CN109684854B - Bottom data encryption method suitable for enterprise management information system - Google Patents
Bottom data encryption method suitable for enterprise management information system Download PDFInfo
- Publication number
- CN109684854B CN109684854B CN201811386442.9A CN201811386442A CN109684854B CN 109684854 B CN109684854 B CN 109684854B CN 201811386442 A CN201811386442 A CN 201811386442A CN 109684854 B CN109684854 B CN 109684854B
- Authority
- CN
- China
- Prior art keywords
- data
- function
- account
- encryption
- management information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Entrepreneurship & Innovation (AREA)
- Strategic Management (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Human Resources & Organizations (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Economics (AREA)
- General Business, Economics & Management (AREA)
- Tourism & Hospitality (AREA)
- Quality & Reliability (AREA)
- Operations Research (AREA)
- Marketing (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field related to information security, and discloses a bottom layer data encryption method suitable for an enterprise management information system, which comprises the following steps: (1) creating an encryption function and a decryption function, and encrypting the encryption function and the decryption function; (2) creating a trigger in a table needing encryption, wherein the trigger encrypts unencrypted data and then covers the original data; (3) the view and the storage process required by the enterprise management information system are manufactured by adopting the decryption function, and then the view and the storage process are encrypted; (4) constructing a functional module and a report module, and calling the corresponding view and the corresponding storage process according to the requirements of the functional module and the report module; and setting authority for the functional module and the report module. The invention improves the efficiency and realizes the rapid decryption and display of the data.
Description
Technical Field
The invention belongs to the technical field related to information security, and particularly relates to a bottom layer data encryption method suitable for an enterprise management information system.
Background
In the development, operation and maintenance process of the ERP management information system, development and operation and maintenance personnel can be exposed to a lot of enterprise data, most of the data are not confidential or insensitive, but a small amount of sensitive data exist. Some sensitive data need to be kept secret, such as employee salary data. The salary of an employee is not allowed to be freely viewed by other employees. In actual process, however, the salary data is stored at the bottom layer in a clear text mode, and can be viewed by operation and maintenance personnel with the authority of a database super administrator. How to make operation and maintenance personnel with the authority of a database super manager unable to check sensitive data is an important problem to be solved in the development process of an ERP management information system.
Taking the SQL server database as an example, the database is provided with an encryption function and a decryption function, but the encryption method is too complex, the efficiency of the decryption function is not high, and the time spent in processing the query of large-scale data is extremely long, which leads to the low efficiency of the information system, even the occurrence of the situations of jamming and the like. Accordingly, there is a need in the art to develop a fast underlying data encryption method suitable for use in an enterprise management information system.
Disclosure of Invention
Aiming at the defects or the improvement requirements of the prior art, the invention provides a bottom layer data encryption method suitable for an enterprise management information system, which is researched and designed based on the characteristics of the existing data encryption and decryption. The encryption method encrypts the bottom data, so that even development and operation and maintenance personnel with the permission of a database super administrator cannot see the bottom data, the data can be updated and encrypted in real time, the account password is stored in a function encryption mode, the information security is better, and the encryption and decryption efficiency is higher.
In order to achieve the above object, the present invention provides an encryption method for underlying data applicable to an enterprise management information system, the encryption method comprising the following steps:
(1) creating an encryption function and a decryption function, and encrypting the encryption function and the decryption function, wherein account information used by decryption personnel is built in the decryption function;
(2) creating a trigger in a table needing to be encrypted, wherein the trigger encrypts unencrypted data and then covers the original data so as to realize the updating and automatic encryption of the data;
(3) the view and the storage process required by the enterprise management information system are manufactured by adopting the decryption function, and then the view and the storage process are encrypted;
(4) constructing a functional module and a report module, and calling the corresponding view and the corresponding storage process according to the requirements of the functional module and the report module; and setting authority for the functional module and the report module.
Further, the account and the password which are arranged in the decryption function are stored in an encryption mode of function encryption.
Further, the account and the password of the common user of the enterprise management information system are encrypted by another function, and the other function is encrypted.
Furthermore, after the user account with the authority enters the module, the data can be checked only by inputting a preset account and a preset password.
Further, the account number, the password and the data which can be checked are different for different modules.
Furthermore, the enterprise management information system is provided with three types of accounts and passwords, wherein the first type is that the user account and the user password have the authority of logging in software and entering a module; the second type is that the account and the password of the common user have the authority to enter the module and check the personal information; the third type is that the built-in account and the password have the authority to view all data in the module.
Further, an administrator of the enterprise management information system can initialize a password of a general user, but cannot view data that can be viewed by the general user.
Further, the administrator cannot initialize the password of the built-in account and cannot view the data that can be viewed by the built-in account.
Generally, compared with the prior art, the underlying data encryption method applicable to the enterprise management information system provided by the invention mainly has the following beneficial effects:
1. the encryption function and the decryption function are encrypted, and the view and the storage process are encrypted, so that the range of the data viewed by different users is different, even a person with the authority of a super administrator cannot view the data, and the privacy and the safety of the data are ensured.
2. Account information used by decryption personnel is arranged in the decryption function, and the account and the password arranged in the decryption function are stored in a function encryption mode, so that operation and maintenance personnel and managers cannot check all data, and the security of sensitive data is ensured.
3. Compared with the encryption and decryption functions carried by a database, the created encryption and decryption functions have the advantages of simple encryption mode, high decryption efficiency, short time for processing large-scale data query and improvement of the efficiency of an information system.
4. And creating a trigger in the table needing encryption, wherein the trigger encrypts unencrypted data and then covers the original data so as to realize the updating and automatic encryption of the data.
5. Constructing a functional module and a report module, and calling the corresponding view and the corresponding storage process according to the requirements of the functional module and the report module; meanwhile, the functional module and the report module are provided with the authorities, so that different requirements can be met, the flexibility is better, the practicability is stronger, and the authorities are provided for the modules, so that the requirements of different crowds on information inquiry can be met, and sensitive information except the authorities can be prevented from being checked.
Drawings
Fig. 1 is a schematic flow chart of an underlying data encryption method applied to an enterprise management information system according to the present invention.
Fig. 2 is a schematic flow chart of data encryption related to the underlying data encryption method applicable to the enterprise management information system in fig. 1.
Fig. 3 is a schematic flow chart of data decryption involved in the underlying data encryption method applicable to the enterprise management information system in fig. 1.
FIG. 4 is a schematic illustration of compensation data viewed by different personnel involved in the underlying data encryption methodology applicable to the enterprise management information system of FIG. 1.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
Referring to fig. 1, fig. 2, fig. 3 and fig. 4, the method for encrypting the bottom layer data applicable to the enterprise management information system according to the present invention mainly includes the following steps:
step one, an encryption function and a decryption function are created and encrypted, and account information used by decryption personnel is built in the decryption function.
Specifically, an encryption function and a decryption function are created, account information of a decryption person is built in the decryption function, and the encryption function and the decryption function are encrypted, so that the decryption function and the encryption function can only be called and cannot be checked. The password of the account number in the decryption function is stored in an encryption mode of function encryption; the passwords of other common user accounts are encrypted by adopting another function, and the adopted function is encrypted, so that the function can only be called and cannot be checked.
When the encryption function encrypts data, firstly, inputting the data; and then, the encryption function identifies the input data to judge whether the input data is encrypted or not, if not, the encryption function encrypts the input data according to a certain rule and returns the encrypted data, otherwise, the encryption function directly returns the data.
When the decryption function decrypts data, firstly, data to be decrypted, an account and a password are input; then the decryption function judges the legality of the account and the password, and if the account and the password are illegal, the decryption function is terminated; if the data to be decrypted is legal, the decryption function further judges whether the data to be decrypted meets the decryption condition, if not, the decryption function is terminated, if yes, the decryption function decrypts the data to be decrypted according to a certain rule, and the decrypted data is returned.
And step two, a trigger is created in the table needing to be encrypted, and the trigger encrypts unencrypted data and then covers the original data so as to realize the updating and automatic encryption of the data.
And step three, manufacturing the view and the storage process required by the enterprise management information system by adopting the decryption function, and then encrypting the view and the storage process.
And fourthly, constructing a functional module and a report module, and calling the corresponding view and the corresponding storage process according to the requirements of the functional module and the report module.
Specifically, the number of the functional modules and the number of the report modules are 31, and the functional modules and the report modules comprise non-fixed payroll items, salary part collection, individual salary inquiry, salary sheet printing and the like, and can also define salary reports.
And step five, respectively setting access authorities to the functional module and the report module according to requirements, so that different users have different use authorities to the functional module and the report module.
Specifically, the authority of the functional module and the report module is set, a user account with module authority can enter the module, and after the user account with the authority enters the module, a specific account and a password are required to be input to check data; meanwhile, the account number, the password and the data which can be checked are different for different modules.
The enterprise management information system is provided with three types of accounts and passwords: the first type is that a user account and a user password have the authority to log in software and enter a module; the second type is an account and a password of a common user, and the account can look up personal information such as personal compensation in a module; the third type is a built-in account number and password which can be used to view all data in the module, such as all employee salary data. The password of the second type of common users is encrypted by adopting a function, a string of 32-bit passwords is output after the password is input, a super administrator can initialize the password but has to have related authorization, and only an empty module can be seen after the super administrator logs in the password by using the initialized password, so that data cannot be decrypted.
Setting authority for each module, enabling a user account with the module authority to enter, inputting a specific account and a password to really check data after the user account with the authority enters the module, and enabling different modules to have different input accounts, passwords and data which can be checked, wherein like an employee personal salary inquiry module, the user account with the authority needs to enter software and the module through a personal account, input a personal salary inquiry password and check the salary of the user; and the staff salary statistical module is used for enabling only the user account of the salary manager to enter the software and the module, checking the user account and the password by inputting the corresponding built-in account and the password, and checking the salaries of all the staff at that time. In addition, the manager can initialize the password of the ordinary user, but cannot view the personal information of the user; for the built-in account and the password, the manager can not initialize the password of the built-in account and has no viewing permission.
The encryption method comprises the steps of establishing an encryption function and a decryption function, setting account information of a decryption person in the decryption function, storing a password of the built-in account in a function encryption mode, simultaneously, making a required view and a required storage process by using the decryption function, designing a module, calling the view and the storage process according to the module requirement, setting the authority of each module, and enabling operation and maintenance personnel with the authority of a super manager of a database to be incapable of checking sensitive data, so that the encryption efficiency and the security are improved, data can be quickly decrypted and quickly displayed during checking, great convenience is brought to users, and the encryption method is high in applicability and good in flexibility.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (7)
1. A bottom data encryption method suitable for an ERP management information system is characterized by comprising the following steps:
(1) creating an encryption function and a decryption function, and encrypting the encryption function and the decryption function, wherein account information used by decryption personnel is built in the decryption function;
when the encryption function encrypts data, firstly, inputting the data; then, the encryption function identifies the input data to judge whether the input data is encrypted or not, if not, the encryption function encrypts the input data according to a certain rule and returns the encrypted data, otherwise, the encryption function directly returns the data;
when the decryption function decrypts data, firstly, data to be decrypted, an account and a password are input; then the decryption function judges the legality of the account and the password, and if the account and the password are illegal, the decryption function is terminated; if the data to be decrypted is legal, the decryption function further judges whether the data to be decrypted meets decryption conditions, if not, the decryption function is terminated, if yes, the decryption function decrypts the data to be decrypted according to a certain rule, and the decrypted data is returned;
(2) creating a trigger in a table needing to be encrypted, wherein the trigger encrypts unencrypted data and then covers the original data so as to realize the updating and automatic encryption of the data;
(3) the view and the storage process required by the ERP management information system are manufactured by adopting the decryption function, and then the view and the storage process are encrypted;
(4) constructing a functional module and a report module, and calling the corresponding view and the corresponding storage process according to the requirements of the functional module and the report module; setting authority for the functional module and the report module at the same time; when a user account with authority enters the module, the data can be checked only by inputting a preset account and a preset password.
2. The underlying data encryption method applicable to ERP management information systems of claim 1, wherein: and the account and the password which are arranged in the decryption function are stored in an encryption mode of function encryption.
3. The underlying data encryption method applicable to an ERP management information system according to claim 2, wherein: and the account and the password of the common user of the ERP management information system are encrypted by adopting another function, and the other function is encrypted.
4. The underlying data encryption method applicable to ERP management information systems of claim 1, wherein: the account number, the password and the data which can be checked are different for different modules.
5. The underlying data encryption method applicable to ERP management information systems according to any one of claims 1 to 4, wherein: the ERP management information system is provided with three types of accounts and passwords, wherein the first type is that the user account and the user password have the authority to log in software and enter a module; the second type is that the account and the password of the common user have the authority to enter the module and check the personal information; the third type is that the built-in account and the password have the authority to view all data in the module.
6. The underlying data encryption method applicable to an ERP management information system according to claim 5, wherein: an administrator of the ERP management information system can initialize passwords of ordinary users, but cannot view data which can be viewed by the ordinary users.
7. The underlying data encryption method applicable to ERP management information systems of claim 6, wherein: the administrator cannot initialize the password of the built-in account and cannot view the data which can be viewed by the built-in account at the same time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811386442.9A CN109684854B (en) | 2018-11-20 | 2018-11-20 | Bottom data encryption method suitable for enterprise management information system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811386442.9A CN109684854B (en) | 2018-11-20 | 2018-11-20 | Bottom data encryption method suitable for enterprise management information system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109684854A CN109684854A (en) | 2019-04-26 |
CN109684854B true CN109684854B (en) | 2022-02-11 |
Family
ID=66185440
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811386442.9A Active CN109684854B (en) | 2018-11-20 | 2018-11-20 | Bottom data encryption method suitable for enterprise management information system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109684854B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110321345A (en) * | 2019-05-22 | 2019-10-11 | 嘉兴天盾安全技术服务有限公司 | A kind of data encryption storage method |
CN110211112A (en) * | 2019-05-31 | 2019-09-06 | 华中科技大学 | A kind of casting defect inspection method based on filtering selective search |
CN110599327A (en) * | 2019-09-02 | 2019-12-20 | 四川新网银行股份有限公司 | Method for automatically generating and sending banking report |
CN111046421A (en) * | 2019-11-28 | 2020-04-21 | 郑州财经学院 | Enterprise management sharing method based on APP |
CN111062594A (en) * | 2019-12-06 | 2020-04-24 | 北京百分点信息科技有限公司 | Assessment method and device for provider operation capacity and electronic equipment |
CN116933298B (en) * | 2023-09-18 | 2024-02-09 | 广东省科技基础条件平台中心 | Encryption processing method, device, storage medium and equipment for scientific and technological achievement data |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7353387B2 (en) * | 2001-03-08 | 2008-04-01 | International Business Machines Corporation | Method and system for integrating encryption functionality into a database system |
CN101639882A (en) * | 2009-08-28 | 2010-02-03 | 华中科技大学 | Database security system based on storage encryption |
CN106250783A (en) * | 2016-08-31 | 2016-12-21 | 天津南大通用数据技术股份有限公司 | A kind of database data encryption, decryption method and device |
CN106446196A (en) * | 2016-09-29 | 2017-02-22 | 北京许继电气有限公司 | Autonomous controllable database data encryption and retrieval method and system based on random salt |
CN108256344A (en) * | 2018-01-22 | 2018-07-06 | 商客通尚景科技江苏有限公司 | A kind of SaaS enterprise platforms Database Systems and attaching method thereof |
-
2018
- 2018-11-20 CN CN201811386442.9A patent/CN109684854B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7353387B2 (en) * | 2001-03-08 | 2008-04-01 | International Business Machines Corporation | Method and system for integrating encryption functionality into a database system |
CN101639882A (en) * | 2009-08-28 | 2010-02-03 | 华中科技大学 | Database security system based on storage encryption |
CN106250783A (en) * | 2016-08-31 | 2016-12-21 | 天津南大通用数据技术股份有限公司 | A kind of database data encryption, decryption method and device |
CN106446196A (en) * | 2016-09-29 | 2017-02-22 | 北京许继电气有限公司 | Autonomous controllable database data encryption and retrieval method and system based on random salt |
CN108256344A (en) * | 2018-01-22 | 2018-07-06 | 商客通尚景科技江苏有限公司 | A kind of SaaS enterprise platforms Database Systems and attaching method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN109684854A (en) | 2019-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109684854B (en) | Bottom data encryption method suitable for enterprise management information system | |
EP3298532B1 (en) | Encryption and decryption system and method | |
US8769605B2 (en) | System and method for dynamically enforcing security policies on electronic files | |
US8146165B2 (en) | Method and apparatus for providing a data masking portal | |
US20120324225A1 (en) | Certificate-based mutual authentication for data security | |
Viega | Building security requirements with CLASP | |
US20050251865A1 (en) | Data privacy management system and method | |
US20100005509A1 (en) | System, method and apparatus for electronically protecting data and digital content | |
US20080033960A1 (en) | Database System Providing Encrypted Column Support for Applications | |
CN101587479A (en) | Database management system kernel oriented data encryption/decryption system and method thereof | |
CN113468576B (en) | Role-based data security access method and device | |
US12027073B2 (en) | Polymorphic encryption for security of a data vault | |
CN110889130A (en) | Database-based fine-grained data encryption method, system and device | |
Grachev et al. | Data security mechanisms implemented in the database with universal model | |
CN117633837A (en) | Data access processing method, device, system and storage medium | |
Hashim | Challenges and security vulnerabilities to impact on database systems | |
Nanda et al. | Oracle Privacy Security Auditing: Includes Federal Law Compliance with HIPAA, Sarbanes Oxley and the Gramm Leach Bliley Act GLB | |
Voitovych et al. | Multilayer Access for Database Protection | |
Kadebu et al. | A security requirements perspective towards a secured nosql database environment | |
US10970408B2 (en) | Method for securing a digital document | |
Bayuk | Data-centric security | |
Carter et al. | Securing SQL Server | |
Simske et al. | Apex: Automated policy enforcement exchange | |
CN110689463A (en) | Teaching management platform | |
Kadan | Security Management of Intelligent Technologies in Business Intelligence Systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |