CN101571873A - Database data encryption system and method thereof - Google Patents
Database data encryption system and method thereof Download PDFInfo
- Publication number
- CN101571873A CN101571873A CNA2009100868225A CN200910086822A CN101571873A CN 101571873 A CN101571873 A CN 101571873A CN A2009100868225 A CNA2009100868225 A CN A2009100868225A CN 200910086822 A CN200910086822 A CN 200910086822A CN 101571873 A CN101571873 A CN 101571873A
- Authority
- CN
- China
- Prior art keywords
- data
- byte
- key
- keyb
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a database data encryption system and a method thereof. The system comprises a model Q nonlinear feedback shift register, a permutation table replacement module, a substitution transforming module and an operation module; wherein, the model Q nonlinear feedback shift register is used for nonlinear feedback by taking the specified key as initial value, the feedback value is replaced and converted by the preset substitution list to continuously generate derived keys with 18 states, and the generated derived keys are applied in encryption and decryption operation of all block ciphers; the permutation table replacement module is used for transforming by taking byte as unit; the substitution transforming module is used for replacing by taking byte as unit; the operation module is used for expanding or centralizing the data in a database according to the byte for lateral accumulating; under the indication of the derived keys which are replaced and transformed by the model Q nonlinear feedback shift register, replacement and substitution operation can be carried out, so that encryption and decryption of the data in the database can be completed. The invention can effectively protect the safety of the data in the database.
Description
Technical field
The present invention relates to field of information security technology, particularly relate to a kind of database data encryption system and method.
Background technology
Normally, data encryption has two kinds of different situations, and a kind of is the encryption of communication data, and another kind is the encryption of storage data, and the storage data utilize database to encrypt usually.Stream cipher can only be used for the encryption of communication data, can not be used to store the encryption of data, because will be with different secret key encryptions to the different files in the database, and key is secret variable, therefore intractable, generally encrypts with block cipher the storage data in the database.
Block encryption also is " block encryption " (bloc cipher), and a grouping plain code is downconverted into the password of a grouping in the effect of a block cipher.He broken through stream cipher (be stream cipher: traditional operation mode stream cipher), no longer by bit (bit) or word for word carry out cryptographic operation, and with a grouping as basic encryption unit.
A grouping can be that 64 bits or 256 bits do not wait, and is called the grouping width.
Another characteristics of block cipher are can be with identical secret key encryption to different clear packets, so its key management is very convenient.This does not accomplish in stream cipher, because stream cipher requires each encryption all can not reuse identical key, and this brings very big inconvenience to key management.
Because block cipher is a unit-distance code with " piece ", therefore the mistake of a bit may cause the error diffusion of a grouping.By contrast, stream cipher then is the mistake that the mistake of a bit can only cause a bit, and he does not cause error diffusion, but the step-out of one bit but causes the failure of whole communication.
The seventies in 20th century, block cipher occurs, and just causes widely to note, and has obtained using widely.So occurred various block encryption systems in succession, wherein the most famous have DES, AES cryptographic algorithm etc., and become international standard.
According to the difference of storage data, database is divided into document databse and concerns that storehouse, document databse are data warehouses, concerns that the data of storing in the storehouse then are form class data.Form is walked crosswise with stringer and is constituted, and walks crosswise to be called record, and stringer is called field.Therefore a record is made of a plurality of fields, and the length difference of each field is called the segment length.If select for use the block encryption system to each field encryption, so when the segment length less than the grouping width, or the segment length is not when being the multiple of grouping width, the segment length after the encryption can change, segment length is a grouping width or its multiple at least.
There is following defective in relational database encryption technology of the prior art:
1) data are after encrypting, and the segment length can not remain unchanged.Existing cipher system, as AES, DES system, its password width is fixed, thereby when length is encrypted less than the data of password width, produces the expansion of data, changes former data structure.Sex field for example, a byte just can be represented man or woman, and perhaps two bytes can be represented " man " or " woman " with Chinese character, and the segment length can not keep a byte or two bytes after encrypting.
2) the ASK sign indicating number can not accomplish it both can is the binary data that can not show after encrypting, and also can be the ASK sign indicating number that can show.
Summary of the invention
The object of the invention is to provide a kind of database data encryption system and method, and it is the safety of data in the protected data storehouse effectively.
A kind of database data encryption system for realizing that the object of the invention provides comprises:
Mould Q nonlinear feedback shift register, permutation table replacement module, substitution list conversion module, and computing module, wherein:
Described mould Q nonlinear feedback shift register, being used for given key is initial value, carries out nonlinear feedback, its feedback numerical value generates the derivative key of 18 states continuously through the replacement conversion of default substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses;
Described permutation table replacement module, being used for the byte is unit transformation;
It is that unit replaces that described replacement conversion module is used for the byte;
Described computing module, be used for the data of database being expanded by byte or being concentrated, laterally add up, under the derivative key that described mould Q nonlinear feedback shift register replaces conversion to go out is indicated, replace and substitution operation, finish the database data encryption and decryption.
Described database data encryption system can also comprise the library key administration module, is used for used library key, catalogue key, table key and record key, field key line pipe reason in the storehouse.
For realizing that the object of the invention also provides a kind of database data encryption method, comprise the following steps:
Steps A, mould Q nonlinear feedback shift register is an initial value with given key, carries out nonlinear feedback, its feedback data generates 18 states continuously through the replacement conversion of default substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses;
Step B expands the data in the database or concentrates by byte, laterally add up, and under mould Q nonlinear feedback shift register replaces derivative key indication that conversion goes out, replaces and substitution operation, finishes the database data encryption and decryption.
The invention has the beneficial effects as follows: database data encryption system of the present invention and method, the present invention proposes the encryption method that under the constant situation of key length, realizes byte, double byte, three bytes, nybble, Eight characters joint number certificate, make the data that concerns storehouse after encryption, still keep former data structure; Except that the encryption of 8 unitary code data, the encryption method of 7 unitary code data has also been proposed, make the ASK sign indicating number after encrypting, still keep the attribute of ASK sign indicating number.In the present invention, key divide granularity from storehouse level, directory level, file-level to record or field level, be applicable to the protection that concerns database data.After encrypting, the segment length remains unchanged in data for it, and at the ASK sign indicating number after encrypting, can be the binary data that can not show, also can be still the ASK sign indicating number; It is the safety of protected data storehouse content effectively, under the situation that influences database function as small as possible, does not influence the recall precision of database, does not destroy database data structure.
Description of drawings
Fig. 1 is an embodiment of the invention database data encryption system structural representation;
Fig. 2 is an embodiment of the invention mould Q nonlinear feedback shift register logical organization synoptic diagram;
Fig. 3 is an embodiment of the invention mould Q nonlinear feedback shift register iterative process process flow diagram;
Fig. 4 is an embodiment of the invention database data encryption method flow diagram.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, a kind of database data encryption system of the present invention and method are further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Database data encryption system of the present invention as shown in Figure 1, comprises mould Q nonlinear feedback shift register 1, permutation table replacement module 2, substitution list conversion module 3, and computing module 4, library key administration module 5.Wherein:
1) mould Q nonlinear feedback shift register 1:
Mould Q nonlinear feedback shift register 1, being used for given key is initial value, carries out nonlinear feedback, its feedback numerical value generates the derivative key of 18 states continuously through the replacement conversion of default mmm substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses.
Preferably, block cipher 8 circles that turn round altogether, every circle is with two output states.
2) permutation table replacement module 2:
The permutation table replacement module 2 of the embodiment of the invention, comprise at least one group of permutation table disk, permutation table is the table of indication evolution relation, permutation table disk is divided into two classes, the first kind is to encrypt with table, comprises permutation table disk8e, constitutes by 4 pages, note disk8e[i] (i=0..3), be used for the encryption of 8 unitary codes; And permutation table disi7e, constitute note disk7e[i by 4 pages] (i=0..3), be used for the encryption of 7 unitary codes.Second class is the deciphering table, and is corresponding with permutation table disk8e and permutation table disk7e, is used for the deciphering of 8 unitary codes and the deciphering of 7 unitary codes, and with disk8d and disk7d mark, decryption table is the anti-table of black list, derives from according to black list to obtain decryption table.
Permutation table replacement module 2, being used for the byte is unit transformation, the row variable claims the displacement wheel, displacement wheel indication replacement series, the row variable claims to replace starting point, and the indication replacement series is enabled starting point.
As table 1,6 take turns, and the displacement relation that 7 starting points constitute is as follows:
Table 16 is taken turns, the displacement relation table that 7 starting points constitute
disk8e[2]
0 1 2 3 4 5 6 7
[0]5 2 7 3 6 7 6 0
[1]2 0 5 7 1 3 4 7
[2]0 7 2 4 3 5 1 6
[3]7 4 6 0 2 1 5 1
[4]1 6 3 2 0 4 2 3
[5]4 1 0 6 5 2 3 4
[6]3 5 4 1 7 6 0 2
[7]6 3 1 5 4 0 7 5
byte=8:56 C3 62 FF 25 44 06 6A
Displacement:
byte=8:06 FF 44 C3 62 25 56 6A
As shown in table 1, giving given data 56 C3 62 FF 25 44 06 6A, after displacement, be 06 FF, 44 C362,25 56 6A.
3) the substitution list conversion module 3:
Described substitution list conversion module 3 comprises at least one group of substitution list subst, is used for replacing conversion with byte position unit with subst.The Subst substitution list is divided into two classes, and a class is to encrypt the substitution list of usefulness, comprises substitution list subst8e, is used for the replacement of 8 unitary codes, and size is 16x16; And subst7e, being used for the conversion of 7 unitary codes, size is 16x8.Another kind of is the substitution list of deciphering usefulness, corresponding with substitution list subst8e and subst7e, be used for the substitution list of 8 unitary codes deciphering and the substitution list of 7 unitary codes deciphering, represent with subst8d and subst7d respectively, can derive from the substitution list that obtains deciphering according to the substitution list of encrypting.
Replacing conversion module 3 to be used for the byte is that unit replaces, and is illustrated in the 1-bit operation as byte=1:subst8e (09)=FF, and subst8e is the function name that replaces operation, and 09 replaces into FF.
4) computing module 4, be used for the data of database being expanded by byte or being concentrated, laterally add up, under the derivative key that mould Q nonlinear feedback shift register 1 replaces conversion to go out is indicated, replace and substitution operation, finish the database data encryption and decryption.It comprises:
41) the data expansion module 41, are used for when carrying out a byte manipulation, and a given byte data is expanded to 8 bytes by 1-bit; When carrying out two byte manipulations, given two byte datas are expanded to 8 bytes by 2-bit; When carrying out three byte manipulations, given 3 byte datas are expanded to 8 bytes by 3-bit; When carrying out the nybble operation, given 4 byte datas are expanded to 8 bytes by 4-bit;
42) the data centralization module 42, be used for when carrying out a byte manipulation, with the 1-bit data centralization in 8 bytes in a byte; When carrying out two byte manipulations, with the 2-bit data centralization in 8 bytes in two bytes; When carrying out three byte manipulations, with the 3-bit data centralization in 8 bytes in three bytes; When carrying out nybble when operation, with the 4-bit data centralization in 8 bytes in nybble.
43) horizontal accumulator module 43,8 byte datas after being used to launch will add up and dextrad adds up through left-hand in each circle computing.
44) the in- place computation module 44,8 byte datas after being used to launch, selected permutation table disk under the indication of the derivative key of mould Q nonlinear feedback shift register
i, the line replacement conversion of going forward side by side.In each circle computing, through twice displacement transformation.
45) substitution operation module 45 is used for that n the byte (n=1,2,3,4) after concentrating carried out subst with byte position unit and replaces conversion, finishes the encryption and decryption of database data.
5) the library key administration module 5:
One concerns the storehouse, is made up of a lot of tables, and table is made up of record, and record is made up of field.There is library key in the storehouse, and catalogue has the catalogue key, and sub-directory has the sub-directory key, and table has table key or the like, forms huge key management net.Library key administration module 5 is used to manage whole cipher key system and determines a record key, a field key.
Describe mould Q nonlinear feedback shift register 1 of the present invention below in detail:
The mould Q nonlinear feedback shift register 1 of the embodiment of the invention is made of 8 bytes, is the critical piece of key derivation.The connection polynomial expression of feedback shift register is: f (x)=x
8+ x+1 is with (8,1,0) mark.
The 8th grade of output of described polynomial expression (8,1,0) replaces through default substitution list mmm, carries out feeding back to the 1st grade after the mould q additive operation with the 1st grade of output again.In embodiments of the present invention, q=256 is expressed from the next:
Mmm (8 grades)+(1 grade) mod 256
(1 grade)
Its logical relation as shown in Figure 2.
Described substitution list mmm is the substitution list of 16x16, is used for the feedback logic of shifting memory, and it is non-linear, as shown in table 2 that feedback is become.
Table 2 mmm substitution list
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 CC 87 F0 75 BC 1F F8 52 00 3A 8E 57 AC 6E F5 23
1 17 2B 89 D5 12 FC A3 EF 67 94 5C C7 9E DF 56 DA
2 C2 FF 47 83 E6 2C 39 02 AD 1E E4 07 51 1D A6 0A
3 3B A8 11 20 62 CB B3 B5 22 D2 2A EE D8 F4 9F 86
4 FB 63 AE 58 FE 10 7E 35 E5 4F 7F 55 5B 8D 4B 7A
5 90 E1 53 E0 95 48 4E 66 31 F6 C8 6D 06 3E C6 BF
6 46 04 F7 38 01 C0 0B A1 8F 0F 43 85 AB F9 68 93
7 A2 AF 73 DB 6F 16 9A 6C 72 A7 D1 1B 65 1C 79 3F
8 21 33 0C 45 B8 5D 76 29 BB 2E 61 DE 99 B6 5F E3
9 9B 82 7B E7 27 54 9D DD 81 E9 E2 78 BD 37 ED 30
A 74 59 D4 32 8B BA 0D 26 13 7D 05 C5 15 71 B2 CF
B 34 E8 18 C1 F1 40 92 AA 8A C9 B1 44 A5 EC 24 69
C 88 28 CD 03 6A 64 D7 42 FA 5E 3D F2 8C 08 D9 B7
D 6B D6 3C CA DC FD 2D EA 19 96 CE 14 25 D0 80 4A
E B9 A9 C3 7C A4 4C B0 84 C4 77 EB A0 D3 49 BE 98
In the embodiment of the invention, with the initial value of given key as mould Q nonlinear feedback shift register 1, with the state of feedback shift 16 times is first group of derivative key keyb[0], feed back again 24 times, obtain second group of derivative key keyb[1], analogize, feed back 16 times and 24 times circulation in turn, derive keyb[0 successively] ..keyb[17] totally 18 groups of derivative key.
Described derivative key accounts for a grouping, and block length is 8 bytes of 64 bits (bit).
Described derivative key, wherein keyb[0], keyb[9] be used for indieating variable, keyb[1..8], keyb[10..17] be used for the constant variables of each layer computing.
The effect of indieating variable: keyb[0, i] and keyb[9, i] low 4 of each byte of key, indicate used permutation table; Each byte of key high 4, indication permutation table starting point;
The effect of constant variables: remove keyb[0, i] and keyb[9, i] outside, other 16 groups of keyb key variables are all done constant variables and packet addition, in every iteration of taking turns when changing, and use successively.
Described iterative process is illustrated in fig. 3 shown below.
Iterations position 8 times (circle) in embodiments of the present invention, this iteration is the basic theories problem of password, is the notion of product ciphers, therefore describes in detail no longer one by one in embodiments of the present invention.
Describe the permutation table conversion module 2 of the embodiment of the invention below in detail:
Permutation table conversion module 2, comprise at least one group of permutation table disk, permutation table is the table of indication evolution relation, permutation table disk is divided into two classes, and a class is to encrypt with table, comprises permutation table disk8e, constitute by 4 pages, note disk8e[i] (i=0..3), be used for the encryption of 8 unitary codes, promptly be used for the encryption of 8 unit binary codes; And permutation table disi7e, constitute note disk7e[i by 4 pages] (i=0..3), be used for the encryption of 7 unitary codes, be used for the encryption of 7 ask of unit sign indicating numbers.Two classes are the deciphering table, and are corresponding with permutation table disk8e and permutation table disk7e, are used for the deciphering of 8 unitary codes and the deciphering of 7 unitary codes, and with disk8d and disk7d mark, decryption table is the anti-table of black list, derives from according to black list to obtain decryption table.
Totally 4 pages of permutation table disk are with the 0..3 mark.With disk8e[0] be example, 8 row constitute 8 displacement wheels, and each displacement wheel has 8 starting points, and different wheels constitute different displacement relations with different starting points, and are as shown in table 3.
Table 3, disk8e[0] and disk7e[0] the displacement relation table
disk8e[0] disk7e[0]
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6
[0] 7 4 2 3 5 1 6 7 [0] 2 4 8 1 5 5 0
[1] 4 6 4 5 0 7 2 3 [1] 5 2 0 4 3 1 6
[2] 6 0 7 6 4 3 7 5 [2] 1 6 4 0 6 3 2
[3] 1 2 6 1 7 0 5 6 [3] 3 0 6 2 1 4 5
[4] 2 7 0 2 3 5 1 0 [4] 0 3 1 5 4 6 1
[5] 0 1 3 7 6 2 4 4 [5] 6 1 5 3 0 2 4
[6] 5 3 1 0 2 4 3 2 [6] 4 5 2 6 2 0 3
[7] 3 5 5 4 1 6 0 1
disk8e[1] disk7e[1]
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6
[0] 3 4 7 2 1 0 5 6 [0] 6 1 5 2 9 4 3
[1] 5 2 1 6 7 4 0 3 [1] 3 0 2 6 4 5 6
[2] 1 0 4 5 3 6 2 5 [2] 1 3 4 5 1 6 0
[3] 4 6 0 1 5 3 7 2 [3] 0 2 3 4 5 1 2
[4] 0 1 6 3 2 5 1 4 [4] 5 6 0 1 3 2 4
[5] 7 5 2 0 4 1 3 7 [5] 2 4 1 3 6 0 5
[6] 2 3 5 7 6 7 4 0 [6] 4 5 6 0 2 3 1
[7] 6 7 3 4 0 2 6 1
disk8e[2] disk7e[2]
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6
[0] 5 2 7 3 6 7 6 0 [0] 2 5 4 5 1 0 2
[1] 2 0 5 7 1 3 4 7 [1] 0 2 5 1 3 4 6
[2] 0 7 2 4 3 5 1 6 [2] 5 6 1 2 0 3 4
[3] 7 4 6 0 2 1 5 1 [3] 1 3 6 4 6 5 0
[4] 1 6 3 2 0 4 2 3 [4] 3 1 2 0 4 6 3
[5] 4 1 0 6 5 2 3 4 [5] 6 4 0 3 2 1 5
[6] 3 5 4 1 7 6 0 2 [6] 4 0 3 6 5 2 1
[7] 6 3 1 5 4 0 7 5
disk8e[3] disk7e[3]
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6
[0] 7 3 0 7 4 2 5 6 [0] 2 0 3 1 6 4 6
[1] 2 0 7 3 5 7 4 1 [1] 6 2 5 0 3 6 1
[2] 6 7 4 0 3 1 7 2 [2] 0 5 4 5 1 3 2
[3] 3 1 1 4 0 5 2 5 [3] 3 1 0 2 4 5 4
[4] 5 4 6 1 2 3 6 0 [4] 1 3 6 4 2 0 5
[5] 0 6 2 5 7 6 1 3 [5] 4 6 1 3 5 2 0
[6] 4 2 5 6 1 0 3 7 [6] 5 4 2 6 0 1 3
[7] 1 5 3 2 6 4 0 4
Describe the replacement conversion module 3 of the embodiment of the invention below in detail, it comprises at least one group of substitution list subst, and the substitution list of the encryption usefulness in the Subst substitution list comprises substitution list subst8e, is used for the replacement of 8 unitary codes, and size is 16x16; And subst7e, being used for the conversion of 7 unitary codes, size is 16x8.。
Substitution list sub8e is the unit table of 16x16, is used for 8 unit operations, and is as shown in table 4.Substitution list sub7e is the Dan representative of 8x16, is used for 7 unit operations, and is as shown in table 5.
Table 4Subst8e
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 0B 9A 43 CD 17 B4 2A 84 77 FF 52 8E 70 03 A7 34
1 D6 3C 93 1D DD 4B C6 A6 42 9F C5 11 B3 83 5C 07
2 82 F4 0A E3 64 C4 16 8D D5 25 CC 7C 33 29 9E 4D
3 6D DE 4A BE 81 10 A5 6F 3D B5 6A 1F 5B BD 12 7B
4 9B AB 24 2B D7 B2 41 92 EF 51 00 89 D4 4C 99 38
5 18 FC 53 C3 3B 78 F5 06 5A CB 44 E2 15 94 2F 6C
6 49 B1 1E D3 01 E0 57 32 EE 63 9D 28 BC 66 AA 56
7 58 BA 80 9C F3 37 E7 7D 1C D2 02 A2 5D E8 20 DC
8 C8 6E FE 0F AF 48 A1 88 50 76 F0 71 B7 0C ED 62
9 05 2C 91 E6 69 FD 79 13 8F A9 39 40 95 75 A8 3F
A 8C F6 59 BB CA 23 AD 65 D8 08 C7 AE 1B F9 47 8B
B 36 14 D1 87 26 E1 72 BF 45 B6 6B CE 7A 2D DB 67
C DF 60 A0 68 E9 7E 0E B8 4E E4 5E 21 F2 54 8A C1
D 4F C9 AC 09 D9 5F EC 97 F7 1A A3 EA 55 FB 96 30
E 27 C2 73 B9 46 F8 31 E5 3A CF F1 2E DA 85 0D EB
F 74 B0 19 90 A4 04 D0 35 FA 22 C0 7F 3E 98 61 86
Table 5Subst7e
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 2A 61 10 5A 2F 4C 09 24 67 1B 04 37 33 0A 64 14
1 0F 55 44 18 78 01 29 76 03 6F 3F 13 59 22 49 5E
2 79 1E 6B 43 3C 7E 23 36 74 2E 68 0B 38 28 75 34
3 3D 7F 1F 54 00 45 19 62 12 21 4E 32 51 40 3B 71
4 5B 02 4A 7A 2B 4F 69 1A 42 6C 15 57 70 1D 5D 0C
5 17 72 30 16 60 39 08 66 2C 52 7D 27 35 50 65 58
6 4B 07 6E 26 73 11 53 20 7C 5C 48 05 6D 63 0D 46
7 31 6A 56 06 3A 25 7B 3E 4D 0E 5F 41 1C 47 77 2D
The embodiment of the invention has two kinds of implementations:
A kind of is 8 unitary codes (8-bit) operations, draws the binary data of 8-bit after encrypting;
Another kind is 7 unitary codes (7-bit) operations, and the sign bit reservation earlier of each byte is got up, and the binary code of 7-bit still can get the binary code of 7-bit after encrypting, then the sign bit that keeps is reverted to each byte, makes it to become the ASK sign indicating number of 8-bit.
The block cipher that did not also occur 7 unit operations in the prior art.
The embodiment of the invention realizes 5 kinds of encryption methods such as 1 byte, 2 bytes, 3 bytes, 4 bytes, 8 bytes under the key length rigid condition, the segment length remains unchanged after encrypting.
Short word joint and odd disposal route:
1) 8 byte manipulations are basic arithmetic units, handle (data of 8 byte multiple length) by 8 byte manipulations earlier greater than the part of 8 bytes.
2) treatment principle of the following short length of 8 bytes is:
7 byte datas=4 byte manipulations+3 byte manipulations;
6 byte datas=4 byte manipulations+2 byte manipulations;
5 byte datas=4 byte manipulations+1 byte manipulation;
4 byte datas=4 byte manipulations;
3 byte datas=3 byte manipulations;
2 byte datas=2 byte manipulations;
1 byte data=1 byte manipulation;
Library key administration module 5 is used for used library key, catalogue key, table key and record key, field key line pipe reason in the storehouse.
Describe the cipher key management procedures of the library key administration module in the data base encryption of the present invention system below in detail.
Database divides two big classes: the one, and document databse, the 2nd, concern the storehouse.Document databse encrypt to adopt user terminal to encrypt the mode of (belong to outside the storehouse and encrypt), handles and gets final product by the document form of depositing certainly of internal loopback.Therefore, its key need not to redefine, and shines with online communication key just.The file of document databse can be encrypted with personal key (KMTi) or close decipher key (KQi).Can only understand by key definien (terminal or individual) from depositing file.Agreement key (KKRi) but also self-definition and do from the encryption key of depositing file.Depositing file certainly and can be stored in the storage mediums such as hard disk, floppy disk or database after the encryption.
Concern the key management in storehouse, adopt centralized management in the storehouse, key dynamically produces and dynamic assignment in the storehouse.Used key all is arranged in the storehouse, and its definition, life-span, effect etc. need redefine.
Described library key administration module comprises that key sets up submodule 51, is used to set up key file, and described key file comprises the catalogue key file, file key file, and library key file.
Catalogue key: define key MUM of each catalogue.The catalogue key is a secondary key, deposits in automatically in the catalogue key file under the encryption of library key.The catalogue key has two kinds: produce the catalogue key file when catalogue that system sets up is both when building system, the self-built catalogue of user is set up corresponding catalogue key file simultaneously equally with the foundation of catalogue.The catalogue key produces automatically with the random key production method.The catalogue key calls with directory name.
File key: define key FS of each file.The file key also claims to show key, and the table key occurs with the form of record key sometimes by definition, then occurs with the form of field key sometimes.The table key is three grades of keys, is used for the encryption of data.The level of confidentiality file is set up by the user, sets up corresponding file key file when the user sets up file simultaneously.The file key produces automatically with the random key production method.The file key calls with filename.
Library key: define a library key KUM.Library key is a catalogue cryptographic key protection key, is the one-level key.The library key file is write by the authorized person when building system, and revises at any time.The library key file calls with library name.
Described library key administration module also comprises key sub module stored 52, is used for the storage of key file.
Key under the password encryption: storehouse (or claiming root directory) key (KUM), authentication of message key (FMA), random key produce key (FMG), digital signature keys (SQM) etc. and all deposit under the encryption of password (PWD).
Library key file=E
PWD(KUM);
Authentication of message key file=E
PWD(FMA);
Wherein, E is an encryption function, and PWD is a password, and password is encrypted to library key KUM or to authentication of message key FMA as key.
Key under library key is encrypted: the key under library key (KUM) is encrypted is sub-directory keys at different levels.Sub-directory can divide multilayer, claims the one-level sub-directory.The storage mode of sub-directory key is as shown in table 6:
Table 6, the storage mode of sub-directory key
| The one-level sub-directory | The secondary sub-directory | Three grades of sub-directories |
| E KUM(MUM 1) | ||
| E KUM(MUM 11) | ||
| E KUM(MUM 12) | ||
| E KUM(MUM 121) | ||
| E KUM(MUM 122) | ||
| E KUM(MUM 13) | ||
| E KUM(MUM 2) | ||
| E KUM(MUM 3) | ||
| E KUM(MUM 4) | E KUM(MUM 41) | |
| E KUM(MUM 411) | ||
| E KUM(MUM 42) | ||
| E KUM(MUM 421) |
Key under the catalogue secret key encryption: the file key is deposited under the sub-directory secret key encryption of file place.As; The MUM1 then location mode of file key FS is
E
MUM1(FS
1)
The MUM1 then location mode of file key FS is
E
MUM122(FS
2)
Being encrypted in the storehouse of relation data carried out, and therefore, concerns that storehouse table uses key, all is arranged in the storehouse.Encryption unit is field (minimum to a byte).Encryption method can be complete record or integer field.Because the system overhead of encrypting in the storehouse is very big, uses no or little whole table as far as possible and be encrypted as.
The key list definition: key list is the mapped file of a table (record or field), comprises prompt table, and is as shown in table 7, and argument table.
Table 7, table level prompt table
| Table name | |
| Confidential | The 1--256 level |
| Cipher mode | Record or field (10 is record, and 01 is field) |
| The |
8 bytes |
If field encryption is then looked into the field level prompt table, recording of encrypted is then looked into record level prompt table.The field level prompt table, as shown in table 8:
Cipher mode: 01, field encryption then
Table 8, the field level prompt table
| Field one | Field two | Field three | |
|
| 0 | 1 | 0 | 0 |
Record level prompt table, as shown in table 9:
Cipher mode: 10, then represent recording of encrypted
Table 9, record level prompt table
| Record one | Record two | Record three | |
|
| 0 | 0 | 1 | 0 |
Key variable: each table has the table key of one 8 byte, and the table key also is not practical key, and real practical key is a packet key, and the key variable of each packet key is by the table key, record name, and the field name be combined into:
Packet key=table key+field name+record name;
File encryption (option): operating unit: the unit of data encryption operation is a grouping, in the computing of each grouping, all will redefine key variable.
Encryption method: selected recording of encrypted or field encryption.At first will show key FS obtains:
1)D
KUM(E
KUM(MUM))=MUM
2)D
MUM(E
MUM(FS))=FS
Wherein, D is a decryption function, and E is an encryption function, and KUM is a library key, and MUM is the catalogue key, and FS is file key (a table key).
There has been FS just can calculate the key of each grouping,
Packet key BLK=shows key+field name+record name;
And can carry out function ECPH:
ECPH[RN,data]→E
BLK(data)
Encryption function ECPH divided for three steps carried out:
1)D
MUM(RN)=FS
2) FS+ record name+field name=BLK
3)E
BLK(data)
Wherein, E, D be add, decryption function, RN is the encryption of file key FS under catalogue key MUM, FS is the deciphering of RN under MUM conversely.BLK is a packet key, i.e. the field key.
File decryption: squeeze into the filename that to decipher, if cryptograph files, then reexamine and encrypt in the storehouse or the outer encryption in storehouse etc.Before file is decrypted, at first file key FS is obtained:
1)D
KUM(E
KUM(MUM))=MUM
2)D
MUM(E
MUM(FS))=FS
Had FS just can calculate the key of each grouping, be decrypted, decryption function is called DCPH.
DCPH(RN,E
BLK(data))→data
This function is carried out in two steps:
1)E
MUM(RN)=FS
2) FS+ record name+field name=BLK;
3)D
BLK(E
BLK(data))=data
Wherein, E, D be add, decryption function, file key FS is the encryption of random number R N under catalogue key MUM.BLK is packet key (a field key).
Describe database data encryption procedure of the present invention below in detail:
Step S100, mould Q nonlinear feedback shift register 1 is an initial value with given key, carries out nonlinear feedback, its feedback data generates 18 states continuously through the replacement conversion of default mmm substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses;
Step S200 expands the data in the database or concentrates by byte, laterally add up, and under described mould Q nonlinear feedback shift register 1 derivative key indication, replaces and substitution operation, finishes the database data encryption and decryption.
Described step S200 comprises the following steps:
Step S210 when carrying out a byte manipulation, expands to 8 bytes with a given byte data by 1-bit; When carrying out two byte manipulations, given two byte datas are expanded to 8 bytes by 2-bit; When carrying out three byte manipulations, given 3 byte datas are expanded to 8 bytes by 3-bit; When carrying out the nybble operation, given 4 byte datas are expanded to 8 bytes by 4-bit;
Step S220, when carrying out a byte manipulation, with the 1-bit data centralization in 8 bytes in a byte; When carrying out two byte manipulations, with the 2-bit data centralization in 8 bytes in two bytes; When carrying out three byte manipulations, with the 3-bit data centralization in 8 bytes in three bytes; When carrying out nybble when operation, with the 4-bit data centralization in 8 bytes in nybble.
Step S230,8 byte datas after the expansion, each the circle computing in will through left-hand add up and dextrad add up.
Step S240,8 byte datas after the expansion, selected permutation table disk under the indication of the derivative key of mould Q nonlinear feedback shift register 1
i, the line replacement conversion of going forward side by side.In each circle computing, through twice displacement transformation.
Step S250 carries out subst with n the byte (n=1,2,3,4) after concentrating with byte position unit and replaces conversion, finishes the encryption and decryption of database data.
Be operating as example with 8-bit and 7-bit unitary code below, describe in detail of the present invention
Embodiment one: the 8-bit unitary code is operated, and draws the binary data of 8-bit after encrypting
Given key and data are as follows:
Byte order [7] [6] [5] [4] [3] [2] [1] [0]
Key variable key:08 07 06 05 04 03 02 01
Give given data:
Data length data variable data
byte=1 01
byte=2 02 01
byte=3 03 02 01
byte=4 04 03 02 01
byte=8 08 07 06 05 04 03 02 01
Wherein
Byte: field length, byte=1,2,3,4,8 five kinds
I: i encloses computing
Key: given key variable
Data: the clear data that encrypt
Step S11 by given key key, utilizes mould Q nonlinear feedback shift register 1 to feed back computing, obtains 18 groups of derivative key keyb;
[7] [6] [5] [4] [3] [2] [1] [0]
If given key key: 08 07 06 05 04 03 02 01
Derivative key keyb[0 then]: 4C A4 7F 5D 08 18 94 B7
[1]:92 5F 60D6DC 389562
[2]:6F E0 38 B7 89 52 F8 6F
[3]:F8 64 03 7C DC 6F C7 CF
[4]:1E 61 87 48 2F 69 42 85
[5]:09 E2 D3 0B CD B4 B4 A3
[6]:F7 2D 36 22 BC BB 49 AB
[7]:E8 6B 9E 81 BA 48 C2 DC
[8]:BF 02 74 36 94 B8 9C 57
[9]:BD C9 6D 4C 2A FF DB 99
[10]:EF 90 6F 5F 0E 48 94 1A
[11]:8F 23 FB 41 2E 97 9E 0C
[12]:F1 CD 13 08 1E AD 41 66
[13]:15 52 FF 92 67 D4 06 AA
[14]:BA 34 D3 80 DF 40 FD D7
[15]:3D BD 27 6E 54 00 12 D7
[16]:EA 6A 2E C3 34 30 A0 F1
[17]:27 7A AF 82 7E E6 A0 AC
Step S12 is with data data and corresponding derivative key keyb[i+1, j] addition, obtain new data data;
forj:=0to byte-1 do
ifbits=8then data[j]:=(data[j]+keyb[i+1,j)mod 256
The result of data of (i=0) variant field length and key variable addition is as follows during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+1,0])mod 256:(63)
byte=2:data[1]:=(data[1]+keyb[i+1,1])mod 256;(96)
data[0]:=(data[0]+keyb[i+1,0])mod 256;(64)
byte=3:data[2]:=(data[2]+keyb[i+1,2])mod 256;(39)
data[1]:=(data[1]+keyb[i+1,1])mod 256;(97)
data[0]:=(data[0]+keyb[i+1,0])mod 256;(65)
byte=4:data[3]:=(data[3]+keyb[i+1,3])mod 256;(DD)
data[2]:=(data[2]+keyb[i+1,2])mod 256;(3A)
data[1]:=(data[1]+keyb[i+1,1])mod 256;(98)
data[0]:=(data[0]+keyb[i+1,0])mod 256;(66)
byte=8:data[7]:=(data[7]+keyb[i+1,7])mod 256;(93)
data[6]:=(data[6]+keyb[i+1,6])mod 256;(61)
data[5]:=(data[5]+keyb[i+1,5])mod 256;(63)
data[4]:=(data[4]+keyb[i+1,4])mod 256;(DA)
data[3]:=(data[3]+keyb[i+1,3])mod 256;(E1)
data[2]:=(data[2]+keyb[i+1,2])mod 256;(3E)
data[1]:=(data[1]+keyb[i+1,1])mod 256;(9C)
data[0]:=(data[0]+keyb[i+1,0])mod 256;(6A)
Step S13 is with data encrypted storehouse data[i] in data press the byte number and launch, and put into new data cell dd[j]:
1byte:63 presses 1-bit and launches
| 0 | 1 | 1 | 0 | 0 | 0 | 1 | 1 |
2byte:96 64 presses 2-bit and launches
| 10 | 01 | 01 | 10 | 01 | 10 | 01 | 00 |
3byte:399765 presses 3-bit and launches
| 001 | 110 | 011 | 001 | 011 | 101 | 100 | 101 |
4byte:DD 3A 18 66 presses 4-bit and launches
| 1101 | 1101 | 0011 | 1010 | 0001 | 1000 | 0110 | 0110 |
8byte:93 61 63 DA E1 3E 9C 6A press 8-bit and launch
| 10010011 | 01100001 | 01100011 | 11011010 | 11100001 | 00111110 | 10011100 | 01101010 |
Expansion is centralized
If: dd:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 1 1 0 0 0 1 1 (63)
byte=2: 2 1 1 2 1 2 1 0 (96 64)
byte=3: 1 6 3 1 3 5 4 5 (39 97 65)
byte=4: D D 3 A 9 8 6 6 (DD 3A 98 66)
byte=8:93 61 63 DA E1 3E 9C 6A (93 61 63 DA E1 3E 9C 6A)
Step S14, the data left-hand of encrypting among the new data cell dd in back adds up, and is placed on after adding up among the data cell ee, that is:
ee[0]:=dd[0];
forj:=1 to bits-1 do ee[j]:=(ee[j-1]+dd[j])mod(2**byte);
Each EE[i after left-hand adds up] variable:
Expansion is centralized
Then: ee:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 1 0 0 0 0 1 (21)
byte=2: 2 0 3 2 0 3 1 0 (8E 34)
byte=3: 4 3 5 2 1 6 1 5 (8E A38D)
byte=4: 4 7 A 7 D 4 C 6 (47A7D4C6)
byte=8:56 C3 62 FF 25 44 06 6A (56C362FF 2544066A)
Step S15, the data among the database ee are carried out keyb[0, i by derivative key] control, utilize conversion table disk8e displacement transformation.
By keyb[0, i] the table number of the 7th, 6 fen position indication disk8e, 5,4,3 fens position indication hand wheels, 2,1,0 indication starting point, as:
C:=(keyb[0, i] and 192) div 64 is counted in the control of [i] circle;
b:=(keyb[0,i]and 56)div 8;
a:=(keyb[0,i]and 7;
Keyb[0 in embodiments of the present invention, 0]=b7, c=2, b=6, a=7 then, 2 tables, 6 opinions, 7 starting points:
ee:[7][6][5][4][3][2][1][0]
byte=1: 0 0 1 0 0 0 0 1 (21)
byte=2: 2 0 3 2 0 3 1 0 (8E 34)
byte=3: 4 3 5 2 1 6 1 5 (8E A3 8D)
byte=4: 4 7 A 7 D 4 C 6 (47 A7 D4 C6)
byte=8:56 C3 62 FF 25 44 06 6A (56 C3 62 FF 25 44 06 6A)
Displacement:
byte=8:06 FF 44 C3 62 25 56 6A (06 FF 44 C3 62 25 56 6A)
byte=4: C 7 4 7 A D 4 6 (C7 47 AD 46)
byte=3: 1 2 6 3 5 1 4 5 (2B 3A 65)
byte=2: 1 2 3 0 3 0 2 0 (6C C8)
byte=1: 0 0 0 0 1 0 0 1 (09)
[7][6][5][4][3][2][1][0]
Step S16 with data cell ee and become byte to constitute new data data, and carries out list for conversion by substitution list subst8e, and is specific as follows:
With first the row subst8e (09)=FF is an example, subst8e is a function name, with 09 instead of FF.
byte=1:subst8e(09)=FF
byte=2:subst8e(6C)=BC subst8e(C8)=4E
byte=3:subst8e(2B)=7C subst8e(3A)=6A subst8e(65)=E0
byte=4:subst8e(C7)=B8 subst8e(47)=92 subst8e(AD)=F9 subst8e(46)=41
byte=8:subst8e(06)=2A subst8e(FF)=86 subst8e(44)=D7 subst8e(C3)=68
subst8e(62)=1E subst8e(25)=C4 subst8e(56)=F5 subst8e(6A)=9D
Step S17, data cell ee also becomes byte to be placed among the data cell data, and and keyb[i+10, j] addition;
for j:=0to byte-1do
data[j]:=(data[j]+keyb[i+10,j])mod 256;
The result of data of (i=0) variant field length and key variable addition is as follows during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+10,0])mod 256: (19)
byte=2:data[1]:=(data[1]+keyb[i+10,1])mod 256; (50)
data[0]:=(data[0]+keyb[i+10,0])mod 256; (68)
byte=3 data[2]:=(data[2]+keyb[i+10,2])mod 256;(C4)
data[1]:=(data[1]+keyb[i+10,1])mod 256;(FE)
data[0]:=(data[0]+keyb[i+10,0])mod 256;(FA)
byte=4 data[3]:=(data[3]+keyb[i+10,3])mod 256;(C6)
data[2]:=(data[2]+keyb[i+10,2])mod 256;(DA)
data[1]:=(data[1]+keyb[i+10,1])mod 256;(8D)
data[0]:=(data[0]+keyb[i+10,0])mod 256;(5B)
byte=8:data[7]:=(data[7]+keyb[i+10,7])mod 256;(19)
data[6]:=(data[6]+keyb[i+10,6])mod 256;(16)
data[5]:=(data[5]+keyb[i+10,5])mod 256;(46)
data[4]:=(data[4]+keyb[i+10,4])mod 256;(C7)
data[3]:=(data[3]+keyb[i+10,3])mod 256;(2C)
data[2]:=(data[2]+keyb[i+10,2])mod 256;(0C)
data[1]:=(data[1]+keyb[i+10,1])mod 256;(89)
data[0]:=(data[0]+keyb[i+10,0])mod 256;(B7)
Step S18 launches data data, and leaves data cell dd[i in by given byte office] in, then:
ee[7]:=dd[7];
for j:=6downto 0do ee[j]:=(ee[j+1]+dd[j])mod 2**byte;
Expansion is centralized
If: dd:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 0 1 1 0 0 1 (19)
byte=2: 1 1 0 0 1 2 2 0 (50 68)
byte=3: 6 1 1 7 7 3 7 2 (C4 FE FA)
byte=4: C 6 D A 8 D 5 B (C6 DA 8D 5B)
byte=8:19 16 46 C7 2C 0C 89 B7 (19 16 46 C7 2C 0C 89 B7)
Each ee[i after left-hand adds up] variable:
Expansion is centralized
Then: ee:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 0 1 0 0 0 1 (11)
byte=2: 1 2 2 2 3 1 3 3 (6A DF)
byte=3: 6 7 0 7 6 1 0 2 (DC 7C 42)
byte=4: C 2 F 9 1 E 3 E (C2 F9 1E 3E)
byte=8:19 2F 75 3C 68 74 FD B4 (19 2F 75 3C 68 74 FD B4)
Step S19, by keyb[9, i] control, data data carries out the disk8e displacement transformation.
Keyb[9 in the present embodiment, 0]=99, c=2, b=3, a=1, i.e. 2 tables, 3 opinions, 1 starting point:
Expansion is centralized
ee:[7][6][5][4][3][2][1][0]
byte=1: 0 0 0 1 0 0 0 1 (11)
byte=2: 1 2 2 2 3 1 3 3 (6A DF)
byte=3: 6 7 0 7 6 1 0 2 (DC 7C 42)
byte=4: C 2 F 9 1 E 3 E (C2 F9 1E 3E)
byte=8:19 2F 75 3C 68 74 FD B4 (19 2F 75 3C 68 74 FD B4)
Displacement:
byte=8:74 B4 3C 2F FD 19 68 75 (74B43C 2F FD 196875)
byte=4: E E 9 2 3 C 1 F (EE 923C 1F)
byte=3: 1 2 7 7 0 6 6 0 (2B F1B0)
byte=2: 1 3 2 2 3 1 3 2 (7A DE)
byte=1: 0 1 1 0 0 0 0 0 (60)
[7][6][5][4][3][2][1][0]
Arrive this, the 0th circle computing finishes, and enters the 1st circle computing, makes 8 circles altogether, and its encrypted result is as follows:
byte=1 byte=2 byte=3 byte=4
[0] 60 7A DE 2B F1 B0 EE 92 3C 1F
[1] 09 4A AB 49 96 EC FE 5C 12 A4
[2] 82 CB EF BD 96 F2 E8 E5 EE 4B
[3] 4D F6 90 4C 43 10 A8 E0 B0 B0
[4] 98 10 72 45 B6 22 BA A0 10 DE
[5] 7A 90 01 20 3A C5 C0 71 DC C5
[6] 81 8E EE 3C 90 64 EC 23 0B 10
[7] 47 6E BA 81 C8 02 CB 6A D3 6A
byte=8
[0] 74 B4 3C 2F FD 19 68 75
[1] FE FE D5 E6 3D FE 95 DB
[2] A0 09 DB 68 EE A8 A5 FF
[3] E0 0C 66 E8 58 29 13 DB
[4] 7F 5D 59 F8 8D C4 E6 8E
[5] E9 55 F2 C8 3D 1E 96 2B
[6] 61 F6 54 E2 06 62 0D EA
[7] CF 3E B1 D8 C1 9B 32 20
Give given data 08 07 06 05 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: CF 3E B1 D8 C1 9B 32 20 through 8 circle conversion.
Give given data 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: CB 6A D3 6A through 8 circle conversion.
Give given data 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 81 C8 02 through 8 circle conversion.
Give given data 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 6E BA through 8 circle conversion.
Give given data 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 47 through 8 circle conversion.
The sign bit reservation earlier of each byte is got up in the operation of two: 7 unitary codes (7-bit) of embodiment, and the binary code of 7-bit still can get the binary code of 7-bit after encrypting, then the sign bit that keeps is reverted to each byte, makes it to become the ASK sign indicating number of 8-bit.
Given key and data are as follows:
[7][6][5][4][3][2][1][0]
Given key key: 08 07 06 05 04 03 02 01
Give given data data:
byte=1 01
byte=2 02 01
byte=3 03 02 01
byte=4 04 03 02 01
byte=8 08 07 06 05 04 03 02 01
Wherein
Byte: block length, byte=1,2,3,4,8 five kinds
I: i encloses computing
Key: given key
Step S21 by primary key key, utilizes mould Q nonlinear feedback shift register 1 to feed back computing, obtains 18 groups of derivative key keyb;
[7][6][5][4][3][2][1][0]
If given key key: 08 07 06 05 04 03 02 01
Derivative key keyb[0 then]: 4C A4 7F 5D 08 18 94 B7
[1]:92 5F 60 D6 DC 38 95 62
[2]:6F E0 38 B7 89 52 F8 6F
[3]:F8 64 03 7C DC 6F C7 CF
[4]:1E 61 87 48 2F 69 42 85
[5]:09 E2 D3 0B CD B4 B4 A3
[6]:F7 2D 36 22 BC BB 49 AB
[7]:E8 6B 9E 81 BA 48 C2 DC
[8]:BF 02 74 36 94 B8 9C 57
[9]:BD C9 6D 4C 2A FF DB 99
[10]:EF 90 6F 5F 0E 48 94 1A
[11]:8F 23 FB 41 2E 97 9E 0C
[12]:F1 CD 13 08 1E AD 41 66
[13]:15 52 FF 92 67 D4 06 AA
[14]:BA 34 D3 80 DF 40 FD D7
[15]:3D BD 27 6E 54 00 12 D7
[16]:EA 6A 2E C3 34 30 A0 F1
[17]:27 7A AF 82 7E E6 A0 AC
Step S22 is with data data and corresponding derivative key keyb[i+1, the j of relation data unit] addition, carry out encryption.
for j:=0to byte-1do
data[j]:=(data[j]+keyb[i+1,j)mod 128;
The result of data of (i=0) variant field length and key variable addition is as follows during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+1,0])mod 128:(63)
byte=2:data[1]:=(data[1]+keyb[i+1,1])mod 128;(16)
data[0]:=(data[0]+keyb[i+1,0])mod 128;(64)
byte=3:data[2]:=(data[2]+keyb[i+1,2])mod 128;(39)
data[1]:=(data[1]+keyb[i+1,1])mod 128;(17)
data[0]:=(data[0]+keyb[i+1,0])mod 128;(65)
byte=4:data[3]:=(data[3]+keyb[i+1,3])mod 128;(5D)
data[2]:=(data[2]+keyb[i+1,2])mod 128;(3A)
data[1]:=(data[1]+keyb[i+1,1])mod 128;(18)
data[0]:=(data[0]+keyb[i+1,0])mod 128;(66)
byte=8:data[7]:=(data[7]+keyb[i+1,7])mod 128;(13)
data[6]:=(data[6]+keyb[i+1,6])mod 128;(61)
data[5]:=(data[5]+keyb[i+1,5])mod 128;(63)
data[4]:=(data[4]+keyb[i+1,4])mod 128;(5A)
data[3]:=(data[3]+keyb[i+1,3])mod 128;(61)
data[2]:=(data[2]+keyb[i+1,2])mod 128;(3E)
data[1]:=(data[1]+keyb[i+1,1])mod 128;(1C)
data[0]:=(data[0]+keyb[i+1,0])mod 128;(6A)
Step S23 is with data encrypted unit data[i] in data press the byte number and launch, and put into new data cell dd[j].
1byte:7 unit 63 presses 1bit and launches
| 1 | 1 | 0 | 0 | 0 | 1 | 1 |
2byte:7 unit 1664 presses 2bit and launches
| 00 | 10 | 11 | 01 | 10 | 01 | 00 |
3byte:7 unit 391765 presses 3bit and launches
| 011 | 100 | 100 | 101 | 111 | 100 | 101 |
The 5D 3A of 4byte:7 unit 1866 presses 4bit and launches
| 1011 | 1010 | 1110 | 1000 | 1100 | 0110 | 0110 |
The 1361635A 613E 1C 6A of 8byte:7 unit still presses 7bit and launches
| 0010011 | 1100001 | 1100011 | 1011010 | 1100001 | 0111110 | 0011100 | 01101010 |
Expansion 7bit is centralized
If: dd:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 1 1 0 0 0 1 1 (63)
byte=2: 0 2 3 1 2 1 0 (16 64)
byte=3: 3 4 4 5 7 4 5 (39 17 65)
byte=4: B A E 8 C 6 6 (5D 3A 18 66)
byte=8:13 61 63 5A 61 3E 1C 6A (13 61 63 5A 61 3E 1C 6A)
Step S24, the data left-hand of encrypting among the new data cell dd in back adds up, and is placed on data cell ee[i after adding up] in, then:
ee[0]:=dd[0];
for j:=1to bits-1do ee[j]:=(ee[j-1]+dd[j])mod(2**byte);
When byte=8
for j:=1to bits-1do ee[j]:=(ee[j-1]+dd[j])mod(2**(byte-1));
Expansion 7-bit is centralized
Then: ee:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 1 0 0 0 0 1 (21)
byte=2: 1 1 3 0 3 1 0 (2E 34)
byte=3: 0 5 1 5 0 1 5 (0A 34 0D)
byte=4: 3 8 E 0 8 C 6 (1C 38 11 46)
byte=8:56 43 62 7F 25 44 06 6A (56 43 62 7F 25 44 06 6A)
Step S25, the data among the data cell ee are carried out keyb[0, i by derivative key] control, utilize conversion table disk7e displacement transformation.
But disk8e identical when then carrying out with bits=8 when byte=8 operates.When byte<8 the time, by keyb[0, i] the 6th, 5 indication di sk7e table number, 5,4,3 indication hand wheels, 2,1,0 indication starting point, as:
The control number of [i] circle: c:=(keyb[0, i] and 96) div 32;
b:=(keyb[0,i]and 56)div 8;
a:=(keyb[0,i]and 7;
Keyb[0 in embodiments of the present invention, 0]=and b7, c=1, b=8, a=7mod 7=0, i.e. 1 table, 6 opinions, 0 starting point:
Expansion 7-bit is centralized
Before: ee:[6] [5] [4] [3] [2] [1] [0]
byte=1: 0 1 0 0 0 0 1 (21)
byte=2: 1 1 3 0 3 1 0 (2E 34)
byte=3: 0 5 1 5 0 1 5 (0A 34 0D)
byte=4: 3 8 E 0 8 C 6 (1C 38 11 46)
Displacement:
byte=4:C 8 E 6 0 3 8 (64 39 40 38)
byte=3:1 5 1 5 5 0 0 (1A 36 40)
byte=2:1 1 3 0 0 1 3 (2E 07)
byte=1:0 1 0 1 0 0 0 (28)
dd:[6][5][4][3][2][1][0]
When bits=8, c=1, b=6, a=7, by di sk8e conversion, then:
[7][6][5][4][3][2][1][0]
56 43 62 7F 25 44 06 6A
Displacement:
6A 06 56 43 25 62 44 7F
Step S26 with data cell ee and become byte to constitute new data unit data data, and carries out list for conversion by substitution list subst7e.
With the first behavior example, sbust7e is 7 encrypted in units tables among the subst7e (28)=74, and 28 instead of 74.
byte=1:subst7e(28)=74
byte=2:subst7e(2E)=75 subst7e(07)=24
byte=3:subst7e(1A)=3F subst7e(36)=19 subst7e(40)=5B
byte=4:subst7e(64)=73 subst7e(39)=21 subst7e(40)=5B subst7e(38)=12
byte=8:subst7e(6A)=48 subst7e(06)=09 subst7e(56)=08 subst7e(43)=7A
subst7e(25)=7E subst7e(62)=6E subst7e(44)=2B subst7e(7F)=2D
Step S27, data cell ee also becomes byte to be placed among the data cell data, and and keyb[i+10, j] addition;
for j:=0to byte-1 do
data[j]:=(data[j]+keyb[i+10,j])mod 128;
The result of data of (i=0) variant field length and key variable addition is as follows during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+10,0])mod 128:(0E)
byte=2:data[1]:=(data[1]+keyb[i+10,1])mod 128;(09)
data[0]:=(data[0]+keyb[i+10,0])mod 128;(31)
byte=3 data[2]:=(data[2]+keyb[i+10,2])mod 128;(07)
data[1]:=(data[1]+keyb[i+10,1])mod 128;(2D)
data[0]:=(data[0]+keyb[i+10,0])mod 128;(75)
byte=4 data[3]:=(data[3]+keyb[i+10,3])mod 128;(01)
data[2]:=(data[2]+keyb[i+10,2])mod 128;(69)
data[1]:=(data[1]+keyb[i+10,1])mod 128;(6F)
data[0]:=(data[0]+keyb[i+10,0])mod 128;(2C)
byte=8:data[7]:=(data[7]+keyb[i+10,7])mod 128;(37)
data[6]:=(data[6]+keyb[i+10,6])mod 128;(19)
data[5]:=(data[5]+keyb[i+10,5])mod 128;(77)
data[4]:=(data[4]+keyb[i+10,4])mod 128;(59)
data[3]:=(data[4]+keyb[i+10,3])mod 128;(0C)
data[2]:=(data[5]+keyb[i+10,2])mod 128;(36)
data[1]:=(data[6]+keyb[i+10,1])mod 128;(3F)
data[0]:=(data[7]+keyb[i+10,0])mod 128;(47)
Step S28 presses byte office with data data and launches, and leaves data cell dd[i in] in, then:
Expansion is centralized
If: dd:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 0 1 1 1 0 (0E)
byte=2: 0 1 0 2 3 3 2 (09 3E)
byte=3: 0 3 5 3 3 6 5 (07 2D 75)
byte=4: 0 3 A 7 7 A C (01 69 6F 2C)
byte=8:37 19 77 59 0C 36 3F 47(37 19 77 59 0C 36 3F 47)
Each ee[i after dextrad adds up] variable:
ee[7]:=dd[7];
for j:=6downto 0do ee[j]:=(ee[j+1]+dd[j])mod 2**byte;
When byte=8
for j:=6downto 0do ee[j]:=(ee[j+1]+dd[j])mod 2**(byte-1);
Expansion 7-bit is centralized
Then: ee:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 0 1 0 1 1 (0B)
byte=2: 0 1 1 3 2 1 3 (0B 67)
byte=3: 0 3 0 3 6 4 1 (06 0F 21)
byte=4: 0 3 D 4 B 5 i (01 75 16 51)
byte=8:37 50 21 68 50 37 2C 62 (37 50 21 68 50 37 2C 62)
Step S29, by keyb[9, i] control, data data carries out disk7e and disk8e displacement transformation.Keyb[9 in the present embodiment, 0]=99, c=0, b=3, a=1, i.e. 0 table, 3 opinions, 1 starting point:
Expansion 7bit is centralized
[6][5][4][3][2][1][0]
byte=1: 0 0 0 1 0 1 1 (0B)
byte=2: 0 1 1 3 2 1 3 (0B 67)
byte=3: 0 3 0 3 6 4 1 (06 0F 21)
byte=4: 0 3 D 4 B 5 1 (01 75 16 51)
Displacement:
byte=4: 5 3 4 1 D B 0 (29 50 3B 30)
byte=3: 4 3 3 1 0 6 0 (46 64 30)
byte=2: 1 1 3 3 1 2 0 (2F 58)
byte=1: 1 0 1 1 0 0 0 (58)
[6][5][4][3][2][1][0]
When byte=8, replacement operator is as follows:
[7][6][5][4][3][2][1][0]
37 50 47 20 2C 62 21 68
Displacement
47 20 21 68 50 37 2C 62
[7][6][5][4][3][2][1][0]
Finish to this 0th circle computing, enter the 1st circle computing, when bits<8, do 7 circle computings, then do 8 circle computings during bits=8, its encrypted result is as follows:
byte=1 byte=2 byte=3 byte=4
[0] 58 2F 58 46 64 30 29 50 3B 30
[1] 16 27 79 1B 3E 7D 41 1B 3D 35
[2] 1E 3D 5E 4B 42 66 51 62 72 46
[3] 1E 52 45 17 47 5F 7C 0A 52 1A
[4] 20 25 59 37 75 31 36 30 15 6B
[5] 7B 07 3E 6E 60 07 0F 74 78 38
[6] 65 31 48 5B 1A 74 73 2B 38 7A
[7] 7E 13 2F 78 62 56 47 1E 07 11
byte=8
[0] 47 20 21 68 50 37 2C 62
[1] 18 31 30 52 14 77 34 44
[2] 42 0C 07 09 42 0E 00 02
[3] 16 63 68 03 69 25 7E 32
[4] 7B 60 2D 3C 6F 4F 77 12
[5] 66 04 42 37 7E 4F 2B 50
[6] 43 63 16 79 03 52 30 38
[7] 43 65 48 1C 4D 52 22 1E
Give given data 08 07 06 05 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 43 65 48 1C 4D, 52 22 1E through 8 circle conversion.
Give given data 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 47 1E 07 11 through 8 circle conversion.
Give given data 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 78 62 56 through 8 circle conversion.
Give given data 0201 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 13 2F through 8 circle conversion.
Give given data 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password: 7E at last through 8 circle conversion.
Database data encryption system of the present invention and method, the encryption that it is exclusively used in storage data such as database particularly concerns the encryption in storehouse.Generally all there are tight access control mechanisms, the safety in protected data storehouse in the storehouse system.
The safety that concerns storehouse encipherment protection data content of the present invention drops to minimum with the database influence, does not influence database retrieval efficient, does not also destroy database data structure.
7.1 key granularity
Database of the present invention is provided with the structure key.
The structure key is used for cutting apart of database, and a storehouse can be provided with a kind of structure key, or Database Systems are provided with a kind of structure key:
(1) mmm, subst8e, subst7e substitution list;
(2) disk8e, disk7e entanglement table;
And database has library key.
Catalogue has the catalogue key, and different directories has defined different keys.
File has the file key.Each part file (table) has a file key FS, and length is 64bit, produces automatically when creating file, deposits under the encipherment protection of catalogue key mum in the file key file.As:
E
mum(FS);
The access right of file key file is identical with the access right of file.The file key is used for the encryption and decryption of data.As:
E
Fs(data);
There has been the file key just to define record key and field key automatically.
Data base encryption system and method for the present invention can be controlled the confusion and the diffusivity of enciphered data well
In each circle conversion, data variable combines with key variable, changes with once single for changing by twice entanglement, reaches chaotic preferably effect.
In each circle conversion, the expansion by twice bit collection and concentrating, laterally adding up for twice changes and once single generation changes, and reaches diffusion effect preferably.
Level was provided with for 8 stacking generations, and the used key of each layer is all inequality.Key is derived from by non-linear mould q shifting memory, extracts with the interval of 16 circles and 24 circles, has destroyed the continuity of sequence.
Above analysator can find out that the present invention is under the prerequisite that guarantees density, and it is convenient better to have solved database retrieval, keeps the contradiction of data structure.
In conjunction with the drawings to the description of the specific embodiment of the invention, others of the present invention and feature are conspicuous to those skilled in the art.
More than specific embodiments of the invention are described and illustrate it is exemplary that these embodiment should be considered to it, and be not used in and limit the invention, the present invention should make an explanation according to appended claim.
Claims (13)
1, a kind of database data encryption system is characterized in that, comprises mould Q nonlinear feedback shift register, permutation table replacement module, and substitution list conversion module, and computing module, wherein:
Described mould Q nonlinear feedback shift register, being used for given key is initial value, carries out nonlinear feedback, its feedback numerical value generates the derivative key of 18 states continuously through the replacement conversion of default substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses;
Described permutation table replacement module, being used for the byte is unit transformation;
It is that unit replaces that described replacement conversion module is used for the byte;
Described computing module, be used for the data of database being expanded by byte or being concentrated, laterally add up, under the derivative key that described mould Q nonlinear feedback shift register replaces conversion to go out is indicated, replace and substitution operation, finish the database data encryption and decryption.
2, database data encryption system according to claim 1 is characterized in that, also comprises the library key administration module, is used for used library key, catalogue key, table key and record key, field key line pipe reason in the storehouse.
3, database data encryption system according to claim 1 and 2 is characterized in that, described computing module comprises the data expansion module, the data centralization module, and horizontal accumulator module, the in-place computation module, the substitution operation module, wherein:
Described data expansion module is used for when carrying out a byte manipulation, and a given byte data is expanded to 8 bytes by 1-bit; When carrying out two byte manipulations, given two byte datas are expanded to 8 bytes by 2-bit; When carrying out three byte manipulations, given 3 byte datas are expanded to 8 bytes by 3-bit; When carrying out the nybble operation, given 4 byte datas are expanded to 8 bytes by 4-bit;
Described data centralization module is used for when carrying out a byte manipulation, with the 1-bit data centralization in 8 bytes in a byte; When carrying out two byte manipulations, with the 2-bit data centralization in 8 bytes in two bytes; When carrying out three byte manipulations, with the 3-bit data centralization in 8 bytes in three bytes; When carrying out nybble when operation, with the 4-bit data centralization in 8 bytes in nybble;
Described horizontal accumulator module, 8 byte datas after being used to launch, each the circle computing in will through left-hand add up and dextrad add up;
Described in-place computation module, 8 byte datas after being used to launch, selected permutation table under the indication of the derivative key of mould Q nonlinear feedback shift register, the line replacement conversion of going forward side by side;
Described substitution operation module is used for n byte after concentrating replaced conversion with byte position unit, finishes the encryption and decryption of database data.
4, database data encryption system according to claim 3 is characterized in that, described n is 1 or 2 or 3 or 4.
5, database data encryption system according to claim 1 is characterized in that, in the described mould Q nonlinear feedback shift register, and block cipher 8 circles that turn round altogether, every circle is with two output states.
6, database data encryption system according to claim 1 is characterized in that, described permutation table replacement module comprises at least one group of permutation table disk, and permutation table is the table of indication evolution relation, and permutation table disk is divided into two classes:
The first kind is to encrypt with table, comprises permutation table disk8e, constitutes note disk8e[i by 4 pages] (i=0..3), be used for the encryption of 8 unitary codes; And permutation table disi7e, constitute note disk7e[i by 4 pages] (i=0..3), be used for the encryption of 7 unitary codes;
Second class is the deciphering table, and is corresponding with permutation table disk8e and permutation table disk7e, is used for the deciphering of 8 unitary codes and the deciphering of 7 unitary codes, and with disk8d and disk7d mark, decryption table is the anti-table of black list, derives from according to black list to obtain decryption table.
7, database data encryption system according to claim 1 is characterized in that, described substitution list conversion module comprises at least one group of substitution list subst, is used for replacing conversion with byte position unit with subst; The Subst substitution list is divided into two classes:
One class is to encrypt the substitution list of usefulness, comprises substitution list subst8e, is used for the replacement of 8 unitary codes, and size is 16x16; And subst7e, being used for the conversion of 7 unitary codes, size is 16x8;
Another kind of is the substitution list of deciphering usefulness, corresponding with substitution list subst8e and subst7e, be used for the substitution list of 8 unitary codes deciphering and the substitution list of 7 unitary codes deciphering, represent with subst8d and subst7d respectively, can derive from the substitution list that obtains deciphering according to the substitution list of encrypting.
8, database data encryption system according to claim 3 is characterized in that, described library key administration module comprises that key sets up submodule and key sub module stored, wherein:
Described key is set up submodule, is used to set up key file, and described key file comprises the catalogue key file, file key file, and library key file;
Described key sub module stored is used for the storage of key file.
9, a kind of database data encryption method is characterized in that, comprises the following steps:
Steps A, mould Q nonlinear feedback shift register is an initial value with given key, carries out nonlinear feedback, its feedback data generates 18 states continuously through the replacement conversion of default substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses;
Step B expands the data in the database or concentrates by byte, laterally add up, and under mould Q nonlinear feedback shift register replaces derivative key indication that conversion goes out, replaces and substitution operation, finishes the database data encryption and decryption.
10, database data encryption method according to claim 9 is characterized in that, described step B comprises the following steps:
Step B1 when carrying out a byte manipulation, expands to 8 bytes with a given byte data by 1-bit; When carrying out two byte manipulations, given two byte datas are expanded to 8 bytes by 2-bit; When carrying out three byte manipulations, given 3 byte datas are expanded to 8 bytes by 3-bit; When carrying out the nybble operation, given 4 byte datas are expanded to 8 bytes by 4-bit;
Step B2, when carrying out a byte manipulation, with the 1-bit data centralization in 8 bytes in a byte; When carrying out two byte manipulations, with the 2-bit data centralization in 8 bytes in two bytes; When carrying out three byte manipulations, with the 3-bit data centralization in 8 bytes in three bytes; When carrying out nybble when operation, with the 4-bit data centralization in 8 bytes in nybble;
Step B3,8 byte datas after the expansion, each the circle computing in will through left-hand add up and dextrad add up;
Step B4,8 byte datas after the expansion, selected permutation table under the indication of the derivative key of mould Q nonlinear feedback shift register, the line replacement conversion of going forward side by side;
Step B5 replaces conversion with n byte after concentrating with byte position unit, finishes the encryption and decryption of database data.
11, database data encryption method according to claim 10 is characterized in that, the n among the described step B5 is 1 or 2 or 3 or 4.
12, database data encryption method according to claim 9 is characterized in that, when operating with the 8-bit unitary code, described steps A and step B comprise the following steps:
Step S11 by given key key, utilizes mould Q nonlinear feedback shift register to feed back computing, obtains 18 groups of derivative key keyb;
Step S12 is with data data and corresponding derivative key keyb[i+1, j] addition, obtain new data data;
Step S13 is with data encrypted storehouse data[i] in data press the byte number and launch, and put into new data cell dd[j];
Step S14, the data left-hand of encrypting among the new data cell dd in back adds up, and is placed on after adding up among the data cell ee;
Step S15, the data among the database ee are carried out keyb[0, i by derivative key] control, utilize conversion table disk8e displacement transformation;
Step S16 with data cell ee and become byte to constitute new data data, and carries out list for conversion by substitution list subst8e;
Step S17, data cell ee also becomes byte to be placed among the data cell data, and and keyb[i+10, j] addition;
Step S18 launches data data, and leaves data cell dd[i in by given byte office] in;
Step S19, by keyb[9, i] control, data data carries out the disk8e displacement transformation.
13, database data encryption method according to claim 9 is characterized in that, when operating with the 7-bit unitary code, described steps A and step B comprise the following steps:
Step S21 by primary key key, utilizes mould Q nonlinear feedback shift register to feed back computing, obtains 18 groups of derivative key keyb;
Step S22 is with data data and corresponding derivative key keyb[i+1, the j of relation data unit] addition, carry out encryption;
Step S23 is with data encrypted unit data[i] in data press the byte number and launch, and put into new data cell dd[j];
Step S24, the data left-hand of encrypting among the new data cell dd in back adds up, and is placed on data cell ee[i after adding up] in;
Step S25, the data among the data cell ee are carried out keyb[0, i by derivative key] control, utilize conversion table disk7e displacement transformation;
Step S26 with data cell ee and become byte to constitute new data unit data data, and carries out list for conversion by substitution list subst7e;
Step S27, data cell ee also becomes byte to be placed among the data cell data, and and keyb[i+10, j] addition;
Step S28 presses byte office with data data and launches, and leaves data cell dd[i in] in;
Step S29, by keyb[9, i] control, data data carries out disk7e and disk8e displacement transformation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100868225A CN101571873B (en) | 2009-06-16 | 2009-06-16 | Database data encryption system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100868225A CN101571873B (en) | 2009-06-16 | 2009-06-16 | Database data encryption system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101571873A true CN101571873A (en) | 2009-11-04 |
| CN101571873B CN101571873B (en) | 2012-02-08 |
Family
ID=41231231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100868225A Expired - Fee Related CN101571873B (en) | 2009-06-16 | 2009-06-16 | Database data encryption system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101571873B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102891876A (en) * | 2011-07-22 | 2013-01-23 | 中兴通讯股份有限公司 | Method and system for distributed data encryption under cloud computing environment |
| CN104238995A (en) * | 2013-06-21 | 2014-12-24 | 中国人民解放军信息工程大学 | Non-linear feedback shift register |
| WO2019000652A1 (en) * | 2017-06-30 | 2019-01-03 | 上海众人网络安全技术有限公司 | Method and apparatus for encrypting and decrypting data |
| CN110365620A (en) * | 2018-03-26 | 2019-10-22 | 中移(苏州)软件技术有限公司 | A kind of stream data method for secret protection and device |
| CN111669269A (en) * | 2020-06-08 | 2020-09-15 | 晋商博创(北京)科技有限公司 | BLK data encryption method, device and storage medium |
| CN113595717A (en) * | 2020-04-30 | 2021-11-02 | 比亚迪股份有限公司 | ECB mode block encryption method, ECB mode block decryption method, ECB mode block encryption control device, ECB mode block decryption control device and vehicle |
-
2009
- 2009-06-16 CN CN2009100868225A patent/CN101571873B/en not_active Expired - Fee Related
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102891876A (en) * | 2011-07-22 | 2013-01-23 | 中兴通讯股份有限公司 | Method and system for distributed data encryption under cloud computing environment |
| CN102891876B (en) * | 2011-07-22 | 2017-06-13 | 中兴通讯股份有限公司 | Distributed data encryption method and system under cloud computing environment |
| CN104238995A (en) * | 2013-06-21 | 2014-12-24 | 中国人民解放军信息工程大学 | Non-linear feedback shift register |
| CN104238995B (en) * | 2013-06-21 | 2017-03-15 | 中国人民解放军信息工程大学 | A kind of nonlinear feedback shift register |
| WO2019000652A1 (en) * | 2017-06-30 | 2019-01-03 | 上海众人网络安全技术有限公司 | Method and apparatus for encrypting and decrypting data |
| CN110365620A (en) * | 2018-03-26 | 2019-10-22 | 中移(苏州)软件技术有限公司 | A kind of stream data method for secret protection and device |
| CN113595717A (en) * | 2020-04-30 | 2021-11-02 | 比亚迪股份有限公司 | ECB mode block encryption method, ECB mode block decryption method, ECB mode block encryption control device, ECB mode block decryption control device and vehicle |
| CN111669269A (en) * | 2020-06-08 | 2020-09-15 | 晋商博创(北京)科技有限公司 | BLK data encryption method, device and storage medium |
| CN111669269B (en) * | 2020-06-08 | 2023-08-15 | 晋商博创(北京)科技有限公司 | BLK data encryption method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101571873B (en) | 2012-02-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104363215B (en) | A kind of encryption method and system based on attribute | |
| CN109660555B (en) | Content secure sharing method and system based on proxy re-encryption | |
| Wang et al. | Secure and efficient access to outsourced data | |
| US8533489B2 (en) | Searchable symmetric encryption with dynamic updating | |
| CN101571873B (en) | Database data encryption system and method thereof | |
| Li et al. | Secure deduplication storage systems supporting keyword search | |
| CN101436208B (en) | Ciphertext database privacy protection enquiring method | |
| CN102356597B (en) | A method for secure communication in a network, a communication device, a network and a computer program therefor | |
| US7340054B2 (en) | Information processing method, decrypting method, information processing apparatus, and computer program | |
| US8000472B2 (en) | Information encryption apparatus and controlling method of the same, computer program and computer readable storage medium | |
| CN103329478A (en) | Encryption system, encryption processing method for encryption system, encryption device, encryption program, decryption device, decryption program, setup device, setup program, key generation device, key generation program, key assignment device and | |
| CN112989375B (en) | Hierarchical optimization encryption lossless privacy protection method | |
| CN101394268B (en) | Advanced ciphering system and method based on broad sense information field | |
| US10505715B2 (en) | Method and system of synchronous encryption to render computer files and messages impervious to pattern recognition and brute force attacks | |
| CN104794243B (en) | Third party's cipher text retrieval method based on filename | |
| CN116707804B (en) | Method and equipment for enhancing FF1 format reserved encryption security | |
| CN108270565A (en) | A kind of data mixing encryption method | |
| CN114938274A (en) | Hierarchical key management and data security distribution method and system | |
| CN113612805B (en) | Energy data access authority revocation method based on ciphertext policy attribute base | |
| CN107493164A (en) | A kind of des encryption method and system based on chaos system | |
| CN113132345B (en) | Agent privacy set intersection method with searchable function | |
| KR20180113323A (en) | Wildcard identity-based key derivation, encryption and decryption method | |
| CN111800424A (en) | Electronic document self-destruction system based on identity authentication | |
| CN116599768B (en) | Data encryption method for private data | |
| CN113271309B (en) | Hierarchical file encryption method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING LIANHE ZHIHUA MICROELECTRONICS TECHNOLOGY Free format text: FORMER OWNER: YIHENGXIN VERIFICATION SCIENCE AND TECHNOLOGY CO., LTD., BEIJING Effective date: 20110120 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100042 AREA E-G, 3/F, XIN'AN BUILDING, NO.40, SHIJINGSHAN ROAD, SHIJINGSHAN DISTRICT, BEIJING TO: 100042 9/F, XIN'AN BUILDING, NO.40, SHIJINGSHAN ROAD, BEIJING |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20110120 Address after: 100042 Beijing Shijingshan Road No. 40 Building 9 layer Xin'an Applicant after: Beijing Lianhe Zhihua Electronic Technology Co., Ltd. Address before: 100042 Beijing City, Shijingshan District Shijingshan Road No. 40 building three layer E-G Xin'an Applicant before: Yihengxin Verification Science and Technology Co., Ltd., Beijing |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120208 Termination date: 20180616 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |