CN109522727A - A kind of data processing method, device and equipment - Google Patents

A kind of data processing method, device and equipment Download PDF

Info

Publication number
CN109522727A
CN109522727A CN201811261514.7A CN201811261514A CN109522727A CN 109522727 A CN109522727 A CN 109522727A CN 201811261514 A CN201811261514 A CN 201811261514A CN 109522727 A CN109522727 A CN 109522727A
Authority
CN
China
Prior art keywords
data
function
database
encryption
encryption algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811261514.7A
Other languages
Chinese (zh)
Inventor
吴晓军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201811261514.7A priority Critical patent/CN109522727A/en
Publication of CN109522727A publication Critical patent/CN109522727A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of data processing method, device and equipment, comprising: determines the data for importing relevant database;Ciphertext is generated after encrypting using Encryption Algorithm to the data, the Encryption Algorithm is determined according to the relational model of relational database, maintains the Encryption Algorithm of the numerical characteristic of data required by relational model after encryption;The ciphertext of the data is imported into relevant database.Using the present invention, there was only the data of ciphertext form in database, be also that the data of ciphertext form are handled when carrying out database processing;Encryption and decryption is uniformly just carried out by data encrypting and deciphering server when only passing in and out database, even if the leaking data of database, acquisition and ciphertext form data, so that the safety of data has obtained great guarantee.

Description

A kind of data processing method, device and equipment
Technical field
The present invention relates to technical field of data processing, in particular to a kind of data processing method, device and equipment.
Background technique
Public query system is deployed directly into internet, it will faces numerous safety problems, including server is attacked Cause website paralysis, website by falsification etc..Wherein, most fatal to be that data leak (data breach), that is, it is sensitive, by Protection or secret data are plagiarized by unwarranted tissue, steal or are used, and pass through the merger to these related datas It arranges, so that it may the data for largely having commercial value are filtered out, and these data are also the novel of Future Internet enterprise development Engine, therefore, the data of magnanimity not only bring huge commercial value, while will necessarily also become what numerous hackers were coveted Target, to bring more safety problems.
Currently, that steal data from internet is mainly " hacker ", the common means of hacker can break through part firewall Or the protection scope of server firewall is avoided completely, main method is to hit library attack and data " de- library ".
1, library attack is hit
" hitting library " is a kind of hacker attack mode.Hacker can collect the information such as the user name revealed on network, password, Go to number of site " to try " login one by one with technological means later, final " hitting big fortune " " examination " go out some use that can be logged in Name in an account book, password.For public query system, current design is for hitting for library more more easily, for example, attacker can To obtain the ID card No. of peasant from internet, warrant number is generated further according to contractual management right code regulation, is tried later User program circulation generates pairs of identification card number+contractual management right code, tries to log in one by one, since current identifying code is non- It often is easy to be bypassed, Hacker Program, which can be rapidly performed by, hits library attack, and " may finally try " to go out a batch can be passed through with query information A large amount of really power information may finally be stolen by crossing long time integration.
2, data " de- library "
" de- library " refers to the valuable website of hacker attacks, the behavior that document data base is all stolen.It is obtaining After a large amount of user data, hacker can be become valuable user data by a series of technological means and Dark Industry Link Existing, this is generally also referred to as " washing library ".The usual step in " de- library " are as follows:
1, hacker is scanned targeted website, searches its existing loophole, and common loophole includes SQL injection, on file Pass loophole etc..
2, " back door (webshell) " is established on Website server by the loophole, server behaviour is obtained by the back door Make the permission of system.
3, backup database is directly downloaded using system permission, or searches database link, be exported to local.
4, the decryption service for searching encryption data, if it is software, just directly downloading is walked together, if it is can not attack in short term Broken hardware just calls decryption interface, as far as possible downloading after encryption data decryption.
Currently, public query system has used conventional safe precaution method, including login authentication code, limitation log in IP, data encryption etc., these conventional methods are suitable for local area network or government intranet.
1, login authentication code
Login authentication code is a kind of method of a kind of most common and simplest anticollision library attack, effectively prevent some Hacker carries out Brute Force with specific program side with continuous login attempt to some particular registered user.Login authentication code warp Count the differentiation such as word & character, picture, language one by one.
Although identifying code prevents Brute Force using modes such as dynamic random generation, dynamic images, machine vision, mould are utilized The modern technologies such as formula identification or even artificial intelligence, can quickly identify login authentication code.But its deficiency is: identifying code is easy It is acquired, such as using assuming another's name to report the loss, unexpected losss, hand-set from stolen, multiply your mobile phone reception short message off guard for picking up you, in mobile phone Malicious application, the mode for meeting with swindle etc. can take verifying short message even SIM card.
2, the identity identifying methods such as dynamic password or digital certificate
Authentication is a kind of common access control means, by a kind of holding for medium, to authenticate the body of a people Part, Web bank has just widely used this kind of technology.But its deficiency is: horizontal for the computer skill of terminal user It is more demanding, and the payroll management of terminal device, need a huge service organization.
3, limitation logs in IP
The request number of times and request frequency of the same IP are limited, as soon as account is using same IP login 3 times, lock Determine to log on the day of the account.
The mode for logging in IP is limited for breaking through, deficiency is: proxy resources abundant on network can be borrowed, it can be with The limitation for breaking through request number of times or frequency is acted on behalf of using continually changing IP.
4, data encryption
Data encryption, ciphertext will be changed by Encryption Algorithm and encryption key in plain text by referring to, and decrypting is then to pass through decryption Algorithm and decruption key restore ciphertext in plain text.Hacker carries out data " de- library " in order to prevent, and data encryption is still meter at present A kind of most reliable method that calculation machine system protects information.It encrypts information using cryptographic technique, realizes letter Cease it is hidden, thus play protection information safety effect.Directly data are protected, are encrypted using ciphertext, wherein finally Prevent encipheror is from being broken.
In general, decipherment algorithm is put on the server together with program and encryption data in order to ciphertext data, deficiency exists In, after hacker is to data " de- library ", also can download decryption algorithm and program in passing, quickly encryption data is decrypted.
To sum up, although the prior art carries out various protection to data safety, restrained in federation by corresponding technological means, So as to cause leaking data.
Summary of the invention
The present invention provides a kind of data processing method, device and equipment, to solve the problems, such as leaking data.
A kind of data processing method is provided in the embodiment of the present invention, comprising:
Determine the data for importing relevant database;
Ciphertext is generated after encrypting using Encryption Algorithm to the data, the Encryption Algorithm is according to relational database What relational model determined, the Encryption Algorithm of the numerical characteristic of data required by relational model is maintained after encryption;
The ciphertext of the data is imported into relevant database.
Preferably, further comprising:
Determine the data of derived relation type database;
It is generated after the data are decrypted using decipherment algorithm in plain text, the decipherment algorithm is and the Encryption Algorithm phase It is corresponding;
By the plaintext derived relation type database of the data.
Preferably, further comprising:
After the request for receiving terminal export data, carried out using the cipher mode arranged with terminal to by derived plaintext Encryption;
By encrypted plaintext be sent to issue request terminal, this be in plain text using the manner of decryption arranged with terminal into Row decryption.
Preferably, when generating ciphertext after encrypting using Encryption Algorithm to the data, if data include several fields, It is to be encrypted using Encryption Algorithm to the field for the numerical characteristic for needing data required by maintaining relational model in the data 's.
Preferably, the Encryption Algorithm is constructed according to elementary function and/or special function.
Preferably, the elementary function is with one of minor function or a combination thereof or compound: normal function, power function, index Function, trigonometric function, antitrigonometric function, logarithmic function;
And/or
The special function is with one of minor function or a combination thereof or compound: bracket function, Di Likeli function, gamma Function, sign function, hyperbolic sine function, hyperbolic cosine function, hyperbolic tangent function, sequence, MOD function.
A kind of data processing equipment is provided in the embodiment of the present invention, comprising:
Data determining module is imported, for determining the data for importing relevant database;
Encrypting module, for generating ciphertext after encrypting using Encryption Algorithm to the data, the Encryption Algorithm is root It is determined according to the relational model of relational database, maintains adding for the numerical characteristic of data required by relational model after encryption Close algorithm;
Data import modul, for the ciphertext of the data to be imported relevant database.
Preferably, further comprising:
Data determining module is exported, for determining the data of derived relation type database;
Deciphering module, for using decipherment algorithm the data are decrypted after generate in plain text, the decipherment algorithm be with The Encryption Algorithm is corresponding;
Data export module, for by the plaintext derived relation type database of the data.
Preferably, further comprising:
Secondary encrypting module, for using the cipher mode arranged with terminal after the request for receiving terminal export data It is encrypted to by derived plaintext;
Sending module, for by encrypted plaintext be sent to issue request terminal, this be in plain text using with terminal about What fixed manner of decryption was decrypted.
Preferably, encrypting module is further used for when generating ciphertext after being encrypted using Encryption Algorithm to the data, It is using Encryption Algorithm to the numerical value for needing data required by maintaining relational model in the data if data include several fields What the field of characteristic was encrypted.
Preferably, encrypting module is further used for using the encryption constructed according to elementary function and/or special function Algorithm.
Preferably, the elementary function is with one of minor function or a combination thereof or compound: normal function, power function, index Function, trigonometric function, antitrigonometric function, logarithmic function;
And/or
The special function is with one of minor function or a combination thereof or compound: bracket function, Di Likeli function, gamma Function, sign function, hyperbolic sine function, hyperbolic cosine function, hyperbolic tangent function, sequence, MOD function.
A kind of computer equipment is provided in the embodiment of the present invention, including memory, processor and storage are on a memory And the computer program that can be run on a processor, the processor realize above-mentioned data processing when executing the computer program Method.
A kind of computer readable storage medium, the computer-readable recording medium storage are provided in the embodiment of the present invention There is the computer program for executing above-mentioned data processing method.
The present invention has the beneficial effect that:
In technical solution provided in an embodiment of the present invention, due to being added when data import relevant database Close, the data in such database are ciphertexts, while the Encryption Algorithm used is determined according to the relational model of relational database , the Encryption Algorithm of the numerical characteristic of data required by relational model is maintained after encryption;Therefore such ciphertext data Still can maintain data between relationship, the data for these ciphertext forms for being be still able in relevant database into Row processing.Therefore, there was only the data of ciphertext form in database, be also the data to ciphertext form when carrying out database processing It is handled;Encryption and decryption is uniformly just carried out by data encrypting and deciphering server when only passing in and out database.Obviously, even if database Leaking data, acquisition and ciphertext form data, so that the safety of data has obtained great guarantee.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes a part of the invention, this hair Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is data processing system structural schematic diagram in the embodiment of the present invention;
Fig. 2 is data processing method implementation process diagram in the embodiment of the present invention;
Fig. 3 is power function schematic diagram in the embodiment of the present invention;
Fig. 4 is exponential function schematic diagram in the embodiment of the present invention;
Fig. 5 is intermediate cam of embodiment of the present invention function schematic diagram;
Fig. 6 is logarithmic function schematic diagram in the embodiment of the present invention;
Fig. 7 is antitrigonometric function y=arcsin (x) schematic diagram in the embodiment of the present invention;
Fig. 8 is antitrigonometric function y=arccos (x) schematic diagram in the embodiment of the present invention;
Fig. 9 is that antitrigonometric function y=arctan (x) and antitrigonometric function y=arccot (x) illustrates in the embodiment of the present invention Figure;
Figure 10 is bracket function schematic diagram in the embodiment of the present invention;
Figure 11 is gamma function schematic diagram in the embodiment of the present invention;
Figure 12 is sign function schematic diagram in the embodiment of the present invention;
Figure 13 is hyperbolic functions schematic diagram in the embodiment of the present invention;
Figure 14 is Poisson distribution sequence diagram in the embodiment of the present invention;
Figure 15 is bi-distribution sequence diagram in the embodiment of the present invention;
Figure 16 is MOD function schematic diagram in the embodiment of the present invention;
Figure 17 is data transmittal and routing form schematic diagram in the embodiment of the present invention;
Figure 18 is data processing equipment structural diagram in the embodiment of the present invention.
Specific embodiment
Inventor during invention note that
In the safety problem that big data faces, current reply has following problem:
In face of the information leakage risk of big data platform, when carrying out data acquisition and information excavating to big data, The safety problem for focusing on privacy of user data carries out data mining under the premise of not revealing privacy of user data.It needs to examine What is considered is to guarantee that the privacy of user data in each storage point are not illegal in the information transmission and data exchange that distribution calculates It reveals and using the main problem for being information security under current big data background.Meanwhile current big data data volume is not Fixed, but dynamic is increased in application process, still, traditional data-privacy protection technique is for static number mostly According to, so, the data-privacy protection for how effectively coping with big data dynamic data attribute and the form of expression is also intended to focus on Safety problem.Finally, the data of big data, more than traditional data complexity, whether the secret protection of existing sensitive data can The data information for meeting big data complexity is also the safety problem that consider.
In face of the storage management risk of big data, the data type and data structure of big data are that traditional data cannot compare , in the storage platform of big data, data volume is that non-linear even exponential speed increases, various types and various The data of structure carry out data storage, will certainly cause the concurrent of a variety of application processes and frequently unordered operation, easily cause Data storage dislocation and data managerial confusion bring security risk for big data storage and the processing in later period.Current data are deposited Management system is stored up, the data storage requirement of the mass data under big data background can be met, need to be tested.But, if Data management system does not have corresponding security mechanism to upgrade, then late after going wrong.
However existing safety reply principle is derived from ITIL (Information Technology Infrastructure Library, IT infrastructure library), ITIL mainly includes six modules, i.e. service management, clothes Business management, the management of ICT architecture, IT service management planning and implementation, application management and safety management.In safety management module There is no the fixation positions of oneself in framework, and solving safety problem is solved with the mode of " patch installing ", this is resulted in Not no on the whole safe handling measure, thus can all go wrong in each link, it needs to protect, such as need at these Require to carry out " patch installing " protection in link: hacker, interior ghost, operation system, database, operating system, middleware, grade are protected Shield, network security, authentication, audit, security evaluation, data protection, Activity recognition etc..
Therefore, provide a kind of on the whole come the mechanism protected in the embodiment of the present invention, which makes data Only input and/or using when be in plain text, and other links be then using ciphertext carry out data processing.
The means used at present when being related to database data encryption are database transparent encryption technologies, which is to be directed to A kind of database encryption technology that relevant database privacy requirements are come into being.It is so-called transparent, refer to and is not necessarily to for users Change existing application system and operating habit.When user accesses database by application program, what is obtained is clear data, And what the user of unauthorized accessed that database obtains by illegal means is all ciphertext data.Data are bright in the application Text is ciphertext in the database.Once use environment is left, it can not since application program is unable to get the service decrypted automatically It opens, to play the effect of data in protection database.
In this mode, the mode of encryption are as follows:
Plaintext P is encrypted using Encryption Algorithm E and encryption key Ke in transmitting terminal, obtains ciphertext Y=EKe (P).It is close Literary Y should be decrypted after being sent to receiving end.Decrypting process can be described as: receiving end utilizes decipherment algorithm D and decruption key Ciphertext Y is decrypted in Kd, restores ciphertext to plaintext P=DKd (Y).In cryptography, the technology pin design is call close The technology to break a code, is called cryptanalysis by code coding.Cipher coding and cryptanalysis collectively cryptography.It is encrypting In system, algorithm is metastable.For the safety of encryption data, it should often change key.
Inventors noted that being substantially that data can be decrypted when entering database, in other words, in database under which In be still in plain text.
And in other non-relational databases, directly data are encrypted, what is saved in the database is also ciphertext, This can also play data and once leave use environment, can not beat since application program is unable to get the service decrypted automatically It opens, to play the effect of data in protection database.But inventors noted that under which, the data in database are Not can be carried out Automated generalization, that is, cannot apply in relevant database, this is because in ciphering process data because Encryption loses characteristic of the data as numerical value, so that it can not handled by relational database, this and relational data The characteristic related with mathematics in library is related.Relational database is built upon the database on the basis of relational model, by means of set The mathematical concepts such as algebra and method handle the data in database.In its relationship module commonly operation include: data query, Selection, projection, connection, simultaneously, hand over, it is poor, remove, data manipulation, increase, deletion, modification, inquiry.Its data has integrity demands, complete Whole property constraint includes: entity integrity, referential integrity, user's definition integrity.
For these reasons, a kind of Data Encryption Scheme is provided in the embodiment of the present invention, with reference to the accompanying drawing to this hair Bright specific embodiment is illustrated.
The hardware environment for implementing this programme is illustrated first.
Fig. 1 is data processing system structural schematic diagram, as shown, may include: data encrypting and deciphering server in system, At least one database, in which:
Database carries out database processing for storing the data of ciphertext form, and to the data of ciphertext form;
Data encrypting and deciphering server, for being encrypted using Encryption Algorithm to the data before database imports data The data for generating ciphertext form afterwards are decrypted before database exports data using data of the decipherment algorithm to ciphertext form The data of plaintext version are generated afterwards, and the decipherment algorithm is corresponding with the Encryption Algorithm.
Database in implementation refers to that the functional entity physically or logically of storing data, database (Database) are Come the warehouse of tissue, storage and management data according to data structure, it is resulted from away from before modern more than 60 years, with information technology and After the development in market, especially nineteen nineties, data management is only no longer storage and management data, and is changed At the mode of various data managements required for user.There are many kinds of types for database, are stored with various data from simplest Table be all widely used in all fields to the large-scale database system for being able to carry out mass data storage.Not Only refer to the database of narrow sense, such as: mysql, SQL Server, Oracle, Sybase, DB2 etc..
As long as in fact, being related to the processing of data technical solution provided in an embodiment of the present invention can be used, not It is only limitted to be named as the scene of " database ", such as can be used for storing the software with search software, such as data with data Library, search engine etc..Specifically by taking Elasticsearch as an example, ElasticSearch is the search service based on Lucene Device.It provides the full-text search engine of a distributed multi-user ability, is based on RESTful web interface. Elasticsearch is to be developed with Java, and issue as the open source code under Apache license terms, is currently popular Enterprise search engine.It is stable designed for real-time search in cloud computing, can be reached, it is reliably, quickly, easy to install and use. But the search engine in fact, although Elasticsearch is known as, wherein also there is database function, therefore, even if some Using being not referred to as database, but it is also applied for the technical solution provided in the embodiment of the present invention.
In implementation, can further include: at least one data entry terminal and/or at least one reading data are whole End, in which:
Data entry terminal, the data of the plaintext version for exporting database to be imported to data encrypting and deciphering server;
Reading data terminal, the data of the ciphertext form for obtaining export database from data encrypting and deciphering server, should Ciphertext is to carry out encryption and decryption using the encryption and decryption mode with data encrypting and deciphering server commitment.
In implementation, terminal, which is used, carries out encryption and decryption and following with the encryption and decryption mode of data encrypting and deciphering server commitment Use and terminal agreement cipher mode to derived plaintext is encrypted, is carried out using the manner of decryption arranged with terminal Decryption, " encryption " during this are a kind of technologies limited to the access right of data.Initial data is (also referred to as in plain text, Plaintext the data by coding for) being encrypted equipment (hardware or software) and key encryption and generating are known as ciphertext (ciphertext).The process that ciphertext is reduced to original plaintext is known as decrypting, it is the reverse process of encryption, and decryption person utilizes The encryption equipment and key pair ciphertext of same type are decrypted.General common encryption and decryption mode has:
Private key encryption technology: also referred to as symmetry encryption (Symmetric Key Encryption), symmetry encryption Mode uses identical key to encryption and decryption.Symmetric cryptography, is a kind of more traditional cipher mode, cryptographic calculation, Decryption operation uses same key, and the sender of information and the recipient of information are in the transmission and processing for carrying out information When, hold the password (referred to as symmetric cryptography) jointly.Communicating pair all holds this key, and keeps the secret of key.Such as: RC4, RC2, DES and AES series of cryptographic algorithm.
Public key encryption technology: also referred to as asymmetric-key encryption (Asymmetric Key Encryption): asymmetric Key encryption uses one group of public/private key system, uses a kind of key when encryption, and when decryption uses another key.It is public Key widely can be shared and be revealed altogether.When needing with cipher mode to when transmitting data outside server, this encryption side Formula is more convenient.Such as: RSA.
Digital certificate (Certificate): digital certificate is a kind of asymmetric-key encryption, and still, a tissue can be with It is using certificate and by digital signature that one group of public key and private key is associated with its owner.
In implementation, the database is relevant database;
The Encryption Algorithm that data encrypting and deciphering server uses is determined according to the relational model of relational database, The Encryption Algorithm of the numerical characteristic of data required by relational model is maintained after encryption, the decipherment algorithm of use is and institute It is corresponding to state Encryption Algorithm.
In implementation, data encrypting and deciphering server can also be further used for encrypting the data using Encryption Algorithm When generating ciphertext afterwards, if data include several fields, using Encryption Algorithm to being needed required by maintaining relational model in the data The fields of numerical characteristic of data encrypted.
In implementation, data encrypting and deciphering server can also be further used for using according to elementary function and/or special function The Encryption Algorithm of construction.
In specific implementation, the elementary function is with one of minor function or a combination thereof or compound: normal function, power function, Exponential function, trigonometric function, antitrigonometric function, logarithmic function;
And/or
The special function is with one of minor function or a combination thereof or compound: bracket function, Di Likeli function, gamma Function, sign function, hyperbolic sine function, hyperbolic cosine function, hyperbolic tangent function, sequence, MOD function.
As above structure as it can be seen that if entering data into and region belonging to the terminal of data being used to be known as non-security district, So, ciphertext is used other than non-security district, can be described as being not in plain text in safety zone namely non-security district.
Data safety computational service directly is provided by data encrypting and deciphering server, and is directly facing the final purpose of data (using the terminal of data) reduces data clear text output to greatest extent.
Meanwhile the encryption and decryption mode for the terminal and data encrypting and deciphering server commitment that data are used in combination carries out encryption and decryption The authorization for realizing access server apparatus, further enhances the safety of data.
And the Encryption Algorithm determined according to the relational model of relational database is used, relational model institute is maintained after encryption It is required that data numerical characteristic so that data can still be handled by relational model in the database, and not only only It is storing data.
If data include several fields, using Encryption Algorithm to needing data required by maintaining relational model in the data The field of numerical characteristic encrypted, can be for every by the way of individually being encrypted for each data segment Each field of record uses distinct methods to encrypt, and can both keep the relationship type processing of data in the database, can also be with Enhance encryption using the data portion that progress relational model is handled is not needed cracks difficulty.This is because encrypting When, if retaining the characteristics of data fewer, it is bigger to crack difficulty, therefore, can be for the data segment without relational calculus Difficulty is cracked to improve using common cipher mode.
Correspondingly, additionally providing encipherment scheme in the embodiment of the present invention, it is illustrated below.
Fig. 2 is data processing method implementation process diagram, as shown, may include:
Step 201 determines the data for importing relevant database;
Step 202 generates ciphertext after encrypting using Encryption Algorithm to the data, the Encryption Algorithm is according to relationship What the relational model of database determined, the encryption for maintaining the numerical characteristic of data required by relational model after encryption is calculated Method;
The ciphertext of the data is imported relevant database by step 203.
In implementation, it can further include:
Determine the data of derived relation type database;
It is generated after the data are decrypted using decipherment algorithm in plain text, the decipherment algorithm is and the Encryption Algorithm phase It is corresponding;
By the plaintext derived relation type database of the data.
In implementation, it can further include:
After the request for receiving terminal export data, carried out using the cipher mode arranged with terminal to by derived plaintext Encryption;
By encrypted plaintext be sent to issue request terminal, this be in plain text using the manner of decryption arranged with terminal into Row decryption.
In implementation, when generating ciphertext after encrypting using Encryption Algorithm to the data, if data include several fields, It is to be encrypted using Encryption Algorithm to the field for the numerical characteristic for needing data required by maintaining relational model in the data 's.
In implementation, the Encryption Algorithm is constructed according to elementary function and/or special function.
In specific implementation, the elementary function is with one of minor function or a combination thereof or compound: normal function, power function, Exponential function, trigonometric function, antitrigonometric function, logarithmic function;
And/or
The special function is with one of minor function or a combination thereof or compound: bracket function, Di Likeli function, gamma Function, sign function, hyperbolic sine function, hyperbolic cosine function, hyperbolic tangent function, sequence, MOD function.
The function that Encryption Algorithm can be used is illustrated below, the function curve in attached drawing employed in embodiment It is drawn using existing mode.
One, basic elementary functions
1, normal function: y=a.
Normal function is not strictly monotone increasing function, but has very important effect, a for constructing some common functions Influence of the value for other functions be huge.Such as: y=ax+b, wherein a, what b was indicated is constant.But work as a > 0 When, which is monotonic increase;As a < 0, which is monotone decreasing.
2, power function: y=xk
Fig. 3 is power function schematic diagram, as shown, specific as follows:
2.1, k is positive integer.
(0 ,+∞) singly increases (- ∞, 0) and singly subtracts when k is even number;(- ∞ ,+∞) singly increases when k is odd number.
2.2, k is negative integer.
(0 ,+∞) singly subtracts when k is even number, and (- ∞, 0) singly increases;When k is odd number (- ∞, 0), (0+ ∞) is single.
2.3、(q and p are coprime) is positive number.
When p is even number, (0 ,+∞) singly increases;When p is odd number, (- ∞ ,+∞) singly increases;
When p is even number, (0 ,+∞) singly increases;When p is odd number, (- ∞, 0) singly subtracts, and (0 ,+∞) is single.
2.4、(q and p are coprime) is negative.
When p is even number, (0 ,+∞) singly subtracts;When p is odd number, (- ∞, 0) singly increases, and (0 ,+∞) singly subtracts;
When p is even number, (- ∞ ,+∞) singly subtracts;When p is odd number, (- ∞, 0) singly increases.
4, exponential function: y=ax
Fig. 4 is exponential function schematic diagram, as shown, specific as follows:
4.1,0 < a < 1, (- ∞ ,+∞) singly subtracts.
4.2,1 < a, (- ∞ ,+∞) singly increase.
5, trigonometric function:
Fig. 5 is trigonometric function schematic diagram, as shown, specific as follows:
5.1, y=sin (x);
Dan Zeng;Singly subtract.
5.2, y=cos (x);
(2k π, π+2k π] (k ∈ Z) singly subtract;(π+2k π, 2 π+2k π] (k ∈ Z) singly increasing.
5.3, y=tan (x);
Dan Zeng.
5.4, y=cot (x);
Singly subtract.
6, logarithmic function: y=logax
Fig. 6 is logarithmic function schematic diagram, as shown, specific as follows:
6.1,0 < a < 1, (0 ,+∞) singly subtracts.
6.2,1 < a, (0 ,+∞) singly increase.
7, antitrigonometric function:
7.1, y=arcsin (x)
Fig. 7 is antitrigonometric function y=arcsin (x) schematic diagram, as shown, specific as follows:
[- 1,1] single to increase.
7.2, y=arccos (x)
Fig. 8 is antitrigonometric function y=arccos (x) schematic diagram, as shown, specific as follows:
[- 1,1] singly subtract.
7.3, y=arctan (x)
(- ∞ ,+∞) singly increases.
7.4, y=arccot (x)
(- ∞ ,+∞) singly subtracts.
Fig. 9 is antitrigonometric function y=arctan (x) and antitrigonometric function y=arccot (x) schematic diagram, as shown in the figure.
In an implementation, common elementary function can pass through a series of group by basic elementary functions to above-mentioned elementary function Close (linear combination or nonlinear combination) or compound composition.For MULTILAYER COMPOSITE function, as long as MULTILAYER COMPOSITE function is interior The function of layer and outer layer has even-times monotone decreasing, then is increasing function;There is odd-times monotone decreasing, is then subtraction function.
Such as: y=ax+b function is by power function y=xkWhen k=1 Shi Yuchang function y=a first carry out it is compound again with normal function Y=b is combined to obtain;Y=ax+ b function is by exponential function y=axIt is combined to obtain with normal function y=b.
Two, common special function.
1, bracket function:
Figure 10 is bracket function schematic diagram, as shown, specific as follows:
Y=[x]
(- ∞ ,+∞) discontinuously, but it is steps be incremented by.
2, Di Likeli function.
Its discontinuous everywhere in real number field, but can construct domain using it is that some section connects in real number field It is continuous.
3, gamma function
Figure 11 is gamma function schematic diagram, as shown, specific as follows:
[1.461632131 ,+∞) list increasing, singly subtract in (0,1.461632131), Function Extreme Value point can not be retouched directly It states, 1.46163213 be to approach value by what is be calculated.
4, sign function:
Figure 12 is sign function schematic diagram, as shown, specific as follows:
5, hyperbolic sine function, hyperbolic cosine function, hyperbolic tangent function
Figure 13 is hyperbolic functions schematic diagram, as shown, specific as follows:
(- ∞ ,+∞) singly increases;
(0 ,+∞) singly increases, (- ∞, 0] singly subtract;
(- ∞ ,+∞) singly increases;
6, common sequence
6.1, Poisson distribution sequence.
Figure 14 is Poisson distribution sequence diagram, as shown, specific as follows:
Here N refers to that natural number, λ are parameter, and wherein λ≤k is mono- increases, and 0≤k < λ is mono- to be subtracted.
6.2, bi-distribution sequence:
Figure 15 is bi-distribution sequence diagram, as shown, specific as follows:
Here N refers to natural number, and [np]≤k is mono- to be increased, and 0≤k < [np] singly subtracts, and [np] indicates the rounding to np here.
7, MOD function
Figure 16 is MOD function schematic diagram, as shown, specific as follows:
Y=xmod p
[kp, (k+1) p) k ∈ N, Dan Zeng.
In implementation, the compound or combination of elementary function domain special function also may be constructed the monotonic function in some section.
Such as:Function is by the gamma function in special function It is combined to obtain with the normal function y=b in basic elementary functions;ECC (Elliptic curve cryptography, it is oval Curve Cryptography) Elliptic Curve y2=x3This curve of+ax+b (mod p) is by the MOD function in special function and substantially first Power function in equal functions combines to obtain, and monotonicity must be made a concrete analysis of.
As can be seen from the above-described embodiment, after using above scheme, since be able to use plaintext only only has data Input terminal and the terminal for using data, other data are ciphertext, thus data can be prevented by after attacker " de- library " Diffusion, message protection system can prevent completely by attacker " downloading ".
Have " three proofings " design principle using the data system of scheme, all has to hacker, security firm, internal work personnel Standby comprehensive protective capacities, for owner, it is all " flight data recorder " that system, which is delivered later,.Pipe is carried out to data by end-to-end Reason, it is ensured that data are not revealed or distorted by the user of unauthorized during use, transimission and storage.It can be special in conjunction with enterprise Data safety is protected in some business demands, business model and management culture, realization in all directions.
Specifically, as shown in scheme, data system using the above scheme by client with restore it is decoded Safe transmitting data up and down between data encrypting and deciphering server, so that hacker is gainless in operation system and database, because It is encrypted entirely for the data of storage inside, operation system can only see the data after being encrypted, and data whole process is used data Terminal and data encrypting and deciphering server commitment PKI technical protection, can only open and show in specified client.
Figure 17 is data transmittal and routing form schematic diagram, as shown in the figure, it is seen then that after system use using the above scheme, client End input in plain text, becomes ciphertext, after the operation and storage of finishing service system, data are still with encrypted test mode after system is processed Transmitting, is finally showed in client with clear-text way.Without in plain text in entire data transmission procedure.
That is, may be implemented even if can invade operating system, but steal less than protected data;Even if in can invading Between part, but steal less than protected data;Even if database can be stolen, but steal less than protected data;Even if industry can be stolen Business system, but steal less than protected data.
Based on the same inventive concept, a kind of data processing equipment is additionally provided in the embodiment of the present invention, a kind of computer is set Standby, a kind of computer readable storage medium, the principle solved the problems, such as due to these method and apparatus with data processing system phase Seemingly, therefore the implementation of these method and apparatus may refer to the implementation of system, and overlaps will not be repeated.
Figure 18 is data processing equipment structural diagram, as shown, may include:
Data determining module 1801 is imported, for determining the data for importing relevant database;
Encrypting module 1802, for generating ciphertext, the Encryption Algorithm after encrypting using Encryption Algorithm to the data It is to be determined according to the relational model of relational database, maintains the numerical characteristic of data required by relational model after encryption Encryption Algorithm;
Data import modul 1803, for the ciphertext of the data to be imported relevant database.
In implementation, further comprise:
Data determining module 1804 is exported, for determining the data of derived relation type database;
Deciphering module 1805, for being generated after the data are decrypted using decipherment algorithm in plain text, the decipherment algorithm It is corresponding with the Encryption Algorithm;
Data export module 1806, for by the plaintext derived relation type database of the data.
In implementation, further comprise:
Secondary encrypting module 1807, for using the encryption arranged with terminal after the request for receiving terminal export data Mode is encrypted to by derived plaintext;
Sending module 1808, for by encrypted plaintext be sent to issue request terminal, this be in plain text using with end What the manner of decryption of end agreement was decrypted.
In implementation, encrypting module is further used for when generating ciphertext after being encrypted using Encryption Algorithm to the data, It is using Encryption Algorithm to the numerical value for needing data required by maintaining relational model in the data if data include several fields What the field of characteristic was encrypted.
In implementation, encrypting module is further used for using the encryption constructed according to elementary function and/or special function Algorithm.
In implementation, the elementary function is with one of minor function or a combination thereof or compound: normal function, power function, index Function, trigonometric function, antitrigonometric function, logarithmic function;
And/or
The special function is with one of minor function or a combination thereof or compound: bracket function, Di Likeli function, gamma Function, sign function, hyperbolic sine function, hyperbolic cosine function, hyperbolic tangent function, sequence, MOD function.
It additionally provides a kind of computer equipment in the embodiment of the present invention, including memory, processor and is stored in memory Computer program that is upper and can running on a processor, the processor are realized at above-mentioned data when executing the computer program Reason method.Specific implementation may refer to the implementation of above-mentioned data processing method.
A kind of computer readable storage medium is additionally provided in the embodiment of the present invention, the computer readable storage medium is deposited It contains and executes above-mentioned data processing method.Specific implementation may refer to the implementation of above-mentioned data processing method.
For convenience of description, each section of apparatus described above is divided into various modules with function or unit describes respectively. Certainly, each module or the function of unit can be realized in same or multiple softwares or hardware in carrying out the present invention.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The shape for the computer program product implemented in usable storage medium (including but not limited to magnetic disk storage and optical memory etc.) Formula.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (14)

1. a kind of data processing method characterized by comprising
Determine the data for importing relevant database;
Ciphertext is generated after encrypting using Encryption Algorithm to the data, the Encryption Algorithm is the relationship according to relational database What model determined, the Encryption Algorithm of the numerical characteristic of data required by relational model is maintained after encryption;
The ciphertext of the data is imported into relevant database.
2. the method as described in claim 1, which is characterized in that further comprise:
Determine the data of derived relation type database;
It is generated in plain text after the data are decrypted using decipherment algorithm, the decipherment algorithm is corresponding with the Encryption Algorithm 's;
By the plaintext derived relation type database of the data.
3. method according to claim 2, which is characterized in that further comprise:
After the request for receiving terminal export data, added using the cipher mode arranged with terminal to by derived plaintext It is close;
Encrypted plaintext is sent to the terminal for issuing request, this is solved using the manner of decryption arranged with terminal in plain text Close.
4. the method as described in claim 1, which is characterized in that generated after being encrypted using Encryption Algorithm to the data close Wen Shi is using Encryption Algorithm to needing data required by maintaining relational model in the data if data include several fields The field of numerical characteristic encrypted.
5. the method as described in Claims 1-4 is any, which is characterized in that the Encryption Algorithm be according to elementary function and/or Special function construction.
6. method as claimed in claim 5, which is characterized in that the elementary function be with one of minor function or a combination thereof or It is compound: normal function, power function, exponential function, trigonometric function, antitrigonometric function, logarithmic function;
And/or
The special function is with one of minor function or a combination thereof or compound: bracket function, Di Likeli function, gamma letter Number, sign function, hyperbolic sine function, hyperbolic cosine function, hyperbolic tangent function, sequence, MOD function.
7. a kind of data processing equipment characterized by comprising
Data determining module is imported, for determining the data for importing relevant database;
Encrypting module, for generating ciphertext after encrypting using Encryption Algorithm to the data, the Encryption Algorithm is according to pass It is the relational model determination of database, the encryption for maintaining the numerical characteristic of data required by relational model after encryption is calculated Method;
Data import modul, for the ciphertext of the data to be imported relevant database.
8. device as claimed in claim 7, which is characterized in that further comprise:
Data determining module is exported, for determining the data of derived relation type database;
Deciphering module, for using decipherment algorithm the data are decrypted after generate in plain text, the decipherment algorithm be with it is described Encryption Algorithm is corresponding;
Data export module, for by the plaintext derived relation type database of the data.
9. device as claimed in claim 8, which is characterized in that further comprise:
Secondary encrypting module, for receive terminal export data request after, using the cipher mode arranged with terminal to will Derived plaintext is encrypted;
Sending module, for encrypted plaintext to be sent to the terminal for issuing request, this is arranged using with terminal in plain text What manner of decryption was decrypted.
10. device as claimed in claim 7, which is characterized in that encrypting module is further used in use Encryption Algorithm to this It is using Encryption Algorithm to needing to maintain in the data if data include several fields when data generate ciphertext after being encrypted What the field of the numerical characteristic of data required by relational model was encrypted.
11. device the method according to any one of claims 7 to 10, which is characterized in that encrypting module is further used for using according to just The Encryption Algorithm of equal functions and/or special function construction.
12. device as claimed in claim 11, which is characterized in that the elementary function is with one of minor function or a combination thereof It is or compound: normal function, power function, exponential function, trigonometric function, antitrigonometric function, logarithmic function;
And/or
The special function is with one of minor function or a combination thereof or compound: bracket function, Di Likeli function, gamma letter Number, sign function, hyperbolic sine function, hyperbolic cosine function, hyperbolic tangent function, sequence, MOD function.
13. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor Calculation machine program, which is characterized in that the processor realizes any side of claim 1 to 6 when executing the computer program Method.
14. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has perform claim It is required that the computer program of 1 to 6 any the method.
CN201811261514.7A 2018-10-26 2018-10-26 A kind of data processing method, device and equipment Pending CN109522727A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811261514.7A CN109522727A (en) 2018-10-26 2018-10-26 A kind of data processing method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811261514.7A CN109522727A (en) 2018-10-26 2018-10-26 A kind of data processing method, device and equipment

Publications (1)

Publication Number Publication Date
CN109522727A true CN109522727A (en) 2019-03-26

Family

ID=65772378

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811261514.7A Pending CN109522727A (en) 2018-10-26 2018-10-26 A kind of data processing method, device and equipment

Country Status (1)

Country Link
CN (1) CN109522727A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114938312A (en) * 2022-07-25 2022-08-23 北京中电普华信息技术有限公司 Data transmission method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104881280A (en) * 2015-05-13 2015-09-02 南京邮电大学 Multi-search supporting design method for encrypted database middleware
CN105787387A (en) * 2016-03-07 2016-07-20 南京邮电大学 Database encryption method and encryption database query method
US20170083604A1 (en) * 2015-02-27 2017-03-23 Samsung Electronics Co., Ltd. Column wise encryption for lightweight db engine
CN106934301A (en) * 2017-02-24 2017-07-07 中国科学院大学 A kind of safely outsourced data processing method of relevant database for supporting ciphertext data manipulation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170083604A1 (en) * 2015-02-27 2017-03-23 Samsung Electronics Co., Ltd. Column wise encryption for lightweight db engine
CN104881280A (en) * 2015-05-13 2015-09-02 南京邮电大学 Multi-search supporting design method for encrypted database middleware
CN105787387A (en) * 2016-03-07 2016-07-20 南京邮电大学 Database encryption method and encryption database query method
CN106934301A (en) * 2017-02-24 2017-07-07 中国科学院大学 A kind of safely outsourced data processing method of relevant database for supporting ciphertext data manipulation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
邹旎彬: "数据库加密系统的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114938312A (en) * 2022-07-25 2022-08-23 北京中电普华信息技术有限公司 Data transmission method and device
CN114938312B (en) * 2022-07-25 2022-09-23 北京中电普华信息技术有限公司 Data transmission method and device

Similar Documents

Publication Publication Date Title
AlAhmad et al. Mobile cloud computing models security issues: A systematic review
KR102055116B1 (en) Data security service
Bella et al. A study of security threats and attacks in cloud computing
Kalaiprasath et al. Cloud information accountability (cia) framework ensuring accountability of data in cloud and security in end to end process in cloud terminology
WO2019199813A2 (en) Managed high integrity blockchain and blockchain communications that utilize containers
Gajmal et al. Blockchain-based access control and data sharing mechanism in cloud decentralized storage system
Sehgal et al. Cloud computing and information security
Gadde et al. Secure Data Sharing in Cloud Computing: A Comprehensive Survey of Two-Factor Authentication and Cryptographic Solutions.
Bakro et al. Hybrid blockchain-enabled security in cloud storage infrastructure using ECC and AES algorithms
Srikanth et al. Security issues in cloud and mobile cloud: A comprehensive survey
CN109522727A (en) A kind of data processing method, device and equipment
CN109495455A (en) A kind of data processing system, method and apparatus
Sansanwal et al. Security Attacks in Cloud Computing: A Systematic Review
CN113901507B (en) Multi-party resource processing method and privacy computing system
Mumtaz et al. PDIS: A Service Layer for Privacy and Detecting Intrusions in Cloud Computing.
Kwao Dawson et al. PRISMA Archetype‐Based Systematic Literature Review of Security Algorithms in the Cloud
Geetha et al. Blockchain based Mechanism for Cloud Security
CN109840423A (en) A kind of recording method of data relationship, device and equipment
CN113452661A (en) Server side key safety protection method, equipment and medium
Alotaibi et al. Sensitive Data Exposure: Data Forwarding and Storage on Cloud Environment
Rupa et al. Study and improved data storage in cloud computing using cryptography
Rassam et al. Cloud Database Security Issues and Challenges: A Review
Gottipati et al. A Study on Data Security and Privacy Issues in Cloud Computing
Chaturvedi et al. Security Algorithms for Privacy Protection and Security in Aadhaar
Deepa et al. A Meta-Analysis of Efficient Countermeasures for Data Security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190326