CN105302822B - Method for reading and writing data of database and application response device - Google Patents
Method for reading and writing data of database and application response device Download PDFInfo
- Publication number
- CN105302822B CN105302822B CN201410301136.6A CN201410301136A CN105302822B CN 105302822 B CN105302822 B CN 105302822B CN 201410301136 A CN201410301136 A CN 201410301136A CN 105302822 B CN105302822 B CN 105302822B
- Authority
- CN
- China
- Prior art keywords
- data
- database
- read
- key
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a method for reading and writing data of a database, which is applied to an application response device of a distributed storage system and comprises the following steps of intercepting and capturing an SQ L read-write request which is sent by an application device used by the database and requires to read and write the data in the database, acquiring a key which is stored in a distributed key information storage device and corresponds to the data, transmitting an SQ L read-write request to the database after encrypting or decrypting the data by applying the key and returning a read-write result to the application device used by the database.
Description
Technical Field
The present invention relates to the field of databases, and in particular, to a method for reading and writing data in a database and an application response device.
Background
In the prior art, a database encryption system is disclosed, which includes: a database device including a database and a database control means that controls execution of database operations; and a user equipment connected to the database control apparatus via a network, wherein the user equipment further includes: a key using device that manages key information for encryption and decryption; security configuration means to configure information relating to configuration of security of data and/or metadata stored in the database; a first storage unit that stores information related to configuration of the security; and an application response means for receiving the database operation command issued by the database device, and determining whether encryption is required for data and/or metadata processed by a database operation command by referring to the information of the first storage unit, wherein if encryption is required, the application response means transmits encrypted data and/or encrypted metadata, which has been encrypted according to key information of the key usage means by using an encryption algorithm corresponding to the security of the data and/or metadata, as data and/or metadata of the database operation command to the database control means to cause the database control means to perform the database operation, if encryption is not required, the application response means transmits the database operation command to the database control means as it is.
Compared with the prior art, the transparent database encryption method for the application layer encrypts and decrypts sensitive field data in the accessed table of the application layer, and can ensure the safe storage of the data without influencing the reading of developers and users.
In the above two schemes, the read-write efficiency of the key storage module is not fully considered and described, and the database node is often the performance bottleneck of the application system, so how to improve the read-write efficiency of the key is a problem worth solving.
Disclosure of Invention
The invention mainly aims to solve the problem of low key reading and writing efficiency when the upper layer application reads and writes encrypted data in the bottom layer relational database.
In order to achieve the above object, the present invention provides a method for reading and writing data of a database, which is applied in an application response device of a distributed storage system, and the method for reading and writing data of the database comprises the following steps:
intercepting SQ L read-write request sent by the database use application device for requesting to read and write the data in the database;
acquiring a key corresponding to the data and stored in a distributed key information storage device;
and according to the SQ L read-write request, the data is encrypted or decrypted by applying the key and returned to the database application device.
Preferably, the data includes a table name or a field name, and the step of acquiring the key corresponding to the data stored in the distributed key information storage apparatus specifically includes:
and acquiring a corresponding key according to the table name or the field name of the data.
Preferably, the data is encrypted data, the SQ L read-write request includes SQ L read request, and the step of applying the key to encrypt or decrypt the data according to the SQ L read-write request and returning the data to the database application apparatus specifically includes:
transmitting SQ L read request to the database, acquiring the encrypted data, and decrypting the encrypted data by using the key;
and returning the decrypted data to the database use application device.
Preferably, the SQ L read-write request includes an SQ L write request, and the step of applying the key to encrypt or decrypt the data and returning the data to the database application apparatus according to the SQ L read-write request specifically includes:
after the data is encrypted by the key, transmitting SQ L write request to the database;
and returning the successful information of the data writing sent by the database to the database using application device.
In order to solve the above technical problem, the present invention further provides an application response device, including:
the intercepting module is used for intercepting SQ L read-write requests which are sent by the database use application device and require to read and write data in the database;
the acquisition module is used for acquiring a key corresponding to the data and stored in the distributed key information storage device;
and the read-write module is used for encrypting or decrypting the data by applying the key according to the SQ L read-write request and returning the data to the database application device.
Preferably, the obtaining module is specifically configured to obtain the corresponding key according to the table name or the field name of the data.
Preferably, the read-write module includes:
the decryption unit is used for transmitting an SQ L read request to the database, then acquiring the encrypted data, and decrypting the encrypted data by using the key;
and the decryption returning unit is used for returning the decrypted data to the database use application device.
