained by the database through different transmission modes, and the encryption modes are different.
4. The two-stage judging algorithm is formed by judging wired and wireless transmission and judging serial and parallel transmission, and the data is encrypted by different application encryption public keys selected by the algorithm, so that the data encryption strength can be effectively improved, and even if a third party obtains part of private keys, the data cannot be effectively decrypted in a short period.
5. By setting a list in the private key storage device, decryption difficulty is far lower than decoding difficulty; moreover, by arranging two public key storage modules, the public key can be protected from being effectively acquired to the greatest extent; and determining whether the process of generating the key pair in real time is needed by utilizing the serial-parallel judgment result, so that the data stored in the database can be protected in real time.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the application. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
FIG. 1 is a flow chart of a method for encrypting database storage
Detailed Description
The present application will be described and illustrated with reference to the accompanying drawings and examples in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application. All other embodiments, which can be made by a person of ordinary skill in the art based on the embodiments provided by the present application without making any inventive effort, are intended to fall within the scope of the present application.
It is apparent that the drawings in the following description are only some examples or embodiments of the present application, and it is possible for those of ordinary skill in the art to apply the present application to other similar situations according to these drawings without inventive effort. Moreover, it should be appreciated that while such a development effort might be complex and lengthy, it would nevertheless be a routine undertaking of design, fabrication, or manufacture for those of ordinary skill having the benefit of this disclosure, and thus should not be construed as having the benefit of this disclosure.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly and implicitly understood by those of ordinary skill in the art that the described embodiments of the application can be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs. The terms "a," "an," "the," and similar referents in the context of the application are not to be construed as limiting the quantity, but rather as singular or plural. The terms "comprising," "including," "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to only those steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The flow chart of the database storage encryption method provided by the application is shown in figure 1.
A database storage encryption method, wherein the database storage encryption method uses public key crossing equipment and private key storage equipment; the method performs the steps of:
s1, a database receives and stores data transmitted by terminal equipment, and confirms a data transmission mode;
s2, determining a public key crossing mode based on the data transmission mode;
s3, encrypting the data by using the public key determined by the public key intersection, wherein the public key determined by the public key intersection is an application encryption public key;
s4, confirming a private key based on the public key crossing mode;
s5, requesting the private key from the private key storage device;
s6, forming a public key in another public key crossing mode, encrypting the private key, transmitting the encrypted private key to a client for storage, and forming the public key in the other public key crossing mode into a secret key encryption public key.
Further, S21, two public key crossing modes are adopted, and one mode is to splice two different effective public keys; the other is to splice one valid public key in the front and the other invalid public key in the back;
further, S22, splicing the two different effective public keys into a first public key crossing mode; and splicing a mode that one valid public key is in front and the other invalid public key is in back into a second public key crossing mode.
Further, S31, encrypting the data by using a later spliced public key in the public key splicing when the application encryption public key confirmed by the first public key crossing mode is encrypted;
and S32, when the application encryption public key confirmed by the second public key crossing mode is encrypted, encrypting the data by using the effective public key.
Further, the public key crossing device comprises a first public key storage module and a second public key storage module, wherein the first public key storage module is used for storing a valid public key; the second public key storage module is used for storing an invalid public key; the effective public key is a public key with a corresponding decryption private key, and the corresponding decryption private key is stored in the private key storage device; the invalid public key is a public key for which a corresponding decryption private key does not exist.
Further, the public key cross device comprises a public key splicing module, when the data receiving mode of the database is serial receiving, the public key splicing module randomly selects two effective public keys from the first public key storage module to splice, confirms the effective public keys spliced later and informs the private key storage device of the effective public key information; and the private key storage device records the effective public key spliced later and the corresponding decryption private key thereof in a list mode so as to facilitate the client to look up a table to obtain decryption information.
Further, when the data receiving mode of the database is parallel receiving, the public key splicing module generates two effective public keys and two corresponding decryption private keys in real time, splices the two effective public keys, and notifies the private key storage device of the effective public key information after confirming the effective public keys spliced later, and simultaneously sends the two corresponding decryption private keys to the private key storage device; and the private key storage device records the effective public key spliced later and the corresponding decryption private key thereof in a list mode so as to facilitate the client to look up a table to obtain decryption information.
Further, S41, if the data mode of the terminal equipment transmitted to the database is wire transmission, selecting the first public key crossing mode, and encrypting the received data by using the application encryption public key confirmed by the first public key crossing mode;
further, s42, if the data transmission mode of the terminal device to the database is wireless transmission, selecting the second public key crossing mode, and encrypting the received data by using the application encryption public key confirmed by the second public key crossing mode.
Further, s61, if the data encryption is that the application encryption public key confirmed by the first public key crossing mode encrypts the received data, after determining the first private key, encrypting the first private key by using the second public key crossing mode, and confirming the second private key;
further, s62, if the data encryption is that the application encryption public key confirmed by the second public key crossing mode encrypts the received data, after determining the third private key, encrypting the third private key by using the first public key crossing mode, and confirming the fourth private key.
Further, when the client accesses the data stored in the database, based on the encrypted first private key, looking up a table to obtain the second private key, requesting the second private key from the private key storage device, decrypting the second private key to obtain the first private key, and decrypting the data stored in the database;
further, when the client accesses the data stored in the database, based on the encrypted third private key, the client looks up a table to obtain the fourth private key, requests the fourth private key from the private key storage device, decrypts the fourth private key to obtain the third private key, and decrypts the data stored in the database.
Further, the client obtains a decryption private key aiming at the received private key through looking up a table in the private key storage device, decrypts to obtain a decryption private key of the accessed encrypted data, obtains the accessed encrypted data, and decrypts the data through the decryption private key.
Further, the system comprises a database, a client, a public key interleaving device and a private key storage device.
Further, the public key crossing device performs a splicing process on the public key;
the private key storage device stores private keys corresponding to the public keys.
Further, the client needs to log in through a password before requesting data from the database, so as to verify the identity of the logger.
The application has the advantages that:
1. through the process of public key cross-splice, under the condition of not occupying excessive system storage resources, the public key applied to encrypt the data can be protected, and even if the application encryption public key confirmed by utilizing a public key cross mode is acquired, a third party cannot effectively acquire an effective public key, so that the protection of the data stored in the database is more powerful.
2. The private key is encrypted by the key encryption public key which is confirmed by other public key crossing modes of the corresponding private key of the effective public key, so that the private key can be protected, and a third party cannot effectively decrypt data after acquiring related key information.
3. The intersection mode of the public key is determined through different data transmission modes of wired transmission and wireless transmission, so that the uncertainty of data encryption can be increased, and the same data is obtained by the database through different transmission modes, and the encryption modes are different.
4. The two-stage judging algorithm is formed by judging wired and wireless transmission and judging serial and parallel transmission, and the data is encrypted by different application encryption public keys selected by the algorithm, so that the data encryption strength can be effectively improved, and even if a third party obtains part of private keys, the data cannot be effectively decrypted in a short period.
5. By setting a list in the private key storage device, decryption difficulty is far lower than decoding difficulty; moreover, by arranging two public key storage modules, the public key can be protected from being effectively acquired to the greatest extent; and determining whether the process of generating the key pair in real time is needed by utilizing the serial-parallel judgment result, so that the data stored in the database can be protected in real time.
The present application is not limited to the above-mentioned embodiments, and any changes or substitutions that can be easily understood by those skilled in the art within the technical scope of the present application are intended to be included in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (5)
1. The database storage encryption method is characterized in that: the database storage encryption method applies public key crossing equipment and private key storage equipment; the method performs the steps of:
s1, a database receives and stores data transmitted by terminal equipment, and confirms a data transmission mode;
s2, determining a public key crossing mode based on the data transmission mode, wherein the public key determined by the public key crossing is an application encryption public key;
s21, two public key crossing modes are adopted, and one mode is to splice two different effective public keys; the other is to splice one valid public key in the front and the other invalid public key in the back;
s22, splicing the two different effective public keys into a first public key crossing mode; splicing a mode that one valid public key is in front and the other invalid public key is in rear into a second public key crossing mode;
s3, encrypting the data by using the public key determined by the public key crossing;
s31, when the application encryption public key confirmed by the first public key crossing mode is encrypted, encrypting the data by utilizing a later-spliced public key in the public key splicing;
s32, encrypting the data by using the effective public key when the application encryption public key confirmed by the second public key crossing mode is encrypted;
s4, confirming a private key based on the public key crossing mode;
s41, if the data mode of the terminal equipment transmitted to the database is wire transmission, selecting the first public key crossing mode, and encrypting the received data by using the application encryption public key confirmed by the first public key crossing mode;
s42, if the data mode of the terminal equipment transmitted to the database is wireless transmission, selecting the second public key crossing mode, and encrypting the received data by using the application encryption public key confirmed by the second public key crossing mode;
s5, requesting the private key from the private key storage device;
s6, forming a public key in another public key crossing mode, encrypting the private key, transmitting the encrypted private key to a client for storage, wherein the public key formed in the other public key crossing mode is a secret key encryption public key;
s61, if the data encryption is that the application encryption public key confirmed by the first public key crossing mode encrypts the received data, after a first private key is confirmed, the second public key crossing mode is utilized to encrypt the first private key, and a second private key is confirmed;
s62, if the data encryption is that the application encryption public key confirmed by the second public key crossing mode encrypts the received data, after a third private key is confirmed, the first public key crossing mode is utilized to encrypt the third private key, and a fourth private key is confirmed.
2. The database storage encryption method of claim 1, wherein:
s611, when the client accesses the data stored in the database, based on the encrypted first private key, looking up a table to obtain the second private key, requesting the second private key from the private key storage device, decrypting the second private key to obtain the first private key, and decrypting the data stored in the database;
s612, when the client accesses the data stored in the database, based on the encrypted third private key, looking up a table to obtain the fourth private key, requesting the fourth private key from the private key storage device, decrypting the fourth private key to obtain the third private key, and decrypting the data stored in the database.
3. A database storage decryption method implemented based on the database storage encryption method according to any one of claims 1 to 2, characterized in that:
the client side obtains a decryption private key aiming at the received private key through looking up a table in a private key storage device, decrypts the decryption private key of the accessed encrypted data, obtains the accessed encrypted data, and decrypts the data through the decryption private key.
4. A database storage encryption system implemented based on a database storage encryption method according to any one of claims 1-2, characterized in that:
the system comprises a database, a client, a public key crossing device and a private key storage device.
5. A database storage encryption device implemented based on the database storage encryption method according to any one of claims 1-2, characterized in that:
the public key crossing device executes a splicing process on the public key;
the private key storage device stores private keys corresponding to the public keys.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211646581.7A CN116011007B (en) | 2022-12-21 | 2022-12-21 | Storage encryption method, decryption method, system and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211646581.7A CN116011007B (en) | 2022-12-21 | 2022-12-21 | Storage encryption method, decryption method, system and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116011007A CN116011007A (en) | 2023-04-25 |
| CN116011007B true CN116011007B (en) | 2023-11-14 |
Family
ID=86027586
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211646581.7A Active CN116011007B (en) | 2022-12-21 | 2022-12-21 | Storage encryption method, decryption method, system and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116011007B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2624498A1 (en) * | 2010-09-28 | 2013-08-07 | Nec Corporation | Encrypted database system, client terminal, encrypted database server, natural joining method, and program |
| CN110968743A (en) * | 2019-12-13 | 2020-04-07 | 支付宝(杭州)信息技术有限公司 | Data storage and data reading method and device for private data |
| CN112804195A (en) * | 2020-12-25 | 2021-05-14 | 航天信息股份有限公司 | Data security storage method and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP7318490B2 (en) * | 2019-11-01 | 2023-08-01 | 富士通株式会社 | Cryptographic processing system and cryptographic processing method |
-
2022
- 2022-12-21 CN CN202211646581.7A patent/CN116011007B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2624498A1 (en) * | 2010-09-28 | 2013-08-07 | Nec Corporation | Encrypted database system, client terminal, encrypted database server, natural joining method, and program |
| CN110968743A (en) * | 2019-12-13 | 2020-04-07 | 支付宝(杭州)信息技术有限公司 | Data storage and data reading method and device for private data |
| CN112804195A (en) * | 2020-12-25 | 2021-05-14 | 航天信息股份有限公司 | Data security storage method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116011007A (en) | 2023-04-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8239679B2 (en) | Authentication method, client, server and system | |
| CN108768951B (en) | Data encryption and retrieval method for protecting file privacy in cloud environment | |
| US20050235143A1 (en) | Mobile network authentication for protection stored content | |
| US11874935B2 (en) | Protecting data from brute force attack | |
| KR101982237B1 (en) | Method and system for data sharing using attribute-based encryption in cloud computing | |
| US20090138708A1 (en) | Cryptographic module distribution system, apparatus, and program | |
| CN106452770B (en) | Data encryption method, data decryption method, device and system | |
| CN105653986B (en) | A kind of data guard method and device based on microSD card | |
| US20070276756A1 (en) | Recording/Reproducing Device, Recording Medium Processing Device, Reproducing Device, Recording Medium, Contents Recording/Reproducing System, And Contents Recording/Reproducing Method | |
| US6831982B1 (en) | Encryption key management system using multiple smart cards | |
| JPH08340330A (en) | Communication system | |
| US20190268145A1 (en) | Systems and Methods for Authenticating Communications Using a Single Message Exchange and Symmetric Key | |
| CN111970114B (en) | File encryption method, system, server and storage medium | |
| CA2294170A1 (en) | Bilateral authentication and encryption system | |
| EP1501238A1 (en) | Method and system for key distribution comprising a step of authentication and a step of key distribution using a KEK (key encryption key) | |
| US20020018570A1 (en) | System and method for secure comparison of a common secret of communicating devices | |
| CN116668072A (en) | Data security sharing method and system based on multi-authority attribute base encryption | |
| US10699021B2 (en) | Method and a device for secure storage of at least one element of digital information, and system comprising such device | |
| CN112149184A (en) | Block chain external storage system and method based on time-limited access | |
| US10764260B2 (en) | Distributed processing of a product on the basis of centrally encrypted stored data | |
| JPH04247737A (en) | Enciphering device | |
| Kwon et al. | Efficient key exchange and authentication protocols protecting weak secrets | |
| CN116011007B (en) | Storage encryption method, decryption method, system and equipment | |
| CN114553557B (en) | Key calling method, device, computer equipment and storage medium | |
| CN111953675B (en) | Key management method based on hardware equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |