CN109684854A - A kind of bottom data encryption method suitable for management information system in enterprise - Google Patents
A kind of bottom data encryption method suitable for management information system in enterprise Download PDFInfo
- Publication number
- CN109684854A CN109684854A CN201811386442.9A CN201811386442A CN109684854A CN 109684854 A CN109684854 A CN 109684854A CN 201811386442 A CN201811386442 A CN 201811386442A CN 109684854 A CN109684854 A CN 109684854A
- Authority
- CN
- China
- Prior art keywords
- enterprise
- account
- management information
- function
- information system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
Abstract
The invention belongs to information security correlative technology fields, it discloses a kind of bottom data encryption methods suitable for management information system in enterprise, method includes the following steps: (1) creation encryption function and decryption function, and the encryption function and the decryption function are encrypted;(2) it is needing to create trigger in the table encrypted, the trigger will cover original data after the data encryption of unencryption;(3) view and storing process required for the management information system in enterprise are made using the decryption function, then the view and the storing process is encrypted;(4) constructing function module and Reports module, and the corresponding view and the storing process are called according to the demand of the functional module and the demand of the Reports module;Permission is arranged to the functional module and the Reports module simultaneously.The present invention improves efficiency, realizes fast decryption and the display of data.
Description
Technical field
The invention belongs to information security correlative technology fields, are suitable for enterprise management information system more particularly, to one kind
The bottom data encryption method of system.
Background technique
During the ERP development of management information system, O&M, exploitation, operation maintenance personnel can touch many business data, greatly
Most data are not concerning security matters or insensitive, but have a small amount of sensitive data.Some sensitive datas are protected
It is close, such as the wages data of employee.The wages of employee do not allow other employees arbitrarily to check.But in the actual process, these
Wages data are stored in bottom in clear text manner, and the operation maintenance personnel for possessing database super keepe permission can view.
How to allow the operation maintenance personnel for possessing database super keepe permission that can not view sensitive data, is ERP management information system
A major issue for needing to solve in development process.
By taking SQL sever database as an example, which is included encryption and decryption function, but its mode for encrypting
It is excessively complicated, and decryption function is inefficient, and when handling the inquiry of large-scale data, the time used is extremely long, will lead to letter
Breath system effectiveness is lower, or even situations such as Caton occurs.Correspondingly, this field is a kind of quickly suitable for enterprise there is developing
The technical need of the bottom data encryption method of management information system.
Summary of the invention
Aiming at the above defects or improvement requirements of the prior art, the present invention provides one kind to be suitable for enterprise management information system
A kind of fast speed is studied and devised to the bottom data encryption method of system the characteristics of being encrypted and decrypted based on available data
The bottom data encryption method suitable for management information system in enterprise.The encryption method encrypts bottom data, even if gathering around
There are the exploitation of database super keepe permission, operation maintenance personnel that can not also see bottom data, and realizes and data are carried out in fact
Shi Gengxin and encryption, account password using function encrypting cipher mode store, have preferable information security, and encrypt and
Decryption efficiency is higher.
To achieve the above object, the present invention provides a kind of bottom data encryption sides suitable for management information system in enterprise
Method, the encryption method the following steps are included:
(1) encryption function and decryption function are created, and the encryption function and the decryption function are encrypted, it is described
The account information used for decryption personnel is built-in in decryption function;
(2) it is needing to create trigger in the table encrypted, the trigger will cover original after the data encryption of unencryption
Data, to realize the update and automatic encryption of data;
(3) view and storing process required for the management information system in enterprise are made using the decryption function, after
And the view and the storing process are encrypted;
(4) constructing function module and Reports module, and according to the demand of the functional module and the need of the Reports module
It asks and calls the corresponding view and the storing process;Permission is arranged to the functional module and the Reports module simultaneously.
Further, account built-in in the decryption function and password are deposited using the cipher mode of function encrypting
Storage.
Further, the account of the ordinary user of the management information system in enterprise and password are carried out using another function
Encryption, and another described function is encrypted.
Further, after the user account for possessing permission enters module, it is also necessary to input scheduled account and password
It can check data.
Further, the account, password and the data that can be checked that input are needed to be all different different modules.
Further, the management information system in enterprise is provided with the account and password of three types, and the first kind is user
Account and user password possess the permission for logging in software and entering module;Second class is the account of ordinary user and password possess into
Enter module and checks the permission of personal information;Third class is that built-in account and password possess the power that all data are checked in module
Limit.
Further, the administrator of the management information system in enterprise can initialize the password of ordinary user, but can not
Check the data that ordinary user can view.
Further, the administrator can not initialize the password of built-in account, while can not check built-in account
Number data that can be checked.
In general, through the invention it is contemplated above technical scheme is compared with the prior art, it is provided by the invention suitable
Bottom data encryption method for management information system in enterprise mainly has the advantages that
1. pair encryption function and the decryption function encrypt, the view and the storing process are added
Close processing, so that the range for the data that different users views is different, nothing possessing the personnel of super keepe permission
Method views, it is ensured that the privacy and safety of data.
2. being built-in with the account information used for decryption personnel in the decryption function, built-in account in the decryption function
Number and password stored using the cipher mode of function encrypting so that operation maintenance personnel and administrator can not also view whole numbers
According to, it is ensured that the safety of sensitive data.
3. encryption and decryption function that the encryption of creation and decryption function are carried relative to database, cipher mode is simple,
Decryption efficiency is high, and when handling large-scale data inquiry, the time used is shorter, improves the efficiency of information system.
4. the trigger will cover original needing to create trigger in the table encrypted after the data encryption of unencryption
Data, to realize the update and automatic encryption of data.
5. constructing function module and Reports module, and according to the demand of the functional module and the demand of the Reports module
Call the corresponding view and the storing process;Permission is arranged to the functional module and the Reports module simultaneously, such as
This can satisfy different demands, and flexibility is preferable, and practicability is stronger, and permission is arranged to each module, both can satisfy difference
The needs that crowd inquires information, and can be to avoid viewing the sensitive information other than permission.
Detailed description of the invention
Fig. 1 is the process signal of the bottom data encryption method provided by the invention suitable for management information system in enterprise
Figure.
Fig. 2 is the data encryption being related to suitable for the bottom data encryption method of management information system in enterprise in Fig. 1
Flow diagram.
Fig. 3 is the data deciphering being related to suitable for the bottom data encryption method of management information system in enterprise in Fig. 1
Flow diagram.
Fig. 4 is that the different personnel being related to suitable for the bottom data encryption method of management information system in enterprise in Fig. 1 look into
See the schematic diagram of compensation data.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.As long as in addition, technical characteristic involved in the various embodiments of the present invention described below
Not constituting a conflict with each other can be combined with each other.
Fig. 1, Fig. 2, Fig. 3 and Fig. 4 are please referred to, the bottom data provided by the invention suitable for management information system in enterprise adds
Decryption method, the bottom data encryption method mainly comprise the steps that
Step 1 creates encryption function and decryption function, and encrypts to the encryption function and the decryption function,
The account information used for decryption personnel is built-in in the decryption function.
Specifically, encryption function and decryption function are created, and in decryption function built-in decryption personnel account information, and
The encryption function and the decryption function are encrypted, so that the decryption function and the encryption function can only call,
It can not check.Wherein, the password of the built-in account in the decryption function is stored with the cipher mode of function encrypting;Other
The password of ordinary user's account uses other function encrypting, and this function of use is encrypted, so that this function can only
It calls, can not check.
When the encryption function encrypts data, firstly, input data;Then, the encryption function is to input
Data are identified encrypted to judge whether, if not having, the encryption function is according to certain rules to the number of input
According to being encrypted, and encrypted data are returned, otherwise direct returned data.
When the decryption function ciphertext data, firstly, inputting data, account and password to be decrypted;Then the decryption letter
Number judges that the legitimacy of the account and password then terminates if it is illegal;If legal, the decryption function further judges wait solve
Whether ciphertext data meets decryption condition, if not meeting, terminates, if meeting, the decryption function is according to certain rules to institute
It states data to be decrypted to be decrypted, and the data after decryption is returned.
Step 2 is needing to create trigger in the table encrypted, and the trigger will cover after the data encryption of unencryption
Original data, to realize the update and automatic encryption of data.
Step 3 makes view required for the management information system in enterprise using the decryption function and stored
Journey is then encrypted the view and the storing process.
Step 4, constructing function module and Reports module, and according to the demand of the functional module and the Reports module
Demand call the corresponding view and the storing process.
Specifically, the functional module and the Reports module one share 31 comprising wage is not fixed project, emolument
Part is summarized, personal wages are inquired, pay sheet prints etc., can be with customized emolument report.
Access authority is arranged to the functional module and the Reports module respectively according to demand, so that different in step 5
User there is different access rights to the functional module and the Reports module.
Specifically, priority assignation is carried out to the functional module and the Reports module, possesses user's account of module permission
It can number just enter the module, after the user account for possessing permission enters module, it is also necessary to input specific account and password
It can just check data;Meanwhile account, password and the data that can be checked for needing to input for different module not phase
Together.
The management information system in enterprise is provided with the account and password of three types: the first kind is user account and user
Password possesses the permission for logging in software and entering module;Second class is the account and password of ordinary user, such account can be
Personal information, such as personal emolument are viewed in module;Third class is built-in account and password, such account and password can be in moulds
All data are viewed in block, such as all employee's wages data.The password of second class ordinary user uses a function encrypting, defeated
After entering password, a string of 32 passwords of output, super keepe can be with initialized cryptographic, but must have associated authorization, and use
It can only see empty module after the code entry of initialization, be unable to ciphertext data.
Permission is arranged to each module, the user account for possessing module permission just can enter, when the user account for possessing permission
Into after module, it is also necessary to inputting specific account and password just can really view data, and for different modules,
The account that needs to input, password and the data that can view are different, such as worker individual's wages enquiry module, need to pass through individual
Account enters software and module, inputs personal wages password for inquiry, views the wages of oneself;Workers' pay statistical module,
The user account of only payroll administration personnel just can enter software and module, and just by the corresponding built-in account of input and password
It can check, and check the emolument of all employees at that time.In addition, administrative staff can initialize the password of ordinary user, but
It is the personal information that can not check user;For built-in account and password, administrative staff cannot both initialize built-in account
Password does not have yet and checks permission.
Bottom data encryption method provided by the invention suitable for management information system in enterprise, the encryption method pass through
Creation encryption and decryption function and in decryption function built-in decryption personnel account information, by the password of built-in account use letter
Number cipher modes storage, meanwhile, the view and storing process needed using decryption function production, and devise module and according to mould
Block needs that the view and the storing process, modules is called to be also provided with permission, makes to possess the super management of database
The operation maintenance personnel of member's permission can not view sensitive data, can be quick when so improving encryption efficiency and safety, and inquiring
Decryption quickly shows data, greatly facilitates user, with strong applicability, flexibility is preferable.
As it will be easily appreciated by one skilled in the art that the foregoing is merely illustrative of the preferred embodiments of the present invention, not to
The limitation present invention, any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should all include
Within protection scope of the present invention.
Claims (8)
1. a kind of bottom data encryption method suitable for management information system in enterprise, which is characterized in that this method includes following
Step:
(1) encryption function and decryption function are created, and the encryption function and the decryption function are encrypted, the decryption
The account information used for decryption personnel is built-in in function;
(2) it is needing to create trigger in the table encrypted, the trigger will cover original number after the data encryption of unencryption
According to realize the update and automatic encryption of data;
(3) view and storing process required for the management information system in enterprise are made using the decryption function, it is then right
The view and the storing process are encrypted;
(4) constructing function module and Reports module, and according to the demand of the functional module and the demand tune of the Reports module
With the corresponding view and the storing process;Permission is arranged to the functional module and the Reports module simultaneously.
2. being suitable for the bottom data encryption method of management information system in enterprise as described in claim 1, it is characterised in that: institute
Account and password built-in in decryption function is stated to be stored using the cipher mode of function encrypting.
3. being suitable for the bottom data encryption method of management information system in enterprise as claimed in claim 2, it is characterised in that: institute
The account and password for stating the ordinary user of management information system in enterprise are encrypted using another function, and to described another
A function is encrypted.
4. being suitable for the bottom data encryption method of management information system in enterprise as described in claim 1, it is characterised in that: when
Possess permission user account enter module after, it is also necessary to data can just be checked by inputting scheduled account and password.
5. being suitable for the bottom data encryption method of management information system in enterprise as claimed in claim 4, it is characterised in that: right
The account, password and the data that can be checked that input are needed to be all different in different modules.
6. the bottom data encryption method as described in any one in claim 1-5 suitable for management information system in enterprise, special
Sign is: the management information system in enterprise is provided with the account and password of three types, and the first kind is user account and user
Password possesses the permission for logging in software and entering module;Second class is that the account of ordinary user and password possess into module and look into
See the permission of personal information;Third class is that built-in account and password possess the permission that all data are checked in module.
7. being suitable for the bottom data encryption method of management information system in enterprise as claimed in claim 6, it is characterised in that: institute
The administrator for stating management information system in enterprise can initialize the password of ordinary user, but can not check that ordinary user can check
The data arrived.
8. being suitable for the bottom data encryption method of management information system in enterprise as claimed in claim 7, it is characterised in that: institute
The password of built-in account can not be initialized by stating administrator, while can not check the data that built-in account can check.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811386442.9A CN109684854B (en) | 2018-11-20 | 2018-11-20 | Bottom data encryption method suitable for enterprise management information system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811386442.9A CN109684854B (en) | 2018-11-20 | 2018-11-20 | Bottom data encryption method suitable for enterprise management information system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109684854A true CN109684854A (en) | 2019-04-26 |
CN109684854B CN109684854B (en) | 2022-02-11 |
Family
ID=66185440
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811386442.9A Active CN109684854B (en) | 2018-11-20 | 2018-11-20 | Bottom data encryption method suitable for enterprise management information system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109684854B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110211112A (en) * | 2019-05-31 | 2019-09-06 | 华中科技大学 | A kind of casting defect inspection method based on filtering selective search |
CN110321345A (en) * | 2019-05-22 | 2019-10-11 | 嘉兴天盾安全技术服务有限公司 | A kind of data encryption storage method |
CN110599327A (en) * | 2019-09-02 | 2019-12-20 | 四川新网银行股份有限公司 | Method for automatically generating and sending banking report |
CN111046421A (en) * | 2019-11-28 | 2020-04-21 | 郑州财经学院 | Enterprise management sharing method based on APP |
CN111062594A (en) * | 2019-12-06 | 2020-04-24 | 北京百分点信息科技有限公司 | Assessment method and device for provider operation capacity and electronic equipment |
CN116933298A (en) * | 2023-09-18 | 2023-10-24 | 广东省科技基础条件平台中心 | Encryption processing method, device, storage medium and equipment for scientific and technological achievement data |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7353387B2 (en) * | 2001-03-08 | 2008-04-01 | International Business Machines Corporation | Method and system for integrating encryption functionality into a database system |
CN101639882A (en) * | 2009-08-28 | 2010-02-03 | 华中科技大学 | Database security system based on storage encryption |
CN106250783A (en) * | 2016-08-31 | 2016-12-21 | 天津南大通用数据技术股份有限公司 | A kind of database data encryption, decryption method and device |
CN106446196A (en) * | 2016-09-29 | 2017-02-22 | 北京许继电气有限公司 | Autonomous controllable database data encryption and retrieval method and system based on random salt |
CN108256344A (en) * | 2018-01-22 | 2018-07-06 | 商客通尚景科技江苏有限公司 | A kind of SaaS enterprise platforms Database Systems and attaching method thereof |
-
2018
- 2018-11-20 CN CN201811386442.9A patent/CN109684854B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7353387B2 (en) * | 2001-03-08 | 2008-04-01 | International Business Machines Corporation | Method and system for integrating encryption functionality into a database system |
CN101639882A (en) * | 2009-08-28 | 2010-02-03 | 华中科技大学 | Database security system based on storage encryption |
CN106250783A (en) * | 2016-08-31 | 2016-12-21 | 天津南大通用数据技术股份有限公司 | A kind of database data encryption, decryption method and device |
CN106446196A (en) * | 2016-09-29 | 2017-02-22 | 北京许继电气有限公司 | Autonomous controllable database data encryption and retrieval method and system based on random salt |
CN108256344A (en) * | 2018-01-22 | 2018-07-06 | 商客通尚景科技江苏有限公司 | A kind of SaaS enterprise platforms Database Systems and attaching method thereof |
Non-Patent Citations (1)
Title |
---|
张水平主编: "《数据库应用技术 SQL Server》", 1 April 2005 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110321345A (en) * | 2019-05-22 | 2019-10-11 | 嘉兴天盾安全技术服务有限公司 | A kind of data encryption storage method |
CN110211112A (en) * | 2019-05-31 | 2019-09-06 | 华中科技大学 | A kind of casting defect inspection method based on filtering selective search |
CN110599327A (en) * | 2019-09-02 | 2019-12-20 | 四川新网银行股份有限公司 | Method for automatically generating and sending banking report |
CN111046421A (en) * | 2019-11-28 | 2020-04-21 | 郑州财经学院 | Enterprise management sharing method based on APP |
CN111062594A (en) * | 2019-12-06 | 2020-04-24 | 北京百分点信息科技有限公司 | Assessment method and device for provider operation capacity and electronic equipment |
CN116933298A (en) * | 2023-09-18 | 2023-10-24 | 广东省科技基础条件平台中心 | Encryption processing method, device, storage medium and equipment for scientific and technological achievement data |
CN116933298B (en) * | 2023-09-18 | 2024-02-09 | 广东省科技基础条件平台中心 | Encryption processing method, device, storage medium and equipment for scientific and technological achievement data |
Also Published As
Publication number | Publication date |
---|---|
CN109684854B (en) | 2022-02-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109684854A (en) | A kind of bottom data encryption method suitable for management information system in enterprise | |
US9137113B2 (en) | System and method for dynamically allocating resources | |
Nash et al. | Some Conundrums Concerning Separation of Duty. | |
CN101504706B (en) | Database information encryption method and system | |
US20120324225A1 (en) | Certificate-based mutual authentication for data security | |
US11290446B2 (en) | Access to data stored in a cloud | |
CN100587682C (en) | Method and apparatus for secure processing of sensitive data | |
US11212347B2 (en) | Private content storage with public blockchain metadata | |
US20120131189A1 (en) | Apparatus and method for information sharing and privacy assurance | |
CN101183384B (en) | Data processing method and device | |
US7849512B2 (en) | Method and system to create secure virtual project room | |
CN102710633A (en) | Cloud security management system of security electronic documents and method | |
RU2573211C2 (en) | Execution method and universal electronic card and smart card system | |
Jakóbik | Big data security | |
CN111046421A (en) | Enterprise management sharing method based on APP | |
CN110889121A (en) | Method, server and storage medium for preventing data leakage | |
US20230005391A1 (en) | Polymorphic encryption for security of a data vault | |
Bakir | New blockchain based special keys security model with path compression algorithm for big data | |
KR100652990B1 (en) | Framework preventing unauthorized use of documents | |
CN105915547A (en) | Method for realizing control and leakage prevention of data out of service system | |
Naranjo Rico | Holistic business approach for the protection of sensitive data: study of legal requirements and regulatory compliance at international level to define and implement data protection measures using encryption techniques | |
Wang et al. | Research on data and workflow security of electronic military systems | |
US11983284B2 (en) | Consent management methods | |
Renuka et al. | A Survey on Cloud Data Security | |
Mityushin | Issues and Possibilities of Personal Data Remote Processing in the COVID19 Pandemic Environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |