CN115525916A - Database encryption method and device, electronic equipment and storage medium - Google Patents
Database encryption method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115525916A CN115525916A CN202211293955.1A CN202211293955A CN115525916A CN 115525916 A CN115525916 A CN 115525916A CN 202211293955 A CN202211293955 A CN 202211293955A CN 115525916 A CN115525916 A CN 115525916A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- database
- hook function
- calling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a database encryption method and device, electronic equipment and a storage medium, and relates to the technical field of data security. The method includes receiving an insert data request; analyzing the SQL sentence inserted into the data request to obtain analysis data; calling a hook function to judge whether the analysis data meets the encryption condition; if the data are in accordance with the preset data, calling an encryption interface of a cipher machine to encrypt the analysis data to obtain ciphertext data; storing the ciphertext data to a database; the hook function is used in the database service to realize the encryption and decryption operation, and the problems of data consistency and large-scale modification of an application program in the conventional method are solved.
Description
Technical Field
The present application relates to the field of data security technologies, and in particular, to a database encryption method and apparatus, an electronic device, and a storage medium.
Background
Database encryption refers to storing data, especially sensitive data, stored in a database in an encrypted manner.
When the existing encryption method is used for a preposed proxy and an encryption gateway, a security proxy service is arranged between a service system application and a database storage engine and is used for completing encryption and decryption work of data in a database, and encrypted data is stored in the security proxy service, so that the data consistency is difficult to ensure, and the data is stored inside and outside the database, so that the retrieval of the database is difficult to realize; another existing method is that the service system calls an encryption interface to implement encryption, an application program needs to perform encryption and decryption operations on data, and large-scale modification needs to be performed on the application program to implement the function.
Disclosure of Invention
An object of the embodiments of the present application is to provide a database encryption method, an apparatus, an electronic device, and a storage medium, which implement encryption and decryption operations using a hook function in a database service, and solve the problems of data consistency and large-scale modification of an application program in the existing method.
The embodiment of the application provides a database encryption method, which is applied to database service and comprises the following steps:
receiving a request for inserting data;
analyzing the SQL sentences inserted into the data request to obtain analyzed data;
calling a hook function to judge whether the analysis data meets the encryption condition;
if the data are in accordance with the preset data, calling an encryption interface of a cipher machine to encrypt the analysis data to obtain ciphertext data;
and storing the ciphertext data to a database.
In the implementation process, in the database service, the hook function is used for implementing encryption and decryption operations without modifying the service program, and compared with a scheme of encrypting the service program, the method has the advantages that the workload is smaller when the database encryption function is integrated, and the deployment is simpler; the method has the advantages that the original functions of the database are not influenced, the use is convenient, the data table and the sensitive field are configured in the hook function, the content to be encrypted can be set, the data table is not required to be repaired, the use is more flexible, and the problems that the data consistency exists in the existing method and the application program is required to be modified on a large scale are solved.
Further, before the step of calling the hook function to determine whether the parsed data meets the encryption condition, the method further includes:
initializing the cryptographic engine to generate an encryption key for encrypting database data.
In the implementation process, the encryption and decryption operation is performed by using the cipher machine, and compared with the traditional scheme of integrating the cipher operation into a service system, the security is higher.
Further, before the step of calling the hook function to determine whether the parsed data meets the encryption condition, the method further includes:
configuring the hook function to set data to be encrypted, wherein the data to be encrypted comprises a data table and a sensitive field;
hooking the hook function to the parsed data.
In the implementation process, the data table and the sensitive field are configured in the hook function, so that the content needing to be encrypted can be set, the data table does not need to be modified, and the hook function is more flexible to use.
Further, the step of calling the hook function to judge whether the analysis data meets the encryption condition includes:
and judging the operation type of the analysis data, and if the operation type is insertion or modification operation and the analysis data comprises the data to be encrypted, conforming to encryption conditions.
In the implementation process, the hook function is used for judging and analyzing data, and when the operation type is insertion and modification operation and contains sensitive fields, the configured sensitive fields are encrypted by using the API (application programming interface) of the cipher machine.
Further, the method further comprises:
receiving a data query request;
analyzing the SQL sentences in the query data request to obtain analysis data;
acquiring corresponding query data based on the analysis data;
calling the hook function to judge whether the operation type in the analysis data meets the decryption condition or not;
if the operation type is query and the query data contains sensitive fields, a decryption interface of a cipher machine is called to decrypt the query data to obtain plaintext data;
and sending the plaintext data to a service system.
In the implementation process, when data needs to be inquired from the database, the hook function is also used for judging and decrypting to obtain plaintext data, the original service program and the database do not need to be changed, and the method is more flexible and convenient to use.
An embodiment of the present application further provides a database encryption apparatus, where the apparatus includes:
a receiving module for receiving an insert data request;
the analysis module is used for analyzing the SQL sentences inserted into the data request to obtain analysis data;
the judging module is used for calling a hook function to judge whether the analysis data meets the encryption condition;
the encryption module is used for calling an encryption interface of the cipher machine to encrypt the analysis data to obtain ciphertext data if the encryption condition is met;
and the execution module is used for storing the ciphertext data to a database.
In the implementation process, in the database service, the hook function is used for implementing encryption and decryption operations without modifying the service program, and compared with a scheme of encrypting the service program, the method has the advantages that the workload is smaller when the database encryption function is integrated, and the deployment is simpler; the method has the advantages that the original functions of the database are not influenced, the use is convenient, the data table and the sensitive field are configured in the hook function, the content to be encrypted can be set, the data table is not required to be repaired, the use is more flexible, and the problems that the data consistency exists in the existing method and the application program is required to be modified on a large scale are solved.
Further, the apparatus further comprises:
and the initialization module is used for initializing the cipher machine so as to generate an encryption key for encrypting database data.
In the implementation process, the encryption and decryption operation is performed by using the cipher machine, and compared with the traditional scheme of integrating the cipher operation into the service program, the security is higher.
Further, the apparatus further comprises:
the hook function is used for encrypting data to be encrypted, and the data to be encrypted comprises a data table and a sensitive field;
and the hooking module is used for hooking the hook function to the analysis data.
In the implementation process, the data table and the sensitive field are configured in the hook function, the content needing to be encrypted can be set, the data table does not need to be modified, and the hook function is more flexible to use.
An embodiment of the present application further provides an electronic device, where the electronic device includes a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to enable the electronic device to execute the database encryption method described in any one of the above.
An embodiment of the present application further provides a readable storage medium, where computer program instructions are stored in the readable storage medium, and when the computer program instructions are read and executed by a processor, the computer program instructions perform the database encryption method described in any one of the foregoing descriptions.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a flowchart of a database encryption method according to an embodiment of the present application;
fig. 2 is an initialization flowchart provided in an embodiment of the present application;
FIG. 3 is a flowchart illustrating an embodiment of an insert operation;
FIG. 4 is a flowchart of a database decryption method provided in an embodiment of the present application;
FIG. 5 is a flowchart illustrating operations for querying data according to an embodiment of the present disclosure;
fig. 6 is a block diagram illustrating a structure of a database encryption apparatus according to an embodiment of the present disclosure;
fig. 7 is a block diagram of another database encryption device according to an embodiment of the present disclosure.
Icon:
100-a receiving module; 200-an analysis module; 300-a judging module; 311-an initialization module; 312-a configuration module; 313-a hook module; 400-an encryption module; 500-an execution module; 600-query module.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Example 1
Referring to fig. 1, fig. 1 is a flowchart of a database encryption method according to an embodiment of the present disclosure. The method is a database encryption method based on HOOK, which aims at the problems of data consistency and retrieval caused by the prior preposed proxy and encryption gateway schemes and the problem that the application program needs to be modified by the application layer encryption scheme.
In the application, a HOOK function is used for realizing encryption and decryption operations without modifying an original service program, the problem of data consistency of a preposed proxy and encryption gateway scheme is solved, and the original function of a database is not influenced; the problem that the application program needs to be modified due to encryption of an application layer database is solved, because the application program needs to carry out encryption and decryption operations when storing and retrieving data, and the application program needs to be modified in a large scale when the function is realized; the method solves the problems that the existing method has data consistency and needs to modify the application program in a large scale.
The method is applied to database service, and specifically comprises the following steps:
step S100: receiving a request for inserting data;
the database service receives a data inserting request sent by the business system, namely, a data SQL (structured query language) statement is inquired, an SQL driving layer is loaded in the database service, the SQL statement can be analyzed, and the obtained analysis data is operated and field screened by using a hook function, so that whether encryption or decryption is judged.
Step S200: analyzing the SQL sentences inserted into the data request to obtain analyzed data;
step S300: calling a hook function to judge whether the analysis data meets the encryption condition;
and judging the operation type of the analysis data, and if the operation type is an insertion or modification operation and the analysis data contains the data to be encrypted, conforming to the encryption condition.
Step S400: if the data are in accordance with the preset data, calling an encryption interface of a cipher machine to encrypt the analysis data to obtain ciphertext data;
step S500: and storing the ciphertext data to a database.
Before step S300, the method further includes initialization setting, as shown in fig. 2, which is an initialization flowchart specifically including the following steps:
step S311: initializing the cipher machine to generate an encryption key for encrypting database data;
compared with the traditional method for integrating the cryptographic operation into the service program, the method has higher safety by using the cryptographic machine to perform the cryptographic operation.
Step S312: configuring the hook function to set data to be encrypted, wherein the data to be encrypted comprises a data table and a sensitive field;
the data table and the sensitive field are configured in the hook function, so that the content needing to be encrypted can be set, the data table does not need to be repaired, and the hook function is more flexible to use.
Step S313: hooking the hook function to the parsed data.
The hook function comprises an encryption hook function and a decryption hook function, and after the encryption hook function is hooked to the analysis SQL statement, the hook function has the following functions: and detecting analysis data corresponding to the SQL statement, and encrypting the configured sensitive field by using the API of the cipher machine when the operation type is insertion or modification operation and the analysis data comprises data to be encrypted, such as the sensitive field.
When the decryption hook function is hooked to a return result, the hook function has the functions of: and detecting a returned result and content, and decrypting the sensitive field by using the API interface of the cipher machine when the operation type is the query operation and the sensitive field is contained.
The hook function is used in the database service, and the specific SQL operation and the sensitive field are encrypted and decrypted by detecting the analyzed SQL statement, so that the influence on the original function of the system is small, the modification cost is low, and the use is more convenient.
As shown in fig. 3, a specific flowchart of the inserting operation specifically includes:
step S11: a business program such as a business system generates SQL sentences inserted with data;
step S12: the database service receives SQL sentences requested by the business program, and analyzes the SQL sentences to obtain a data table and analysis data of operation types such as insertion operation and fields;
step S13: calling an encryption hook function, judging the operation type, calling a cipher machine to encrypt the API encryption sensitive field to obtain cipher text data if the operation type is insertion operation and contains the sensitive field, and replacing a plaintext in the SQL request by the cipher text data;
step S14: the database service performs SQL operations, i.e., plug-in data operations.
Whether encryption and decryption are needed is detected by a hook function, then the encryption and decryption operation is realized by calling a cipher machine, the method is more flexible and convenient, the functions of an original service system and a database do not need to be modified, and the problems that data consistency exists in the existing method and large-scale modification needs to be carried out on an application program are solved.
As shown in fig. 4, a flowchart of a database decryption method specifically includes the following steps:
step S601: receiving a data query request;
step S602: analyzing the SQL sentences in the query data request to obtain analyzed data;
step S603: acquiring corresponding query data based on the analysis data;
step S604: calling the hook function to judge whether the operation type in the analysis data meets the decryption condition or not;
step S605: if the operation type is inquiry and the inquiry data contains sensitive fields, calling a decryption interface of a cipher machine to decrypt the inquiry data to obtain plaintext data;
step S606: and sending the plaintext data to a service system.
As shown in fig. 5, a flowchart of the operation for querying data specifically includes the following steps:
step S21: the business program generates SQL sentences of the query data requests;
step S22: the database service receives the SQL statement requested by the business program, analyzes the SQL statement, executes SQL operation, namely executes data query operation, and obtains a result set;
step S23: calling a decryption hook function, judging the operation type, calling a decryption API (application program interface) of a cipher machine to decrypt the sensitive field in the result set to obtain plaintext data if the operation type is query operation and the result set contains the sensitive field, and replacing ciphertext data in the result set with the plaintext data; the plaintext data can be directly returned to the service system without performing a decryption operation on the service system.
Step S24: and returning the query result to the service program.
Compared with the original database service logic, the method only adds a construction function, has no influence on the processes of insertion, modification, query and the like of the original database, does not influence the original functions of the database, is more convenient to use, does not need the forwarding of a preposed agent and an encryption gateway before the service program and the database service, and has higher efficiency.
The hook function is used in the database service, the business program does not need to be modified, and compared with a scheme of encrypting and decrypting the business program, the method has the advantages that the workload is smaller when the encryption function of the database is integrated, and the deployment is simpler.
For the whole system, the control of the encrypted content is arranged in the hook function, the data table format and the business program SQL statement do not need to be modified, only the field needing to be encrypted needs to be added into the screening rule of the hook function, and the hook function is more flexible to use.
It should be noted that, the application environment and the application mode of the database, the cryptographic engine, the service system, and the like in the present application are not limited at all, and may be integrated with the relevant system, which is not described herein again.
Example 2
An embodiment of the present application provides a database encryption device, which is applied to the database encryption device described in embodiment 1, and is specifically applied to a database service, as shown in fig. 6, the database encryption device is a block diagram of a structure, and the device includes, but is not limited to:
a receiving module 100, configured to receive an insert data request;
the analysis module 200 is configured to analyze the SQL statement inserted in the data request to obtain analysis data;
a judging module 300, configured to call a hook function to judge whether the parsed data meets an encryption condition;
specifically, the operation type of the analysis data is determined, and if the operation type is an insertion or modification operation and the analysis data includes the data to be encrypted, the encryption condition is met.
The encryption module 400 is configured to, if the encryption condition is met, invoke an encryption interface of a crypto engine to encrypt the analysis data to obtain ciphertext data;
and the execution module 500 is configured to store the ciphertext data in a database.
In the database service, the hook function is used for realizing encryption and decryption operations without modifying a service program, and compared with a scheme of encrypting the service program, the method has the advantages that the workload is smaller when the encryption function of the database is integrated, and the deployment is simpler; the method has the advantages that the original functions of the database are not influenced, the use is convenient, the data table and the sensitive field are configured in the hook function, the content to be encrypted can be set, the data table is not required to be repaired, the use is more flexible, and the problems that the data consistency exists in the existing method and the application program is required to be modified on a large scale are solved.
As shown in fig. 7, which is a block diagram of another database encryption apparatus, on the basis of fig. 6, the apparatus further includes:
the initialization module 311 is configured to initialize the cryptographic engine to generate an encryption key for encrypting database data.
Compared with the traditional scheme of integrating the cryptographic operation to the business system, the method has higher safety and does not need to modify the codes and the working flow of the business system.
A configuration module 312, configured to configure the hook function to set data to be encrypted, where the data to be encrypted includes a data table and a sensitive field;
a hooking module 313 configured to hook the hooking function to the analysis data.
The content to be encrypted can be set by configuring the data table and the sensitive field in the hook function without modifying the database service, so that the hook function is more flexible to use.
The device further comprises a data query module 600, and the specific implementation process of the data query module 600 is as follows:
receiving a data query request;
analyzing the SQL sentences in the query data request to obtain analyzed data;
acquiring corresponding query data based on the analysis data;
calling the hook function to judge whether the operation type in the analysis data meets the decryption condition or not;
if the operation type is inquiry and the inquiry data contains sensitive fields, calling a decryption interface of a cipher machine to decrypt the inquiry data to obtain plaintext data;
and sending the plaintext data to a service system.
The specific implementation process is already described in embodiment 1, and is not described herein again.
Whether encryption and decryption are needed is detected by a hook function, then the encryption and decryption operation is realized by calling a cipher machine, the method is more flexible and convenient, the functions of the original service system and the database do not need to be modified, and the problems that data consistency exists and large-scale modification needs to be carried out on an application program in the existing method are solved.
Compared with the original database service logic, the method only adds a construction function, has no influence on the processes of insertion, modification, query and the like of the original database, does not influence the original functions of the database, is more convenient to use, does not need the forwarding of a preposed agent and an encryption gateway before the service program and the database service, and has higher efficiency.
The hook function is used in the database service, the service program does not need to be modified, and compared with a scheme of encrypting and decrypting the service program, the method has the advantages that the workload is smaller when the database encryption function is integrated, and the deployment is simpler.
For the whole system, the control of the encrypted content is set in the hook function, the data table format and the SQL statement of the service system do not need to be modified, only the field needing to be encrypted needs to be added into the screening rule of the hook function, and the hook function is more flexible to use.
An embodiment of the present application further provides an electronic device, where the electronic device includes a memory and a processor, the memory is used to store a computer program, and the processor runs the computer program to enable the electronic device to execute the database encryption method according to embodiment 1.
An embodiment of the present application further provides a readable storage medium, where computer program instructions are stored, and when the computer program instructions are read and executed by a processor, the database encryption method according to embodiment 1 is executed.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It should be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A database encryption method applied to a database service, the method comprising:
receiving a request for inserting data;
analyzing the SQL sentences inserted into the data request to obtain analyzed data;
calling a hook function to judge whether the analysis data meets the encryption condition;
if yes, calling an encryption interface of a cipher machine to encrypt the analysis data to obtain cipher text data;
and storing the ciphertext data to a database.
2. The database encryption method according to claim 1, wherein before the step of calling the hook function to determine whether the parsed data meets the encryption condition, the method further comprises:
initializing the cryptographic engine to generate an encryption key for encrypting database data.
3. The database encryption method according to claim 1, wherein before the step of calling the hook function to determine whether the parsed data meets the encryption condition, the method further comprises:
configuring the hook function to set data to be encrypted, wherein the data to be encrypted comprises a data table and a sensitive field;
hooking the hook function to the parsed data.
4. The database encryption method according to claim 3, wherein the calling the hook function to determine whether the parsed data meets the encryption condition includes:
and judging the operation type of the analysis data, and if the operation type is an insertion or modification operation and the analysis data contains the data to be encrypted, conforming to the encryption condition.
5. The database encryption method of claim 1, further comprising:
receiving a data query request;
analyzing the SQL sentences in the query data request to obtain analysis data;
acquiring corresponding query data based on the analysis data;
calling the hook function to judge whether the operation type in the analysis data meets the decryption condition or not;
if the operation type is inquiry and the inquiry data contains sensitive fields, calling a decryption interface of a cipher machine to decrypt the inquiry data to obtain plaintext data;
and sending the plaintext data to a service system.
6. An apparatus for encrypting a database, the apparatus comprising:
a receiving module for receiving a request to insert data;
the analysis module is used for analyzing the SQL sentences inserted into the data request to obtain analysis data;
the judging module is used for calling a hook function to judge whether the analysis data meets the encryption condition;
the encryption module is used for calling an encryption interface of the cipher machine to encrypt the analysis data to obtain ciphertext data if the encryption condition is met;
and the execution module is used for storing the ciphertext data to a database.
7. The database encryption apparatus of claim 6, wherein the apparatus further comprises:
and the initialization module is used for initializing the cipher machine so as to generate an encryption key for encrypting database data.
8. The database encryption apparatus according to claim 7, wherein said apparatus further comprises:
the configuration module is used for configuring the hook function so as to set data to be encrypted, wherein the data to be encrypted comprises a data table and a sensitive field;
and the hooking module is used for hooking the hooking function to the analysis data.
9. An electronic device, characterized in that the electronic device comprises a memory for storing a computer program and a processor for executing the computer program to cause the electronic device to perform the database encryption method according to any one of claims 1 to 5.
10. A readable storage medium having stored therein computer program instructions which, when read and executed by a processor, perform the database encryption method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211293955.1A CN115525916A (en) | 2022-10-21 | 2022-10-21 | Database encryption method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211293955.1A CN115525916A (en) | 2022-10-21 | 2022-10-21 | Database encryption method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115525916A true CN115525916A (en) | 2022-12-27 |
Family
ID=84704332
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211293955.1A Pending CN115525916A (en) | 2022-10-21 | 2022-10-21 | Database encryption method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115525916A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116776356A (en) * | 2023-07-10 | 2023-09-19 | 北京原点数安科技有限公司 | Database encryption method, device, electronic equipment, system and storage medium |
| CN117113423A (en) * | 2023-10-24 | 2023-11-24 | 中电科网络安全科技股份有限公司 | Transparent encryption method, device, equipment and storage medium for database |
-
2022
- 2022-10-21 CN CN202211293955.1A patent/CN115525916A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116776356A (en) * | 2023-07-10 | 2023-09-19 | 北京原点数安科技有限公司 | Database encryption method, device, electronic equipment, system and storage medium |
| CN117113423A (en) * | 2023-10-24 | 2023-11-24 | 中电科网络安全科技股份有限公司 | Transparent encryption method, device, equipment and storage medium for database |
| CN117113423B (en) * | 2023-10-24 | 2024-04-12 | 中电科网络安全科技股份有限公司 | Transparent encryption method, device, equipment and storage medium for database |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115525916A (en) | Database encryption method and device, electronic equipment and storage medium | |
| US11487885B2 (en) | Enabling and validating data encryption | |
| US8417640B2 (en) | Secure license key method and system | |
| CN101627390B (en) | Method for the secure storing of program state data in an electronic device | |
| US7475260B2 (en) | Method and apparatus for protecting sensitive information in a log file | |
| US9501646B2 (en) | Program verification apparatus, program verification method, and computer readable medium | |
| CN109271798A (en) | Sensitive data processing method and system | |
| US9160524B2 (en) | Method and system for recovering cryptographic operations and/or secrets | |
| CN110221990B (en) | Data storage method and device, storage medium and computer equipment | |
| CN111159053A (en) | Test method, test device and storage medium | |
| CN111131282B (en) | Request encryption method and device, electronic equipment and storage medium | |
| WO2021076186A1 (en) | Techniques for privacy-preserving data processing across multiple computing nodes | |
| CN112580100B (en) | ODBC (optical distribution bus) driving agent based structured data fine-grained encryption and decryption method and system | |
| CA2565508C (en) | Secure license key method and system | |
| CN112153012B (en) | Multi-terminal contact access method, device and storage medium | |
| JP2013061843A (en) | Computer software analysis system and client computer, and operation control method thereof and operation program thereof | |
| CN112733180A (en) | Data query method and device and electronic equipment | |
| CN113434535B (en) | Data processing method, communication system, device, product and storage medium | |
| JP4396585B2 (en) | Vulnerability diagnosis program and recording medium recording vulnerability diagnosis program | |
| JP4607023B2 (en) | Log collection system and log collection method | |
| CN114491580B (en) | Database sensitive information encryption method and device | |
| JP2006350139A (en) | Information providing device, information acquiring device, concealing system, information providing method, information acquiring method, information providing program, and information acquiring program | |
| US20100115261A1 (en) | Extensible seal management for encrypted data | |
| CN114912128A (en) | Data encryption method, device, equipment and storage medium | |
| CN114282244A (en) | Multi-cloud key management and BYOK-based data security management method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |