CN106407837A - A time data encryption processing method having privacy protection capability - Google Patents
A time data encryption processing method having privacy protection capability Download PDFInfo
- Publication number
- CN106407837A CN106407837A CN201610828806.9A CN201610828806A CN106407837A CN 106407837 A CN106407837 A CN 106407837A CN 201610828806 A CN201610828806 A CN 201610828806A CN 106407837 A CN106407837 A CN 106407837A
- Authority
- CN
- China
- Prior art keywords
- data
- time
- user
- node
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The invention provides a time data encryption processing method having privacy protection capability. The time data encryption processing method having privacy protection capability comprises the steps of original data processing and query request processing. The original data processing includes the substeps of encrypting a user name by using the AES algorithm, wherein an encryption key K1 is owned by a data owner; encrypting a starting time and an ending time by using the AES algorithm after the starting time and the ending time are combined, wherein an encryption key K2 is owned by the data owner; performing processing after the starting time and the ending time are combined, wherein a key S required for operation is owned by an operator. The query request processing comprises the substeps that a user submits a query request to a proxy server; the proxy server converts the query request; the data owner performs encryption and extracts all records of the user; an operating agent processes the returned records item by item.
Description
Technical field
The invention belongs to Data Protection Technologies field, more particularly, to a kind of time data encryption possessing secret protection ability
Processing method.
Background technology
At present, the protection to database data, is mainly realized by data encryption.Conventional cipher mode has two kinds, and one
Plant and using symmetric encipherment algorithms such as AES, data is encrypted, another kind is with One-way Hash function, data to be processed.Two
All there is certain defect in the mode of kind, using symmetric encipherment algorithms such as AES to data encryption, data is being carried out the process such as inquiring about
When it is necessary to data deciphering, thus make original plaintext data be exposed in face of operator, thus losing the meaning of data encryption
Justice;Processed using Hash function pair data, even if data owner cannot recover original plaintext message, caused former
Beginning information is lost.Finally, neither support encryption data is directly processed, and returning result.
In sum, there is initial data and cannot recover in the existing guard method to database data, and initial data is easy
The problem exposing.
Content of the invention
It is an object of the invention to provide a kind of time data cipher processing method possessing secret protection ability is it is intended to solve
Certainly there is initial data and cannot recover in the existing guard method to database data, the problem that initial data easily exposes.
The present invention is achieved in that a kind of time data cipher processing method possessing secret protection ability can be direct
The time data of encryption is carried out by inquiry operation and returns data encryption and the inquiry processing method of result, it is at data
Data need not be decrypted during reason, and support the recovery of original plaintext message, not result in raw information and lose.
Possess the time data cipher processing method of secret protection ability, the described time number possessing secret protection ability
Include according to cipher processing method:Original data processing and inquiry request are processed;
Described original data processing includes:User name, is encrypted using aes algorithm, and encryption key K1 is by data owner institute
Have;Initial time, end time are encrypted using aes algorithm after merging, and encryption key K2 is owned by data owner;When initial
Between, the end time merge after processed, key S needed for operation, owned by operator;
Described inquiry request processes and includes:Inquiry request is submitted to proxy server by user, and proxy server conversion is looked into
Ask request, data owner encrypts, extract all records of user, operation agent, to the record returning, is processed one by one.
Further, described original data processing specifically includes:
The first step, time data is divided according to sky, and the data of every day is processed respectively;
Second step, according to time data processing accuracy, all for some day time points is marked in order;
3rd step, with the random number seed S of 128, S carries out Hash, Hash gained 256 digit with SHA-1 256 algorithm
According to being divided into two, i.e. S11And S12.S11And S12Repeat said process, continue through SHA-1 256 and be extended and divide;Extension
To last till that produced binary tree leaf node can cover the corresponding all time points of selected precision with splitting operation;
4th step, the labelling that second step is produced, order by number, correspond on the leaf node that the 3rd step produces, or
Person says that each time point has been converted to the hash value of 256;
5th step, merges according to leaf node situation, is changed into upper layer node after merging, until merging into
Only;
6th step, the node after merging carries out out of order process, as beginning and ending time Node data storage.
Further, described inquiry request processes and specifically includes:
Step one, inquiry request is submitted to proxy server by user;
Step 2, operation agent uses key S, and the time in inquiry is converted into the node in binary tree;
Step 3, operation agent, by the inquiry request after converting, is submitted to data owner and is processed;
Step 4, data owner is encrypted to user name using key K1, obtains EK1, EK1 isUser A, and use should
Data extracts all records of user A, i.e. selectinfo from table where user name from the data base after encryption
=EK1;Query Result is returned to operation agent by data owner;
Step 5, operation agent, to the record returning, is processed one by one, by the data in beginning and ending time Node, according to
Its node place level, enters line splitting and extension, until being completely converted into leaf node;And process conversion using identical method
The node in operation requests afterwards.
Another object of the present invention is to providing a kind of described time data encryption side possessing secret protection ability
The time data encryption treatment system of method, described time data encryption treatment system includes:
User terminal, for initiating inquiry operation;
Operation agent module, the wired or wireless communication with user terminal, for holding the key information needed for data manipulation
S;
Data owner's module, the wired or wireless communication with operation agent module, for holding deciphering encryption information
Key K.
Another object of the present invention is to provide a kind of using the described time data encryption possessing secret protection ability at
The database data guard method of reason method.
The time data cipher processing method possessing secret protection ability that the present invention provides, can be directly to encryption times
Data is processed, and returns two time periods with the presence or absence of overlapping and overlapping degree decision method.In data processing
In journey or when result returns, original plaintext data need not be exposed to operator.For example:Inquire about certain user in 2016-08-02
19:00:00-20:00:Whether 00 work overtime in company always?The result of "Yes" or "No" will be returned, without returning this user
Arrive at company's time and the correct time leaving company, it is to avoid invade the privacy of user.In addition, the present invention also supports to recover
Original plaintext data, it is to avoid raw information is lost.For attacker, because database data is all through encryption, its
Key K1 cannot be obtained, it is impossible to obtain any information in the case of K2, S.
For operation agent, it only has key S to the present invention, can only carry out time interval according to the result that data base returns and be
No overlapping judgement.It both cannot obtain user profile, also cannot obtain the User logs in time.Thus it is guaranteed that privacy of user.
And compare and directly discretization (being converted into time point) is carried out to the time period, and with random number simple replacement time point;Though its
So also can make to realize the secret protection of temporal information, also support to judge whether two time periods are overlapping.But this method can be to encryption
Timing node afterwards merges storage, can save the memory space of 60-70%.Finally, this method supports raw information
Recover, do not result in raw information and lose.
Node can merge, and can save;Remain the time of AES encryption, when data owner needs to recover data,
Also raw information can be recovered faster.
Brief description
Fig. 1 is the time data cipher processing method flow chart possessing secret protection ability provided in an embodiment of the present invention.
Fig. 2 is the time data encryption treatment system structural representation possessing secret protection ability provided in an embodiment of the present invention
Figure;
Fig. 3 is the schematic diagram of extension provided in an embodiment of the present invention and splitting operation;
In figure:1st, user terminal;2nd, operation agent module;3rd, data owner's module.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not used to
Limit the present invention.
Below in conjunction with the accompanying drawings the application principle of the present invention is explained in detail.
As shown in figure 1, the time data cipher processing method bag possessing secret protection ability provided in an embodiment of the present invention
Include following steps:
S101:User name, is encrypted using aes algorithm, and encryption key K1 is owned by data owner;Initial time, end
Time is encrypted using aes algorithm after merging, and encryption key K2 is owned by data owner;After initial time, end time merge
Processed, key S needed for operation, owned by operator;
S102:User by inquiry request be submitted to proxy server, operation agent use key S, will inquiry in when
Between be converted into node in binary tree;Operation agent, by the inquiry request after converting, is submitted to data owner and is processed;Number
Using key K1, user name is encrypted according to the owner, obtains EK1(user A), and the data base after encryption using this data
All records of middle extraction user A, i.e. " selectinfo from table where user name=EK1(user A) ";Data institute
Query Result is returned to operation agent by the person of having;
S103:Operation agent, to the record returning, is processed one by one.By the data in " beginning and ending time Node ", according to
Its node place level, enters line splitting and extension, until being completely converted into leaf node.And process conversion using identical method
The node in operation requests afterwards;
S104:Operation agent compares node in operation requests and the node in data-base recording and whether there is identical, deposits
How much identical, and then may determine that whether user carried out register in this period, how long log in the persistent period.
As shown in Fig. 2 the time data encryption treatment system bag possessing secret protection ability provided in an embodiment of the present invention
Include:
User terminal 1, for initiating inquiry operation;
Operation agent module 2, the wired or wireless communication with user terminal 1, for holding the key letter needed for data manipulation
Breath S;
Data owner's module 3, the wired or wireless communication with operation agent module 2, it is used for holding and will decipher encryption information
Key K.
With reference to specific embodiment, the application principle of the present invention is further described.
Embodiment 1:
The time data cipher processing method possessing secret protection ability of the embodiment of the present invention comprises the following steps:
1) original data processing
As shown in table 1, the data after encryption is as shown in table 2 for original plaintext message shape.
Table 1 initial data
User | Initial time | End time |
Zhang San | 2016-8-111:00:00 | 2016-8-1 18:00:00 |
Data after table 2 encryption
Process to every terms of information is as follows:
A) user name, is encrypted using aes algorithm, and encryption key K1 is owned by data owner.
B) initial time, the end time merge after encrypted using aes algorithm, encryption key K2 is owned by data owner.
C) initial time, end time merge after processed, key S needed for operation, owned by operator, concrete process
Method sees below.
Firstth, time data is divided according to sky, the data of every day is processed respectively.
Secondth, (be in general point or second) is required according to time data processing accuracy, by all for some day time points
It is marked in order.Such as the time of 2016-08-01 was marked for precision by the second, 2016-08-0100:00:01 just
It is labeled as 1,2016-08-0101:10:10 are labeled as 4210 (10+10*60+1*60*60).
3rd, with the random number seed S of 128, S carries out Hash, 256 data one of Hash gained with SHA-1256 algorithm
It is divided into two, i.e. S11And S12.S11And S12Repeat said process, continue through SHA-1256 and be extended and divide.Aforesaid operations will
Form a binary tree, as shown in Figure 2.Extension and splitting operation will last till that produced binary tree leaf node can cover
The corresponding all time points of selected precision.Such as select " dividing " to be precision, then have within one day 1440 time points (24 hours * 60
Point/hour=1440 point), then the minimum binary tree that can cover 1440 time points has 211=2048 leaf nodes, it is deep
Spend for 12, that is, need to carry out 12 splitting operations, as shown in Figure 3.
4th, the labelling that second step is produced, order by number, correspond on the leaf node that the 3rd step produces.Or
Say that each time point has been converted to the hash value of 256.
5th, merged according to leaf node situation, after merging, be changed into upper layer node, till cannot merging.
, if certain time period is converted into S taking Fig. 2 as a example21, S22, S23, S24Four nodes;(S then can be merged into11, 1) and (S12, 1), wherein
1 expression level in binary tree for the node, similarly hereinafter;And merge into (S, 2) further.Union operation can greatly reduce directly to be deposited
Memory space needed for storage hash value.
6th, the node after merging carries out out of order process, as " beginning and ending time Node " data storage in table 2.
2) inquiry request is processed
A) user by shape as " user A is in 2016-08-0110:30:00 to 2016-08-0111:00:Whether 00 is logged
System " inquiry request be submitted to proxy server.
B) operation agent uses key S, and the time in inquiry is converted into the node in binary tree.
C) operation agent, by the inquiry request after converting, is submitted to data owner and is processed.Request shape after conversion
As:" user A is in (Sa, 8);(Sb, 3);(Sc, 4) during whether logged system ".
D) data owner is encrypted to user name using key K1, obtains EK1(user A), and using this data from plus
All records of user A, i.e. " selectinfo from table where user name=E is extracted in data base after closeK1(use
Family A) ".Query Result is returned to operation agent by data owner.
E) operation agent, to the record returning, is processed one by one.By the data in " beginning and ending time Node ", according to its section
Point place level, enters line splitting and extension, until being completely converted into leaf node.And processed after conversion using identical method
Node in operation requests.
F) operation agent compares node in operation requests and the node in data-base recording and whether there is identical, exists many
Few identical, and then may determine that whether user carried out register in this period, how long log in the persistent period.
For attacker, because database data is all through encryption, it cannot obtain key K1, the feelings of K2, S
It is impossible to obtain any information under condition.For operation agent, it only has key S, and it also cannot obtain the login record of certain user.
Compare and directly discretization (being converted into time point) is carried out to the time period, and with random number simple replacement time point, the present invention
Because node can merge, substantial amounts of memory space can be saved.Due to remaining the time of AES encryption, in data owner
When needing to recover data, also can recover raw information faster.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention
Any modification, equivalent and improvement made within god and principle etc., should be included within the scope of the present invention.
Claims (5)
1. a kind of time data cipher processing method possessing secret protection ability is it is characterised in that described possess secret protection
The time data cipher processing method of ability includes:Original data processing and inquiry request are processed;
Described original data processing includes:User name, is encrypted using aes algorithm, and encryption key K1 is owned by data owner;Rise
Time beginning, end time are encrypted using aes algorithm after merging, and encryption key K2 is owned by data owner;Initial time, end
Time is processed after merging, and key S needed for operation is owned by operator;
Described inquiry request processes and includes:Inquiry request is submitted to proxy server by user, and proxy server conversion inquiry please
Ask, data owner encrypts, extract all records of user, operation agent, to the record returning, is processed one by one.
2. possesses the time data cipher processing method of secret protection ability as claimed in claim 1 it is characterised in that described
Original data processing specifically includes:
The first step, time data is divided according to sky, and the data of every day is processed respectively;
Second step, according to time data processing accuracy, all for some day time points is marked in order;
3rd step, with the random number seed S of 128, S carries out Hash, one point of 256 data of Hash gained with SHA-1256 algorithm
For two, i.e. S11And S12;S11And S12Repeat said process, continue through SHA-1256 and be extended and divide;Extension and division behaviour
Work will last till that produced binary tree leaf node can cover the corresponding all time points of selected precision;
4th step, the labelling that second step is produced, order by number, correspond on the leaf node that the 3rd step produces, in other words
Each time point has been converted to the hash value of 256;
5th step, merges according to leaf node situation, is changed into upper layer node after merging, till cannot merging;
6th step, the node after merging carries out out of order process, as beginning and ending time Node data storage.
3. possesses the time data cipher processing method of secret protection ability as claimed in claim 1 it is characterised in that described
Inquiry request processes and specifically includes:
Step one, inquiry request is submitted to proxy server by user;
Step 2, operation agent uses key S, and the time in inquiry is converted into the node in binary tree;
Step 3, operation agent, by the inquiry request after converting, is submitted to data owner and is processed;
Step 4, data owner is encrypted to user name using key K1, obtains EK1, EK1 isUser A, and use this data
From encryption after data base extract user A all records, that is, selectinfo from table where user name=
EK1;Query Result is returned to operation agent by data owner;
Step 5, operation agent, to the record returning, is processed one by one, by the data in beginning and ending time Node, according to its section
Point place level, enters line splitting and extension, until being completely converted into leaf node;And processed after conversion using identical method
Node in operation requests.
4. the time data encryption of a kind of time data cipher processing method possessing secret protection ability as claimed in claim 1
Processing system is it is characterised in that described time data encryption treatment system includes:
User terminal, for initiating inquiry operation;
Operation agent module, the wired or wireless communication with user terminal, for holding the key information S needed for data manipulation;
Data owner's module, the wired or wireless communication with operation agent module, for holding the key of deciphering encryption information
K.
5. described in a kind of any one using claim 1~3, possesses the time data cipher processing method of secret protection ability
Database data guard method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610828806.9A CN106407837B (en) | 2016-09-18 | 2016-09-18 | A kind of time data encryption processing method having secret protection ability |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610828806.9A CN106407837B (en) | 2016-09-18 | 2016-09-18 | A kind of time data encryption processing method having secret protection ability |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106407837A true CN106407837A (en) | 2017-02-15 |
CN106407837B CN106407837B (en) | 2019-03-08 |
Family
ID=57996905
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610828806.9A Active CN106407837B (en) | 2016-09-18 | 2016-09-18 | A kind of time data encryption processing method having secret protection ability |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106407837B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107448075A (en) * | 2017-08-09 | 2017-12-08 | 王怀玲 | A kind of electric back door lock external lock signal instruction system |
CN107550471A (en) * | 2017-04-05 | 2018-01-09 | 李霄艳 | A kind of GI Medicine UGB nursing system |
CN107890346A (en) * | 2017-11-09 | 2018-04-10 | 丁海涛 | A kind of intelligent neurosurgeon detects treatment control system with cranium pressure |
CN109871400A (en) * | 2018-12-26 | 2019-06-11 | 中译语通科技股份有限公司 | A kind of big data calculating control system and method based on cloud service platform |
CN117421778A (en) * | 2023-12-19 | 2024-01-19 | 广州技客信息科技有限公司 | Data processing method and processing equipment thereof |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101141302A (en) * | 2007-08-07 | 2008-03-12 | 中兴通讯股份有限公司 | Method for highly effective enquiry of historical data |
US20080256146A1 (en) * | 2005-06-03 | 2008-10-16 | Itaru Nishizawa | Query processing method for stream data processing systems |
CN101504668A (en) * | 2009-03-24 | 2009-08-12 | 北京理工大学 | Cryptograph index supported database transparent encryption method |
CN102347835A (en) * | 2010-07-30 | 2012-02-08 | 索尼公司 | Method for updating private key and equipment thereof, and method for acquiring session key and communication equipment thereof |
CN104408177A (en) * | 2014-12-15 | 2015-03-11 | 西安电子科技大学 | Cipher searching method based on cloud document system |
-
2016
- 2016-09-18 CN CN201610828806.9A patent/CN106407837B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080256146A1 (en) * | 2005-06-03 | 2008-10-16 | Itaru Nishizawa | Query processing method for stream data processing systems |
CN101141302A (en) * | 2007-08-07 | 2008-03-12 | 中兴通讯股份有限公司 | Method for highly effective enquiry of historical data |
CN101504668A (en) * | 2009-03-24 | 2009-08-12 | 北京理工大学 | Cryptograph index supported database transparent encryption method |
CN102347835A (en) * | 2010-07-30 | 2012-02-08 | 索尼公司 | Method for updating private key and equipment thereof, and method for acquiring session key and communication equipment thereof |
CN104408177A (en) * | 2014-12-15 | 2015-03-11 | 西安电子科技大学 | Cipher searching method based on cloud document system |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107550471A (en) * | 2017-04-05 | 2018-01-09 | 李霄艳 | A kind of GI Medicine UGB nursing system |
CN107448075A (en) * | 2017-08-09 | 2017-12-08 | 王怀玲 | A kind of electric back door lock external lock signal instruction system |
CN107890346A (en) * | 2017-11-09 | 2018-04-10 | 丁海涛 | A kind of intelligent neurosurgeon detects treatment control system with cranium pressure |
CN109871400A (en) * | 2018-12-26 | 2019-06-11 | 中译语通科技股份有限公司 | A kind of big data calculating control system and method based on cloud service platform |
CN117421778A (en) * | 2023-12-19 | 2024-01-19 | 广州技客信息科技有限公司 | Data processing method and processing equipment thereof |
CN117421778B (en) * | 2023-12-19 | 2024-04-05 | 广州技客信息科技有限公司 | Data processing method and processing equipment thereof |
Also Published As
Publication number | Publication date |
---|---|
CN106407837B (en) | 2019-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110324143B (en) | Data transmission method, electronic device and storage medium | |
CN106407837A (en) | A time data encryption processing method having privacy protection capability | |
US10657283B2 (en) | Secure high speed data storage, access, recovery, transmission, and retrieval from one or more of a plurality of physical storage locations | |
CN107347058B (en) | Data encryption method, data decryption method, device and system | |
WO2020098365A1 (en) | Blockchain-based service data encryption method and apparatus | |
US9946744B2 (en) | Customer vehicle data security method | |
US20120321078A1 (en) | Key rotation and selective re-encryption for data security | |
US9021259B2 (en) | Encrypted database system, client terminal, encrypted database server, natural joining method, and program | |
CN108768951B (en) | Data encryption and retrieval method for protecting file privacy in cloud environment | |
US20100290623A1 (en) | Protection of encryption keys in a database | |
CN101616003B (en) | Password-protecting system and method | |
WO2017036547A1 (en) | Method for providing encrypted data in a database and method for searching on encrypted data | |
CN101593196A (en) | The methods, devices and systems that are used for rapidly searching ciphertext | |
CN102013980A (en) | Random encryption method for decrypting by adopting exhaustion method | |
CN105245328A (en) | User and file key generation and management method based on third party | |
CN109802832B (en) | Data file processing method and system, big data processing server and computer storage medium | |
CN101924739A (en) | Method for encrypting, storing and retrieving software certificate and private key | |
CN102752109A (en) | Secret key management method and device for encrypting data base column | |
WO2014118230A1 (en) | Method and system for providing encrypted data for searching of information therein and a method and system for searching of information on encrypted data | |
JP2000172548A (en) | Electronic data management method and device and recording medium of electronic data management program | |
CN115688167A (en) | Method, device and system for searching for confidential trace and storage medium | |
JP6961324B2 (en) | Searchable cryptographic processing system | |
KR100910303B1 (en) | Data encryption and decryption apparatus using variable code table and method thereof | |
CN110365468B (en) | Anonymization processing method, device, equipment and storage medium | |
GB2563742A (en) | Systems and methods for digital identity management and permission controls within distributed network nodes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |