CN106407837A - A time data encryption processing method having privacy protection capability - Google Patents

A time data encryption processing method having privacy protection capability Download PDF

Info

Publication number
CN106407837A
CN106407837A CN201610828806.9A CN201610828806A CN106407837A CN 106407837 A CN106407837 A CN 106407837A CN 201610828806 A CN201610828806 A CN 201610828806A CN 106407837 A CN106407837 A CN 106407837A
Authority
CN
China
Prior art keywords
data
time
user
node
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610828806.9A
Other languages
Chinese (zh)
Other versions
CN106407837B (en
Inventor
张路桥
李飞
王娟
石磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu University of Information Technology
Original Assignee
Chengdu University of Information Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu University of Information Technology filed Critical Chengdu University of Information Technology
Priority to CN201610828806.9A priority Critical patent/CN106407837B/en
Publication of CN106407837A publication Critical patent/CN106407837A/en
Application granted granted Critical
Publication of CN106407837B publication Critical patent/CN106407837B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Abstract

The invention provides a time data encryption processing method having privacy protection capability. The time data encryption processing method having privacy protection capability comprises the steps of original data processing and query request processing. The original data processing includes the substeps of encrypting a user name by using the AES algorithm, wherein an encryption key K1 is owned by a data owner; encrypting a starting time and an ending time by using the AES algorithm after the starting time and the ending time are combined, wherein an encryption key K2 is owned by the data owner; performing processing after the starting time and the ending time are combined, wherein a key S required for operation is owned by an operator. The query request processing comprises the substeps that a user submits a query request to a proxy server; the proxy server converts the query request; the data owner performs encryption and extracts all records of the user; an operating agent processes the returned records item by item.

Description

A kind of time data cipher processing method possessing secret protection ability
Technical field
The invention belongs to Data Protection Technologies field, more particularly, to a kind of time data encryption possessing secret protection ability Processing method.
Background technology
At present, the protection to database data, is mainly realized by data encryption.Conventional cipher mode has two kinds, and one Plant and using symmetric encipherment algorithms such as AES, data is encrypted, another kind is with One-way Hash function, data to be processed.Two All there is certain defect in the mode of kind, using symmetric encipherment algorithms such as AES to data encryption, data is being carried out the process such as inquiring about When it is necessary to data deciphering, thus make original plaintext data be exposed in face of operator, thus losing the meaning of data encryption Justice;Processed using Hash function pair data, even if data owner cannot recover original plaintext message, caused former Beginning information is lost.Finally, neither support encryption data is directly processed, and returning result.
In sum, there is initial data and cannot recover in the existing guard method to database data, and initial data is easy The problem exposing.
Content of the invention
It is an object of the invention to provide a kind of time data cipher processing method possessing secret protection ability is it is intended to solve Certainly there is initial data and cannot recover in the existing guard method to database data, the problem that initial data easily exposes.
The present invention is achieved in that a kind of time data cipher processing method possessing secret protection ability can be direct The time data of encryption is carried out by inquiry operation and returns data encryption and the inquiry processing method of result, it is at data Data need not be decrypted during reason, and support the recovery of original plaintext message, not result in raw information and lose.
Possess the time data cipher processing method of secret protection ability, the described time number possessing secret protection ability Include according to cipher processing method:Original data processing and inquiry request are processed;
Described original data processing includes:User name, is encrypted using aes algorithm, and encryption key K1 is by data owner institute Have;Initial time, end time are encrypted using aes algorithm after merging, and encryption key K2 is owned by data owner;When initial Between, the end time merge after processed, key S needed for operation, owned by operator;
Described inquiry request processes and includes:Inquiry request is submitted to proxy server by user, and proxy server conversion is looked into Ask request, data owner encrypts, extract all records of user, operation agent, to the record returning, is processed one by one.
Further, described original data processing specifically includes:
The first step, time data is divided according to sky, and the data of every day is processed respectively;
Second step, according to time data processing accuracy, all for some day time points is marked in order;
3rd step, with the random number seed S of 128, S carries out Hash, Hash gained 256 digit with SHA-1 256 algorithm According to being divided into two, i.e. S11And S12.S11And S12Repeat said process, continue through SHA-1 256 and be extended and divide;Extension To last till that produced binary tree leaf node can cover the corresponding all time points of selected precision with splitting operation;
4th step, the labelling that second step is produced, order by number, correspond on the leaf node that the 3rd step produces, or Person says that each time point has been converted to the hash value of 256;
5th step, merges according to leaf node situation, is changed into upper layer node after merging, until merging into Only;
6th step, the node after merging carries out out of order process, as beginning and ending time Node data storage.
Further, described inquiry request processes and specifically includes:
Step one, inquiry request is submitted to proxy server by user;
Step 2, operation agent uses key S, and the time in inquiry is converted into the node in binary tree;
Step 3, operation agent, by the inquiry request after converting, is submitted to data owner and is processed;
Step 4, data owner is encrypted to user name using key K1, obtains EK1, EK1 isUser A, and use should Data extracts all records of user A, i.e. selectinfo from table where user name from the data base after encryption =EK1;Query Result is returned to operation agent by data owner;
Step 5, operation agent, to the record returning, is processed one by one, by the data in beginning and ending time Node, according to Its node place level, enters line splitting and extension, until being completely converted into leaf node;And process conversion using identical method The node in operation requests afterwards.
Another object of the present invention is to providing a kind of described time data encryption side possessing secret protection ability The time data encryption treatment system of method, described time data encryption treatment system includes:
User terminal, for initiating inquiry operation;
Operation agent module, the wired or wireless communication with user terminal, for holding the key information needed for data manipulation S;
Data owner's module, the wired or wireless communication with operation agent module, for holding deciphering encryption information Key K.
Another object of the present invention is to provide a kind of using the described time data encryption possessing secret protection ability at The database data guard method of reason method.
The time data cipher processing method possessing secret protection ability that the present invention provides, can be directly to encryption times Data is processed, and returns two time periods with the presence or absence of overlapping and overlapping degree decision method.In data processing In journey or when result returns, original plaintext data need not be exposed to operator.For example:Inquire about certain user in 2016-08-02 19:00:00-20:00:Whether 00 work overtime in company always?The result of "Yes" or "No" will be returned, without returning this user Arrive at company's time and the correct time leaving company, it is to avoid invade the privacy of user.In addition, the present invention also supports to recover Original plaintext data, it is to avoid raw information is lost.For attacker, because database data is all through encryption, its Key K1 cannot be obtained, it is impossible to obtain any information in the case of K2, S.
For operation agent, it only has key S to the present invention, can only carry out time interval according to the result that data base returns and be No overlapping judgement.It both cannot obtain user profile, also cannot obtain the User logs in time.Thus it is guaranteed that privacy of user. And compare and directly discretization (being converted into time point) is carried out to the time period, and with random number simple replacement time point;Though its So also can make to realize the secret protection of temporal information, also support to judge whether two time periods are overlapping.But this method can be to encryption Timing node afterwards merges storage, can save the memory space of 60-70%.Finally, this method supports raw information Recover, do not result in raw information and lose.
Node can merge, and can save;Remain the time of AES encryption, when data owner needs to recover data, Also raw information can be recovered faster.
Brief description
Fig. 1 is the time data cipher processing method flow chart possessing secret protection ability provided in an embodiment of the present invention.
Fig. 2 is the time data encryption treatment system structural representation possessing secret protection ability provided in an embodiment of the present invention Figure;
Fig. 3 is the schematic diagram of extension provided in an embodiment of the present invention and splitting operation;
In figure:1st, user terminal;2nd, operation agent module;3rd, data owner's module.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not used to Limit the present invention.
Below in conjunction with the accompanying drawings the application principle of the present invention is explained in detail.
As shown in figure 1, the time data cipher processing method bag possessing secret protection ability provided in an embodiment of the present invention Include following steps:
S101:User name, is encrypted using aes algorithm, and encryption key K1 is owned by data owner;Initial time, end Time is encrypted using aes algorithm after merging, and encryption key K2 is owned by data owner;After initial time, end time merge Processed, key S needed for operation, owned by operator;
S102:User by inquiry request be submitted to proxy server, operation agent use key S, will inquiry in when Between be converted into node in binary tree;Operation agent, by the inquiry request after converting, is submitted to data owner and is processed;Number Using key K1, user name is encrypted according to the owner, obtains EK1(user A), and the data base after encryption using this data All records of middle extraction user A, i.e. " selectinfo from table where user name=EK1(user A) ";Data institute Query Result is returned to operation agent by the person of having;
S103:Operation agent, to the record returning, is processed one by one.By the data in " beginning and ending time Node ", according to Its node place level, enters line splitting and extension, until being completely converted into leaf node.And process conversion using identical method The node in operation requests afterwards;
S104:Operation agent compares node in operation requests and the node in data-base recording and whether there is identical, deposits How much identical, and then may determine that whether user carried out register in this period, how long log in the persistent period.
As shown in Fig. 2 the time data encryption treatment system bag possessing secret protection ability provided in an embodiment of the present invention Include:
User terminal 1, for initiating inquiry operation;
Operation agent module 2, the wired or wireless communication with user terminal 1, for holding the key letter needed for data manipulation Breath S;
Data owner's module 3, the wired or wireless communication with operation agent module 2, it is used for holding and will decipher encryption information Key K.
With reference to specific embodiment, the application principle of the present invention is further described.
Embodiment 1:
The time data cipher processing method possessing secret protection ability of the embodiment of the present invention comprises the following steps:
1) original data processing
As shown in table 1, the data after encryption is as shown in table 2 for original plaintext message shape.
Table 1 initial data
User Initial time End time
Zhang San 2016-8-111:00:00 2016-8-1 18:00:00
Data after table 2 encryption
Process to every terms of information is as follows:
A) user name, is encrypted using aes algorithm, and encryption key K1 is owned by data owner.
B) initial time, the end time merge after encrypted using aes algorithm, encryption key K2 is owned by data owner.
C) initial time, end time merge after processed, key S needed for operation, owned by operator, concrete process Method sees below.
Firstth, time data is divided according to sky, the data of every day is processed respectively.
Secondth, (be in general point or second) is required according to time data processing accuracy, by all for some day time points It is marked in order.Such as the time of 2016-08-01 was marked for precision by the second, 2016-08-0100:00:01 just It is labeled as 1,2016-08-0101:10:10 are labeled as 4210 (10+10*60+1*60*60).
3rd, with the random number seed S of 128, S carries out Hash, 256 data one of Hash gained with SHA-1256 algorithm It is divided into two, i.e. S11And S12.S11And S12Repeat said process, continue through SHA-1256 and be extended and divide.Aforesaid operations will Form a binary tree, as shown in Figure 2.Extension and splitting operation will last till that produced binary tree leaf node can cover The corresponding all time points of selected precision.Such as select " dividing " to be precision, then have within one day 1440 time points (24 hours * 60 Point/hour=1440 point), then the minimum binary tree that can cover 1440 time points has 211=2048 leaf nodes, it is deep Spend for 12, that is, need to carry out 12 splitting operations, as shown in Figure 3.
4th, the labelling that second step is produced, order by number, correspond on the leaf node that the 3rd step produces.Or Say that each time point has been converted to the hash value of 256.
5th, merged according to leaf node situation, after merging, be changed into upper layer node, till cannot merging. , if certain time period is converted into S taking Fig. 2 as a example21, S22, S23, S24Four nodes;(S then can be merged into11, 1) and (S12, 1), wherein 1 expression level in binary tree for the node, similarly hereinafter;And merge into (S, 2) further.Union operation can greatly reduce directly to be deposited Memory space needed for storage hash value.
6th, the node after merging carries out out of order process, as " beginning and ending time Node " data storage in table 2.
2) inquiry request is processed
A) user by shape as " user A is in 2016-08-0110:30:00 to 2016-08-0111:00:Whether 00 is logged System " inquiry request be submitted to proxy server.
B) operation agent uses key S, and the time in inquiry is converted into the node in binary tree.
C) operation agent, by the inquiry request after converting, is submitted to data owner and is processed.Request shape after conversion As:" user A is in (Sa, 8);(Sb, 3);(Sc, 4) during whether logged system ".
D) data owner is encrypted to user name using key K1, obtains EK1(user A), and using this data from plus All records of user A, i.e. " selectinfo from table where user name=E is extracted in data base after closeK1(use Family A) ".Query Result is returned to operation agent by data owner.
E) operation agent, to the record returning, is processed one by one.By the data in " beginning and ending time Node ", according to its section Point place level, enters line splitting and extension, until being completely converted into leaf node.And processed after conversion using identical method Node in operation requests.
F) operation agent compares node in operation requests and the node in data-base recording and whether there is identical, exists many Few identical, and then may determine that whether user carried out register in this period, how long log in the persistent period.
For attacker, because database data is all through encryption, it cannot obtain key K1, the feelings of K2, S It is impossible to obtain any information under condition.For operation agent, it only has key S, and it also cannot obtain the login record of certain user. Compare and directly discretization (being converted into time point) is carried out to the time period, and with random number simple replacement time point, the present invention Because node can merge, substantial amounts of memory space can be saved.Due to remaining the time of AES encryption, in data owner When needing to recover data, also can recover raw information faster.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention Any modification, equivalent and improvement made within god and principle etc., should be included within the scope of the present invention.

Claims (5)

1. a kind of time data cipher processing method possessing secret protection ability is it is characterised in that described possess secret protection The time data cipher processing method of ability includes:Original data processing and inquiry request are processed;
Described original data processing includes:User name, is encrypted using aes algorithm, and encryption key K1 is owned by data owner;Rise Time beginning, end time are encrypted using aes algorithm after merging, and encryption key K2 is owned by data owner;Initial time, end Time is processed after merging, and key S needed for operation is owned by operator;
Described inquiry request processes and includes:Inquiry request is submitted to proxy server by user, and proxy server conversion inquiry please Ask, data owner encrypts, extract all records of user, operation agent, to the record returning, is processed one by one.
2. possesses the time data cipher processing method of secret protection ability as claimed in claim 1 it is characterised in that described Original data processing specifically includes:
The first step, time data is divided according to sky, and the data of every day is processed respectively;
Second step, according to time data processing accuracy, all for some day time points is marked in order;
3rd step, with the random number seed S of 128, S carries out Hash, one point of 256 data of Hash gained with SHA-1256 algorithm For two, i.e. S11And S12;S11And S12Repeat said process, continue through SHA-1256 and be extended and divide;Extension and division behaviour Work will last till that produced binary tree leaf node can cover the corresponding all time points of selected precision;
4th step, the labelling that second step is produced, order by number, correspond on the leaf node that the 3rd step produces, in other words Each time point has been converted to the hash value of 256;
5th step, merges according to leaf node situation, is changed into upper layer node after merging, till cannot merging;
6th step, the node after merging carries out out of order process, as beginning and ending time Node data storage.
3. possesses the time data cipher processing method of secret protection ability as claimed in claim 1 it is characterised in that described Inquiry request processes and specifically includes:
Step one, inquiry request is submitted to proxy server by user;
Step 2, operation agent uses key S, and the time in inquiry is converted into the node in binary tree;
Step 3, operation agent, by the inquiry request after converting, is submitted to data owner and is processed;
Step 4, data owner is encrypted to user name using key K1, obtains EK1, EK1 isUser A, and use this data From encryption after data base extract user A all records, that is, selectinfo from table where user name= EK1;Query Result is returned to operation agent by data owner;
Step 5, operation agent, to the record returning, is processed one by one, by the data in beginning and ending time Node, according to its section Point place level, enters line splitting and extension, until being completely converted into leaf node;And processed after conversion using identical method Node in operation requests.
4. the time data encryption of a kind of time data cipher processing method possessing secret protection ability as claimed in claim 1 Processing system is it is characterised in that described time data encryption treatment system includes:
User terminal, for initiating inquiry operation;
Operation agent module, the wired or wireless communication with user terminal, for holding the key information S needed for data manipulation;
Data owner's module, the wired or wireless communication with operation agent module, for holding the key of deciphering encryption information K.
5. described in a kind of any one using claim 1~3, possesses the time data cipher processing method of secret protection ability Database data guard method.
CN201610828806.9A 2016-09-18 2016-09-18 A kind of time data encryption processing method having secret protection ability Active CN106407837B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610828806.9A CN106407837B (en) 2016-09-18 2016-09-18 A kind of time data encryption processing method having secret protection ability

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610828806.9A CN106407837B (en) 2016-09-18 2016-09-18 A kind of time data encryption processing method having secret protection ability

Publications (2)

Publication Number Publication Date
CN106407837A true CN106407837A (en) 2017-02-15
CN106407837B CN106407837B (en) 2019-03-08

Family

ID=57996905

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610828806.9A Active CN106407837B (en) 2016-09-18 2016-09-18 A kind of time data encryption processing method having secret protection ability

Country Status (1)

Country Link
CN (1) CN106407837B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107448075A (en) * 2017-08-09 2017-12-08 王怀玲 A kind of electric back door lock external lock signal instruction system
CN107550471A (en) * 2017-04-05 2018-01-09 李霄艳 A kind of GI Medicine UGB nursing system
CN107890346A (en) * 2017-11-09 2018-04-10 丁海涛 A kind of intelligent neurosurgeon detects treatment control system with cranium pressure
CN109871400A (en) * 2018-12-26 2019-06-11 中译语通科技股份有限公司 A kind of big data calculating control system and method based on cloud service platform
CN117421778A (en) * 2023-12-19 2024-01-19 广州技客信息科技有限公司 Data processing method and processing equipment thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141302A (en) * 2007-08-07 2008-03-12 中兴通讯股份有限公司 Method for highly effective enquiry of historical data
US20080256146A1 (en) * 2005-06-03 2008-10-16 Itaru Nishizawa Query processing method for stream data processing systems
CN101504668A (en) * 2009-03-24 2009-08-12 北京理工大学 Cryptograph index supported database transparent encryption method
CN102347835A (en) * 2010-07-30 2012-02-08 索尼公司 Method for updating private key and equipment thereof, and method for acquiring session key and communication equipment thereof
CN104408177A (en) * 2014-12-15 2015-03-11 西安电子科技大学 Cipher searching method based on cloud document system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080256146A1 (en) * 2005-06-03 2008-10-16 Itaru Nishizawa Query processing method for stream data processing systems
CN101141302A (en) * 2007-08-07 2008-03-12 中兴通讯股份有限公司 Method for highly effective enquiry of historical data
CN101504668A (en) * 2009-03-24 2009-08-12 北京理工大学 Cryptograph index supported database transparent encryption method
CN102347835A (en) * 2010-07-30 2012-02-08 索尼公司 Method for updating private key and equipment thereof, and method for acquiring session key and communication equipment thereof
CN104408177A (en) * 2014-12-15 2015-03-11 西安电子科技大学 Cipher searching method based on cloud document system

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107550471A (en) * 2017-04-05 2018-01-09 李霄艳 A kind of GI Medicine UGB nursing system
CN107448075A (en) * 2017-08-09 2017-12-08 王怀玲 A kind of electric back door lock external lock signal instruction system
CN107890346A (en) * 2017-11-09 2018-04-10 丁海涛 A kind of intelligent neurosurgeon detects treatment control system with cranium pressure
CN109871400A (en) * 2018-12-26 2019-06-11 中译语通科技股份有限公司 A kind of big data calculating control system and method based on cloud service platform
CN117421778A (en) * 2023-12-19 2024-01-19 广州技客信息科技有限公司 Data processing method and processing equipment thereof
CN117421778B (en) * 2023-12-19 2024-04-05 广州技客信息科技有限公司 Data processing method and processing equipment thereof

Also Published As

Publication number Publication date
CN106407837B (en) 2019-03-08

Similar Documents

Publication Publication Date Title
CN110324143B (en) Data transmission method, electronic device and storage medium
CN106407837A (en) A time data encryption processing method having privacy protection capability
US10657283B2 (en) Secure high speed data storage, access, recovery, transmission, and retrieval from one or more of a plurality of physical storage locations
CN107347058B (en) Data encryption method, data decryption method, device and system
WO2020098365A1 (en) Blockchain-based service data encryption method and apparatus
US9946744B2 (en) Customer vehicle data security method
US20120321078A1 (en) Key rotation and selective re-encryption for data security
US9021259B2 (en) Encrypted database system, client terminal, encrypted database server, natural joining method, and program
CN108768951B (en) Data encryption and retrieval method for protecting file privacy in cloud environment
US20100290623A1 (en) Protection of encryption keys in a database
CN101616003B (en) Password-protecting system and method
WO2017036547A1 (en) Method for providing encrypted data in a database and method for searching on encrypted data
CN101593196A (en) The methods, devices and systems that are used for rapidly searching ciphertext
CN102013980A (en) Random encryption method for decrypting by adopting exhaustion method
CN105245328A (en) User and file key generation and management method based on third party
CN109802832B (en) Data file processing method and system, big data processing server and computer storage medium
CN101924739A (en) Method for encrypting, storing and retrieving software certificate and private key
CN102752109A (en) Secret key management method and device for encrypting data base column
WO2014118230A1 (en) Method and system for providing encrypted data for searching of information therein and a method and system for searching of information on encrypted data
JP2000172548A (en) Electronic data management method and device and recording medium of electronic data management program
CN115688167A (en) Method, device and system for searching for confidential trace and storage medium
JP6961324B2 (en) Searchable cryptographic processing system
KR100910303B1 (en) Data encryption and decryption apparatus using variable code table and method thereof
CN110365468B (en) Anonymization processing method, device, equipment and storage medium
GB2563742A (en) Systems and methods for digital identity management and permission controls within distributed network nodes

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant