CN106709373A - Method for achieving encryption of self-defining function of self-controlled database - Google Patents

Method for achieving encryption of self-defining function of self-controlled database Download PDF

Info

Publication number
CN106709373A
CN106709373A CN201710033985.1A CN201710033985A CN106709373A CN 106709373 A CN106709373 A CN 106709373A CN 201710033985 A CN201710033985 A CN 201710033985A CN 106709373 A CN106709373 A CN 106709373A
Authority
CN
China
Prior art keywords
sql
self
encrypted
ciphertext
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710033985.1A
Other languages
Chinese (zh)
Inventor
边伟亮
燕兴余
缪燕
杨利兵
姚玮
江樱
裴旭斌
吴双惠
王胜文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Xuji Group Co Ltd
State Grid Zhejiang Electric Power Co Ltd
Beijing Xuji Electric Co Ltd
Original Assignee
State Grid Corp of China SGCC
Xuji Group Co Ltd
State Grid Zhejiang Electric Power Co Ltd
Beijing Xuji Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Xuji Group Co Ltd, State Grid Zhejiang Electric Power Co Ltd, Beijing Xuji Electric Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201710033985.1A priority Critical patent/CN106709373A/en
Publication of CN106709373A publication Critical patent/CN106709373A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/28Databases characterised by their database models, e.g. relational or object models
    • G06F16/284Relational databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the invention provides a method for achieving encryption of a self-defining function of a self-controlled database. The method comprises the steps of 1, acquiring a function body code of the self-defining function, and converting the function body of the self-defining function into a ciphertext; 2, building a self-defining function language template, building a process language template, and generating the self-defining function of the ciphertext; and 3, performing SQL analysis on the self-defining function of the ciphertext, if an analysis result is correct, compiling the self-defining function, and storing the compiled self-defining function into a pg_catalog.pg_proc file.

Description

The method for realizing the SQL encryption of autonomous controlled data storehouse
Technical field
Realize that autonomous controlled data storehouse is self-defined the invention belongs to database encryption technology field, more particularly to one kind The method of function encrypting.
Background technology
With the development of society, increasing data are using electronic form storage;Either live, work, learn All it be unable to do without the support of information system.Database Systems as informationization technology core, the direct shadow of its safety and reliability Ring to whole information system.In the prior art in order to improve the security of information system, generally all can be to databases The data of storage are encrypted.But prior art all have ignored a bit:If the program code leakage of database, means whole Individual application system can also face the challenge, so as to bring serious loss and consequence.Therefore such as how technological means ensures database The safety of program code has turned into a problem demanding prompt solution.
Property as an example, PostgreSQL is the object-relational DBMS on typical basis (ORDBMS).PostgreSQL supports most of SQL standard and there is provided many other Modern Characteristics.But in the prior art The autonomous controlled data storehouse based on PostgreSQL do not support that SQL is encrypted, i.e., autonomous based on PostgreSQL can The SQL for controlling database is that with stored in clear in system table pg_catalog.pg_proc, and all users can Read, so for the security of Database Systems has buried a major hidden danger, it is impossible to ensure the safety of database program code.
The content of the invention
For not being encrypted to the program code of database in the prior art, to cause whole Database Systems to exist great The problem of potential safety hazard, the purpose of the embodiment of the present invention is to provide a kind of effective and efficiently realizes that autonomous controlled data storehouse is made by oneself The method of adopted function encrypting, can be encrypted to the program code of database.
In order to solve the above problems, the embodiment of the present invention proposes one kind and realizes that autonomous controlled data storehouse SQL adds Close method, including:
Step 1, the function body code for obtaining SQL;By it is described the function body of SQL is converted into it is close Text;
Step 2, establishment SQL language template;Create procedural language template;Generate the SQL of ciphertext;
Step 3, the SQL to ciphertext carry out SQL parsings, and SQL is entered if analysis result is correct Row compiling, then by the SQL storage after compiling to pg_catalog.pg_proc files.
Wherein, the function body of SQL is encrypted by a kind of following AES in the step 1: Unicode、ASCII、GBK、GB2312、UTF-8。
Wherein, the function body in the step 1 to SQL is encrypted using stream encryption mode, the stream encryption Including:Decrypt while compiling, and delete appropriate section after the completion of compiling.
Above-mentioned technical proposal of the invention has the beneficial effect that:Above-mentioned technical scheme proposes a kind of realization and independently may be used The method of control database SQL encryption, ensure that the Life cycle safety of data bank service code, solves and relates to The problem that confidential information exists with plaintext version.
Brief description of the drawings
Fig. 1 is existing SQL visioning procedure figure;
The SQL visioning procedure figure of the embodiment of the present invention that Fig. 2 is;
Fig. 3 is autonomous controlled data storehouse SQL encryption visioning procedure figure.
Specific embodiment
To make the technical problem to be solved in the present invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing and tool Body embodiment is described in detail.
As shown in Figure 1, the flow of generation SQL of the prior art includes:SQL is compiled Volume, and SQL parsings are carried out to the SQL after editor, SQL is compiled if analysis result is correct, Then by the SQL storage after compiling to pg_proc files;Output error is reminded if analysis result mistake.
The embodiment of the present invention is encrypted using AES to function body, need not thus change the kernel of database, Therefore the embodiment of the present invention is compared to the more existing cipher mode that function is converted to ciphertext when function is created, it is possible to reduce number The workload modified to kernel during according to qurush level.And the mentality of designing of the AES of the embodiment of the present invention is by function body Interior all of letter and symbol order are exchanged at random.Specifically, the embodiment of the present invention can be using the coding of various main flows Mode mainly includes to the program code of function body:The coding staff of the main flows such as Unicode, ASCII, GBK, GB2312, UTF-8 Formula.And stream encryption is used during encryption, that is, decrypt while compile, compiled part is fallen clearly, to improve code safety.
In the embodiment of the present invention, protected operating information system is referred to as target program, protected personnel are referred to as Targeted customer.
The embodiment of the present invention proposes a kind of autonomous controlled data storehouse SQL of realization as shown in Figures 2 and 3 and adds Close method, specifically includes:
Step 1, the function body code for obtaining SQL;By it is described the function body of SQL is converted into it is close Text;
Step 2, establishment SQL language template;Create procedural language template;Generate the SQL of ciphertext;
Step 3, the SQL to ciphertext carry out SQL parsings, and SQL is entered if analysis result is correct Row compiling, then by the SQL storage after compiling to pg_catalog.pg_proc files.
Wherein, the function body of SQL is encrypted by a kind of following AES in the step 1: Unicode、ASCII、GBK、GB2312、UTF-8。
Wherein, the function body in the step 1 to SQL is encrypted using stream encryption mode, i.e., while decryption While compiling, clearly falls compiled part.
Specifically, the method for the embodiment of the present invention includes:
1st, SQL is converted into ciphertext
pl_powerdbsrcfile[outfile]
Function body portion, the ciphertext after output encryption are only included in srcfile.
2nd, storing process language template is created
INSERT INTO
3rd, procedural language is created
CREATE LANGUAGE plpgwrappedsql;
Create function
CREATE FUNCTION func_name()
RETURNS type
AS
$$
<Ciphertext form SQL>
$$
LANGUAGE plpgpowerdbsql;
So far, SQL is encrypted successfully.
The embodiment of the present invention is encrypted using AES to function body, need not thus change the kernel of database, Therefore the embodiment of the present invention is compared to the more existing cipher mode that function is converted to ciphertext when function is created, it is possible to reduce number The workload modified to kernel during according to qurush level.And the mentality of designing of the AES of the embodiment of the present invention is by function body Interior all of letter and symbol order are exchanged at random.Specifically, the embodiment of the present invention can be using the coding of various main flows Mode mainly includes to the program code of function body:The coding staff of the main flows such as Unicode, ASCII, GBK, GB2312, UTF-8 Formula.To improve code safety.
The above is the preferred embodiment of the present invention, it is noted that for those skilled in the art For, on the premise of principle of the present invention is not departed from, some improvements and modifications can also be made, these improvements and modifications Should be regarded as protection scope of the present invention.

Claims (3)

1. it is a kind of to realize the method that autonomous controlled data storehouse SQL is encrypted, it is characterised in that including:
Step 1, the function body code for obtaining SQL;The function body of SQL is converted into ciphertext by described;
Step 2, establishment SQL language template;Create procedural language template;Generate the SQL of ciphertext;
Step 3, the SQL to ciphertext carry out SQL parsings, and SQL is compiled if analysis result is correct Translate, then by the SQL storage after compiling to pg_catalog.pg_proc files.
2. it is according to claim 1 to realize the method that autonomous controlled data storehouse SQL is encrypted, it is characterised in that institute State and the function body of SQL is encrypted by a kind of following AES in step 1:Unicode、ASCII、 GBK、GB2312、UTF-8。
3. it is according to claim 1 to realize the method that autonomous controlled data storehouse SQL is encrypted, it is characterised in that institute State the function body in step 1 to SQL to be encrypted using stream encryption mode, the stream encryption includes:While decryption one Side compiles, and deletes appropriate section after the completion of compiling.
CN201710033985.1A 2017-01-18 2017-01-18 Method for achieving encryption of self-defining function of self-controlled database Pending CN106709373A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710033985.1A CN106709373A (en) 2017-01-18 2017-01-18 Method for achieving encryption of self-defining function of self-controlled database

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710033985.1A CN106709373A (en) 2017-01-18 2017-01-18 Method for achieving encryption of self-defining function of self-controlled database

Publications (1)

Publication Number Publication Date
CN106709373A true CN106709373A (en) 2017-05-24

Family

ID=58906866

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710033985.1A Pending CN106709373A (en) 2017-01-18 2017-01-18 Method for achieving encryption of self-defining function of self-controlled database

Country Status (1)

Country Link
CN (1) CN106709373A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107247906A (en) * 2017-06-30 2017-10-13 武汉斗鱼网络科技有限公司 A kind of encryption method and device for data
EP4182827A4 (en) * 2020-07-14 2024-08-28 Nowvertical Group Inc Method and system for secure distributed software-service

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7382970B2 (en) * 2001-03-01 2008-06-03 Sony Corporation Process control manager for audio/video file system
CN104252604A (en) * 2014-09-01 2014-12-31 苏州锐盾信息科技有限公司 Database based building block system type dynamic encryption method
CN105160272A (en) * 2015-08-28 2015-12-16 国家电网公司 Autonomous controllable database based security encryption method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7382970B2 (en) * 2001-03-01 2008-06-03 Sony Corporation Process control manager for audio/video file system
CN104252604A (en) * 2014-09-01 2014-12-31 苏州锐盾信息科技有限公司 Database based building block system type dynamic encryption method
CN105160272A (en) * 2015-08-28 2015-12-16 国家电网公司 Autonomous controllable database based security encryption method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
佚名: "postgresql加密存储过程的思路", 《HTTP://BLOG.CHINAUNIX.NET/UID-63508-ID-112659.HTML》 *
佚名: "PostgreSQL存储过程", 《HTTPS://WWW.CNBLOGS.COM/ZHANGXP1129/ARCHIVE/2012/12/04/2801195.HTML》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107247906A (en) * 2017-06-30 2017-10-13 武汉斗鱼网络科技有限公司 A kind of encryption method and device for data
CN107247906B (en) * 2017-06-30 2019-09-10 武汉斗鱼网络科技有限公司 A kind of encryption method and device for data
EP4182827A4 (en) * 2020-07-14 2024-08-28 Nowvertical Group Inc Method and system for secure distributed software-service

Similar Documents

Publication Publication Date Title
US9158933B2 (en) Protection of encryption keys in a database
CN105005718B (en) A kind of method that Code obfuscation is realized using Markov chain
CN108090329A (en) A kind of method and device that digital watermarking encipherment protection is carried out to content of text
CN103119594A (en) Searchable encryption processing system
CN103218549A (en) Method and device for encrypting and decrypting Java source code
CN106610995A (en) Ciphertext index creating method, device and system
CN110704854A (en) Stream type encryption method aiming at text data reserved format
CN110166458B (en) Three-level key encryption method
CN106709373A (en) Method for achieving encryption of self-defining function of self-controlled database
CN104408379B (en) A kind of multistage endorsement method of the electronic document based on workflow
CN106789058A (en) One kind acts on behalf of re-encryption arthmetic statement and analytic method
CN110175462A (en) A kind of cross-platform decryption method, device and storage medium
CN105160272A (en) Autonomous controllable database based security encryption method and system
CN106055937B (en) A kind of encryption method and system of software static data
CN109358901A (en) A kind of processor chips and implementation method of decodable code dot matrix word library
CN104679781A (en) Data fuzzy processing method and device
CN103324891B (en) Based on Stand Growth and the Volume model dynamic management approach of encryption technology
CN107579987A (en) A kind of encryption of server high in the clouds diagnostic system rule base two level, access method and system
KR101440751B1 (en) Apparatus and method for database encryption
KR101321800B1 (en) Data protecting method and apparatus by replacing representative value
CN102946311A (en) Key dispersed method for enhancing safety of symmetric key system
CN113572600B (en) Quantum key safe storage system
KR101428650B1 (en) Method of encryption and method of decryption
CN112910638A (en) Block chain system key retrieving method
CN105718816B (en) The method of two dimensional code support system raising Information Security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170524

RJ01 Rejection of invention patent application after publication