CN116186108A - Method for supporting fuzzy query by encrypting sensitive field - Google Patents
Method for supporting fuzzy query by encrypting sensitive field Download PDFInfo
- Publication number
- CN116186108A CN116186108A CN202211678891.7A CN202211678891A CN116186108A CN 116186108 A CN116186108 A CN 116186108A CN 202211678891 A CN202211678891 A CN 202211678891A CN 116186108 A CN116186108 A CN 116186108A
- Authority
- CN
- China
- Prior art keywords
- index
- encryption
- field
- query
- character
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2468—Fuzzy queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
- G06F16/24553—Query execution of query operations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Fuzzy Systems (AREA)
- Probability & Statistics with Applications (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a method for supporting fuzzy query by encrypting sensitive fields, which comprises the following steps: s1, establishing a database; s2, storing database data, wherein the database data comprises: inputting database data; obtaining field content of a current record to be processed; different modes are adopted for storage according to whether the field needs encryption or not; generating encryption indexes for fields needing encryption by adopting a block encryption algorithm, wherein the encryption indexes are generated by adopting different index generation modes according to the content length of the fields; saving the encryption index to the ciphertext index field; s3, encrypting the data query, including: and determining a query keyword, generating an encryption index query string and querying. The grouping algorithm of the invention generates the encryption index in different modes according to different lengths of the character strings, thereby realizing efficient left matching, and the result set is required to be subjected to memory matching only when the length of the character string of the query key word is larger than the grouping length and is not an integer multiple of the grouping length, thereby greatly improving the matching efficiency.
Description
Technical Field
The invention relates to the field of computer retrieval, in particular to a method for supporting fuzzy query by encrypting sensitive fields.
Background
Data security is becoming more and more important today, and encrypting sensitive fields is an effective security means to prevent leakage of customer information when personal privacy data is involved. The privacy data mainly comprises information such as customer names, identification card numbers, addresses, user account numbers, passwords, card numbers and the like. When logging in the system, the user needs to check the corresponding plaintext information. For an administrator with data authority, fuzzy inquiry is often needed to perform data searching and statistics when data statistics analysis is performed.
The current scheme for realizing encryption and decryption inquiry has the following defects: 1. the database realizes encryption and decryption functions, the encryption functions are executed during storage, and the database is queried after decryption during query; by adopting different databases of the method, the method is possibly incompatible with programs, so that the databases are encrypted, the programs are failed to decrypt, the decryption function is used for decrypting data during query, query performance is lost, and indexes cannot be used. 2. Using transcoding encryption, such as base64, etc.; the method has low safety and is easy to crack, so that data is divulged; the private data cannot be well protected. 3. When the program realizes encryption and decryption and inquires, data is loaded into a system memory, and after decryption, the memory inquires information; this method requires loading data into the memory, and when the amount of data is large, the memory consumption is too large. 4. The expansion column is added, and a word segmentation device mode is used, so that the method has complex algorithm of the word segmentation device, and the index ciphertext is easy to explosively increase.
Therefore, how to improve the retrieval efficiency and accuracy of the encrypted field is an important research direction in the database retrieval at present.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention aims to support efficient left matching fuzzy query on private data.
The invention provides a method for supporting fuzzy query by encrypting sensitive fields, which comprises the following steps:
s1, establishing a database, and setting an encryption algorithm and the length of a ciphertext packet unit;
establishing a database, wherein fields in the database are divided into three types, specifically: the method comprises the steps of setting a common field, a ciphertext field and a ciphertext index field corresponding to the ciphertext field as indexes of a database;
setting an encryption method and a ciphertext grouping unit length cellLength;
s2, storing database data;
s21, acquiring data to be input into a database;
s22, obtaining field content field keys of field of the current record to be processed;
s23, judging whether the current field needs to be stored in an encrypted mode, encrypting the fieldkey according to an encryption algorithm if the current field needs to be stored in an encrypted mode, generating ciphertext data, storing the ciphertext data in des_info, storing des_info in the current field, and then executing the step S24; directly storing the data field to the corresponding field without encryption storage, and returning to the step S22;
s24, generating an encryption index by adopting a block encryption algorithm;
according to the relation between the character string length of the input data fieldKey and the cellLength value, generating an encryption index according to the situation, specifically:
(1) When the fieldKey length is not greater than cellLength,
encrypting each character in the fieldKey respectively, and splicing the encryption results according to the original character sequence to obtain an encryption index string des_index;
(2) When the fieldKey is an integer multiple n of cellLength, n is an integer greater than 1,
dividing a fieldKey into a first cell and a lastStr, wherein the first cell is a pre-cellLength character, and the lastStr is a residual character;
encrypting and splicing the first cell character by character to obtain pre_des_index;
equally dividing lastStr into (n-1) groups, and encrypting and splicing the groups to obtain last_des_index;
obtaining an encryption index des_index=pre_des_index+last_des_index;
(3) When fieldKey is greater than n x cellLength and less than (n + 1) cellLength, n is an integer greater than 1,
dividing the fieldKey into three parts, firstCell, lastStr and tailStr; wherein first cell is the pre-cellLength characters, lastStr is the characters of celllength+1 to n; the tailStr is the remaining string;
encrypting and splicing the first cell character by character to obtain pre_des_index;
equally dividing lastStr into (n-1) groups, and encrypting and splicing the groups to obtain last_des_index;
direct discarding of the tailStr string length less than cellLength;
obtaining an encryption index des_index=pre_des_index+last_des_index;
s25, storing the encryption index des_index into a ciphertext index field corresponding to the current ciphertext field, and returning to the step S22 until all data processing is finished;
s3, inquiring encrypted data;
s31, determining a query key word;
s32, generating an encryption index query character string desQueryKey and returning a query result, wherein the method specifically comprises the following steps:
according to the relation between the character string length of the current query keyword query_key and the cellLength value, generating an encryption index query character string desQueryKey according to the situation, and querying, specifically:
(1) When the query _ key length is not greater than cellLength,
each character in the query_key is encrypted respectively, and the encryption result is spliced according to the original character sequence to obtain an encryption index inquiry character string desQueryKey;
the encryption index is used for inquiring the string desQueryKey, a result set is accurately filtered through fuzzy matching of a database, and then the inquired result is decrypted and then is responded to a user;
(2) When the query_key length is an integer multiple n of cellLength, n is an integer greater than 1,
dividing the query_key into a first cell and a lastStr, wherein the first cell is a pre-cellLength character, and the lastStr is the rest character;
encrypting and splicing the first cell character by character to obtain a pre_index;
equally dividing lastStr into (n-1)
Group by group encryption and splicing to obtain last_index;
obtaining an encryption index query string desQueryKey=pre_index+last_index;
the encryption index is used for inquiring the string desQueryKey, a result set is accurately filtered through fuzzy matching of a database, and then the inquired result is decrypted and then is responded to a user;
(3) When the query_key is greater than n x cellLength and less than (n + 1) cellLength, n is an integer greater than 1,
dividing the query_key into three parts, namely a first cell, a lastStr and a tailStr; wherein first cell is the pre-cellLength characters, lastStr is the characters of celllength+1 to n; the tailStr is the remaining string;
encrypting and splicing the first cell character by character to obtain a pre_index;
equally dividing lastStr into (n-1) groups, and encrypting and splicing the groups to obtain last_index;
if the length of the TAILStr character string is less than the cellLength, no processing is carried out;
obtaining an encryption index query string desQueryKey=pre_index+last_index;
and (3) using the encryption index to inquire the string desQueryKey, carrying out fuzzy matching through a database to obtain a filtered result set, decrypting ciphertext in the filtered result set in a memory, circularly matching the inquiry keyword query_key, and returning the successfully matched data to the user.
Preferably, the database in step S1 only establishes a common field for the information that does not need to be encrypted, and plain text information is stored in the common field; and establishing two fields, namely a ciphertext field and a ciphertext index field for the information to be encrypted, wherein the ciphertext field stores the encrypted ciphertext, and the ciphertext index field stores the corresponding index.
Preferably, the field is a ciphertext field represented by adding a comment identifier to the field in the database.
Preferably, the encryption algorithm in 23 is a symmetric encryption algorithm, and one of the following modes is adopted in specific encryption: the same encryption algorithm and key are used for different fields, different encryption methods are used for different fields, or the same encryption method is used for different fields but different keys are used.
Preferably, the encryption algorithm in the step S23 is des, aes or des3.
Preferably, in the step S31, the query key is stored in a field manner, and the field type is the same as the field type to be queried in the database.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention sets the index ciphertext column as the index of the database, and the query efficiency can be improved by means of a database indexing mechanism by adopting the method.
2. The grouping algorithm of the invention generates the encryption index string in different modes according to different lengths of the character strings, independently encrypts the first few characters with the same grouping length for the character strings with the grouping length, and adopts grouping encryption to realize efficient left matching without causing overlong ciphertext.
3. The invention only needs to carry out memory matching when the character string length of the query key word is larger than the grouping length and is not an integer multiple of the grouping length, and only needs to decrypt the filtered result set when the memory matching is carried out, and does not need to decrypt all ciphertext, thereby greatly improving the matching efficiency.
Drawings
FIG. 1 is a flow chart of a method for encrypting a sensitive field to support fuzzy queries;
FIG. 2 is a block encryption algorithm generating an encryption index;
fig. 3 is a block encryption algorithm generating an encryption index query string.
Detailed Description
For a better understanding of the technical solution of the present invention, the following detailed description of the specific embodiments of the present invention refers to the accompanying drawings and examples. In the drawings, like reference numbers indicate identical or functionally similar elements. Although various aspects of the embodiments are illustrated in the accompanying drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
In order to meet the requirement of character query matching input by a user to the greatest extent, a grouping algorithm is adopted when a field is stored, and encryption index strings in different grouping modes are generated according to different lengths of character strings; meanwhile, because the grouping method is used, the situation that the queried result set is larger than the actual result set exists when the database is queried, and therefore, in the memory, the result set is secondarily matched in a plaintext matching mode, and the accurate query result is returned to the user.
The invention discloses a method for supporting fuzzy query by encrypting sensitive fields, which is shown in figure 1 and comprises the following specific implementation steps:
s1, establishing a database, and setting an encryption algorithm and the length of a ciphertext packet unit.
Establishing a database, wherein fields in the database are divided into three types, specifically: a normal field, a ciphertext field, and a ciphertext index field corresponding to the ciphertext field. The common field directly stores the input content into the field, such as a user name, a user nickname and the like; the ciphertext field is used for storing user privacy data, wherein the privacy data generally comprises information such as a client name, an identity card number, an address, a user account number, a password, a card number and the like; the ciphertext index field is used for storing a corresponding ciphertext index generated according to the ciphertext field, and meanwhile, the ciphertext index field is set as an index of a database, so that query efficiency can be improved by means of a database index mechanism. Table 1 sets examples for database fields:
TABLE 1
| Field name | Field type | Whether or not to encrypt storage | Field description |
| userName | String | Whether or not | User name |
| nickName | String | Whether or not | User nickname |
| idCardNo | String | Is that | Identity card |
| idCardNoindex | String | Whether or not | Index of identity card |
| address | String | Is that | Address of |
| addressindex | String | Whether or not | Address index |
| … | … | … | … |
As can be seen from table 1, the usernames and the nicknames in this exemplary database belong to common fields, the idcardndo and the address belong to ciphertext fields, the data in these two fields need to be encrypted for storage, and the idcardndoindex and the address index belong to ciphertext index fields, wherein the idcardndoindex is the index of the idcardndo, and the address index is the index of the address.
In this embodiment, the database is mysql supporting the index, but a relational database such as oracle, sqlserver and a non-relational database such as es may be used.
When corresponding fields are established in the database, only one common field is established for the information which does not need to be encrypted, and plaintext information is stored in the common field; and establishing two fields, namely a ciphertext field and a ciphertext index field for the information to be encrypted, wherein the ciphertext field stores the encrypted ciphertext, and the ciphertext index field stores the corresponding index. And storing the fields established in the database in a data storage interface, adding an annotation identifier @ needledEncode to the fields needing to be encrypted, and judging whether to encrypt the fields according to the identifier when the system receives data. Because the present application mainly considers the retrieval of ciphertext, the field data types shown are all strings.
Setting an encryption method, wherein in the embodiment, des is adopted for encryption, and a des secret key generated is deskey. The information in the encrypted field can also be encrypted by adopting symmetric encryption algorithms such as aes, des3 and the like. Even different encryption methods may be employed for different fields or different keys may be used although the same encryption method is used for different fields.
Setting the ciphertext group unit length as N.
S2, storing database data.
S21, acquiring data required to be input into a database.
S22, obtaining field content field keys of field of the current record to be processed; if the data has been saved in the database in its entirety, step S2 is ended.
If the current record is the m-th record, the current field is address, the field contains @ needlencode, and the field content of the address field of the m-th record is fieldkey= "a1c".
S23, judging whether the current field needs to be stored in an encrypted mode according to whether the current field has the annotation identification, encrypting the fieldkey according to an encryption algorithm if the current field needs to be stored in an encrypted mode, generating ciphertext data to be stored in des_info, storing the des_info in the current field, and then executing the step S24; without encryption, the data field is directly stored in the corresponding field, and the procedure returns to step S22.
If the current field is the address field, it is determined that the address field belongs to the ciphertext field, so that the field key of the mth record needs to be encrypted, the encrypted ciphertext data is stored in the des_info variable, then the des_info is stored in the address field of the mth record, and then step S24 is continuously performed.
If the current field is the nickName field, because the nickName field is not the ciphertext field, the field key of the mth record is directly saved to the nickName field, and the step S22 is returned. The next time step S22 is performed, the value of m may be changed, the field may be changed, or both may be changed.
S24, generating an encryption index by adopting a block encryption algorithm, as shown in fig. 2.
According to the relation between the character string length of the field content fieldKey and the cellLength value, generating an encryption index according to the situation, specifically:
(1) When the fieldKey length is not greater than cellLength,
encrypting each character in the fieldKey respectively, and splicing the encryption results according to the original character sequence to obtain an encryption index string des_index;
such as: the cellLength has a set value of 4, and the input data filedkey= "a1c", because the length of the filedKey is smaller than the set value of 4 of cellLength, the encryption is performed on 'a "1', 'c', respectively:
the encryption of 'a' results in: sdfsd/rfew/erwer;
the encryption of '1' results in: a ges/fad;
'c' encryption results in: mm/sfsdf;
splicing the encryption results according to the original character sequence to obtain an encryption index;
des_index=sdfsd/rfew/erwer nges/fad mm/sfsdf。
(2) When the fieldKey is an integer multiple n of cellLength, n is an integer greater than 1,
dividing a fieldKey into a first cell and a lastStr, wherein the first cell is a pre-cellLength character, and the lastStr is a residual character;
encrypting and splicing the first cell character by character to obtain pre_des_index;
equally dividing lastStr into (n-1) groups, and encrypting and splicing the groups to obtain last_des_index;
resulting in an encryption index des_index=pre_des_index+last_des_index.
(3) When fieldKey is greater than n x cellLength and less than (n + 1) cellLength, n is an integer greater than 1,
dividing the fieldKey into three parts, firstCell, lastStr and tailStr; wherein first cell is the pre-cellLength characters, lastStr is the characters of celllength+1 to n; the tailStr is the remaining string;
encrypting and splicing the first cell character by character to obtain pre_des_index;
equally dividing lastStr into (n-1) groups, and encrypting and splicing the groups to obtain last_des_index;
direct discarding of the tailStr string length less than cellLength;
resulting in an encryption index des_index=pre_des_index+last_des_index.
S25, after the encryption index des_index is stored in the ciphertext index field corresponding to the current ciphertext field, returning to the step S22 until all data processing is finished.
If the current field in step S22 is the ciphertext field address, and filedkey=a1c, belonging to the (1) th case in step S24, the encryption index is obtained; des_index=sdfsd/rfew/power ranges/fad mm/sfsdf; the encryption index des_index is stored in an addressindex ciphertext index field corresponding to the ciphertext field address.
S3, encrypting the data query.
S31, determining the query keywords.
| Field name | Field type | Field description |
| queryKey | String | Query keywords |
The query key is stored in a field queryKey mode, and the field type is the same as the field type to be queried in the database and is a character string. Therefore, the queryKey field can have only 1 record, or can have a plurality of records, namely, the query keyword can have only one character string, or can consist of a plurality of character strings, and when a plurality of character strings exist, each character string can be queried in a mode of only one character string. The value of the current query key is saved using the variable query_key.
S32, generating an encryption index query character string desQueryKey and returning a query result, as shown in FIG. 3, specifically comprising:
according to the relation between the character string length of the current query keyword query_key and the cellLength value, generating an encryption index query character string desQueryKey according to the situation, and querying, specifically:
(1) When the query _ key length is not greater than cellLength,
each character in the query_key is encrypted respectively, and the encryption result is spliced according to the original character sequence to obtain an encryption index inquiry character string desQueryKey;
and (3) using the encryption index to inquire the string desQueryKey, precisely filtering a result set through fuzzy matching of the database, decrypting the inquired result and then responding to the user.
(2) When the query_key length is an integer multiple n of cellLength, n is an integer greater than 1,
dividing the query_key into a first cell and a lastStr, wherein the first cell is a pre-cellLength character, and the lastStr is the rest character;
encrypting and splicing the first cell character by character to obtain a pre_index;
equally dividing lastStr into (n-1) groups, and encrypting and splicing the groups to obtain last_index;
obtaining an encryption index query string desQueryKey=pre_index+last_index;
and (3) using the encryption index to inquire the string desQueryKey, precisely filtering a result set through fuzzy matching of the database, decrypting the inquired result and then responding to the user.
(3) When the query_key is greater than n x cellLength and less than (n + 1) cellLength, n is an integer greater than 1,
dividing the query_key into three parts, namely a first cell, a lastStr and a tailStr; wherein first cell is the pre-cellLength characters, lastStr is the characters of celllength+1 to n; the tailStr is the remaining string;
encrypting and splicing the first cell character by character to obtain a pre_index;
equally dividing lastStr into (n-1) groups, and encrypting and splicing the groups to obtain last_index;
if the length of the TAILStr character string is less than the cellLength, no processing is carried out;
resulting in an encrypted index query string desquery key = pre_index + last_index.
The encryption index is used for inquiring the string desQueryKey, and a filtered result set is obtained through fuzzy matching of a database, but the filtered data at the moment is inaccurate, only contains the first n 4 bits, and memory matching is needed, wherein the specific process of the memory matching is as follows: after decrypting the ciphertext in the filtered result set, the query key word query_key is circularly matched, and when the method is specifically implemented, whether the selected query key word query_key is contained or not can be judged by means of a system function string. And performing secondary matching on the result set in the memory, so as to return an accurate query result to the user.
The key of the scheme is that a grouping algorithm (the grouping algorithm can consider the algorithms such as the word segmenters ei and ik) is adopted when the fields are stored, and the grouping algorithm generates encryption index strings in different modes according to different lengths of the character strings. When the database is queried, the same grouping algorithm is also adopted to generate an encryption index query character string for the query keyword, the encryption index query character string can be directly matched by using the ciphertext index field to obtain a query result, the memory matching is only needed when the character string length of the query keyword is larger than the grouping length and is not an integer multiple of the grouping length, and the filtered result set is only needed to be decrypted when the memory matching is performed, and all ciphertext is not needed to be decrypted, so that the matching efficiency is greatly improved.
The steps in this application need not be performed sequentially at the same time, but they are only the premise that the next step can be performed, that is, step S2 must be performed on the premise that the database is already established in step S1, and similarly step S3 must be queried in the presence of the database stored in the manner of using step S2, instead of using step S3 immediately after step S2, or performing step S2 before step S3 is performed, which is merely put together for better expressing the mutual correspondence and the execution relationship of the two, which will be understood by those skilled in the art.
Finally, it should be noted that: the embodiments described above are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced with equivalents; such modifications and substitutions do not depart from the spirit of the invention.
Claims (6)
1. A method for supporting fuzzy query by encrypting sensitive fields, which is characterized in that: which comprises the following steps:
s1, establishing a database, and setting an encryption algorithm and the length of a ciphertext packet unit;
establishing a database, wherein fields in the database are divided into three types, specifically: the method comprises the steps of setting a common field, a ciphertext field and a ciphertext index field corresponding to the ciphertext field as indexes of a database;
setting an encryption method and a ciphertext grouping unit length cellLength;
s2, storing database data;
s21, acquiring data to be input into a database;
s22, obtaining field content field keys of field of the current record to be processed;
s23, judging whether the current field needs to be stored in an encrypted mode, encrypting the fieldkey according to an encryption algorithm if the current field needs to be stored in an encrypted mode, generating ciphertext data, storing the ciphertext data in des_info, storing des_info in the current field, and then executing the step S24; directly storing the data field to the corresponding field without encryption storage, and returning to the step S22;
s24, generating an encryption index by adopting a block encryption algorithm;
according to the relation between the character string length of the input data fieldKey and the cellLength value, generating an encryption index according to the situation, specifically:
(1) When the fieldKey length is not greater than cellLength,
encrypting each character in the fieldKey respectively, and splicing the encryption results according to the original character sequence to obtain an encryption index string des_index;
(2) When the fieldKey is an integer multiple n of cellLength, n is an integer greater than 1,
dividing a fieldKey into a first cell and a lastStr, wherein the first cell is a pre-cellLength character, and the lastStr is a residual character;
encrypting and splicing the first cell character by character to obtain pre_des_index;
equally dividing lastStr into (n-1) groups, and encrypting and splicing the groups to obtain last_des_index;
obtaining an encryption index des_index=pre_des_index+last_des_index;
(3) When fieldKey is greater than n x cellLength and less than (n + 1) cellLength, n is an integer greater than 1,
dividing the fieldKey into three parts, firstCell, lastStr and tailStr; wherein first cell is the pre-cellLength characters, lastStr is the characters of celllength+1 to n; the tailStr is the remaining string;
encrypting and splicing the first cell character by character to obtain pre_des_index;
equally dividing lastStr into (n-1) groups, and encrypting and splicing the groups to obtain last_des_index;
direct discarding of the tailStr string length less than cellLength;
obtaining an encryption index des_index=pre_des_index+last_des_index;
s25, storing the encryption index des_index into a ciphertext index field corresponding to the current ciphertext field, and returning to the step S22 until all data processing is finished;
s3, inquiring encrypted data;
s31, determining a query key word;
s32, generating an encryption index query character string desQueryKey and returning a query result, wherein the method specifically comprises the following steps:
according to the relation between the character string length of the current query keyword query_key and the cellLength value, generating an encryption index query character string desQueryKey according to the situation, and querying, specifically:
(1) When the query _ key length is not greater than cellLength,
each character in the query_key is encrypted respectively, and the encryption result is spliced according to the original character sequence to obtain an encryption index inquiry character string desQueryKey;
the encryption index is used for inquiring the string desQueryKey, a result set is accurately filtered through fuzzy matching of a database, and then the inquired result is decrypted and then is responded to a user;
(2) When the query_key length is an integer multiple n of cellLength, n is an integer greater than 1,
dividing the query_key into a first cell and a lastStr, wherein the first cell is a pre-cellLength character, and the lastStr is the rest character;
encrypting and splicing the first cell character by character to obtain a pre_index;
equally dividing lastStr into (n-1)
Group by group encryption and splicing to obtain last_index;
obtaining an encryption index query string desQueryKey=pre_index+last_index;
the encryption index is used for inquiring the string desQueryKey, a result set is accurately filtered through fuzzy matching of a database, and then the inquired result is decrypted and then is responded to a user;
(3) When the query_key is greater than n x cellLength and less than (n + 1) cellLength, n is an integer greater than 1,
dividing the query_key into three parts, namely a first cell, a lastStr and a tailStr; wherein first cell is the pre-cellLength characters, lastStr is the characters of celllength+1 to n; the tailStr is the remaining string;
encrypting and splicing the first cell character by character to obtain a pre_index;
equally dividing lastStr into (n-1) groups, and encrypting and splicing the groups to obtain last_index;
if the length of the TAILStr character string is less than the cellLength, no processing is carried out;
obtaining an encryption index query string desQueryKey=pre_index+last_index;
and (3) using the encryption index to inquire the string desQueryKey, carrying out fuzzy matching through a database to obtain a filtered result set, decrypting ciphertext in the filtered result set in a memory, circularly matching the inquiry keyword query_key, and returning the successfully matched data to the user.
2. The method for supporting fuzzy query of claim 1, wherein the encryption sensitive field is further defined as being a member of the group consisting of: the database in the step S1 only establishes a common field for the information which does not need to be encrypted, and plain text information is stored in the common field; and establishing two fields, namely a ciphertext field and a ciphertext index field for the information to be encrypted, wherein the ciphertext field stores the encrypted ciphertext, and the ciphertext index field stores the corresponding index.
3. The method for supporting fuzzy query of claim 1, wherein the encryption sensitive field is further defined as being a member of the group consisting of: the field is represented as a ciphertext field by adding an annotation identifier to the field in the database.
4. The method for supporting fuzzy query of claim 1, wherein the encryption sensitive field is further defined as being a member of the group consisting of: the encryption algorithm in 23 is a symmetric encryption algorithm, and one of the following modes is adopted in specific encryption: the same encryption algorithm and key are used for different fields, different encryption methods are used for different fields, or the same encryption method is used for different fields but different keys are used.
5. The method for supporting fuzzy query of claim 1, wherein the encryption sensitive field is further defined as being a member of the group consisting of: the encryption algorithm in the step S23 is des, aes or des3.
6. The method for supporting fuzzy query of claim 1, wherein the encryption sensitive field is further defined as being a member of the group consisting of: in the step S31, the query key is saved in a field manner, and the field type is the same as the field type to be queried in the database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211678891.7A CN116186108A (en) | 2022-12-26 | 2022-12-26 | Method for supporting fuzzy query by encrypting sensitive field |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211678891.7A CN116186108A (en) | 2022-12-26 | 2022-12-26 | Method for supporting fuzzy query by encrypting sensitive field |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116186108A true CN116186108A (en) | 2023-05-30 |
Family
ID=86443409
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211678891.7A Pending CN116186108A (en) | 2022-12-26 | 2022-12-26 | Method for supporting fuzzy query by encrypting sensitive field |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116186108A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117131531A (en) * | 2023-10-27 | 2023-11-28 | 四川省计算机研究院 | Data security storage method based on Neo4j database |
| CN117195248A (en) * | 2023-08-04 | 2023-12-08 | 中国科学院软件研究所 | Sectional organization and operation method and device for field encryption of embedded database |
-
2022
- 2022-12-26 CN CN202211678891.7A patent/CN116186108A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117195248A (en) * | 2023-08-04 | 2023-12-08 | 中国科学院软件研究所 | Sectional organization and operation method and device for field encryption of embedded database |
| CN117131531A (en) * | 2023-10-27 | 2023-11-28 | 四川省计算机研究院 | Data security storage method based on Neo4j database |
| CN117131531B (en) * | 2023-10-27 | 2024-01-02 | 四川省计算机研究院 | Data security storage method based on Neo4j database |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107209787B (en) | Improving searching ability of special encrypted data | |
| CN112800088B (en) | Database ciphertext retrieval system and method based on bidirectional security index | |
| KR101403745B1 (en) | Encrypted data search | |
| US9031229B1 (en) | Computer-implemented system and method for providing data privacy in a cloud using discrete homomorphic encryption | |
| CN106971121B (en) | Data processing method, device, server and storage medium | |
| KR100737359B1 (en) | Method to create Indexes for encrypted column | |
| CN116186108A (en) | Method for supporting fuzzy query by encrypting sensitive field | |
| Örencik et al. | An efficient privacy-preserving multi-keyword search over encrypted cloud data with ranking | |
| CN105138585B (en) | Data base encryption field portions matching inquiry method and system | |
| Wang et al. | Fast query over encrypted character data in database | |
| CN102855448B (en) | A kind of Field-level database encryption device | |
| US9971904B2 (en) | Method and system for range search on encrypted data | |
| US20100161957A1 (en) | Methods of storing and retrieving data in/from external server | |
| EP1763796A2 (en) | Encrypted table indexes and searching encrypted tables | |
| JP5348337B2 (en) | Encrypted database management system, client and server, natural join method and program | |
| US11977657B1 (en) | Method and system for confidential repository searching and retrieval | |
| Peng et al. | LS-RQ: A lightweight and forward-secure range query on geographically encrypted data | |
| CN113434555A (en) | Data query method and device based on searchable encryption technology | |
| Mittal et al. | Privacy preserving synonym based fuzzy multi-keyword ranked search over encrypted cloud data | |
| CN106788999B (en) | WeChat evidence obtaining method and system based on data collision | |
| Al-Saraireh | An efficient approach for query processing over encrypted database | |
| JPWO2017168798A1 (en) | Encrypted search index merge server, encrypted search index merge system, and encrypted search index merge method | |
| CN115883145A (en) | Order-preserving encryption method and decryption method based on random sampling | |
| Waage et al. | Practical application of order-preserving encryption in wide column stores | |
| Liu et al. | Efficient dynamic multi-client searchable encryption supporting fuzzy search |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |