CN112711762A - Transparent encryption method for database - Google Patents
Transparent encryption method for database Download PDFInfo
- Publication number
- CN112711762A CN112711762A CN202011531568.8A CN202011531568A CN112711762A CN 112711762 A CN112711762 A CN 112711762A CN 202011531568 A CN202011531568 A CN 202011531568A CN 112711762 A CN112711762 A CN 112711762A
- Authority
- CN
- China
- Prior art keywords
- encryption
- key
- plug
- decryption
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9532—Query formulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9538—Presentation of query results
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
- G06F9/44526—Plug-ins; Add-ons
Abstract
The invention discloses a transparent encryption method for a database, which comprises the following steps: the encryption and decryption plug-in intercepts the SQL statement in an application layer and analyzes the SQL statement; sending the request information and the signature information corresponding to the encryption and decryption plug-in to a plug-in management and control module; the plug-in management and control module conducts feasibility verification on the signature information and the request information, after the verification is passed, a key factor corresponding to the encryption and decryption plug-in is obtained in the encryption and decryption strategy management and control module, a second key is obtained based on the key factor, and the second key is output to the encryption and decryption plug-in; and when the request contained in the data analyzed by the SQL statement is storage data, the encryption and decryption plug-in adopts a second key to encrypt the corresponding data in the analyzed SQL statement, and sends and stores the encrypted data ciphertext in the database. The invention avoids the communication between the true application user identity and the database after the illegal user softcopies the encryption and decryption plug-in, improves the security and solves the security loophole existing in the existing processing mode.
Description
Technical Field
The invention belongs to the technical field of internet, and particularly relates to a transparent encryption method for a database.
Background
In recent years, computer crime around databases or data has become a common phenomenon, and security incidents caused by leakage of privacy data are endless, and the phenomenon is that a police clock is sounded for the security of the databases. The phenomenon is difficult to avoid, except that an illegal user obtains the private data in a database collision mode, a larger part of reasons are that the private data of the user can be exported in a large batch by the high-authority user of the database, and the part of data is often naked plaintext data.
At present, encrypting data of an existing application system becomes a mainstream scheme for protecting user privacy data. The existing mainstream solution is realized based on a TDE (Transparent Data Encryption) technology. Database transparent encryption refers to encryption and decryption of data in a database, and an access program to the database is completely imperceptible. Particularly, the application system can be directly applied to the encryption library without any modification and compilation.
The mainstream technical scheme for realizing transparent encryption of the database comprises the following two modes:
the first scheme is as follows: the cryptograph database is realized through a DBMS engine (database storage engine), the scheme needs to implement customized development on the database function, although the compatibility and the performance of the encrypted database are very high, the database key management is controlled by a database manufacturer, so that the user data safety cannot be controlled by the user, and a larger safety risk exists.
Scheme II: transparent encryption and decryption of the database are achieved based on a database view mechanism, data are encrypted and written into a database table in a database entry mode, and decryption display of a user is achieved through database functions such as view and triggers. The problem of this solution is that it has a large impact on the database performance and is poor in compatibility.
The third scheme is as follows: the data base read-write process is rewritten based on the hook technology, data encryption is realized when data is written into a disk from a memory, and decryption is realized when the data is read out from the disk and loaded into the memory. The drawback of this solution is that there may be unstable control of the process by the hook technology, and the data is stored in the memory in a substantially plaintext state, so that there is a risk of leakage of the plaintext data.
A more secure transparent encryption method for the database is particularly needed, which solves the security vulnerability existing in the existing mainstream processing method, and simultaneously considers the compatibility of the database and the minimum transformation-free degree of the application system.
Disclosure of Invention
The invention aims to provide a data storage method which is safer, prevents data leakage and gives consideration to the compatibility of a database.