Preferably, the read-write module further includes:
the encryption unit is used for transmitting SQ L write requests to the database after the data are encrypted by the key;
and the encryption returning unit is used for returning the writing data success information sent by the database to the database application device.
In order to solve the above-mentioned technical problem, the present invention further provides a distributed key information storage apparatus, comprising,
the receiving module is used for receiving a request for acquiring a key sent by an application response device, wherein the key corresponds to the data of the database in an SQ L read-write request sent by an application device;
and the sending module is used for sending the secret key to the application response device.
Preferably, the data includes a table name or a field name, and the distributed key information storage device stores the key corresponding to the table name or the field name of the data.
The invention provides a method for reading and writing data of a database, which is applied to an application response device of a distributed storage system and comprises the following steps of intercepting and capturing an SQ L read-write request which is sent by an application device used by the database and requires to read and write the data in the database, acquiring a key which is stored in a distributed key information storage device and corresponds to the data, encrypting or decrypting the data by applying the key, transmitting an SQ L read-write request to the database and returning a read-write result to the application device used by the database.
Drawings
FIG. 1 is a schematic flow chart illustrating an embodiment of a method for reading and writing data in a database according to the present invention;
FIG. 2 is a detailed flowchart of step S300 in FIG. 1;
FIG. 3 is a block flow diagram of one embodiment of reading data in a method of reading data from a database according to the present invention;
FIG. 4 is a schematic view of another detailed process of step S300 in FIG. 1;
FIG. 5 is a block diagram illustrating a flow of one embodiment of writing data in a method of reading and writing data in a database according to the present invention;
FIG. 6 is a block diagram of an embodiment of an application response device;
a functional module schematic diagram;
FIG. 7 is a diagram of an embodiment of functional modules of the read/write module of FIG. 6;
FIG. 8 is a diagram of another embodiment of functional modules of the read/write module of FIG. 6;
FIG. 9 is a block diagram of an embodiment of a distributed key information storage apparatus according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a method for writing data of a database, which is applied to an application response device of a distributed storage system, and referring to fig. 1, in an embodiment, the method for reading and writing the data of the database comprises the following steps:
step S100, intercepting SQ L read-write request sent by the database use application device for requesting to read-write the data in the database.
The database uses the Application device to initiate SQ L read-write request, the Application response device of the distributed storage system intercepts the SQ L read-write request of the database use Application device, the Interface of the database use Application device and the Application response device can be an API (Application Programming Interface) Interface or an SQ L Interface, and the API is C language or JAVA language.
And step S200, acquiring a key corresponding to the data and stored in the distributed key information storage device.
And if the application response device analyzes that the data of the database to be read and written is encrypted data, acquiring a related key from the distributed key information storage device according to the read table name and the read field name.
And step S300, encrypting or decrypting the data by applying the key according to the SQ L read-write request and returning the data to the database application device.
The application response device transmits the SQ L read-write request to the database, the application key encrypts or decrypts the read-write data, the database returns relevant information, and the application response device receives the return information and transmits the return information back to the database application device.
The method for reading and writing the data of the database is applied to an application response device of a distributed storage system and comprises the following steps of S100 intercepting an SQ L read-write request which is sent by an application device used by the database and requires to read and write the data in the database, S200 obtaining a secret key which is stored in a distributed secret key information storage device and corresponds to the data, and S300 transmitting an SQ L read-write request to the database after the data is encrypted or decrypted by applying the secret key and returning a read-write result to the application device used by the database.
Referring to fig. 2, in the method for reading and writing data in a database according to this embodiment, the step S300 includes:
and step S310, transmitting a SQ L read request to the database, acquiring the encrypted data, and decrypting the encrypted data by using the key.
And the application response device transmits the SQ L read request to the database, the database returns relevant data, the returned data are encrypted data, and the application response device decrypts the encrypted data by using the obtained key according to a relevant algorithm.
And step S320, returning the decrypted data to the database application device.
And the application response device transmits the decrypted data back to the database application device to finish the reading operation.
As shown in fig. 3, fig. 3 is a block flow diagram of an embodiment of reading data in the method for reading and writing data of a database according to the present invention.
The step of reading data specifically comprises:
step 301, the database uses an application device to initiate a SQ L read request;
step 302, the application response device intercepts and captures an SQ L read request initiated by the database use application device, and acquires a related key from the distributed key information storage device according to the read table name and field name;
step 303, the distributed key information storage device returns the relevant key to the application response device;
step 304, the application response device transmits the SQ L read request to the database;
step 305, the database returns relevant data, and the returned data are encrypted data;
and step 306, the application response device decrypts the data by using the obtained key and transmits the decrypted data to the application response device.
Referring to fig. 4, in the method for reading and writing data in a database according to this embodiment, the step S300 further includes:
and step S330, transmitting SQ L write request to the database after the data is encrypted by applying the key.
The application response device encrypts the data by using the obtained key according to the related algorithm and transmits the SQ L write request to the database.
And step S340, returning the successful data writing information sent by the database to the database application device.
And the application response device transmits the successful data writing information returned by the database back to the database application device to finish the writing operation.
As shown in fig. 5, fig. 5 is a block diagram of a flow chart of an embodiment of writing data in the method for reading and writing data of a database according to the present invention.
The step of writing data specifically includes:
step 401, the database uses the application device to initiate a SQ L write request;
step 402, an application response device intercepts and captures a SQ L write request initiated by a database use application device, and obtains a related key from a distributed key information storage device according to a read table name and a read field name;
step 403, the distributed key information storage device returns the relevant key to the application response device;
step 404, the application response device encrypts the data by using the obtained key and transmits the SQ L write request to the database;
step 405, the database returns the successful data writing information to the application response device;
and step 406, the application response device returns the data writing success information to the application response device, and the writing operation is completed.
Referring to fig. 6, the present embodiment further provides an application response apparatus, which includes:
an interception module 10, configured to intercept an SQ L read-write request, which is sent by a database using application device and requires to read and write data in a database;
an obtaining module 20, configured to obtain a key corresponding to the data stored in the distributed key information storage device;
and the read-write module 30 is used for encrypting or decrypting the data by applying the key according to the SQ L read-write request and returning the data to the database application device.
The database uses the application device to initiate SQ L read-write request, the application response device interception module 10 of the distributed storage system intercepts the SQ L read-write request of the database uses the application device, the interface of the database uses the application device and the interface of the application response device can be API interface or SQ L interface, and the API is C language or JAVA language.
If the application response device obtaining module 20 analyzes that the data of the database to be read and written is encrypted data, the application response device obtaining module obtains the relevant key from the distributed key information storage device according to the read table name and the read field name.
The application response device read-write module 30 transmits the SQ L read-write request to the database, the application key encrypts or decrypts the read-write data, the database returns relevant information, and the application response device receives the return information and returns the return information to the database application device.
The application response device provided by the embodiment comprises an interception module 10, an acquisition module 20 and a read-write module 30, wherein the interception module 10 is used for intercepting SQ L read-write requests sent by database use application devices and requesting to read and write data in a database, the acquisition module 20 is used for acquiring keys corresponding to the data and stored in a distributed key information storage device, and the read-write module 30 is used for encrypting or decrypting the data by applying the keys according to the SQ L read-write requests and returning the data to the database use application devices.
As shown in fig. 7, the read/write module 30 includes:
the decryption unit 31 is configured to obtain the encrypted data after transmitting an SQ L read request to the database, and decrypt the encrypted data using the key;
and a decryption return unit 32 for returning the decrypted data to the database usage application apparatus.
The decryption unit 31 of the application response device passes the SQ L read request to the database, the database returns the relevant data, the returned data are the encrypted data, and the decryption unit 31 of the application response device decrypts the encrypted data with the obtained key according to the relevant algorithm.
The application response device decrypted return unit 32 returns the decrypted data to the database application device, and the read operation is completed.
As shown in fig. 8, the read/write module 30 further includes:
the encryption unit 33 is used for transmitting SQ L write request to the database after the data is encrypted by the key;
and the encryption returning unit 34 is used for returning the writing data success information sent by the database to the database application device.
The encryption unit 33 of the application response device encrypts the data using the obtained key according to the relevant algorithm and transmits the SQ L write request to the database.
The data writing success information sent by the database is sent to the encryption returning unit 34 of the application response device, and the encryption returning unit 34 of the application response device returns the data writing success information returned by the database to the database application device, so that the writing operation is completed.
As shown in fig. 9, the present embodiment further provides a distributed key information storage apparatus, which includes,
a receiving module 40, configured to receive a request for obtaining a key sent by an application response device, where the key corresponds to data in a database in an SQ L read-write request sent by an application device;
a sending module 50, configured to send the key to the application response apparatus.
The device comprises a receiving module 40 used for receiving a request for acquiring a key sent by an application response device, wherein the key corresponds to a table name or a field name of data of a database in a SQ L read-write request sent by an application device, and a sending module 50 used for sending the key corresponding to the table name or the field name of the data to the application response device.
The distributed key information storage device provided by the embodiment comprises a receiving module 40 and a sending module 50, wherein the receiving module 40 is used for receiving a request for obtaining a key sent by an application response device, the key corresponds to data of a database in a SQ L read-write request sent by an application device, and the sending module 50 is used for sending the key to the application response device.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (7)
1. A method for reading and writing data of a database is applied to an application response device of a distributed storage system, and is characterized in that the method for reading and writing the data of the database comprises the following steps:
intercepting SQ L read-write request sent by the database use application device for requesting to read and write the data in the database;
acquiring a key corresponding to the data and stored in a distributed key information storage device;
the data is encrypted or decrypted by applying the key according to the SQ L read-write request and returned to the database application device;
the step of acquiring the key corresponding to the data stored in the distributed key information storage device specifically includes:
and acquiring a corresponding key according to the table name or the field name of the data.
2. The method according to claim 1, wherein the data is encrypted data, the SQ L read-write request includes SQ L read request, and the step of applying the key to encrypt or decrypt the data according to the SQ L read-write request and returning the encrypted data to the database using application device specifically comprises:
transmitting SQ L read request to the database, acquiring the encrypted data, and decrypting the encrypted data by using the key;
and returning the decrypted data to the database use application device.
3. The method as claimed in claim 1, wherein the SQ L read/write request comprises an SQ L write request, and the step of applying the key to encrypt or decrypt the data according to the SQ L read/write request and returning the encrypted data to the database using application device specifically comprises:
after the data is encrypted by the key, transmitting SQ L write request to the database;
and returning the successful information of the data writing sent by the database to the database using application device.
4. An application response apparatus, comprising:
the intercepting module is used for intercepting SQ L read-write requests which are sent by the database use application device and require to read and write data in the database;
the acquisition module is used for acquiring a key corresponding to the data and stored in the distributed key information storage device;
the read-write module is used for applying the key to encrypt or decrypt the data according to the SQ L read-write request and returning the data to the database application device;
the obtaining module is specifically configured to obtain the corresponding key according to the table name or the field name of the data.
5. An application answering device according to claim 4, wherein the read-write module comprises:
the decryption unit is used for transmitting an SQ L read request to the database, then acquiring the encrypted data, and decrypting the encrypted data by using the key;
and the decryption returning unit is used for returning the decrypted data to the database use application device.
6. The application response unit of claim 4, wherein the read-write module further comprises:
the encryption unit is used for transmitting SQ L write requests to the database after the data are encrypted by the key;
and the encryption returning unit is used for returning the writing data success information sent by the database to the database application device.
7. A distributed key information storage apparatus, characterized in that the distributed key information storage apparatus comprises,
a receiving module, configured to receive a request for obtaining a key sent by an application response apparatus, where the key corresponds to data in a database in an SQ L read-write request sent by an application apparatus, the request is made by the application response apparatus each time an SQ L read-write request that requests reading and writing of data in the database sent by the application apparatus used by the database is intercepted, the data includes a table name or a field name, and the key corresponds to the table name or the field name of the data;
and the sending module is used for sending the secret key to the application response device.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410301136.6A CN105302822B (en) | 2014-06-27 | 2014-06-27 | Method for reading and writing data of database and application response device |
| PCT/CN2015/072330 WO2015196810A1 (en) | 2014-06-27 | 2015-02-05 | Method for reading and writing data in database and application response device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410301136.6A CN105302822B (en) | 2014-06-27 | 2014-06-27 | Method for reading and writing data of database and application response device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105302822A CN105302822A (en) | 2016-02-03 |
| CN105302822B true CN105302822B (en) | 2020-07-31 |
Family
ID=54936700
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410301136.6A Active CN105302822B (en) | 2014-06-27 | 2014-06-27 | Method for reading and writing data of database and application response device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105302822B (en) |
| WO (1) | WO2015196810A1 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107743063A (en) * | 2017-10-31 | 2018-02-27 | 北京小米移动软件有限公司 | Data processing method and device |
| CN113821819B (en) * | 2021-11-22 | 2022-03-08 | 深圳竹云科技有限公司 | Data reading and writing method and device, electronic equipment and computer readable storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101504706A (en) * | 2009-03-03 | 2009-08-12 | 中国科学院软件研究所 | Database information encryption method and system |
| CN101587479A (en) * | 2008-06-26 | 2009-11-25 | 北京人大金仓信息技术股份有限公司 | Database management system kernel oriented data encryption/decryption system and method thereof |
| CN101639882A (en) * | 2009-08-28 | 2010-02-03 | 华中科技大学 | Database security system based on storage encryption |
| CN102855448A (en) * | 2012-08-10 | 2013-01-02 | 深圳市黎明网络系统有限公司 | Field-level database encryption device |
| CN102968455A (en) * | 2012-10-31 | 2013-03-13 | 山东浪潮齐鲁软件产业股份有限公司 | Transparent database encrypting method of application layer |
| CN103279715A (en) * | 2013-05-22 | 2013-09-04 | 李凤华 | Database data encryption and decryption method and device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10339336B2 (en) * | 2003-06-11 | 2019-07-02 | Oracle International Corporation | Method and apparatus for encrypting database columns |
| CN100438614C (en) * | 2006-02-16 | 2008-11-26 | 清华大学深圳研究生院 | Method for realizing distributing asymmetric video conference safety system |
-
2014
- 2014-06-27 CN CN201410301136.6A patent/CN105302822B/en active Active
-
2015
- 2015-02-05 WO PCT/CN2015/072330 patent/WO2015196810A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101587479A (en) * | 2008-06-26 | 2009-11-25 | 北京人大金仓信息技术股份有限公司 | Database management system kernel oriented data encryption/decryption system and method thereof |
| CN101504706A (en) * | 2009-03-03 | 2009-08-12 | 中国科学院软件研究所 | Database information encryption method and system |
| CN101639882A (en) * | 2009-08-28 | 2010-02-03 | 华中科技大学 | Database security system based on storage encryption |
| CN102855448A (en) * | 2012-08-10 | 2013-01-02 | 深圳市黎明网络系统有限公司 | Field-level database encryption device |
| CN102968455A (en) * | 2012-10-31 | 2013-03-13 | 山东浪潮齐鲁软件产业股份有限公司 | Transparent database encrypting method of application layer |
| CN103279715A (en) * | 2013-05-22 | 2013-09-04 | 李凤华 | Database data encryption and decryption method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105302822A (en) | 2016-02-03 |
| WO2015196810A1 (en) | 2015-12-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200120073A1 (en) | File security method and apparatus for same | |
| US9171145B2 (en) | Protecting cryptographic secrets using file system attributes | |
| JP5711840B1 (en) | Kernel program, method and apparatus incorporating relational database | |
| US20130185569A1 (en) | Data protection system and method based on cloud storage | |
| US10027660B2 (en) | Computer program, method, and system for secure data management | |
| CN103020537A (en) | Data encrypting method, data encrypting device, data deciphering method and data deciphering device | |
| CN103731475A (en) | Data protection system | |
| CN105101183A (en) | Method and system for protecting private contents at mobile terminal | |
| JP2018142314A5 (en) | ||
| CN112839013B (en) | Key transmission method, device and computer readable storage medium | |
| CN105302822B (en) | Method for reading and writing data of database and application response device | |
| WO2017219642A1 (en) | Information sharing method and system | |
| CN101383825A (en) | Method, apparatus and terminal implementing computer file ciphering | |
| JP6192495B2 (en) | Semiconductor device, information terminal, semiconductor element control method, and information terminal control method | |
| KR101473656B1 (en) | Method and apparatus for security of mobile data | |
| US8332658B2 (en) | Computer system, management terminal, storage system and encryption management method | |
| CN105450597A (en) | Information transmission method and device | |
| CN103413098B (en) | Hardware encipher method and system and device thereof | |
| CN102426635B (en) | Display device for file information, display method and system | |
| CN104580181A (en) | Device and method for data encryption and encryption accelerator engine | |
| CN105553945A (en) | Method and device for encrypting and decrypting data in mobile terminal | |
| CN104915607A (en) | Password data processing and exchanging method based on mobile terminal | |
| CN110147677A (en) | The safe encrypted electronic signature mouse of quantum, computer and its encryption method | |
| CN210515296U (en) | Data security processing device, system, hardware encryption device and portable device | |
| CN115189929B (en) | Authorization authentication method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |