CN101571873B - Database data encryption system and method thereof - Google Patents
Database data encryption system and method thereof Download PDFInfo
- Publication number
- CN101571873B CN101571873B CN2009100868225A CN200910086822A CN101571873B CN 101571873 B CN101571873 B CN 101571873B CN 2009100868225 A CN2009100868225 A CN 2009100868225A CN 200910086822 A CN200910086822 A CN 200910086822A CN 101571873 B CN101571873 B CN 101571873B
- Authority
- CN
- China
- Prior art keywords
- data
- byte
- key
- keyb
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a database data encryption system and a method thereof. The system comprises a model Q nonlinear feedback shift register, a permutation table replacement module, a substitutiontransforming module and an operation module; wherein, the model Q nonlinear feedback shift register is used for nonlinear feedback by taking the specified key as initial value, the feedback value is replaced and converted by the preset substitution list to continuously generate derived keys with 18 states, and the generated derived keys are applied in encryption and decryption operation of all block ciphers; the permutation table replacement module is used for transforming by taking byte as unit; the substitution transforming module is used for replacing by taking byte as unit; the operation module is used for expanding or centralizing the data in a database according to the byte for lateral accumulating; under the indication of the derived keys which are replaced and transformed by the model Q nonlinear feedback shift register, replacement and substitution operation can be carried out, so that encryption and decryption of the data in the database can be completed. The invention can effectively protect the safety of the data in the database.
Description
Technical field
The present invention relates to field of information security technology, particularly relate to a kind of database data encryption system and method.
Background technology
Normally, data encryption has two kinds of different situations, and a kind of is the encryption of communication data, and another kind is the encryption of storage data, and the storage data utilize database to encrypt usually.Stream cipher can only be used for the encryption of communication data, can not be used to store the encryption of data, because will use different secret key encryptions to the different files in the database; And key is secret variable; Therefore intractable, generally encrypts with block cipher the storage data in the database.
Block encryption also is " block encryption " (bloc cipher), and a grouping plain code is downconverted into the password of a grouping in the effect of a block cipher.He broken through stream cipher (be stream cipher: traditional operation mode stream cipher), no longer by bit (bit) or word for word carry out cryptographic operation, and with a grouping as basic encryption unit.
A grouping can be that 64 bits or 256 bits do not wait, and is called the grouping width.
Another characteristics of block cipher are can use identical secret key encryption to different clear packets, so its key management is very convenient.This does not accomplish in stream cipher, because stream cipher requires each encryption all can not reuse identical key, and this brings very big inconvenience to key management.
Because block cipher is a unit-distance code with " piece ", therefore the mistake of a bit possibly cause the error diffusion of a grouping.By contrast, stream cipher then is the mistake that the mistake of a bit can only cause a bit, and he does not cause error diffusion, but the step-out of one of which bit but causes the failure of whole communication.
The seventies in 20th century, block cipher occurs, and just causes widely to note, and has obtained using widely.So occurred various block encryption systems in succession, wherein the most famous have DES, AES AES etc., and become international standard.
According to the difference of storage data, database is divided into document databse and concerns that storehouse, document databse are data warehouses, concerns that the data of storing in the storehouse then are form class data.Form is walked crosswise with stringer and is constituted, and walks crosswise to be called record, and stringer is called field.Therefore a record is made up of a plurality of fields, and the length of each field is different, is called the segment length.If select for use the block encryption system to each field encryption, so when the segment length less than the grouping width, or the segment length is not when being the multiple of grouping width, the segment length after the encryption can change, a segment length is a grouping width or its multiple at least.
There is following defective in relational database encryption technology of the prior art:
1) data are after encrypting, and the segment length can not remain unchanged.Existing cipher system, like AES, DES system, its password width is fixed, thereby when length is encrypted less than the data of password width, produces the expansion of data, changes former data structure.Sex field for example, a byte just can be represented man or woman, and perhaps two bytes can be represented " man " or " woman " with Chinese character, and the segment length can not keep perhaps two bytes of a byte after encrypting.
2) the ASK sign indicating number can not accomplish it both can is the binary data that can not show after encrypting, and also can be the ASK sign indicating number that can show.
Summary of the invention
The object of the invention is to provide a kind of database data encryption system and method, and it is the safety of data in the protected data storehouse effectively.
A kind of database data encryption system for realizing that the object of the invention provides comprises:
Mould Q nonlinear feedback shift register, permutation table replacement module, substitution list conversion module, and computing module, wherein:
Said mould Q nonlinear feedback shift register, being used for given key is initial value, carries out nonlinear feedback, its feedback numerical value generates the derivative key of 18 states continuously through the replacement conversion of preset substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses;
Said permutation table replacement module, being used for the byte is unit transformation;
It is that unit replaces that said replacement conversion module is used for the byte;
Said computing module; Be used for the data of database are expanded by byte or concentrated, laterally add up, under said mould Q nonlinear feedback shift register replaces derivative key indication that conversion goes out; Replace and substitution operation, accomplish the database data encryption and decryption.
Described database data encryption system can also comprise the library key administration module, is used for used library key, catalogue key, table key and record key, field key in the storehouse are managed.
For realizing that the object of the invention also provides a kind of database data encryption method, comprise the following steps:
Steps A, mould Q nonlinear feedback shift register is an initial value with given key, carries out nonlinear feedback, its feedback data generates the derivative key of 18 states continuously through the replacement conversion of preset substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses;
Step B expands the data in the database or concentrates by byte, laterally add up, and replaces derivative key indication that conversion goes out down at mould Q nonlinear feedback shift register, replaces and substitution operation completion database data encryption and decryption.
The invention has the beneficial effects as follows: database data encryption system of the present invention and method; The present invention proposes the encryption method that under the constant situation of key length, realizes byte, double byte, three bytes, nybble, Eight characters joint number certificate, make the data that concerns storehouse after encryption, still keep former data structure; Except that the encryption of 8 unitary code data, the encryption method of 7 unitary code data has also been proposed, make the ASK sign indicating number after encrypting, still keep the attribute of ASK sign indicating number.In the present invention, key divides granularity level, directory level, file-level is applicable to the protection that concerns database data to record or field level from the storehouse.After encrypting, the segment length remains unchanged in data for it, and at the ASK sign indicating number after encrypting, can be the binary data that can not show, also can be still the ASK sign indicating number; It is the safety of protected data storehouse content effectively, under the situation that influences database function, does not influence the recall precision of database as far as possible littlely, does not destroy database data structure.
Description of drawings
Fig. 1 is an embodiment of the invention database data encryption system structural representation;
Fig. 2 is an embodiment of the invention mould Q nonlinear feedback shift register logical organization synoptic diagram;
Fig. 3 is an embodiment of the invention mould Q nonlinear feedback shift register iterative process process flow diagram;
Fig. 4 is an embodiment of the invention database data encryption method flow diagram.
Embodiment
In order to make the object of the invention, technical scheme and advantage clearer,, a kind of database data encryption system of the present invention and method are further elaborated below in conjunction with accompanying drawing and embodiment.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Database data encryption system of the present invention, as shown in Figure 1, comprise mould Q nonlinear feedback shift register 1, permutation table replacement module 2, substitution list conversion module 3, and computing module 4, library key administration module 5.Wherein:
1) mould Q nonlinear feedback shift register 1:
Mould Q nonlinear feedback shift register 1, being used for given key is initial value, carries out nonlinear feedback, its feedback numerical value generates the derivative key of 18 states continuously through the replacement conversion of preset mmm substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses.
Preferably, block cipher turn round altogether 8 the circle, every circle is with two output states.
2) permutation table replacement module 2:
The permutation table replacement module 2 of the embodiment of the invention comprises at least one group of permutation table disk, and permutation table is the table of indication evolution relation; Permutation table disk is divided into two types; The first kind is to encrypt with table, comprises permutation table disk8e, constitutes by 4 pages; Note disk8e [i] (i=0..3) is used for the encryption of 8 unitary codes; And permutation table disi7e, constituting by 4 pages, note disk7e [i] (i=0..3) is used for the encryption of 7 unitary codes.Second type is that table is used in deciphering, corresponding with permutation table disk8e and permutation table disk7e, is used for the deciphering of 8 unitary codes and the deciphering of 7 unitary codes, and with disk8d and disk7d mark, decryption table is the anti-table of black list, derives from according to black list to obtain decryption table.
Permutation table replacement module 2, being used for the byte is unit transformation, the row variable is claimed the displacement wheel, displacement wheel indication replacement series, the row variable claims to replace starting point, and the indication replacement series is launched starting point.
Like table 1,6 take turns, and the displacement that 7 starting points constitute concerns as follows:
Table 16 is taken turns, the displacement relation table that 7 starting points constitute
disk8e[2]
0?1?2?3?4?5?6?7
[0]?5?2?7?3?6?7?6?0
[1]?2?0?5?7?1?3?4?7
[2]?0?7?2?4?3?5?1?6
[3]?7?4?6?0?2?1?5?1
[4]?1?6?3?2?0?4?2?3
[5]?4?1?0?6?5?2?3?4
[6]?3?5?4?1?7?6?0?2
[7]?6?3?1?5?4?0?7?5
byte=8:56?C3?62?FF?25?44?06?6A
Displacement:
byte=8:06?FF?44?C3?62?25?56?6A
As shown in table 1, giving given data 56 C3 62 FF 25 44 06 6A, after displacement, be 06 FF, 44 C362,25 56 6A.
3) the substitution list conversion module 3:
Said substitution list conversion module 3 comprises at least one group of substitution list subst, is used for replacing conversion with byte position unit with subst.The Subst substitution list is divided into two types, and one type is the substitution list of encrypting usefulness, comprises substitution list subst8e, is used for the replacement of 8 unitary codes, and size is 16x16; And subst7e, being used for the conversion of 7 unitary codes, size is 16x8.Another kind of is the substitution list of deciphering usefulness; Corresponding with substitution list subst8e and subst7e; Be used for the substitution list of 8 unitary codes deciphering and the substitution list of 7 unitary codes deciphering, represent with subst8d and subst7d respectively, can derive from the substitution list that obtains deciphering according to the substitution list of encrypting.
Replacing conversion module 3 to be used for the byte is that unit replaces, and is illustrated in the 1-bit operation like byte=1:subst8e (09)=FF, and subst8e is the function name that replaces operation, and 09 replaces into FF.
4) computing module 4; Be used for the data of database are expanded by byte or concentrated, laterally add up, under mould Q nonlinear feedback shift register 1 replaces derivative key indication that conversion goes out; Replace and substitution operation, accomplish the database data encryption and decryption.It comprises:
41) the data expansion module 41, are used for when carrying out a byte manipulation, and a given byte data is expanded to 8 bytes by 1-bit; When carrying out two byte manipulations, given two byte datas are expanded to 8 bytes by 2-bit; When carrying out three byte manipulations, given 3 byte datas are expanded to 8 bytes by 3-bit; When carrying out the nybble operation, given 4 byte datas are expanded to 8 bytes by 4-bit;
42) the data centralization module 42, be used for when carrying out a byte manipulation, with the 1-bit data centralization in 8 bytes in a byte; When carrying out two byte manipulations, with the 2-bit data centralization in 8 bytes in two bytes; When carrying out three byte manipulations, with the 3-bit data centralization in 8 bytes in three bytes; When carrying out nybble when operation, with the 4-bit data centralization in 8 bytes in nybble.
43) horizontal accumulator module 43,8 byte datas after being used to launch will pass through in each circle computing that left-hand adds up and dextrad adds up.
44) the in-place computation module 44,8 byte datas after being used to launch, selected permutation table disk under the indication of the derivative key of mould Q nonlinear feedback shift register
i, the line replacement conversion of going forward side by side.In each circle computing, through twice displacement transformation.
45) substitution operation module 45 is used for that n the byte (n=1,2,3,4) after concentrating carried out subst with byte position unit and replaces conversion, accomplishes the encryption and decryption of database data.
5) the library key administration module 5:
One concerns the storehouse, is made up of a lot of tables, and table is made up of record, and record is made up of field.There is library key in the storehouse, and catalogue has the catalogue key, and sub-directory has the sub-directory key, and table has table key or the like, forms huge key management net.Library key administration module 5 is used to manage whole cipher key system and confirms a record key, a field key.
Specify mould Q nonlinear feedback shift register 1 of the present invention below:
The mould Q nonlinear feedback shift register 1 of the embodiment of the invention is made up of 8 bytes, is the critical piece of key derivation.The connection polynomial expression of feedback shift register is: f (x)=x
8+ x+1 is with (8,1,0) mark.
The 8th grade of output of said polynomial expression (8,1,0) replaces through preset substitution list mmm, carries out feeding back to the 1st grade after the mould q additive operation with the 1st grade of output again.In embodiments of the present invention, q=256 is expressed from the next:
Its logical relation is as shown in Figure 2.
Said substitution list mmm is the substitution list of 16x16, is used for the feedback logic of shifting memory, and it is non-linear, as shown in table 2 that feedback is become.
Table 2mmm substitution list
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 CC?87?F0?75?BC?1F?F8?52?00?3A?8E?57?AC?6E?F5?23
1 17?2B?89?D5?12?FC?A3?EF?67?94?5C?C7?9E?DF?56?DA
2 C2?FF?47?83?E6?2C?39?02?AD?1E?E4?07?51?1D?A6?0A
3 3B?A8?11?20?62?CB?B3?B5?22?D2?2A?EE?D8?F4?9F?86
4 FB?63?AE?58?FE?10?7E?35?E5?4F?7F?55?5B?8D?4B?7A
5 90?E1?53?E0?95?48?4E?66?31?F6?C8?6D?06?3E?C6?BF
6 46?04?F7?38?01?C0?0B?A1?8F?0F?43?85?AB?F9?68?93
7 A2?AF?73?DB?6F?16?9A?6C?72?A7?D1?1B?65?1C?79?3F
8 21?33?0C?45?B8?5D?76?29?BB?2E?61?DE?99?B6?5F?E3
9 9B?82?7B?E7?27?54?9D?DD?81?E9?E2?78?BD?37?ED?30
A 74?59?D4?32?8B?BA?0D?26?13?7D?05?C5?15?71?B2?CF
B 34?E8?18?C1?F1?40?92?AA?8A?C9?B1?44?A5?EC?24?69
C 88?28?CD?03?6A?64?D7?42?FA?5E?3D?F2?8C?08?D9?B7
D 6B?D6?3C?CA?DC?FD?2D?EA?19?96?CE?14?25?D0?80?4A
E B9?A9?C3?7C?A4?4C?B0?84?C4?77?EB?A0?D3?49?BE?98
In the embodiment of the invention; With the initial value of given key as mould Q nonlinear feedback shift register 1, be first group of derivative key keyb [0] with the state of feedback shift 16 times, feed back again 24 times; Obtain second group of derivative key keyb [1]; Analogize, feed back 16 times and 24 circulations in turn, derive keyb [0] ..keyb [17] totally 18 groups of derivative key successively.
Said derivative key accounts for a grouping, and block length is 8 bytes of 64 bits (bit).
Said derivative key, keyb [0] wherein, keyb [9] is used for indieating variable, keyb [1..8], keyb [10..17] is used for the constant variables of each layer computing.
The effect of indieating variable: keyb [0, i] and keyb [9, i] each byte of key low 4 indicated used permutation table; Each byte of key high 4, indication permutation table starting point;
The effect of constant variables: remove outside keyb [0, i] and the keyb [9, i], other 16 groups of keyb key variables are all done constant variables and packet addition, every when taking turns the iteration variation, and use successively.
Said iterative process is illustrated in fig. 3 shown below.
Iterations position 8 times (circle) in embodiments of the present invention, this iteration is the basic theories problem of password, is the notion of product ciphers, therefore specifies no longer one by one in embodiments of the present invention.
Specify the permutation table conversion module 2 of the embodiment of the invention below:
Permutation table conversion module 2 comprises at least one group of permutation table disk, and permutation table is the table of indication evolution relation; Permutation table disk is divided into two types, and one type is to encrypt with table, comprises permutation table disk8e; Constitute by 4 pages; Note disk8e [i] (i=0..3) is used for the encryption of 8 unitary codes, promptly is used for the encryption of 8 unit binary codes; And permutation table disi7e, constituting by 4 pages, note disk7e [i] (i=0..3) is used for the encryption of 7 unitary codes, is used for the encryption of 7 ask of unit sign indicating numbers.Two types is that table is used in deciphering, corresponding with permutation table disk8e and permutation table disk7e, is used for the deciphering of 8 unitary codes and the deciphering of 7 unitary codes, and with disk8d and disk7d mark, decryption table is the anti-table of black list, derives from according to black list to obtain decryption table.
Totally 4 pages of permutation table disk are with the 0..3 mark.With disk8e [0] is example, and 8 row constitute 8 displacement wheels, and each displacement wheel has 8 starting points, and different wheels constitute different displacement relations with different starting points, and are as shown in table 3.
Table 3, disk8e [0] and disk7e [0] displacement relation table
disk8e[0] disk7e[0]
0?1?2?3?4?5?6?7 0?1?2?3?4?5?6
[0]?7?4?2?3?5?1?6?7 [0]?2?4?8?1?5?5?0
[1]?4?6?4?5?0?7?2?3 [1]?5?2?0?4?3?1?6
[2]?6?0?7?6?4?3?7?5 [2]?1?6?4?0?6?3?2
[3]?1?2?6?1?7?0?5?6 [3]?3?0?6?2?1?4?5
[4]?2?7?0?2?3?5?1?0 [4]?0?3?1?5?4?6?1
[5]?0?1?3?7?6?2?4?4 [5]?6?1?5?3?0?2?4
[6]?5?3?1?0?2?4?3?2 [6]?4?5?2?6?2?0?3
[7]?3?5?5?4?1?6?0?1
disk8e[1] disk7e[1]
0?1?2?3?4?5?6?7 0?1?2?3?4?5?6
[0]?3?4?7?2?1?0?5?6 [0]?6?1?5?2?9?4?3
[1]?5?2?1?6?7?4?0?3 [1]?3?0?2?6?4?5?6
[2]?1?0?4?5?3?6?2?5 [2]?1?3?4?5?1?6?0
[3]?4?6?0?1?5?3?7?2 [3]?0?2?3?4?5?1?2
[4]?0?1?6?3?2?5?1?4 [4]?5?6?0?1?3?2?4
[5]?7?5?2?0?4?1?3?7 [5]?2?4?1?3?6?0?5
[6]?2?3?5?7?6?7?4?0 [6]?4?5?6?0?2?3?1
[7]?6?7?3?4?0?2?6?1
disk8e[2] disk7e[2]
0?1?2?3?4?5?6?7 0?1?2?3?4?5?6
[0]?5?2?7?3?6?7?6?0 [0]?2?5?4?5?1?0?2
[1]?2?0?5?7?1?3?4?7 [1]?0?2?5?1?3?4?6
[2]?0?7?2?4?3?5?1?6 [2]?5?6?1?2?0?3?4
[3]?7?4?6?0?2?1?5?1 [3]?1?3?6?4?6?5?0
[4]?1?6?3?2?0?4?2?3 [4]?3?1?2?0?4?6?3
[5]?4?1?0?6?5?2?3?4 [5]?6?4?0?3?2?1?5
[6]?3?5?4?1?7?6?0?2 [6]?4?0?3?6?5?2?1
[7]?6?3?1?5?4?0?7?5
disk8e[3] disk7e[3]
0?1?2?3?4?5?6?7 0?1?2?3?4?5?6
[0]?7?3?0?7?4?2?5?6 [0]?2?0?3?1?6?4?6
[1]?2?0?7?3?5?7?4?1 [1]?6?2?5?0?3?6?1
[2]?6?7?4?0?3?1?7?2 [2]?0?5?4?5?1?3?2
[3]?3?1?1?4?0?5?2?5 [3]?3?1?0?2?4?5?4
[4]?5?4?6?1?2?3?6?0 [4]?1?3?6?4?2?0?5
[5]?0?6?2?5?7?6?1?3 [5]?4?6?1?3?5?2?0
[6]?4?2?5?6?1?0?3?7 [6]?5?4?2?6?0?1?3
[7]?1?5?3?2?6?4?0?4
Specify the replacement conversion module 3 of the embodiment of the invention below, it comprises at least one group of substitution list subst, and the substitution list of the encryption usefulness in the Subst substitution list comprises substitution list subst8e, is used for the replacement of 8 unitary codes, and size is 16x16; And subst7e, being used for the conversion of 7 unitary codes, size is 16x8.。
Substitution list sub8e is the unit table of 16x16, is used for 8 unit operations, and is as shown in table 4.Substitution list sub7e is the Dan representative of 8x16, is used for 7 unit operations, and is as shown in table 5.
Table 4Subst8e
0 1 2 3 4 5?6 7 8 ?9 A B C D E F
0 0B?9A?43?CD?17?B4?2A?84?77?FF?52?8E?70?03?A7?34
1 D6?3C?93?1D?DD?4B?C6?A6?42?9F?C5?11?B3?83?5C?07
2 82?F4?0A?E3?64?C4?16?8D?D5?25?CC?7C?33?29?9E?4D
3 6D?DE?4A?BE?81?10?A5?6F?3D?B5?6A?1F?5B?BD?12?7B
4 9B?AB?24?2B?D7?B2?41?92?EF?51?00?89?D4?4C?99?38
5 18?FC?53?C3?3B?78?F5?06?5A?CB?44?E2?15?94?2F?6C
6 49?B1?1E?D3?01?E0?57?32?EE?63?9D?28?BC?66?AA?56
7 58?BA?80?9C?F3?37?E7?7D?1C?D2?02?A2?5D?E8?20?DC
8 C8?6E?FE?0F?AF?48?A1?88?50?76?F0?71?B7?0C?ED?62
9 05?2C?91?E6?69?FD?79?13?8F?A9?39?40?95?75?A8?3F
A 8C?F6?59?BB?CA?23?AD?65?D8?08?C7?AE?1B?F9?47?8B
B 36?14?D1?87?26?E1?72?BF?45?B6?6B?CE?7A?2D?DB?67
C DF?60?A0?68?E9?7E?0E?B8?4E?E4?5E?21?F2?54?8A?C1
D 4F?C9?AC?09?D9?5F?EC?97?F7?1A?A3?EA?55?FB?96?30
E 27?C2?73?B9?46?F8?31?E5?3A?CF?F1?2E?DA?85?0D?EB
F 74?B0?19?90?A4?04?D0?35?FA?22?C0?7F?3E?98?61?86
Table 5Subst7e
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 2A?61?10?5A?2F?4C?09?24?67?1B?04?37?33?0A?64?14
1 0F?55?44?18?78?01?29?76?03?6F?3F?13?59?22?49?5E
2 79?1E?6B?43?3C?7E?23?36?74?2E?68?0B?38?28?75?34
3 3D?7F?1F?54?00?45?19?62?12?21?4E?32?51?40?3B?71
4 5B?02?4A?7A?2B?4F?69?1A?42?6C?15?57?70?1D?5D?0C
5 17?72?30?16?60?39?08?66?2C?52?7D?27?35?50?65?58
6 4B?07?6E?26?73?11?53?20?7C?5C?48?05?6D?63?0D?46
7 31?6A?56?06?3A?25?7B?3E?4D?0E?5F?41?1C?47?77?2D
The embodiment of the invention has two kinds of implementations:
A kind of is 8 unitary codes (8-bit) operations, after encrypting, draws the binary data of 8-bit;
Another kind is 7 unitary codes (7-bit) operations, and the sign bit reservation earlier of each byte is got up, and the binary code of 7-bit still can get the binary code of 7-bit after encrypting, then the sign bit that keeps is reverted to each byte, makes it to become the ASK sign indicating number of 8-bit.
The block cipher that did not also occur 7 unit operations in the prior art.
The embodiment of the invention realizes 5 kinds of encryption methods such as 1 byte, 2 bytes, 3 bytes, 4 bytes, 8 bytes under the key length rigid condition, the segment length remains unchanged after encrypting.
Short word joint and odd disposal route:
1) 8 byte manipulations are basic arithmetic units, handle (data of 8 byte multiple length) by 8 byte manipulations earlier greater than the part of 8 bytes.
2) treatment principle of short length is below 8 bytes:
7 byte datas=4 byte manipulations+3 byte manipulations;
6 byte datas=4 byte manipulations+2 byte manipulations;
5 byte datas=4 byte manipulations+1 byte manipulation;
4 byte datas=4 byte manipulations;
3 byte datas=3 byte manipulations;
2 byte datas=2 byte manipulations;
1 byte data=1 byte manipulation;
Library key administration module 5 is used for used library key, catalogue key, table key and record key, field key administration-management reason in the storehouse.
Specify the key management procedures of the library key administration module in the data base encryption of the present invention system below.
Database divides two big types: the one, and document databse, the 2nd, concern the storehouse.Document databse encrypt to adopt user terminal to encrypt the mode of (belong to outside the storehouse and encrypt), handles and gets final product by the document form of depositing certainly of internal loopback.Therefore, its key need not to define again, shines with online communication key just.The file of document databse can use personal key (KMTi) or close decipher key (KQi) to encrypt.Can only understand by key definien (terminal or individual) from depositing file.Agreement key (KKRi) but also self-definition and do from the encryption key of depositing file.Depositing file certainly and can be stored in the storage mediums such as hard disk, floppy disk or database after the encryption.
Concern the key management in storehouse, adopt centralized management in the storehouse, key dynamically produces and dynamic assignment in the storehouse.Used key all is arranged in the storehouse, and its definition, life-span, effect etc. need definition again.
Said library key administration module comprises that key sets up submodule 51, is used to set up key file, and said key file comprises the catalogue key file, file key file, and library key file.
Catalogue key: define key MUM of each catalogue.The catalogue key is a secondary key, under the encryption of library key, deposits in automatically in the catalogue key file.The catalogue key has two kinds: produce the catalogue key file when catalogue that system sets up is both when building system, the self-built catalogue of user is set up corresponding catalogue key file simultaneously equally with the foundation of catalogue.The catalogue key produces with the random key production method automatically.The catalogue key calls with directory name.
File key: define key FS of each file.The file key also claims to show key, and the table key occurs with the form of record key by definition sometimes, then occurs with the form of field key sometimes.The table key is three grades of keys, is used for the encryption of data.The level of confidentiality file is set up by the user, when the user sets up file, sets up corresponding file key file simultaneously.The file key produces with the random key production method automatically.The file key calls with filename.
Library key: define a library key KUM.Library key is a catalogue cryptographic key protection key, is the one-level key.The library key file is write by the authorized person when building system, and revises at any time.The library key file calls with library name.
Said library key administration module also comprises key sub module stored 52, is used for the storage of key file.
Key under the password encryption: storehouse (or claiming root directory) key (KUM), authentication of message key (FMA), random key produce key (FMG), digital signature keys (SQM) etc. and all under the encryption of password (PWD), deposit.
Library key file=E
PWD(KUM);
Authentication of message key file=E
PWD(FMA);
Wherein, E is an encryption function, and PWD is a password, and password is encrypted to library key KUM or to authentication of message key FMA as key.
Key under library key is encrypted: the key under library key (KUM) is encrypted is sub-directory keys at different levels.Sub-directory can divide multilayer, claims the one-level sub-directory.The storage mode of sub-directory key is as shown in table 6:
Table 6, the storage mode of sub-directory key
| The one-level sub-directory | The secondary sub-directory | Three grades of sub-directories |
| E KUM(MUM 1) | ? | ? |
| ? | E KUM(MUM 11) | ? |
| ? | E KUM(MUM 12) | ? |
| ? | ? | E KUM(MUM 121) |
| ? | ? | E KUM(MUM 122) |
| ? | E KUM(MUM 13) | ? |
| E KUM(MUM 2) | ? | ? |
| E KUM(MUM 3) | ? | ? |
| E KUM(MUM 4) | E KUM(MUM 41) | ? |
| ? | ? | E KUM(MUM 411) |
| ? | E KUM(MUM 42) | ? |
| ? | ? | E KUM(MUM 421) |
Key under the catalogue secret key encryption: the file key is deposited under the sub-directory secret key encryption of file place.As; The MUM1 then location mode of file key FS does
E
MUM1(FS
1)
The MUM1 then location mode of file key FS does
E
MUM122(FS
2)
Being encrypted in the storehouse of relation data carried out, and therefore, concerns that storehouse table uses key, all is arranged in the storehouse.Encryption unit is field (minimum to a byte).Encryption method can be complete record or integer field.Because the system overhead of encrypting in the storehouse is very big, uses no or little whole table as far as possible and be encrypted as.
The key list definition: key list is the mapped file of a table (record or field), comprises prompt table, and is as shown in table 7, and argument table.
Table 7, table level prompt table
| Table name | ? |
| Confidential | The 1--256 level |
| Cipher mode | Record or field (10 is record, and 01 is field) |
| The table key | 8 bytes |
If field encryption is then looked into the field level prompt table, recording of encrypted is then looked into record level prompt table.The field level prompt table, as shown in table 8:
Cipher mode: 01, field encryption then
Table 8, the field level prompt table
| Field one | Field two | Field three | ? | |
| 0 | 1 | 0 | ? | 0 |
Record level prompt table, as shown in table 9:
Cipher mode: 10, then represent recording of encrypted
Table 9, record level prompt table
| Record one | Record two | Record three | ? | |
| 0 | 0 | 1 | ? | 0 |
Key variable: each table has the table key of one 8 byte, and the table key also is not practical key, and real practical key is a packet key, and the key variable of each packet key is by the table key, record name, and the field name be combined into:
Packet key=table key+field name+record name;
File encryption (option): operating unit: the unit of data encryption operation is a grouping, in the computing of each grouping, all will define key variable again.
Encryption method: selected recording of encrypted or field encryption.At first will show key FS obtains:
1)D
KUM(E
KUM(MUM))=MUM
2)D
MUM(E
MUM(FS))=FS
Wherein, D is a decryption function, and E is an encryption function, and KUM is a library key, and MUM is the catalogue key, and FS is file key (a table key).
There has been FS just can calculate the key of each grouping,
Packet key BLK=shows key+field name+record name;
And can carry out function ECPH:
ECPH[RN,data]→E
BLK(data)
Encryption function ECPH divided for three steps carried out:
1)D
MUM(RN)=FS
2) FS+ record name+field name=BLK
3)E
BLK(data)
Wherein, E, D be add, decryption function, RN is the encryption of file key FS under catalogue key MUM, FS is the deciphering of RN under MUM conversely.BLK is a packet key, i.e. the field key.
File decryption: squeeze into the filename that to decipher, if cryptograph files, then reexamine and encrypt in the storehouse or the outer encryption in storehouse etc.Before file is deciphered, at first file key FS is obtained:
1)D
KUM(E
KUM(MUM))=MUM
2)D
MUM(E
MUM(FS))=FS
Had FS just can calculate the key of each grouping, deciphered, decryption function is called DCPH.
DCPH〔RN,E
BLK(data)〕→data
This function is carried out in two steps:
1)E
MUM(RN)=FS
2) FS+ record name+field name=BLK;
3)D
BLK(E
BLK(data))=data
Wherein, E, D be add, decryption function, file key FS is the encryption of random number R N under catalogue key MUM.BLK is packet key (a field key).
Specify database data encryption procedure of the present invention below:
Step S100, mould Q nonlinear feedback shift register 1 is an initial value with given key, carries out nonlinear feedback, its feedback data generates 18 states continuously through the replacement conversion of preset mmm substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses;
Step S200 expands the data in the database or concentrates by byte, laterally add up, and in said mould Q nonlinear feedback shift register 1 derivative key indication down, replaces and substitution operation completion database data encryption and decryption.
Said step S200 comprises the following steps:
Step S210 when carrying out a byte manipulation, expands to 8 bytes with a given byte data by 1-bit; When carrying out two byte manipulations, given two byte datas are expanded to 8 bytes by 2-bit; When carrying out three byte manipulations, given 3 byte datas are expanded to 8 bytes by 3-bit; When carrying out the nybble operation, given 4 byte datas are expanded to 8 bytes by 4-bit;
Step S220, when carrying out a byte manipulation, with the 1-bit data centralization in 8 bytes in a byte; When carrying out two byte manipulations, with the 2-bit data centralization in 8 bytes in two bytes; When carrying out three byte manipulations, with the 3-bit data centralization in 8 bytes in three bytes; When carrying out nybble when operation, with the 4-bit data centralization in 8 bytes in nybble.
Step S230,8 byte datas after the expansion will pass through at each circle that left-hand adds up and dextrad adds up in computing.
Step S240,8 byte datas after the expansion, selected permutation table disk under the indication of the derivative key of mould Q nonlinear feedback shift register 1
i, the line replacement conversion of going forward side by side.In each circle computing, through twice displacement transformation.
Step S250 carries out subst with n the byte (n=1,2,3,4) after concentrating with byte position unit and replaces conversion, accomplishes the encryption and decryption of database data.
Be operating as example with 8-bit and 7-bit unitary code below, specify of the present invention
Embodiment one: the 8-bit unitary code is operated, and after encrypting, draws the binary data of 8-bit
Given key and data are following:
Byte order [7] [6] [5] [4] [3] [2] [1] [0]
Key variable key:08 07 06 05 04 03 02 01
Give given data:
Data length data variable data
byte=1 01
byte=2 02?01
byte=3 03?02?01
byte=4 04?03?02?01
byte=8 08?07?06?05?04?03?02?01
Wherein
Byte: field length, byte=1,2,3,4,8 five kinds
I: i encloses computing
Key: given key variable
Data: the clear data that encrypt
Step S11 by given key key, utilizes mould Q nonlinear feedback shift register 1 to feed back computing, obtains 18 groups of derivative key keyb;
[7][6][5][4][3][2][1][0]
If given key key:08 07 06 05 04 03 02 01
Derivative key keyb [0] then: 4C A4 7F 5D 08 18 94 B7
[1];?92?5F?60?D6?DC?38?95?62
[2]:?6F?E0?38?B7?89?52?F8?6F
[3]:?F8?64?03?7C?DC?6F?C7?CF
[4]:?1E?61?87?48?2F?69?42?85
[5]:?09?E2?D3?0B?CD?B4?B4?A3
[6]:?F7?2D?36?22?BC?BB?49?AB
[7]:?E8?6B?9E?81?BA?48?C2?DC
[8]:?BF?02?74?36?94?B8?9C?57
[9]:?BD?C9?6D?4C?2A?FF?DB?99
[10]:EF?90?6F?5F?0E?48?94?1A
[11]:8F?23?FB?41?2E?97?9E?0C
[12]:F1?CD?13?08?1E?AD?41?66
[13]:15?52?FF?92?67?D4?06?AA
[14];BA?34?D3?80?DF?40?FD?D7
[15]:3D?BD?27?6E?54?00?12?D7
[16]:EA?6A?2E?C3?34?30?A0?F1
[17]:27?7A?AF?82?7E?E6?A0?AC
Step S12 with data data and corresponding derivative key keyb [i+1, j] addition, obtains new data data;
forj:=0?to?byte-1?do
ifbits=8?then?data[j]:=(data[j]+keyb[i+1,j)mod?256
The result of data of (i=0) variant field length and key variable addition is following during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+1,0])mod?256:(63)
byte=2:data[1]:=(data[1]+keyb[i+1,1])mod?256;(96)
data[0]:=(data[0]+keyb[i+1,0])mod?256; (64)
byte=3:data[2]:=(data[2]+keyb[i+1,2])mod?256; (39)
data[1]:=(data[1]+keyb[i+1,1])mod?256; (97)
data[0]:=(data[0]+keyb[i+1,0])mod?256; (65)
byte=4:data[3]:=(data[3]+keyb[i+1,3])mod?256; (DD)
data[2]:=(data[2]+keyb[i+1,2])mod?256; (3A)
data[1]:=(data[1]+keyb[i+1,1])mod?256; (98)
data[0]:=(data[0]+keyb[i+1,0])mod?256; (66)
byte=8:data[7]:=(data[7]+keyb[i+1,7])mod?256; (93)
data[6]:=(data[6]+keyb[i+1,6])mod?256; (61)
data[5]:=(data[5]+keyb[i+1,5])mod?256; (63)
data[4]:=(data[4]+keyb[i+1,4])mod?256; (DA)
data[3]:=(data[3]+keyb[i+1,3])mod?256; (E1)
data[2]:=(data[2]+keyb[i+1,2])mod?256; (3E)
data[1]:=(data[1]+keyb[i+1,1])mod?256; (9C)
data[0]:=(data[0]+keyb[i+1,0])mod?256; (6A)
Step S13, press the byte number with the data among the data encrypted storehouse data [i] and launch, and put into new data cell dd [j]:
1byte:63 presses 1-bit and launches
| 0 | 1 | 1 | 0 | 0 | 0 | 1 | 1 |
2byte:96 64 presses 2-bit and launches
| 10 | 01 | 01 | 10 | 01 | 10 | 01 | 00 |
3byte:39 97 65 presses 3-bit and launches
| 001 | 110 | 011 | 001 | 011 | 101 | 100 | 101 |
4byte:DD 3A 18 66 presses 4-bit and launches
| 1101 | 1101 | 0011 | 1010 | 0001 | 1000 | 0110 | 0110 |
8byte:93 61 63 DA E1 3E 9C 6A press 8-bit and launch
| 10010011 | 01100001 | 01100011 | 11011010 | 11100001 | 00111110 | 10011100 | 01101010 |
[0321]Expansion is centralized
If: dd: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1:0 1 1 0 0 0 1 1 (63)
byte=2:2 1 1 2 1 2 1 0 (96?64)
byte=3:1 6 3 1 3 5 4 5 (39?97?65)
byte=4:D D 3 A 9 8 6 6 (DD?3A?98?66)
byte=8:93?61?63?DA?E1?3E?9C?6A (93?61?63?DA?E1?3E?9C?6A)
Step S14, the data left-hand of encrypting among the new data cell dd in back adds up, and after adding up, is placed among the data cell ee, that is:
ee[0]:=dd[0];
forj:=1to?bits-1do?ee[j]:=(ee[j-1]+dd[j])mod(2**byte);
The variable of each EE [i] after left-hand adds up:
Expansion is centralized
Then: ee: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1:0 0 1 0 0 0 0 1 ?(21)
byte=2:2 0 3 2 0 3 1 0 ?(8E?34)
byte=3:4 3 5 2 1 6 1 5 ?(8E?A3?8D)
byte=4:4 7 A 7 D 4 C ?6 (47?A7?D4?C6)
byte=8:56?C3?62?FF?25?44?06?6A (56?C3?62?FF?25?44?06?6A)
Step S15, the data among the database ee are carried out keyb [0, i] control by derivative key, utilize conversion table disk8e displacement transformation.
By the table number that disk8e is indicated in the 7th, the 6 fen position of keyb [0, i], 5,4,3 fens position indication hand wheels, 2,1,0 indication starting point, as:
C:=(keyb [0, i] and 192) div 64 is counted in the control of [i] circle;
b:=(keyb[0,i]and?56)div?8;
a:=(keyb[0,i]and?7;
Keyb [0,0]=b7 in embodiments of the present invention, c=2, b=6, a=7 then, 2 tables, 6 opinions, 7 starting points:
ee:[7][6][5][4][3][2][1][0]
byte=1:0 0 1 0 0 0 0 1 (21)
byte=2:2 0 3 2 0 3 1 0 (8E?34)
byte=3:4 3 5 2 1 6 1 5 (8E?A3?8D)
byte=4:4 7 A 7 D 4 C 6 (47?A7?D4?C6)
byte=8:56?C3?62?FF?25?44?06?6A (56?C3?62?FF?25?44?06?6A)
Displacement:
byte=8:06?FF?44?C3?62?25?56?6A (06?FF?44?C3?62?25?56?6A)
byte=4:C 7 4 7 A D 4 6 (C7?47?AD?46)
byte=3:1 2 6 3 5 1 4 5 (2B?3A?65)
byte=2:1 2 3 0 3 0 2 0 (6C?C8)
byte=1:0 0 0 0 1 0 0 1 (09)
[7][6][5][4][3][2][1][0]
Step S16 with data cell ee and become byte to constitute new data data, and carries out list for conversion through substitution list subst8e, and is specific as follows:
Subst8e (09)=FF is an example with first row, and subst8e is a function name, replaces being FF. with 09
byte=1:subst8e(09)=FF
byte=2:subst8e(6C)=BC?subst8e(C8)=4E
byte=3:subst8e(2B)=7C?subst8e(3A)=6A?subst8e(65)=E0
byte=4:subst8e(C7)=B8?subst8e(47)=92?subst8e(AD)=F9?subst8e(46)=41
byte=8:subst8e(06)=2A?subst8e(FF)=86?subst8e(44)=D7?subst8e(C3)=68
subst8e(62)=1E?subst8e(25)=C4?subst8e(56)=F5?subst8e(6A)=9D
Step S17, data cell ee also becomes byte to be placed among the data cell data, and with keyb [i+10, j] addition;
forj:=0to?byte-1?do
data[j]:=(data[j]+keyb[i+10,j)mod?256;
The result of data of (i=0) variant field length and key variable addition is following during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+10,0])mod?256:(19)
byte=2:data[1]:=(data[1]+keyb[i+10,1])mod?256;(50)
data[0]:=(data[0]+keyb[i+10,0])mod?256; (68)
byte=3 data[2]:=(data[2]+keyb[i+10,2])mod?256; ?(C4)
data[1]:=(data[1]+keyb[i+10,1])mod?256; (FE)
data[0]:=(data[0]+keyb[i+10,0])mod?256; (FA)
byte=4 data[3]:=(data[3]+keyb[i+10,3])mod?256; ?(C6)
data[2]:=(data[2]+keyb[i+10,2])mod?256; (DA)
data[1]:=(data[1]+keyb[i+10,1])mod?256; (8D)
data[0]:=(data[0]+keyb[i+10,0])mod?256; (5B)
byte=8:data[7]:=(data[7]+keyb[i+10,7])mod?256; (19)
data[6]:=(data[6]+keyb[i+10,6])mod?256; (16)
data[5]:=(data[5]+keyb[i+10,5])mod?256; (46)
data[4]:=(data[4]+keyb[i+10,4])mod?256; (C7)
data[3]:=(data[3]+keyb[i+10,3])mod?256; (2C)
data[2]:=(data[2]+keyb[i+10,2])mod?256; (0C)
data[1]:=(data[1]+keyb[i+10,1])mod?256; (89)
data[0]:=(data[0]+keyb[i+10,0])mod?256; (B7)
Step S18, launch data data, and leave among the data cell dd [i], then by given byte office:
ee[7]:=dd[7];
for?j:=6downto?0do?ee[j]:=(ee[j+1]+dd[j])mod?2**byte;
Expansion is centralized
If: dd: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1:0 0 0 1 1 0 0 1 ?(19)
byte=2:1 1 0 0 1 2 2 0 ?(5068)
byte=3:6 1 1 7 7 3 7 2 ?(C4FE?FA)
byte=4:C 6 D A 8 D 5 B ?(C6?DA?8D?5B)
byte=8:19?16?46?C7?2C?0C?89?B7 (19?16?46?C7?2C?0C?89?B7)
The variable of each ee [i] after left-hand adds up:
Expansion is centralized
Then: ee: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1:0 0 0 1 0 0 0 1 ?(11)
byte=2:1 2 2 2 3 1 3 3 (6A?DF)
byte=3:6 7 0 7 6 1 0 2 (DC?7C?42)
byte=4:C 2 F 9 1 E 3 E (C2?F9?1E?3E)
byte=8:19?2F?75?3C?68?74?FD?B4 (19?2F?75?3C?68?74?FD?B4)
Step S19, by keyb [9, i] control, data data carries out the disk8e displacement transformation.Keyb [9,0]=99 in the present embodiment, c=2, b=3, a=1, i.e. 2 tables, 3 opinions, 1 starting point:
Expansion is centralized
ee: [7][6][5][4][3][2][1][0]
byte=1:0 0 0 1 0 0 0 1 (11)
byte=2:1 2 2 2 3 1 3 3 (6A?DF)
byte=3:6 7 0 7 6 1 0 2 (DC?7C?42)
byte=4:C 2 F 9 1 E 3 E (C2F91E?3E)
byte=8:19?2F?75?3C?68?74?FD?B4 (19?2F?75?3C?68?74?FD?B4)
Displacement:
byte=8:74?B4?3C?2F?FD?19?68?75 (74?B4?3C?2F?FD?19?68?75)
byte=4:E E 9 2 3 C 1 F (EE?923C?1F)
byte=3:1 2 7 7 0 6 6 0 (2B?F1B0)
byte=2:1 3 2 2 3 1 3 2 (7A?DE)
byte=1:0 1 1 0 0 0 0 0 (60)
[7][6][5][4][3][2][1][0]
Arrive this, the 0th circle computing finishes, and gets into the 1st circle computing, makes 8 circles altogether, and its encrypted result is following:
byte=1 byte=2 byte=3 byte=4
[0]?60 7A?DE 2B?F1?B0 ?EE?92?3C?1F
[1]?09 4A?AB 49?96?EC ?FE?5C?12?A4
[2]?82 CB?EF BD?96?F2 ?E8?E5?EE?4B
[3]?4D F6?90 4C?43?10 ?A8?E0?B0?B0
[4]?98 10?72 45?B6?22 ?BA?A0?10?DE
[5]?7A 90?01 20?3A?C5 ?C0?71?DC?C5
[6]?81 8E?EE 3C?90?64 ?EC?23?0B?10
[7]?47 6E?BA 81?C8?02 ?CB?6A?D3?6A
byte=8
[0] 74?B4?3C?2F?FD?19?68?75
[1] FE?FE?D5?E6?3D?FE?95?DB
[2] A0?09?DB?68?EE?A8?A5?FF
[3] E0?0C?66?E8?58?29?13?DB
[4] 7F?5D?59?F8?8D?C4?E6?8E
[5] E9?55?F2?C8?3D?1E?96?2B
[6] 61?F6?54?E2?06?62?0D?EA
[7] CF?3E?B1?D8?C1?9B?32?20
Give given data 08 07 06 05 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: CF 3E B1 D8 C1 9B 32 20 through 8 circle conversion.
Give given data 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: CB 6A D3 6A through 8 circle conversion.
Give given data 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 81 C8 02 through 8 circle conversion.
Give given data 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 6E BA through 8 circle conversion.
Give given data 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 47 through 8 circle conversion.
The sign bit reservation earlier of each byte is got up in the operation of two: 7 unitary codes (7-bit) of embodiment, and the binary code of 7-bit still can get the binary code of 7-bit after encrypting, then the sign bit that keeps is reverted to each byte, makes it to become the ASK sign indicating number of 8-bit.
Given key and data are following:
[7][6][5][4][3][2][1][0]
Given key key:08 07 06 05 04 03 02 01
Give given data data:
byte=1 01
byte=2 02?01
byte=3 03?02?01
byte=4 04?03?02?01
byte=8 08?07?06?05?04?03?02?01
Wherein
Byte: block length, byte=1,2,3,4,8 five kinds
I: i encloses computing
Key: given key
Step S21 by primary key key, utilizes mould Q nonlinear feedback shift register 1 to feed back computing, obtains 18 groups of derivative key keyb;
[7][6][5][4][3][2][1][0]
If given key key:08 07 06 05 04 03 02 01
Derivative key keyb [0] then: 4C A4 7F 5D 08 18 94 B7
[1]:92?5F?60?D6?DC?38?95?62
[2]:6F?E0?38?B7?89?52?F8?6F
[3]:F8?64?03?7C?DC?6F?C7?CF
[4]:1E?61?87?48?2F?69?42?85
[5]:09?E2?D3?0B?CD?B4?B4?A3
[6]:F7?2D?36?22?BC?BB?49?AB
[7]:E8?6B?9E?81?BA?48?C2?DC
[8]:BF?02?74?36?94?B8?9C?57
[9]:BD?C9?6D?4C?2A?FF?DB?99
[10]:EF?90?6F?5F?0E?48?94?1A
[11]:8F?23?FB?41?2E?97?9E?0C
[12]:F1?CD?13?08?1E?AD?41?66
[13]:15?52?FF?92?67?D4?06?AA
[14]:BA?34?D3?80?DF?40?FD?D7
[15]:3D?BD?27?6E?54?00?12?D7
[16]:EA?6A?2E?C3?34?30?A0?F1
[17]:27?7A?AF?82?7E?E6?A0?AC
Step S22 with the data data and corresponding derivative key keyb [i+1, the j] addition of relation data unit, carries out encryption.
for?j:=0?to?byte-1?do
data[j]:=(data[j]+keyb[i+1,j)mod?128;
The result of data of (i=0) variant field length and key variable addition is following during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+1,0])mod?128:(63)
byte=2:data[1]:=(data[1]+keyb[i+1,1])mod?128;(16)
data[0]:=(data[0]+keyb[i+1,0])mod?128; (64)
byte=3:data[2]:=(data[2]+keyb[i+1,2])mod?128; (39)
data[1]:=(data[1]+keyb[i+1,1])mod?128; (17)
data[0]:=(data[0]+keyb[i+1,0])mod?128; (65)
byte=4:data[3]:=(data[3]+keyb[i+1,3])mod?128; (5D)
data[2]:=(data[2]+keyb[i+1,2])mod?128; (3A)
data[1]:=(data[1]+keyb[i+1,1])mod?128; (18)
data[0]:=(data[0]+keyb[i+1,0])mod?128; (66)
byte=8:data[7]:=(data[7]+keyb[i+1,7])mod?128; (13)
data[6]:=(data[6]+keyb[i+1,6])mod?128; (61)
data[5]:=(data[5]+keyb[i+1,5])mod?128; (63)
data[4]:=(data[4]+keyb[i+1,4])mod?128; (5A)
data[3]:=(data[3]+keyb[i+1,3])mod?128; (61)
data[2]:=(data[2]+keyb[i+1,2])mod?128; (3E)
data[1]:=(data[1]+keyb[i+1,1])mod?128; (1C)
data[0]:=(data[0]+keyb[i+1,0])mod?128; (6A)
Step S23 presses the byte number with the data among the data encrypted unit data [i] and launches, and puts into new data cell dd [j].
1byte:7 unit 63 presses 1bit and launches
| ? | 1 | 1 | 0 | 0 | 0 | 1 | 1 |
2byte:7 unit 16 64 presses 2bit and launches
| ? | 00 | 10 | 11 | 01 | 10 | 01 | 00 |
3byte:7 unit 39 17 65 presses 3bit and launches
| ? | 011 | 100 | 100 | 101 | 111 | 100 | 101 |
The 5D 3A of 4byte:7 unit 18 66 presses 4bit and launches
| ? | 1011 | 1010 | 1110 | 1000 | 1100 | 0110 | 0110 |
[0511]13 61 63 5A, the 61 3E 1C 6A of 8byte:7 unit still press 7bit and launch
| ?0010011 | 1100001 | 1100011 | 1011010 | 1100001 | 0111110 | 0011100 | 01101010 |
Expansion 7bit is centralized
If: dd: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 1 1 0 0 0 1 1 ?(63)
byte=2: 0 2 3 1 2 1 0 ?(16?64)
byte=3: 3 4 4 5 7 4 5 ?(39?17?65)
byte=4: B A E 8 C 6 6 ?(5D?3A?18?66)
byte=8:13?61?63?5A?61?3E?1C?6A (13?61?63?5A?61?3E?1C?6A)
Step S24, the data left-hand of encrypting among the new data cell dd in back adds up, and after adding up, is placed among the data cell ee [i], then:
ee[0]:=dd[0];
for?j:=1to?bits-1?do?ee[j]:=(ee[j-1]+dd[j])mod(2**byte);
When byte=8
for?j:=1to?bits-1?do?ee[j]:=(ee[j-1]+dd[j])mod(2**(byte-1));
Expansion 7-bit is centralized
Then: ee: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 1 0 0 0 0 1 (21)
byte=2: 1 1 3 0 3 1 0 (2E?34)
byte=3: 0 5 1 5 0 1 5 (0A?34?0D)
byte=4: 3 8 E 0 8 C 6 (1C?38?11?46)
byte=8:56?43?62?7F?25?44?06?6A (56?43?62?7F?25?44?06?6A)
Step S25, the data among the data cell ee are carried out keyb [0, i] control by derivative key, utilize conversion table disk7e displacement transformation.
But disk8e identical when when byte=8, then carrying out with bits=8 operates.When byte <>8, by the 6th, 5 the indication di sk7e table number of keyb [0, i], 5,4,3 indication hand wheels, 2,1,0 indication starting point, as:
The control number of [i] circle: c:=(keyb [0, i] and 96) div 32;
b:=(keyb[0,i]and?56)div?8;
a:=(keyb[0,i]and?7;
Keyb [0,0]=b7 in embodiments of the present invention, c=1, b=8, a=7mod 7=0, i.e. 1 table, 6 opinions, 0 starting point:
Expansion 7-bit is centralized
Before: ee: [6] [5] [4] [3] [2] [1] [0]
byte=1:0 1 0 0 0 0 1 (21)
byte=2:1 1 3 ?0 3 1?0 (2E?34)
byte=3:0 5 1 5 0 1 5 (0A?34?0D)
byte=4:3 8 E 0 8 C 6 (1C?38?11?46)
Displacement:
byte=4:C 8 E 6 0 3 8 (64?39?40?38)
byte=3:1 5 1 5 5 0 0 (1A?36?40)
byte=2:1 1 3 0 0 1 3 (2F?07)
byte=1:0 1 0 1 0 0 0 (28)
dd: [6][5][4][3][2][1][0]
When bits=8, c=1, b=6, a=7, through di sk8e conversion, then:
[7][6][5][4][3][2][1][0]
56?43?62?7F?25?44?06?6A
Displacement:
6A?06?56?43?25?62?44?7F
Step S26 with data cell ee and become byte to constitute new data unit data data, and carries out list for conversion through substitution list subst7e.
With first behavior example, sbust7e is 7 encrypted in units tables among the subst7e (28)=74, and 28 replacements are 74.
byte=1:subst7e(28)=74
byte=2:subst7e(2E)=75?subst7e(07)=24
byte=3:subst7e(1A)=3F?subst7e(36)=19?subst7e(40)=5B
byte=4:subst7e(64)=73?subst7e(39)=21?subst7e(40)=5B subst7e(38)=12
byte=8:subst7e(6A)=48?subst7e(06)=09?subst7e(56)=08?subst7e(43)=7A
subst7e(25)=7E?subst7e(62)=6E?subst7e(44)=2B?subst7e(7F)=2D
Step S27, data cell ee also becomes byte to be placed among the data cell data, and with keyb [i+10, j] addition;
for?j:=0to?byte-1do
data[j]:=(data[j]+keyb[i+10,j])mod?128;
The result of data of (i=0) variant field length and key variable addition is following during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+10,0])mod?128:(0E)
byte=2:data[1]:=(data[1]+keyb[i+10,1])mod?128;(09)
data[0]:=(data[0]+keyb[i+10,0])mod?128;(31)
byte=3 data[2]:=(data[2]+keyb[i+10,2])mod?128;(07)
data[1]:=(data[1]+keyb[i+10,1])mod?128;(2D)
data[0]:=(data[0]+keyb[i+10,0])mod?128;(75)
byte=4 data[3]:=(data[3]+keyb[i+10,3])mod?128;(01)
data[2]:=(data[2]+keyb[i+10,2])mod?128;(69)
data[1]:=(data[1]+keyb[i+10,1])mod?128;(6F)
data[0]:=(data[0]+keyb[i+10,0])mod?128;(2C)
byte=8:data[7]:=(data[7]+keyb[i+10,7])mod?128;(37)
data[6]:=(data[6]+keyb[i+10,6])mod?128;(19)
data[5]:=(data[5]+keyb[i+10,5])mod?128;(77)
data[4]:=(data[4]+keyb[i+10,4])mod?128;(59)
data[3]:=(data[4]+keyb[i+10,3])mod?128;(0C)
data[2]:=(data[5]+keyb[i+10,2])mod?128;(36)
data[1]:=(data[6]+keyb[i+10,1])mod?128;(3F)
data[0]:=(data[7]+keyb[i+10,0])mod?128;(47)
Step S28, press byte office with data data and launch, and leave among the data cell dd [i], then:
Expansion is centralized
If: dd: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 0 1 1 1 0 (0E)
byte=2: 0 1 0 2 3 3 2 (09?3E)
byte=3: 0 3 5 3 3 6 5 (07?2D?75)
byte=4: 0 3 A 7 7 A C (01?69?6F?2C)
byte=8:37?19?77?59?0C?36?3F?47 (37?19?77?59?0C?36?3F?47)
The variable of each ee [i] after dextrad adds up:
ee[7]:=dd[7];
for?j:=6downto?0?do?ee[j]:=(ee[j+1]+dd[j])mod?2**byte;
When byte=8
for?j:=6?downto?0?do?ee[j]:=(ee[j+1]+dd[j])mod?2**(byte-1);
Expansion 7-bit is centralized
Then: ee: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 0 1 0 1 1 ?(0B)
byte=2: 0 1 1 3 2 1 3 ?(0B?67)
byte=3: 0 3 0 3 6 4 1 ?(06?0F?21)
byte=4: 0 3 D 4 B 5 1 ?(01?75?16?51)
byte=8: 37?50?21?68?50?37?2C?62 ?(37?50?21?68?50?37?2C?62)
Step S29, by keyb [9, i] control, data data carries out disk7e and disk8e displacement transformation.Keyb [9,0]=99 in the present embodiment, c=0, b=3, a=1, i.e. 0 table, 3 opinions, 1 starting point:
Expansion 7bit is centralized
[6][5][4][3][2][1][0]
byte=1:0 0 0 1 0 1 1 ?(0B)
byte=2:0 1 1 3 2 1 3 ?(0B?67)
byte=3:0 3 0 3 6 4 1 ?(06?0F?21)
byte=4:0 3 D 4 B 5 1 ?(01?75?16?51)
Displacement:
byte=4:5 3 4 1 D B 0 ?(29?50?3B?30)
byte=3:4 3 3 1 0 6 0 ?(46?64?30)
byte=2:1 1 3 3 1 2 0 (2F?58)
byte=1:1 0 1 1 0 0 0 (58)
[6][5][4][3][2][1][0]
When byte=8, replacement operator is following:
[7][6][5][4][3][2][1][0]
37?50?47?20?2C?62?21?68
Displacement
47?20?21?68?50?37?2C?62
[7][6][5][4][3][2][1][0]
Finish to this 0th circle computing, get into the 1st circle computing, when bits<8, do 7 circle computings, then do 8 circle computings during bits=8, its encrypted result is following:
byte=1 byte=2 byte=3 byte=4
[0]?58 2F?58 46?64?30 29?50?3B?30
[1]?16 27?79 1B?3E?7D 41?1B?3D?35
[2]?1E 3D?5E 4B?42?66 51?62?72?46
[3]?1E 52?45 17?47?5F 7C?0A?52?1A
[4]?20 25?59 37?75?31 36?30?15?6B
[5]?7B 07?3E 6E?60?07 0F?74?78?38
[6]?65 31?48 5B?1A?74 73?2B?38?7A
[7]?7E 13?2F 78?62?56 47?1E?07?11
byte=8
[0]?47?20?21?68?50?37?2C?62
[1]?18?31?30?52?14?77?34?44
[2]?42?0C?07?09?42?0E?00?02
[3]?16?63?68?03?69?25?7E?32
[4]?7B?60?2D?3C?6F?4F?77?12
[5]?66?04?42?37?7E?4F?2B?50
[6]?43?63?16?79?03?52?30?38
[7]?43?65?48?1C?4D?52?22?1E
Give given data 08 07 06 05 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 43 65 48 1C 4D, 52 22 1E through 8 circle conversion.
Give given data 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 47 1E 07 11 through 8 circle conversion.
Give given data 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 78 62 56 through 8 circle conversion.
Give given data 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 13 2F through 8 circle conversion.
Give given data 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password: 7E at last through 8 circle conversion.
Database data encryption system of the present invention and method, the encryption that it is exclusively used in storage data such as database particularly concerns the encryption in storehouse.Generally all there are tight access control mechanisms, the safety in protected data storehouse in the storehouse system.
The safety that concerns storehouse encipherment protection data content of the present invention drops to minimum with the database influence, does not influence database retrieval efficient, does not also destroy database data structure.
7.1 key granularity
Database of the present invention is provided with the structure key.
The structure key is used for cutting apart of database, and a storehouse can be provided with a kind of structure key, or Database Systems are provided with a kind of structure key:
(1) mmm, subst8e, subst7e substitution list;
(2) disk8e, disk7e entanglement table;
And database has library key.
Catalogue has the catalogue key, and different directories has defined different keys.
File has the file key.Each part file (table) has a file key FS, and length is 64bit, when creating file, produces automatically, under the encipherment protection of catalogue key mum, deposits in the file key file.As:
E
mum(FS);
The access right of file key file is identical with the access right of file.The file key is used for the encryption and decryption of data.As:
E
Fs(data);
There has been the file key just to define record key and field key automatically.
Data base encryption system and method for the present invention can be controlled the confusion and the diffusivity of enciphered data well
In each circle conversion, data variable combines with key variable, and is single for changing with once through twice entanglement variation, reaches chaotic preferably effect.
In each circle conversion, the expansion through twice bit collection and concentrating, laterally adding up for twice to change with single generation once changes, and reaches diffusion effect preferably.
Level was provided with for 8 generations one on top of another, and the used key of each layer is all inequality.Key is derived from by non-linear mould q shifting memory, extracts with the interval of 16 circles and 24 circles, has destroyed the continuity of sequence.
Above analysator can find out that the present invention is under the prerequisite that guarantees density, and it is convenient better to have solved database retrieval, keeps the contradiction of data structure.
In conjunction with the drawings to the description of the specific embodiment of the invention, others of the present invention and characteristic are conspicuous to those skilled in the art.
More than specific embodiment of the present invention is described and explains it is exemplary that these embodiment should be considered to it, and be not used in and limit the invention, the present invention should make an explanation according to appended claim.
Claims (11)
1. a database data encryption system is characterized in that, comprises mould Q nonlinear feedback shift register, permutation table replacement module, and substitution list conversion module, and computing module, wherein:
Said mould Q nonlinear feedback shift register, being used for given key is initial value, carries out nonlinear feedback, its feedback numerical value generates the derivative key of 18 states continuously through the replacement conversion of preset substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses;
Said permutation table replacement module, being used for the byte is unit transformation;
It is that unit replaces that said substitution list conversion module is used for the byte;
Said computing module; Be used for the data of database are expanded by byte or concentrated, laterally add up, under said mould Q nonlinear feedback shift register replaces derivative key indication that conversion goes out; Replace and substitution operation, accomplish the database data encryption and decryption; Said computing module comprises the data expansion module, the data centralization module, and horizontal accumulator module, the in-place computation module, the substitution operation module, wherein:
Said data expansion module is used for when carrying out a byte manipulation, and a given byte data is expanded to 8 bytes by 1-bit; When carrying out two byte manipulations, given two byte datas are expanded to 8 bytes by 2-bit; When carrying out three byte manipulations, given 3 byte datas are expanded to 8 bytes by 3-bit; When carrying out the nybble operation, given 4 byte datas are expanded to 8 bytes by 4-bit;
Said data centralization module is used for when carrying out a byte manipulation, with the 1-bit data centralization in 8 bytes in a byte; When carrying out two byte manipulations, with the 2-bit data centralization in 8 bytes in two bytes; When carrying out three byte manipulations, with the 3-bit data centralization in 8 bytes in three bytes; When carrying out nybble when operation, with the 4-bit data centralization in 8 bytes in nybble;
Said horizontal accumulator module is used for 8 byte datas after launching, and carries out in each circle computing that left-hand adds up and dextrad adds up;
Said in-place computation module is used for 8 byte datas after launching, selected permutation table under the indication of the derivative key of mould Q nonlinear feedback shift register, the line replacement conversion of going forward side by side;
Said substitution operation module, being used for n byte after concentrating is that unit replaces conversion with the byte, accomplishes the encryption and decryption of database data.
2. database data encryption system according to claim 1 is characterized in that, also comprises the library key administration module, is used for used library key, catalogue key, table key and record key, field key in the storehouse are managed.
3. database data encryption system according to claim 1 is characterized in that, said n is 1 or 2 or 3 or 4.
4. database data encryption system according to claim 1 is characterized in that, in the said mould Q nonlinear feedback shift register, block cipher turn round altogether 8 the circle, every circle has two output states.
5. database data encryption system according to claim 1 is characterized in that, said permutation table replacement module comprises at least one group of permutation table disk, and permutation table is the table of indication evolution relation, and permutation table disk is divided into two types:
The first kind is to encrypt with table, comprises permutation table disk8e, constitutes by 4 pages, and note disk8e [i] (i=0..3) is used for the encryption of 8 unitary codes; And permutation table disk7e, constituting by 4 pages, note disk7e [i] (i=0..3) is used for the encryption of 7 unitary codes;
Second type is that table is used in deciphering, corresponding with permutation table disk8e and permutation table disk7e, is used for the deciphering of 8 unitary codes and the deciphering of 7 unitary codes, and with disk8d and disk7d mark, decryption table is the anti-table of black list, derives from according to black list to obtain decryption table.
6. database data encryption system according to claim 1 is characterized in that, said substitution list conversion module comprises at least one group of substitution list subst, and being used for the byte is that unit replaces conversion with subst; The subst substitution list is divided into two types:
One type is the substitution list of encrypting usefulness, comprises substitution list subst8e, is used for the replacement of 8 unitary codes, and size is 16x16; And subst7e, being used for the conversion of 7 unitary codes, size is 16x8;
Another kind of is the substitution list of deciphering usefulness; Corresponding with substitution list subst8e and subst7e; Be used for the substitution list of 8 unitary codes deciphering and the substitution list of 7 unitary codes deciphering, represent with subst8d and subst7d respectively, can derive from the substitution list that obtains deciphering according to the substitution list of encrypting.
7. database data encryption system according to claim 2 is characterized in that, said library key administration module comprises that key sets up submodule and key sub module stored, wherein:
Said key is set up submodule, is used to set up key file, and said key file comprises the catalogue key file, file key file, and library key file;
Said key sub module stored is used for the storage of key file.
8. a database data encryption method is characterized in that, comprises the following steps:
Steps A, mould Q nonlinear feedback shift register is an initial value with given key, carries out nonlinear feedback, its feedback data generates the close spoon of derivation of 18 states continuously through the replacement conversion of preset substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses;
Step B expands the data in the database or concentrates by byte, laterally add up, and replaces derivative key indication that conversion goes out down at mould Q nonlinear feedback shift register, replaces and substitution operation completion database data encryption and decryption;
Said step B comprises the following steps:
Step B1 when carrying out a byte manipulation, expands to 8 bytes with a given byte data by 1-bit; When carrying out two byte manipulations, given two byte datas are expanded to 8 bytes by 2-bit; When carrying out three byte manipulations, given 3 byte datas are expanded to 8 bytes by 3-bit; When carrying out the nybble operation, given 4 byte datas are expanded to 8 bytes by 4-bit;
Step B2, when carrying out a byte manipulation, with the 1-bit data centralization in 8 bytes in a byte; When carrying out two byte manipulations, with the 2-bit data centralization in 8 bytes in two bytes; When carrying out three byte manipulations, with the 3-bit data centralization in 8 bytes in three bytes; When carrying out nybble when operation, with the 4-bit data centralization in 8 bytes in nybble;
Step B3 to 8 byte datas after launching, carries out in each circle computing that left-hand adds up and dextrad adds up;
Step B4, to 8 byte datas after launching, selected permutation table under the indication of the derivative key of mould Q nonlinear feedback shift register, the line replacement conversion of going forward side by side;
Step B5 replaces conversion with n byte after concentrating with byte position unit, accomplishes the encryption and decryption of database data.
9. database data encryption method according to claim 8 is characterized in that, the n among the said step B5 is 1 or 2 or 3 or 4.
10. database data encryption method according to claim 8 is characterized in that, when operating with the 8-bit unitary code, said steps A and step B comprise the following steps:
Step S11 by given key key, utilizes mould Q nonlinear feedback shift register to feed back computing, obtains 18 groups of derivative key keyb;
Step S12 with data data [j] and corresponding derivative key keyb [i+1, j] addition, obtains new data data [j];
Step S13 presses the byte number with the data among the data encrypted data [j] and launches, and puts into new data cell dd [j];
Step S 14, and the data left-hand of encrypting among the new data cell dd [j] in back adds up, and after adding up, is placed among the data cell ee [j];
Step S15, the data among the data cell ee [j] are carried out keyb [0, i] control by derivative key, utilize conversion table disk8e displacement transformation;
Step S16 with data cell ee [j] and become byte to constitute new data data [j], and carries out list for conversion through substitution list subst8e;
Step S17, data cell ee [j] also becomes byte to be placed among the data cell dd [j], and with keyb [i+10, j] addition;
Step S18, the data data [j] after will passing through step S17 and handling launches by given byte office, and leaves among the data cell dd [j];
Step S19, by keyb [9, i] control, the data data [j] that will pass through after step S18 handles carries out the disk8e displacement transformation; In the above-mentioned steps, 0≤i≤7,0≤j≤byte-1, wherein byte is the data word joint number.
11. database data encryption method according to claim 8 is characterized in that, when operating with the 7-bit unitary code, said steps A and step B comprise the following steps:
Step S21 by primary key key, utilizes mould Q nonlinear feedback shift register to feed back computing, obtains 18 groups of derivative key keyb;
Step S22 with the data data [j] and corresponding derivative key keyb [i+1, the j] addition of relation data unit, carries out encryption;
Step S23 presses the byte number with the data among the data encrypted data [j] and launches, and puts into new data cell dd [j];
Step S24, the data left-hand of encrypting among the new data cell dd [j] in back adds up, and after adding up, is placed among the data cell ee [j];
Step S25, the data among the data cell ee [j] are carried out keyb [0, i] control by derivative key, utilize conversion table disk7e displacement transformation;
Step S26 with data cell ee [j] and become byte to constitute new data data [j], and carries out list for conversion through substitution list subst7e;
Step S27, data cell ee [j] also becomes byte to be placed among the data data [j], and with keyb [i+10, j] addition;
Step S28, the data data [j] that will pass through step S27 processing presses byte office and launches, and leaves among the data cell dd [j];
Step S29, by keyb [9, i] control, data data [j] carries out disk7e and disk8e displacement transformation;
In the above-mentioned steps, 0≤i≤7,0≤j≤byte-1, wherein byte is the data word joint number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100868225A CN101571873B (en) | 2009-06-16 | 2009-06-16 | Database data encryption system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100868225A CN101571873B (en) | 2009-06-16 | 2009-06-16 | Database data encryption system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101571873A CN101571873A (en) | 2009-11-04 |
| CN101571873B true CN101571873B (en) | 2012-02-08 |
Family
ID=41231231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100868225A Expired - Fee Related CN101571873B (en) | 2009-06-16 | 2009-06-16 | Database data encryption system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101571873B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107154851A (en) * | 2017-06-30 | 2017-09-12 | 上海众人网络安全技术有限公司 | A kind of method and device of data encryption and decryption |
| CN113595717B (en) * | 2020-04-30 | 2023-10-17 | 比亚迪股份有限公司 | ECB mode packet encryption method and decryption method, control device and vehicle |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102891876B (en) * | 2011-07-22 | 2017-06-13 | 中兴通讯股份有限公司 | Distributed data encryption method and system under cloud computing environment |
| CN104238995B (en) * | 2013-06-21 | 2017-03-15 | 中国人民解放军信息工程大学 | A kind of nonlinear feedback shift register |
| CN110365620B (en) * | 2018-03-26 | 2021-08-13 | 中移(苏州)软件技术有限公司 | Stream data privacy protection method and device |
| CN111669269B (en) * | 2020-06-08 | 2023-08-15 | 晋商博创(北京)科技有限公司 | BLK data encryption method, device and storage medium |
-
2009
- 2009-06-16 CN CN2009100868225A patent/CN101571873B/en not_active Expired - Fee Related
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107154851A (en) * | 2017-06-30 | 2017-09-12 | 上海众人网络安全技术有限公司 | A kind of method and device of data encryption and decryption |
| CN107154851B (en) * | 2017-06-30 | 2020-09-08 | 上海众人网络安全技术有限公司 | Data encryption and decryption method and device |
| CN113595717B (en) * | 2020-04-30 | 2023-10-17 | 比亚迪股份有限公司 | ECB mode packet encryption method and decryption method, control device and vehicle |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101571873A (en) | 2009-11-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104363215B (en) | A kind of encryption method and system based on attribute | |
| US8533489B2 (en) | Searchable symmetric encryption with dynamic updating | |
| CN101571873B (en) | Database data encryption system and method thereof | |
| US8284933B2 (en) | Encrypting variable-length passwords to yield fixed-length encrypted passwords | |
| Wang et al. | Secure and efficient access to outsourced data | |
| Li et al. | Secure deduplication storage systems supporting keyword search | |
| Kamara et al. | Cs2: A searchable cryptographic cloud storage system | |
| US8000472B2 (en) | Information encryption apparatus and controlling method of the same, computer program and computer readable storage medium | |
| CN102356597B (en) | A method for secure communication in a network, a communication device, a network and a computer program therefor | |
| CN101206815A (en) | Encryption process, encryption device, and computer-readable medium storing encryption program | |
| CN113221155B (en) | Multi-level and multi-level encrypted cloud storage system | |
| CN101335616B (en) | Symmetric ciphering method having infinite cipher key space | |
| CN108777619B (en) | CPK system and key management method, device, server and terminal based on identification | |
| CN112989375A (en) | Hierarchical optimization encryption lossless privacy protection method | |
| US10505715B2 (en) | Method and system of synchronous encryption to render computer files and messages impervious to pattern recognition and brute force attacks | |
| Kim et al. | Survey on Data Deduplication in Cloud Storage Environments. | |
| CN104794243B (en) | Third party's cipher text retrieval method based on filename | |
| CN116707804B (en) | Method and equipment for enhancing FF1 format reserved encryption security | |
| CN108270565A (en) | A kind of data mixing encryption method | |
| EP1180277B1 (en) | Private key recovery | |
| CN114938274A (en) | Hierarchical key management and data security distribution method and system | |
| KR101951545B1 (en) | Wildcard identity-based key derivation, encryption and decryption method | |
| CN107493164A (en) | A kind of des encryption method and system based on chaos system | |
| CN114579997A (en) | Encrypted social network graph node intimacy calculation method | |
| CN113132345A (en) | Agent privacy set intersection method with searchable function |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING LIANHE ZHIHUA MICROELECTRONICS TECHNOLOGY Free format text: FORMER OWNER: YIHENGXIN VERIFICATION SCIENCE AND TECHNOLOGY CO., LTD., BEIJING Effective date: 20110120 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100042 AREA E-G, 3/F, XIN'AN BUILDING, NO.40, SHIJINGSHAN ROAD, SHIJINGSHAN DISTRICT, BEIJING TO: 100042 9/F, XIN'AN BUILDING, NO.40, SHIJINGSHAN ROAD, BEIJING |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20110120 Address after: 100042 Beijing Shijingshan Road No. 40 Building 9 layer Xin'an Applicant after: Beijing Lianhe Zhihua Electronic Technology Co., Ltd. Address before: 100042 Beijing City, Shijingshan District Shijingshan Road No. 40 building three layer E-G Xin'an Applicant before: Yihengxin Verification Science and Technology Co., Ltd., Beijing |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120208 Termination date: 20180616 |