In order to achieve the above object, the present invention provides a transparent encryption method for a database, comprising: the encryption and decryption plug-in intercepts the SQL statement in an application layer and analyzes the SQL statement; sending the request information and the signature information corresponding to the encryption and decryption plug-in to a plug-in management and control module; the plug-in management and control module receives the signature information and the request information, performs feasibility verification on the signature information and the request information, and acquires a key factor corresponding to the encryption and decryption plug-in the encryption and decryption strategy management and control module after the verification is passed; the plug-in management and control module obtains a second key based on the key factor and outputs the second key to the encryption and decryption plug-in; and when the request contained in the data analyzed by the SQL statement is storage data, the encryption and decryption plug-in adopts the second key to encrypt the corresponding data in the analyzed SQL statement, and sends and stores the encrypted data ciphertext in the database.
Preferably, the method further comprises the following steps: when the request contained in the data analyzed by the SQL statement is read data, the encryption and decryption plug-in obtains a data ciphertext corresponding to the SQL statement from the database according to the SQL statement; and decrypting the data ciphertext by adopting the second key to obtain a data plaintext.
Preferably, when the encryption and decryption plug-in is used for the first time, the encryption and decryption plug-in sends registration information to the plug-in management and control module, and the plug-in management and control module records the IP address and the MAC address of the server where the encryption and decryption plug-in is located according to the registration information, generates and records license authorization information corresponding to the encryption and decryption plug-in, generates a key factor corresponding to the encryption and decryption plug-in, and stores the key factor in the encryption and decryption policy management and control module.
Preferably, the request information includes an IP address, a MAC address, and license authorization information, and the performing feasibility verification according to the signature information and the request information includes: verifying whether the signature information is valid based on the signature information; and after the signature information is verified to be valid, verifying whether the IP address, the MAC address and the permission authorization information are consistent with the recorded IP address, the MAC address and the permission authorization information.
Preferably, the plug-in management and control module includes a key management module, and the key management module calculates the key factor and a master key to obtain a first key, and encrypts the first key by using a key white box technology to obtain a second key.
Preferably, the second key is a symmetric key.
Preferably, the key factor is composed of an application name, a database table name, a field name, and a time factor.
Preferably, the master key is stored in the encryption engine.
Preferably, the encryption and decryption plug-in is embedded into an application system of the server in the form of jar package.
Preferably, the encryption and decryption plug-in is a JDBC component.
The invention has the beneficial effects that: the encryption and decryption plug-in of the database transparent encryption method of the invention can obtain the corresponding key only by verifying the plug-in management module, thereby avoiding communication between true application user identity and the database after illegal users copy the encryption and decryption plug-in softly, improving safety, solving the security loophole existing in the existing mainstream processing mode, and simultaneously considering the compatibility of the database and the minimum transformation-free degree of an application system.
The method of the present invention has other features and advantages which will be apparent from or are set forth in detail in the accompanying drawings and the following detailed description, which are incorporated herein, and which together serve to explain certain principles of the invention.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent by describing in more detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.
FIG. 1 shows a flow diagram of a method for transparent encryption of a database, according to one embodiment of the invention.
Fig. 2 is a functional block diagram illustrating a method for transparent encryption of a database according to an embodiment of the present invention.
Fig. 3 shows a timing diagram of a transparent encryption/decryption process of a method for transparent encryption of a database according to an embodiment of the invention.
Detailed Description
Preferred embodiments of the present invention will be described in more detail below. While the following describes preferred embodiments of the present invention, it should be understood that the present invention may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
The transparent encryption method for the database comprises the following steps: the encryption and decryption plug-in intercepts the SQL statement in an application layer and analyzes the SQL statement; sending the request information and the signature information corresponding to the encryption and decryption plug-in to a plug-in management and control module; the plug-in management and control module receives the signature information and the request information, performs feasibility verification on the signature information and the request information, and acquires a key factor corresponding to the encryption and decryption plug-in the encryption and decryption strategy management and control module after the feasibility verification is passed; the plug-in management and control module obtains a second key based on the key factor and outputs the second key to the encryption and decryption plug-in; and when the request contained in the data analyzed by the SQL statement is storage data, the encryption and decryption plug-in adopts a second key to encrypt the corresponding data in the analyzed SQL statement, and sends and stores the encrypted data ciphertext in the database.
Specifically, the encryption and decryption plugin intercepts and analyzes an application database operation statement (SQL statement), obtains analyzed data, sends request information and plugin signature information to the plugin control module, the plugin control module verifies the validity of the signature information and then verifies the reliability of the request information, when the verification is passed, the encryption and decryption strategy control module calls a key factor corresponding to the encryption and decryption plugin, the plugin control module generates a second key based on the key factor and sends the second key to the encryption and decryption plugin, the encryption and decryption plugin encrypts the intercepted data of the SQL statement by using the second key, and sends an encrypted data ciphertext to the database.
The key factors corresponding to the encryption and decryption plug-ins are preset by the plug-in management and control module, the SQL statements comprise table names and field names after analysis, the plug-ins call interfaces of the management and control module according to the encryption and decryption plug-ins, the encryption and decryption strategy management and control module inquires which fields of the table need to be encrypted, the encryption and decryption strategy management and control module inquires database records, which fields of the table need to be encrypted are found, and then the key factors of the fields are sent to the plug-in management and control module.
According to the exemplary implementation mode, the encryption and decryption plug-in of the database transparent encryption method can obtain the corresponding secret key only by verifying the plug-in management module, so that the situation that an illegal user falsely uses a real application user identity to communicate with the database after softly copying the encryption and decryption plug-in is avoided, the safety is improved, the safety loophole existing in the conventional mainstream processing mode is solved, and meanwhile, the compatibility of the database and the minimum transformation-free degree of an application system are considered.
Preferably, the method further comprises the following steps: when the request contained in the data analyzed by the SQL statement is read data, the encryption and decryption plug-in obtains a data ciphertext corresponding to the SQL statement from the database according to the SQL statement; and decrypting the data ciphertext by adopting the second key to obtain the data plaintext.
Specifically, when the request included in the data analyzed by the SQL statement is read data, the data plaintext is to be obtained, the encryption and decryption plug-in sends a query request to the database according to the SQL statement, obtains a data ciphertext corresponding to the SQL statement in the database, sends request information and signature information to the plug-in management and control module, obtains a corresponding second key, decrypts the data ciphertext by using the second key, obtains the data plaintext, and further sends the data plaintext to the user.
As a preferred scheme, when the encryption and decryption plug-in is used for the first time, the encryption and decryption plug-in sends registration information to the plug-in management and control module, and the plug-in management and control module records the IP address and the MAC address of the server where the encryption and decryption plug-in is located according to the registration information, generates and records license authorization information corresponding to the encryption and decryption plug-in, generates a key factor corresponding to the encryption and decryption plug-in, and stores the key factor in the encryption and decryption policy management and control module.
Specifically, the encryption and decryption plug-in needs to be registered in the plug-in management and control module, the IP address and the MAC address of the server where the application is located are input, the plug-in management and control module generates unique permission authorization information corresponding to the unique permission authorization information and then can be normally used, the encryption and decryption plug-in needs to be used after being registered in the plug-in management module, and therefore the fact that an illegal user falsely uses real application user identity to communicate with the database after softly copying the encryption and decryption plug-in is avoided. The plug-in management and control module records the IP address and the MAC address of the server where the encryption and decryption plug-in is located according to the registration information, generates permission authorization information corresponding to the encryption and decryption plug-in, records the permission authorization information, generates a key factor corresponding to the encryption and decryption plug-in, and stores the key factor in the encryption and decryption strategy management and control module.
Preferably, the request information includes an IP address, a MAC address, and license authorization information, and performing feasibility verification based on the signature information and the request information includes: verifying whether the signature information is valid based on the signature information; and after the signature information is verified to be valid, verifying whether the IP address, the MAC address and the permission authorization information are consistent with the recorded IP address, the MAC address and the permission authorization information.
Specifically, the plug-in management and control module checks whether the plug-in is trusted, the checking mainly includes two steps, firstly, whether the signature value of the plug-in is valid is checked, secondly, whether the permission authorization information, the IP address and the MAC address contained in the request statement are trusted (namely whether the registration is performed in the plug-in management and control module) is checked, whether the information recorded during the registration is consistent, and if the information is inconsistent, the verification fails.
As a preferred scheme, the plug-in management and control module includes a key management module, and the key management module calculates the key factor and the master key to obtain a first key, and encrypts the first key by using a key white box technology to obtain a second key.
Specifically, the keys required for encryption and decryption are calculated by the key management module to obtain a first key, and then the first key is encrypted by adopting a key white box technology to obtain a second key, so that the key management is greatly simplified, and the key white box is used for encrypting again instead of directly using the key, thereby avoiding the security risk caused by key leakage.
Preferably, the second key is a symmetric key.
Preferably, the key factor is composed of an application name, a database table name, a field name, and a time factor.
Specifically, the key factor is composed of an application name, a database table name, a field name and a time factor, and uniqueness of different fields can be ensured.
Preferably, the master key is stored in the encryption engine.
Specifically, the encryptor only needs to manage the master key, and the rest of the keys are not responsible for the master key.
Preferably, the encryption and decryption plug-in is embedded into an application system of the server in the form of jar package.
Preferably, the encryption and decryption plug-in is a JDBC component.
Specifically, the transparent encryption and decryption plug-in is embedded into an application system in a jar packet mode, and interception and analysis of application database operation statements are achieved under the condition that application is not aware through achieving a standard JDBC component driving interface.
Example one
FIG. 1 shows a flow diagram of a method for transparent encryption of a database, according to one embodiment of the invention. Fig. 2 is a functional block diagram illustrating a method for transparent encryption of a database according to an embodiment of the present invention. Fig. 3 shows a timing diagram of a transparent encryption/decryption process of a method for transparent encryption of a database according to an embodiment of the invention.
With reference to fig. 1, fig. 2 and fig. 3, the method for transparently encrypting the database includes:
step 1: the encryption and decryption plug-in intercepts the SQL statement in an application layer and analyzes the SQL statement;
step 2: sending the request information and the signature information corresponding to the encryption and decryption plug-in to a plug-in management and control module;
and step 3: the plug-in management and control module receives the signature information and the request information, performs feasibility verification on the signature information and the request information, and acquires a key factor corresponding to the encryption and decryption plug-in the encryption and decryption strategy management and control module after the feasibility verification is passed;
and 4, step 4: the plug-in management and control module obtains a second key based on the key factor and outputs the second key to the encryption and decryption plug-in;
and 5: and when the request contained in the data analyzed by the SQL statement is storage data, the encryption and decryption plug-in adopts a second key to encrypt the corresponding data in the analyzed SQL statement, and sends and stores the encrypted data ciphertext in the database.
Wherein, still include: when the request contained in the data analyzed by the SQL statement is read data, the encryption and decryption plug-in obtains a data ciphertext corresponding to the SQL statement from the database according to the SQL statement; and decrypting the data ciphertext by adopting the second key to obtain the data plaintext.
When the encryption and decryption plug-in is used for the first time, the registration information is sent to the plug-in control module, the plug-in control module records the IP address and the MAC address of a server where the encryption and decryption plug-in is located according to the registration information, license authorization information corresponding to the encryption and decryption plug-in is generated and recorded, a key factor corresponding to the encryption and decryption plug-in is generated, and the key factor is stored in the encryption and decryption strategy control module.
The method for verifying feasibility of the mobile terminal comprises the following steps that request information comprises an IP address, an MAC address and permission authorization information, and is characterized in that feasibility verification according to signature information and the request information comprises the following steps: verifying whether the signature information is valid based on the signature information; and after the signature information is verified to be valid, verifying whether the IP address, the MAC address and the permission authorization information are consistent with the recorded IP address, the MAC address and the permission authorization information.
The plug-in management and control module comprises a key management module, the key management module calculates key factors and a master key to obtain a first key, and the key white box technology is adopted to encrypt the first key to obtain a second key.
Wherein the second key is a symmetric key.
The key factor is composed of an application name, a database table name, a field name and a time factor.
Wherein the master key is stored in the encryption engine.
The encryption and decryption plug-in is embedded into an application system of the server in the form of jar packages.
Wherein, the encryption and decryption plug-in is a JDBC component.
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments.
Claims (10)
1. A method for transparent encryption of a database, comprising:
the encryption and decryption plug-in intercepts the SQL statement in an application layer and analyzes the SQL statement;
sending the request information and the signature information corresponding to the encryption and decryption plug-in to a plug-in management and control module;
the plug-in management and control module receives the signature information and the request information, performs feasibility verification on the signature information and the request information, and acquires a key factor corresponding to the encryption and decryption plug-in the encryption and decryption strategy management and control module after the verification is passed;
the plug-in management and control module obtains a second key based on the key factor and outputs the second key to the encryption and decryption plug-in;
and when the request contained in the data analyzed by the SQL statement is storage data, the encryption and decryption plug-in adopts the second key to encrypt the corresponding data in the analyzed SQL statement, and sends and stores the encrypted data ciphertext in the database.
2. The method for transparently encrypting a database according to claim 1, further comprising: when the request contained in the data analyzed by the SQL statement is read data, the encryption and decryption plug-in obtains a data ciphertext corresponding to the SQL statement from the database according to the SQL statement; and decrypting the data ciphertext by adopting the second key to obtain a data plaintext.
3. The method for transparent encryption of a database according to claim 1, wherein when the encryption and decryption plug-in is used for the first time, registration information is sent to the plug-in management and control module, the plug-in management and control module records an IP address and an MAC address of a server where the encryption and decryption plug-in is located according to the registration information, generates and records license authorization information corresponding to the encryption and decryption plug-in, generates a key factor corresponding to the encryption and decryption plug-in, and stores the key factor in the encryption and decryption policy management and control module.
4. The method for transparent encryption of database according to claim 3, wherein the request information comprises an IP address, a MAC address and license authorization information, and wherein the performing feasibility verification according to the signature information and the request information comprises:
verifying whether the signature information is valid based on the signature information;
and after the signature information is verified to be valid, verifying whether the IP address, the MAC address and the permission authorization information are consistent with the recorded IP address, the MAC address and the permission authorization information.
5. The method according to claim 1, wherein the plug-in management and control module includes a key management module, the key management module calculates the key factor and a master key to obtain a first key, and encrypts the first key by using a key white box technique to obtain a second key.
6. The method for transparent encryption of database according to claim 4, wherein the second key is a symmetric key.
7. The method for transparent encryption of database according to claim 3, wherein the key factor is composed of application name, database table name, field name and time factor.
8. The method for transparent encryption of a database according to claim 4, wherein the master key is stored in an encryption machine.
9. The method for transparently encrypting the database according to claim 2, wherein the encryption and decryption plug-ins are embedded in the application system of the server in the form of jar packages.
10. The method of transparent encryption of a database according to claim 4, wherein the encryption and decryption plug-in is a JDBC component.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011531568.8A CN112711762A (en) | 2020-12-22 | 2020-12-22 | Transparent encryption method for database |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011531568.8A CN112711762A (en) | 2020-12-22 | 2020-12-22 | Transparent encryption method for database |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112711762A true CN112711762A (en) | 2021-04-27 |
Family
ID=75543461
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011531568.8A Pending CN112711762A (en) | 2020-12-22 | 2020-12-22 | Transparent encryption method for database |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112711762A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114547661A (en) * | 2022-03-21 | 2022-05-27 | 京东科技信息技术有限公司 | Encryption and decryption method, device, equipment and storage medium for application configuration data |
| CN115396103A (en) * | 2022-10-26 | 2022-11-25 | 杭州海康威视数字技术股份有限公司 | AI data sharing method, system and device based on white box key |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107370725A (en) * | 2017-06-21 | 2017-11-21 | 西安电子科技大学 | The access method and system of general encrypting database under a kind of cloud environment |
| CN110889130A (en) * | 2018-12-10 | 2020-03-17 | 北京炼石网络技术有限公司 | Database-based fine-grained data encryption method, system and device |
| CN111125224A (en) * | 2019-12-21 | 2020-05-08 | 广州鲁邦通物联网科技有限公司 | Method and system for realizing automatic encryption and decryption of database data in Java program |
| CN111753320A (en) * | 2020-06-23 | 2020-10-09 | 深圳壹账通智能科技有限公司 | Data encryption method and device based on interceptor and computer equipment |
| CN111859426A (en) * | 2020-07-21 | 2020-10-30 | 西安电子科技大学 | Universal encrypted database connector and setting method thereof |
| CN111988640A (en) * | 2020-07-15 | 2020-11-24 | 北京数字太和科技有限责任公司 | Content copyright protection method based on original video data transformation encryption |
-
2020
- 2020-12-22 CN CN202011531568.8A patent/CN112711762A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107370725A (en) * | 2017-06-21 | 2017-11-21 | 西安电子科技大学 | The access method and system of general encrypting database under a kind of cloud environment |
| CN110889130A (en) * | 2018-12-10 | 2020-03-17 | 北京炼石网络技术有限公司 | Database-based fine-grained data encryption method, system and device |
| CN111125224A (en) * | 2019-12-21 | 2020-05-08 | 广州鲁邦通物联网科技有限公司 | Method and system for realizing automatic encryption and decryption of database data in Java program |
| CN111753320A (en) * | 2020-06-23 | 2020-10-09 | 深圳壹账通智能科技有限公司 | Data encryption method and device based on interceptor and computer equipment |
| CN111988640A (en) * | 2020-07-15 | 2020-11-24 | 北京数字太和科技有限责任公司 | Content copyright protection method based on original video data transformation encryption |
| CN111859426A (en) * | 2020-07-21 | 2020-10-30 | 西安电子科技大学 | Universal encrypted database connector and setting method thereof |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114547661A (en) * | 2022-03-21 | 2022-05-27 | 京东科技信息技术有限公司 | Encryption and decryption method, device, equipment and storage medium for application configuration data |
| CN115396103A (en) * | 2022-10-26 | 2022-11-25 | 杭州海康威视数字技术股份有限公司 | AI data sharing method, system and device based on white box key |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7639819B2 (en) | Method and apparatus for using an external security device to secure data in a database | |
| CA2481569C (en) | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function | |
| KR100946042B1 (en) | Tamper-resistant trusted virtual machine | |
| US11218299B2 (en) | Software encryption | |
| US7526649B2 (en) | Session key exchange | |
| US20110113235A1 (en) | PC Security Lock Device Using Permanent ID and Hidden Keys | |
| CN110489996B (en) | Database data security management method and system | |
| WO2020173332A1 (en) | Trusted execution environment-based application activation method and apparatus | |
| CN104756127A (en) | Secure data handling by a virtual machine | |
| CN103246850A (en) | Method and device for processing file | |
| EP2095288A1 (en) | Method for the secure storing of program state data in an electronic device | |
| CN111310213A (en) | Service data protection method, device, equipment and readable storage medium | |
| CN109598104B (en) | Software authorization protection system and method based on timestamp and secret authentication file | |
| US6336189B1 (en) | Apparatus and method for data capsule generation | |
| CN112711762A (en) | Transparent encryption method for database | |
| US20110154436A1 (en) | Provider Management Methods and Systems for a Portable Device Running Android Platform | |
| CN108399341B (en) | Windows dual file management and control system based on mobile terminal | |
| JPH10260939A (en) | Client machine authentication method of computer network, client machine, host machine and computer system | |
| CN109889334A (en) | Embedded firmware encrypting method, apparatus, wifi equipment and storage medium | |
| CN115374483B (en) | Data security storage method and device, electronic equipment, medium and chip | |
| KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
| CN113938878A (en) | Equipment identifier anti-counterfeiting method and device and electronic equipment | |
| KR20220097037A (en) | Data leak prevention system | |
| JP2002132145A (en) | Authentication method, authentication system, recording medium and information processor | |
| CN112910834B (en) | Data sharing method, device, system, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |