CN116796355A - Data security protection and leakage prevention production method for data warehouse - Google Patents
Data security protection and leakage prevention production method for data warehouse Download PDFInfo
- Publication number
- CN116796355A CN116796355A CN202311071390.7A CN202311071390A CN116796355A CN 116796355 A CN116796355 A CN 116796355A CN 202311071390 A CN202311071390 A CN 202311071390A CN 116796355 A CN116796355 A CN 116796355A
- Authority
- CN
- China
- Prior art keywords
- names
- field
- data
- encryption
- encryption algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004519 manufacturing process Methods 0.000 title claims abstract description 10
- 230000002265 prevention Effects 0.000 title claims abstract description 8
- 238000000034 method Methods 0.000 claims abstract description 22
- 230000008569 process Effects 0.000 claims abstract description 11
- 238000011161 development Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data security protection and leakage prevention production method for a data warehouse, which comprises the following steps: selecting a symmetric encryption algorithm as an encryption pool of a database, wherein the encryption pool adopts meaningless codes to represent a real encryption algorithm; the table name and the field name are used as basic keys, a hash algorithm is selected to convert the basic keys into table digests, and the table digests are used as actual keys; the system obtains table names and field name information according to metadata of a database table, generates an actual secret key corresponding to a field, randomly selects an encryption algorithm, encrypts different fields, and records the table names, the field names and codes of the encryption algorithm corresponding to the table names and the field names into a configuration information table; in the decryption process, the system scans SQL sentences, identifies table names and field names, reads information in a configuration information table to acquire an encryption algorithm used by the field, calls a decryption method, and carries out a hash algorithm on the table names and the field names to acquire an actual key; the method has the characteristic of high safety.
Description
Technical Field
The invention relates to the field of data security protection, in particular to a data security protection anti-leakage generation method for a data warehouse.
Background
In recent years, the security legislation is continuously increased in China. From national security law, network security law, cryptography, data security law, personal information protection law and the like, china enters the law curing stage in the field of government affair data management, and information protection is implemented on the whole life cycle of government affair data according to law.
Each level of government builds a basic library about population and legal persons, and establishes data classification standards in terms of data security. In practice, hierarchical classification only solves the problems of level identification of data acquisition objects and data acquisition range, but does not solve the problem of leakage prevention of data in the development, exchange and circulation processes. The existing protection means generally have the following problems: the whole database encryption key is fixed and not dynamic, so that the whole database encryption key is easy to crack; the encrypted results of the same information in different tables are the same, so that multiple tables can correlate other information; the encryption algorithm is single, and multiple secret algorithms are not supported at the same time; the fused table model only has one decryption algorithm and does not support a plurality of decryption algorithms. Therefore, a method for guaranteeing the safety is urgently needed, and the safety problem of data in the development, exchange and circulation processes is avoided.
Disclosure of Invention
In order to achieve the above object, the present inventors provide a data security protection and leakage prevention production method for a data warehouse, comprising the steps of:
s1, selecting a symmetric encryption algorithm as an encryption pool of a database, wherein the encryption pool adopts meaningless codes to represent a real encryption algorithm;
s2, adopting a table name and a field name as basic keys, then selecting a hash algorithm to convert the basic keys into table digests, and taking the table digests as actual keys of an encryption algorithm, wherein the table digests have irreversibility;
s3, the system obtains table names and field name information according to metadata of the database table, generates an actual secret key corresponding to the field, randomly selects an encryption algorithm from an encryption pool, encrypts different fields, and finally records the table names, the field names and codes of the encryption algorithm corresponding to the table names and the field names into a configuration information table;
s4, when the data is processed, the data needs to be decrypted, in the decryption process, the system scans SQL sentences, identifies the used table names and field names, reads information in the configuration information table to acquire an encryption algorithm used by the field, then invokes a decryption method of the algorithm, and automatically carries out a hash algorithm on the table names and field names to obtain an actual key so as to decrypt the data.
As a preferred mode of the present invention, the encryption algorithm in step S1 includes: DES, 3DES, AES and RC4.
As a preferred mode of the present invention, the step S2 includes: the table names and the field names are unique in the database, and the actual key has global uniqueness.
As a preferred mode of the present invention, the step S3 includes: all actual keys need not be saved.
As a preferred mode of the present invention, the step S4 includes: the decryption process modifies the SQL statement through the bottom layer.
Compared with the prior art, the beneficial effects achieved by the technical scheme are as follows:
the method generates encrypted data by combining the characteristics of a database through an international authentication symmetric encryption algorithm. The method designs a dynamic key, supports the selection of a plurality of different encryption algorithms, and the selected plurality of different encryption algorithms can be mixed and used in data encryption, so that encryption becomes irregular, and the difficulty of cracking is increased; different fields of the same information in the same table or different tables can be encrypted into different results, so that the data is prevented from being associated, and even if two tables with mapping relations are leaked, the encrypted results are not associated. The encrypted data can be automatically analyzed and decrypted in the using and processing process, the stored result is still an encrypted value, the data result of multiple tables is fused, and no substantial relation is formed between the data result and the ciphertext of the source table; even if the whole database is dragged away, not only can the main body information be prevented from being identified, but also the system information associated by the multiple tables is not available.
Drawings
FIG. 1 is a flow chart of a method according to an embodiment.
Detailed Description
In order to describe the technical content, constructional features, achieved objects and effects of the technical solution in detail, the following description is made in connection with the specific embodiments in conjunction with the accompanying drawings.
The embodiment provides a data security protection and leakage prevention production method for a data warehouse, which comprises the following steps:
s1, selecting a symmetric encryption algorithm as an encryption pool of a database, wherein the encryption pool adopts meaningless codes to represent a real encryption algorithm; specific: the symmetric encryption algorithm of international authoritative certification is selected as the encryption pool of the system, such as DES, 3DES, AES, RC4 and the like, and the realization functions are as follows
Encryption: ciphertext = algorithm (key, plaintext);
decryption: plaintext=algorithm (key, ciphertext);
the encryption pool adopts meaningless codes to represent a real encryption algorithm, such as: a1 represents DES, S3 represents RC4, and is prevented from being guessed.
S2, adopting a table name and a field name as basic keys, then selecting a hash algorithm to convert the basic keys into table digests, and taking the table digests as actual keys of an encryption algorithm, wherein the table digests have irreversibility; specific: the unique characteristic of the database object is used as a key, such as: the table names in the database cannot be the same, and the field names in the same table cannot be the same, so that the table name plus the field name are unique in the whole database; therefore, the table name and the field name are used as basic keys, then a hash algorithm is selected to convert the basic keys into table digests, and the digests are used as actual keys of the encryption algorithm because the digests are irreversible, and the actual keys have global uniqueness because the table name and the field name are unique in a database.
S3, the system obtains table names and field name information according to metadata of a database table, generates actual secret keys corresponding to fields, randomly selects an encryption algorithm in an encryption pool, encrypts different fields, and finally records codes of the table names, the field names and the corresponding encryption algorithms into a configuration information table without storing all the actual secret keys because the fields with the same names and the same contents are scattered in different tables;
s4, when the data is processed, the data needs to be decrypted, in the decryption process, the system scans SQL sentences, identifies the used table names and field names, reads information in a configuration information table to acquire an encryption algorithm used by the field, then invokes a decryption method of the algorithm, and automatically carries out a hash algorithm on the table names and field names to obtain an actual key so as to decrypt the data; the whole process modifies SQL sentences through the bottom layer, so that the writing method of the conventional SQL is not influenced, and encryption and decryption can be realized without perception to users.
The embodiment uses an encryption and decryption algorithm of international authentication, so that the safety is guaranteed, and the cost is low; the data security is reinforced, and once the data is leaked, the data is not available; the encryption algorithm is hidden, the secret key is not stored, and the difficulty of being cracked is extremely high; the user does not feel in the encryption and decryption process; even if the configuration information of the system is compromised, the third party cannot be decrypted due to the hidden key algorithm.
It should be noted that, although the foregoing embodiments have been described herein, the scope of the present invention is not limited thereby. Therefore, based on the innovative concepts of the present invention, alterations and modifications to the embodiments described herein, or equivalent structures or equivalent flow transformations made by the present description and drawings, apply the above technical solution, directly or indirectly, to other relevant technical fields, all of which are included in the scope of the invention.
Claims (5)
1. The data security protection and leakage prevention production method for the data warehouse is characterized by comprising the following steps of:
s1, selecting a symmetric encryption algorithm as an encryption pool of a database, wherein the encryption pool adopts meaningless codes to represent a real encryption algorithm;
s2, adopting a table name and a field name as basic keys, then selecting a hash algorithm to convert the basic keys into table digests, and taking the table digests as actual keys of an encryption algorithm, wherein the table digests have irreversibility;
s3, the system obtains table names and field name information according to metadata of the database table, generates an actual secret key corresponding to the field, randomly selects an encryption algorithm from an encryption pool, encrypts different fields, and finally records the table names, the field names and codes of the encryption algorithm corresponding to the table names and the field names into a configuration information table;
s4, when the data is processed, the data needs to be decrypted, in the decryption process, the system scans SQL sentences, identifies the used table names and field names, reads information in the configuration information table to acquire an encryption algorithm used by the field, then invokes a decryption method of the algorithm, and automatically carries out a hash algorithm on the table names and field names to obtain an actual key so as to decrypt the data.
2. The method for producing the data security protection and leakage prevention of the data warehouse according to claim 1, wherein the encryption algorithm in the step S1 comprises: DES, 3DES, AES and RC4.
3. The data warehouse data security protection leak-proof production method as defined in claim 1, wherein the step S2 comprises: the table names and the field names are unique in the database, and the actual key has global uniqueness.
4. The data warehouse data security protection leak-proof production method as claimed in claim 1, wherein the step S3 includes: all actual keys need not be saved.
5. The data warehouse data security protection leak-proof production method as defined in claim 1, wherein the step S4 comprises: the decryption process modifies the SQL statement through the bottom layer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311071390.7A CN116796355A (en) | 2023-08-24 | 2023-08-24 | Data security protection and leakage prevention production method for data warehouse |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311071390.7A CN116796355A (en) | 2023-08-24 | 2023-08-24 | Data security protection and leakage prevention production method for data warehouse |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116796355A true CN116796355A (en) | 2023-09-22 |
Family
ID=88037621
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311071390.7A Pending CN116796355A (en) | 2023-08-24 | 2023-08-24 | Data security protection and leakage prevention production method for data warehouse |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116796355A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102143159A (en) * | 2011-01-13 | 2011-08-03 | 北京邮电大学 | Database key management method in DAS (database-as-a-service) model |
| CN102855448A (en) * | 2012-08-10 | 2013-01-02 | 深圳市黎明网络系统有限公司 | Field-level database encryption device |
| CN108009440A (en) * | 2017-11-23 | 2018-05-08 | 重庆金融资产交易所有限责任公司 | Date storage method, querying method, device, storage medium and computer equipment |
| CN111767559A (en) * | 2020-06-23 | 2020-10-13 | 江苏荣泽信息科技股份有限公司 | Field level encryption blockchain data |
| CN111884986A (en) * | 2019-12-13 | 2020-11-03 | 马上消费金融股份有限公司 | Data encryption processing method and device |
-
2023
- 2023-08-24 CN CN202311071390.7A patent/CN116796355A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102143159A (en) * | 2011-01-13 | 2011-08-03 | 北京邮电大学 | Database key management method in DAS (database-as-a-service) model |
| CN102855448A (en) * | 2012-08-10 | 2013-01-02 | 深圳市黎明网络系统有限公司 | Field-level database encryption device |
| CN108009440A (en) * | 2017-11-23 | 2018-05-08 | 重庆金融资产交易所有限责任公司 | Date storage method, querying method, device, storage medium and computer equipment |
| CN111884986A (en) * | 2019-12-13 | 2020-11-03 | 马上消费金融股份有限公司 | Data encryption processing method and device |
| CN111767559A (en) * | 2020-06-23 | 2020-10-13 | 江苏荣泽信息科技股份有限公司 | Field level encryption blockchain data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103731432B (en) | Multi-user supported searchable encryption method | |
| CN101436208B (en) | Ciphertext database privacy protection enquiring method | |
| KR101371608B1 (en) | Database Management System and Encrypting Method thereof | |
| CN112380557B (en) | Relational database encryption method and encrypted database query method | |
| CN103378971B (en) | A kind of data encryption system and method | |
| CN101043326B (en) | Dynamic information encrypting system and method | |
| GB2484382A (en) | Generating a test database for testing applications by applying format-preserving encryption to a production database | |
| CN110166423B (en) | User credit determination method, device and system and data processing method | |
| CN111177769A (en) | Private data protection list query method and related list query system | |
| CN111191289A (en) | Method for displaying and storing private data | |
| CN108090370A (en) | Instant messaging encryption method and system based on index | |
| CN111510464B (en) | Epidemic situation information sharing method and system for protecting user privacy | |
| CN112529586B (en) | Transaction information management method, device, equipment and storage medium | |
| CN1588365A (en) | Ciphertext global search technology | |
| CN112511599A (en) | Civil air defense data sharing system and method based on block chain | |
| CN115422570A (en) | Data processing method and system for distributed storage | |
| CN112866227A (en) | File authorization protection method and system | |
| CN113794702A (en) | Communication high-level encryption method in intelligent household system | |
| CN105959099A (en) | Method for encrypting SSR password | |
| CA2312980A1 (en) | System and method of sending and receiving secure data using anonymous keys | |
| CN115378736B (en) | Data processing system, method and storage medium of digital platform | |
| CN116796355A (en) | Data security protection and leakage prevention production method for data warehouse | |
| CN115712919A (en) | Regional medical data encryption and application method | |
| CN213817804U (en) | Secret key generating device | |
| KR101214502B1 (en) | Apparatus for data security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |