CN116702103A - Database watermark processing method, database watermark tracing method and device - Google Patents

Database watermark processing method, database watermark tracing method and device Download PDF

Info

Publication number
CN116702103A
CN116702103A CN202310728764.1A CN202310728764A CN116702103A CN 116702103 A CN116702103 A CN 116702103A CN 202310728764 A CN202310728764 A CN 202310728764A CN 116702103 A CN116702103 A CN 116702103A
Authority
CN
China
Prior art keywords
database
watermark
information
key
embedding
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310728764.1A
Other languages
Chinese (zh)
Inventor
王玮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCB Finetech Co Ltd
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202310728764.1A priority Critical patent/CN116702103A/en
Publication of CN116702103A publication Critical patent/CN116702103A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Image Processing (AREA)
  • Editing Of Facsimile Originals (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure provides a database watermark processing method, a database watermark tracing device, a database watermark tracing medium and a database watermark tracing program product, which can be applied to the technical field of information security. The method comprises the following steps: generating a unique database identifier according to the acquired database information; determining a key based on the virtual primary key information, the database information, and the unique identifier; marking the row of the database capable of embedding watermark data based on virtual primary key information, a secret key and a preset embedding proportion to obtain the marked row of the database; and embedding watermark data based on the marked rows of the database to obtain a database embedded with the watermark data.

Description

Database watermark processing method, database watermark tracing method and device
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a database watermark processing method, a database watermark tracing device, a database watermark tracing apparatus, a database watermark tracing device, a database watermark tracing medium, and a database watermark tracing program.
Background
With the development of network information, big data contains great value, which is a very important resource. In the process of utilizing these data resources, data sharing and data exchange demands are also increasing, such as data exchange in business departments, data exchange between organization structures, data packet leakage, and the like. Once data flows into a low security domain, the complex environment makes data security difficult to control, which also results in frequent data leakage events. Once a data loss leak occurs, it can have inconceivable consequences if effective security control and copyright protection are not adopted. Thus, prevention is of fundamental importance, but tracking and tracing after leakage has occurred is also important. The data watermark can accurately trace the source to the user identity, the operation and the leakage range and channel of the operation data after the data leakage occurs, thereby improving the safety of the data in the data sharing and exchanging. .
In the implementation of the present disclosure, it is found that the existing database watermarking method is to add a piece of extra data after summarizing several pieces of original data. The method adopts attribute combination in the structured database to replace a main key function, utilizes the main key and the attribute combination to embed the identification information of the receiving equipment into the database, completes watermark embedding of the structured database, and has the problem of insufficient robustness of the database watermark.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a method, apparatus, device, medium, and program product.
According to a first aspect of the present disclosure, there is provided a database watermarking method, comprising:
generating a unique database identifier according to the acquired database information;
determining a key based on the virtual primary key information, the database information, and the unique identifier;
marking the row of the database capable of embedding watermark data based on virtual primary key information, a secret key and a preset embedding proportion to obtain the marked row of the database; and
and embedding watermark data based on the marked rows of the database to obtain a database embedded with the watermark data.
According to an embodiment of the present disclosure, determining a key based on virtual primary key information, database information, and a unique identification includes:
Determining a check code based on the database information and the unique identifier;
the key is determined based on the check code and the virtual primary key information.
According to an embodiment of the present disclosure, determining a check code based on database information and a unique identification includes:
determining watermark information according to the database information and the unique identifier;
according to the first preset length, binary bit stream division is carried out on watermark information to obtain bit stream information;
and calculating to obtain a check code according to the bit stream information.
According to an embodiment of the present disclosure, marking a row of a database in which watermark data can be embedded based on virtual primary key information, a key, and a preset embedding ratio, to obtain a marked row of the database, includes:
deleting the repeated value in the virtual main key information to obtain new virtual main key information;
determining a hash value according to the new virtual main key information, the key and the preset embedding proportion;
determining that the row of the database can be embedded with watermark data under the condition that the hash value meets a preset threshold value;
and marking the row of the database to obtain the marked row of the database.
According to an embodiment of the present disclosure, watermark data is embedded based on a marked row of a database, resulting in a database in which the watermark data is embedded, comprising:
Performing attribute marking on fields meeting a second preset length in the marked rows of the database to obtain the rows of the database marked again;
determining watermark embedding positions according to the row of the database marked again and the secret key;
and embedding watermark data according to the watermark embedding position to obtain a database embedded with the watermark data.
A second aspect of the present disclosure provides a database watermark tracing method, including:
obtaining virtual primary key information and a check code by using a key, wherein the key is obtained from a key storage database storing the key;
obtaining watermark embedding positions of a leakage database according to the virtual primary key information, wherein the leakage database is a database in which watermark data are embedded after data leakage occurs;
extracting watermark bit information according to the watermark embedding position; and
and determining watermark information according to the watermark bit information and the check code.
According to an embodiment of the present disclosure, determining watermark information from watermark bit information and a check code includes:
obtaining a watermark bit stream comprising check codes according to the watermark bit information and the check codes;
and determining watermark information according to the watermark bit stream and the verification principle.
According to an embodiment of the present disclosure, obtaining a watermark embedding location of a leakage database according to virtual primary key information includes:
deleting the repeated value in the virtual main key information to obtain new virtual main key information;
determining a hash value according to the new virtual main key information, the key and the preset embedding proportion;
determining that the row of the leakage database can be embedded with watermark data under the condition that the hash value meets a preset threshold value;
marking the row of the leakage database to obtain a marked row of the leakage database;
performing attribute marking on fields meeting a second preset length in the marked row of the leakage database to obtain a re-marked row of the leakage database;
and determining the watermark embedding position of the leakage database according to the row of the leakage database after the re-marking and the secret key.
According to an embodiment of the present disclosure, extracting watermark bit information according to a watermark embedding location includes:
extracting the row of the leakage database according to the watermark embedding position to obtain a plurality of bit values;
and carrying out large-scale calculation on the bit values to obtain watermark bit information.
A third aspect of the present disclosure provides a database watermarking apparatus, comprising:
The generation module is used for generating a unique database identifier according to the acquired database information;
the first determining module is used for determining a key based on the virtual main key information, the database information and the unique identifier;
the marking module is used for marking the row of the database capable of embedding watermark data based on the virtual primary key information, the key and the preset embedding proportion to obtain a marked row of the database; and
and the embedding module is used for embedding watermark data based on the marked rows of the database to obtain the database embedded with the watermark data.
A fourth aspect of the present disclosure provides a database watermark tracing apparatus, including:
the first acquisition module is used for acquiring virtual primary key information and check codes by using a key, wherein the key is acquired from a key storage database for storing the key;
the second acquisition module is used for acquiring the watermark embedding position of the leakage database according to the virtual primary key information, wherein the leakage database is a database after the data of the database embedded with watermark data is leaked;
the extraction module is used for extracting watermark bit information according to the watermark embedding position; and
and the second determining module is used for determining the watermark information according to the watermark bit information and the check code.
A fifth aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the database watermarking method and the database watermarking trace-source method described above.
A sixth aspect of the present disclosure also provides a computer readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described database watermarking method and database watermark tracing method.
A seventh aspect of the present disclosure also provides a computer program product, comprising a computer program which, when executed by a processor, implements the above-mentioned database watermarking method and database watermarking trace-source method.
According to an embodiment of the present disclosure, a database unique identification is generated from database information. The key can be obtained through calculation by the database information, the unique identification and the information of the virtual main key, and watermark data is embedded after marking the row of the database selected by the virtual main key by the key. The application of the virtual main key enlarges the selection surface of important information of the database, improves the capability of the virtual main key for resisting deletion attack, ensures the existence of marks of the database watermark, realizes the embedding of the database watermark by the embeddable virtual main key, and can effectively solve the problems of leakage tracing and the like; the method has better robustness and usability for common attacks such as data watermark adding, modifying, deleting and the like, and can effectively cope with watermark erasing and attack detection.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario diagram of a database watermark processing method, a database watermark tracing method, an apparatus, a device, a medium and a program product according to an embodiment of the present disclosure;
fig. 2 schematically illustrates a flow chart of a database watermarking method according to an embodiment of the disclosure;
fig. 3 schematically illustrates a flow chart of a database watermarking method according to another embodiment of the present disclosure;
fig. 4 schematically illustrates a database watermark tracing method flowchart according to an embodiment of the present disclosure;
fig. 5 schematically illustrates a database watermark tracing method flowchart according to another embodiment of the present disclosure;
fig. 6 schematically illustrates a block diagram of a database watermarking apparatus according to an embodiment of the disclosure;
fig. 7 schematically illustrates a block diagram of a database watermark tracing apparatus according to an embodiment of the disclosure; and
fig. 8 schematically illustrates a block diagram of an electronic device adapted to implement a database watermarking method and a database watermark tracing method according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
In the technical scheme of the disclosure, the related data (such as including but not limited to personal information of a user) are collected, stored, used, processed, transmitted, provided, disclosed, applied and the like, all conform to the regulations of related laws and regulations, necessary security measures are adopted, and the public welcome is not violated.
In the technical scheme of the embodiment of the disclosure, the authorization or consent of the user is obtained before the personal information of the user is obtained or acquired.
In the implementation of the present disclosure, it is found that, in the conventional encryption technology, a meaningful plaintext is converted into ciphertext information which does not seem to be meaningful by using a mathematical or physical means, but the randomness of the ciphertext also exposes the importance of the message, so that the attention and destruction of an attacker are easily brought about, and the information is unsafe. The digital signature technology is to attach some data to the data unit or to make cipher transformation to the data unit, so that a great amount of information can not be embedded in the original data at one time; the encryption-decryption technology is to change important data into messy codes (encryption) to be transmitted by using a technical means, and restore (decrypt) the important data by using the same or different means after the important data reach a destination, and the defect is that the decrypted data cannot be further protected; digital fingerprinting techniques that embed user codes in multimedia in an invisible manner can only give copyright breaker information. With the development of new technologies and the popularization of networks, the limitation of the traditional encryption algorithm is expected to break through. The digital watermarking technology is produced, and the problems are effectively solved.
The existing database watermarking method is to add a piece of extra data after summarizing a plurality of original data. The method adopts attribute combination in the structured database to replace a main key function, utilizes the main key and the attribute combination to embed the identification information of the receiving equipment into the database, completes watermark embedding of the structured database, and has the problem of insufficient robustness of the database watermark.
The embodiment of the disclosure provides a database watermarking method, which comprises the following steps: generating a unique database identifier according to the acquired database information; determining a key based on the virtual primary key information, the database information, and the unique identifier; marking the row of the database capable of embedding watermark data based on virtual primary key information, a secret key and a preset embedding proportion to obtain the marked row of the database; and embedding watermark data based on the marked rows of the database to obtain a database embedded with the watermark data.
Fig. 1 schematically illustrates an application scenario diagram of a database watermark processing method, a database watermark tracing method, an apparatus, a device, a medium and a program product according to an embodiment of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment may include a first terminal device 101, a second terminal device 102, a third terminal device 103, a network 104, and a server 105. The network 104 is a medium used to provide a communication link between the first terminal device 101, the second terminal device 102, the third terminal device 103, and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 through the network 104 using at least one of the first terminal device 101, the second terminal device 102, the third terminal device 103, to receive or send messages, etc. Various communication client applications, such as a shopping class application, a web browser application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only) may be installed on the first terminal device 101, the second terminal device 102, and the third terminal device 103.
The first terminal device 101, the second terminal device 102, the third terminal device 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by the user using the first terminal device 101, the second terminal device 102, and the third terminal device 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the database watermarking method and the database watermarking tracing method provided in the embodiments of the present disclosure may be generally executed by the server 105. Accordingly, the database watermarking device and the database watermark tracing device provided in the embodiments of the present disclosure may be generally disposed in the server 105. The database watermarking method and the database watermarking trace method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and/or the server 105. Accordingly, the database watermark processing apparatus and the database watermark tracing apparatus provided in the embodiments of the present disclosure may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the first terminal device 101, the second terminal device 102, the third terminal device 103, and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The database watermarking method and the database watermarking traceability method according to the disclosed embodiments will be described in detail below based on the scenario described in fig. 1 through fig. 2 to 5.
Fig. 2 schematically illustrates a flow chart of a database watermarking method according to an embodiment of the disclosure.
As shown in fig. 2, the database watermarking method 200 of this embodiment includes operations S210 to S240.
In operation S210, a database unique identifier is generated according to the acquired database information.
According to embodiments of the present disclosure, the database information may include a database name and a data table name. The database unique identification may be an identification UUID that can characterize the type of string of the database.
In operation S220, a key is determined based on the virtual primary key information, the database information, and the unique identification.
According to the embodiment of the disclosure, the key can be calculated through virtual primary key information, database information and unique identification.
The virtual primary key information can be determined by analyzing the characteristics and the importance of each attribute in the database and selecting important attributes with more non-equal values.
For example, a database may be made up of tables of data, which are listed as attributes, i.e., fields. The data table may be a two-dimensional table. The name corresponding to the attribute is the attribute name. An entity can be distinguished from other objects because it has properties that other objects do not. There are a wide variety of attributes, such as simple attributes that are not subdivided, complex attributes that are composited from simple attributes, and the like. The field that uniquely identifies each record in the table is referred to as a primary key. The primary key may be one field or a plurality of fields. The primary key that is not allowed to have a "null" value exists and must have a unique index. The primary key is used to establish a relationship between the foreign key in a table and other tables. The virtual primary key information may refer mainly to field names, for example. The virtual primary key information may include primary virtual primary key information and mirror virtual primary key information. The check code may be calculated based on the database information and the unique identification, with the check code and the virtual primary key information being part of the key.
In operation S230, a line of the database in which watermark data can be embedded is marked based on the virtual key information, the key, and the preset embedding ratio, to obtain a marked line of the database.
According to the embodiment of the disclosure, the preset embedding proportion can be determined according to the user requirements in the actual service scene and the characteristics of the database. The rows of the database in which watermark data may be embedded may be determined in accordance with a cryptographic hash algorithm.
For example, the calculation of the preset rule may be performed on the virtual primary key information, the key, and the preset embedding proportion using a cryptographic hash algorithm. If the calculation results meet the threshold, a row of the database that is embeddable with watermark data may be determined.
In operation S240, watermark data is embedded based on the marked rows of the database, resulting in a database in which watermark data is embedded.
According to the embodiment of the disclosure, watermark data can be embedded in the marked rows of the database, so that the database embedded with the watermark data is obtained.
For example, the database of embedded watermark data may be obtained by calculating the watermark embedding location and then embedding the watermark data in the watermark embedding location.
According to an embodiment of the present disclosure, a database unique identifier is generated from database information. The key can be obtained through calculation by the database information, the unique identification and the information of the virtual main key, and watermark data is embedded after marking the row of the database selected by the virtual main key by the key. The application of the virtual main key enlarges the selection surface of important information of the database, improves the capability of the virtual main key for resisting deletion attack, ensures the existence of marks of the database watermark, realizes the embedding of the database watermark by the embeddable virtual main key, and can effectively solve the problems of leakage tracing and the like; the method has better robustness and usability for common attacks such as data watermark adding, modifying, deleting and the like, and can effectively cope with watermark erasing and attack detection.
According to an embodiment of the present disclosure, determining a key based on virtual primary key information, database information, and a unique identification may include:
determining a check code based on the database information and the unique identifier; the key is determined based on the check code and the virtual primary key information.
According to the embodiment of the disclosure, the verification code can be calculated by utilizing the database information and the unique identification, and the verification code and the virtual primary key information form a secret key together. The check code may include a hamming check code, among others.
For example, the characteristics and importance of each attribute of the database can be analyzed, and virtual primary key information can be determined by selecting a method containing important attributes with more non-equal values. The virtual primary key information may include, for example, primary virtual primary key (Cvpk) information, mirror virtual primary key 1 (Mvpk 1) information, and mirror virtual primary key 2 (Mvpk 2) information. The key=cvpk information+mvpk 1 information+mvpk 2 information+hamming check code check, and both the key and database information can be stored in a warehouse.
According to the embodiment of the disclosure, the key is determined through the check code and the virtual primary key information, so that the line marking of the database selected by the virtual primary key can be realized, the existence of the marking of the database watermark is ensured, the virtual primary key can be embedded, the embedding of the database watermark is realized, the problems of leakage tracing and the like are effectively solved, for example, the check code can be recovered through the key, then error checking is performed, and the original watermark information is recovered.
According to an embodiment of the present disclosure, determining the check code based on the database information and the unique identification may include:
determining watermark information according to the database information and the unique identifier; according to the first preset length, binary bit stream division is carried out on watermark information to obtain bit stream information; and calculating to obtain a check code according to the bit stream information. The check code may include a hamming check code, among others.
According to an embodiment of the present disclosure, watermark information wm may be composed of two parts, namely database information info and a unique identification UUID of the database, i.e. wm=info+uuid. The watermark information wm may be divided into binary bitstreams having a total length L denoted wm'. The hamming check code check of the bit stream information wm' is calculated and retained as part of the key.
According to the embodiment of the disclosure, the verification code determined through the database information and the unique identifier can be used as a part of the secret key, so that the problems of leakage tracing and the like can be solved.
According to an embodiment of the present disclosure, marking a row of a database in which watermark data can be embedded based on virtual primary key information, a key, and a preset embedding ratio, to obtain a marked row of the database may include:
Deleting the repeated value in the virtual main key information to obtain new virtual main key information; determining a hash value according to the new virtual main key information, the key and the preset embedding proportion; determining that the row of the database can be embedded with watermark data under the condition that the hash value meets a preset threshold value; and marking the row of the database to obtain the marked row of the database.
According to the embodiment of the disclosure, the repeated values of the virtual primary key information in each database table in the database can be removed, so that new virtual primary key information is obtained. Watermark data may be embedded using SHA1 functions to determine the rows of the database. Specifically, the hash value is calculated through the new virtual primary key information, the key and the preset embedding proportion, and watermark data can be embedded in the database under the condition that the hash value meets the preset threshold value.
For example, the virtual primary key information (Cvpk information, mvpki (1. Ltoreq.i.ltoreq.2) information) in each database table in the database may be removed from the repetition value to obtain new virtual primary key information (Cvpk 'information and mvpki.j' information). Wherein cvpk.j 'may represent the jth Cvpk after removing the repeated value, mvpki.j' may represent the jth Mvpki after removing the repeated value, and Mvpki may be the ith mirrored virtual primary key Mvpk.
For Cvpk information, the SHA1 function can be used to determine the tuples that Cvpk can tag (i.e. rows of the database), if Hash (key, cvpk.j') mod γ=0 (1+.j+.ω), then tag. Wherein, gamma can be expressed as a preset embedding proportion; ω can be expressed as the total number of markable tuples, i.e., ω=η× (1/γ).
For Mvpki (1.ltoreq.i.ltoreq.2) information, the SHA1 function can be used as well, and a markable tuple is determined from Mvpk, if Hash (key, mvpki.j') mod γ=0 (1.ltoreq.i.ltoreq.2, 1.ltoreq.j.ltoreq.ω), then marking; η may be expressed as the total number of embeddable tuples in the database.
According to the embodiment of the disclosure, the attack resistance of the virtual main key can be improved by redundant virtual main keys. Compared with a single virtual master key, the redundant virtual master key not only has the master virtual master key Cvpk, but also has the mirror virtual master key Mvpk as a reference for watermarking. Since the virtual primary key is not recorded by the data dictionary and the attribute containing important information is selected, the deletion probability is less. In the redundant virtual main key, the probability of deleting the Mvpk or the Cvpk is smaller, and even if any Cvpk or Mvpk in a database table is deleted, the watermark information in the table can be recovered as long as one virtual main key exists, so that the security of the virtual main key is greatly improved, and the robustness for coping with the main key attack is enhanced.
According to an embodiment of the present disclosure, embedding watermark data based on a marked row of a database to obtain a database embedded with watermark data may include:
performing attribute marking on fields meeting a second preset length in the marked rows of the database to obtain the rows of the database marked again; determining watermark embedding positions according to the row of the database marked again and the secret key; and embedding watermark data according to the watermark embedding position to obtain a database embedded with the watermark data.
According to the embodiment of the disclosure, the attribute value can be obtained through the attribute marking, the hash value is calculated according to the attribute value and the key, the watermark embedding position is determined, and then the watermark data is embedded, so that the database in which the watermark data is embedded is obtained.
For example, the virtual primary key information (Cvpk information, mvpki (1. Ltoreq.i.ltoreq.2) information) in each database table in the database may be removed from the repetition value to obtain new virtual primary key information (Cvpk 'information and mvpki.j' information). Wherein cvpk.j 'may represent the jth Cvpk after removing the repeated value, mvpki.j' may represent the jth Mvpki after removing the repeated value, and Mvpki may be the ith mirrored virtual primary key Mvpk.
For the Cvpk information, all attrs greater than the specified length len in the corresponding row may be for the marker tuple selected by Cvpk k Attribute marking is performed. Calculating watermark embedding position index, index=hash (key, cvpk.j', attr k ) mod L (1. Ltoreq. J. Ltoreq. ω) and then replaces the attribute value attr determined by the Cvpk flag with the index bit of the watermark binary bit stream information wm k .l 0 And attr is calculated from the value of (2) k .l 3 The value of (2) is set to 0.attr k .l 0 Bits embedded in the index bit.
For Mvpki (1.ltoreq.i.ltoreq.2) information, all attrs in the corresponding row that are greater than the specified length len may be for the marker tuple selected by Mvpk k The attribute is marked. Calculate watermark embedding position index ', index ' =hash (key, mvpki.j ', attr) k ) mod L (1. Ltoreq.i. Ltoreq.2, 1. Ltoreq.j. Ltoreq.ω), and then substituting the index 'bit of the watermark binary bit stream information wm' for the attribute value attr determined by the Mvpk flag k A bit value of least significant bit of (1) and the selected flag is Mvpk i Then replace attr k .l i The value of i is equal to or more than 1 and equal to or less than 2, and attr is calculated k .l 0 The value of (2) is set to 0.attr k .l i Embedding watermark bit stream information wm' ith de with value (1.ltoreq.i.ltoreq.2)Bits of x bits.
According to the embodiment of the disclosure, redundant virtual main keys can be embedded, and the number of the redundant virtual main keys is increased, so that the total number of the virtual main keys can be up to three. To achieve minimal modification to the database, only the lowest one of the numerical data is modified. First, binary conversion is performed, namely, binary bits can be divided into attr from high to low k .l 3 ,attr k .l 2 ,attr k .l 1 ,attr k .l 0 . Because the decimal number is represented as a range of 0 to 9, the binary number is represented as a range of 0 to 15, and in order to avoid exceeding the decimal number range, only attr is calculated k Modifying the last three bits of the binary partition to reduce attr k .l 3 The value of (2) is set to 0, i.e. the number of bits changed is attr only k .l 2 ,attr k .l 1 ,attr k .l 0 . Depending on the embeddable nature of the Cvpk tag, the watermark bits may be substituted for attr k .l 0 . While the number of Mvpk is 0 to 2, the bit attr is selected according to the specific situation k .l 2 And attr k .l 1 And performing replacement. The method is used for increasing the number of the virtual main keys by the redundant virtual main keys, but the redundancy introduced into the database is not increased.
Fig. 3 schematically illustrates a flow chart of a database watermarking method according to another embodiment of the present disclosure.
As shown in fig. 3, the database watermarking method of this embodiment may be to determine the database unique identifier UUID by acquiring database information and database data (data) from the database, and determine the hamming verification code check by the database information and the database unique identifier UUID. The information of the virtual primary keys (Cvpk, mvpk1 and Mvpk 2) is determined by analyzing the characteristics and the importance of the attributes of the database data and selecting a method containing important attributes with more non-equal values. And forming a key by virtual primary key (Cvpk, mvpk1, mvpk 2) information and a Hamming check code check, and storing the key into a database to finish key storage. And (3) respectively aiming at virtual primary key (Cvpk, mvpk1 and Mvpk 2) information, marking watermark embedding positions by means of a key through an SHA1 algorithm, and embedding watermark data according to marked watermark embedding positions to obtain database data containing watermarks.
According to the embodiment of the disclosure, the attack resistance of the virtual main key is improved through the redundant virtual main key. Compared with a single virtual master key, the redundant virtual master key not only has the master virtual master key Cvpk, but also has the mirror virtual master key Mvpk as a reference for watermarking. Since the virtual primary key is not recorded by the data dictionary and the attribute containing important information is selected, the deletion probability is less. In the redundant virtual main key, the probability of deleting the Mvpk or the Cvpk is smaller, and even if any Cvpk or Mvpk in a database table is deleted, the watermark information in the table can be recovered as long as one virtual main key exists, so that the security of the virtual main key is greatly improved, and the robustness for coping with the main key attack is enhanced.
Fig. 4 schematically illustrates a flowchart of a database watermark tracing method according to an embodiment of the disclosure.
As shown in fig. 4, the database watermark tracing method 400 of this embodiment includes operations S410 to S440.
In operation S410, virtual primary key information and a check code are acquired using a key, wherein the key is acquired from a key storage database storing the key.
According to the embodiment of the disclosure, in the database watermarking method, the check code can be determined based on the database information and the unique identifier; the key is determined based on the check code and the virtual primary key information. In the database watermark tracing method, the key decryption can be utilized to obtain virtual primary key information and check codes.
In operation S420, the watermark embedding location of the leaked database is obtained according to the virtual primary key information, where the leaked database is a database after the data of the database embedded with watermark data is leaked.
According to embodiments of the present disclosure, a virtual primary key attribute location may be determined from virtual primary key information. And acquiring the watermark embedding position of the leakage database by using an SHA1 algorithm according to the preset embedding proportion, the key and the attribute position of the virtual main key.
In operation S430, watermark bit information is extracted according to the watermark embedding location.
According to the embodiment of the disclosure, the bit value can be calculated according to the watermark embedding position, the bit value of the final watermark embedding position is determined in a large number voting mode, and the bit value is extracted as watermark bit information.
In operation S440, watermark information is determined based on the watermark bit information and the check code.
According to the embodiment of the disclosure, the watermark bit stream containing verification can be recovered according to the watermark bit information and the verification code in the secret key. According to the verification principle, the watermark bit stream is subjected to verification error correction and combined into original watermark information, i.e., watermark information determined in operation S440. The database information and the unique database identifier can be known according to the information displayed by the watermark information, and the detailed information of the database table can be reversely searched in the system through the unique database identifier. The check code may include a hamming check code, among others. The verification principle may include a hamming verification principle.
According to the database watermark processing method, after watermark embedding is carried out on the database, redundant virtual primary key information is acquired through the key when tracing is needed, the problems of leakage tracing and the like can be effectively solved when the watermark information is extracted, and the database watermark processing method has good robustness and usability for common attacks such as data watermark adding, modifying and deleting attacks and can effectively erase the watermark and detect the attack.
According to an embodiment of the present disclosure, obtaining a watermark embedding location of a leakage database according to virtual primary key information may include:
deleting the repeated value in the virtual main key information to obtain new virtual main key information; determining a hash value according to the new virtual main key information, the key and the preset embedding proportion; determining that the row of the leakage database can be embedded with watermark data under the condition that the hash value meets a preset threshold value; marking the row of the leakage database to obtain a marked row of the leakage database; performing attribute marking on fields meeting a second preset length in the marked row of the leakage database to obtain a re-marked row of the leakage database; and determining the watermark embedding position of the leakage database according to the row of the leakage database after the re-marking and the secret key.
For example, for the watermark embedding location marked by Cvpk, the repetition value of Cvpk in each table in the leakage database may be removed to obtain Cvpk'. And acquiring the positions of the rows of the watermark embedding database by using an SHA1 algorithm according to the preset embedding proportion gamma, the key and the Cvpk attribute position. If Hash (key, cvpk.j') mod γ=0 (1+.j+.ω), then the behavior of the database marks the row of the database with the virtual primary key. For a row of the tag database selected by Cvpk, all attrs greater than the specified length len in the corresponding row k Attribute location marking is performed.
For the watermark embedding position marked by Mvpki (i is more than or equal to 1 and less than or equal to 2), the repeat value of Mvpki in each table in the leakage database can be removed, and Mvpki' is obtained.
If Hash (key, mvpki.j') mod γ=0 (0.ltoreq.i.ltoreq.2, 1.ltoreq.j.ltoreq.ω), then the behavior of the database mirrors that of the virtual primary key marking database. For a row of the mark database selected by Mvpk, all attrs greater than the specified length len in the corresponding row k Attribute location marking is performed.
According to the embodiment of the disclosure, the watermark embedding position of the leakage database is obtained according to the virtual primary key information, so that the embedded watermark information is obtained according to the watermark embedding position, and the problems of leakage tracing and the like are effectively solved.
According to an embodiment of the present disclosure, extracting watermark bit information according to watermark embedding positions may include:
extracting the row of the leakage database according to the watermark embedding position to obtain a plurality of bit values; and carrying out large-scale calculation on the bit values to obtain watermark bit information.
For example, for the watermark embedding position after the Cvpk mark, the attr is taken out according to the attribute position of the Cvpk mark k .l 0 The position of the watermark where the bit is located is obtained by a Hash function, i.e. index = Hash (key, cvpk.j', attr k )mod L(1≦j≦ω),And voting the bit values extracted from the attributes in the repeated tuples by a large number, and finally determining the extracted value of the index position. Since watermark bit information is embedded many times, if the watermark position index extracts a plurality of bits, the watermark information wm is obtained again by a large number voting mode c Bit values of the' final index position.
For the watermark embedding position marked by Mvpki (1 is less than or equal to i is less than or equal to 2), according to the attribute position of the Mvpki mark, the attr of the attribute of the Mvpki mark is taken out k .l i And 1 +.i +.2. The position of the watermark where the bit is located is obtained by a Hash function, i.e. index '=hash (key, mvpki j', attr) k ) mod L (1.ltoreq.i.ltoreq.2, 1.ltoreq.j.ltoreq.ω), and also performing a large number voting on the bit information extracted from each attribute in the repeated tuple, and finally determining the extraction value of the index position. Since watermark bit information is embedded many times, if the watermark position index' extracts a plurality of bits, the watermark information wm is obtained again by a large number voting method mi 'bit value of final index' position of 1 +.i +.2).
Watermark information wm recovered by Cvpk c If a certain sequence number among indexes has no extracted value after attack, bit '0' is used for filling; ordering index ' of watermark information recovered by Mvpk1 and Mvpk2 is also padded with '0 '. Comparing the bit positions of the index and index' at the same position, and determining the final extracted watermark information wm according to the large number mi A value of' (1.ltoreq.i.ltoreq.2). Usually index' is obtained from two sets of data extracted based on Mvpk1 and Mvpk2, and a large number of table decisions can be easily determined as with index data extracted based on Cvpk. However, some data tables only have data marked by Cvpk or Cvpk and Mvpk1 due to their specificity, and the large number of table results at this time are mainly the index result extracted by the main virtual main key Cvpk, because Cvpk is selected as the main virtual main key, and the selected columns have more non-equal values and higher importance.
According to the embodiment of the disclosure, the database watermarking algorithm based on the redundant virtual main key enhances error correction performance compared with the database watermarking algorithm based on the single virtual main key. The database watermarking algorithm of the redundant virtual main key uses a triple large number voting mechanism, namely, the same embeddable attribute embedded bit large number voting in the row of the repeated database; voting the same watermark position bit big number extracted from the rows of the database corresponding to different virtual main keys; the same watermark positions in Cvpk and Mvpk are voted by the number of bits. After the layer-by-layer verification of triple-large number voting, the accuracy rate of each bit of the watermark bit information is greatly improved, and after that, the watermark bit information is subjected to error verification by the recovered verification code in the secret key, so that the original watermark information is recovered. Through the process, the extraction accuracy of watermark information is greatly improved compared with the algorithm of a single virtual main key.
According to an embodiment of the present disclosure, determining watermark information according to watermark bit information and a check code may include:
obtaining a watermark bit stream comprising check codes according to the watermark bit information and the check codes; and determining watermark information according to the watermark bit stream and the verification principle.
According to the embodiment of the disclosure, the watermark bit stream containing verification can be recovered according to watermark bit information together with the secret key, and the watermark bit stream is subjected to verification and error correction according to the verification principle and combined into the original watermark character string information. Watermark information is determined based on the original watermark string information.
According to the embodiment of the disclosure, the database information and the unique identification of the database can be determined according to the information displayed by the determined watermark information, and then the detailed information of the database table can be reversely searched in the system through the unique identification of the database.
Fig. 5 schematically illustrates a flowchart of a database watermark tracing method according to another embodiment of the disclosure.
As shown in fig. 5, the database watermark tracing method of this embodiment may include obtaining database data containing watermarks from a leakage database, and obtaining watermark embedding positions by using SHA1 algorithm based on key. Wherein the watermark embedding locations comprise watermark embedding locations for Cvpk, mvpk1 and Mvpk 2. Extracting watermark bit information according to watermark embedding positions, then carrying out large-scale calculation, determining bit values of a Cvpk watermark, a Mvpk1 watermark and a Mvpk2 watermark, recovering a watermark bit stream containing hamming verification along with hamming verification codes in a key, carrying out verification and error correction according to a hamming verification principle, and combining the watermark information so as to determine the watermark after being corrected.
According to the embodiment of the disclosure, by the database watermark processing method, after watermark embedding is carried out on the database, redundant virtual primary key information is acquired through the key when tracing is needed, and the problems of leakage tracing and the like can be effectively solved when the watermark information is extracted, so that the method has better robustness and usability for common attacks such as data watermark adding, modifying and deleting attacks and can effectively cope with watermark erasing and attack detection.
Based on the database watermarking method, the disclosure also provides a database watermarking device. The device will be described in detail below in connection with fig. 6.
Fig. 6 schematically shows a block diagram of a database watermarking apparatus according to an embodiment of the disclosure.
As shown in fig. 6, the database watermarking apparatus 600 of this embodiment includes a generating module 610, a first determining module 620, a marking module 630, and an embedding module 640.
The generating module 610 is configured to generate a unique database identifier according to the obtained database information. In an embodiment, the generating module 610 may be configured to perform the operation S210 described above, which is not described herein.
The first determining module 620 is configured to determine a key based on the virtual primary key information, the database information, and the unique identifier. In an embodiment, the first determining module 620 may be configured to perform the operation S220 described above, which is not described herein.
The marking module 630 is configured to mark a row of the database in which watermark data can be embedded based on the virtual primary key information, the key, and a preset embedding ratio, to obtain a marked row of the database. In an embodiment, the marking module 630 may be used to perform the operation S230 described above, which is not described herein.
The embedding module 640 is configured to embed watermark data based on the marked rows of the database, and obtain a database in which watermark data is embedded. In an embodiment, the embedding module 640 may be configured to perform the operation S240 described above, which is not described herein.
Any of the generation module 610, the first determination module 620, the tagging module 630, and the embedding module 640 may be combined in one module to be implemented, or any of them may be split into a plurality of modules, according to an embodiment of the present disclosure. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. At least one of the generation module 610, the first determination module 620, the marking module 630, and the embedding module 640 may be implemented, at least in part, as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware, such as any other reasonable way of integrating or packaging circuitry, or in any one of or a suitable combination of any of the three. Alternatively, at least one of the generation module 610, the first determination module 620, the tagging module 630, and the embedding module 640 may be at least partially implemented as a computer program module that, when executed, may perform the corresponding functions.
Based on the database watermark tracing method, the disclosure also provides a database watermark tracing device. The device will be described in detail below in connection with fig. 7.
Fig. 7 schematically illustrates a block diagram of a database watermark tracing apparatus according to an embodiment of the disclosure.
As shown in fig. 7, the apparatus 700 of this embodiment includes a first acquisition module 710, a second acquisition module 720, an extraction module 730, and a second determination module 740.
The first obtaining module 710 is configured to obtain virtual primary key information and a check code using a key, where the key is obtained from a key storage database storing keys. In an embodiment, the first obtaining module 710 may be configured to perform the operation S410 described above, which is not described herein.
The second obtaining module 720 is configured to obtain, according to the virtual primary key information, a watermark embedding location of a leakage database, where the leakage database is a database after data leakage occurs in a database in which watermark data is embedded. In an embodiment, the second obtaining module 720 may be configured to perform the operation S420 described above, which is not described herein.
The extracting module 730 is configured to extract watermark bit information according to the watermark embedding location. In an embodiment, the extracting module 730 may be configured to perform the operation S430 described above, which is not described herein.
The second determining module 740 is configured to determine watermark information according to watermark bit information and the check code. In an embodiment, the second determining module 740 may be configured to perform the operation S440 described above, which is not described herein.
According to an embodiment of the present disclosure, any of the first acquisition module 710, the second acquisition module 720, the extraction module 730, and the second determination module 740 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the first acquisition module 710, the second acquisition module 720, the extraction module 730, and the second determination module 740 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or as hardware or firmware in any other reasonable manner of integrating or packaging the circuitry, or as any one of or a suitable combination of any of the three. Alternatively, at least one of the first acquisition module 710, the second acquisition module 720, the extraction module 730, and the second determination module 740 may be at least partially implemented as computer program modules, which when executed, may perform the respective functions.
Fig. 8 schematically illustrates a block diagram of an electronic device adapted to implement a database watermarking method and a database watermark tracing method according to an embodiment of the disclosure.
As shown in the figure, the electronic device 800 according to the embodiment of the present disclosure includes a processor 801 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. The processor 801 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 801 may also include on-board memory for caching purposes. The processor 801 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the disclosure.
In the RAM 803, various programs and data required for the operation of the electronic device 800 are stored. The processor 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. The processor 801 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 802 and/or the RAM 803. Note that the program may be stored in one or more memories other than the ROM 802 and the RAM 803. The processor 801 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in one or more memories.
According to an embodiment of the present disclosure, the electronic device 800 may also include an input/output (I/O) interface 805, the input/output (I/O) interface 805 also being connected to the bus 804. The electronic device 800 may also include one or more of the following components connected to the I/O interface 805: an input portion 806 including a keyboard, mouse, etc.; an output portion 807 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 808 including a hard disk or the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. The drive 810 is also connected to the I/O interface 805 as needed. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as needed so that a computer program read out therefrom is mounted into the storage section 808 as needed.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 802 and/or RAM 803 and/or one or more memories other than ROM 802 and RAM 803 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to perform the methods provided by embodiments of the present disclosure.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 801. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed, and downloaded and installed in the form of a signal on a network medium, and/or from a removable medium 811 via a communication portion 809. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network via the communication section 809, and/or installed from the removable media 811. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 801. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (14)

1. A database watermarking method, comprising:
generating a unique database identifier according to the acquired database information;
Determining a key based on the virtual primary key information, the database information, and the unique identification;
marking the row of the database capable of embedding watermark data based on the virtual main key information, the key and a preset embedding proportion to obtain the marked row of the database; and
and embedding the watermark data based on the marked row of the database to obtain a database embedded with the watermark data.
2. The method of claim 1, wherein the determining a key based on virtual primary key information, the database information, and the unique identification comprises:
determining a check code based on the database information and the unique identifier;
and determining the key based on the check code and the virtual primary key information.
3. The method of claim 2, wherein the determining a check code based on the database information and the unique identification comprises:
determining watermark information according to the database information and the unique identifier;
according to a first preset length, binary bit stream division is carried out on the watermark information to obtain bit stream information;
and calculating the check code according to the bit stream information.
4. The method of claim 1, wherein the marking the row of the database in which watermark data can be embedded based on the virtual primary key information, the key, and a preset embedding ratio, to obtain the marked row of the database, comprises:
deleting the repeated value in the virtual main key information to obtain new virtual main key information;
determining a hash value according to the new virtual primary key information, the key and a preset embedding proportion;
determining that the row of the database can embed the watermark data under the condition that the hash value meets a preset threshold value;
and marking the row of the database to obtain the marked row of the database.
5. The method of claim 1, wherein the embedding the watermark data based on the marked rows of the database results in a database of embedded watermark data, comprising:
performing attribute marking on the fields meeting the second preset length in the marked rows of the database to obtain the rows of the database marked again;
determining a watermark embedding position according to the row of the database marked again and the secret key;
and embedding the watermark data according to the watermark embedding position to obtain a database of the embedded watermark data.
6. A database watermark tracing method, comprising:
obtaining virtual primary key information and a check code by using a key, wherein the key is obtained from a key storage database storing the key;
obtaining watermark embedding positions of a leakage database according to the virtual primary key information, wherein the leakage database is a database after data leakage of the database embedded with watermark data;
extracting watermark bit information according to the watermark embedding position; and
and determining watermark information according to the watermark bit information and the check code.
7. The method of claim 6, wherein the determining watermark information from the watermark bit information and the check code comprises:
obtaining a watermark bit stream comprising the check code according to the watermark bit information and the check code;
and determining the watermark information according to the watermark bit stream and the verification principle.
8. The method of claim 6, wherein the obtaining the watermark embedding location of the leakage database according to the virtual primary key information comprises:
deleting the repeated value in the virtual main key information to obtain new virtual main key information;
Determining a hash value according to the new virtual primary key information, the key and a preset embedding proportion;
determining that the watermark data can be embedded in the row of the leakage database under the condition that the hash value meets a preset threshold value;
marking the row of the leakage database to obtain the marked row of the leakage database;
performing attribute marking on the fields meeting the second preset length in the marked row of the leakage database to obtain a re-marked row of the leakage database;
and determining the watermark embedding position of the leakage database according to the row of the leakage database after the re-marking and the secret key.
9. The method of claim 6, wherein said extracting watermark bit information from said watermark embedding location comprises:
extracting the row of the leakage database according to the watermark embedding position to obtain a plurality of bit values;
and carrying out large number voting on a plurality of bit values to obtain the watermark bit information.
10. A database watermarking apparatus comprising:
the generation module is used for generating a unique database identifier according to the acquired database information;
the first determining module is used for determining a key based on the virtual main key information, the database information and the unique identifier;
The marking module is used for marking the row of the database capable of embedding watermark data based on the virtual main key information, the secret key and the preset embedding proportion to obtain a marked row of the database; and
and the embedding module is used for embedding the watermark data based on the marked row of the database to obtain a database embedded with the watermark data.
11. A database watermark tracing apparatus, comprising:
the first acquisition module is used for acquiring virtual primary key information and check codes by utilizing a secret key, wherein the secret key is acquired from a secret key storage database storing the secret key;
the second acquisition module is used for acquiring the watermark embedding position of the leakage database according to the virtual primary key information, wherein the leakage database is a database after the data of the database embedded with watermark data is leaked;
the extraction module is used for extracting watermark bit information according to the watermark embedding position; and
and the second determining module is used for determining watermark information according to the watermark bit information and the check code.
12. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
Wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-5 or 6-9.
13. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-5 or 6-9.
14. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 5 or 6 to 9.
CN202310728764.1A 2023-06-19 2023-06-19 Database watermark processing method, database watermark tracing method and device Pending CN116702103A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310728764.1A CN116702103A (en) 2023-06-19 2023-06-19 Database watermark processing method, database watermark tracing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310728764.1A CN116702103A (en) 2023-06-19 2023-06-19 Database watermark processing method, database watermark tracing method and device

Publications (1)

Publication Number Publication Date
CN116702103A true CN116702103A (en) 2023-09-05

Family

ID=87827346

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310728764.1A Pending CN116702103A (en) 2023-06-19 2023-06-19 Database watermark processing method, database watermark tracing method and device

Country Status (1)

Country Link
CN (1) CN116702103A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117708779A (en) * 2024-02-05 2024-03-15 广东鸿数科技有限公司 Data watermarking processing method, tracing method and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117708779A (en) * 2024-02-05 2024-03-15 广东鸿数科技有限公司 Data watermarking processing method, tracing method and storage medium
CN117708779B (en) * 2024-02-05 2024-06-07 广东鸿数科技有限公司 Data watermarking processing method, tracing method and storage medium

Similar Documents

Publication Publication Date Title
US10778441B2 (en) Redactable document signatures
AU2014237406B2 (en) Method and apparatus for substitution scheme for anonymizing personally identifiable information
US9836612B2 (en) Protecting data
JP5735539B2 (en) System, apparatus and method for encrypting and decrypting data transmitted over a network
CN111756522A (en) Data processing method and system
Camara et al. Distortion‐Free Watermarking Approach for Relational Database Integrity Checking
CN109977684A (en) A kind of data transmission method, device and terminal device
CN112073444B (en) Data set processing method and device and server
CN113610526A (en) Data trust method and device, electronic equipment and storage medium
CN116702103A (en) Database watermark processing method, database watermark tracing method and device
CN110704875B (en) Method, device, system, medium and electronic equipment for processing client sensitive information
CN114626079A (en) File viewing method, device, equipment and storage medium based on user permission
CN108900472B (en) Information transmission method and device
CN113822675A (en) Block chain based message processing method, device, equipment and storage medium
US20200327239A1 (en) Encrypting/Decrypting Method for Multi-Digit Number and Encrypting/Decrypting Server
CN117714613A (en) Image encryption method and device, electronic equipment and storage medium
US11138319B2 (en) Light-weight context tracking and repair for preventing integrity and confidentiality violations
CN115599959A (en) Data sharing method, device, equipment and storage medium
Vaidya et al. Data leakage detection and security in cloud computing
CN114626968A (en) Watermark embedding method, watermark extracting method and device
CN112307518A (en) Signature information processing method, signature information display method, signature information processing device, signature information display device, electronic equipment and storage medium
CN112883397A (en) Data storage method, data reading method, device, equipment and storage medium
Rastogi et al. Implementation of digital watermarking technique to secure IPR of web application code
CN113627938B (en) Data deleting method, device and equipment of block chain and storage medium
US20230359748A1 (en) System and method facilitating encryption preserving format as a distributed processing library

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination