CN109684854B - Bottom data encryption method suitable for enterprise management information system - Google Patents

Bottom data encryption method suitable for enterprise management information system Download PDF

Info

Publication number
CN109684854B
CN109684854B CN201811386442.9A CN201811386442A CN109684854B CN 109684854 B CN109684854 B CN 109684854B CN 201811386442 A CN201811386442 A CN 201811386442A CN 109684854 B CN109684854 B CN 109684854B
Authority
CN
China
Prior art keywords
data
function
account
encryption
management information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811386442.9A
Other languages
Chinese (zh)
Other versions
CN109684854A (en
Inventor
计效园
钱学文
张志鹏
周建新
殷亚军
沈旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201811386442.9A priority Critical patent/CN109684854B/en
Publication of CN109684854A publication Critical patent/CN109684854A/en
Application granted granted Critical
Publication of CN109684854B publication Critical patent/CN109684854B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Marketing (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field related to information security, and discloses a bottom layer data encryption method suitable for an enterprise management information system, which comprises the following steps: (1) creating an encryption function and a decryption function, and encrypting the encryption function and the decryption function; (2) creating a trigger in a table needing encryption, wherein the trigger encrypts unencrypted data and then covers the original data; (3) the view and the storage process required by the enterprise management information system are manufactured by adopting the decryption function, and then the view and the storage process are encrypted; (4) constructing a functional module and a report module, and calling the corresponding view and the corresponding storage process according to the requirements of the functional module and the report module; and setting authority for the functional module and the report module. The invention improves the efficiency and realizes the rapid decryption and display of the data.

Description

Bottom data encryption method suitable for enterprise management information system
Technical Field
The invention belongs to the technical field related to information security, and particularly relates to a bottom layer data encryption method suitable for an enterprise management information system.
Background
In the development, operation and maintenance process of the ERP management information system, development and operation and maintenance personnel can be exposed to a lot of enterprise data, most of the data are not confidential or insensitive, but a small amount of sensitive data exist. Some sensitive data need to be kept secret, such as employee salary data. The salary of an employee is not allowed to be freely viewed by other employees. In actual process, however, the salary data is stored at the bottom layer in a clear text mode, and can be viewed by operation and maintenance personnel with the authority of a database super administrator. How to make operation and maintenance personnel with the authority of a database super manager unable to check sensitive data is an important problem to be solved in the development process of an ERP management information system.
Taking the SQL server database as an example, the database is provided with an encryption function and a decryption function, but the encryption method is too complex, the efficiency of the decryption function is not high, and the time spent in processing the query of large-scale data is extremely long, which leads to the low efficiency of the information system, even the occurrence of the situations of jamming and the like. Accordingly, there is a need in the art to develop a fast underlying data encryption method suitable for use in an enterprise management information system.
Disclosure of Invention
Aiming at the defects or the improvement requirements of the prior art, the invention provides a bottom layer data encryption method suitable for an enterprise management information system, which is researched and designed based on the characteristics of the existing data encryption and decryption. The encryption method encrypts the bottom data, so that even development and operation and maintenance personnel with the permission of a database super administrator cannot see the bottom data, the data can be updated and encrypted in real time, the account password is stored in a function encryption mode, the information security is better, and the encryption and decryption efficiency is higher.
In order to achieve the above object, the present invention provides an encryption method for underlying data applicable to an enterprise management information system, the encryption method comprising the following steps:
(1) creating an encryption function and a decryption function, and encrypting the encryption function and the decryption function, wherein account information used by decryption personnel is built in the decryption function;
(2) creating a trigger in a table needing to be encrypted, wherein the trigger encrypts unencrypted data and then covers the original data so as to realize the updating and automatic encryption of the data;
(3) the view and the storage process required by the enterprise management information system are manufactured by adopting the decryption function, and then the view and the storage process are encrypted;
(4) constructing a functional module and a report module, and calling the corresponding view and the corresponding storage process according to the requirements of the functional module and the report module; and setting authority for the functional module and the report module.
Further, the account and the password which are arranged in the decryption function are stored in an encryption mode of function encryption.
Further, the account and the password of the common user of the enterprise management information system are encrypted by another function, and the other function is encrypted.
Furthermore, after the user account with the authority enters the module, the data can be checked only by inputting a preset account and a preset password.
Further, the account number, the password and the data which can be checked are different for different modules.
Furthermore, the enterprise management information system is provided with three types of accounts and passwords, wherein the first type is that the user account and the user password have the authority of logging in software and entering a module; the second type is that the account and the password of the common user have the authority to enter the module and check the personal information; the third type is that the built-in account and the password have the authority to view all data in the module.
Further, an administrator of the enterprise management information system can initialize a password of a general user, but cannot view data that can be viewed by the general user.
Further, the administrator cannot initialize the password of the built-in account and cannot view the data that can be viewed by the built-in account.
Generally, compared with the prior art, the underlying data encryption method applicable to the enterprise management information system provided by the invention mainly has the following beneficial effects:
1. the encryption function and the decryption function are encrypted, and the view and the storage process are encrypted, so that the range of the data viewed by different users is different, even a person with the authority of a super administrator cannot view the data, and the privacy and the safety of the data are ensured.
2. Account information used by decryption personnel is arranged in the decryption function, and the account and the password arranged in the decryption function are stored in a function encryption mode, so that operation and maintenance personnel and managers cannot check all data, and the security of sensitive data is ensured.
3. Compared with the encryption and decryption functions carried by a database, the created encryption and decryption functions have the advantages of simple encryption mode, high decryption efficiency, short time for processing large-scale data query and improvement of the efficiency of an information system.
4. And creating a trigger in the table needing encryption, wherein the trigger encrypts unencrypted data and then covers the original data so as to realize the updating and automatic encryption of the data.
5. Constructing a functional module and a report module, and calling the corresponding view and the corresponding storage process according to the requirements of the functional module and the report module; meanwhile, the functional module and the report module are provided with the authorities, so that different requirements can be met, the flexibility is better, the practicability is stronger, and the authorities are provided for the modules, so that the requirements of different crowds on information inquiry can be met, and sensitive information except the authorities can be prevented from being checked.
Drawings
Fig. 1 is a schematic flow chart of an underlying data encryption method applied to an enterprise management information system according to the present invention.
Fig. 2 is a schematic flow chart of data encryption related to the underlying data encryption method applicable to the enterprise management information system in fig. 1.
Fig. 3 is a schematic flow chart of data decryption involved in the underlying data encryption method applicable to the enterprise management information system in fig. 1.
FIG. 4 is a schematic illustration of compensation data viewed by different personnel involved in the underlying data encryption methodology applicable to the enterprise management information system of FIG. 1.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
Referring to fig. 1, fig. 2, fig. 3 and fig. 4, the method for encrypting the bottom layer data applicable to the enterprise management information system according to the present invention mainly includes the following steps:
step one, an encryption function and a decryption function are created and encrypted, and account information used by decryption personnel is built in the decryption function.
Specifically, an encryption function and a decryption function are created, account information of a decryption person is built in the decryption function, and the encryption function and the decryption function are encrypted, so that the decryption function and the encryption function can only be called and cannot be checked. The password of the account number in the decryption function is stored in an encryption mode of function encryption; the passwords of other common user accounts are encrypted by adopting another function, and the adopted function is encrypted, so that the function can only be called and cannot be checked.
When the encryption function encrypts data, firstly, inputting the data; and then, the encryption function identifies the input data to judge whether the input data is encrypted or not, if not, the encryption function encrypts the input data according to a certain rule and returns the encrypted data, otherwise, the encryption function directly returns the data.
When the decryption function decrypts data, firstly, data to be decrypted, an account and a password are input; then the decryption function judges the legality of the account and the password, and if the account and the password are illegal, the decryption function is terminated; if the data to be decrypted is legal, the decryption function further judges whether the data to be decrypted meets the decryption condition, if not, the decryption function is terminated, if yes, the decryption function decrypts the data to be decrypted according to a certain rule, and the decrypted data is returned.
And step two, a trigger is created in the table needing to be encrypted, and the trigger encrypts unencrypted data and then covers the original data so as to realize the updating and automatic encryption of the data.
And step three, manufacturing the view and the storage process required by the enterprise management information system by adopting the decryption function, and then encrypting the view and the storage process.
And fourthly, constructing a functional module and a report module, and calling the corresponding view and the corresponding storage process according to the requirements of the functional module and the report module.
Specifically, the number of the functional modules and the number of the report modules are 31, and the functional modules and the report modules comprise non-fixed payroll items, salary part collection, individual salary inquiry, salary sheet printing and the like, and can also define salary reports.
And step five, respectively setting access authorities to the functional module and the report module according to requirements, so that different users have different use authorities to the functional module and the report module.
Specifically, the authority of the functional module and the report module is set, a user account with module authority can enter the module, and after the user account with the authority enters the module, a specific account and a password are required to be input to check data; meanwhile, the account number, the password and the data which can be checked are different for different modules.
The enterprise management information system is provided with three types of accounts and passwords: the first type is that a user account and a user password have the authority to log in software and enter a module; the second type is an account and a password of a common user, and the account can look up personal information such as personal compensation in a module; the third type is a built-in account number and password which can be used to view all data in the module, such as all employee salary data. The password of the second type of common users is encrypted by adopting a function, a string of 32-bit passwords is output after the password is input, a super administrator can initialize the password but has to have related authorization, and only an empty module can be seen after the super administrator logs in the password by using the initialized password, so that data cannot be decrypted.
Setting authority for each module, enabling a user account with the module authority to enter, inputting a specific account and a password to really check data after the user account with the authority enters the module, and enabling different modules to have different input accounts, passwords and data which can be checked, wherein like an employee personal salary inquiry module, the user account with the authority needs to enter software and the module through a personal account, input a personal salary inquiry password and check the salary of the user; and the staff salary statistical module is used for enabling only the user account of the salary manager to enter the software and the module, checking the user account and the password by inputting the corresponding built-in account and the password, and checking the salaries of all the staff at that time. In addition, the manager can initialize the password of the ordinary user, but cannot view the personal information of the user; for the built-in account and the password, the manager can not initialize the password of the built-in account and has no viewing permission.
The encryption method comprises the steps of establishing an encryption function and a decryption function, setting account information of a decryption person in the decryption function, storing a password of the built-in account in a function encryption mode, simultaneously, making a required view and a required storage process by using the decryption function, designing a module, calling the view and the storage process according to the module requirement, setting the authority of each module, and enabling operation and maintenance personnel with the authority of a super manager of a database to be incapable of checking sensitive data, so that the encryption efficiency and the security are improved, data can be quickly decrypted and quickly displayed during checking, great convenience is brought to users, and the encryption method is high in applicability and good in flexibility.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (7)

1. A bottom data encryption method suitable for an ERP management information system is characterized by comprising the following steps:
(1) creating an encryption function and a decryption function, and encrypting the encryption function and the decryption function, wherein account information used by decryption personnel is built in the decryption function;
when the encryption function encrypts data, firstly, inputting the data; then, the encryption function identifies the input data to judge whether the input data is encrypted or not, if not, the encryption function encrypts the input data according to a certain rule and returns the encrypted data, otherwise, the encryption function directly returns the data;
when the decryption function decrypts data, firstly, data to be decrypted, an account and a password are input; then the decryption function judges the legality of the account and the password, and if the account and the password are illegal, the decryption function is terminated; if the data to be decrypted is legal, the decryption function further judges whether the data to be decrypted meets decryption conditions, if not, the decryption function is terminated, if yes, the decryption function decrypts the data to be decrypted according to a certain rule, and the decrypted data is returned;
(2) creating a trigger in a table needing to be encrypted, wherein the trigger encrypts unencrypted data and then covers the original data so as to realize the updating and automatic encryption of the data;
(3) the view and the storage process required by the ERP management information system are manufactured by adopting the decryption function, and then the view and the storage process are encrypted;
(4) constructing a functional module and a report module, and calling the corresponding view and the corresponding storage process according to the requirements of the functional module and the report module; setting authority for the functional module and the report module at the same time; when a user account with authority enters the module, the data can be checked only by inputting a preset account and a preset password.
2. The underlying data encryption method applicable to ERP management information systems of claim 1, wherein: and the account and the password which are arranged in the decryption function are stored in an encryption mode of function encryption.
3. The underlying data encryption method applicable to an ERP management information system according to claim 2, wherein: and the account and the password of the common user of the ERP management information system are encrypted by adopting another function, and the other function is encrypted.
4. The underlying data encryption method applicable to ERP management information systems of claim 1, wherein: the account number, the password and the data which can be checked are different for different modules.
5. The underlying data encryption method applicable to ERP management information systems according to any one of claims 1 to 4, wherein: the ERP management information system is provided with three types of accounts and passwords, wherein the first type is that the user account and the user password have the authority to log in software and enter a module; the second type is that the account and the password of the common user have the authority to enter the module and check the personal information; the third type is that the built-in account and the password have the authority to view all data in the module.
6. The underlying data encryption method applicable to an ERP management information system according to claim 5, wherein: an administrator of the ERP management information system can initialize passwords of ordinary users, but cannot view data which can be viewed by the ordinary users.
7. The underlying data encryption method applicable to ERP management information systems of claim 6, wherein: the administrator cannot initialize the password of the built-in account and cannot view the data which can be viewed by the built-in account at the same time.
CN201811386442.9A 2018-11-20 2018-11-20 Bottom data encryption method suitable for enterprise management information system Active CN109684854B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811386442.9A CN109684854B (en) 2018-11-20 2018-11-20 Bottom data encryption method suitable for enterprise management information system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811386442.9A CN109684854B (en) 2018-11-20 2018-11-20 Bottom data encryption method suitable for enterprise management information system

Publications (2)

Publication Number Publication Date
CN109684854A CN109684854A (en) 2019-04-26
CN109684854B true CN109684854B (en) 2022-02-11

Family

ID=66185440

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811386442.9A Active CN109684854B (en) 2018-11-20 2018-11-20 Bottom data encryption method suitable for enterprise management information system

Country Status (1)

Country Link
CN (1) CN109684854B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110321345A (en) * 2019-05-22 2019-10-11 嘉兴天盾安全技术服务有限公司 A kind of data encryption storage method
CN110211112A (en) * 2019-05-31 2019-09-06 华中科技大学 A kind of casting defect inspection method based on filtering selective search
CN110599327A (en) * 2019-09-02 2019-12-20 四川新网银行股份有限公司 Method for automatically generating and sending banking report
CN111046421A (en) * 2019-11-28 2020-04-21 郑州财经学院 Enterprise management sharing method based on APP
CN111062594A (en) * 2019-12-06 2020-04-24 北京百分点信息科技有限公司 Assessment method and device for provider operation capacity and electronic equipment
CN116933298B (en) * 2023-09-18 2024-02-09 广东省科技基础条件平台中心 Encryption processing method, device, storage medium and equipment for scientific and technological achievement data

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7353387B2 (en) * 2001-03-08 2008-04-01 International Business Machines Corporation Method and system for integrating encryption functionality into a database system
CN101639882A (en) * 2009-08-28 2010-02-03 华中科技大学 Database security system based on storage encryption
CN106250783A (en) * 2016-08-31 2016-12-21 天津南大通用数据技术股份有限公司 A kind of database data encryption, decryption method and device
CN106446196A (en) * 2016-09-29 2017-02-22 北京许继电气有限公司 Autonomous controllable database data encryption and retrieval method and system based on random salt
CN108256344A (en) * 2018-01-22 2018-07-06 商客通尚景科技江苏有限公司 A kind of SaaS enterprise platforms Database Systems and attaching method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7353387B2 (en) * 2001-03-08 2008-04-01 International Business Machines Corporation Method and system for integrating encryption functionality into a database system
CN101639882A (en) * 2009-08-28 2010-02-03 华中科技大学 Database security system based on storage encryption
CN106250783A (en) * 2016-08-31 2016-12-21 天津南大通用数据技术股份有限公司 A kind of database data encryption, decryption method and device
CN106446196A (en) * 2016-09-29 2017-02-22 北京许继电气有限公司 Autonomous controllable database data encryption and retrieval method and system based on random salt
CN108256344A (en) * 2018-01-22 2018-07-06 商客通尚景科技江苏有限公司 A kind of SaaS enterprise platforms Database Systems and attaching method thereof

Also Published As

Publication number Publication date
CN109684854A (en) 2019-04-26

Similar Documents

Publication Publication Date Title
CN109684854B (en) Bottom data encryption method suitable for enterprise management information system
EP3298532B1 (en) Encryption and decryption system and method
US8769605B2 (en) System and method for dynamically enforcing security policies on electronic files
US8146165B2 (en) Method and apparatus for providing a data masking portal
US20120324225A1 (en) Certificate-based mutual authentication for data security
Viega Building security requirements with CLASP
US20050251865A1 (en) Data privacy management system and method
US20100005509A1 (en) System, method and apparatus for electronically protecting data and digital content
US20080033960A1 (en) Database System Providing Encrypted Column Support for Applications
CN101587479A (en) Database management system kernel oriented data encryption/decryption system and method thereof
CN113468576B (en) Role-based data security access method and device
US12027073B2 (en) Polymorphic encryption for security of a data vault
CN110889130A (en) Database-based fine-grained data encryption method, system and device
Grachev et al. Data security mechanisms implemented in the database with universal model
CN117633837A (en) Data access processing method, device, system and storage medium
Hashim Challenges and security vulnerabilities to impact on database systems
Nanda et al. Oracle Privacy Security Auditing: Includes Federal Law Compliance with HIPAA, Sarbanes Oxley and the Gramm Leach Bliley Act GLB
Voitovych et al. Multilayer Access for Database Protection
Kadebu et al. A security requirements perspective towards a secured nosql database environment
US10970408B2 (en) Method for securing a digital document
Bayuk Data-centric security
Carter et al. Securing SQL Server
Simske et al. Apex: Automated policy enforcement exchange
CN110689463A (en) Teaching management platform
Kadan Security Management of Intelligent Technologies in Business Intelligence Systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant