CN108712412B - Database encryption and decryption methods and devices, storage medium and terminal - Google Patents

Database encryption and decryption methods and devices, storage medium and terminal Download PDF

Info

Publication number
CN108712412B
CN108712412B CN201810460046.XA CN201810460046A CN108712412B CN 108712412 B CN108712412 B CN 108712412B CN 201810460046 A CN201810460046 A CN 201810460046A CN 108712412 B CN108712412 B CN 108712412B
Authority
CN
China
Prior art keywords
key
database
encryption
decryption algorithm
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810460046.XA
Other languages
Chinese (zh)
Other versions
CN108712412A (en
Inventor
陈萌
弓晓东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing 58 Information Technology Co Ltd
Original Assignee
Beijing 58 Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing 58 Information Technology Co Ltd filed Critical Beijing 58 Information Technology Co Ltd
Priority to CN201810460046.XA priority Critical patent/CN108712412B/en
Publication of CN108712412A publication Critical patent/CN108712412A/en
Application granted granted Critical
Publication of CN108712412B publication Critical patent/CN108712412B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an encryption and decryption method, device, storage medium and terminal of a database, wherein the method comprises the following steps: encrypting a field to be encrypted of the database based on the key; and performing obfuscation processing on the key according to a preset obfuscation mode, and storing the obfuscated key. According to the method and the device, the fields of the database are encrypted, and the secret keys are subjected to obfuscation processing, so that even if an illegal user cracks the mobile terminal and obtains the database content, the encrypted database field content cannot be decrypted because the correct secret key cannot be obtained, the database content is protected, the risk of application program operation is reduced, and the use safety of the user is improved.

Description

Database encryption and decryption methods and devices, storage medium and terminal
Technical Field
The present invention relates to the field of mobile communications, and in particular, to a method, an apparatus, a storage medium, and a terminal for encrypting and decrypting a database.
Background
With the popularization of the use of mobile terminals, various Applications (APP) enrich the functions of the mobile terminals to meet various functional requirements of users. The database is an important component in the APP file, and particularly for examination type, answer type, evaluation type APPs and the like, the content in the corresponding database is an object which needs to be subjected to key protection.
Databases (such as lightweight cross-platform relational database SQLITE) used in existing mobile terminals generally do not have an encryption function, and all field contents of the databases are displayed in clear text, so that encryption protection cannot be performed. When an illegal user cracks the mobile terminal and acquires the super administrator authority of the mobile terminal, all data in the database can be exported through the management tool, so that data leakage is caused, the running risk of an application program is increased, and the use safety of the user is seriously influenced.
Disclosure of Invention
The invention provides an encryption and decryption method and device for a database, a storage medium and a terminal, which are used for solving the problem that the prior art cannot encrypt an application program database and is easy to cause data leakage.
In order to solve the above technical problem, in one aspect, the present invention provides a database encryption method applied to a terminal, including: encrypting a field to be encrypted of the database based on the key; and performing obfuscation processing on the key according to a preset obfuscation mode, and storing the obfuscated key.
Further, the saving the obfuscated key includes: splitting the key subjected to the obfuscation into N key parts, and respectively storing the N key parts into different files, wherein N is an integer greater than or equal to 2.
Further, in a case that N is equal to 2, the saving the N key parts to different files respectively includes: storing the first part of the key in a preset position of a readable file; and storing the second part of the key in a binary file SO symbol table of the dynamic link library.
Further, after performing obfuscation processing on the key according to a predetermined obfuscation mode and storing the obfuscated key, the method further includes: packaging a decryption algorithm, wherein the decryption algorithm is a decryption algorithm corresponding to an encryption algorithm adopted in encryption; and hiding an entry function of the packaged decryption algorithm, and informing a caller with a specified signature of the entry function.
On the other hand, the invention also provides a database decryption method, which is applied to a terminal and comprises the following steps: acquiring a key subjected to obfuscation processing according to a preset obfuscation mode; performing anti-obfuscation processing on the obfuscated key to obtain a key; decrypting the encrypted database field based on the key.
Further, the obtaining a key subjected to obfuscation processing according to a predetermined obfuscation manner includes: respectively acquiring N key parts from different files, wherein N is an integer greater than or equal to 2; and obtaining the key after the confusion processing according to the N key parts.
Further, before the obtaining the key subjected to the obfuscation processing according to the predetermined obfuscation mode, the method further includes: verifying the signature of the caller, and acquiring a packaged decryption algorithm under the condition that the signature of the caller passes the verification; and unsealing the packaged decryption algorithm to obtain a decryption algorithm, wherein the decryption algorithm is a decryption algorithm corresponding to the encryption algorithm adopted during encryption.
In another aspect, the present invention further provides an encryption apparatus for a database, including: the encryption module is used for encrypting the field to be encrypted of the database based on the key; and the obfuscation module is used for obfuscating the key according to a preset obfuscation mode and storing the obfuscated key.
Further, the obfuscation module is specifically configured to: splitting the obfuscated key into N key parts, and respectively storing the N key parts into different files, wherein N is an integer greater than or equal to 2.
Further, when N is equal to 2, the obfuscating module is specifically configured to: storing the first part of the key in a preset position of a readable file; and storing the second part of the key in a binary file SO symbol table of the dynamic link library.
Further, still include: the packaging module is used for packaging a decryption algorithm, wherein the decryption algorithm is a decryption algorithm corresponding to an encryption algorithm adopted in encryption; and the hiding module is used for hiding the entry function of the packaged decryption algorithm and informing the caller with the specified signature of the entry function.
In another aspect, the present invention further provides a database decryption apparatus, including: the obtaining module is used for obtaining the key subjected to the obfuscation processing according to a preset obfuscation mode; the anti-confusion module is used for carrying out anti-confusion processing on the key after the confusion processing to obtain the key; and the decryption module is used for decrypting the encrypted database field based on the key.
Further, the obtaining module is specifically configured to: respectively acquiring N key parts from different files, wherein N is an integer greater than or equal to 2; and obtaining the key after the confusion processing according to the N key parts.
Further, it is characterized by further comprising: the verification module is used for verifying the signature of the caller and acquiring the packaged decryption algorithm under the condition that the signature of the caller passes the verification; and the unsealing module is used for unsealing the sealed decryption algorithm to obtain the decryption algorithm, wherein the decryption algorithm is a decryption algorithm corresponding to the encryption algorithm adopted during encryption.
In another aspect, the present invention further provides a storage medium storing a computer program, wherein the computer program is configured to implement the steps of the above-mentioned database encryption method when executed by a processor.
In another aspect, the present invention further provides a storage medium storing a computer program, wherein the computer program is executed by a processor to implement the steps of the database decryption method.
In another aspect, the present invention further provides a terminal, which at least includes a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the above-mentioned database encryption method when executing the computer program on the memory.
In another aspect, the present invention further provides a terminal, which at least includes a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the above-mentioned database decryption method when executing the computer program on the memory.
According to the method and the device, the fields of the database are encrypted, and the secret keys are subjected to obfuscation processing, so that even if an illegal user cracks the mobile terminal and obtains the database content, the encrypted database field content cannot be decrypted because the correct secret key cannot be obtained, the database content is protected, the risk of application program operation is reduced, and the use safety of the user is improved.
Drawings
FIG. 1 is a flow chart of a database encryption method according to a first embodiment of the present invention;
FIG. 2 is a flow chart of a database encryption method according to a second embodiment of the present invention;
FIG. 3 is a flow chart of a database encryption method according to a third embodiment of the present invention;
FIG. 4 is a flowchart of a database decryption method according to a fourth embodiment of the present invention;
FIG. 5 is a flowchart of a database decryption method according to a fifth embodiment of the present invention;
FIG. 6 is a flowchart of a database decryption method according to a sixth embodiment of the present invention;
FIG. 7 is a schematic diagram of an encryption apparatus for database according to a seventh embodiment of the present invention;
FIG. 8 is a schematic structural diagram of an encryption apparatus for a database according to an eighth embodiment of the present invention;
fig. 9 is a schematic structural diagram of a decryption apparatus for a database according to a ninth embodiment of the present invention;
fig. 10 is a schematic structural diagram of a database decryption apparatus according to a tenth embodiment of the present invention.
Detailed Description
In order to solve the problem that the application database cannot be encrypted in the prior art and data leakage is easily caused, the invention provides an encryption and decryption method, an encryption and decryption device, a storage medium and a terminal for the database, and the invention is further described in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
The first embodiment of the present invention provides a database encryption method, which is applied to a terminal, and the flowchart is shown in fig. 1, and mainly includes steps S101 and S102:
s101, encrypting the field to be encrypted of the database based on the key.
In the prior art, the field contents stored in the database corresponding to the application program are all displayed in plaintext, and when the mobile terminal is cracked, an illegal user can easily acquire the plaintext contents in the database, so that the contents of the database are leaked.
In this embodiment, a field to be encrypted in a database is encrypted by a preset encryption algorithm based on a key, so that the format of the content of the field to be encrypted stored in the database is a ciphertext form of a binary stream, and the encrypted database is embedded in a corresponding application program. By the method, even if an illegal user can crack the mobile terminal to obtain the database file, the illegal user cannot obtain the field content displayed in the form of the plaintext, and the function of protecting the database content is achieved.
Specifically, the field to be encrypted of the database may be a main core field in the database, such as a number field, a main body field, a specific content field, and the like, and different fields to be encrypted may also be set according to the type of the application program corresponding to the database, for example, for an address book, the field to be encrypted may be set to a contact name and a contact manner, for an answer type APP, the field to be encrypted may be set to topic content, option content, and a correct answer, and for an APP that requires user login, the field to be encrypted may be set to a user name field, a password, and the like. Different fields to be encrypted are set for different databases, all the fields in the databases do not need to be encrypted, and the important fields can be protected.
When the field to be encrypted of the database is encrypted, the Encryption algorithm may be but not limited to an Advanced Encryption Standard Algorithm (AES), and when the AES algorithm is used, a Ciphertext Block Chaining (CBC) mode with a higher Encryption level may be further used for Encryption, so as to further reduce the possibility of the ciphertext being cracked.
S102, the key is obfuscated according to a preset obfuscating mode, and the obfuscated key is stored.
In order to further ensure the security of the database content, after the database field content is encrypted, the key is obfuscated according to a preset obfuscating mode, and the obfuscated key is stored. Specifically, the key is usually a character string with a certain length, and the predetermined obfuscation mode may be, but is not limited to, the following modes: adding a preset character at the position of a character string of the key, which is spaced by a preset number of characters, wherein the preset character is known; replacing a certain character in the character string of the key with a preset character; adjusting the order of the characters, etc.
In the embodiment, the fields of the database are encrypted, and the secret keys are obfuscated, so that even if an illegal user cracks the mobile terminal and obtains the database content, the illegal user cannot obtain the correct secret key and cannot decrypt the encrypted database field content, thereby protecting the database content, reducing the risk of application program operation, and improving the use safety of the user.
A second embodiment of the present invention provides a database encryption algorithm applied to a terminal, a flowchart of which is shown in fig. 2, and mainly includes steps S201 to S203:
s201, encrypting the field to be encrypted of the database based on the key.
In this embodiment, a field to be encrypted in a database is encrypted by a preset encryption algorithm based on a key, so that the format of the content of the field to be encrypted stored in the database is a ciphertext form of a binary stream, and the encrypted database is embedded in a corresponding application program. By the method, even if an illegal user can crack the mobile terminal to obtain the database file, the illegal user cannot obtain the field content displayed in the form of the plaintext, and the function of protecting the database content is achieved.
Specifically, the field to be encrypted of the database may be a main core field in the database, such as a number, a body, a specific content, and the like, and different fields to be encrypted may also be set according to the type of the application program corresponding to the database. Different fields to be encrypted are set for different databases, all the fields in the databases do not need to be encrypted, and the important fields can be protected.
When the field to be encrypted of the database is encrypted, the encryption algorithm can be but not limited to an AES algorithm, and when the AES algorithm is used, a CBC mode with a higher encryption level can be further used for encryption, so that the possibility that a ciphertext is cracked is further reduced.
S202, the key is obfuscated according to a preset obfuscating mode.
In order to further ensure the security of the database content, after the database field content is encrypted, the key is obfuscated according to a preset obfuscating mode, and the obfuscated key is stored. Specifically, the key is usually a character string with a certain length, and the predetermined obfuscation mode may be, but is not limited to, the following modes: adding a preset character at the position of a character string of the key, which is spaced by a preset number of characters, wherein the preset character is known; replacing characters at positions of a predetermined number of characters in the character string of the key with preset characters; and adjusting the character string of the key in sequence, and the like.
S203, splitting the key subjected to the obfuscation into N key parts, and respectively storing the N key parts into different files, wherein N is an integer greater than or equal to 2.
After the key is obfuscated, in order to further increase the security of the key, the obfuscated key is split into N key portions and stored separately. Specifically, when splitting, the following splitting modes can be used: dividing the key into N parts according to the character string length of the key after the confusion processing; and performing modular operation on the position of each character string and N, and forming a key part by using characters corresponding to the positions with the same modular value.
After splitting, each part is respectively saved, and the specific saved position can be a readable file (such as a picture, a TXT format text and the like) in the APP, a dynamic link library binary (SO) file and other files which can be directly called by the APP. Further, in the case that N is 2, the key subjected to obfuscation is split into a first partial key and a second partial key, and when saving, the first partial key may be saved in a preset position of the readable file, where the preset position may be a predetermined number of lines in the TXT format text, that is, after the first partial key is added to the predetermined number of lines, the preset position may also be a predetermined pixel block in the picture, that is, each character in the first partial key is added to a continuous pixel block with the length of the first partial key from the predetermined pixel block, respectively; for the second partial key, the second partial key may be stored in an SO symbol table, where the SO symbol table is a part of an SO file and is used to store an import/export symbol related to the dynamic link, and when the second partial key is stored, the second partial key may be stored as an entry in the SO symbol table, and optionally, a hidden field may be added in the SO symbol table to perform a hiding operation on the SO symbol table, thereby further ensuring the security of the key after obfuscation.
When N is larger than 2, each key part can be respectively stored in different readable files, or stored in different positions of an SO symbol table, or stored in other files readable by an APP, the setting of a specific storage rule can be flexibly adjusted according to actual conditions, a detailed storage scheme can be used as a part of a decryption algorithm, the detailed storage scheme can be known by the APP to finish correct calling during decryption, or a storage mode is preset during development, and the APP can obtain each part of keys according to the mode during calling.
According to the method and the device, the fields of the database are encrypted, the key is obfuscated, the obfuscated key is split and stored respectively, the decryption difficulty of the key is greatly increased, and the effect of protecting the database data is achieved better.
A third embodiment of the present invention provides a database encryption algorithm applied to a terminal, and a flowchart thereof is shown in fig. 3, and mainly includes steps S301 to S304:
s301, encrypting the field to be encrypted of the database based on the key.
In this embodiment, a field to be encrypted in a database is encrypted by a preset encryption algorithm based on a key, so that the format of the content of the field to be encrypted stored in the database is a ciphertext form of a binary stream, and the encrypted database is embedded in a corresponding application program. By the method, even if an illegal user can crack the mobile terminal to obtain the database file, the illegal user cannot obtain the field content displayed in the form of the plaintext, and the function of protecting the database content is achieved.
Specifically, the field to be encrypted of the database may be a main core field in the database, such as a number field, a main body field, a specific content field, and the like, and different fields to be encrypted may also be set according to the type of the application program corresponding to the database, for example, for an address book, the field to be encrypted may be set to a contact name and a contact manner, for an answer type APP, the field to be encrypted may be set to topic content, option content, and a correct answer, and for an APP that requires user login, the field to be encrypted may be set to a user name field, a password, and the like. Different fields to be encrypted are set for different databases, all the fields in the databases do not need to be encrypted, and the important fields can be protected.
When the field to be encrypted of the database is encrypted, the encryption algorithm can be but not limited to an AES algorithm, and when the AES algorithm is used, a CBC mode with a higher encryption level can be further used for encryption, so that the possibility that a ciphertext is cracked is further reduced.
S302, the key is obfuscated according to a preset obfuscating mode, and the obfuscated key is stored.
In order to further ensure the security of the database content, after the database field content is encrypted, the key is obfuscated according to a preset obfuscating mode, and the obfuscated key is stored. Specifically, the key is usually a character string with a certain length, and the predetermined obfuscation mode may be, but is not limited to, the following modes: adding a preset character at the position of a character string of the key, which is spaced by a preset number of characters, wherein the preset character is known; replacing characters at positions of a predetermined number of characters in the character string of the key with preset characters; and adjusting the sequence of the characters at the preset positions, and the like.
S303, packaging the decryption algorithm.
In order to protect the decryption algorithm, the decryption algorithm can be encapsulated, the specific decryption mode and process of the decryption algorithm are hidden, only the external entry function of the decryption algorithm is reserved, and the encapsulated decryption algorithm is obtained through the entry function when the decryption algorithm needs to be called. Specifically, the decryption algorithm is a decryption algorithm corresponding to an encryption algorithm used in encryption, and may further include a predetermined obfuscating manner used in obfuscating a key, or a storage scheme of each split partial key.
S304, hiding the entry function of the packaged decryption algorithm, and informing the caller with the specified signature of the entry function.
In order to ensure that the packaged decryption algorithm cannot be acquired by an illegal user through a decompilation tool, after the decryption algorithm is packaged, an external entry function of the decryption algorithm is hidden, and a specific hiding mode can be adding a hidden field or hiding through a hiding tool. In order to ensure that a user can normally call the packaged decryption algorithm when using the APP, the APP is used as a calling method that a caller knows an entry function, so that after the decryption algorithm is packaged, the caller with a specified signature is notified of the entry function of the packaged decryption algorithm, and the caller with the specified signature is the APP corresponding to the database.
According to the embodiment, the fields of the database are encrypted, the secret key is subjected to confusion processing, and finally the decryption algorithm is packaged and hidden, so that the decryption difficulty of the ciphertext is increased, and the effect of protecting the database data is better achieved.
A fourth embodiment of the present invention provides a database decryption method, which is applied to a terminal, and a flowchart of the method is shown in fig. 4, and mainly includes steps S401 to S403:
s401, a key after confusion processing according to a preset confusion mode is obtained.
S402, anti-obfuscating the obfuscated key to obtain the key.
When the database is called and plaintext content in the database is desired to be obtained, the database is encrypted, and a corresponding decryption operation needs to be performed according to a key, so that the key needs to be obtained first. In the encryption process, in order to ensure the security of the database content, after the database field content is encrypted, the secret key is subjected to obfuscation processing and stored, so that when the secret key is decrypted, the secret key subjected to obfuscation processing according to a preset obfuscation mode is obtained firstly.
And after the key after the obfuscation processing is obtained, performing anti-obfuscation processing on the key after the obfuscation processing. Specifically, the anti-aliasing process corresponds to the aliasing process, and may be, but is not limited to, the following: deleting preset characters at positions of a predetermined number of characters spaced in the character string of the key after the confusion processing; replacing all preset characters in the character string of the key subjected to the confusion processing with original characters; and adjusting the character sequence back to the original sequence.
And S403, decrypting the encrypted database field based on the key.
In this embodiment, during encryption, a field to be encrypted in a database is encrypted by a preset encryption algorithm based on a key, so that a format in which the content of the field to be encrypted is stored in the database is a ciphertext form of a binary stream, during decryption, the encrypted field of the database is decrypted based on the key, that is, the ciphertext of the binary stream in the database is decrypted into a plaintext, and a specific decryption manner is to decrypt the ciphertext by using a decryption algorithm corresponding to the encryption. Alternatively, the encryption algorithm may be an AES algorithm, and the corresponding decryption algorithm should also be a decryption algorithm corresponding to the AES algorithm.
In the embodiment, the key after obfuscation is obtained first, and after anti-obfuscation is performed on the key, the key used in encryption is obtained, and then the encrypted field of the database is decrypted, so that it is ensured that the database can only be decrypted after the correct key is obtained, and an illegal user cannot obtain the plaintext content of the database, thereby protecting the content of the database, reducing the risk of application program operation, and improving the use safety of the user.
A fifth embodiment of the present invention provides a database decryption method, which is applied to a terminal, and a flowchart of the method is shown in fig. 5, and specifically includes steps S501 to S504:
s501, N key parts are respectively obtained from different files, wherein N is an integer greater than or equal to 2.
And S502, obtaining the key after the confusion processing according to the N key parts.
During encryption, in order to ensure the security of the database content, after the database field content is encrypted, the secret key is obfuscated and stored, and in order to further increase the security of the secret key, the secret key after obfuscation is split into N secret key parts and stored respectively. Therefore, when decrypting, the N key parts stored in different files are obtained first, and the positions where the N key parts are stored may be files that can be directly called by the APP, such as a readable file in the APP or an SO file.
After the caller acquires all the key parts, the caller combines the N key parts into the key after the confusion processing according to the combination mode corresponding to the split mode during encryption.
And S503, performing anti-obfuscation processing on the obfuscated key to obtain a key.
And after the key after the obfuscation processing is obtained, performing anti-obfuscation processing on the key after the obfuscation processing. Specifically, the anti-aliasing process corresponds to the aliasing process, and may be, but is not limited to, the following: deleting preset characters at positions of a predetermined number of characters spaced in the character string of the key after the confusion processing; replacing all preset characters in the character string of the key subjected to the confusion processing with original characters; and adjusting the character sequence back to the original sequence.
S504, the encrypted database field is decrypted based on the key.
In this embodiment, during encryption, a field to be encrypted in a database is encrypted by a preset encryption algorithm based on a key, so that a format in which the content of the field to be encrypted is stored in the database is a ciphertext form of a binary stream, during decryption, the encrypted field of the database is decrypted based on the key, that is, the ciphertext of the binary stream in the database is decrypted into a plaintext, and a specific decryption manner is to decrypt the ciphertext by using a decryption algorithm corresponding to the encryption.
It should be understood that the storage scheme for splitting and storing the obfuscated key may be a storage mode preset during development, and the caller may directly obtain each partial key according to the mode, or may flexibly adjust according to actual conditions, and use the detailed storage scheme as a part of the decryption algorithm, which may be known by the APP to complete correct calling during decryption.
In the embodiment, the key parts stored in different files are firstly obtained and combined into the key after confusion processing, the key used in encryption is obtained after anti-confusion processing is performed on the key, and then the encrypted field of the database is decrypted, so that the database can be decrypted only after the correct key is obtained, and an illegal user cannot obtain the plaintext content of the database, thereby realizing the protection of the database content, reducing the risk of application program operation, and improving the use safety of the user.
A sixth embodiment of the present invention provides a database decryption method, which is applied to a terminal, and a flowchart of the method is shown in fig. 6, and specifically includes steps S601 to S605:
s601, verifying the signature of the caller, and acquiring the packaged decryption algorithm when the signature of the caller passes the verification.
In this embodiment, the entry function of the encapsulated decryption file is hidden, and only the caller with the specified signature knows the entry function of the encapsulated decryption algorithm, so that the signature of the caller needs to be checked first during decryption, and the encapsulated decryption algorithm can be acquired only when the signature of the caller is the same as the specified signature.
S602, the packaged decryption algorithm is unpacked to obtain the decryption algorithm.
The decryption algorithm is a decryption algorithm corresponding to the encryption algorithm adopted during encryption, and in order to protect the decryption algorithm, the decryption algorithm is packaged after encryption so as to hide the specific decryption mode and process of the decryption algorithm. And during decryption, after the packaged decryption algorithm is obtained, the decryption algorithm is subjected to unsealing operation to obtain the decryption algorithm. Specifically, the decryption algorithm includes a predetermined obfuscating manner when obfuscating the key, or includes a storage scheme of each split partial key, and the like.
S603, a key subjected to obfuscation processing in a predetermined obfuscation manner is acquired.
S604, anti-obfuscating the obfuscated key to obtain the key.
When the database is called and plaintext content in the database is desired to be obtained, the database is encrypted, and a corresponding decryption operation needs to be performed according to a key, so that the key needs to be obtained first. During encryption, in order to ensure the security of the content of the database, after the field content of the database is encrypted, the secret key is obfuscated and stored, so that during decryption, the secret key obfuscated in a preset obfuscating mode can be obtained through a storage scheme of each split partial secret key included in a decryption algorithm.
And after the key after the obfuscation processing is obtained, performing anti-obfuscation processing on the key after the obfuscation processing. Specifically, the anti-aliasing process corresponds to the aliasing process, and may be, but is not limited to, the following: deleting preset characters at positions of a predetermined number of characters spaced in the character string of the key after the confusion processing; replacing all preset characters in the character string of the key subjected to the confusion processing with original characters; and adjusting the character sequence back to the original sequence.
S605 decrypts the encrypted database field based on the key.
In this embodiment, during encryption, a field to be encrypted in the database is encrypted by a preset encryption algorithm based on a key, so that a format of the content of the field to be encrypted stored in the database is a ciphertext form of a binary stream, during decryption, the encrypted field of the database is decrypted based on the key, that is, the ciphertext of the binary stream in the database is decrypted into a plaintext, and a specific decryption manner is to decrypt the ciphertext by using a decryption algorithm corresponding to the encryption, that is, the decryption algorithm obtained in step S602.
According to the embodiment, the identity of a caller is firstly verified, the decrypted algorithm after unsealing is obtained, the key after confusion processing is obtained, the key used in encryption is obtained after anti-confusion processing is carried out on the key, decryption operation is carried out according to the decryption algorithm, so that an illegal user cannot obtain a correct decryption algorithm and cannot obtain the plaintext content of the database, the protection on the content of the database is realized, the risk of application program operation is reduced, and the use safety of the user is improved.
A seventh embodiment of the present invention provides an encryption apparatus for a database, a schematic structural diagram of which is shown in fig. 7, and the encryption apparatus mainly includes: the encryption module 11 is used for encrypting the field to be encrypted of the database based on the key; and the obfuscating module 12 is coupled to the encryption module 11 and configured to obfuscate the key according to a predetermined obfuscating manner and store the obfuscated key.
In the prior art, the field contents stored in the database corresponding to the application program are all displayed in plaintext, and when the mobile terminal is cracked, an illegal user can easily acquire the plaintext contents in the database, so that the contents of the database are leaked.
In this embodiment, the encryption module 11 first encrypts the field to be encrypted in the database by a preset encryption algorithm based on the key, so that the format of the content of the field to be encrypted stored in the database is a ciphertext form of a binary stream, and embeds the encrypted database in a corresponding application program. By the method, even if an illegal user can crack the mobile terminal to obtain the database file, the illegal user cannot obtain the field content displayed in the form of the plaintext, and the function of protecting the database content is achieved.
Specifically, the field to be encrypted of the database may be a main core field in the database, such as a number, a body, a specific content, and the like, and different fields to be encrypted may also be set according to the type of the application program corresponding to the database. Different fields to be encrypted are set for different databases, all the fields in the databases do not need to be encrypted, and the important fields can be protected.
When the field to be encrypted of the database is encrypted, the encryption algorithm can be but not limited to an AES algorithm, and when the AES algorithm is used, a CBC mode with a higher encryption level can be further used for encryption, so that the possibility that a ciphertext is cracked is further reduced.
In order to further ensure the security of the database contents, after the database field contents are encrypted, the obfuscating module 12 performs obfuscation processing on the key according to a predetermined obfuscating manner, and stores the obfuscated key. Specifically, the key is usually a character string with a certain length, and the predetermined obfuscating method used by the obfuscation module 12 may be, but is not limited to, the following methods: adding a preset character at the position of a character string of the key, which is spaced by a preset number of characters, wherein the preset character is known; replacing characters at positions of a predetermined number of characters in the character string of the key with preset characters; and adjusting the character string of the key in sequence, and the like.
After the key is obfuscated, in order to further increase the security of the key, the obfuscating module 12 may further split the obfuscated key into N key portions and store the N key portions respectively. Specifically, when the obfuscation module 12 is split, the following splitting modes may be adopted: dividing the key into N parts according to the character string length of the key after the confusion processing; and performing modular operation on the position of each character string and N, and forming a key part by using characters corresponding to the positions with the same modular value.
After the splitting, the confusion module 12 stores each part separately, and the specific storage position may be a readable file (such as a picture, a TXT format text, and the like) in the APP, and a file that the APP such as an SO file can be directly called. Further, in the case that N is 2, the key subjected to obfuscation is split into a first partial key and a second partial key, and when saving, the obfuscating module 12 may save the first partial key in a preset position of the readable file, where the preset position may be a predetermined number of lines in a TXT format text, that is, after the first partial key is added to the predetermined number of lines, the preset position may also be a predetermined pixel block in the picture, that is, each character in the first partial key is added to a continuous pixel block with the length of the first partial key from the predetermined pixel block, respectively; for the second partial key, the obfuscating module 12 may store the second partial key in the SO symbol table, and store the second partial key as an item in the SO symbol table, and optionally, may further add a hidden field in the SO symbol table to perform a hiding operation on the SO symbol table, SO as to further ensure the security of the obfuscated key.
When N is greater than 2, the obfuscation module 12 may store each key part in different readable files, or in different positions of the SO symbol table, or in other files readable by the APP, respectively, the setting of the specific storage rule may be flexibly adjusted according to actual situations, the detailed storage scheme may be used as a part of the decryption algorithm, and may be known by the APP to complete correct invocation during decryption, or a storage manner is set in advance during development, and the APP may obtain each part of the key according to the manner during invocation.
According to the method and the device, the fields of the database are encrypted, the key is obfuscated, the obfuscated key is split and stored respectively, the decryption difficulty of the key is greatly increased, and the effect of protecting the database data is achieved better.
An eighth embodiment of the present invention provides an encryption apparatus for a database, a schematic structural diagram of which is shown in fig. 8, and the encryption apparatus mainly includes: the encryption module 11 is used for encrypting the field to be encrypted of the database based on the key; an obfuscating module 12, coupled to the encryption module 11, for obfuscating the key according to a predetermined obfuscating manner, and storing the obfuscated key; the packaging module 13 is coupled with the obfuscation module 12 and is used for packaging a decryption algorithm, wherein the decryption algorithm is a decryption algorithm corresponding to an encryption algorithm adopted in encryption; and the hiding module 14 is coupled with the encapsulating module 13 and used for hiding the entry function of the encapsulated decryption algorithm and informing the caller with the specified signature of the entry function.
The encryption module 11 and the obfuscation module 12 have been described in detail in the seventh embodiment of the present invention, and are not described in detail in this embodiment.
In order to protect the decryption algorithm, the decryption algorithm may be encapsulated by the encapsulation module 13, the specific decryption manner and process thereof are hidden, only the external entry function thereof is reserved, and when the decryption algorithm needs to be called, the encapsulated decryption algorithm is obtained by the entry function. Specifically, the decryption algorithm is a decryption algorithm corresponding to an encryption algorithm used in encryption, and may further include a predetermined obfuscating manner used in obfuscating a key, or a storage scheme of each split partial key.
In order to ensure that the packaged decryption algorithm is not obtained by an illegal user through a decompilation tool, after the decryption algorithm is packaged, the external entry function is hidden through the hiding module 14, and a specific hiding mode can be adding a hidden field or hiding through a hiding tool. In order to ensure that the user can normally call the encapsulated decryption algorithm when using the APP, the APP is used as a calling method that the caller knows the entry function, therefore, after the decryption algorithm is encapsulated, the hidden module 14 notifies the caller with the specified signature of the entry function of the encapsulated decryption algorithm, and the caller with the specified signature is the APP corresponding to the database.
According to the embodiment, the fields of the database are encrypted, the secret key is subjected to confusion processing, and finally the decryption algorithm is packaged and hidden, so that the decryption difficulty of the ciphertext is increased, and the effect of protecting the database data is better achieved.
A ninth embodiment of the present invention provides a database decryption apparatus, a schematic structural diagram of which is shown in fig. 9, and the apparatus mainly includes: an obtaining module 21, configured to obtain a key subjected to obfuscation processing according to a predetermined obfuscation mode; the anti-confusion module 22 is coupled with the obtaining module 21 and is used for performing anti-confusion processing on the key after the confusion processing to obtain the key; and a decryption module 23, coupled to the anti-obfuscation module 22, for decrypting the encrypted database field based on the key.
When the database is called and plaintext content in the database is desired to be obtained, the database is encrypted, and a corresponding decryption operation needs to be performed according to a key, so that the key needs to be obtained first. In the encryption, in order to ensure the security of the database content, after the database field content is encrypted, the key is obfuscated and stored, so that in the decryption, the key obfuscated in a predetermined obfuscating manner is first acquired by the acquisition module 21.
During encryption, in order to ensure the security of the database content, after the database field content is encrypted, the secret key is obfuscated and stored, and in order to further increase the security of the secret key, the secret key after obfuscation is split into N secret key parts and stored respectively. Therefore, during decryption, the obtaining module 21 first obtains N key portions that need to be obtained and stored in different files, where the N key portions are stored in a file that can be directly called by an APP, such as a readable file in the APP or an SO file. And after all the key parts are obtained, combining the N key parts into a key after confusion processing according to a combination mode corresponding to the split mode during encryption.
After obtaining the obfuscated key, the obfuscated key is then subjected to an anti-obfuscation process by an anti-obfuscation module 22. Specifically, the anti-aliasing process corresponds to the aliasing process, and may be, but is not limited to, the following: deleting preset characters at positions of a predetermined number of characters spaced in the character string of the key after the confusion processing; replacing all preset characters in the character string of the key subjected to the confusion processing with original characters; and adjusting the character sequence back to the original sequence.
In this embodiment, during encryption, a field to be encrypted in the database is encrypted by a preset encryption algorithm based on a key, so that the format of the content of the field to be encrypted stored in the database is a ciphertext form of a binary stream, during decryption, the decryption module 23 decrypts the encrypted field of the database based on the key, that is, the ciphertext of the binary stream in the database is decrypted into a plaintext, and the specific decryption mode used by the decryption module 23 is decryption using a decryption algorithm corresponding to the encryption. Alternatively, the encryption algorithm may be an AES algorithm, and the corresponding decryption algorithm should also be a decryption algorithm corresponding to the AES algorithm.
It should be understood that the storage scheme for splitting and storing the obfuscated key may be a storage mode preset during development, the obtaining module 21 may directly obtain each part of the key according to the mode, or may flexibly adjust according to actual conditions, and the detailed storage scheme is used as a part of a decryption algorithm, and may be known by the obtaining module 21 to complete correct invocation during decryption.
In the embodiment, the key after obfuscation is obtained first, and after anti-obfuscation is performed on the key, the key used in encryption is obtained, and then the encrypted field of the database is decrypted, so that it is ensured that the database can only be decrypted after the correct key is obtained, and an illegal user cannot obtain the plaintext content of the database, thereby protecting the content of the database, reducing the risk of application program operation, and improving the use safety of the user.
A tenth embodiment of the present invention provides a database decryption apparatus, a schematic structural diagram of which is shown in fig. 9, and the apparatus mainly includes: the verification module 24 is configured to verify the signature of the caller, and obtain the packaged decryption algorithm when the signature of the caller passes the verification; the unsealing module 25 is coupled with the checking module 24 and is used for unsealing the packaged decryption algorithm to obtain a decryption algorithm, wherein the decryption algorithm is a decryption algorithm corresponding to the encryption algorithm adopted during encryption; the obtaining module 21 is coupled to the decapsulating module 25 and configured to obtain a key subjected to obfuscation processing according to a predetermined obfuscation manner; the anti-confusion module 22 is coupled with the obtaining module 21 and is used for performing anti-confusion processing on the key after the confusion processing to obtain the key; and a decryption module 23, coupled to the anti-obfuscation module 22, for decrypting the encrypted database field based on the key.
The obtaining module 21, the anti-aliasing module 22 and the decryption module 23 have been described in detail in the ninth embodiment of the present invention, and are not described in detail in this embodiment.
In this embodiment, the entry function of the encapsulated decryption file is hidden, and only the caller with the specified signature knows the entry function of the encapsulated decryption algorithm, so that when decrypting, the signature of the caller needs to be checked through the checking module 24, and only when the signature of the caller is the same as the specified signature, the encapsulated decryption algorithm can be obtained.
The decryption algorithm is a decryption algorithm corresponding to the encryption algorithm adopted during encryption, and in order to protect the decryption algorithm, the decryption algorithm is packaged after encryption so as to hide the specific decryption mode and process of the decryption algorithm. In decryption, after the verification module 24 obtains the encapsulated decryption algorithm, the decapsulation module 25 performs decapsulation operation on the decryption algorithm to obtain the decryption algorithm. Specifically, the decryption algorithm includes a predetermined obfuscating manner when obfuscating the key, or includes a storage scheme of each split partial key, and the like.
According to the embodiment, the identity of a caller is firstly verified, the decrypted algorithm after unsealing is obtained, the key after confusion processing is obtained, the key used in encryption is obtained after anti-confusion processing is carried out on the key, decryption operation is carried out according to the decryption algorithm, so that an illegal user cannot obtain a correct decryption algorithm and cannot obtain the plaintext content of the database, the protection on the content of the database is realized, the risk of application program operation is reduced, and the use safety of the user is improved.
An eleventh embodiment of the present invention provides a storage medium storing a computer program which, when executed by a processor, realizes the following steps S1 and S2:
s1, encrypting the field to be encrypted of the database based on the key;
and S2, performing obfuscation processing on the key according to a preset obfuscation mode, and storing the obfuscated key.
In the present embodiment, the storage medium may be installed in the terminal. Since the encryption method of the database has been described in detail in the first embodiment, it is not described in detail in this embodiment.
A twelfth embodiment of the present invention provides a storage medium storing a computer program that, when executed by a processor, realizes steps S3 to S5 as follows:
s3, acquiring the key after the confusion processing according to the preset confusion mode;
s4, performing anti-confusion processing on the key after the confusion processing to obtain a key;
s5, decrypting the encrypted database field based on the key.
In the present embodiment, the storage medium may be installed in the terminal. Since the decryption method of the database has been described in detail in the fourth embodiment, details are not described in this embodiment.
Optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes. Optionally, in this embodiment, the processor executes the method steps described in the above embodiments according to the program code stored in the storage medium. Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments and optional implementation manners, and this embodiment is not described herein again. It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
A thirteenth embodiment of the present invention provides a terminal including at least a memory having a computer program stored thereon, and a processor that implements the following steps S6 and S7 when executing the computer program on the memory:
s6, encrypting the field to be encrypted of the database based on the key;
and S7, performing obfuscation processing on the key according to a preset obfuscation mode, and storing the obfuscated key.
In this embodiment, the terminal may be a smart phone or a tablet computer used by a user. Since the encryption method of the database has been described in detail in the first embodiment, it is not described in detail in this embodiment.
A fourteenth embodiment of the present invention provides a terminal including at least a memory having a computer program stored thereon, and a processor that implements the following steps S8 to S10 when executing the computer program on the memory:
s8, acquiring the key after the confusion processing according to the preset confusion mode;
s9, performing anti-confusion processing on the key after the confusion processing to obtain a key;
s10, decrypting the encrypted database field based on the key.
In this embodiment, the terminal may be a smart phone or a tablet computer used by a user. Since the decryption method of the database has been described in detail in the fourth embodiment, details are not described in this embodiment.
Although the preferred embodiments of the present invention have been disclosed for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, and the scope of the invention should not be limited to the embodiments described above.

Claims (8)

1. An encryption method of a database, which is applied to a terminal, is characterized in that the database is a database of an application program in the terminal, and comprises the following steps:
encrypting a field to be encrypted of the database based on the key;
obfuscating the key according to a preset obfuscation mode, splitting the obfuscated key into N key parts, and respectively storing the N key parts into different files, wherein N is an integer greater than or equal to 2;
the predetermined obfuscation manner includes: adding a preset character at the position of a character string of the key, which is spaced by a preset number of characters, wherein the preset character is known; or, replacing all the same certain characters in the character string of the key with preset characters; or adjusting the sequence of the characters;
after the obfuscating the key according to the predetermined obfuscating manner and storing the obfuscated key, the method further includes:
packaging a decryption algorithm, wherein the decryption algorithm is a decryption algorithm corresponding to an encryption algorithm adopted in encryption;
and hiding an entry function of the packaged decryption algorithm, and informing a caller with a specified signature of the entry function.
2. The encryption method of claim 1, wherein said saving said N key portions to different files, respectively, in case N equals 2, comprises:
storing the first part of the key in a preset position of the readable file;
and storing the second part of the key in a binary file SO symbol table of the dynamic link library.
3. A decryption method of a database is applied to a terminal, and the database is a database of an application program in the terminal and comprises the following steps:
respectively acquiring N key parts from different files, wherein N is an integer greater than or equal to 2;
obtaining a key after confusion processing according to the N key parts;
performing anti-obfuscation processing on the obfuscated key to obtain a key;
the anti-aliasing process comprises: deleting preset characters at positions of a predetermined number of characters spaced in the character string of the key after the confusion processing; or, replacing all preset characters in the character string of the key subjected to the obfuscation treatment with original characters; or adjusting the character sequence back to the original sequence;
decrypting the encrypted database field based on the key;
before the obtaining of the key subjected to the obfuscation processing according to the predetermined obfuscation mode, the method further includes:
verifying the signature of the caller, and acquiring a packaged decryption algorithm under the condition that the signature of the caller passes the verification;
and unsealing the packaged decryption algorithm to obtain a decryption algorithm, wherein the decryption algorithm is a decryption algorithm corresponding to the encryption algorithm adopted during encryption.
4. An encryption apparatus for a database, wherein the database is a database of an application program in a terminal, comprising:
the encryption module is used for encrypting the field to be encrypted of the database based on the key;
the obfuscation module is used for obfuscating the key according to a preset obfuscation mode, splitting the obfuscated key into N key parts and storing the N key parts into different files respectively, wherein N is an integer greater than or equal to 2;
the predetermined obfuscation manner includes: adding a preset character at the position of a character string of the key, which is spaced by a preset number of characters, wherein the preset character is known; or, replacing all the same certain characters in the character string of the key with preset characters; or adjusting the sequence of the characters;
the packaging module is used for packaging a decryption algorithm, wherein the decryption algorithm is a decryption algorithm corresponding to an encryption algorithm adopted in encryption;
and the hiding module is used for hiding the entry function of the packaged decryption algorithm and informing the caller with the specified signature of the entry function.
5. The encryption device of claim 4, wherein, in the case where N equals 2, the obfuscation module is specifically configured to:
storing the first part of the key in a preset position of the readable file;
and storing the second part of the key in a binary file SO symbol table of the dynamic link library.
6. A decryption apparatus for a database, wherein the database is a database of an application program in a terminal, comprising:
the device comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for respectively acquiring N key parts from different files, and N is an integer greater than or equal to 2; obtaining a key after confusion processing according to the N key parts; the anti-confusion module is used for carrying out anti-confusion processing on the key after the confusion processing to obtain the key;
the anti-aliasing process comprises: deleting preset characters at positions of a predetermined number of characters spaced in the character string of the key after the confusion processing; or, replacing all preset characters in the character string of the key subjected to the obfuscation treatment with original characters; or adjusting the character sequence back to the original sequence;
the decryption module is used for decrypting the encrypted database field based on the secret key;
the verification module is used for verifying the signature of the caller and acquiring the packaged decryption algorithm under the condition that the signature of the caller passes the verification;
and the unsealing module is used for unsealing the sealed decryption algorithm to obtain the decryption algorithm, wherein the decryption algorithm is a decryption algorithm corresponding to the encryption algorithm adopted during encryption.
7. A storage medium storing a computer program, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 2 and/or 3 when executed by a processor.
8. A terminal comprising at least a memory, a processor, the memory having a computer program stored thereon, characterized in that the processor realizes the steps of the method of any of claims 1 to 2 and/or 3 when executing the computer program on the memory.
CN201810460046.XA 2018-05-15 2018-05-15 Database encryption and decryption methods and devices, storage medium and terminal Active CN108712412B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810460046.XA CN108712412B (en) 2018-05-15 2018-05-15 Database encryption and decryption methods and devices, storage medium and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810460046.XA CN108712412B (en) 2018-05-15 2018-05-15 Database encryption and decryption methods and devices, storage medium and terminal

Publications (2)

Publication Number Publication Date
CN108712412A CN108712412A (en) 2018-10-26
CN108712412B true CN108712412B (en) 2022-02-22

Family

ID=63868134

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810460046.XA Active CN108712412B (en) 2018-05-15 2018-05-15 Database encryption and decryption methods and devices, storage medium and terminal

Country Status (1)

Country Link
CN (1) CN108712412B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111314052B (en) * 2018-12-12 2023-02-07 上海领甲数据科技有限公司 Data encryption and decryption method
CN109711178B (en) * 2018-12-18 2021-02-19 北京城市网邻信息技术有限公司 Key value pair storage method, device, equipment and storage medium
CN110176992B (en) * 2019-05-29 2022-06-03 恒宝股份有限公司 Secure key management system and method and secure element thereof
CN110535642B (en) * 2019-09-02 2022-09-13 北京智游网安科技有限公司 Method for distributing storage keys, intelligent terminal and storage medium
CN110677421B (en) * 2019-09-30 2020-07-14 贵州航天云网科技有限公司 Remote operation and maintenance and data exchange method oriented to equipment industrial control safety
CN110855433B (en) * 2019-11-07 2023-06-16 深圳市信联征信有限公司 Data encryption method and device based on encryption algorithm and computer equipment
CN112613051A (en) * 2020-12-24 2021-04-06 金蝶软件(中国)有限公司 Data encryption storage method and device, computer equipment and storage medium
CN112788012B (en) * 2020-12-30 2023-07-25 深圳市欢太科技有限公司 Log file encryption method and device, storage medium and electronic equipment
CN113595982B (en) * 2021-06-25 2023-12-08 五八有限公司 Data transmission method and device, electronic equipment and storage medium
CN114844644A (en) * 2022-03-16 2022-08-02 深信服科技股份有限公司 Resource request method, device, electronic equipment and storage medium
CN115021982A (en) * 2022-05-19 2022-09-06 上海欧冶金融信息服务股份有限公司 Encryption and decryption method and medium based on quotient secret algorithm SM4

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7827403B2 (en) * 2005-04-13 2010-11-02 Oracle International Corporation Method and apparatus for encrypting and decrypting data in a database table
CN1909447B (en) * 2005-08-03 2010-04-28 盛大计算机(上海)有限公司 Method for network data communication by using dynamic encryption algorithm
CN102034054A (en) * 2009-09-29 2011-04-27 华腾国际科技股份有限公司 Information authentication system
CN102932349B (en) * 2012-10-31 2015-07-08 成都主导软件技术有限公司 Data transmission method, device and system
CN103684786A (en) * 2013-12-10 2014-03-26 北京天威诚信电子商务服务有限公司 Method and system for storing digital certificate and binding digital certificate to hardware carrier
US10789374B2 (en) * 2016-03-28 2020-09-29 Hitachi, Ltd. Database system and data retrieval method

Also Published As

Publication number Publication date
CN108712412A (en) 2018-10-26

Similar Documents

Publication Publication Date Title
CN108712412B (en) Database encryption and decryption methods and devices, storage medium and terminal
CN111475824B (en) Data access method, device, equipment and storage medium
CN105812332A (en) Data protection method
US20180262326A1 (en) Protecting white-box feistel network implementation against fault attack
US11308241B2 (en) Security data generation based upon software unreadable registers
US9372987B1 (en) Apparatus and method for masking a real user controlling synthetic identities
CN112165490B (en) Encryption method, decryption method, storage medium and terminal equipment
CN110826031B (en) Encryption method, device, computer equipment and storage medium
CN107196907B (en) A kind of guard method of Android SO files and device
EP4195583A1 (en) Data encryption method and apparatus, data decryption method and apparatus, terminal, and storage medium
CN105681039A (en) Method and device for secret key generation and corresponding decryption
EP2922235B1 (en) Security module for secure function execution on untrusted platform
US9252944B2 (en) Key wrapping for common cryptographic architecture (CCA) key token
CN104657670A (en) Data encryption based safety use method of configuration file
EP4075716A1 (en) Method and apparatus for encrypting and decrypting and reading and writing messages, computer device, and storage medium
CN105320535A (en) Checking method of installation package, client side, server and system
CN104618096A (en) Method and device for protecting secret key authorized data, and TPM (trusted platform module) secrete key management center
CN106209346B (en) White-box cryptography interleaving lookup table
CN110855433A (en) Data encryption method and device based on encryption algorithm and computer equipment
CN104601820A (en) Mobile terminal information protection method based on TF password card
CN104978542B (en) The method and system of safe data storage and access data
CN109510702A (en) A method of it key storage based on computer characteristic code and uses
CN109784072B (en) Security file management method and system
CN103605927A (en) Encryption and decryption method based on embedded Linux system
CN110365468B (en) Anonymization processing method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant