CN114564735A - Database encryption and complete matching retrieval system - Google Patents
Database encryption and complete matching retrieval system Download PDFInfo
- Publication number
- CN114564735A CN114564735A CN202210205257.5A CN202210205257A CN114564735A CN 114564735 A CN114564735 A CN 114564735A CN 202210205257 A CN202210205257 A CN 202210205257A CN 114564735 A CN114564735 A CN 114564735A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- query
- unit
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2453—Query optimisation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computational Linguistics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a database encryption and complete matching retrieval system, and relates to the technical field of data encryption and matching retrieval. The invention comprises a data encryption and storage module and an encrypted data query module; the data encryption and storage module comprises an encryption algorithm initialization unit, a data encryption execution unit, a ciphertext data visualization unit and an encrypted data storage unit; the encrypted data query module comprises a query receiving unit, a query analyzing unit, a data encryption and decryption unit, an encrypted data visualization unit and a query result returning unit. The method can ensure high security of data storage and rapid matching of the ciphertext data by continuously using the database index when completely matching and querying, improves the retrieval efficiency of the ciphertext data under the business scene mainly comprising completely matching and querying, and particularly can greatly improve the user experience under the condition of mass data.
Description
Technical Field
The invention belongs to the technical field of data encryption and matching retrieval, and particularly relates to a database encryption and complete matching retrieval system and method.
Background
There are three most common methods for personal information protection: encrypting the personal information in the storage database; data leakage prevention is realized through a database firewall; masking of personal information is achieved by data desensitization. The first method can ensure that the data before encryption cannot be analyzed under the condition that the database data is stolen and is widely used.
Database encryption products have been introduced by various big data security manufacturers on the market, and these products change some attributes (comparability, orderliness and similarity) of data in the database while ensuring the security of data storage, so that the encrypted database is difficult to meet the complex and diverse service requirements of an application system.
In order to solve the problem, people focus on how to keep the same or similar attributes of ciphertext data and plaintext data, so that the encrypted ciphertext can perform complex database operation or fuzzy matching as the plaintext. However, the technology development at home and abroad is slow at present, and database encryption products adopting the technology cannot meet the requirements of a business system in practical use because of the problems of performance or result matching.
As the national strength of data protection is continuously strengthened, the service system must use the protected data more cautiously, and information leakage caused by service requirements must be avoided. In recent years, with the rapid development of cloud services, cloud-based convenience services are increasing, database encryption and rapid retrieval technologies are behind supporting the services, and how to provide a completely matched retrieval capability after database encryption is a technical problem that needs to be solved urgently for encrypted products.
The simplest method to solve this problem is to decrypt the encrypted field data first and then retrieve the decrypted data. The method needs to decrypt all encrypted fields of the table, has huge cost and cannot be practically applied to products.
A data encryption and retrieval method for a database has been disclosed in the prior patent, which includes the following steps: a) firstly, encrypting original data by using a one-way encryption algorithm, and generating a non-decrypted indexable head under the condition of keeping the original data sequence unchanged; b) then continuing to encrypt the original data to generate decipherable ciphertext data; c) combining the indexable header and the decipherable ciphertext data to generate encrypted combined data and storing the encrypted combined data in a database; the one-way encryption algorithm in the step a) is MD5, SHA or HMAC; the encryption algorithm in the step b) is a symmetric key encryption algorithm.
The prior art listed above all suffer from the following disadvantages in practical product applications:
although the method of decryption before retrieval is simple, the method is only suitable for scenes with very small data volume and cannot be applied to the service environment of mass data; in the above-mentioned patent publication, the original text is encrypted by using a single encryption algorithm to generate an index, and the index is stored in the database as the initial part of the encrypted data, which has the following risks: the one-way encryption algorithms MD5 and SHA have a large cracking risk, once the data content is leaked, the data content is easy to crack, and the security of the data cannot be guaranteed; both the one-way encryption algorithms MD5 and SHA have the possibility of collision and the possibility of degrading the retrieval performance.
Disclosure of Invention
The invention completes the encryption of the database data and the complete matching retrieval method of the encrypted data by utilizing the mode of combining the existing symmetric encryption algorithm and the own visual algorithm, mainly solves the problem of fast complete matching of the encrypted data after the database data is encrypted, and is mainly used for scenes with accurate query service as the main purpose.
In order to achieve the purpose, the invention is realized by the following technical scheme:
a database encryption and perfect match retrieval system, the system comprising:
the data encryption and storage module and the encrypted data query module;
the specific processing flow of the data encryption and storage module is as follows:
s101, initializing an encryption algorithm, and loading a common symmetric key encryption algorithm;
s102, judging whether a field needing to be encrypted exists in the database, if so, executing S103, otherwise, executing S107;
s103, carrying out encryption operation on fields needing to be encrypted;
s104, performing position transformation on the binary ciphertext data;
s105, writing an obfuscated value in the transformed binary ciphertext;
s106, carrying out Base64 encoding on the new binary value;
s107, storing the processed data into a database;
wherein, the steps S104, S105 and S106 are own visualization algorithm processing flows;
in step S101, the commonly used symmetric key encryption algorithm includes AES advanced encryption standard, SM4 national key algorithm;
in step S103, the step uses an algorithm owned by the ciphertext data visualization unit to perform visualization processing on the ciphertext data;
the specific processing flow of the encrypted data query module is as follows:
s201, initializing an encryption algorithm;
s202, initializing a query request receiving engine, and waiting for receiving a query request;
s203, whether a query request is received or not is judged, if yes, step 204 is executed, and if not, step 203 is executed;
s204, judging whether the condition of the query request has an encrypted field, if so, executing a step 205, otherwise, executing a step 209;
s205, encrypting the query condition field;
s206, carrying out position transformation on the binary ciphertext data;
s207, writing an obfuscated value in the transformed binary ciphertext;
s208, carrying out Base64 encoding on the new binary value to obtain a query condition value;
s209, inquiring data from the database according to the inquiry condition;
s210, judging whether an encrypted field exists in the query result, if so, executing a step 211, otherwise, executing a step 215;
s211, performing Base64 decoding operation on the field value needing to be decrypted in the query result;
s212, removing an aliasing value from the decoded value;
s213, restoring the binary position of the ciphertext to obtain a ciphertext result;
s214, carrying out decryption operation on the ciphertext result to obtain a plaintext result;
s215, returning the result data of the query request and returning to the step 203;
wherein, S206, S207, S208 are own visualization algorithm processing flows, and S211, S212, S213 are corresponding inverse processing flows.
Optionally, the data encryption and storage module includes an encryption algorithm initialization unit, a data encryption execution unit, a ciphertext data visualization unit, and an encrypted data storage unit;
the encrypted data query module comprises a query receiving unit, a query analyzing unit, a data encryption and decryption unit, an encrypted data visualization unit and a query result returning unit;
the data encryption and storage module is used for encrypting fields needing to be protected in a database;
the encrypted data query module is used for quickly and completely matching data meeting query conditions.
Optionally, the ciphertext data visualization unit is configured to perform visualization processing on ciphertext data before being put into a database by using a self-owned algorithm, and a field after the processing can continue to use a database index to improve retrieval efficiency, so that retrieval efficiency of ciphertext data in a service scene mainly based on complete matching query is improved, and user experience of application can be greatly improved particularly under the condition of massive data.
Optionally, the data encryption execution unit is configured to execute a symmetric key encryption algorithm.
Optionally, the encrypted data storage unit is configured to store data encrypted by a symmetric key encryption algorithm.
Optionally, the data encryption and decryption unit is configured to encrypt the received data through an encryption algorithm or decrypt the received data through a decryption algorithm, where the encryption algorithm of the data encryption and decryption unit is any one of AES advanced encryption standard and SM4 cryptographic algorithm.
The embodiment of the invention has the following beneficial effects:
according to the embodiment of the invention, the high security of data storage can be ensured by combining the existing symmetric encryption algorithm with the own visual algorithm, and the ciphertext data can be continuously matched by using the database index when the data is completely matched and queried, so that the retrieval efficiency of the ciphertext data under the service scene mainly based on complete matching and querying is improved, and especially the user experience of application can be greatly improved under the condition of mass data.
Of course, it is not necessary for any product in which the invention is practiced to achieve all of the above-described advantages at the same time.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a system flow diagram of a data encryption and storage module according to an embodiment of the present invention;
fig. 2 is a schematic system flow diagram of an encrypted data query module according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses.
To maintain the following description of the embodiments of the present invention clear and concise, a detailed description of known functions and known components of the invention have been omitted.
Referring to fig. 1-2, in the present embodiment, a database encryption and perfect match retrieval system is provided, including: the data encryption and storage module and the encrypted data query module;
the specific processing flow of the data encryption and storage module is as follows:
s101, initializing an encryption algorithm, and loading a common symmetric key encryption algorithm;
s102, judging whether a field needing to be encrypted exists in the database, if so, executing S103, otherwise, executing S105;
s103, carrying out encryption operation on fields needing to be encrypted;
s104, carrying out visualization processing on the ciphertext data;
s105, storing the processed data into a database;
in step S101, the commonly used symmetric key encryption algorithm includes AES advanced encryption standard, SM4 national key algorithm;
in step S103, the step uses an algorithm owned by the ciphertext data visualization unit to perform visualization processing on the ciphertext data;
the specific processing flow of the encrypted data query module is as follows:
s201, initializing an encryption algorithm;
s202, initializing a query request receiving engine, and waiting for receiving a query request;
s203, whether a query request is received or not is judged, if yes, S204 is executed, and if not, S203 is executed;
s204, judging whether the condition of the query request has an encrypted field, if so, executing S205, otherwise, executing S207;
s205, encrypting the query condition field;
s206, carrying out visualization processing on the ciphertext data by using a self-owned algorithm;
s207, inquiring data from a database according to the inquiry condition;
s208, judging whether an encrypted field exists in the query result, if so, executing S209, otherwise, executing S210;
s209, decrypting the ciphertext field in the query result to obtain plaintext data;
and S210, returning the result data of the query request and returning to S203.
As shown in fig. 1, the data encryption and storage module includes an encryption algorithm initialization unit, a data encryption execution unit, a ciphertext data visualization unit, and an encrypted data storage unit;
the encrypted data query module comprises a query receiving unit, a query analyzing unit, a data encryption and decryption unit, an encrypted data visualization unit and a query result returning unit;
the data encryption and storage module is used for encrypting fields needing to be protected in a database;
the encrypted data query module is used for quickly and completely matching data meeting query conditions.
Database encryption products have been introduced by various big data security manufacturers on the market, and these products change some attributes (comparability, orderliness and similarity) of data in the database while ensuring the security of data storage, so that the encrypted database is difficult to meet the complex and diverse service requirements of an application system.
In order to solve the problem, people focus on how to keep the same or similar attributes of ciphertext data and plaintext data, so that the encrypted ciphertext can perform complex database operation or fuzzy matching as the plaintext. However, the technology development at home and abroad is slow at present, and database encryption products adopting the technology cannot meet the requirements of a service system in practical use because of the problems of performance or result matching;
the scheme can ensure high security of data storage and can also ensure that ciphertext data can continue to be quickly matched by using a database index when complete matching query is carried out by utilizing the mode of combining the existing symmetric encryption algorithm with the own visual algorithm, thereby improving the retrieval efficiency of the ciphertext data under the service scene mainly comprising the complete matching query, and particularly greatly improving the user experience of application under the condition of mass data.
As shown in fig. 1, the ciphertext data visualization unit is configured to perform visualization processing on ciphertext data before being put into a database by using a self-owned algorithm, and fields after processing may continue to use a database index to improve retrieval efficiency.
As shown in fig. 2, the data encryption execution unit is configured to execute a symmetric key encryption algorithm, and the encrypted data storage unit is configured to store data encrypted by the symmetric key encryption algorithm.
As shown in fig. 1-2, the data encryption and decryption unit is configured to encrypt the received data with an encryption algorithm or decrypt the received data with a decryption algorithm, where the encryption algorithm of the data encryption and decryption unit is any one of AES advanced encryption standard and SM4 national encryption algorithm.
The above embodiments are only preferred embodiments of the present invention, and not intended to limit the present invention in any way, and although the present invention has been disclosed by the preferred embodiments, it is not intended to limit the present invention, and those skilled in the art can make various changes and modifications to the equivalent embodiments by using the technical contents disclosed above without departing from the technical scope of the present invention, and the embodiments in the above embodiments can be further combined or replaced, but any simple modification, equivalent change and modification made to the above embodiments according to the technical spirit of the present invention still fall within the technical scope of the present invention.
Claims (7)
1. A database encryption and perfect match retrieval system, the system comprising:
the system comprises a data encryption and storage module, an encrypted data query module and a database module;
the data encryption and storage module comprises an encryption algorithm initialization unit, a data encryption execution unit, a ciphertext data visualization unit and an encrypted data storage unit;
the encrypted data query module comprises a query receiving unit, a query analyzing unit, a data encryption and decryption unit, an encrypted data visualization unit and a query result returning unit;
the data encryption and storage module is used for encrypting fields needing to be protected in the database module;
the encrypted data query module is used for quickly and completely matching data meeting query conditions;
the database module is used for receiving and storing data.
2. The database encryption and perfect-match retrieval system of claim 1, wherein the ciphertext data visualization unit is configured to perform visualization processing on the ciphertext data before being put in storage by using an own algorithm.
3. The system for database encryption and perfect match retrieval as claimed in claim 1, wherein the specific process flow of the data encryption and storage module is as follows:
s101, initializing an encryption algorithm, and loading a common symmetric key encryption algorithm;
s102, judging whether a field needing to be encrypted exists in the database, if so, executing S103, otherwise, executing S107;
s103, carrying out encryption operation on fields needing to be encrypted;
s104, performing position transformation on the binary ciphertext data;
s105, writing an obfuscated value in the transformed binary ciphertext;
s106, carrying out Base64 coding on the new binary value;
s107, storing the processed data into a database;
wherein, the steps S104, S105 and S106 are the own visualization algorithm processing flow.
4. The database encryption and perfect-match retrieval system according to claim 3, wherein in step S101, the commonly used symmetric key encryption algorithm includes AES advanced encryption standard, SM4 national encryption algorithm, the data encryption execution unit is configured to execute the symmetric key encryption algorithm, and the encrypted data storage unit is configured to store the data encrypted by the symmetric key encryption algorithm.
5. The database encryption and perfect-match retrieval system of claim 1, wherein the specific processing flow of the encrypted data query module is as follows:
s201, initializing an encryption algorithm;
s202, initializing a query request receiving engine, and waiting for receiving a query request;
s203, whether a query request is received or not is judged, if yes, step 204 is executed, and if not, step 203 is executed;
s204, judging whether the condition of the query request has an encrypted field, if so, executing a step 205, otherwise, executing a step 209;
s205, encrypting the query condition field;
s206, carrying out position transformation on the binary ciphertext data;
s207, writing an obfuscated value in the transformed binary ciphertext;
s208, carrying out Base64 encoding on the new binary value to obtain a query condition value;
s209, inquiring data from the database according to the inquiry condition;
s210, judging whether an encrypted field exists in the query result, if so, executing a step 211, otherwise, executing a step 215;
s211, performing Base64 decoding operation on the field value needing to be decrypted in the query result;
s212, removing an aliasing value from the decoded value;
s213, restoring the binary position of the ciphertext to obtain a ciphertext result;
s214, carrying out decryption operation on the ciphertext result to obtain a plaintext result;
s215, returning result data of the query request and returning to the step 203;
wherein, S206, S207, S208 are own visualization algorithm processing flows, and S211, S212, S213 are corresponding inverse processing flows.
6. The database encryption and perfect match retrieval system of claim 1, wherein the data encryption and decryption unit is configured to encrypt the received data by an encryption algorithm or decrypt the received data by a decryption algorithm.
7. The database encryption and perfect match retrieval system of claim 6, wherein the encryption algorithm of the data encryption and decryption unit is any one of AES advanced encryption Standard, SM4 national encryption Algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210205257.5A CN114564735A (en) | 2022-03-02 | 2022-03-02 | Database encryption and complete matching retrieval system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210205257.5A CN114564735A (en) | 2022-03-02 | 2022-03-02 | Database encryption and complete matching retrieval system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114564735A true CN114564735A (en) | 2022-05-31 |
Family
ID=81717043
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210205257.5A Pending CN114564735A (en) | 2022-03-02 | 2022-03-02 | Database encryption and complete matching retrieval system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114564735A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115033925A (en) * | 2022-08-11 | 2022-09-09 | 三未信安科技股份有限公司 | Database security retrieval method |
| CN115544498A (en) * | 2022-11-24 | 2022-12-30 | 华控清交信息科技(北京)有限公司 | Ciphertext data visual monitoring method and device and electronic equipment |
-
2022
- 2022-03-02 CN CN202210205257.5A patent/CN114564735A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115033925A (en) * | 2022-08-11 | 2022-09-09 | 三未信安科技股份有限公司 | Database security retrieval method |
| CN115033925B (en) * | 2022-08-11 | 2022-10-28 | 三未信安科技股份有限公司 | Database security retrieval method |
| CN115544498A (en) * | 2022-11-24 | 2022-12-30 | 华控清交信息科技(北京)有限公司 | Ciphertext data visual monitoring method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10498706B2 (en) | Searchable encryption enabling encrypted search based on document type | |
| CN106997439B (en) | TrustZone-based data encryption and decryption method and device and terminal equipment | |
| CN106971121B (en) | Data processing method, device, server and storage medium | |
| US10594490B2 (en) | Filtering encrypted data using indexes | |
| CN114564735A (en) | Database encryption and complete matching retrieval system | |
| CN105760765A (en) | Data encrypting method and device and data decrypting method and device | |
| CN106992851B (en) | TrustZone-based database file password encryption and decryption method and device and terminal equipment | |
| CN109361644B (en) | Fuzzy attribute based encryption method supporting rapid search and decryption | |
| US8769302B2 (en) | Encrypting data and characterization data that describes valid contents of a column | |
| Poon et al. | An efficient conjunctive keyword and phase search scheme for encrypted cloud storage systems | |
| CN110110550B (en) | Searchable encryption method and system supporting cloud storage | |
| CN114969128B (en) | Secure multi-party computing technology-based secret query method, system and storage medium | |
| CN114003559A (en) | Log access method, device and equipment and computer readable storage medium | |
| CN1588365A (en) | Ciphertext global search technology | |
| JP2022103117A (en) | Method and facility for storing encrypted data | |
| CN110635908B (en) | Management method for supporting billions of keys for electronic contract | |
| CN106685995B (en) | Leakage account data query system based on hardware encryption | |
| WO2020044095A1 (en) | File encryption method and apparatus, device, terminal, server, and computer-readable storage medium | |
| CN111460475B (en) | Method for implementing de-identification processing of data object main body based on cloud service | |
| CN106874379B (en) | Ciphertext cloud storage-oriented multi-dimensional interval retrieval method and system | |
| CN112800475A (en) | Data encryption method and device, electronic equipment and medium | |
| WO2024060630A1 (en) | Data transmission management method, and data processing method and apparatus | |
| CN104866773A (en) | Fingerprint search method and apparatus, and terminal | |
| CN107707528B (en) | Method and device for isolating user information | |
| CN115459967A (en) | Ciphertext database query method and system based on searchable encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |