CN115712641A - Database field retrieval method and related equipment - Google Patents
Database field retrieval method and related equipment Download PDFInfo
- Publication number
- CN115712641A CN115712641A CN202211480886.5A CN202211480886A CN115712641A CN 115712641 A CN115712641 A CN 115712641A CN 202211480886 A CN202211480886 A CN 202211480886A CN 115712641 A CN115712641 A CN 115712641A
- Authority
- CN
- China
- Prior art keywords
- information
- field
- encrypted
- obtaining unit
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000012545 processing Methods 0.000 claims abstract description 54
- 230000011218 segmentation Effects 0.000 claims description 29
- 238000000586 desensitisation Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 abstract description 14
- 238000010586 diagram Methods 0.000 description 11
- 238000004590 computer program Methods 0.000 description 6
- 230000009471 action Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 239000000203 mixture Substances 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013479 data entry Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The method comprises the steps of based on an AES encryption and decryption algorithm, carrying out fuzzy matching retrieval on information fields obtained by dividing and encrypting query information sent by a user in a slave table of a database, querying complete encrypted information in a master table of the database through a retrieved master key identifier, decrypting the encrypted information, carrying out information display processing on unencrypted information obtained after decryption, returning and displaying the unencrypted information to the user, and realizing quick retrieval of the encrypted information stored in the database, thereby improving the management and maintenance efficiency of the information and reducing the cost of information management and maintenance while ensuring the safety of information data.
Description
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a database field retrieval method and related devices.
Background
With the development of the internet industry, people experience various information services through an internet platform and simultaneously generate a large amount of personal information.
In order to prevent the leakage of personal information of a client and effectively ensure the information security of personal privacy of the client, a platform generally encrypts and stores the personal information related to the client. However, since the encrypted information implements information hiding, the management and maintenance of the encrypted information becomes very complicated and difficult, thereby reducing the management and maintenance efficiency of the information.
Therefore, how to improve the management and maintenance efficiency of information while ensuring the security of information data becomes a technical problem that needs to be solved urgently by those skilled in the art.
Disclosure of Invention
In view of the foregoing problems, the present disclosure provides a database field retrieval method and related device that overcome or at least partially solve the foregoing problems, and the technical solutions are as follows:
a database field retrieval method, comprising:
obtaining a query request sent by a first user, wherein the query request comprises query information to be retrieved;
performing information segmentation on the query information by using a preset field segmentation configuration condition to obtain a first information set corresponding to the query information, wherein the first information set comprises at least one first information field;
performing deduplication processing on each first information field in the first information set to obtain a second information set, where the second information set includes at least one second information field;
respectively encrypting each second information field in the second information set by using an AES (advanced encryption standard) encryption algorithm to obtain a third information set, wherein the third information set comprises encrypted third information fields which are in one-to-one correspondence with each second information field;
performing fuzzy matching retrieval on the third information set in a secondary table of a database to obtain a primary key identification set corresponding to the third information set;
under the condition that the primary key identification set comprises at least one primary key identification, respectively inquiring encrypted information corresponding to each primary key identification in a primary table of the database;
respectively decrypting each encrypted message by using an AES decryption algorithm to obtain unencrypted messages corresponding to the encrypted messages one by one;
processing each piece of unencrypted information according to a preset information display processing strategy to obtain query result information corresponding to the query request;
and returning the query result information to the first user so as to display the query result information to the first user.
Optionally, before obtaining the query request sent by the first user, the method further includes:
obtaining the unencrypted information;
encrypting the unencrypted information by using the AES encryption algorithm to obtain the encrypted information corresponding to the unencrypted data one to one;
storing the encrypted information into the main table of the database, and obtaining the main key identification of the encrypted information in the main table;
performing information segmentation on the unencrypted information by using a preset field storage feature configuration condition to obtain a fourth information set corresponding to the unencrypted information, wherein the fourth information set comprises at least one fourth information field;
performing deduplication processing on each fourth information field in the fourth information set to obtain a fifth information set, where the fifth information set includes at least one fifth information field;
encrypting each fifth information field in the fifth information set by using the AES encryption algorithm to obtain a sixth information set, wherein the sixth information set comprises encrypted sixth information fields corresponding to each fifth information field one by one;
and binding and storing the primary key identification of the encrypted information in the primary table and the sixth information set into the secondary table of the database.
Optionally, the preset information display processing policy includes a data assembly policy and a data desensitization policy.
Optionally, the processing each piece of unencrypted information according to a preset information display processing policy to obtain query result information corresponding to the query request includes:
assembling the unencrypted information according to the data assembling strategy to obtain information to be desensitized;
desensitizing the information to be desensitized according to the data desensitization strategy to obtain query result information corresponding to the query request.
Optionally, the obtaining the unencrypted information includes:
obtaining information to be input, which is input by a second user;
and identifying the unencrypted information to be encrypted in the information to be input by utilizing a preset information to be encrypted identification strategy.
Optionally, the performing fuzzy matching retrieval on the third information set in the secondary table of the database to obtain a primary key identifier set corresponding to the third information set includes:
generating SQL sentences corresponding to the third information sets by using each third information field in the third information sets;
and carrying out fuzzy matching retrieval in a secondary table of a database by using the SQL statement to obtain a primary key identification set corresponding to the third information set.
A database field retrieval apparatus, comprising: a query request obtaining unit, a first obtaining unit, a second obtaining unit, a third obtaining unit, a fourth obtaining unit, a query unit, a fifth obtaining unit, a sixth obtaining unit and a query result information returning unit,
the query request obtaining unit is configured to obtain a query request sent by a first user, where the query request includes query information to be retrieved;
the first obtaining unit is configured to perform information segmentation on the query information by using a preset field segmentation configuration condition to obtain a first information set corresponding to the query information, where the first information set includes at least one first information field;
the second obtaining unit is configured to perform deduplication processing on each first information field in the first information set to obtain a second information set, where the second information set includes at least one second information field;
the third obtaining unit is configured to encrypt, by using an AES encryption algorithm, each of the second information fields in the second information set to obtain a third information set, where the third information set includes encrypted third information fields that correspond to the second information fields one to one;
the fourth obtaining unit is configured to perform fuzzy matching retrieval on the third information set in a secondary table of a database, and obtain a primary key identifier set corresponding to the third information set;
the query unit is configured to, when the set of primary key identifiers includes at least one primary key identifier, query encrypted information corresponding to each of the primary key identifiers in a primary table of the database, respectively;
the fifth obtaining unit is configured to decrypt each encrypted information by using an AES decryption algorithm, and obtain unencrypted information corresponding to the encrypted information one to one;
the sixth obtaining unit is configured to process each piece of unencrypted information according to a preset information display processing policy, and obtain query result information corresponding to the query request;
and the query result information returning unit is used for returning the query result information to the first user so as to display the query result information to the first user.
Optionally, the apparatus further comprises: a seventh obtaining unit, an eighth obtaining unit, a ninth obtaining unit, a tenth obtaining unit, an eleventh obtaining unit, a twelfth obtaining unit, and a field storing unit,
the seventh obtaining unit, configured to obtain the unencrypted information before the query request obtaining unit obtains the query request sent by the first user;
the eighth obtaining unit is configured to encrypt the unencrypted information by using the AES encryption algorithm, and obtain the encrypted information in one-to-one correspondence with the unencrypted data;
the ninth obtaining unit is configured to store the encrypted information in the main table of the database, and obtain the primary key identifier of the encrypted information in the main table;
the tenth obtaining unit is configured to perform information segmentation on the unencrypted information by using a preset field storage feature configuration condition, and obtain a fourth information set corresponding to the unencrypted information, where the fourth information set includes at least one fourth information field;
the eleventh obtaining unit is configured to perform deduplication processing on each fourth information field in the fourth information set to obtain a fifth information set, where the fifth information set includes at least one fifth information field;
the twelfth obtaining unit is configured to encrypt, by using the AES encryption algorithm, each fifth information field in the fifth information set respectively to obtain a sixth information set, where the sixth information set includes encrypted sixth information fields that are in one-to-one correspondence with each fifth information field;
the field storage unit is configured to store the primary key identifier of the encrypted information in the primary table and the sixth information set in a binding manner in the secondary table of the database.
A computer-readable storage medium on which a program is stored, the program, when executed by a processor, implementing the database field retrieval method of any one of the above.
An electronic device comprising at least one processor, and at least one memory connected to the processor, a bus; the processor and the memory complete mutual communication through the bus; the processor is configured to call program instructions in the memory to perform any of the database field retrieval methods described above.
By means of the technical scheme, the database field retrieval method and the related device provided by the disclosure obtain the query request sent by the first user, wherein the query request comprises query information to be retrieved; performing information segmentation on query information by using preset field segmentation configuration conditions to obtain a first information set corresponding to the query information, wherein the first information set comprises at least one first information field; carrying out deduplication processing on each first information field in the first information set to obtain a second information set, wherein the second information set comprises at least one second information field; respectively encrypting each second information field in the second information set by using an AES encryption algorithm to obtain a third information set, wherein the third information set comprises encrypted third information fields corresponding to the second information fields one to one; performing fuzzy matching retrieval on the third information set in a secondary table of the database to obtain a primary key identification set corresponding to the third information set; under the condition that the main key identification set comprises at least one main key identification, respectively inquiring encrypted information corresponding to each main key identification in a main table of a database; respectively decrypting the encrypted information by using an AES decryption algorithm to obtain unencrypted information corresponding to the encrypted information one by one; processing each piece of unencrypted information according to a preset information display processing strategy to obtain query result information corresponding to the query request; and returning the query result information to the first user so as to display the query result information to the first user. The method is based on the AES encryption and decryption algorithm, fuzzy matching retrieval is carried out on the information field obtained by dividing and encrypting the query information sent by the user in the slave table of the database, the complete encrypted information is queried in the master table of the database through the retrieved master key identification, then the encrypted information is decrypted, the unencrypted information obtained after decryption is returned and displayed to the user after information display processing, and the encrypted information stored in the database is quickly retrieved, so that the management and maintenance efficiency of the information is improved while the safety of the information data is guaranteed, and the cost of information management and maintenance is reduced.
The foregoing description is only an overview of the technical solutions of the present disclosure, and the embodiments of the present disclosure are described below in order to make the technical means of the present disclosure more clearly understood and to make the above and other objects, features, and advantages of the present disclosure more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the disclosure. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic flowchart illustrating an implementation manner of a database field retrieval method according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram illustrating a binding relationship between a master table and a slave table provided by an embodiment of the present disclosure;
fig. 3 is a schematic flowchart illustrating another implementation of a database field retrieval method according to an embodiment of the present disclosure;
FIG. 4 illustrates an overall logic block diagram of information storage and retrieval provided by embodiments of the present disclosure;
fig. 5 is a schematic structural diagram of a database field retrieval apparatus provided by an embodiment of the present disclosure;
fig. 6 shows a schematic structural diagram of an electronic device provided by an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As shown in fig. 1, a schematic flowchart of an implementation manner of a database field retrieval method provided in an embodiment of the present disclosure may include:
s100, obtaining a query request sent by a first user, wherein the query request comprises query information to be retrieved.
The query information may be key information input by a user and required to be retrieved in a database. For example: the query information can be the unique identification number of the client or the personal condition information of the client.
After the query request is obtained, the query information to be retrieved in the query request can be read, and retrieval operation is carried out in a Master Table (MT) and a Slave Table (ST) which are constructed in advance in a database on the basis of the query information.
Before searching query information, a main table for storing complete encryption information and a slave table for storing an encryption information field set need to be constructed in advance in a database, and the encryption information field set and a main key identifier corresponding to the complete encryption information in the main table are bound and stored in the slave table. The binding relationship between the master table and the slave table may be as shown in fig. 2, with the slave table having fields belonging to the master table. The master table contains the relationship of the fields of the slave table, and information with binding relationship between the master table and the slave table can be queried bidirectionally through the identification of the master key, wherein the identification of the master key can be a unique identification number (ID) of the information in a database.
Optionally, based on the method shown in fig. 1, as shown in fig. 3, a flowchart of another implementation of the database field retrieval method provided in the embodiment of the present disclosure is shown, before step S100, the database field retrieval method may further include:
and A100, obtaining unencrypted information.
Wherein the unencrypted information may be private data information relating to the individual of the client.
The embodiment of the disclosure can obtain the original data information input by the user through the application system of the management database, also can obtain the original data information transmitted by other systems through the external interface, and extracts the unencrypted information needing to be encrypted from the original data information.
Optionally, the information to be entered input by the second user may be obtained in the embodiment of the present disclosure. And identifying the unencrypted information to be encrypted in the information to be input by utilizing a preset information to be encrypted identification strategy.
The information characteristics of the private data information are set in the information identification strategy to be encrypted. The information to be recorded can be identified and positioned to the information position with the information characteristic by utilizing the preset information to be encrypted identification strategy, and the information on the information position is determined to be the unencrypted information to be encrypted.
Optionally, the private data information may include an identification number, a mobile phone number, a name, and designated sensitive text. Optionally, the sensitive text content may include personal credit rating information, personal income information, and personal consumption habit analysis information of the user.
And A110, encrypting the unencrypted information by using an AES encryption algorithm to obtain encrypted information corresponding to the unencrypted data one to one.
And A120, storing the encrypted information into a main table of the database, and obtaining the main key identification of the encrypted information in the main table.
Among them, the AES (Advanced Encryption Standard) Encryption algorithm is a symmetric Encryption algorithm, and encrypts and decrypts a plaintext using the same key and offset (iv).
Specifically, the embodiment of the present disclosure may use an AES encryption algorithm to perform overall encryption on unencrypted information, write encrypted information that is well encrypted into a main table of the database, and return a main key identifier of the encrypted information in the main table.
And A130, carrying out information segmentation on the unencrypted information by using a preset field storage characteristic configuration condition to obtain a fourth information set corresponding to the unencrypted information, wherein the fourth information set comprises at least one fourth information field.
The preset field storage feature configuration condition is a strategy condition for respectively configuring corresponding field storage feature identification and segmentation for the private data information with different information composition characteristics in advance according to the information composition characteristics of different private data information.
Optionally, in the preset field storage feature configuration condition, a policy condition for performing information segmentation according to the field features may be configured for private data information composed of a plurality of information fields having the field features. The embodiment of the disclosure can divide the unencrypted information into the information fields respectively corresponding to the field characteristics under the condition of identifying the unencrypted information as the private data information with different information composition characteristics. For example: when the private data information is the identification number, the identification number is composed of three fields of a region identification code, a birth date identification code and a personal identification code, and after the identification number is subjected to information segmentation, the fields included in the corresponding fourth information set are obtained and are respectively the region identification code, the birth date identification code and the personal identification code. Similarly, after the information of the name is divided, the fields included in the corresponding fourth information set are obtained as the surname and the first name, respectively.
Optionally, in the embodiment of the present disclosure, a fixed field division length may be configured for the private data information as the sensitive text content in the preset field storage feature configuration condition, and in a case that the unencrypted information is the sensitive text content, the unencrypted information is subjected to information division according to the field division length, and lengths of fields in the obtained fourth information set are the same.
And A140, performing deduplication processing on each fourth information field in the fourth information set to obtain a fifth information set, wherein the fifth information set comprises at least one fifth information field.
In order to avoid repeated encrypted storage of the same information fields and save computing resources, the embodiment of the present disclosure may perform deduplication processing on each fourth information field in the fourth information set, so as to ensure that the duplicated fifth information set does not include the same information field.
And A150, respectively encrypting each fifth information field in the fifth information set by using an AES encryption algorithm to obtain a sixth information set, wherein the sixth information set comprises the encrypted sixth information fields which are in one-to-one correspondence with the fifth information fields.
And A160, binding and storing the primary key identification of the encrypted information in the primary table and the sixth information set into a secondary table of the database.
The key and the offset for encrypting the information field and completely encrypting the unencrypted information can be the same, and the encrypted sixth information set and the encrypted information are bound and stored under the corresponding field name in the slave table in the main key identification of the main table, so that the field encryption storage process of the database is completed.
The encrypted information and the encrypted information fields corresponding to the unencrypted information are bound and stored in the database through the master table and the slave table of the database, and the information fields stored in the slave table can be accessed or read when the information is input and retrieved, so that the encrypted information in the master table can be efficiently obtained according to the master key identification corresponding to the retrieved information fields, the information safety in the database is guaranteed, and the encrypted data in the database can be conveniently managed by a user.
S110, carrying out information segmentation on the query information by using preset field segmentation configuration conditions to obtain a first information set corresponding to the query information, wherein the first information set comprises at least one first information field.
The preset field segmentation configuration condition is a field segmentation strategy condition configured for the query information in advance. Optionally, a fixed field division length may be set in the preset field division configuration condition, and a personalized field division manner for a special field including private data information may also be set.
S120, performing deduplication processing on each first information field in the first information set to obtain a second information set, wherein the second information set comprises at least one second information field.
In order to avoid repeated retrieval of information fields and improve validity and efficiency of fuzzy matching retrieval, the embodiments of the present disclosure may perform deduplication processing on each first information field in the first information set, so as to ensure that the deduplicated second information set does not include the same information field.
S130, encrypting each second information field in the second information set by using an AES encryption algorithm to obtain a third information set, wherein the third information set comprises encrypted third information fields corresponding to the second information fields one to one.
It can be understood that the key and the offset of the AES encryption algorithm are the same, so that the encrypted result is the same for the same information field during storage and retrieval, thereby achieving effective database field retrieval and facilitating management and maintenance of information.
S140, fuzzy matching retrieval is carried out on the third information set in the secondary table of the database, and a primary key identification set corresponding to the third information set is obtained.
The embodiment of the present disclosure may generate the SQL statement corresponding to the third information set by using each third information field in the third information set. And carrying out fuzzy matching retrieval in the secondary table of the database by using the SQL sentence to obtain a primary key identification set corresponding to the third information set.
The embodiment of the disclosure may search, in each information set stored in the slave table of the database, a target information set corresponding to each third information field in the third information set by fuzzy matching, and determine each primary key identifier corresponding to the target information set in the slave table of the database. It can be understood that, due to the fuzzy matching search, there may be a plurality of target information sets on the matching, and the corresponding primary key identifiers of these target information sets in the secondary table, respectively, are obtained, that is, the primary key identifier set corresponding to the third information set is obtained.
In practical applications, by fuzzy matching search, there may be no information set matched in the secondary table of the database, that is, the primary key identifier corresponding to the third information set is not matched, and at this time, the primary key identifier set corresponding to the third information set may be empty.
Optionally, in this embodiment of the present disclosure, a message that the matching result is empty may be fed back to the first user when the primary key identifier set corresponding to the third information set is empty.
S150, under the condition that the primary key identification set comprises at least one primary key identification, respectively inquiring the encrypted information corresponding to each primary key identification in the primary table of the database.
The embodiment of the disclosure can respectively use each primary key identifier in the primary key identifier set as a retrieval condition, perform retrieval query on each primary key identifier in the primary table of the database, and obtain encrypted information stored in the primary table of the database corresponding to the primary key identifier under the condition that any primary key identifier is queried in the primary table.
And S160, respectively decrypting the encrypted information by using an AES decryption algorithm to obtain unencrypted information corresponding to the encrypted information one by one.
Wherein, the AES decryption algorithm is a decryption algorithm corresponding to the AES encryption algorithm. The disclosed embodiments may decrypt encrypted information using the key and offset used by the AES encryption algorithm for encryption, thereby decrypting unencrypted information.
S170, processing each piece of unencrypted information according to a preset information display processing strategy to obtain query result information corresponding to the query request.
In practical application, in order to avoid disordered display of unencrypted information and prevent exposure of sensitive information, the display of query result information needs to meet the requirement of an application system for managing a database, and therefore, before the unencrypted information is displayed, corresponding information display processing needs to be performed on the unencrypted information to obtain the information display requirement of the application system for managing the database.
Optionally, the preset information display processing policy includes a data assembly policy and a data desensitization policy.
Optionally, the embodiment of the present disclosure may perform assembling processing on the unencrypted information according to a data assembling policy, to obtain the information to be desensitized. Desensitization processing is carried out on the information to be desensitized according to a data desensitization strategy, and query result information corresponding to the query request is obtained.
The data assembly strategy is provided with different arrangement modes of the unencrypted information. For example: in the case of including the name: zhang III, identification card number: 430122200000000000, mobile phone number: under the condition of unencrypted information including 173000000000, the embodiment of the disclosure can assemble the encrypted information in sequence according to the sequence of the name, the identification number and the mobile phone number according to the data assembly strategy to obtain the assembled information to be desensitized, namely ' zhangsan ', 430122200000000000, 173000000000 '.
Because private data information of a client is related, for inquiry requests sent by users with different authorities, before showing inquiry result information, the private data information needs to be desensitized according to a desensitization mode corresponding to the authority and then is shown to the user. For example: in the case where the information to be desensitized is "zhang san, 430122200000000000, 173000000000", the query result information after desensitization may be "zhang, 4301222, 173.
Optionally, the preset information display processing policy may further include a data analysis policy and a data translation policy. It is understood that the specific strategy involved in the preset information presentation processing strategy may be set by actual business requirements.
And S180, returning the query result information to the first user so as to display the query result information to the first user.
To facilitate understanding of an actual search flow for database field search, the following description is given by way of example: assuming query information X = abcabcabcd, if the field division length S = {2}, the first information set P1= { AB, BC, CA, AB, BC, CD }, after information division is good, the second information set P2= { AB, BC, CA, CD }, after duplication removal, each information field in the second information set is encrypted by using an AES encryption algorithm, the master key identifier set I = {1,2,3,4,5} of the master table is obtained from the slave table of the database by calculating each third information field concatenation SQL in the encrypted third information set, the complete encrypted information is obtained from the master table through the master key identifier set I and decrypted, the information display processing is performed on the unencrypted information, and query result information is returned. In the case that the primary key identifier is not matched in the secondary table of the database, the primary key identifier set is I = { }, and a message that the matching result is empty is directly fed back at this time.
To facilitate an overall understanding of the information storage and retrieval process, reference is made herein to FIG. 4: as shown in fig. 4, in the overall logic block diagram of information storage and retrieval provided by the embodiment of the present disclosure, an application system performs raw data entry, a storage interpreter analyzes stored data, splits the stored data, removes duplicates of the split data, performs encryption fragmentation using a key and an offset, and stores the data in a database, and simultaneously performs complete encryption storage on raw metadata using the same key and offset in the database. When the original data is searched by an application system, SQL is accumulated by a search interpreter, so that a temporary primary key identification set is searched in a database, detailed data corresponding to the primary key identification is obtained from a primary table of the database through a search result collator, and finally a search result is returned.
The method for retrieving the database field obtains a query request sent by a first user, wherein the query request comprises query information to be retrieved; performing information segmentation on query information by using preset field segmentation configuration conditions to obtain a first information set corresponding to the query information, wherein the first information set comprises at least one first information field; carrying out deduplication processing on each first information field in the first information set to obtain a second information set, wherein the second information set comprises at least one second information field; respectively encrypting each second information field in the second information set by using an AES encryption algorithm to obtain a third information set, wherein the third information set comprises encrypted third information fields corresponding to the second information fields one to one; performing fuzzy matching retrieval on the third information set in a secondary table of the database to obtain a primary key identification set corresponding to the third information set; under the condition that the main key identification set comprises at least one main key identification, respectively inquiring encrypted information corresponding to each main key identification in a main table of a database; respectively decrypting each encrypted message by using an AES decryption algorithm to obtain unencrypted messages corresponding to the encrypted messages one by one; processing each piece of unencrypted information according to a preset information display processing strategy to obtain query result information corresponding to the query request; and returning the query result information to the first user so as to display the query result information to the first user. The method is based on the AES encryption and decryption algorithm, fuzzy matching retrieval is carried out on the information field obtained by dividing and encrypting the query information sent by the user in the slave table of the database, the complete encrypted information is queried in the master table of the database through the retrieved master key identification, then the encrypted information is decrypted, the unencrypted information obtained after decryption is returned and displayed to the user after information display processing, and the encrypted information stored in the database is quickly retrieved, so that the management and maintenance efficiency of the information is improved while the safety of the information data is guaranteed, and the cost of information management and maintenance is reduced.
Although the operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
Corresponding to the foregoing method embodiment, an embodiment of the present disclosure further provides a database field retrieval apparatus, where the structure of the apparatus is shown in fig. 5, and the apparatus may include: the query request obtaining unit 100, the first obtaining unit 200, the second obtaining unit 300, the third obtaining unit 400, the fourth obtaining unit 500, the query unit 600, the fifth obtaining unit 700, the sixth obtaining unit 800, and the query result information returning unit 900.
The query request obtaining unit 100 is configured to obtain a query request sent by a first user, where the query request includes query information to be retrieved.
A first obtaining unit 200, configured to perform information segmentation on query information by using a preset field segmentation configuration condition, and obtain a first information set corresponding to the query information, where the first information set includes at least one first information field.
A second obtaining unit 300, configured to perform deduplication processing on each first information field in the first information set to obtain a second information set, where the second information set includes at least one second information field.
A third obtaining unit 400, configured to encrypt, by using an AES encryption algorithm, each second information field in the second information set respectively, to obtain a third information set, where the third information set includes encrypted third information fields that correspond to the second information fields one to one.
A fourth obtaining unit 500, configured to perform fuzzy matching retrieval on the third information set in the slave table of the database, and obtain a primary key identifier set corresponding to the third information set.
The querying unit 600 is configured to query, in the case that the set of primary key identifiers includes at least one primary key identifier, encrypted information corresponding to each primary key identifier in a primary table of the database.
A fifth obtaining unit 700, configured to decrypt each encrypted message by using an AES decryption algorithm, and obtain unencrypted messages corresponding to the encrypted messages one to one.
A sixth obtaining unit 800, configured to process each unencrypted information according to a preset information display processing policy, and obtain query result information corresponding to the query request.
The query result information returning unit 900 is configured to return the query result information to the first user, so as to display the query result information to the first user.
Optionally, the database field retrieving device may further include: a seventh obtaining unit, an eighth obtaining unit, a ninth obtaining unit, a tenth obtaining unit, an eleventh obtaining unit, a twelfth obtaining unit, and a field storing unit.
A seventh obtaining unit, configured to obtain the unencrypted information before the query request obtaining unit 100 obtains the query request sent by the first user.
And the eighth obtaining unit is used for encrypting the unencrypted information by using an AES encryption algorithm to obtain the encrypted information which corresponds to the unencrypted data one by one.
And the ninth obtaining unit is used for storing the encrypted information into a main table of the database and obtaining the main key identification of the encrypted information in the main table.
And a tenth obtaining unit, configured to perform information segmentation on the unencrypted information by using a preset field storage feature configuration condition, and obtain a fourth information set corresponding to the unencrypted information, where the fourth information set includes at least one fourth information field.
An eleventh obtaining unit, configured to perform deduplication processing on each fourth information field in the fourth information set to obtain a fifth information set, where the fifth information set includes at least one fifth information field.
A twelfth obtaining unit, configured to encrypt, by using an AES encryption algorithm, each fifth information field in a fifth information set, respectively, to obtain a sixth information set, where the sixth information set includes encrypted sixth information fields that are in one-to-one correspondence with each fifth information field.
And the field storage unit is used for binding and storing the primary key identification of the encrypted information in the primary table and the sixth information set into a secondary table of the database.
Optionally, the preset information display processing policy includes a data assembly policy and a data desensitization policy.
Optionally, the sixth obtaining unit 800 is specifically configured to perform assembling processing on the unencrypted information according to a data assembling policy, so as to obtain information to be desensitized; desensitization processing is carried out on the information to be desensitized according to a data desensitization strategy, and query result information corresponding to the query request is obtained.
Optionally, the seventh obtaining unit is specifically configured to obtain information to be entered, input by the second user; and identifying the unencrypted information to be encrypted in the information to be input by utilizing a preset information identification strategy to be encrypted.
Optionally, the fourth obtaining unit 500 is specifically configured to generate, by using each third information field in the third information set, an SQL statement corresponding to the third information set; and carrying out fuzzy matching retrieval in the secondary table of the database by using the SQL sentence to obtain a primary key identification set corresponding to the third information set.
The database field retrieval device provided by the disclosure obtains a query request sent by a first user, wherein the query request comprises query information to be retrieved; performing information segmentation on query information by using preset field segmentation configuration conditions to obtain a first information set corresponding to the query information, wherein the first information set comprises at least one first information field; carrying out deduplication processing on each first information field in the first information set to obtain a second information set, wherein the second information set comprises at least one second information field; respectively encrypting each second information field in the second information set by using an AES encryption algorithm to obtain a third information set, wherein the third information set comprises encrypted third information fields corresponding to the second information fields one to one; performing fuzzy matching retrieval on the third information set in a secondary table of the database to obtain a primary key identification set corresponding to the third information set; under the condition that the primary key identification set comprises at least one primary key identification, respectively inquiring encrypted information corresponding to each primary key identification in a primary table of a database; respectively decrypting each encrypted message by using an AES decryption algorithm to obtain unencrypted messages corresponding to the encrypted messages one by one; processing each piece of unencrypted information according to a preset information display processing strategy to obtain query result information corresponding to the query request; and returning the query result information to the first user so as to display the query result information to the first user. The method is based on the AES encryption and decryption algorithm, fuzzy matching retrieval is carried out on the information field obtained by dividing and encrypting the query information sent by the user in the slave table of the database, the complete encrypted information is queried in the master table of the database through the retrieved master key identification, then the encrypted information is decrypted, the unencrypted information obtained after decryption is returned and displayed to the user after information display processing, and the encrypted information stored in the database is quickly retrieved, so that the management and maintenance efficiency of the information is improved while the safety of the information data is guaranteed, and the cost of information management and maintenance is reduced.
With regard to the apparatus in the above-described embodiment, the specific manner in which each unit performs the operation has been described in detail in the embodiment related to the method, and will not be described in detail here.
The database field retrieval device comprises a processor and a memory, wherein the query request obtaining unit 100, the first obtaining unit 200, the second obtaining unit 300, the third obtaining unit 400, the fourth obtaining unit 500, the query unit 600, the fifth obtaining unit 700, the sixth obtaining unit 800, the query result information returning unit 900 and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set with one or more than one kernel, based on AES encryption and decryption algorithm by adjusting kernel parameters, fuzzy matching retrieval is carried out on information fields obtained by dividing and encrypting inquiry information sent by a user in a slave table of the database, complete encrypted information is inquired in a master table of the database through a retrieved master key identifier, the encrypted information is decrypted, and unencrypted information obtained after decryption is returned and displayed to the user after information display processing, so that the encrypted information stored in the database is quickly retrieved, the information management and maintenance efficiency is improved while the information data security is guaranteed, and the information management and maintenance cost is reduced.
An embodiment of the present disclosure provides a computer-readable storage medium on which a program is stored, the program implementing the database field retrieval method when executed by a processor.
The embodiment of the disclosure provides a processor, which is used for running a program, wherein the database field retrieval method is executed when the program runs.
As shown in fig. 6, an embodiment of the present disclosure provides an electronic device 1000, where the electronic device 1000 includes at least one processor 1001, and at least one memory 1002 and a bus 1003 connected to the processor 1001; the processor 1001 and the memory 1002 complete communication with each other through the bus 1003; the processor 1001 is used to call program instructions in the memory 1002 to execute the database field retrieval method described above. The electronic device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present disclosure also provides a computer program product adapted to execute a program initialized with database field retrieval method steps when executed on an electronic device.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, electronic devices (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, an electronic device includes one or more processors (CPUs), memory, and a bus. The electronic device may also include input/output interfaces, network interfaces, and the like.
The memory may include volatile memory in a computer readable medium, random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip. The memory is an example of a computer-readable medium.
Computer-readable media, including both permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
In the description of the present disclosure, it is to be understood that the directions or positional relationships indicated as referring to the terms "upper", "lower", "front", "rear", "left" and "right", etc., are based on the directions or positional relationships shown in the drawings, and are only for convenience of describing the present invention and simplifying the description, but do not indicate or imply that the positions or elements referred to must have specific directions, be constituted and operated in specific directions, and thus, are not to be construed as limitations of the present disclosure.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional identical elements in the process, method, article, or apparatus comprising the element.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present disclosure and is not intended to limit the same. Various modifications and variations of this disclosure will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present disclosure should be included in the scope of the claims of the present disclosure.
Claims (10)
1. A method for database field retrieval, comprising:
obtaining a query request sent by a first user, wherein the query request comprises query information to be retrieved;
performing information segmentation on the query information by using a preset field segmentation configuration condition to obtain a first information set corresponding to the query information, wherein the first information set comprises at least one first information field;
performing deduplication processing on each first information field in the first information set to obtain a second information set, where the second information set includes at least one second information field;
respectively encrypting each second information field in the second information set by using an AES (advanced encryption standard) encryption algorithm to obtain a third information set, wherein the third information set comprises encrypted third information fields which are in one-to-one correspondence with each second information field;
performing fuzzy matching retrieval on the third information set in a secondary table of a database to obtain a primary key identification set corresponding to the third information set;
under the condition that the primary key identification set comprises at least one primary key identification, respectively inquiring encrypted information corresponding to each primary key identification in a primary table of the database;
respectively decrypting each encrypted message by using an AES decryption algorithm to obtain unencrypted messages corresponding to the encrypted messages one by one;
processing each unencrypted information according to a preset information display processing strategy to obtain query result information corresponding to the query request;
and returning the query result information to the first user so as to display the query result information to the first user.
2. The method of claim 1, wherein prior to said obtaining the query request sent by the first user, the method further comprises:
obtaining the unencrypted information;
encrypting the unencrypted information by using the AES encryption algorithm to obtain the encrypted information corresponding to the unencrypted data one to one;
storing the encrypted information into the main table of the database, and obtaining the main key identification of the encrypted information in the main table;
performing information segmentation on the unencrypted information by using a preset field storage feature configuration condition to obtain a fourth information set corresponding to the unencrypted information, wherein the fourth information set comprises at least one fourth information field;
performing deduplication processing on each fourth information field in the fourth information set to obtain a fifth information set, where the fifth information set includes at least one fifth information field;
encrypting each fifth information field in the fifth information set by using the AES encryption algorithm to obtain a sixth information set, wherein the sixth information set comprises encrypted sixth information fields corresponding to each fifth information field one by one;
and storing the primary key identification of the encrypted information in the primary table and the sixth information set in the secondary table of the database in a binding mode.
3. The method according to claim 1, wherein the preset information presentation processing strategy comprises a data assembly strategy and a data desensitization strategy.
4. The method according to claim 3, wherein the processing each piece of unencrypted information according to a preset information presentation processing policy to obtain query result information corresponding to the query request comprises:
assembling the unencrypted information according to the data assembling strategy to obtain information to be desensitized;
desensitizing the information to be desensitized according to the data desensitization strategy to obtain query result information corresponding to the query request.
5. The method of claim 2, wherein the obtaining the unencrypted information comprises:
obtaining information to be input, which is input by a second user;
and identifying the unencrypted information to be encrypted in the information to be input by utilizing a preset information identification strategy to be encrypted.
6. The method of claim 1, wherein the performing fuzzy matching retrieval on the third information set in a slave table of a database to obtain a primary key identification set corresponding to the third information set comprises:
generating SQL sentences corresponding to the third information sets by using each third information field in the third information sets;
and carrying out fuzzy matching retrieval in a secondary table of a database by using the SQL statement to obtain a primary key identification set corresponding to the third information set.
7. A database field retrieval apparatus, comprising: a query request obtaining unit, a first obtaining unit, a second obtaining unit, a third obtaining unit, a fourth obtaining unit, a query unit, a fifth obtaining unit, a sixth obtaining unit and a query result information returning unit,
the query request obtaining unit is configured to obtain a query request sent by a first user, where the query request includes query information to be retrieved;
the first obtaining unit is configured to perform information segmentation on the query information by using a preset field segmentation configuration condition, and obtain a first information set corresponding to the query information, where the first information set includes at least one first information field;
the second obtaining unit is configured to perform deduplication processing on each first information field in the first information set to obtain a second information set, where the second information set includes at least one second information field;
the third obtaining unit is configured to encrypt, by using an AES encryption algorithm, each of the second information fields in the second information set to obtain a third information set, where the third information set includes encrypted third information fields that correspond to the second information fields one to one;
the fourth obtaining unit is configured to perform fuzzy matching retrieval on the third information set in a secondary table of a database, and obtain a primary key identifier set corresponding to the third information set;
the query unit is configured to, when the set of primary key identifiers includes at least one primary key identifier, respectively query encrypted information corresponding to each of the primary key identifiers in a primary table of the database;
the fifth obtaining unit is configured to decrypt each encrypted information by using an AES decryption algorithm, and obtain unencrypted information corresponding to the encrypted information one to one;
the sixth obtaining unit is configured to process each unencrypted information according to a preset information display processing policy, and obtain query result information corresponding to the query request;
and the query result information returning unit is used for returning the query result information to the first user so as to display the query result information to the first user.
8. The apparatus of claim 7, further comprising: a seventh obtaining unit, an eighth obtaining unit, a ninth obtaining unit, a tenth obtaining unit, an eleventh obtaining unit, a twelfth obtaining unit, and a field storing unit,
the seventh obtaining unit, configured to obtain the unencrypted information before the query request obtaining unit obtains the query request sent by the first user;
the eighth obtaining unit is configured to encrypt the unencrypted information by using the AES encryption algorithm, and obtain the encrypted information corresponding to the unencrypted data one to one;
the ninth obtaining unit is configured to store the encrypted information in the main table of the database, and obtain the primary key identifier of the encrypted information in the main table;
the tenth obtaining unit is configured to perform information segmentation on the unencrypted information by using a preset field storage feature configuration condition, and obtain a fourth information set corresponding to the unencrypted information, where the fourth information set includes at least one fourth information field;
the eleventh obtaining unit is configured to perform deduplication processing on each fourth information field in the fourth information set to obtain a fifth information set, where the fifth information set includes at least one fifth information field;
the twelfth obtaining unit is configured to encrypt, by using the AES encryption algorithm, each fifth information field in the fifth information set respectively to obtain a sixth information set, where the sixth information set includes encrypted sixth information fields that are in one-to-one correspondence with each fifth information field;
the field storage unit is configured to store the primary key identifier of the encrypted information in the primary table and the sixth information set in a binding manner in the secondary table of the database.
9. A computer-readable storage medium on which a program is stored, the program, when being executed by a processor, implementing a database field retrieval method according to any one of claims 1 to 6.
10. An electronic device comprising at least one processor, and at least one memory connected to the processor, a bus; the processor and the memory complete mutual communication through the bus; the processor is configured to invoke program instructions in the memory to perform the database field retrieval method of any of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211480886.5A CN115712641A (en) | 2022-11-24 | 2022-11-24 | Database field retrieval method and related equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211480886.5A CN115712641A (en) | 2022-11-24 | 2022-11-24 | Database field retrieval method and related equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115712641A true CN115712641A (en) | 2023-02-24 |
Family
ID=85234769
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211480886.5A Pending CN115712641A (en) | 2022-11-24 | 2022-11-24 | Database field retrieval method and related equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115712641A (en) |
-
2022
- 2022-11-24 CN CN202211480886.5A patent/CN115712641A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3547198B1 (en) | Method, system and apparatus for data access | |
CN1761923B (en) | Method and apparatus for encrypting database columns | |
US8447983B1 (en) | Token exchange | |
US8533489B2 (en) | Searchable symmetric encryption with dynamic updating | |
US7694134B2 (en) | System and method for encrypting data without regard to application | |
CN101587479B (en) | Database management system kernel oriented data encryption/decryption system and method thereof | |
US20060041533A1 (en) | Encrypted table indexes and searching encrypted tables | |
US20150026462A1 (en) | Method and system for access-controlled decryption in big data stores | |
CN111737720B (en) | Data processing method and device and electronic equipment | |
US8769302B2 (en) | Encrypting data and characterization data that describes valid contents of a column | |
CN112825520A (en) | User privacy data processing method, device, system and storage medium | |
CN113609221A (en) | Data storage method, data access device and storage medium | |
EP2778953A1 (en) | Encoded-search database device, method for adding and deleting data for encoded search, and addition/deletion program | |
CN106934299A (en) | A kind of Database Encrypt System and method | |
CN113420049A (en) | Data circulation method and device, electronic equipment and storage medium | |
JP4594078B2 (en) | Personal information management system and personal information management program | |
KR20160040399A (en) | Personal Information Management System and Personal Information Management Method | |
CN117009988A (en) | Encryption data storage and query method based on blockchain | |
CN115712641A (en) | Database field retrieval method and related equipment | |
CN115495774A (en) | Risk data query method, system, trusted unit and server | |
CN114896611A (en) | Data processing method, processor and machine readable storage medium | |
JP2011164907A (en) | Information management system | |
CN111404662B (en) | Data processing method and device | |
WO2024087312A1 (en) | Database access method, computing device and server | |
Branco Jr et al. | A flexible mechanism for data confidentiality in cloud database scenarios |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |