KR20170081506A - Apparatus and method for data storage using partial data encryption - Google Patents
Apparatus and method for data storage using partial data encryption Download PDFInfo
- Publication number
- KR20170081506A KR20170081506A KR1020160000625A KR20160000625A KR20170081506A KR 20170081506 A KR20170081506 A KR 20170081506A KR 1020160000625 A KR1020160000625 A KR 1020160000625A KR 20160000625 A KR20160000625 A KR 20160000625A KR 20170081506 A KR20170081506 A KR 20170081506A
- Authority
- KR
- South Korea
- Prior art keywords
- document file
- encryption
- metadata
- encrypted
- data storage
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Upon receiving the document file to be stored from the user device, the data storage device encrypts only the encryption target included in the encryption target list in the document file, and then stores the encrypted document file.
Description
BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an apparatus and method for storing data using partial data encryption, and more particularly, to a data storage apparatus and method using partial data encryption based on shape preservation encryption.
Data encryption is a commonly used technology for the privacy of data writers or the confidentiality contained in data in devices or services that store digital data. However, degradation of storage / service due to encryption / decryption has always been pointed out as a problem. In particular, when retrieving a specific keyword or information from cryptographic data stored in a database, the entire data block must be decrypted in order to find the desired data, which causes a large consumption of computing power. Of course, when the widely used encryption algorithm is used, the degradation of the storage performance due to encryption and decryption can be neglected in the case of storing small personal data, but it is recognized as a big problem in a large data management system.
Generally, block encryption algorithms such as DES or AES are used for database encryption. That is, if a block (or file) A is a block of data (or file) generated by applying a block encryption algorithm such as DES or AES to eA, the eA can be stored in an external storage device such as a memory or hard disk of the database It is common practice to decrypt A from eA using the same key used to encrypt or decrypt the original. In this case, if the length of the original text data does not match the length of the data block processed by the corresponding algorithm, the length of the generated ciphertext is different from the length of the original text. That is, in DES, 8 bytes of ciphertext is always generated for plaintext data of 1 byte or more and 8 bytes or less. For AES-128, 16 bytes of ciphertext is always generated for plaintext data of 1 byte or more and 16 bytes or less.
In recent years, a form preservation cryptosystem has been proposed, in which ciphertexts of the same length are generated from the same character set as the original text, and there is a lot of interest. According to this shape-preserving cryptosystem, if you encrypt a 10-megabyte original file named A, the encrypted file will be equal to or slightly larger than 10 megabytes. However, in the case of a text file, it is common that the entire contents of the file need not be encrypted. In other words, even if only a specific word or a part of a sentence at a specific position is encrypted, the confidentiality can be sufficiently maintained.
However, when encrypting all the contents of A with eA, the computational power of encryption is also a problem, but it is also necessary to decrypt whole eA in order to check some data from eA or even to check data not related to confidentiality. In addition, due to the length variation during encryption / decryption, the storage location in the storage device during storage may be continuously changed, and the input / output (I / O) may be delayed.
A problem to be solved by the present invention is to provide a data storage apparatus and method using a partial data cipher that can reduce the time required for encryption and decryption and minimize input / output time required for accessing a storage system.
According to one embodiment of the present invention, a method of storing data in a data storage device is provided. The data storing method includes receiving a document file to be stored from the user apparatus, performing encryption only on the encryption target included in the encryption target list in the document file, and storing the encrypted document file.
Performing the encryption may include performing shape-preserving encryption on the cipher object.
The step of performing the encryption may include receiving the encryption target list from the manager device through the metadata management device.
The step of performing the encryption may further include generating metadata including the location and length of the encrypted objects, and transmitting the metadata to the metadata management apparatus.
The data storing method may further include receiving a document file request from the user apparatus, decrypting only the encrypted object to be encrypted in the document file corresponding to the document file request, and transmitting the decrypted document file to the user apparatus Step < / RTI >
Wherein the step of decrypting comprises the steps of: transmitting the document file request to the administrator device; receiving metadata associated with the document file approved by the metadata management device when the document file request is approved by the administrator device; And decrypting only the encrypted cryptographic object using the metadata associated with the approved document file.
According to another embodiment of the present invention, a data storage device for storing data is provided. Data storage devices include memories, processors, and transceivers. The processor performs the shape preserving encryption only on the encryption target included in the encryption target list with respect to the document file requested by the user apparatus to store in the memory and generates the metadata for the encrypted document file. The transceiver transmits the metadata to the metadata management apparatus.
The metadata may include an encryption algorithm name and an encryption key used in the shape preservation encryption, and a position and a length of the shape preservation encrypted encryption objects.
Wherein the processor decrypts only the shape-preserved encrypted cryptographic object into original data using metadata associated with the requested document file upon receiving a request for the document file from the user device, And receive metadata associated with the requested document file from the device.
The processor may store the document file requested to be stored by the user device in the memory, and then store the shape-preserved encrypted document file in the same location.
According to the embodiment of the present invention, not only the entire document file is encrypted but only a necessary portion is encrypted, thereby reducing the time required for encryption and the time required for decryption when retrieving a document. It is possible to overwrite the stored space with only the cipher text, thereby minimizing the input / output time required for file access.
1 is a diagram illustrating a data processing system in accordance with an embodiment of the present invention.
2 is a diagram illustrating an example of metadata according to an embodiment of the present invention.
3 is a diagram illustrating an encryption process of a data storage device according to an embodiment of the present invention.
FIG. 4 illustrates a decoding process of a data storage device according to an embodiment of the present invention. Referring to FIG.
5 is a flowchart illustrating a method of storing data in a data storage device according to an embodiment of the present invention.
6 is a diagram illustrating a data storage device according to an embodiment of the present invention.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.
Throughout the specification and claims, when a section is referred to as "including " an element, it is understood that it does not exclude other elements, but may include other elements, unless specifically stated otherwise.
Hereinafter, an apparatus and method for storing data using partial data encryption according to an embodiment of the present invention will be described in detail with reference to the drawings.
1 is a diagram illustrating a data processing system in accordance with an embodiment of the present invention.
Referring to FIG. 1, a data processing system includes a
The
The
The
The
Referring to FIG. 2, the metadata includes an algorithm name used for shape preservation encryption, additional information used for shape preservation encryption, key information used for shape preservation encryption, original document file name, and position and length of a cryptographic object.
The algorithm name used in the shape preservation cryptography is information which informs which algorithm was used for encryption among various algorithms. The additional information used for the shape preservation encryption may be additional information such as an initial vector (IV) according to the algorithm, and it is information informing the user. The key information used for the shape preservation encryption means an encryption key. The location of the cryptographic object may indicate the relative length from the beginning of the document file, may indicate the relative length from the end of the document file, and may be expressed in an agreed manner between the
As mentioned earlier, "I will meet HongGilDong in Seoul Station at 7 PM." If a form of ciphertext encryption is applied to 'HongGilDong' and 'Seoul' in the sentence, 'cipherAdKmal' and 'zpAjl' cipher texts are generated respectively, the entire cipher text will appear as "I will meet Attachment in zpAjl Station at 7 PM." . At this time, the position and length of the encryption target in the metadata related thereto can be expressed as "13:11, 28: 5 ". In other words, "13:11, 28: 5" indicates that the 11-character length from the 13th position and the 5-character length from the 28th length are ciphertexts including blank spaces in the entire ciphertext.
3 is a diagram illustrating an encryption process of a data storage device according to an embodiment of the present invention.
Referring to FIG. 3, the
The
The
Upon receipt of the document file from the
On the other hand, when the
The
The
Referring to FIG. 4, the
When the
The
The
The
The
As described above, the
In addition, the partial encryption and decryption according to the embodiment of the present invention may be performed by a device other than the
5 is a flowchart illustrating a method of storing data in a data storage device according to an embodiment of the present invention.
Referring to FIG. 5, the
The
If there is an encryption target included in the encryption target list in the document file, the
Meanwhile, the
The
6 is a diagram illustrating a data storage device according to an embodiment of the present invention.
6, the
The
The
The
The embodiments of the present invention are not limited to the above-described apparatuses and / or methods, but may be implemented through a program for realizing functions corresponding to the configuration of the embodiment of the present invention or a recording medium on which the program is recorded, Such an embodiment can be readily implemented by those skilled in the art from the description of the embodiments described above.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, It belongs to the scope of right.
Claims (10)
Receiving a document file to be stored from a user device,
Performing encryption only on a cipher subject included in the cipher list in the document file, and
Storing the encrypted document file
Lt; / RTI >
Wherein performing the encryption comprises performing shape-preserving encryption on the cryptographic object.
Wherein the step of performing the encryption includes receiving the encryption target list from the manager device through the metadata management device.
The step of performing the encryption
Generating metadata including the location and length of the encrypted cryptographic objects, and
And transmitting the metadata to a metadata management apparatus.
Receiving a document file request from the user device,
Decrypting only the encrypted cryptographic object in the document file corresponding to the document file request, and
Transmitting the decrypted document file to the user device
≪ / RTI >
The decoding step
Sending the document file request to a manager device,
Receiving metadata associated with a document file approved by the metadata management apparatus when the document file request is approved by the administrator apparatus, and
And decrypting only the encrypted cryptographic object using metadata associated with the approved document file.
Memory,
A processor for storing only the cipher objects included in the cipher target list for the document file requested to be stored by the user device in the memory by performing shape-preserving encryption, and generating metadata for the encrypted document file; and
A transceiver for transmitting the metadata to the metadata management apparatus
Lt; / RTI >
Wherein the metadata includes an encryption algorithm name and an encryption key used in the shape preservation encryption, and a position and a length of the shape-preserved encrypted objects.
Wherein the processor decrypts only the shape-preserved encrypted object to be original data using metadata associated with the requested document file upon receiving a request for the document file from the user apparatus,
Wherein the transceiver receives metadata associated with the requested document file from the metadata management device.
Wherein the processor stores the document file requested by the user device to be stored in the memory and then stores the shape-preserved encrypted document file in the same location.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160000625A KR20170081506A (en) | 2016-01-04 | 2016-01-04 | Apparatus and method for data storage using partial data encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160000625A KR20170081506A (en) | 2016-01-04 | 2016-01-04 | Apparatus and method for data storage using partial data encryption |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20170081506A true KR20170081506A (en) | 2017-07-12 |
Family
ID=59353179
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020160000625A KR20170081506A (en) | 2016-01-04 | 2016-01-04 | Apparatus and method for data storage using partial data encryption |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20170081506A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102000244B1 (en) * | 2019-04-02 | 2019-07-16 | 주식회사 한국정보보호경영연구소 | Blockchain system based on Zero Knowledge Proofs with Format-Preserving Encryption and control method thereof |
KR20190089493A (en) * | 2018-01-23 | 2019-07-31 | 이장형 | Method of encrypting protocol for programmable logic controller |
WO2022092347A1 (en) * | 2020-10-28 | 2022-05-05 | 주식회사 스파이스웨어 | Data encryption apparatus and method using supervised learning |
-
2016
- 2016-01-04 KR KR1020160000625A patent/KR20170081506A/en unknown
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190089493A (en) * | 2018-01-23 | 2019-07-31 | 이장형 | Method of encrypting protocol for programmable logic controller |
KR102000244B1 (en) * | 2019-04-02 | 2019-07-16 | 주식회사 한국정보보호경영연구소 | Blockchain system based on Zero Knowledge Proofs with Format-Preserving Encryption and control method thereof |
WO2022092347A1 (en) * | 2020-10-28 | 2022-05-05 | 주식회사 스파이스웨어 | Data encryption apparatus and method using supervised learning |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11558358B2 (en) | Secure analytics using homomorphic and injective format-preserving encryption | |
US20140143553A1 (en) | Method and Apparatus for Encapsulating and Encrypting Files in Computer Device | |
US20080247540A1 (en) | Method and apparatus for protecting digital contents stored in usb mass storage device | |
WO2020019387A1 (en) | Method for acquiring video resource file, and management system | |
US10970366B2 (en) | Method for securing a multimedia content record in a storage medium | |
TWI559168B (en) | Data encryption system and method | |
CN103294961A (en) | Method and device for file encrypting/decrypting | |
JP2008287519A (en) | Data encryption, transmission and saving system and removable medium | |
CN110061968A (en) | A kind of file encryption-decryption method based on block chain, system and storage medium | |
CN112597523B (en) | File processing method, file conversion encryption machine, terminal, server and medium | |
CN109067517B (en) | Encryption and decryption device, encryption and decryption method and communication method of hidden key | |
US11570155B2 (en) | Enhanced secure encryption and decryption system | |
EP2999159A1 (en) | Safety control method for cloud storage | |
CN113347143B (en) | Identity verification method, device, equipment and storage medium | |
CN112685753B (en) | Method and equipment for storing encrypted data | |
CN107306254B (en) | Digital copyright protection method and system based on double-layer encryption | |
US8402278B2 (en) | Method and system for protecting data | |
US20150350375A1 (en) | Information Processing Method, Trusted Server, and Cloud Server | |
KR20170081506A (en) | Apparatus and method for data storage using partial data encryption | |
US7886160B2 (en) | Information processing apparatus and method, and computer program | |
KR20210058313A (en) | Data access control method and system using attribute-based password for secure and efficient data sharing in cloud environment | |
JP3537959B2 (en) | Information decryption device | |
KR101790948B1 (en) | Apparatus and method for providing drm service, apparatus and method for playing contents using drm service | |
Barukab et al. | Secure communication using symmetric and asymmetric cryptographic techniques | |
CN115459967A (en) | Ciphertext database query method and system based on searchable encryption |