CN116614269A

CN116614269A - Intelligent database encryption system, method, equipment and medium of front-end proxy

Info

Publication number: CN116614269A
Application number: CN202310556311.5A
Authority: CN
Inventors: 白云
Original assignee: Shenzhen Yunchuang Shuan Technology Co ltd
Current assignee: Shenzhen Yunchuang Shuan Technology Co ltd
Priority date: 2023-05-17
Filing date: 2023-05-17
Publication date: 2023-08-18

Abstract

The application provides an intelligent database encryption system, method, equipment and medium of a pre-agent, wherein the system comprises a data management security scanning module, a service database, a pre-agent encryption and decryption middleware, a service module and a preset encryption machine, and the method is connected with the service module through the pre-agent encryption and decryption middleware driver; acquiring a service database corresponding to the service module, and establishing communication connection with the service database; selecting an encryption and decryption strategy according to a data security rule generated by a data management security scanning module scanning service database; and calling a preset encryptor to encrypt data according to the encryption and decryption strategy, and sending the encrypted ciphertext to a service database. Communication between the service database and the service module is realized through the front-end proxy encryption and decryption middleware, so that data leakage and network attack are effectively prevented; meanwhile, the front-end proxy encryption and decryption middleware can be connected with a plurality of service databases and a plurality of service modules, and has good expandability.

Description

Intelligent database encryption system, method, equipment and medium of front-end proxy

Technical Field

The application relates to the technical field of information security, in particular to an intelligent database encryption system, method, equipment and medium of a front-end proxy.

Background

In the service modules implemented in various development languages (such as JAVA, c++, PHP, golang, python, etc.), a large amount of data is directly stored in a service database in a plaintext form, however, as informatization progresses, network security becomes more and more important, some important data or personal sensitive information needs to be stored after encryption, but for some systems with early development time and complex structure, if the data needs to be stored in a re-encryption manner, the corresponding service modules need to be developed again, and for the systems with early development time and complex structure, reconstruction means high development complexity, high cost and long period.

The prior art provides a post-proxy encryption method, which is based on a multi-level view and a trigger, and external components are called through an external interface to realize encryption and decryption.

The prior art proposes a encryption and decryption method based on a file system, the encryption and decryption method is based on an encryption file system encryptefs, encryption and decryption operations of the method need to consume a large amount of computing resources by based on the kernel behavior of an operating system, if the encryption and decryption operations are frequently performed, system performance is affected, meanwhile, security risks can be generated by using the file system encryption and decryption, and if a vulnerability exists in the operating system or the file system, an attacker can acquire encrypted data by utilizing the vulnerability; meanwhile, additional configuration and management work including key management, authority management and the like are required to be carried out by using a file system encryption and decryption technology, and system complexity and management cost are increased.

Disclosure of Invention

In view of the above-mentioned drawbacks of the prior art, the present application provides a pre-proxy intelligent database encryption system, method, device and medium, so as to solve the above-mentioned technical problems.

The application provides an intelligent database encryption system of a front-end agent, which comprises the following components:

the data management safety scanning module is used for scanning and monitoring a business database and generating data safety rules based on the business database;

the business database is in communication connection with the data management security scanning module and is used for storing encrypted ciphertext;

the front-end proxy encryption and decryption middleware is in communication connection with the data management security scanning module and the service database, and is used for receiving and analyzing data security rules, calling a preset encryptor for data encryption based on the data security rules and storing encrypted ciphertext into the service database;

the service module is in communication connection with the front-end proxy encryption and decryption middleware and is used for generating data;

the preset encryption machine is in communication connection with the front-end proxy encryption and decryption middleware and is used for realizing data encryption.

In an embodiment of the present application, the pre-proxy encryption and decryption middleware is connected to one or more service modules, and the pre-proxy encryption and decryption middleware is connected to one or more service databases.

The application provides an intelligent database encryption method of a pre-agent, which is applied to an intelligent database encryption system of the pre-agent and comprises the following steps:

s110: the front-end proxy encryption and decryption middleware driver is connected with the service module;

s120: the front-end agent encryption and decryption middleware acquires a service database corresponding to the service module and establishes communication connection with the service database;

s130: the front-end agent encryption and decryption middleware selects an encryption and decryption strategy according to a data security rule generated by the scanning of the business database by the data management security scanning module;

s140: the front-end agent encryption and decryption middleware calls a preset encryptor to encrypt data according to an encryption and decryption strategy, and sends encrypted ciphertext to a service database.

In an embodiment of the present application, step S130 specifically includes:

s210: the data management security scanning module scans a service database and generates a data security rule based on the service database;

s220: the front-end proxy encryption and decryption middleware receives and analyzes the data security rules;

s230: the front-end agent encryption and decryption middleware selects an encryption and decryption strategy according to the analysis result.

In one embodiment of the application, the data governance security scanning module scans the content of the business database including at least one of a dataset, a data volume, a data type, and a risk type of the business database.

In an embodiment of the present application, step S140 further includes:

s310: the front-end proxy encryption and decryption middleware receives a response result of the stored encrypted ciphertext of the service database;

s320: the front-end agent encryption and decryption middleware sends the response result to the service module.

In an embodiment of the present application, the encryption algorithm of the preset encryption machine includes at least one of encryption algorithms of SM1, SM2, SM3, SM4 and RSA, ECC, AES, DES.

In one embodiment of the present application, the method further comprises:

s410: the front-end agent encryption and decryption middleware receives a data query request of the service module and analyzes and acquires an encryption and decryption strategy;

s420: the front-end agent encryption and decryption middleware is connected with a service database and sends a data query request to obtain an encryption ciphertext;

s430: the front-end proxy encryption and decryption middleware calls a preset encryptor to decrypt according to an encryption and decryption strategy and an encryption ciphertext to obtain decryption data;

s440: the front-end agent encryption and decryption middleware sends the decrypted data to the service module.

The application also provides an electronic device comprising:

one or more processors;

storage means for storing one or more programs which, when executed by the one or more processors, cause the electronic device to implement a pre-proxy intelligent database encryption method as in any of the above embodiments.

The application also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor of a computer, causes the computer to perform a pre-agent intelligent database encryption method as described in any of the above embodiments.

The application has the beneficial effects that: the application provides an intelligent database encryption system, method, equipment and medium of a pre-agent, wherein the system comprises a data management security scanning module, a service database, a pre-agent encryption and decryption middleware, a service module and a preset encryption machine, and the method is connected with the service module through the pre-agent encryption and decryption middleware driver; acquiring a service database corresponding to the service module, and establishing communication connection with the service database; selecting an encryption and decryption strategy according to a data security rule generated by a data management security scanning module scanning service database; and calling a preset encryptor to encrypt data according to the encryption and decryption strategy, and sending the encrypted ciphertext to a service database. The self-identifiable and automatically generated data security rule can automatically complete the encryption and decryption table, the secret key and the rule of the agent through the front-end agent encryption and decryption middleware, realize the security data storage of zero configuration, and simultaneously realize the communication between the service database and the service module through the front-end agent encryption and decryption middleware, thereby effectively preventing data leakage and network attack; the front-end proxy encryption and decryption middleware is realized between the service database and the service module, and the modification of the existing application program is not needed; the front-end proxy encryption and decryption middleware can be connected with a plurality of service databases and a plurality of service modules, and has good expandability.

The foregoing description is only an overview of the present application, and is intended to be implemented in accordance with the teachings of the present application in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present application more readily apparent.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. In the drawings:

FIG. 1 is a schematic diagram of an intelligent database encryption system of a pre-agent according to an exemplary embodiment of the present application;

FIG. 2 is a flow chart of a method of intelligent database encryption for a pre-agent, according to an exemplary embodiment of the application;

FIG. 3 is a flowchart of step S130 in a pre-agent intelligent database encryption method according to an exemplary embodiment of the present application;

FIG. 4 is a flowchart of step S140 in a pre-agent intelligent database encryption method according to an exemplary embodiment of the present application;

FIG. 5 is a flow chart of querying data in an intelligent database encryption method of a pre-agent according to an exemplary embodiment of the present application;

fig. 6 is a schematic diagram of a computer system of an electronic device according to an exemplary embodiment of the present application.

Detailed Description

Further advantages and effects of the present application will become readily apparent to those skilled in the art from the disclosure herein, by referring to the accompanying drawings and the preferred embodiments. The application may be practiced or carried out in other embodiments that depart from the specific details, and the details of the present description may be modified or varied from the spirit and scope of the present application. It should be understood that the preferred embodiments are presented by way of illustration only and not by way of limitation.

It should be noted that the illustrations provided in the following embodiments merely illustrate the basic concept of the present application by way of illustration, and only the components related to the present application are shown in the drawings and are not drawn according to the number, shape and size of the components in actual implementation, and the form, number and proportion of the components in actual implementation may be arbitrarily changed, and the layout of the components may be more complicated.

In the following description, numerous details are set forth in order to provide a more thorough explanation of embodiments of the present application, it will be apparent, however, to one skilled in the art that embodiments of the present application may be practiced without these specific details, in other embodiments, well-known structures and devices are shown in block diagram form, rather than in detail, in order to avoid obscuring the embodiments of the present application.

It should be noted that, database encryption refers to encryption processing of sensitive data in a database to protect confidentiality and security of the data. The principle is that the database is encrypted and decrypted to protect sensitive information in the database from malicious attacks such as illegal access, theft, tampering and the like, so that the safety and the integrity of the database are ensured.

In general, database encryption can be implemented in two ways, transparent encryption and application encryption, respectively.

Transparent encryption: in this way, the database system is responsible for encrypting and decrypting sensitive data without any modification by the application. Transparent encryption has the advantage that application code does not need to be modified, and has less impact on system integration, but has a certain impact on system performance.

Application encryption: in this way, the application needs to encrypt and decrypt sensitive data, while the database system is not responsible for the encryption and decryption operations. Application encryption requires modification in the application, which has less impact on system performance, but modification and maintenance of the code of the application is cumbersome.

In terms of encryption algorithms, database encryption algorithms that have been conventionally used include symmetric encryption algorithms and asymmetric encryption algorithms. The symmetric encryption algorithm comprises DES, 3DES, AES and the like, and is characterized by high encryption and decryption speed and suitability for encrypting a large amount of data; the asymmetric encryption algorithm comprises RSA, ECC and the like, and is characterized by higher security and suitable for encrypting a small amount of data.

Database encryption is a common data protection means, and can effectively protect sensitive data in a database from being attacked and stolen maliciously, so that the data security and confidentiality are improved.

The intelligent database encryption of the front-end proxy is to encrypt and decrypt the database by inserting an intelligent proxy middleware between the database and the service application, and automatically form a security rule policy to realize the intelligent protection of the database.

The principle of the technology is that an encryption algorithm is realized in a front-end proxy middleware, and encryption and decryption operations are carried out on data through a proxy server, so that the safety of data transmission is ensured. Meanwhile, the middleware can automatically identify the data types and carry out corresponding encryption processing on different types of data according to the security rule policy, so that intelligent encryption of the database is realized.

The intelligent database encryption technology can protect sensitive data in the database from being maliciously acquired or tampered, and improves the data security and privacy protection capability. Meanwhile, the encryption algorithm is realized in the proxy middleware by the technology, so that the pressure of a database server can be reduced, and the system performance is improved.

as shown in fig. 1, the intelligent database encryption system of the pre-agent provided by the present application includes:

the data management security scanning module 101, wherein the data management security scanning module 101 is used for scanning and monitoring the service database 102 and generating data security rules based on the service database 102;

the service database 102 is in communication connection with the data management security scanning module 101, and the service database 102 is used for storing encrypted ciphertext;

the pre-proxy encryption and decryption middleware 103, wherein the pre-proxy encryption and decryption middleware 103 is in communication connection with the data management security scanning module 101 and the service database 102, the pre-proxy encryption and decryption middleware 103 is used for receiving and analyzing data security rules, calling a preset encryptor 105 for data encryption based on the data security rules, and storing encrypted ciphertext into the service database 102;

a service module 104, where the service module 104 is communicatively connected with the pre-proxy encryption/decryption middleware 103, and the service module 104 is configured to generate data;

the pre-set encryptor 105, the pre-set encryptor 105 is in communication connection with the pre-agent encryption and decryption middleware 103, and the pre-set encryptor 105 is used for realizing data encryption.

Specifically, the data management security scanning module 101 is configured to scan and monitor the service database 102, and collect information such as an operation state, an abnormal log, an error log, and the like of the service database 102, and information such as a structure, a table, a column, and the like of the corresponding service database 102 by scanning and monitoring the service database 102 through the data management security scanning module 101 in generating a data security rule based on the service database 102.

The business database 102 is scanned in a hierarchical classification based on different data security levels to ensure a high degree of concern and protection of the critical data. Meanwhile, the data governance security scanning module 101 may also support specific business requirements and rules.

In one embodiment of the present application, the hierarchical classification rule includes: classification rules and classification rules. The classification rules are shown in the following table:

the classification rules are shown in the following table:

based on the information collected by the scan monitoring, data security rules are generated based on the traffic database 102. Data security rules include financial standards, personal information protection requirements, recommended sensitive data standard rules, and the like.

During the scanning and monitoring process, the data governance security scanning module 101 actively discovers sensitive data, such as an identification card number, a bank account number, a password, and the like, and forms a data encryption security rule. Meanwhile, whether encryption protection is needed for the application or the database client can be identified.

According to the generated data encryption security rule, the intelligent transparent encryption protection of the application or the database client can be realized. For example, when the service module 104 is connected to the service database 102, the pre-proxy encryption/decryption middleware 103 automatically loads a corresponding encryption plug-in, and encrypts, transmits and stores data. The user does not need to manually start the encryption function, and normal service use is not affected.

In an embodiment of the present application, the system not only supports scanning and monitoring the service database 102 by the data administration security scanning module 101, and generates the data security rule based on the service database 102, but also supports completing the data security rule configuration by manually adding a configuration file.

In manual configuration mode:

the data governance security scanning module 101 provides an interface to manual configuration files allowing an administrator or user to perform security configuration according to their own needs.

A configuration file format is defined, including relevant information such as the type of data to be encrypted, encryption algorithm, encryption key, etc.

The user can manually edit the configuration file according to the security requirement of the user, and specify the data to be encrypted and the corresponding encryption mode.

The system encrypts or otherwise securely processes the data in the database based on the information in the configuration file.

By providing two modes of intelligent scanning and manual configuration, a user can select a proper mode to conduct data security management according to own requirements. The intelligent scanning can automatically monitor and configure encryption rules, so that the workload and error risk of a user are reduced; manual configuration provides greater flexibility, allowing the user to personalize the security configuration according to the particular situation. If the configuration file is not manually added, the data governance security scanning module 101 scans the service database 102 by default in an intelligent scanning mode to generate data encryption security rules.

In an embodiment of the present application, the pre-proxy encryption/decryption middleware 103 is connected to one or more service modules 104, and the pre-proxy encryption/decryption middleware 103 is connected to one or more service databases 102. Specifically, the front-end proxy encryption and decryption middleware 103 is connected with the service database 102, so that the security of sensitive data can be protected, and the database is effectively prevented from being attacked and data leakage. Meanwhile, the middleware can encrypt and decrypt the data according to the security policy, so that the data is protected in the transmission process, and the risk of data theft is reduced.

The prepositive agent encryption and decryption middleware 103 is connected with a plurality of service modules 104, so that communication among the service modules 104 can be simplified, and the overall performance and efficiency of the system are improved. Meanwhile, the middleware can encrypt and decrypt the communication data, so that the safety of data transmission is ensured.

The front-end proxy encryption and decryption middleware 103 is connected with the plurality of service modules 104 and the service database 102, so that the security policy and encryption and decryption rules in the system can be uniformly managed and maintained, and the management and maintenance work of the system can be simplified. In addition, the middleware can provide diagnostic and monitoring functions to help system administrators discover and solve security problems in time.

as shown in fig. 2, the method for encrypting the intelligent database of the pre-agent provided by the application comprises the following steps:

s110: the front-end proxy encryption and decryption middleware 103 is in driving connection with the service module 104;

s120: the front-end agent encryption and decryption middleware 103 acquires a service database 102 corresponding to the service module 104 and establishes communication connection with the service database 102;

s130: the front-end agent encryption and decryption middleware 103 selects an encryption and decryption strategy according to the data security rule generated by the data management security scanning module 101 scanning the service database 102;

s140: the pre-proxy encryption and decryption middleware 103 calls a preset encryptor 105 to encrypt data according to an encryption and decryption policy, and sends the encrypted ciphertext to the service database 102.

Specifically, the encryption and decryption policy refers to a combination of specific algorithms, parameters and configurations adopted in the data encryption and decryption process. It defines the encryption algorithm, key management scheme, encryption mode, and padding scheme used in the encryption and decryption operations.

The encryption and decryption strategy adopted by the application comprises the following steps:

encryption algorithm: the encryption algorithm includes a symmetric encryption algorithm and an asymmetric encryption algorithm. Common symmetric encryption algorithms include AES, DES, 3DES, etc., while common asymmetric encryption algorithms include RSA, ECC, etc.

Key length: the key length refers to the number of bits of the key used in the encryption algorithm. Generally, the longer the key length, the higher the encryption strength, but also increases the computational and processing complexity.

Encryption mode: the encryption mode defines a manner of block-encrypting the plaintext, such as ECB (electronic codebook mode), CBC (cipher block chaining mode), CTR (counter mode), and the like.

The filling mode is as follows: the Padding method is used for Padding data which does not meet the block length requirement in encryption operation, and common Padding methods are PKCS7, ISO 10126, zero Padding and the like.

Key management: key management involves operations in the generation, distribution, storage, and updating of keys, including secure storage and transmission of keys.

In the application, when an encryption and decryption strategy is formulated, the factors such as safety, performance, expandability, compatibility and the like of the service module 104 and the service database 102 are integrated, the data management security scanning module 101 is used for scanning the content (including the data set, the data volume, the data type and the risk type of the service database 102) of the service database 102, and a proper encryption algorithm, key length, encryption mode, filling mode and key management mode are selected according to the actual requirements of the service module 104 and the service database 102.

In an embodiment of the present application, the encryption algorithm of the preset encryption engine 105 includes at least one of the encryption algorithms of SM1, SM2, SM3, SM4 and RSA, ECC, AES, DES. Specifically, the preset encryptor 105 uses the cryptographic algorithms of the national secrets SM1, SM2, SM3 and SM4, which have higher security and reliability than other cryptographic algorithms, and can resist the currently known main stream cryptographic attack means. Meanwhile, algorithms such as RSA, ECC, AES, DES are widely applied to the field of information security, and play an important role in different scenes.

The use of the preset encryptor 105 can ensure confidentiality, integrity and availability of data transmission, and prevent leakage, tampering and attack of sensitive information. The use of the preset encryptor 105 can provide higher security and reliability for the service data.

Specifically, by the encryption function of the pre-proxy encryption/decryption middleware 103, sensitive data in the service database 102 can be encrypted, so that the security of the data is improved, and data leakage and illegal access are prevented.

The encryption algorithm and the key management strategy used in the encryption process can protect the integrity of the data and ensure that the data is not tampered in the transmission and storage processes.

The front-end agent encryption and decryption middleware 103 selects encryption and decryption strategies according to the data security rules generated by the data management security scanning module 101, so that different encryption and decryption strategies are generated according to different service modules 104 and service systems, and complexity of system configuration and management is simplified.

The service module 104 can encrypt and decrypt data through the front-end proxy encryption and decryption middleware 103 without concern for a specific encryption and decryption process, so that the transparency of the system to the service module 104 is realized, and the realization of service logic is not influenced.

The service module 104 and the service database 102 are connected through the drive of the front-end proxy encryption and decryption middleware 103, so that access of various service modules 104 and databases can be supported, higher flexibility and expandability are achieved, and the requirements of different service scenes are met.

The function and the mechanism of the pre-proxy encryption and decryption middleware 103 can provide enhancement of data security and protection of data integrity, simplify system configuration and management, and realize transparency of the service module 104 and flexibility of the system.

as shown in fig. 3, the method for encrypting an intelligent database of a pre-agent provided by the present application, step S130 in the method specifically includes:

s210: the data governance security scanning module 101 scans the business database 102 and generates data security rules based on the business database 102;

s220: the front-end proxy encryption and decryption middleware 103 receives and analyzes the data security rules;

s230: the pre-proxy encryption and decryption middleware 103 selects an encryption and decryption policy according to the analysis result.

In one embodiment of the present application, the data governance security scanning module 101 scans the contents of the business database 102 including at least one of a data set, a data volume, a data type, and a risk type of the business database 102.

The manner in which step S210 is implemented may be designed according to the specific business requirements and the definition of the security rules. The following is an implementation method of an embodiment of the present application:

database scanning: the data governance security scanning module 101 is connected to the business database 102, performs database scanning operations, traverses tables and fields in the database, and obtains data structures and sensitive field information.

Sensitive data identification: and carrying out sensitive data identification on the scanned data, and judging whether the field belongs to sensitive data or not by using a regular expression, keyword matching and data pattern matching technology. For example, personal identification numbers, bank account numbers, etc., belong to sensitive data.

And (3) generating a security rule: and generating a data security rule according to the scanning result. Security rules may include encryption requirements for sensitive fields, access control policies, data desensitization rules, and the like. Rules may be represented using a particular data structure or configuration file for subsequent parsing and application.

In practical implementations, database scanning, sensitive data identification, and rule generation may be performed using related techniques and tools according to specific business requirements. Meanwhile, an updating and managing mechanism of the security rules needs to be considered so as to ensure the real-time performance and effectiveness of the rules.

The specific implementation manner of the step S230 may be designed according to the analysis result and the definition of the encryption and decryption policy. The following is an implementation method of an embodiment of the present application:

parsing rules: the pre-proxy encryption and decryption middleware 103 analyzes the data security rules generated by the data governance security scanning module 101. The parsing process parses the security rule according to the representation, such as reading the configuration file, parsing the specific data structure.

Encryption and decryption strategy definition: and defining encryption and decryption strategies according to the analysis result. The encryption and decryption policy includes the encryption algorithm used, the key length, the encryption mode, the population mode, and the key management mode. According to different rules and the requirements of sensitive fields, a corresponding encryption and decryption strategy can be formulated for each field or data category.

Policy matching: and matching corresponding encryption and decryption strategies according to the rules and the field information obtained by analysis. Policy matching may be performed using condition judgment, rule matching, and the like.

Encryption and decryption strategy application: and applying the strategy to the corresponding data according to the matched encryption and decryption strategy. And (3) carrying out encryption processing on the fields needing encryption or carrying out decryption processing on the encrypted fields according to requirements. Meanwhile, operations such as key management, access control, and the like may be required.

In a specific service scenario, the front-end proxy encryption and decryption middleware 103 selects an optimal encryption and decryption algorithm and strategy according to a data security rule and the service scenario, so that data security and confidentiality are ensured. No specific restrictions are made here on the data security rules and encryption and decryption policies.

Specifically, the data security scanning module 101 scans specific information of the service database 102, and generates data security rules according to the specific information, so that the security and integrity of data are improved. Meanwhile, the front-end proxy encryption and decryption middleware 103 can dynamically select a proper encryption and decryption strategy according to the data security rule, so that the privacy and confidentiality of data are ensured.

as shown in fig. 4, the method for encrypting an intelligent database of a pre-agent provided by the present application, step S140 in the method specifically includes:

s310: the front-end proxy encryption and decryption middleware 103 receives a response result of the encrypted ciphertext stored in the service database 102;

s320: the pre-proxy encryption and decryption middleware 103 sends the response result to the service module 104.

as shown in fig. 5, the method for encrypting the intelligent database of the pre-agent provided by the application specifically includes:

s410: the front-end proxy encryption and decryption middleware 103 receives the data query request of the service module 104 and analyzes and acquires an encryption and decryption strategy;

s420: the front-end proxy encryption and decryption middleware 103 is connected with the service database 102 and sends a data query request to obtain an encrypted ciphertext;

s430: the front-end proxy encryption and decryption middleware 103 calls a preset encryptor 105 to decrypt according to an encryption and decryption strategy and an encryption ciphertext to obtain decryption data;

s440: the pre-proxy encryption/decryption middleware 103 sends the decrypted data to the service module 104.

Specifically, the data is queried through the pre-proxy encryption and decryption middleware 103, so that the pre-proxy encryption and decryption middleware 103 is used as a security gateway to encrypt and decrypt the data of the service module 104, and the security and reliability of the data are ensured.

Through the encryption and decryption processes of the front-end proxy encryption and decryption middleware 103, the data of the service module 104 are effectively protected and safeguarded, and the leakage and malicious attack of sensitive information are effectively avoided; the data query request of the front-end proxy encryption and decryption middleware 103 and the decryption process of the preset encryptor 105 ensure the integrity and accuracy of the data of the service module 104, and effectively reduce the data risk and service risk; the optimization processing of the data encryption and decryption by the front-end proxy encryption and decryption middleware 103 effectively improves the performance and efficiency of the service module 104, reduces the delay and load of data transmission, and improves the stability and usability of the service module 104.

It should be noted that, the intelligent database encryption system of the pre-agent provided by the above embodiment and the intelligent database encryption method of the pre-agent provided by the above embodiment belong to the same concept, and the specific manner in which each module and unit execute the operation has been described in detail in the method embodiment, which is not repeated here. In practical application, the intelligent database encryption system with the pre-agent provided in the above embodiment can distribute the functions to be completed by different functional modules according to needs, that is, the internal structure of the system is divided into different functional modules to complete all or part of the functions described above, which is not limited herein.

The embodiment of the application also provides electronic equipment, which comprises: one or more processors; and the storage device is used for storing one or more programs, and when the one or more programs are executed by the one or more processors, the electronic equipment realizes the intelligent database encryption method of the front-end agent provided in the various embodiments.

Fig. 6 shows a schematic diagram of a computer system suitable for use in implementing an embodiment of the application. It should be noted that, the computer system 600 of the electronic device shown in fig. 6 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present application.

As shown in fig. 6, the computer system 600 includes a central processing unit (Central Processing Unit, CPU) 601, which can perform various appropriate actions and processes according to a program stored in a Read-Only Memory (ROM) 602 or a program loaded from a storage section 608 into a random access Memory (Random Access Memory, RAM) 603, for example, performing the method described in the above embodiment. In the RAM 603, various programs and data required for system operation are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other through a bus 604. An Input/Output (I/O) interface 605 is also connected to bus 604.

The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, mouse, etc.; an output portion 607 including a Cathode Ray Tube (CRT), a liquid crystal display (Liquid Crystal Display, LCD), and a speaker, etc.; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN (Local Area Network ) card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The drive 610 is also connected to the I/O interface 605 as needed. Removable media 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on drive 610 so that a computer program read therefrom is installed as needed into storage section 608.

In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method shown in the flowchart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 609, and/or installed from the removable medium 611. When executed by a Central Processing Unit (CPU) 601, performs the various functions defined in the system of the present application.

It should be noted that, the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer-readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave, with a computer-readable computer program embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. A computer program embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Where each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units involved in the embodiments of the present application may be implemented by software, or may be implemented by hardware, and the described units may also be provided in a processor. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.

Another aspect of the application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a pre-agent intelligent database encryption method as described above. The computer-readable storage medium may be included in the electronic device described in the above embodiment or may exist alone without being incorporated in the electronic device.

Another aspect of the application also provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs an intelligent database encryption method of a pre-agent provided in the above embodiments.

The above embodiments are merely illustrative of the principles of the present application and its effectiveness, and are not intended to limit the application. Modifications and variations may be made to the above-described embodiments by those skilled in the art without departing from the spirit and scope of the application. It is therefore intended that all equivalent modifications and changes made by those skilled in the art without departing from the spirit and technical spirit of the present application shall be covered by the appended claims.

Claims

1. An intelligent database encryption system for a pre-agent, comprising:

2. The intelligent database encryption system of claim 1, wherein the pre-proxy encryption and decryption middleware is connected to one or more service modules, and the pre-proxy encryption and decryption middleware is connected to one or more service databases.

3. An intelligent database encryption method of a pre-agent is applied to an intelligent database encryption system of the pre-agent, and is characterized by comprising the following steps:

4. A method for encrypting a smart database of a pre-agent according to claim 3, wherein step S130 comprises:

5. The intelligent database encryption method according to claim 4, wherein the data governance security scanning module scans the contents of the service database including at least one of a data set, a data volume, a data type and a risk type of the service database.

6. A method for intelligent database encryption for a pre-agent according to claim 3, wherein step S140 further comprises:

7. A method of encrypting a pre-proxy intelligent database according to claim 3, wherein the encryption algorithm of the pre-set encryptor comprises at least one of the encryption algorithms SM1, SM2, SM3, SM4 and RSA, ECC, AES, DES.

8. A method of intelligent database encryption for a pre-agent according to claim 3, further comprising:

9. An electronic device, the electronic device comprising:

one or more processors;

storage means for storing one or more programs which, when executed by the one or more processors, cause the electronic device to implement a pre-proxy intelligent database encryption method as claimed in any one of claims 3 to 8.

10. A computer readable storage medium, having stored thereon a computer program which, when executed by a processor of a computer, causes the computer to perform a pre-agent intelligent database encryption method according to any one of claims 3 to 8.