KR20100003380A - How to query encrypted database information - Google Patents
How to query encrypted database information Download PDFInfo
- Publication number
- KR20100003380A KR20100003380A KR1020080063241A KR20080063241A KR20100003380A KR 20100003380 A KR20100003380 A KR 20100003380A KR 1020080063241 A KR1020080063241 A KR 1020080063241A KR 20080063241 A KR20080063241 A KR 20080063241A KR 20100003380 A KR20100003380 A KR 20100003380A
- Authority
- KR
- South Korea
- Prior art keywords
- information
- database
- encrypted
- encryption server
- server
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The present invention is designed to enable a member to query an encrypted database. When a member encrypts and stores his or her personal information in a database, separate personal information is stored in an encryption server located at a separate location on the network. It is to configure the redundancy of information by storing it. Separately stored information is recorded by encrypting a combination of a virtual alias, member's personal information for target marketing, a decryption key and a member's key for searching personal information, and important information such as social security number, telephone number, address, and email. It is characterized by not recording. All database inquiries are made by separately storing member information to ensure the performance and processing speed of the database server.
Through the present invention, it is possible to encrypt and store the member information in the database, and the purpose is to reinforce the best security level with the security equipment and DB security policy.
Description
In order to maintain the security of the member information, the member information in the database may be encrypted and registered using a patient method or other encryption technology, not a general ASCII code. At this time, encrypted database information cannot be read as it is by standard inquiry technology. However, if the decryption key is the same for all members, there is no problem, but if each member has the decryption key, there will be a problem in the inquiry.
The present invention devised a method for inquiring member information of a database when a member has a decryption key for each member. The present invention is a method that can be inquired while maintaining the highest security level without any processing speed.
The present invention does not mean a replica (aka WIEW) based on a database original. When a member registers the member information, the information is based on an encrypted table and virtual member important information, and a table for inquiry including detailed information is created and used. The practice of the present invention is that the original information is placed on the database server, and the member information that can be viewed normally is placed on an encryption server with a higher level of security, thereby making it impossible to decrypt the database only by hacking the database.
In the present invention, when the member information is encrypted and recorded in the database, it is difficult or impossible to directly query the encrypted and recorded database when querying the member information in the operation module of the site. In this case, we devised an easy way to query the database. The main contents of the present invention are to place the member information of the encrypted database in the encryption server with the duplicated information recorded in the normal ASCII code, query it, obtain the member information, and pass it to the database operation module. To deal with.
The first object of the present invention is to provide a method for easily inquiring a database in which member information is recorded as a cipher text, and in the worst case, by encrypting and processing member information and member transaction information on a network, the encrypted member information and normal transaction Even if information is leaked, the purpose of protecting personal information is to maintain the highest level of security as well as to provide quick database search.
In order to achieve this purpose, when the member encrypts his information in the database and stores it, the encryption server stores it separately in normal ASCII code. The information stored in the encryption server should not be stored as key information on personal identity, such as social security number, telephone number, email address, etc., and the name should be stored using a virtual name rather than a real name. In addition, the database is to encrypt and store the membership number and decryption key for linkage with the original member information. In this way, except for important information of personal information, only general information, that is, information necessary for site activity and transaction, is used to create an unencrypted table.
The present invention is designed and created to easily access the encrypted recorded database to quickly look up, and in addition to the database security policy, it is easy to encrypt the stored information of the database itself, as well as to the security level of the site. The external reliability can be shown. The effect will be great.
In order to explain a method for querying an encrypted database applied to the present invention, the representative diagram 1 and the specification diagram 1 are referred to. . In the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. The following terms are terms set in consideration of functions in the present invention, which may vary depending on the intention or custom of the producer, and their definitions should be made based on the contents throughout the specification.
Representative FIG. 1 shows a relationship in which an encryption server communicates with a database server, and specification FIG. 1 shows a difference and configuration method of original encrypted member information of a database from normal member information of an encryption server.
Representative diagram 1 is as follows.
A member accesses a web site and performs an activity, and the web server calculates a series of activities and records them in a database. In this case, the web server divides the general member inquiry and personal information inquiry into the database and requests the encryption server. When the general member information is requested, the database requests the general membership information to the encryption server through the general inquiry module (1.0). The encryption server receiving the information request passes the member information to the database server through the general member information coordination module (1.1), and the database server processes this information and expresses it. When requesting personal member information (2.0), the encryption server decrypts the encrypted member information of the database server with the decryption key of the desired member (2.1) to process it into normal information and returns it to the personal transaction activity module (2.0) of the database server. will be. Therefore, this series of routines is done through the replicated member information of the encryption server.
Referring to Figure 1 as follows.
When a member saves his / her personal information in a database, the encrypted member information is stored in the member table and the unencrypted information is stored in a separate table at the same time. In this case, the separate information stored in the encryption server does not store the main items of personal information, namely, real name, social security number, mobile phone number, address, etc., and store information necessary for operating the site, that is, information necessary for target marketing. Will be. However, in order to decrypt the original data of the database, the decryption key is encrypted and stored together with the member key. This duplicated table is not a virtual table (aka VIEW), but a created table. When the original table is changed, the system automatically updates the membership table of the encryption server. In this way, all the member information needed in the database is inquired in the replicated member information table of the encryption server, and information requiring personal identity is decrypted in the encrypted database server through the encryption member's personal member inquiry module, and the normal member information is again restored. It is processed and returned. This system configuration not only enables encrypted database information query but also guarantees the performance and processing speed of the database.
The present invention enables a general and individual inquiry of encrypted member information, and is created in consideration of the processing speed and the performance of the database, and provides a method for enabling the recording of encrypted information in the database itself for the best security. By strengthening the security level of each site, it is possible to securely decode the member's important personal information and transaction details in the event of database leakage caused by hacking or internal action, and improve the security of the site. In other words, it is likely to be used industrially by supplementing the weaknesses of the Internet and encouraging members to conduct safe Internet activities.
1. Representative figure 1: Dataflow diagram showing how to inquire between database server and encryption server
2. Specification Figure 1: Entity table information showing difference between encrypted information in database and unencrypted information in encryption server
Claims (3)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020080063241A KR20100003380A (en) | 2008-07-01 | 2008-07-01 | How to query encrypted database information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020080063241A KR20100003380A (en) | 2008-07-01 | 2008-07-01 | How to query encrypted database information |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20100003380A true KR20100003380A (en) | 2010-01-11 |
Family
ID=41813176
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020080063241A KR20100003380A (en) | 2008-07-01 | 2008-07-01 | How to query encrypted database information |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20100003380A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20150090204A (en) * | 2012-12-28 | 2015-08-05 | 알까뗄 루슨트 | A privacy-preserving database system |
-
2008
- 2008-07-01 KR KR1020080063241A patent/KR20100003380A/en not_active Application Discontinuation
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20150090204A (en) * | 2012-12-28 | 2015-08-05 | 알까뗄 루슨트 | A privacy-preserving database system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101504706B (en) | Database information encryption method and system | |
KR101371608B1 (en) | Database Management System and Encrypting Method thereof | |
US8447983B1 (en) | Token exchange | |
US7548152B2 (en) | RFID transponder information security methods systems and devices | |
US20220343017A1 (en) | Provision of risk information associated with compromised accounts | |
CN1761926B (en) | Method and equipment for giving user access to associated information between user and data | |
US10666647B2 (en) | Access to data stored in a cloud | |
US10250613B2 (en) | Data access method based on cloud computing platform, and user terminal | |
US20110099203A1 (en) | Cross domain discovery | |
CN112825520B (en) | User privacy data processing method, device, system and storage medium | |
CN102687133A (en) | Containerless data for trustworthy computing and data services | |
CN107948146A (en) | A kind of connection keyword retrieval method based on encryption attribute in mixed cloud | |
CN109829333B (en) | OpenID-based key information protection method and system | |
GB2595167A (en) | Secure, multi-level access to obfuscated data for analytics | |
US10594473B2 (en) | Terminal device, database server, and calculation system | |
US9413734B1 (en) | Methods and apparatus for sharing encrypted data | |
CN108170753A (en) | A kind of method of Key-Value data base encryptions and Safety query in shared cloud | |
KR102245886B1 (en) | Analytics center and control method thereof, and service providing device and control method thereof in co-operational privacy protection communication environment | |
US9436849B2 (en) | Systems and methods for trading of text based data representation | |
CN115694921B (en) | Data storage method, device and medium | |
KR20100112298A (en) | System for searching index according to a pattern encrypted database and method therefor | |
KR20100003380A (en) | How to query encrypted database information | |
US11880486B2 (en) | Device, requesting a device, method and computer program | |
Raj et al. | Efficient mechanism for sharing private data in a secured manner | |
CN117235802B (en) | Condition trace query method, system and medium based on privacy calculation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application | ||
E601 | Decision to refuse application |