CN111984997A - Method and device for determining whether database encryption algorithm is damaged or not and electronic equipment - Google Patents

Method and device for determining whether database encryption algorithm is damaged or not and electronic equipment Download PDF

Info

Publication number
CN111984997A
CN111984997A CN202010835573.1A CN202010835573A CN111984997A CN 111984997 A CN111984997 A CN 111984997A CN 202010835573 A CN202010835573 A CN 202010835573A CN 111984997 A CN111984997 A CN 111984997A
Authority
CN
China
Prior art keywords
preset
encryption algorithm
database
data
determining whether
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010835573.1A
Other languages
Chinese (zh)
Inventor
车晓瑶
王建华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingbase Information Technologies Co Ltd
Original Assignee
Beijing Kingbase Information Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingbase Information Technologies Co Ltd filed Critical Beijing Kingbase Information Technologies Co Ltd
Priority to CN202010835573.1A priority Critical patent/CN111984997A/en
Publication of CN111984997A publication Critical patent/CN111984997A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure relates to a method, a device and an electronic device for determining whether a database encryption algorithm is damaged, wherein the method comprises the following steps: in the running process of a database, periodically acquiring preset data corresponding to an encryption algorithm used by the database; and determining whether the encryption algorithm of the database is damaged or not at present based on preset data corresponding to the encryption algorithm. The technical scheme of the embodiment of the disclosure can realize the purpose of timely acquiring whether the encryption algorithm is damaged or not, and can improve the security of the database. In addition, in the implementation process of the technical scheme of the embodiment of the disclosure, an external tool is not needed, and the performance of the database is not affected.

Description

Method and device for determining whether database encryption algorithm is damaged or not and electronic equipment
Technical Field
The present disclosure relates to the field of database technologies, and in particular, to a method and an apparatus for determining whether a database encryption algorithm is damaged, and an electronic device.
Background
The database kernel may use various encryption algorithms, such as a digest algorithm, a symmetric encryption algorithm, and an asymmetric encryption algorithm, which are not implemented by the database itself, but rely on an external library or hardware device, such as an openssl library, a sentry pass password card, and the like. These cryptographic algorithms all run the risk of being tampered with or replaced with malicious intent, resulting in a breach of database security.
However, at present, there is no technology for checking the database encryption algorithm to determine whether the current encryption algorithm is damaged, which causes the security risk of the database in the application process.
Disclosure of Invention
In order to solve the technical problem or at least partially solve the technical problem, the present disclosure provides a method, an apparatus, and an electronic device for determining whether a database encryption algorithm is corrupted.
In a first aspect, the present disclosure provides a method for determining whether a database encryption algorithm is corrupted, including:
in the running process of a database, periodically acquiring preset data corresponding to an encryption algorithm used by the database;
and determining whether the encryption algorithm of the database is damaged or not at present based on preset data corresponding to the encryption algorithm.
Further, the preset data is stored in the database system table.
Further, still include:
in the process of developing the database, determining an encryption algorithm required by the database;
and generating preset data corresponding to each encryption algorithm based on the encryption algorithm needed by the database.
Further, the generating preset data corresponding to each encryption algorithm based on the encryption algorithm needed by the database includes:
and generating preset data corresponding to each encryption algorithm based on the encryption algorithm and the random parameters needed by the database.
Further, the encryption algorithm comprises at least one of a digest algorithm, a symmetric encryption algorithm, and an asymmetric encryption algorithm;
the preset data corresponding to the abstract algorithm comprises a preset plaintext and a preset abstract value;
the preset data corresponding to the symmetric encryption algorithm comprises a preset symmetric encryption key, a preset plaintext and a preset ciphertext;
the preset data corresponding to the asymmetric encryption algorithm comprises a preset public-private key pair, a preset plaintext, a preset signature value and a preset ciphertext.
Further, the determining whether the database encryption algorithm is damaged based on the preset data corresponding to the encryption algorithm includes:
aiming at any one encryption algorithm, determining preset condition data and preset result data in the preset data corresponding to the encryption algorithm; the preset result data can be uniquely obtained based on the preset condition data and the encryption algorithm which is not destroyed;
determining checking result data based on the preset conditions and the encryption algorithm of the current database;
and determining whether the encryption algorithm is damaged or not based on the checking result data and the preset result data.
Further, if the encryption algorithm comprises a digest algorithm; determining preset condition data and preset result data in the preset data corresponding to the encryption algorithm, including: taking the preset plaintext as preset condition data and taking the preset abstract value as preset result data;
if the encryption algorithm comprises a symmetric encryption algorithm; determining preset condition data and preset result data in the preset data corresponding to the encryption algorithm, including: taking the preset symmetric encryption key and the preset plaintext as preset condition data, and taking the preset ciphertext as preset result data;
if the encryption algorithm comprises an asymmetric encryption algorithm, determining preset condition data and preset result data in the preset data corresponding to the encryption algorithm; determining checking result data based on the preset conditions and the encryption algorithm of the current database; determining whether the encryption algorithm is damaged based on the checking result data and the preset result data; when the public key pair and the preset plaintext are executed for one time, the preset public and private key pair and the preset plaintext are used as preset condition data, and the preset signature value is used as preset result data; and in the other execution, the preset public-private key pair and the preset ciphertext are used as preset condition data, and the preset plaintext is used as preset result data.
In a second aspect, the present disclosure also provides an apparatus for determining whether a database encryption algorithm is corrupted, including:
the system comprises a preset data acquisition module, a data processing module and a data processing module, wherein the preset data acquisition module is used for periodically acquiring preset data corresponding to an encryption algorithm used by a database in the database operation process;
and the determining module is used for determining whether the encryption algorithm of the database is damaged or not based on the preset data corresponding to the encryption algorithm.
In a third aspect, the present disclosure also provides an electronic device, including: a processor and a memory;
the processor is configured to perform the steps of any of the methods described above by calling a program or instructions stored in the memory.
In a fourth aspect, the present disclosure also provides a computer-readable storage medium storing a program or instructions for causing a computer to perform the steps of any of the methods described above.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages:
the technical scheme of the embodiment of the disclosure periodically acquires preset data corresponding to an encryption algorithm used by a database in the database operation process; and determining whether the encryption algorithm of the current database is damaged or not based on preset data corresponding to the encryption algorithm, wherein the essence is that a sub-process is newly added in a database kernel, and the encryption algorithm is periodically checked. The method can achieve the purpose of timely knowing whether the encryption algorithm is damaged or not, and can improve the security of the database. In addition, in the implementation process of the technical scheme of the embodiment of the disclosure, an external tool is not needed, and the performance of the database is not affected.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a flowchart of a method for determining whether a database encryption algorithm is corrupted according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a preset data generation method provided by an embodiment of the present disclosure;
FIG. 3 is a flow chart of another method for determining whether a database encryption algorithm is corrupted provided by embodiments of the present disclosure;
fig. 4 is a block diagram illustrating a structure of a determining apparatus for determining whether a database encryption algorithm is corrupted according to an embodiment of the present disclosure;
fig. 5 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
Fig. 1 is a flowchart of a method for determining whether a database encryption algorithm is corrupted according to an embodiment of the present disclosure. The execution subject of the method may be an electronic device in which the database is installed. The method comprises the following steps:
and S110, periodically acquiring preset data corresponding to the encryption algorithm used by the database in the database operation process.
The preset data is the basis for judging whether the encryption algorithm of the current database is bad. In practice, because the specific encryption logics of different encryption algorithms are different, a plurality of different parameters can be selected as the preset data corresponding to the encryption algorithm according to the specific encryption logic used by the encryption algorithm. In addition, the parameters included in the preset data corresponding to different encryption algorithms may be the same or different. This is not limited by the present application.
Illustratively, the encryption algorithm used by the database includes at least one of a digest algorithm, a symmetric encryption algorithm, and an asymmetric encryption algorithm. Optionally, the preset data corresponding to the digest algorithm may be set to include a preset plaintext and a preset digest value; the preset data corresponding to the symmetric encryption algorithm comprises a preset symmetric encryption key, a preset plaintext and a preset ciphertext; the preset data corresponding to the asymmetric encryption algorithm comprises a preset public-private key pair, a preset plaintext, a preset signature value and a preset ciphertext.
In practice, the preset data may be stored in any location in the electronic device, and the present disclosure does not limit this. Typically, the preset data may be set to be stored in a database system table. Generally, data can be inserted into the database system table only when the database installation package is manufactured, and the data in the database system table cannot be modified during the operation of the database. The database installation package is manufactured in a database manufacturer, so that the safety of the preset data can be guaranteed, and the accurate judgment result of whether the current database encryption algorithm is damaged or not is ensured based on the preset data. In practice, since one database generally corresponds to a plurality of database system tables, it is possible to specify that the generated preset data is stored in a certain database system table when the database installation package is created.
In practice, there are various methods for generating the preset data, and the present application does not limit this. Optionally, the preset data generating method includes: in the process of developing the database, determining an encryption algorithm required by the database; and generating preset data corresponding to each encryption algorithm based on the encryption algorithm needed by the database.
The process of developing the database comprises the development process of the database from scratch and the process of updating and perfecting the existing database.
There are various methods for determining the encryption algorithm required by the database in the database development process, for example, in the database development process, the encryption algorithm required by the database is determined when the database is designed according to the requirements of the customer. Or, in the process of updating and perfecting the database, the encryption algorithm needed by the database is determined by analyzing the database source code.
In addition, it is emphasized that for the same type of encryption algorithm, different specific algorithms may be employed. Illustratively, the Digest algorithm may use MD5(Message Digest algorithm version 5, Message Digest 5) or the secret SM 3. Therefore, if the digest algorithm, the symmetric encryption algorithm, the asymmetric encryption algorithm, and the like are regarded as the major classes of the encryption algorithms, and specific algorithms (such as MD5 or SM3) that may be used in the same class of encryption algorithms are regarded as the minor classes of the encryption algorithms, when "determining the encryption algorithms that need to be used in the database" is executed, it is necessary to specify not only the major classes of the encryption algorithms that need to be used, but also the minor classes of the encryption algorithms that need to be used. The setting can ensure that the preset data which is generated subsequently and corresponds to each encryption algorithm can effectively and accurately judge whether the encryption algorithm is damaged.
The specific implementation method of generating the preset data corresponding to each encryption algorithm based on the encryption algorithm needed by the database is various, and illustratively, the preset plaintext may be determined first; then, determining a preset ciphertext based on a preset plaintext and an encryption algorithm; and finally, both the preset plaintext and the preset ciphertext are used as preset data corresponding to the encryption algorithm. Or firstly determining a preset plaintext and a preset key; then, determining a preset ciphertext based on a preset plaintext, a preset key and an encryption algorithm; and finally, taking the preset plaintext, the preset key and the preset ciphertext as preset data corresponding to the encryption algorithm. It should be noted that, in practice, when the preset data is generated, whether the preset data includes the preset key or includes other parameters except the preset plaintext, the preset key, and the encryption algorithm may be determined according to the algorithm itself, which is not limited by the present disclosure.
Further, when the step of generating the preset data corresponding to each encryption algorithm based on the encryption algorithm needed by the database is executed, the preset data corresponding to each encryption algorithm may be generated based on the encryption algorithm and the random parameter needed by the database. Random parameters are added, so that the preset plaintext and the preset ciphertext generated by each installation package are different, and the security of the database is improved. Optionally, the random parameter may be time information and/or location information when the installation package is manufactured; alternatively, the random argument may be a version number of the installation package, or the like.
And S120, determining whether the encryption algorithm of the current database is damaged or not based on the preset data corresponding to the encryption algorithm.
The implementation method of the step can be as follows: for any encryption algorithm, determining preset condition data and preset result data in preset data corresponding to the encryption algorithm; preset result data can be uniquely obtained based on the preset condition data and the uncorrupted encryption algorithm; determining checking calculation result data based on preset conditions and an encryption algorithm of a current database; and determining whether the encryption algorithm is damaged or not based on the checking result data and the preset result data.
It should be noted that, in practice, in the process of generating the preset data, the preset ciphertext is generated based on the preset plaintext. In practice, however, some encryption algorithms are reversible and some are irreversible. Therefore, when the preset condition data and the preset result data are determined, the preset plaintext can be used as the preset condition data and the preset ciphertext can be used as the preset result data aiming at certain encryption algorithms; for other encryption algorithms, the preset ciphertext is required to be used as preset condition data, and the preset plaintext is required to be used as preset result data.
For example, if the encryption algorithm includes a digest algorithm, the implementation method of this step may be: and taking a preset plaintext as preset condition data and taking a preset abstract value as preset result data. It is checked whether the digest value (i.e., the verification result data) calculated by the encryption algorithm of the preset plaintext is equal to the preset digest value (i.e., the preset result data). If not, the current database abstract algorithm is damaged; otherwise, the current database summarization algorithm is not corrupted.
If the encryption algorithm comprises a symmetric encryption algorithm; the implementation method of the step comprises the following steps: and taking the preset symmetric encryption key and the preset plaintext as preset condition data, and taking the preset ciphertext as preset result data. Checking whether a cipher text (namely checking result data) obtained by the preset plaintext through the encryption algorithm by using a preset key is equal to a preset cipher text (namely preset result data); if not, the current database symmetric encryption algorithm is damaged; otherwise, the current database symmetric encryption algorithm is not destroyed.
If the encryption algorithm comprises an asymmetric encryption algorithm, the step is set to be executed twice according to the situation that the checked content is not compatible. Executing for the first time, using a preset public-private key pair and a preset plaintext as preset condition data, and using a preset signature value as preset result data; and checking whether the signature value (namely, checking result data) obtained by the preset plaintext through calculation of the encryption algorithm by using a preset public and private key pair is equal to the preset signature value (namely, preset result data). Executing for the second time, using the preset public-private key pair and the preset ciphertext as preset condition data, and using the preset plaintext as preset result data; and checking whether the plaintext (namely, checking result data) obtained by decrypting the preset ciphertext by using the preset public and private key pair through the encryption algorithm is equal to the preset plaintext (namely, preset result data). If the two execution results are equal, the current database symmetric encryption algorithm is not damaged; otherwise, the current database symmetric encryption algorithm is destroyed.
According to the technical scheme, in the running process of the database, preset data corresponding to an encryption algorithm used by the database are periodically acquired; and determining whether the encryption algorithm of the current database is damaged or not based on preset data corresponding to the encryption algorithm, wherein the essence is that a sub-process is newly added in a database kernel, and the encryption algorithm is periodically checked. The method can achieve the purpose of timely knowing whether the encryption algorithm is damaged or not, and can improve the security of the database. In addition, in the implementation process of the technical scheme, an external tool is not needed, and the performance of the database is not affected.
Further, the subroutine program for executing the determination method of whether the database encryption algorithm is broken may be set to automatically create at the time of database installation and automatically start execution at the time of database startup, so that user involvement is not required. Optionally, it can also be set that the sub-program cannot be closed during the whole running period of the database, so that the security of the database can be further ensured.
It should be noted that, in practice, if the database uses a plurality of encryption algorithms, optionally, it may be checked whether some of the encryption algorithms are damaged or not, and it may also be checked whether all the encryption algorithms are damaged or not. But compared with the method that whether only a plurality of encryption algorithms are damaged or not is checked, whether all the encryption algorithms are damaged or not is checked, the method can enable the judgment on the security of the database to be more accurate, so that once a certain encryption algorithm is damaged, a user can timely remedy the damaged encryption algorithm, and further avoid major safety accidents.
Further, if the current database encryption algorithm is judged to be damaged, an alarm signal is sent out, and optionally, the alarm signal can be reported to a user by a loudspeaker and/or a display screen and other devices.
Fig. 2 is a flowchart of a preset data generation method according to an embodiment of the present disclosure. Illustratively, the KingbaseES database is taken as an example for explanation. Referring to fig. 2, first, all encryption algorithms used in the database are counted. Alternatively, it may be derived from source code analysis which encryption algorithms are invoked in the database source code. And then, generating corresponding preset data according to the type of each encryption algorithm, storing the generated preset data and the names of the algorithms into a specified database system table, wherein the system table can be inserted only in the process of manufacturing the installation package and cannot be modified in the operation process of the database, and the safety of the preset data is ensured. Optionally, in the preset data generation process, the preset plaintext and the preset key are generated by a specified algorithm according to the system time at the preset data generation time and the current version number of the database, so that different preset data generation is ensured, and the safety of the preset data is improved. The installation package is manufactured inside a database manufacturer, and the safety can be guaranteed.
Fig. 3 is a flowchart of another method for determining whether a database encryption algorithm is corrupted according to an embodiment of the present disclosure. Referring to fig. 3, during the database operation, the correctness of the encryption algorithm is checked. Specifically, during database startup, a sub-process of cryptographic algorithm correctness checking is created, followed by periodic checks. At the moment of reaching the check, acquiring preset data from a system table for each algorithm; generating a real-time calculation value through algorithm calculation according to the type of the algorithm; and comparing the real-time calculation value with a preset value, if the real-time calculation value is not equal to the preset value, the correctness of the encryption algorithm is damaged, and the user is directly reported. If the checking time is not reached, the subprogram is in a dormant state and waits for the next checking time to come. The method is essentially the check executed by the database kernel, and can reduce the dependence on external tools and ensure the safety. In addition, the periodic check can ensure the safety of the whole operation period of the database.
Fig. 4 is a block diagram of a determining apparatus for determining whether a database encryption algorithm is corrupted according to an embodiment of the present disclosure. Referring to fig. 4, the determining means of whether the database encryption algorithm is corrupted includes:
a preset data obtaining module 210, configured to periodically obtain preset data corresponding to an encryption algorithm used by a database in a database operation process;
the determining module 220 is configured to determine whether the database encryption algorithm is damaged based on preset data corresponding to the encryption algorithm.
Further, the preset data is stored in the database system table.
Further, the determining device for determining whether the database encryption algorithm is corrupted further comprises: the device comprises an encryption algorithm determining module and a preset data generating module.
The encryption algorithm determining module is used for determining the encryption algorithm needed by the database in the database development process;
and the preset data generation module is used for generating preset data corresponding to each encryption algorithm based on the encryption algorithm needed by the database.
Further, the preset data generating module is specifically configured to generate preset data corresponding to each encryption algorithm based on the encryption algorithm and the random parameter that are required to be used by the database.
Further, the encryption algorithm comprises at least one of a digest algorithm, a symmetric encryption algorithm, and an asymmetric encryption algorithm;
the preset data corresponding to the abstract algorithm comprises a preset plaintext and a preset abstract value;
the preset data corresponding to the symmetric encryption algorithm comprises a preset symmetric encryption key, a preset plaintext and a preset ciphertext;
the preset data corresponding to the asymmetric encryption algorithm comprises a preset public-private key pair, a preset plaintext, a preset signature value and a preset ciphertext.
Further, the determining module 220 includes a condition result determining unit, a calculating unit, and a judging unit;
a condition result determining unit configured to determine preset condition data and preset result data in the preset data corresponding to the encryption algorithm for any one of the encryption algorithms; the preset result data can be uniquely obtained based on the preset condition data and the encryption algorithm which is not destroyed;
the calculation unit is used for determining checking calculation result data based on the preset conditions and the encryption algorithm of the current database;
and the judging unit is used for determining whether the encryption algorithm is damaged or not based on the checking result data and the preset result data.
Further, if the encryption algorithm comprises a digest algorithm; a condition result determining unit, configured to specifically use the preset plaintext as preset condition data and the preset digest value as preset result data;
if the encryption algorithm comprises a symmetric encryption algorithm; a condition result determining unit, configured to use the preset symmetric encryption key and the preset plaintext as preset condition data, and use the preset ciphertext as preset result data;
if the encryption algorithm comprises an asymmetric encryption algorithm, the determining module 220 runs two sides. And in the first running, the condition result determining unit is used for taking the preset public-private key pair and the preset plaintext as preset condition data and taking the preset signature value as preset result data. And in the second operation, the condition result determining unit is used for taking the preset public-private key pair and the preset ciphertext as preset condition data and taking the preset plaintext as preset result data.
The device disclosed in the above embodiments can implement the processes of the methods disclosed in the above method embodiments, and has the same or corresponding beneficial effects. To avoid repetition, further description is omitted here.
Fig. 5 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present disclosure, as shown in fig. 5, the electronic device may include an intelligent terminal such as a mobile phone, a PAD, and a computer, and the electronic device includes:
one or more processors 301, one processor 301 being illustrated in FIG. 5;
a memory 302;
the electronic device may further include: an input device 303 and an output device 304.
The processor 301, the memory 302, the input device 303 and the output device 304 in the electronic apparatus may be connected by a bus or other means, and fig. 5 illustrates the connection by the bus as an example.
The memory 302, which is a non-transitory computer-readable storage medium, may be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the determination method of whether the database encryption algorithm is damaged in the embodiments of the present disclosure (for example, the preset data acquisition module 210 and the determination module 220 shown in fig. 4). The processor 301 executes various functional applications of the server and data processing, i.e., a determination method of whether the database encryption algorithm of the above-described method embodiment is corrupted, by executing software programs, instructions, and modules stored in the memory 302.
The memory 302 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the electronic device, and the like. Further, the memory 302 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 302 optionally includes memory located remotely from processor 301, which may be connected to a terminal device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 303 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic apparatus. The output means 304 may comprise a display device such as a display screen.
Embodiments of the present disclosure also provide a computer-readable storage medium containing a program or instructions for causing a computer to execute a method for determining whether a database encryption algorithm is corrupted, the method comprising:
in the running process of a database, periodically acquiring preset data corresponding to an encryption algorithm used by the database;
and determining whether the encryption algorithm of the database is damaged or not at present based on preset data corresponding to the encryption algorithm.
Optionally, the computer executable instructions, when executed by the computer processor, may be further configured to perform the solution of the method for determining whether the database encryption algorithm is corrupted provided by any of the embodiments of the present disclosure.
From the above description of the embodiments, it is obvious for a person skilled in the art that the present disclosure can be implemented by software and necessary general hardware, and certainly can be implemented by hardware, but in many cases, the former is a better embodiment. Based on such understanding, the technical solutions of the present disclosure may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present disclosure.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A method for determining whether a database encryption algorithm is corrupted, comprising:
in the running process of a database, periodically acquiring preset data corresponding to an encryption algorithm used by the database;
and determining whether the encryption algorithm of the database is damaged or not at present based on preset data corresponding to the encryption algorithm.
2. The method for determining whether a database encryption algorithm is corrupted according to claim 1, wherein the preset data is stored in the database system table.
3. The method for determining whether a database encryption algorithm is corrupted according to claim 1, further comprising:
in the process of developing the database, determining an encryption algorithm required by the database;
and generating preset data corresponding to each encryption algorithm based on the encryption algorithm needed by the database.
4. The method for determining whether a database encryption algorithm is damaged according to claim 3, wherein the generating preset data corresponding to each encryption algorithm based on the encryption algorithm required by the database comprises:
and generating preset data corresponding to each encryption algorithm based on the encryption algorithm and the random parameters needed by the database.
5. The method of determining whether a database encryption algorithm is compromised according to claim 4, wherein the encryption algorithm comprises at least one of a digest algorithm, a symmetric encryption algorithm, and an asymmetric encryption algorithm;
the preset data corresponding to the abstract algorithm comprises a preset plaintext and a preset abstract value;
the preset data corresponding to the symmetric encryption algorithm comprises a preset symmetric encryption key, a preset plaintext and a preset ciphertext;
the preset data corresponding to the asymmetric encryption algorithm comprises a preset public-private key pair, a preset plaintext, a preset signature value and a preset ciphertext.
6. The method for determining whether the database encryption algorithm is damaged according to claim 5, wherein the determining whether the database encryption algorithm is damaged based on the preset data corresponding to the encryption algorithm comprises:
aiming at any one encryption algorithm, determining preset condition data and preset result data in the preset data corresponding to the encryption algorithm; the preset result data can be uniquely obtained based on the preset condition data and the encryption algorithm which is not destroyed;
determining checking result data based on the preset conditions and the encryption algorithm of the current database;
and determining whether the encryption algorithm is damaged or not based on the checking result data and the preset result data.
7. The method for determining whether a database encryption algorithm is corrupted according to claim 6,
if the encryption algorithm comprises a digest algorithm; determining preset condition data and preset result data in the preset data corresponding to the encryption algorithm, including: taking the preset plaintext as preset condition data and taking the preset abstract value as preset result data;
if the encryption algorithm comprises a symmetric encryption algorithm; determining preset condition data and preset result data in the preset data corresponding to the encryption algorithm, including: taking the preset symmetric encryption key and the preset plaintext as preset condition data, and taking the preset ciphertext as preset result data;
if the encryption algorithm comprises an asymmetric encryption algorithm, determining preset condition data and preset result data in the preset data corresponding to the encryption algorithm; determining checking result data based on the preset conditions and the encryption algorithm of the current database; determining whether the encryption algorithm is damaged based on the checking result data and the preset result data; when the public key pair and the preset plaintext are executed for one time, the preset public and private key pair and the preset plaintext are used as preset condition data, and the preset signature value is used as preset result data; and in the other execution, the preset public-private key pair and the preset ciphertext are used as preset condition data, and the preset plaintext is used as preset result data.
8. A device for determining whether a database encryption algorithm is corrupted, comprising:
the system comprises a preset data acquisition module, a data processing module and a data processing module, wherein the preset data acquisition module is used for periodically acquiring preset data corresponding to an encryption algorithm used by a database in the database operation process;
and the determining module is used for determining whether the encryption algorithm of the database is damaged or not based on the preset data corresponding to the encryption algorithm.
9. An electronic device, comprising: a processor and a memory;
the processor is adapted to perform the steps of the method of any one of claims 1 to 7 by calling a program or instructions stored in the memory.
10. A computer-readable storage medium, characterized in that it stores a program or instructions for causing a computer to carry out the steps of the method according to any one of claims 1 to 7.
CN202010835573.1A 2020-08-19 2020-08-19 Method and device for determining whether database encryption algorithm is damaged or not and electronic equipment Pending CN111984997A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010835573.1A CN111984997A (en) 2020-08-19 2020-08-19 Method and device for determining whether database encryption algorithm is damaged or not and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010835573.1A CN111984997A (en) 2020-08-19 2020-08-19 Method and device for determining whether database encryption algorithm is damaged or not and electronic equipment

Publications (1)

Publication Number Publication Date
CN111984997A true CN111984997A (en) 2020-11-24

Family

ID=73434151

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010835573.1A Pending CN111984997A (en) 2020-08-19 2020-08-19 Method and device for determining whether database encryption algorithm is damaged or not and electronic equipment

Country Status (1)

Country Link
CN (1) CN111984997A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103516511A (en) * 2013-09-11 2014-01-15 国家电网公司 Method and device for detecting encryption algorithm and secret key
WO2014030706A1 (en) * 2012-08-23 2014-02-27 日本電気株式会社 Encrypted database system, client device and server, method and program for adding encrypted data
CN110620671A (en) * 2019-08-30 2019-12-27 厦门一通灵信息科技有限公司 Encryption algorithm evaluation method, medium, device and apparatus
US20200259647A1 (en) * 2019-02-12 2020-08-13 Nxm Labs Canada Inc. Quantum-augmentable hybrid encryption system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014030706A1 (en) * 2012-08-23 2014-02-27 日本電気株式会社 Encrypted database system, client device and server, method and program for adding encrypted data
CN103516511A (en) * 2013-09-11 2014-01-15 国家电网公司 Method and device for detecting encryption algorithm and secret key
US20200259647A1 (en) * 2019-02-12 2020-08-13 Nxm Labs Canada Inc. Quantum-augmentable hybrid encryption system and method
CN110620671A (en) * 2019-08-30 2019-12-27 厦门一通灵信息科技有限公司 Encryption algorithm evaluation method, medium, device and apparatus

Similar Documents

Publication Publication Date Title
CN107391298B (en) Data storage state detection method and device and computer readable storage medium
JP6334069B2 (en) System and method for accuracy assurance of detection of malicious code
CN105718807B (en) Android system and its authentic authentication system based on soft TCM and credible software stack and method
EP3791302A1 (en) Systems and methods for attributing security vulnerabilities to a configuration of a client device
CN105653947B (en) The method and device of data safety risk is applied in a kind of assessment
CN107247899B (en) Role authority control method and device based on security engine and security chip
CN111460410A (en) Server login method, device and system and computer readable storage medium
CN114444134A (en) Data use authorization method, system and device
JP2020071880A (en) Device attestation techniques
CN113360868A (en) Application program login method and device, computer equipment and storage medium
CN111797400B (en) Dynamic detection method and device for malicious application of Internet of vehicles
CN110602051B (en) Information processing method based on consensus protocol and related device
CN113922975A (en) Security control method, server, terminal, system and storage medium
CN111984997A (en) Method and device for determining whether database encryption algorithm is damaged or not and electronic equipment
CN110874474A (en) Lessocian virus defense method, Lessocian virus defense device, electronic device and storage medium
CN110362983B (en) Method and device for ensuring consistency of dual-domain system and electronic equipment
de Castro et al. EVINCED: Integrity verification scheme for embedded systems based on time and clock cycles
CN112866987B (en) Networking verification method, networking verification device and computer readable storage medium
CN114117388A (en) Device registration method, device registration apparatus, electronic device, and storage medium
CN112765588A (en) Identity recognition method and device, electronic equipment and storage medium
CN112825093A (en) Security baseline checking method, host, server, electronic device and storage medium
CN113723897A (en) OA approval method, device, equipment and storage medium based on block chain
JP2016206902A (en) Access authority information management system, terminal apparatus, and access authority information management method
CN111177726A (en) System vulnerability detection method, device, equipment and medium
US11693651B1 (en) Static and dynamic correlation of software development pipeline events

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination