CN106610995A - Ciphertext index creating method, device and system - Google Patents
Ciphertext index creating method, device and system Download PDFInfo
- Publication number
- CN106610995A CN106610995A CN201510698146.2A CN201510698146A CN106610995A CN 106610995 A CN106610995 A CN 106610995A CN 201510698146 A CN201510698146 A CN 201510698146A CN 106610995 A CN106610995 A CN 106610995A
- Authority
- CN
- China
- Prior art keywords
- character string
- ciphertext
- search
- index
- string
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the invention discloses a ciphertext index creating method, device and system and relates to the field of computer information security. The ciphertext index creating method, device and system are used for increasing ciphertext search speed. The method comprises the steps that a reversible encryption algorithm is adopted to encrypt sensitive data to obtain a ciphertext of the sensitive data; a word segmentation algorithm is adopted to perform word segmentation on the sensitive data to obtain a target keyword; a Hash authentication code is generated according to the target keyword and a Hash algorithm; a code presetting mode is adopted to encode the Hash authentication code to obtain an index string, wherein the index string is a printable string and is an index of the ciphertext; the ciphertext and the index string are sent to a database server so that the database server can store the ciphertext and the index string in the same data sheet, wherein the index string and the ciphertext are stored correspondingly.
Description
Technical field
The present invention relates to field of computer information security, more particularly to a kind of method for creating ciphertext index,
Apparatus and system.
Background technology
In big data platform or publicly-owned cloud platform, in order to prevent personal sensitive data (phone number,
Home address, ID (identity number) card No., passport No. and/or Bank Account Number etc.) by unauthorized access, need to individual
People's sensitive data is encrypted storage, due to being encrypted to personal sensitive data after the ciphertext that obtains with
The form of mess code is stored, it is impossible to directly scanned for, therefore, occur in that based on keyword index
Cipher text searching technology.
Generally, the cipher text searching technology based on keyword index includes creating the index stage and searches
A kind of rope matching stage, method of establishment index includes:Using Chinese Word Automatic Segmentation by Chinese sensitivity number
According to participle is carried out, N number of key word is obtained;Each key word in N number of key word is calculated and is based on
The editing distance of phonetic, obtains N number of editing distance;By in N number of editing distance each editor away from
From with key as HMAC (Hash-based Message Authentication Code, Hashed Message
Authentication code) algorithm input, be calculated N number of Hash authentication code;N number of Hash authentication code is made
For N number of index of Chinese sensitive data;Chinese sensitive data is encrypted using AES, is obtained
To the ciphertext of Chinese sensitive data;N number of index is together stored in database server with the ciphertext.
The index of the ciphertext generated using said method, it is impossible to for directly searching in database server
The rope ciphertext, therefore so that the speed of cipher text searching is slower.
The content of the invention
Embodiments of the invention provide a kind of method, apparatus and system for creating ciphertext index, to carry
The speed of high cipher text searching.
To reach above-mentioned purpose, embodiments of the invention are adopted the following technical scheme that:
A kind of first aspect, there is provided method of establishment ciphertext index, including:
The ciphertext for obtaining the sensitive data is encrypted to sensitive data using irreversible cryptographic algorithm;
Participle is carried out to the sensitive data using segmentation methods and obtains target keyword;
According to the target keyword and hash algorithm, Hash authentication code is generated;
Coding is carried out to the Hash authentication code using pre-arranged code mode and obtains index character string, it is described
Index character string is printable character string, and the index character string is the index of the ciphertext;
The ciphertext and the index character string are sent to database server, in order to the data base
Server is stored in the ciphertext and the index character string in same tables of data, the index character
String is corresponding storage with the ciphertext.
With reference in a first aspect, in the first possible implementation, in the employing pre-arranged code side
Formula carries out coding and obtains before index character string to the Hash authentication code, and methods described also includes:
The front r positions of the Hash authentication code are intercepted, sub- Hash authentication code, 1≤r≤R, R and r is obtained
Integer is, R is the length of the Hash authentication code;
The employing pre-arranged code mode carries out coding and obtains index character string to the Hash authentication code,
Including:
Coding is carried out to the sub- Hash authentication code using pre-arranged code mode and obtains index character string.
It is possible at second with reference to the first possible implementation of first aspect or first aspect
In implementation, when the number of the index character string is N, in the employing pre-arranged code mode
Coding is carried out to the Hash authentication code to obtain after index character string, methods described also includes:
By N number of index character string random scrambling, N >=1, N is integer;
Described N number of index character string after by random scrambling is concatenated, described N number of after series winding
Between adjacent index character string in index character string by the non-pre-arranged code mode in can
Printable character is spaced apart.
With reference to the first possible implementation or second possible reality of first aspect, first aspect
Existing mode, in the third possible implementation, methods described also includes:
Obtain search keyword;
Using the same procedure that the target keyword is generated the index character string, by the search
Key word generates search string, and the search string is printable character string;
The search string is sent to the database server, in order to the database server
The ciphertext is searched for according to the search string and the index character string of storage.
With reference to the third possible implementation of first aspect, in the 4th kind of possible implementation,
Before the acquisition search keyword, methods described also includes:
Obtain search statement;
The acquisition search keyword, including:The search statement is carried out using the segmentation methods
Participle obtains search keyword.
With reference to the third possible implementation or the 4th kind of possible implementation of first aspect,
In 5th kind of possible implementation, methods described also includes:
The database server receives M search string, when M >=2, data base's clothes
Business device also obtains way of search, and the way of search is and mode or or mode;
The database server by the M search string with storage the index character string
Matched;
If M=1, ciphertext corresponding with the search string identical index character string is obtained;
If M >=2 and when the way of search is with mode, obtain and the M search string
Ciphertext corresponding to identical M index character string;
If M >=2 and the way of search are or during mode, obtain and the M search string
In ciphertext corresponding to arbitrary search string identical index character string.
A kind of second aspect, there is provided device of establishment ciphertext index, including:
Ciphering unit, for being encrypted to sensitive data using irreversible cryptographic algorithm the sensitivity is obtained
The ciphertext of data;
Participle unit, for carrying out participle to the sensitive data using segmentation methods target critical is obtained
Word;
First signal generating unit, for according to the target keyword and hash algorithm, generating Hash certification
Code;
Coding unit, for carrying out coding to the Hash authentication code using pre-arranged code mode rope is obtained
Draw character string, the index character string is printable character string, and the index character string is the ciphertext
Index;
Transmitting element, for sending the ciphertext and the index character string to database server, with
It is easy to the database server that the ciphertext and the index character string are stored in into same tables of data
In, the index character string is corresponding storage with the ciphertext.
With reference to second aspect, in the first possible implementation, described device also includes:
Interception unit, for intercepting the front r positions of the Hash authentication code, obtains sub- Hash authentication code,
1≤r≤R, R and r are integer, and R is the length of the Hash authentication code;
The coding unit, specifically for being carried out to the sub- Hash authentication code using pre-arranged code mode
Coding obtains index character string.
It is possible at second with reference to the first possible implementation of second aspect or second aspect
In implementation, when the number of the index character string is N, described device also includes:
Scramble unit, for by N number of index character string random scrambling, N >=1, N to be integer;
Series winding unit, is concatenated for the described N number of index character string after by random scrambling, contacts
By the non-default volume between the adjacent index character string in described N number of index character string afterwards
Printable character in code mode is spaced apart.
With reference to the first possible implementation or second possible reality of second aspect, second aspect
Existing mode, in the third possible implementation, described device also includes:
First acquisition unit, for obtaining search keyword;
Second signal generating unit, for using the phase that the target keyword is generated the index character string
Same method, by the search keyword search string is generated, and the search string is printable word
Symbol string;
The transmitting element, is additionally operable to send the search string to the database server, with
It is easy to the database server to be searched according to the index character string of the search string and storage
Suo Suoshu ciphertexts.
With reference to the third possible implementation of second aspect, in the 4th kind of possible implementation,
Described device also includes:
Second acquisition unit, for obtaining search statement;
The first acquisition unit, specifically for being carried out to the search statement using the segmentation methods
Participle obtains search keyword.
A kind of third aspect, there is provided system of establishment ciphertext index, including:What second aspect was provided appoints
A kind of device and database server.
Method provided in an embodiment of the present invention, apparatus and system, target keyword generation Hash is being recognized
After card code, Hash authentication code is encoded using default coded system, obtains index character string,
When index character string has it is N number of when, N number of index character string for sensitive data ciphertext N number of index,
Database server is stored in ciphertext is corresponding with N number of index character string in same tables of data, due to rope
It is printable character string to draw character string, be therefore, it can directly by SQL in database server
Search index character string.When if desired scanning for the ciphertext comprising certain key word, using target
Key word generates the same procedure of index character string, and search keyword is generated into search string, passes through
SQL directly can be carried out search string and N number of index character string in database server
Match somebody with somebody, it is determined whether obtain ciphertext, compared with prior art, without the index by ciphertext internal memory be loaded into,
Memory headroom is saved, and the speed of cipher text searching can have been improved.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be right
The accompanying drawing to be used needed for embodiment or description of the prior art is briefly described, it should be apparent that,
Drawings in the following description are only some embodiments of the present invention, for those of ordinary skill in the art
For, on the premise of not paying creative work, can be attached to obtain others according to these accompanying drawings
Figure.
Fig. 1 is that a kind of application scenarios of method for creating ciphertext index provided in an embodiment of the present invention are illustrated
Figure;
Fig. 2 is that the application scenarios of another method for creating ciphertext index provided in an embodiment of the present invention show
It is intended to;
Fig. 3 is a kind of flow chart of method for creating ciphertext index provided in an embodiment of the present invention;
Fig. 4 is the flow chart of the method for another establishment ciphertext index provided in an embodiment of the present invention;
Fig. 5 is a kind of flow chart of the method for cipher text searching provided in an embodiment of the present invention;
Fig. 6 is the flow chart of the method for another establishment ciphertext index provided in an embodiment of the present invention;
Fig. 7 is a kind of flow chart of the method for cipher text searching provided in an embodiment of the present invention;
Fig. 8 is a kind of structural representation of device for creating ciphertext index provided in an embodiment of the present invention;
Fig. 9 is the structural representation of the device of another establishment ciphertext index provided in an embodiment of the present invention;
Figure 10 is the structural representation of the device of another establishment ciphertext index provided in an embodiment of the present invention
Figure.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is entered
Row is clearly and completely described, it is clear that described embodiment is only a part of embodiment of the invention,
Rather than the embodiment of whole.Based on the embodiment in the present invention, those of ordinary skill in the art are not having
Have and make the every other embodiment obtained under the premise of creative work, belong to present invention protection
Scope.
The terms "and/or", a kind of only incidence relation of description affiliated partner, expression can be with
There are three kinds of relations, for example, A and/or B can be represented:Individualism A, while there is A
And B, individualism B these three situations." multiple " herein refer to two or more.
Method provided in an embodiment of the present invention at least can be applied in big data platform or publicly-owned cloud platform
In.As shown in Figure 1 (sequencing of the digitized representation step for illustrating), big in Fig. 2 in the same manner
In data platform, user thinks that big data server is believable, therefore, directly can be set by user
Standby sensitive data to be uploaded in big data server, big data server is obtained according to the sensitive data
To the sensitive data ciphertext and the ciphertext index (according to target keyword generate) after, by this
The index of ciphertext and the ciphertext is uploaded in database server, and database server is by the ciphertext and is somebody's turn to do
The index correspondence of ciphertext is stored in same tables of data.When user (or manager of user's mandate) needs
When obtaining sensitive data, search keyword, big number are provided to big data server by user equipment
Search keyword is generated search by the method for generating the index of ciphertext according to target keyword according to server
Send to database server after character string, database server is according to search string and the rope of ciphertext
Draw and get after ciphertext, the ciphertext is sent to big data server, big data server is by the ciphertext
Decryption obtains sensitive data, and sends the sensitive data to user equipment.As shown in Fig. 2 publicly-owned
In cloud platform, tenant's (renting the user of public cloud equipment) thinks that the provider of publicly-owned cloud service is half
It is believable, therefore, tenant's equipment (the public cloud equipment that tenant rents) gets according to sensitive data
It is after the index (being generated according to target keyword) of the ciphertext of the sensitive data and the ciphertext, this is close
Text and the index of the ciphertext are uploaded in publicly-owned Cloud Server, and publicly-owned Cloud Server is by the ciphertext and ciphertext
Index be uploaded in database server, when user need obtain sensitive data when, tenant's equipment will
Search keyword generates the method for the index of ciphertext according to target keyword and generates search string, by this
Search string to publicly-owned Cloud Server sends, and publicly-owned Cloud Server is by the search string to data base
Server sends, and database server is determined after ciphertext according to the index of the search string and ciphertext
Sent to tenant's equipment by publicly-owned Cloud Server, tenant's equipment receives after ciphertext, the ciphertext is entered
Row decryption obtains sensitive data.It should be noted that database server can be placed in big data service
Device or public cloud server internal.
Embodiment one
The embodiment of the present invention provides a kind of method for creating ciphertext index, as shown in figure 3, including:
301st, sensitive data is encrypted using irreversible cryptographic algorithm and obtains the close of the sensitive data
Text.
Under application scenarios as depicted in figs. 1 and 2, when method application provided in an embodiment of the present invention
When in big data platform, the executive agent in the embodiment of the present invention can be big data server, when
Execution when method provided in an embodiment of the present invention is applied in publicly-owned cloud platform, in the embodiment of the present invention
Main body can be tenant's equipment.
It is exemplary, irreversible cryptographic algorithm can for AES (Advanced Encryption Standard,
Advanced Encryption Standard) algorithm, DES (Data Encryption Standard, data encryption standardss) calculate
Method or other irreversible cryptographic algorithms, the embodiment of the present invention is not limited to this.Preferably, using mark
Accurate DEA (for example, DES algorithms or aes algorithm) is compared using off-gauge number
For being encrypted to sensitive data according to AES, the safety of ciphertext is advantageously ensured that.
Optionally, before step 301, the method can also include:Determine sensitive data.It is sensitive
Data are specifically as follows phone number, home address, ID (identity number) card No., passport No. and/or the silver of user
Row account etc..
When the executive agent of the embodiment of the present invention is big data server, receive in big data server
To user equipment send data when, the sensitive data in data can be determined according to specific agreement.
302nd, participle is carried out to the sensitive data using segmentation methods and obtains target keyword.
Wherein, sensitive data can be Chinese, English or numeral etc., and the embodiment of the present invention is not entered to this
Row is limited, and to different types of sensitive data different segmentation methods can be adopted.For example, sensitivity is worked as
When data are English, because the word in english sentence is typically opened by punctuation mark or space-separated, because
This, it is possible to use punctuation mark and space carry out participle and obtain target keyword to the english sentence, when
When sensitive data is Chinese sentence, can be according to the implication of the word in Chinese sentence to the Chinese sentence
Carry out participle.
303rd, according to the target keyword and hash algorithm, Hash authentication code is generated.
Preferably, hash algorithm can be the hash algorithm with key, exemplary, the Kazakhstan with key
Uncommon algorithm can be hmac algorithm, be specifically as follows HMAC-MD5 algorithms, HMAC-SHA1
Algorithm, HMAC-SHA256 algorithms etc..
One target keyword one Hash authentication code of correspondence, using target keyword and key as Hash
After the input of algorithm is calculated, you can obtain the corresponding Hash authentication code of the target keyword.
304th, coding is carried out to the Hash authentication code using pre-arranged code mode and obtains index character string,
The index character string is printable character string, and the index character string is the index of the ciphertext.
It should be noted that carrying out that one or more targets can be obtained after participle to a sensitive data
Key word a, target keyword generates a Hash authentication code, and a Hash authentication code generates one
Index character string, then obtain N after participle is carried out to a sensitive data (N >=1, N is integer)
During individual target keyword, then N number of index character string can be generated according to N number of target keyword, the N
Individual index character string is N number of index of the ciphertext of the sensitive data.
It should be noted that basic ASCII (American Standard Code for Information
Interchange, USA standard code for information interchange) character set has 128 characters, wherein having 96
Individual printable character, including conventional alphabetical, digital, punctuation mark etc., also 32 controls in addition
Character processed.Pre-arranged code mode refers to the coding staff that octet can be encoded into printable character string
Formula, is specifically as follows Base64.
305th, the ciphertext and the index character string are sent to database server, in order to described
Database server is stored in the ciphertext and the index character string in same tables of data, the rope
It is corresponding storage to draw character string with the ciphertext.
Specifically, after index character string is stored in the same tables of data in database server, by
It is printable character string in index character string, can directly passes through SQL (Structured Query
Language, SQL) inquired about in database server.
It should be noted that step 301 can perform it is any one in step 302 to step 304
Before or after individual step.
It should be noted that sensitive data may have multiple, the ciphertext of each sensitive data has correspondence
Index, the number of the corresponding index of ciphertext of each sensitive data can be the same or different.Show
Example property, as shown in table 1, table 1 shows that the ciphertext of 2 different sensitive datas is indexed with it
Corresponding relation, wherein, X1And X2Represent the ciphertext of 2 different sensitive datas, B11To B14For
X14 index, B21To B23For X23 index.
Table 1
Optionally, before step 304, methods described also includes:Intercept the Hash authentication code
Front r positions, obtain sub- Hash authentication code, and 1≤r≤R, R and r are integer, and R is the Hash certification
The length of code;In this case, step 304 includes:The sub- Hash is recognized using pre-arranged code mode
Card code carries out coding and obtains index character string.
Generally, the length of Hash authentication code is very long, the optional method, can reduce computing
Amount.
Optionally, methods described also includes:11) search keyword is obtained;
12) using the same procedure that the target keyword is generated the index character string, will be described
Search keyword generates search string, and the search string is printable character string;
13) search string is sent to the database server, in order to data base clothes
Business device searches for the ciphertext according to the search string and the index character string of storage.
Optionally, in step 11) before, methods described also includes:Obtain search statement;The situation
Under, step 11) include:Participle is carried out using the segmentation methods to the search statement to be searched for
Key word.
It should be noted that when scanning for ciphertext, directly can be searched by search keyword
Rope, it is also possible to scanned for by one (section) words, in this case, is needed to sentence (section) words
Participle being carried out using segmentation methods and obtaining search keyword, search keyword there can be one or more,
One search keyword one search string of correspondence.
Optionally, methods described also includes:
The database server receives M search string, when M >=2, data base's clothes
Business device also obtains way of search, and the way of search is and mode or or mode;
The database server by the M search string with storage the index character string
Matched;
If M=1, ciphertext corresponding with the search string identical index character string is obtained;
If M >=2 and when the way of search is with mode, obtain and the M search string
Ciphertext corresponding to identical M index character string;
If M >=2 and the way of search are or during mode, obtain and the M search string
In ciphertext corresponding to arbitrary search string identical index character string.
Because index character string is generated according to target keyword, and target keyword is to utilize participle
Algorithm carries out what is obtained after participle to sensitive data, therefore, when there is a search keyword, adopt
Target keyword generates the same procedure of index character string, and the search keyword is generated into search string
Afterwards, it is assumed that the index of ciphertext has N number of, then as in search string with N number of index character string
When individual identical, the search keyword is illustrated for a word in the corresponding sensitive data of ciphertext, the situation
Under, obtain ciphertext;When any one in search string with N number of index character string is different from,
Illustrate that the search keyword is not the word in the corresponding sensitive data of ciphertext, in this case, do not obtain close
Text.When there are multiple search keywords and way of search is or during mode, the sensitivity that user needs is illustrated
Data are the sensitive data comprising any one search keyword in multiple search keywords, the situation
Under, as long as the corresponding search string of any one search keyword and N in multiple search keywords
One in individual index character string it is identical when, obtain ciphertext, otherwise, do not obtain ciphertext;It is multiple when having
Search keyword and when way of search is with mode, the sensitive data that illustrating user needs is comprising many
The sensitive data of individual search keyword, in this case, the corresponding multiple search words of multiple search keywords
When symbol string is identical with the multiple search string difference in N number of index character string, ciphertext is obtained, otherwise,
Ciphertext is not obtained.
It should be noted that when a search keyword is the word in multiple sensitive datas, server
Obtain the ciphertext of multiple sensitive datas.Exemplary, based on the example described in table 1, if ciphertext X1
Plaintext be " 0501 ", 4 target keywords of " 0501 " are { 0,05,050,0501 }, ciphertext
X2Plaintext be " 052 ", 3 target keywords of " 052 " are { 0,05,052 }.Each target is closed
The corresponding index character string of keyword is as shown in table 2.When search keyword is " 05 ", search keyword
Corresponding search string is B1', by B1' respectively with ciphertext X1With ciphertext X2Index matched,
Due to B1' and B12And B22It is identical, then obtain ciphertext X1And X2.When search keyword is " 052 "
When, the corresponding search string of search keyword is B2', then by B2' respectively with ciphertext X1And ciphertext
X2Index matched, due to B2' and B23It is identical, then obtain ciphertext X2。
Table 2
| Index character string | Target keyword |
| B11 | 0 |
| B12 | 05 |
| B13 | 050 |
| B14 | 0501 |
| B21 | 0 |
| B22 | 05 |
| B23 | 052 |
Based on the example described in table 2, when search keyword is " 05 " and " 052 ", its difference is corresponding
Search string is B1' and B2', then by B1' and B2' respectively with ciphertext X1With ciphertext X2Index enter
Row matching, B1' and B12And B22It is identical, B2' and B23It is identical;Then when way of search is with mode,
Obtain ciphertext X2, when way of search is or mode, obtain ciphertext X1And X2。
Optionally, when the number of the index character string is N, after the step 304, the side
Method also includes:By N number of index character string random scrambling, N >=1, N is integer;After random scrambling
Described N number of index character string be concatenated, the phase in described N number of index character string after series winding
It is spaced apart by the printable character in the non-pre-arranged code mode between adjacent index character string.
In this case, step 305 is specifically included:The ciphertext and series winding are sent to database server
Described N number of index character string afterwards.N number of index character of the database server after storage series winding
During string, the memory element storage in a field in tables of data can be taken, the field is used for
Store the index of one or more ciphertexts.
Wherein, " field " refers to " row " of the tables of data in database server, and string includes one or more
Memory element, in the embodiment of the present invention, the corresponding N number of index character string of ciphertext can be with after series winding
In being stored in a memory element.
It should be noted that due to needing to be stored after N number of index character string is contacted, and N number of index word
Symbol string is generated according to N number of target keyword, and N number of index character string order is discharged and may reveal ciphertext
Content, therefore, in order to improve the safety of ciphertext, by N number of index character string contact before, will
N number of index character string random scrambling.N number of index character string is concatenated in the embodiment of the present invention,
When storing N number of index character string, the memory element that can be only taken up in a field is stored,
The resource of database server is saved.
Meanwhile, N number of index character string is spaced apart by the printable character in non-default coded system
Matching error can be prevented.For example, 2 index character strings are respectively AAAA and BBBB, one
Search string is AABB, it is assumed that the printable character in non-default coded system for "!", then
If 2 index character strings are directly contacted, 2 index character strings after series winding are AAAABBBB,
When search string AABB is matched with AAAABBBB, due to AABB with
Part in the middle of AAAABBBB is identical, then matching result may be caused to malfunction;If 2 index words
Symbol string employing "!" be spaced apart, then 2 index character strings after contacting are AAAA!BBBB,
By search string AABB and AAAA!When BBBB is matched, only can match by "!" interval
The index character string opened, accordingly it is possible to prevent matching result error.
In addition, when scanning for ciphertext, it is also possible to scanned for by several (section) words, this is several
Sentence (section) words between way of search can be and mode or or mode.In this case, if there is W
W sentences (section) words can respectively be carried out participle and obtain per by sentence (section) words using segmentation methods
(section) talks about corresponding search keyword, and using target keyword the same procedure of index character string is generated,
Per (section) is talked about into corresponding search keyword generation search string;Wherein, a search is crucial
Word one search string of correspondence.Assume i-th (1≤i≤W, i are integer) in W sentences (section) words
The number of the corresponding search string of word is wi(wi>=1, wiFor integer), W sentences (section) words
The total number of corresponding all different search strings is w (w >=1, w is integer), to close
During text is scanned for, specifically:
When the way of search between W sentences (section) words is with mode and the corresponding search pass of per word
When way of search between keyword is with mode, when w search string respectively with N number of index word
When w index character string in symbol string is identical, ciphertext is obtained;
When W sentences (section) words between way of search be or mode and per words it is corresponding search close
Way of search between keyword is or during mode, when any one searching character in w search string
When string is identical with an index character string in N number of index character string, ciphertext is obtained;
When the way of search between W sentences (section) words is with mode and the corresponding search pass of per word
Way of search between keyword is or during mode, when W sentences (section) talk about corresponding W searching character
When string is identical with W index character string in N number of index character string respectively, ciphertext is obtained;Wherein,
W search string corresponds to respectively W sentences (section) words;
When W sentences (section) words between way of search be or mode and per words it is corresponding search close
When way of search between keyword is with mode, when i-th (section) talks about corresponding wiIndividual searching character
String respectively with N number of index character string in wiWhen individual index character string is identical, ciphertext is obtained, i-th
Sentence (section) words can be any a word in W sentences (section) words.
Optionally, step 303 includes:According to the first result and hash algorithm, Hash authentication code is generated,
First result is the result for directly target component and the target keyword being obtained after series winding, institute
State target component to be the ciphertext or encrypt the initial vector adopted during the sensitive data;In this case,
Step 12) include:Using the same procedure that first result is generated the index character string, will
Second result generates search string, and second result is by target component and the search keyword
The result for directly obtaining after series winding.
It should be noted that under the application scenarios very high to security requirement, due to different users
The sensitive data comprising identical word may be uploaded, according to identical method the sensitivity of all users is generated
The ciphertext of data, and the index of the ciphertext of the sensitive data of all users is generated using identical method, when
When being scanned for ciphertext according to a search keyword, may be by other users comprising the search
The ciphertext of key word gets so that the safety of ciphertext is reduced.
Based on the problem, the sensitive data of different users (or tenant) that can cause to generate it is close
The text safety to improve ciphertext different with the index of the ciphertext.Specifically, using aes algorithm or
During DES algorithms, when the ciphertext of sensitive data of different user is generated using random initial vector,
The ciphertext of the sensitive data of the different user for so generating is inevitable different.When the index of ciphertext is generated,
Generated according to the first result and hash algorithm, because the target component included in the first result is different, made
The index of the ciphertext of the sensitive data of the different user that must be generated is inevitable different.
In the prior art mentioned in background technology, in search matching stage, need Hash authentication code
It is configured to balance 28Fork tree, accordingly, it would be desirable to N number of Hash authentication code is loaded into into the internal memory of server
In, the corresponding balance 2 of each Hash authentication code is constructed in internal memory8Fork tree index structure, and with root
According to the balance 2 that search keyword is generated8Tree is matched fork, accordingly, it would be desirable to spend extra internal memory empty
Between, and can greatly reduce the speed of cipher text searching.
Method provided in an embodiment of the present invention, after target keyword to be generated Hash authentication code, adopts
Default coded system is encoded to Hash authentication code, obtains index character string, when index character string has
When N number of, N number of index character string is N number of index of the ciphertext of sensitive data, and database server will be close
It is literary it is corresponding with N number of index character string be stored in same tables of data, because index character string is printable word
Symbol string, therefore, it can directly pass through SQL search index character strings in database server.If desired
When scanning for the ciphertext comprising certain key word, the phase of index character string is generated using target keyword
Same method, by search keyword search string is generated, can be directly in database server by SQL
It is middle to be matched search string with N number of index character string, it is determined whether ciphertext to be obtained, with existing skill
Art is compared, and without the index by ciphertext internal memory is loaded into, and has saved memory headroom, and can improve ciphertext
The speed of search.
Embodiment two
It should be noted that in big data platform, database server is typically disposed in big data server
Interior, the method for establishment ciphertext index of the embodiment by taking the situation as an example to providing in embodiment one is said
Bright, the relevant explanation in the embodiment may refer to above-described embodiment, as shown in figure 4, the method includes:
401st, user equipment sends data to big data server.
Specifically, when the user belonging to user equipment needs to store data in big data server,
Data can be sent to big data server by user equipment.
402nd, the data that big data server receive user equipment sends, and determine the sensitive number in the data
According to.
It should be noted that potentially including in the data that send to big data server of user equipment multiple quick
Sense data, illustrate in the embodiment of the present invention by taking a sensitive data as an example.
403rd, big data server is encrypted using irreversible cryptographic algorithm to sensitive data, obtains sensitive number
According to ciphertext X.
Specifically, irreversible cryptographic algorithm can be AES, DES or other irreversible cryptographic algorithms, the present invention
Embodiment is not limited to this.
404th, big data server carries out participle to sensitive data and obtains N number of target pass using segmentation methods
Keyword K1、K2、…、KN。
Specifically, when sensitive data is different, the segmentation methods of employing can also be different.Work as sensitive data
For Chinese when, can using Word Intelligent Segmentation algorithm or fine granularity segmentation methods, when sensitive data for numeral when,
Can be using prefix segmentation methods or suffix segmentation methods.
The principle of several segmentation methods participles is described below:
1st, Word Intelligent Segmentation:Significant most major term in sentence is split as target keyword.
For example:The word segmentation result of " outstanding engineer " is { outstanding, engineer }.
2nd, fine granularity participle:All splitting to significant minimum word from significant most major term in sentence
Out as target keyword.
For example:The word segmentation result of " outstanding engineer " is { outstanding, engineer, engineering, teacher }.
Specifically, Word Intelligent Segmentation algorithm and fine granularity can be realized using Chinese word segmentation instrument IKAnalyze
Segmentation methods.
3rd, prefix participle:From length to intercept continuous front 1 in the sentence of L (L >=1, L is integer) successively,
2nd ..., L character is respectively as target keyword.
For example:The word segmentation result of " 050119 " is { 0,05,050,0501,05011,050119 }.
405th, big data server is according to N number of target keyword K1、K2、…、KNWith the Kazakhstan with key
Uncommon algorithm generates N number of Hash authentication code H1、H2、…、HN。
Exemplary, the hash algorithm with key can be hmac algorithm, be specifically as follows
HMAC-MD5 algorithms, HMAC-SHA1 algorithms, HMAC-SHA256 algorithms etc..
406th, big data server intercepts N number of Hash authentication code H1、H2、…、HNIn each Hash
The front r positions of authentication code, obtain N number of sub- Hash authentication code S1、S2、…、SN。
Wherein, 1≤r≤R, R and r are integer, and R is the length of Hash authentication code.
It should be noted that Hash authentication code there can be 256, in order to reduce operand, will can breathe out
R positions are used for calculating before uncommon authentication code is intercepted.
407th, big data server adopts pre-arranged code mode to N number of sub- Hash authentication code S1、S2、…、
SNCoding is carried out respectively obtains N number of index character string B1、B2、…、BN。
Specifically, pre-arranged code mode can be Base64, and sub- Hash authentication code is after Base64 codings
The character string for obtaining is printable character string.
408th, big data server is by N number of index character string B1、B2、…、BNRandom scrambling, obtains
Out of order N number of index character string C1、C2、…、CN。
It should be noted that due to B1、B2、…、BNIt is to be generated according to N number of target keyword,
B1、B2、…、BNOrder discharges the content that may reveal ciphertext, therefore, in order to improve the safety of ciphertext
Property, by N number of index character string B1、B2、…、BNRandom scrambling.
409th, described N number of index character string C after big data server is by random scrambling1、C2、…、
CNIt is concatenated.
Wherein, by non-between the adjacent index character string in the described N number of index character string after series winding
Printable character in the pre-arranged code mode is spaced apart, specifically, when pre-arranged code mode is Base64
When, character "!" be not printable character used in Base64, then the printable character can for "!”.
410th, N number of index character string C after big data server is by series winding1、C2、…、CNAnd ciphertext
X is stored in the same tables of data in database server.
Wherein, N number of index character string is N number of index of ciphertext, and the index of ciphertext is corresponding with ciphertext to be stored,
It should be noted that in prior art after N number of index of ciphertext of sensitive data is generated, in tables of data
In each index take a memory element in a field storing, by ciphertext in the embodiment of the present invention
N number of index be concatenated, store N number of index when, a field in tables of data can be only taken up
In a memory element stored.Meanwhile, will by the printable character in non-default coded system
Being spaced apart between index character string can prevent matching error.
When user needs to obtain sensitive data, can be sent to big data server by user equipment and be searched
Rope key word so that big data server searches out ciphertext according to search keyword and decryption obtains sensitive number
Send according to rear line equipment, as shown in figure 5, specific process includes:
501st, user equipment sends M search keyword, when M >=2, user to big data server
Equipment also sends way of search to big data server, and way of search is and mode or or mode;M >=1,
M is integer.
502nd, big data server receives M search keyword, and when M >=2, big data server is also
Receive way of search.
503rd, big data server generates the same procedure of index character string using target keyword, by M
Individual search keyword generates M search string B1′、B2′、…、BM′。
504th, big data server is by M search string B1′、B2′、…、BM' and C1!C2!…!
CNThe N number of index character string for including is matched.
Specifically, if M=1, in the M search string with N number of index character string
When individual index character string is identical, the ciphertext is obtained;
If M >=2 and when the way of search is with mode, as the M search string and N
When M index character string in individual index character string is identical, the ciphertext is obtained;
If M >=2 and the way of search are or during mode, when in the M search string
When any one search string is identical with an index character string in N number of index character string, obtain
The ciphertext.
When big data server gets ciphertext, execution step 505 is to step 507;When big data clothes
When business device does not get ciphertext, big data server to user equipment sends search failure.Fig. 5
In drawn so that big data server gets ciphertext as an example.
505th, big data server is entered the ciphertext for getting using the corresponding decipherment algorithm of irreversible cryptographic algorithm
Row decryption, obtains sensitive data.
506th, big data server sends sensitive data to user equipment.
507th, user equipment receives the sensitive data that big data server sends.
Specifically, the example of acquisition ciphertext can be found in the example described in table 2.
Method provided in an embodiment of the present invention, after target keyword to be generated Hash authentication code, adopts
Default coded system is encoded to Hash authentication code, obtains index character string, when index character string has
When N number of, N number of index character string is N number of index of the ciphertext of sensitive data, and database server will be close
It is literary it is corresponding with N number of index character string be stored in same tables of data, because index character string is printable word
Symbol string, therefore, it can directly pass through SQL search index character strings in database server.If desired
When scanning for the ciphertext comprising certain key word, the phase of index character string is generated using target keyword
Same method, by search keyword search string is generated, can be directly in database server by SQL
It is middle to be matched search string with N number of index character string, it is determined whether ciphertext to be obtained, with existing skill
Art is compared, and without the index by ciphertext internal memory is loaded into, and has saved memory headroom, and can improve ciphertext
The speed of search.
Embodiment three
It should be noted that in publicly-owned cloud platform, database server is typically disposed in publicly-owned Cloud Server
Interior, the method for establishment ciphertext index of the embodiment by taking the situation as an example to providing in embodiment one is said
Bright, the relevant explanation in the embodiment may refer to above-described embodiment, as shown in fig. 6, the method includes:
601st, tenant's equipment determines sensitive data.
Illustrate by taking a sensitive data as an example in the embodiment of the present invention.
602nd, tenant's equipment is encrypted using irreversible cryptographic algorithm to sensitive data, obtains sensitive data
Ciphertext X.
Specifically, irreversible cryptographic algorithm can be AES, DES or other irreversible cryptographic algorithms, the present invention
Embodiment is not limited to this.
603rd, tenant's equipment carries out participle and obtains N number of target keyword using segmentation methods to sensitive data
K1、K2、…、KN。
Specifically, when sensitive data is different, the segmentation methods of employing can also be different.Work as sensitive data
For Chinese when, can using Word Intelligent Segmentation algorithm or fine granularity segmentation methods, when sensitive data for numeral when,
Can be using prefix segmentation methods or suffix segmentation methods.The principle of specific several segmentation methods can be found in
Description in embodiment two.
604th, tenant's equipment is according to N number of target keyword K1、K2、…、KNCalculate with the Hash with key
Method generates N number of Hash authentication code H1、H2、…、HN。
Exemplary, the hash algorithm with key can be hmac algorithm, be specifically as follows
HMAC-MD5 algorithms, HMAC-SHA1 algorithms, HMAC-SHA256 algorithms etc..
605th, tenant's equipment intercepts N number of Hash authentication code H1、H2、…、HNIn each Hash certification
The front r positions of code, obtain N number of sub- Hash authentication code S1、S2、…、SN。
Wherein, 1≤r≤R, R and r are integer, and R is the length of Hash authentication code.
It should be noted that Hash authentication code there can be 256, in order to reduce operand, will can breathe out
R positions are used for calculating before uncommon authentication code is intercepted.
606th, tenant's equipment adopts pre-arranged code mode to N number of sub- Hash authentication code S1、S2、…、SN
Coding is carried out respectively obtains N number of index character string B1、B2、…、BN。
Specifically, pre-arranged code mode can be Base64, and sub- Hash authentication code is after Base64 codings
The character string for obtaining is printable character string.
607th, tenant's equipment is by N number of index character string B1、B2、…、BNRandom scrambling, obtains out of order
N number of index character string C1、C2、…、CN。
It should be noted that due to B1、B2、…、BNIt is to be generated according to N number of target keyword,
B1、B2、…、BNOrder discharges the content that may reveal ciphertext, therefore, in order to improve the safety of ciphertext
Property, by N number of index character string B1、B2、…、BNRandom scrambling.
608th, described N number of index character string C after tenant's equipment is by random scrambling1、C2、…、CNString
Link up.
Wherein, by non-between the adjacent index character string in the described N number of index character string after series winding
Printable character in the pre-arranged code mode is spaced apart, specifically, when pre-arranged code mode is Base64
When, character "!" be not printable character used in Base64, then the printable character can for "!”.
609th, tenant's equipment sends N number of index character string C after series winding to publicly-owned Cloud Server1、C2、…、
CNWith ciphertext X.
610th, N number of index character string C after the series winding that publicly-owned cloud server tenant equipment sends1、
C2、…、CNWith ciphertext X, and by series winding after N number of index character string C1、C2、…、CNWith it is close
Literary X is stored in the same tables of data in database server.
Wherein, N number of index character string is N number of index of ciphertext, and the index of ciphertext is corresponding with ciphertext to be stored,
It should be noted that in prior art after N number of index of ciphertext of sensitive data is generated, in tables of data
In each index take a memory element in a field storing, by ciphertext in the embodiment of the present invention
N number of index be concatenated, store N number of index when, a field in tables of data can be only taken up
In a memory element stored.Meanwhile, will by the printable character in non-default coded system
Being spaced apart between index character string can prevent matching error.
When user needs to obtain ciphertext, as shown in fig. 7, can be obtained by procedure below:
701st, tenant's equipment determines M search keyword, and generates index character using target keyword
The same procedure of string, by M search keyword M search string B is generated1′、B2′、…、BM',
When M >=2, tenant's equipment also determines that way of search, way of search be with mode or or mode, M >=1,
M is integer.
702nd, tenant's equipment sends M search string B to publicly-owned Cloud Server1′、B2′、…、BM′
And way of search.
703rd, the M search string B that publicly-owned cloud server tenant equipment sends1′、B2′、…、
BM' and way of search.
704th, publicly-owned Cloud Server is by M search string B1′、B2′、…、BM' and C1!C2!…!
CNThe N number of index character string for including is matched;
If M=1, when an index word in the M search string with N number of index character string
When symbol string is identical, the ciphertext is obtained;
If M >=2 and when the way of search is with mode, as the M search string and N
When M index character string in individual index character string is identical, the ciphertext is obtained;
If M >=2 and the way of search are or during mode, when any in the M search string
When one search string is identical with an index character string in N number of index character string, obtain described close
Text.
When publicly-owned Cloud Server gets ciphertext, execution step 705 is to step 707;When public cloud clothes
When business device does not get ciphertext, publicly-owned Cloud Server to tenant's equipment sends search failure.Fig. 7
In drawn so that publicly-owned Cloud Server gets ciphertext as an example.
705th, publicly-owned Cloud Server sends the ciphertext for getting to tenant's equipment.
706th, tenant's equipment receives the ciphertext that publicly-owned Cloud Server sends.
707th, tenant's equipment is entered the ciphertext for getting using the corresponding decipherment algorithm of irreversible cryptographic algorithm
Row decryption, obtains sensitive data.
Specifically, the example of acquisition ciphertext can be found in the example described in table 2.
Method provided in an embodiment of the present invention, after target keyword to be generated Hash authentication code, adopts
Hash authentication code is encoded with default coded system, obtains index character string, work as index character
String is when having N number of, N number of index character string for the ciphertext of sensitive data N number of index, database service
Device is stored in ciphertext is corresponding with N number of index character string in same tables of data, because index character string is
Printable character string, therefore, it can directly pass through SQL search index words in database server
Symbol string.When if desired scanning for the ciphertext comprising certain key word, generated using target keyword
The same procedure of index character string, by search keyword search string is generated, can be with by SQL
Directly search string is matched with N number of index character string in database server, it is determined that being
No acquisition ciphertext, compared with prior art, without the index by ciphertext internal memory is loaded into, and has saved internal memory
Space, and the speed of cipher text searching can be improved.
Example IV
The embodiment of the present invention provides a kind of device 80 for creating ciphertext index, for performing shown in Fig. 3
Method, as shown in figure 8, the device 80 includes:
Ciphering unit 801, obtains described for being encrypted to sensitive data using irreversible cryptographic algorithm
The ciphertext of sensitive data;
Participle unit 802, for carrying out participle to the sensitive data using segmentation methods target is obtained
Key word;
First signal generating unit 803, for according to the target keyword and hash algorithm, generating Hash
Authentication code;
Coding unit 804, for carrying out encoding to the Hash authentication code using pre-arranged code mode
To index character string, the index character string is printable character string, and the index character string is described
The index of ciphertext;
Transmitting element 805, for sending the ciphertext and the index character string to database server,
The ciphertext and the index character string are stored in into same data in order to the database server
In table, the index character string is corresponding storage with the ciphertext.
Optionally, as shown in figure 9, described device 80 also includes:
Interception unit 806, for intercepting the front r positions of the Hash authentication code, obtains sub- Hash certification
Code, 1≤r≤R, R and r are integer, and R is the length of the Hash authentication code;
The coding unit 804, specifically for using pre-arranged code mode to the sub- Hash authentication code
Carry out coding and obtain index character string.
Optionally, as shown in figure 9, when the index character string number be N when, described device
80 also include:
Scramble unit 807, for by N number of index character string random scrambling, N >=1, N to be integer;
Series winding unit 808, is concatenated for the described N number of index character string after by random scrambling,
By non-described pre- between the adjacent index character string in described N number of index character string after series winding
If the printable character in coded system is spaced apart.
Optionally, as shown in figure 9, described device 80 also includes:
First acquisition unit 809, for obtaining search keyword;
Second signal generating unit 810, for generating the index character string using by the target keyword
Same procedure, the search keyword is generated into search string, the search string is can to beat
Print character string;
The transmitting element 805, is additionally operable to send the search string to the database server,
In order to the database server according to the search string and the index character string of storage
Search for the ciphertext.
Optionally, as shown in figure 9, described device 80 also includes:
Second acquisition unit 811, for obtaining search statement;
The first acquisition unit 809, specifically for using the segmentation methods to the search statement
Carry out participle and obtain search keyword.
Device provided in an embodiment of the present invention, after target keyword to be generated Hash authentication code, adopts
Default coded system is encoded to Hash authentication code, obtains index character string, when index character string has
When N number of, N number of index character string is N number of index of the ciphertext of sensitive data, and database server will be close
It is literary it is corresponding with N number of index character string be stored in same tables of data, because index character string is printable word
Symbol string, therefore, it can directly pass through SQL search index character strings in database server.If desired
When scanning for the ciphertext comprising certain key word, the phase of index character string is generated using target keyword
Same method, by search keyword search string is generated, can be directly in database server by SQL
It is middle to be matched search string with N number of index character string, it is determined whether ciphertext to be obtained, with existing skill
Art is compared, and without the index by ciphertext internal memory is loaded into, and has saved memory headroom, and can improve ciphertext
The speed of search.
Embodiment five
Hardware realize on, the unit in said apparatus can be embedded in the form of hardware or independently of
In the processor of the device, it is also possible to be stored in a software form in the memorizer of the device, in order to locate
Reason device calls the corresponding operation of execution above unit, and the processor can be CPU
(CPU), microprocessor, single-chip microcomputer etc..
As shown in Figure 10, the embodiment of the present invention provides another kind of device 100 for creating ciphertext index, is used for
Method as shown in Figure 3 is performed, the device 100 includes:Memorizer 1001, processor 1002, transmission
Device 1003 and bus system 1004.
Wherein, it is by bus system 1004 between memorizer 1001, processor 1002 and transmitter 1003
It is coupled, wherein memorizer 1001 may include random access memory, it is also possible to also including non-
Volatile memory, for example, at least one disk memory.Bus system 1004, can be isa bus,
Pci bus or eisa bus etc..The bus system 1004 can be divided into address bus, data/address bus,
Controlling bus etc..For ease of representing, only represented with a thick line in Figure 10, it is not intended that only one
Bus or a type of bus.
Memorizer 1001 memory storage, one group of code, the code performs following dynamic for control process device 1002
Make:
The ciphertext for obtaining the sensitive data is encrypted to sensitive data using irreversible cryptographic algorithm;
Participle is carried out to the sensitive data using segmentation methods and obtains target keyword;
According to the target keyword and hash algorithm, Hash authentication code is generated;
Coding is carried out to the Hash authentication code using pre-arranged code mode and obtains index character string, it is described
Index character string is printable character string, and the index character string is the index of the ciphertext;
The transmitter 1003, for sending the ciphertext and the index character to database server
String, same number is stored in order to the database server by the ciphertext and the index character string
According to table, the index character string is corresponding storage with the ciphertext.
Optionally, the processor 1002 is additionally operable to:
The front r positions of the Hash authentication code are intercepted, sub- Hash authentication code, 1≤r≤R, R and r is obtained
Integer is, R is the length of the Hash authentication code;
The processor 1002, specifically for being entered to the sub- Hash authentication code using pre-arranged code mode
Row coding obtains index character string.
Optionally, when the number of the index character string is N, the processor 1002 is additionally operable to:
By N number of index character string random scrambling, N >=1, N is integer;
Described N number of index character string after by random scrambling is concatenated, described N number of after series winding
Between adjacent index character string in index character string by the non-pre-arranged code mode in can
Printable character is spaced apart.
Optionally, the processor 1002 is additionally operable to:
Obtain search keyword;
Using the same procedure that the target keyword is generated the index character string, by the search
Key word generates search string, and the search string is printable character string;
The transmitter 1003, is additionally operable to send the search string to the database server,
In order to the database server according to the search string and the index character string of storage
Search for the ciphertext.
Optionally, the processor 1002 is additionally operable to:
Obtain search statement;
The processor 1002, specifically for being carried out to the search statement point using the segmentation methods
Word obtains search keyword.
Device provided in an embodiment of the present invention, after target keyword to be generated Hash authentication code, adopts
Hash authentication code is encoded with default coded system, obtains index character string, work as index character
String is when having N number of, N number of index character string for the ciphertext of sensitive data N number of index, database service
Device is stored in ciphertext is corresponding with N number of index character string in same tables of data, because index character string is
Printable character string, therefore, it can directly pass through SQL search index words in database server
Symbol string.When if desired scanning for the ciphertext comprising certain key word, generated using target keyword
The same procedure of index character string, by search keyword search string is generated, can be with by SQL
Directly search string is matched with N number of index character string in database server, it is determined that being
No acquisition ciphertext, compared with prior art, without the index by ciphertext internal memory is loaded into, and has saved internal memory
Space, and the speed of cipher text searching can be improved.
The embodiment of the present invention additionally provides a kind of system of establishment ciphertext index, and the system includes above-mentioned dress
80 and above-mentioned database server are put, or, the system includes said apparatus 100 and above-mentioned data
Storehouse server.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with
The division of above-mentioned each functional module is illustrated, in practical application, can as desired will be upper
State function distribution to be completed by different functional modules, will the internal structure of device be divided into different work(
Energy module, to complete all or part of function described above.The device of foregoing description and module
Specific work process, may be referred to the corresponding process in preceding method embodiment, will not be described here.
In several embodiments provided herein, it should be understood that disclosed apparatus and method,
Can realize by another way.For example, device embodiment described above is only schematic
, for example, the division of the module, only a kind of division of logic function can be with when actually realizing
Have other dividing mode, such as multiple module or components can with reference to or be desirably integrated into another
System, or some features can ignore, or do not perform.It is another, it is shown or discussed it is mutual it
Between coupling direct-coupling or communication connection can be by the indirect of some interfaces, device or unit
Coupling is communicated to connect.
In addition, each functional module in the application each embodiment can be integrated in a processing module
In, or modules be individually physically present, it is also possible to two or more modules are integrated in
In one module.Above-mentioned integrated module both can be realized in the form of hardware, it would however also be possible to employ soft
The form of part functional module is realized.
The above, above example only to illustrate the technical scheme of the application, rather than a limitation;
Although being described in detail to the application with reference to the foregoing embodiments, one of ordinary skill in the art should
Work as understanding:It still can modify to the technical scheme described in foregoing embodiments, or to it
Middle some technical characteristics carry out equivalent;And these modifications or replacement, do not make appropriate technical solution
Essence depart from the spirit and scope of each embodiment technical scheme of the application.
Claims (12)
1. it is a kind of create ciphertext index method, it is characterised in that include:
The ciphertext for obtaining the sensitive data is encrypted to sensitive data using irreversible cryptographic algorithm;
Participle is carried out to the sensitive data using segmentation methods and obtains target keyword;
According to the target keyword and hash algorithm, Hash authentication code is generated;
Coding is carried out to the Hash authentication code using pre-arranged code mode and obtains index character string, the rope
It is printable character string to draw character string, and the index character string is the index of the ciphertext;
The ciphertext and the index character string are sent to database server, in order to data base clothes
Business device the ciphertext and the index character string are stored in same tables of data, the index character string with
The ciphertext is correspondence storage.
2. method according to claim 1, it is characterised in that in the employing pre-arranged code side
Formula carries out coding and obtains before index character string to the Hash authentication code, and methods described also includes:
The front r positions of the Hash authentication code are intercepted, sub- Hash authentication code is obtained, 1≤r≤R, R and r are
Integer, R is the length of the Hash authentication code;
The employing pre-arranged code mode carries out coding and obtains index character string to the Hash authentication code, bag
Include:
Coding is carried out to the sub- Hash authentication code using pre-arranged code mode and obtains index character string.
3. method according to claim 1 and 2, it is characterised in that when the index character string
Number be N when, coding is carried out to the Hash authentication code in the employing pre-arranged code mode and is obtained
After index character string, methods described also includes:
By N number of index character string random scrambling, N >=1, N is integer;
Described N number of index character string after by random scrambling is concatenated, the described N number of rope after series winding
It is printable in drawing between the adjacent index character string in character string by the non-pre-arranged code mode
Intercharacter separates.
4. the method according to any one of claim 1-3, it is characterised in that methods described is also wrapped
Include:
Obtain search keyword;
Using the same procedure that the target keyword is generated the index character string, the search is closed
Keyword generates search string, and the search string is printable character string;
The search string is sent to the database server, in order to the database server root
The ciphertext is searched for according to the search string and the index character string of storage.
5. method according to claim 4, it is characterised in that in the acquisition search keyword
Before, methods described also includes:
Obtain search statement;
The acquisition search keyword, including:The search statement is carried out point using the segmentation methods
Word obtains search keyword.
6. the method according to claim 4 or 5, it is characterised in that methods described also includes:
The database server receives M search string, when M >=2, the database service
Device also obtains way of search, and the way of search is and mode or or mode;
The database server enters the M search string with the index character string of storage
Row matching;
If M=1, ciphertext corresponding with the search string identical index character string is obtained;
If M >=2 and when the way of search is with mode, obtain and the M search string phase
Ciphertext corresponding to M same index character string;
If M >=2 and the way of search are or during mode, obtain with the M search string
Ciphertext corresponding to arbitrary search string identical index character string.
7. it is a kind of create ciphertext index device, it is characterised in that include:
Ciphering unit, for being encrypted to sensitive data using irreversible cryptographic algorithm the sensitive number is obtained
According to ciphertext;
Participle unit, for carrying out participle to the sensitive data using segmentation methods target keyword is obtained;
First signal generating unit, for according to the target keyword and hash algorithm, generating Hash authentication code;
Coding unit, is indexed for carrying out coding to the Hash authentication code using pre-arranged code mode
Character string, the index character string is printable character string, and the index character string is the rope of the ciphertext
Draw;
Transmitting element, for sending the ciphertext and the index character string to database server, so as to
The ciphertext and the index character string are stored in same tables of data in the database server, institute
It is corresponding storage that index character string is stated with the ciphertext.
8. device according to claim 7, it is characterised in that described device also includes:
Interception unit, for intercepting the front r positions of the Hash authentication code, obtains sub- Hash authentication code, 1≤r≤R,
R and r are integer, and R is the length of the Hash authentication code;
The coding unit, specifically for being compiled to the sub- Hash authentication code using pre-arranged code mode
Code obtains index character string.
9. the device according to claim 7 or 8, it is characterised in that when the index character string
Number be N when, described device also includes:
Scramble unit, for by N number of index character string random scrambling, N >=1, N to be integer;
Series winding unit, is concatenated for the described N number of index character string after by random scrambling, contacts
Pass through the non-pre-arranged code between the adjacent index character string in described N number of index character string afterwards
Printable character in mode is spaced apart.
10. the device according to any one of claim 7-9, it is characterised in that described device is also wrapped
Include:
First acquisition unit, for obtaining search keyword;
Second signal generating unit, for generating the identical of the index character string using by the target keyword
Method, by the search keyword search string is generated, and the search string is printable character string;
The transmitting element, is additionally operable to send the search string to the database server, so as to
In the database server according to the search string and the index character string of storage search institute
State ciphertext.
11. devices according to claim 10, it is characterised in that described device also includes:
Second acquisition unit, for obtaining search statement;
The first acquisition unit, specifically for being carried out to the search statement point using the segmentation methods
Word obtains search keyword.
12. a kind of systems for creating ciphertext index, it is characterised in that include:Such as claim 7-11
Any one of device and database server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510698146.2A CN106610995B (en) | 2015-10-23 | 2015-10-23 | Method, device and system for creating ciphertext index |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510698146.2A CN106610995B (en) | 2015-10-23 | 2015-10-23 | Method, device and system for creating ciphertext index |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106610995A true CN106610995A (en) | 2017-05-03 |
| CN106610995B CN106610995B (en) | 2020-07-07 |
Family
ID=58613085
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510698146.2A Active CN106610995B (en) | 2015-10-23 | 2015-10-23 | Method, device and system for creating ciphertext index |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106610995B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107423341A (en) * | 2017-05-08 | 2017-12-01 | 上海泥娃通信科技有限公司 | A kind of ciphertext full-text search system |
| CN107463848A (en) * | 2017-07-18 | 2017-12-12 | 北京邮电大学 | A kind of application oriented cipher text searching method, apparatus, proxy server and system |
| CN108768994A (en) * | 2018-05-22 | 2018-11-06 | 北京小米移动软件有限公司 | Data matching method, device and computer readable storage medium |
| CN108920967A (en) * | 2018-06-28 | 2018-11-30 | 深信服科技股份有限公司 | A kind of data processing method, device, terminal and computer storage medium |
| CN110516460A (en) * | 2019-08-29 | 2019-11-29 | 重庆市筑智建信息技术有限公司 | Encryption security method and system for BIM data |
| CN110689349A (en) * | 2019-10-08 | 2020-01-14 | 深圳前海微众银行股份有限公司 | Transaction hash value storage and search method and device in block chain |
| CN110889017A (en) * | 2019-10-15 | 2020-03-17 | 福建联迪商用设备有限公司 | Retrieval method and terminal for information encrypted through base64 |
| CN110945506A (en) * | 2017-07-26 | 2020-03-31 | 华为国际有限公司 | Searchable encryption supporting hybrid indexing |
| CN111193723A (en) * | 2019-12-13 | 2020-05-22 | 上海数据交易中心有限公司 | Data transmission, matching and storage method and device, storage medium and terminal |
| CN112711648A (en) * | 2020-12-23 | 2021-04-27 | 航天信息股份有限公司 | Database character string ciphertext storage method, electronic device and medium |
| CN117390014A (en) * | 2023-09-27 | 2024-01-12 | 希维科技(广州)有限公司 | Method, device and storage medium for generating battery passport identification |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1617584A (en) * | 2004-12-06 | 2005-05-18 | 武汉大学 | Dynamic random mess correction and enciphering-deenciphering method for video frequency information |
| CN101155128A (en) * | 2006-09-29 | 2008-04-02 | 华为技术有限公司 | Method and system for implementing mobile data business |
| CN102576559A (en) * | 2009-08-07 | 2012-07-11 | 杜比国际公司 | Authentication of data streams |
| EP2499562A1 (en) * | 2009-11-09 | 2012-09-19 | Arcsight, Inc. | Enabling faster full-text searching using a structured data store |
| CN103064844A (en) * | 2011-10-20 | 2013-04-24 | 北京中搜网络技术股份有限公司 | Indexing equipment, indexing method, search device, search method and search system |
| US20130238646A1 (en) * | 2012-03-06 | 2013-09-12 | Evrichart, Inc. | Partial-Match Searches of Encrypted Data Sets |
| CN103345526A (en) * | 2013-07-22 | 2013-10-09 | 武汉大学 | Efficient privacy protection encrypted message querying method in cloud environment |
| US20140373177A1 (en) * | 2013-06-18 | 2014-12-18 | International Business Machines Corporation | Providing access control for public and private document fields |
| CN104394155A (en) * | 2014-11-27 | 2015-03-04 | 暨南大学 | Multi-user cloud encryption keyboard searching method capable of verifying integrity and completeness |
| US20150156175A1 (en) * | 2013-12-02 | 2015-06-04 | Infosys Limited | Methods for securing a communication to a social media application and devices thereof |
| CN104704493A (en) * | 2012-08-15 | 2015-06-10 | 维萨国际服务协会 | Searchable encrypted data |
| CN104992124A (en) * | 2015-08-03 | 2015-10-21 | 电子科技大学 | Document safety access method for cloud storage environment |
-
2015
- 2015-10-23 CN CN201510698146.2A patent/CN106610995B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1617584A (en) * | 2004-12-06 | 2005-05-18 | 武汉大学 | Dynamic random mess correction and enciphering-deenciphering method for video frequency information |
| CN101155128A (en) * | 2006-09-29 | 2008-04-02 | 华为技术有限公司 | Method and system for implementing mobile data business |
| CN102576559A (en) * | 2009-08-07 | 2012-07-11 | 杜比国际公司 | Authentication of data streams |
| EP2499562A1 (en) * | 2009-11-09 | 2012-09-19 | Arcsight, Inc. | Enabling faster full-text searching using a structured data store |
| CN103064844A (en) * | 2011-10-20 | 2013-04-24 | 北京中搜网络技术股份有限公司 | Indexing equipment, indexing method, search device, search method and search system |
| US20130238646A1 (en) * | 2012-03-06 | 2013-09-12 | Evrichart, Inc. | Partial-Match Searches of Encrypted Data Sets |
| CN104704493A (en) * | 2012-08-15 | 2015-06-10 | 维萨国际服务协会 | Searchable encrypted data |
| US20140373177A1 (en) * | 2013-06-18 | 2014-12-18 | International Business Machines Corporation | Providing access control for public and private document fields |
| CN103345526A (en) * | 2013-07-22 | 2013-10-09 | 武汉大学 | Efficient privacy protection encrypted message querying method in cloud environment |
| US20150156175A1 (en) * | 2013-12-02 | 2015-06-04 | Infosys Limited | Methods for securing a communication to a social media application and devices thereof |
| CN104394155A (en) * | 2014-11-27 | 2015-03-04 | 暨南大学 | Multi-user cloud encryption keyboard searching method capable of verifying integrity and completeness |
| CN104992124A (en) * | 2015-08-03 | 2015-10-21 | 电子科技大学 | Document safety access method for cloud storage environment |
Non-Patent Citations (2)
| Title |
|---|
| ZHANGJIE FU,等: "Achieving effective cloud search services: multi-keyword ranked search over encrypted cloud data supporting synonym query", 《IEEE TRANSACTIONS ON CONSUMER ELECTRONICS》 * |
| 李经纬,等: "可搜索加密技术研究综述", 《软件学报》 * |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107423341B (en) * | 2017-05-08 | 2020-10-16 | 上海泥娃通信科技有限公司 | Ciphertext full-text search system |
| CN107423341A (en) * | 2017-05-08 | 2017-12-01 | 上海泥娃通信科技有限公司 | A kind of ciphertext full-text search system |
| CN107463848B (en) * | 2017-07-18 | 2021-10-12 | 北京邮电大学 | Application-oriented ciphertext search method, device, proxy server and system |
| CN107463848A (en) * | 2017-07-18 | 2017-12-12 | 北京邮电大学 | A kind of application oriented cipher text searching method, apparatus, proxy server and system |
| CN110945506B (en) * | 2017-07-26 | 2023-11-17 | 华为国际有限公司 | Searchable encryption supporting hybrid indexes |
| CN110945506A (en) * | 2017-07-26 | 2020-03-31 | 华为国际有限公司 | Searchable encryption supporting hybrid indexing |
| CN108768994A (en) * | 2018-05-22 | 2018-11-06 | 北京小米移动软件有限公司 | Data matching method, device and computer readable storage medium |
| CN108768994B (en) * | 2018-05-22 | 2021-07-27 | 北京小米移动软件有限公司 | Data matching method and device and computer readable storage medium |
| CN108920967A (en) * | 2018-06-28 | 2018-11-30 | 深信服科技股份有限公司 | A kind of data processing method, device, terminal and computer storage medium |
| CN108920967B (en) * | 2018-06-28 | 2022-08-05 | 深信服科技股份有限公司 | Data processing method, device, terminal and computer storage medium |
| CN110516460A (en) * | 2019-08-29 | 2019-11-29 | 重庆市筑智建信息技术有限公司 | Encryption security method and system for BIM data |
| CN110516460B (en) * | 2019-08-29 | 2021-05-14 | 重庆市筑智建信息技术有限公司 | Encryption security method and system for BIM data |
| CN110689349A (en) * | 2019-10-08 | 2020-01-14 | 深圳前海微众银行股份有限公司 | Transaction hash value storage and search method and device in block chain |
| CN110889017B (en) * | 2019-10-15 | 2022-09-13 | 福建联迪商用设备有限公司 | Retrieval method and terminal for information encrypted through base64 |
| CN110889017A (en) * | 2019-10-15 | 2020-03-17 | 福建联迪商用设备有限公司 | Retrieval method and terminal for information encrypted through base64 |
| CN111193723A (en) * | 2019-12-13 | 2020-05-22 | 上海数据交易中心有限公司 | Data transmission, matching and storage method and device, storage medium and terminal |
| CN111193723B (en) * | 2019-12-13 | 2022-10-14 | 上海数据交易中心有限公司 | Data transmission, matching and storage method and device, storage medium and terminal |
| CN112711648A (en) * | 2020-12-23 | 2021-04-27 | 航天信息股份有限公司 | Database character string ciphertext storage method, electronic device and medium |
| CN117390014A (en) * | 2023-09-27 | 2024-01-12 | 希维科技(广州)有限公司 | Method, device and storage medium for generating battery passport identification |
| CN117390014B (en) * | 2023-09-27 | 2024-05-31 | 希维科技(广州)有限公司 | Method, device and storage medium for generating battery passport identification |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106610995B (en) | 2020-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106610995A (en) | Ciphertext index creating method, device and system | |
| US10021078B2 (en) | System, apparatus and method for encryption and decryption of data transmitted over a network | |
| US8666065B2 (en) | Real-time data encryption | |
| CN109241484B (en) | Method and equipment for sending webpage data based on encryption technology | |
| CN110110163A (en) | Safe substring search is with filtering enciphered data | |
| CA2786058C (en) | System, apparatus and method for encryption and decryption of data transmitted over a network | |
| CN107038383A (en) | A kind of method and apparatus of data processing | |
| US20150372810A1 (en) | Gesture-based password entry to unlock an encrypted device | |
| CN106776904A (en) | The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment | |
| CN205901794U (en) | System for it encrypts to carry out selectivity to big data content | |
| CN105827582A (en) | Communication encryption method, device and system | |
| CN105808977A (en) | Processing methods and apparatuses for file reading and writing operations | |
| CN107622208A (en) | Note encryption and decryption method and related product | |
| CN107248915A (en) | A kind of method for the data message dynamic encryption for preventing from being decrypted by violence | |
| CN106789058A (en) | One kind acts on behalf of re-encryption arthmetic statement and analytic method | |
| CN101212301A (en) | Authentication device and method | |
| EP3631669B1 (en) | Expression evaluation of database statements for restricted data | |
| CN113709181A (en) | Website login method, device, equipment and storage medium based on browser plug-in | |
| WO2021031429A1 (en) | Blockchain account address generation method, system and apparatus and computer-readable storage medium | |
| Ivasenko et al. | Information Transmission Protection Using Linguistic Steganography With Arithmetic Encoding And Decoding Approach | |
| CN104009851B (en) | A kind of bank net one-time pad two-way authentication secure log technology | |
| CN115001768A (en) | Data interaction method, device and equipment based on block chain and storage medium | |
| Handa et al. | Keyword binning-based efficient search on encrypted cloud data | |
| CN110795726A (en) | Password protection method and system based on artificial neural network | |
| CN108833096A (en) | A kind of data encryption dynamic key management system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |