CN109934006A - A kind of license data safe processing device and method - Google Patents
A kind of license data safe processing device and method Download PDFInfo
- Publication number
- CN109934006A CN109934006A CN201910242226.5A CN201910242226A CN109934006A CN 109934006 A CN109934006 A CN 109934006A CN 201910242226 A CN201910242226 A CN 201910242226A CN 109934006 A CN109934006 A CN 109934006A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- encryption
- database server
- license
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000000926 separation method Methods 0.000 claims abstract description 11
- 238000003672 processing method Methods 0.000 claims description 13
- 238000012216 screening Methods 0.000 description 4
- 230000035945 sensitivity Effects 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000000877 morphologic effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of license data safe processing device and methods, belong to electronics license encryption and decryption technology field.License data safe processing device of the invention includes client, database server and encryption equipment, the client is communicated with database server, database server is communicated with encryption equipment, wallet key, master key and table key are stored in the encryption equipment, database server realizes the encryption to electronics license data file using transparent encryption technology, and data file and cipher key separation store.Key can mutually be separated storage with data file for unaware by the license data safe processing device encryption process of the invention, it is ensured that data safety and key safety have good application value.
Description
Technical field
The present invention relates to electronics license encryption and decryption technology field, a kind of license data safe processing device and side are specifically provided
Method.
Background technique
To innovate government affairs operating mode, enhance administrative efficiency and service level, various regions generally are carrying out taking government affairs at present
The result of handling of business is converted into the storage of electronics license, and actively pushes forward public's application on site electronics license and handle administrative examination and approval industry
Business.Even more propose " rely on national government affairs service platform electronics license shared service system, realize electronics license it is trans-regional, across
Department is shared.Each department relevant department makes and manages electronics license according to National Electrical license service technique specification, reports electricity
Sub- license catalogue data ".With the foundation of electronics license sharing application unified standard system, electronics license is in government affairs service
Using will further be deepened.
Electronics license is the license for following the digital morphological of associated specifications, be formed by electronic equipments such as computers,
It handles, the certificate information of transimission and storage record.The approval results letter such as certificate, license, certification store in a digital manner, transmitted
Breath is the important foundation data for supporting government affairs service operation.The information of electronics license, concerning in the electronic identity of citizen, legal person
Information is related to privacy information, it is necessary to ensure that the information of electronics license obtains safe deposit with reliable technical measures, means
Storage.With popularization and in-depth that electronics license is applied, the safety of electronics license storage is ensured using reliable technical measures, is protected
Barrier electronics license securely and reliably becomes particularly important.
Summary of the invention
Technical assignment of the invention is in view of the above problems, to provide a kind of encryption process for unaware,
Key can mutually be separated storage with data file, it is ensured that the license data safe processing device of data safety and key safety.
The further technical assignment of the present invention is to provide a kind of license data safety processing method.
To achieve the above object, the present invention provides the following technical scheme that
A kind of license data safe processing device, including client, database server and encryption equipment, the client
It is communicated with database server, database server is communicated with encryption equipment, and it is close to be stored with wallet in the encryption equipment
Key, master key and table key, database server add electronics license data file using the realization of transparent encryption technology
Close, data file and cipher key separation store.
The wallet key is used to start wallet, and master key is used to encryption and decryption table key, and master key is stored in
In wallet.Table key is used to encryption and decryption data.Wherein wallet key is that user is manually entered, master key and table key
By system administration.
Data file and cipher key separation storage refer to that key is stored separately on encryption equipment, without being stored in database clothes
It is engaged on device.When table key needs to decrypt, table key data to be decrypted is sent to encryption equipment, encryption equipment by database server
Table key is decrypted and returns to database server.It is stored, is further ensured that by the separation of key and data file
The safety of electronics license data.
In use, user is inserted into what data were encrypted to needs by client to the license data safe processing device
In column, by screening to electronics certificate information, the core sensitive information of electronics license is chosen, using transparent encryption mechanism,
Relevant field in database server is encrypted, only need to carry out a small amount of configuration work can ensure even if on disk
Data file it is stolen, data can not be also acquired.
Preferably, the database server is realized using the transparent encryption technology of ORACLE database to electronics license
The encryption of data file.
Preferably, the ORACLE data base encryption mechanism uses 3DES168, AES128, AES192, AES256 couple
Claim Encryption Algorithm.
A kind of license data safety processing method, when user is inserted into data into the column for needing to encrypt, database server
Table key, automatic encrypting input data are obtained, then encrypted data are stored in the data file of database service, user
When inquiring the data of encrypted column, database server decrypts the data encrypted on disk using table key, returns in plain text to use
Family.
Preferably, specific process is that user is inserted into the column that data are encrypted to needs by user terminal, database clothes
Business device obtains master key from wallet key, the table key in digital dictionary is decrypted with master key, after decryption
Table encrypted data, when the data of user query encrypted column, database server is by the table key of encryption from data dictionary
It takes out, further takes out master key, decryption table key decrypts the data of encryption with the table key after decryption, after decryption
User is returned in plain text, wherein key separates storage with data file.
Preferably, the key is separated with data file is stored as wallet key, master key and table key storage
In encryption equipment, data file is stored on database server.
Preferably, the database server is realized using the transparent encryption technology of ORACLE database to electronics license
The encryption of data file.
Preferably, ORACLE data base encryption mechanism is symmetrically added using 3DES168, AES128, AES192, AES256
Close algorithm.
License data safety processing method of the invention separates storage with data file using transparent encryption mechanism and key
Mode realize.
Wherein, using the process of transparent encryption mechanism are as follows: rely on the transparent encryption technology of ORACLE database to realize
Encryption to electronics license data file.By screening to electronics certificate information, the core sensitivity letter of electronics license is chosen
Breath, using ORACLE transparent encryption mechanism, encrypts the relevant field in database, need to only carry out a small amount of configuration work
It can ensure and be stolen even if the data file on disk, data can not be also acquired.ORACLE TDE support 3DES168,
The symmetric encipherment algorithms such as AES128, AES192, AES256.When user is inserted into data into the column for needing to encrypt,
ORACLE obtains table key, automatic encrypting input data, then encrypted data are stored in the data file of database;When
When the data of user query encrypted column, ORACLE uses table key, decrypts the data encrypted on disk, finally returns in plain text to use
Family.Above-mentioned ciphering process is unaware to user.
Key separates storing process with data file are as follows: wallet key, master key and table key and data file point
From storage.When user is inserted into data into the column for needing to encrypt, ORACLE obtains master key from wallet, uses master
Table key in key ciphertext data dictionary, with the table encrypted data after decryption.When the data of user query encrypted column,
Oracle takes out the table key of encryption from data dictionary, further takes out master key, decryption table key, after decryption
Table key decrypts the data encrypted on disk.Master key is stored separately on encryption equipment, rather than database server
On.When table key needs to decrypt, table key data to be decrypted is sent to encryption equipment by ORACLE, and encryption equipment is to table key
It is decrypted and returns to database server.During entire transparent encryption, master key will not leave encryption equipment,
It is stored by the separation of master key and data file, may further ensure that the safety of electronics license data.
Compared with prior art, license data safety processing method of the invention have it is following prominent the utility model has the advantages that
(1) the license data safety processing method is encrypted based on transparent encryption technology in electronics license sensitive information,
It is encrypted when storage medium is written in information, when reading decrypts, encryption process user's unaware, it is ensured that data safety;Base
Memory mechanism is separated with data file in key, it is ensured that the safety of key;
(2) of the present invention that electronics license sensitive information is added using transparent encryption technology according to data safety processing method
It is close, memory mechanism is separated with data file using key and carries out key management, there is good application value.
Detailed description of the invention
Fig. 1 is the topological diagram of license data safe processing device of the present invention.
Specific embodiment
Below in conjunction with drawings and examples, license data safe processing device and method of the invention is made further detailed
It describes in detail bright.
Embodiment
As shown in Figure 1, license data safe processing device of the invention, including client, database server and encryption
Equipment.
Client is communicated with database server, and database server is communicated with encryption equipment.It is deposited in encryption equipment
Contain wallet key, master key and table key.Wallet key is used to start wallet, and master key is used to encryption and decryption table
Key, master key are stored in wallet.Table key is used to encryption and decryption data.Wherein wallet key is that user is manually entered
, master key and table key are by system administration.Database server uses the transparent encryption skill using ORACLE database
Art realizes the encryption to electronics license data file, realizes that data file and cipher key separation store.Wherein ORACLE database adds
Close mechanism uses 3DES168, AES128, AES192, AES256 symmetric encipherment algorithm.
Data file and cipher key separation storage refer to that key is stored separately on encryption equipment, without being stored in database clothes
It is engaged on device.When table key needs to decrypt, table key data to be decrypted is sent to encryption equipment, encryption equipment by database server
Table key is decrypted and returns to database server.It is stored, is further ensured that by the separation of key and data file
The safety of electronics license data.
In use, user is inserted into what data were encrypted to needs by client to the license data safe processing device
In column, by screening to electronics certificate information, the core sensitive information of electronics license is chosen, using transparent encryption mechanism,
Relevant field in database server is encrypted, only need to carry out a small amount of configuration work can ensure even if on disk
Data file it is stolen, data can not be also acquired.
License data safety processing method of the invention, when user is inserted into data into the column for needing to encrypt, database clothes
Business device obtains table key, automatic encrypting input data, then encrypted data are stored in the data file of database service,
When the data of user query encrypted column, database server uses table key, decrypts the data encrypted on disk, returns and gives in plain text
User.
Specific process is that user is inserted into the column that data are encrypted to needs by user terminal, and database server is from wallet
Master key is obtained in key, is decrypted the table key in digital dictionary with master key, is encrypted with the table key after decryption
Data, when the data of user query encrypted column, database server takes out the table key of encryption from data dictionary, further takes out
Master key, decryption table key decrypt the data of encryption with the table key after decryption, the plaintext after decryption are returned to use
Family, wherein key separates storage with data file.Key is separated with data file is stored as wallet key, master key and table
In encryption equipment, data file is stored on database server key storage.
Database server adds electronics license data file using the transparent encryption technology realization of ORACLE database
It is close.ORACLE data base encryption mechanism uses 3DES168, AES128, AES192, AES256 symmetric encipherment algorithm.
License data safety processing method of the invention separates storage with data file using transparent encryption mechanism and key
Mode realize.
Wherein, using the process of transparent encryption mechanism are as follows: rely on the transparent encryption technology of ORACLE database to realize
Encryption to electronics license data file.By screening to electronics certificate information, the core sensitivity letter of electronics license is chosen
Breath, using ORACLE transparent encryption mechanism, encrypts the relevant field in database, need to only carry out a small amount of configuration work
It can ensure and be stolen even if the data file on disk, data can not be also acquired.ORACLE TDE support 3DES168,
The symmetric encipherment algorithms such as AES128, AES192, AES256.When user is inserted into data into the column for needing to encrypt,
ORACLE obtains table key, automatic encrypting input data, then encrypted data are stored in the data file of database;When
When the data of user query encrypted column, ORACLE uses table key, decrypts the data encrypted on disk, finally returns in plain text to use
Family.Above-mentioned ciphering process is unaware to user.
Key separates storing process with data file are as follows: wallet key, master key and table key and data file point
From storage.When user is inserted into data into the column for needing to encrypt, ORACLE obtains master key from wallet, uses master
Table key in key ciphertext data dictionary, with the table encrypted data after decryption.When the data of user query encrypted column,
Oracle takes out the table key of encryption from data dictionary, further takes out master key, decryption table key, after decryption
Table key decrypts the data encrypted on disk.Master key is stored separately on encryption equipment, rather than database server
On.When table key needs to decrypt, table key data to be decrypted is sent to encryption equipment by ORACLE, and encryption equipment is to table key
It is decrypted and returns to database server.During entire transparent encryption, master key will not leave encryption equipment,
It is stored by the separation of master key and data file, may further ensure that the safety of electronics license data.
Embodiment described above, the only present invention more preferably specific embodiment, those skilled in the art is at this
The usual variations and alternatives carried out within the scope of inventive technique scheme should be all included within the scope of the present invention.
Claims (8)
1. a kind of license data safe processing device, it is characterised in that: including client, database server and equipment is encrypted,
The client is communicated with database server, and database server is communicated with encryption equipment, is deposited in the encryption equipment
Wallet key, master key and table key are contained, database server is realized using transparent encryption technology to electronics license number
According to the encryption of file, data file and cipher key separation are stored.
2. license data safe processing device according to claim 1, it is characterised in that: the database server uses
The transparent encryption technology of ORACLE database realizes the encryption to electronics license data file.
3. license data safe processing device according to claim 2, it is characterised in that: the ORACLE data base encryption
Mechanism uses 3DES168, AES128, AES192, AES256 symmetric encipherment algorithm.
4. a kind of license data safety processing method, it is characterised in that: when user is inserted into data into the column for needing to encrypt, data
It is literary that library server obtains table key, automatic encrypting input data, then the data that encrypted data are stored in database service
In part, when the data of user query encrypted column, database server uses table key, decrypts the data encrypted on disk, returns
User is given in plain text.
5. license data safety processing method according to claim 4, it is characterised in that: specific process passes through for user
User terminal is inserted into data into the column for needing to encrypt, and database server obtains master key from wallet key, uses
Master key decrypts the table key in digital dictionary, with the table encrypted data after decryption, the number of user query encrypted column
According to when, database server takes out the table key of encryption from data dictionary, further take out master key, decryption table key,
Plaintext after decryption is returned to user, wherein key and data file by the data that encryption is decrypted with the table key after decryption
Separation storage.
6. license data safety processing method according to claim 5, it is characterised in that: the key and data file point
From wallet key, master key and table key storage is stored as in encryption equipment, data file is stored in database service
On device.
7. license data safety processing method according to claim 6, it is characterised in that: the database server uses
The transparent encryption technology of ORACLE database realizes the encryption to electronics license data file.
8. license data safety processing method according to claim 7, it is characterised in that: ORACLE data base encryption mechanism
Using 3DES168, AES128, AES192, AES256 symmetric encipherment algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910242226.5A CN109934006A (en) | 2019-03-28 | 2019-03-28 | A kind of license data safe processing device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910242226.5A CN109934006A (en) | 2019-03-28 | 2019-03-28 | A kind of license data safe processing device and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109934006A true CN109934006A (en) | 2019-06-25 |
Family
ID=66988557
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910242226.5A Pending CN109934006A (en) | 2019-03-28 | 2019-03-28 | A kind of license data safe processing device and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109934006A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120047365A1 (en) * | 2010-08-18 | 2012-02-23 | File Drop Vault, Llc | Secure, auditable file exchange system and method |
| CN109302393A (en) * | 2018-09-28 | 2019-02-01 | 方信息科技(上海)有限公司 | A kind of encryption storage system and method |
-
2019
- 2019-03-28 CN CN201910242226.5A patent/CN109934006A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120047365A1 (en) * | 2010-08-18 | 2012-02-23 | File Drop Vault, Llc | Secure, auditable file exchange system and method |
| CN109302393A (en) * | 2018-09-28 | 2019-02-01 | 方信息科技(上海)有限公司 | A kind of encryption storage system and method |
Non-Patent Citations (1)
| Title |
|---|
| 程敏 等: "Oracle数据库透明数据加密方式研究", 《信息安全与通信保密》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11652608B2 (en) | System and method to protect sensitive information via distributed trust | |
| CN102402664B (en) | Data access control device and data access control method | |
| US5343527A (en) | Hybrid encryption method and system for protecting reusable software components | |
| CN100464549C (en) | Method for realizing data safety storing business | |
| US20120321078A1 (en) | Key rotation and selective re-encryption for data security | |
| US20110283365A1 (en) | Method for user privacy protection | |
| WO2014086166A1 (en) | Method and system for preventively preserving electronic data | |
| US20090268906A1 (en) | Method and System for Authorized Decryption of Encrypted Data | |
| US20080044023A1 (en) | Secure Data Transmission | |
| CA2714196A1 (en) | Information distribution system and program for the same | |
| CN106656490B (en) | Quantum whiteboard data storage method | |
| CN109165526A (en) | A kind of big data security and privacy guard method, device and storage medium | |
| JP7302600B2 (en) | Information processing system and information processing method | |
| CN101924739A (en) | Method for encrypting, storing and retrieving software certificate and private key | |
| CN103220293A (en) | File protecting method and file protecting device | |
| US7215778B2 (en) | Encrypted content recovery | |
| EP2942899B1 (en) | Information processing method, trust server and cloud server | |
| CN102790770A (en) | Electronic document concentrated preservation and takeout safety management system and method | |
| CN110113162A (en) | A kind of sensitive information processing system, method and its equipment | |
| CN113420049A (en) | Data circulation method and device, electronic equipment and storage medium | |
| JP5396890B2 (en) | Information provision system | |
| CN109299611A (en) | File encrypting method, device, equipment/terminal/server and computer readable storage medium | |
| KR20160040399A (en) | Personal Information Management System and Personal Information Management Method | |
| CN110493212A (en) | A kind of general purpose mail End to End Encryption method | |
| US8266445B2 (en) | Encrypted communication system, encrypted communication method, encrypting device, and decrypting device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190625 |
|
| RJ01 | Rejection of invention patent application after publication |