201201031 六、發明說明: 【發明所屬之技術領域】 • 本發明是有關於一種資料保密技術,特別是指一種用 . 於資料庫委外處理之資料保密系統。 【先前技術】 ,隨著資訊科技的快速發展,從個人、企業以至於公家 機關與政府組織,無不大量利用資訊科技所帶來的便利性 。但,在享受資訊科技所帶來之便利性的同時,也浮現出 ® 關於資訊安全的眾多危機。其中,資料庫往往為各用戶( 個人、企業、公家機關與政府組織)的重要資產,然,資 料庫每隔一段時間,難免會有維修之需求,如果資料庫是 委外(outsourcing )進行維修,假設其内容沒有採取有效的 安全保密措施,一旦其内容遭到竊取或洩漏,將會對用戶 造成極大的傷害。 現有的用於安全資料庫委外處理之資料加密技術,如 Sergei Evdokimov 及 Oliver Giinther 所發表之文獻「 ·. Encryption Techniques for Secure Database Outsourcing」中 所述,其主要係採用精確選擇(exact select )、投影( projection),及笛卡兒乘積(Cartesian product)等關係運 算(relational operation )來完成加密技術。 本發明旨在提供另一種用於資料庫委外處理之資料保 密系統,其運算簡易且可達到一定程度的資料安全性。 【發明内容】 因此,本發明之目的,即在提供一種用於資料庫委外 201201031 處理之資料保密系統。 於是,本發明用於資料庫委外處理之資料保密系統, 包3一加密處理單元,及一解密處理單元。 一—該加料理單⑽轉取—纽Hx對欲委外紙 一=料庫祕廠商進行維修的-資料庫,進行與加密_ 2:理’以仔到一委外資料庫。其中,該加密處理單元包 貧料庫分割模組、一資料加密運算模組’及-委外資 =庫提t模組。該資料庫分割模組用以對該資料庫進行分 u'J,以付到複數資料段。.#杳# 4 6 π & °亥貢枓加密運算模組用以根據該 質數,對該等資料段之每—者推—踝忒 料座沾-奴 者進 料加密運算,以得到 對應的複數已加密資料段,其201201031 VI. Description of the invention: [Technical field to which the invention pertains] • The present invention relates to a data security technology, and more particularly to a data security system for processing out of a database. [Previous technology] With the rapid development of information technology, the convenience brought by information technology has been greatly utilized from individuals, enterprises, public institutions and government organizations. However, while enjoying the convenience of information technology, there are also many crises about information security. Among them, the database is often an important asset for each user (individual, corporate, public agency and government organizations). However, the database is inevitably required for maintenance at regular intervals, if the database is outsourcing for maintenance. Assume that its content does not take effective security measures, and once its content is stolen or leaked, it will cause great harm to users. Existing data encryption techniques for the outsourced processing of secure databases, such as those described in Sergei Evdokimov and Oliver Giinther, "Encryption Techniques for Secure Database Outsourcing," are mainly based on exact selection. Encryption techniques are accomplished by projection operations, such as projections and Cartesian products. The present invention aims to provide another data confidentiality system for database outsourcing processing, which is simple in operation and can achieve a certain degree of data security. SUMMARY OF THE INVENTION Accordingly, it is an object of the present invention to provide a data security system for use in database outsourcing 201201031 processing. Therefore, the present invention is applied to a data security system for outsourcing of a database, a packet encryption processing unit, and a decryption processing unit. One - the addition of the food list (10) transfer - New Hx to the external paper - a database secret manufacturer to repair the - database, and encryption _ 2: rationale to a small database. Wherein, the encryption processing unit includes a depletion library partitioning module, a data encryption computing module, and a foreign investment = Kuti t module. The database segmentation module is configured to divide the database into a plurality of data segments. .#杳# 4 6 π & °Higong 枓 cryptographic computing module is used to encrypt the data of each of the data segments according to the prime number. Multiple encrypted data segments,
Ba 、甲3亥貝枓加密運算為與該 質數相關的模運算。該委外 ' 咕 貧枓庫棱供模組用以將包括該The Ba and A3 haibei cryptographic operations are modulo operations associated with the prime number. The outsourcing ' 枓 poor 枓 棱 供 module will be used to include
4已加密資料段的該委外資粗庙 D 安卜育枓庫提供給該資料庫維修廄芮 ’以供其對該委外資料庫進行維修。 ^商 該解密處理單元包括—資料解密運算模組,及 庫還原模組。該資料解密運算模組用以對已維修之該委外 =庫之該等已加密資料段進行資料解密運算 解密的該等資料段。該眘粗成.„ = 于巧匕 箅資則m 遇原模組用以將已解密的該 4貢枓段還原成已維修之該資料庫。 【實施方式】 、有關本發明之前述及其他技術内容、特點與功效’在 以下配合參考圖式之一個較 清楚的呈I 彳圭仏例的相說明中,將可 參_ 1’本發_於資料庫委外處理之資料㈣系統 201201031 1之較佳實施例包含一加密處理單亓n n ^ 平70 11,及—解密處理單元 。遠加密處理單元11包括1料庫分割模⑯川一次 =密運算模组112,及一委外資料庫提供模組該二 在處理早7L 12包括-資料解密運算模組121 還原模組122。 & 0庫 以對:該加密處理單元U之該資料庫分割模組1U用 ^=委外給-資料庫維修廠商2進行維修的—資料庫㈣ 仃刀割,以得到複數資料段該加密處理單元η 2資料加密運算模組112 Μ對料資料段认乂進行 貝料加密運算,以制對應的複數已加密資料段^ 二=處理:元,之該委外資料庫提供模組113用以將包 -已加雄、資料段从,·.·,^的一委外資料庫乃,提供給該 料庫維修廠商2 ’以供其對該委外資料庫㈣行维修/4 The encrypted foreign data section of the committee is provided to the database maintenance 廄芮 ’ for the maintenance of the subcontracted database. The decryption processing unit includes a data decryption operation module and a library restore module. The data decryption operation module is configured to decrypt the decrypted data segments of the encrypted data segments of the subordinate = library that have been repaired. The caution is that the original module is used to restore the decrypted 4 Gongga section to the repaired database. [Embodiment], the foregoing and other related to the present invention Technical content, characteristics and efficacy 'In the following description of a clearer I 彳 彳 参考 参考 参考 参考 , , , _ _ _ _ _ _ _ 于 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ The preferred embodiment comprises an encryption processing unit 亓 ^ 70 70 11, and a decryption processing unit. The far encryption processing unit 11 includes a library partitioning module 16 and a secret computing module 112, and an outsourcing database. The module is provided in the processing 7L 12 includes a data decryption operation module 121 to restore the module 122. The & 0 library is paired: the database segmentation module 1U of the encryption processing unit U is given by ^^ The database maintenance vendor 2 performs the maintenance-repository (4) file cutting to obtain the plurality of data segments. The encryption processing unit η 2 data encryption operation module 112 Μ the data segment identification is performed to perform the shell material encryption operation to determine the corresponding Complex encrypted data segment ^ two = processing: yuan, the committee The external database providing module 113 is configured to provide the package repairing manufacturer 2's for the package-supplemented data and the data segment from the . Library (four) line repair /
D 其中,該解密處理單元12之„料解密運算模組ΐ2ι 用以對已維修之該委外資料庫㈣的該等已加密資料段 W·,凡進行資料解密運算,以得到已解密的㈣資料段 該解密處理單元12之該t料庫還原料12 以將已解密的該等資料段认·. 乂還原成已維修之該資料庫 參閱圖1、圖2與圓3,對應上述較佳實施例,以下配 合一用於資料庫委外處理之資料保密方法,以對該較佳實 施例内之各組件的運作進—步地說明。該資料絲方法包 含下列步驟。 首先,如步驟S31〜S34所示,該加密處理單元u必須 5 201201031 將欲委外給該資料庫維修廠商2 進仃、准修的該貧料庫ο,造 订與加⑧相社處理後,再提供給該料庫維修廠商2β 在步驟如巾,該資料保密系統1選取一質數卜 交佳實施例中,該質數户的位元數大於等於胸位元。 在步驟S32中,該加密處理單元 組111對續資料廑之该資抖庫分割模 對及貧枓庫Z)進灯分割’以得_等資 0 Ά,〜9(ίη 在步驟S33中,該加密處理單元u 模組m隨機產生mz.,二資抖加费運算 P根據该亂數^及步驟S31 所選取的質數P,對該等資料 ’以得到對應的該等已加密資料段”,枓加进運算 :”,該資料加密運算模組112係執行以 、: 該等已加密資料段乃…,…,凡。 以仵到 y> = f(x,dt)(m〇dP) > \<i<n............. 其中,/0代表相關I及4之—預先定義的函式。) =驟S34中,該加密處理單元u之該委外 供模組1U將包括該等已加密f料段^ 拴 庫乃,提供給該資料庫維修廠商2。 ” 〜々資料 繼而,該資料庫維修廠商2係對該委外資料庫 U ’且在維修完成後將已維修之該委 y 料保密系統卜 ^叫供給該資 最後,如步驟S35〜S36所示,該解密處 維修之該委外資料庫㈣行與解餘關之處理後;^ = 已維修的該資料庫D。 原侍到 201201031 在步驟S35巾,該解密處理單元i2之該資料解密運算 '所21根據步驟S33所產生的該說數1及步驟S3i所選取 ’貝數P冑已維修之該委外資料庫β内的該等已加密資料 段W··,凡進行資料解密運算,以得到已解密的豸等資料段 d,<。在本較佳實施例中,該資料解密運算模组⑵係 執行以下式⑺,以得到該等資料段以2,.·乂。 .⑺ d>=f'1 (x, X )(mod P) > U / < „D, the decryption operation module ΐ2ι of the decryption processing unit 12 is used to decrypt the encrypted data segments W· of the repaired external database (4) to obtain the decrypted (4) The data segment of the decryption processing unit 12 further includes a material 12 to restore the decrypted data segment to the repaired database. Referring to FIG. 1, FIG. 2 and circle 3, corresponding to the above preferred The following is a description of the operation of the components in the preferred embodiment in conjunction with a data privacy method for database outsourcing processing. The data method includes the following steps. First, as in step S31. ~S34, the encryption processing unit u must be 5 201201031 to be sent to the database repair vendor 2, the quasi-repair of the poor library ο, the book and the plus 8 community processing, and then provide to the The database maintenance manufacturer 2β is in the step of the data security system 1 selects a prime number, and the number of bits of the prime number is greater than or equal to the chest bit. In step S32, the encryption processing unit group 111 Continued data The modulo pair and the barren library Z) enter the lamp segmentation _ _ equals 0 Ά, ~9 (ίη in step S33, the cryptographic processing unit u module m randomly generates mz., the second volatility plus fee operation P according to The random number ^ and the prime number P selected in step S31, the data "to obtain the corresponding encrypted data segments", and the addition operation:", the data encryption operation module 112 is executed by: The encrypted data segment is ...,..., where. 仵 to y> = f(x,dt)(m〇dP) >\<i<n............. Wherein, /0 represents a predefined function of the relevant I and 4.) = In step S34, the outsourcing module 1U of the encryption processing unit u will include the encrypted f segments. Provided to the database repair vendor 2. ” 々 々 继 , , , 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 对该 对该 对该 对该 对该 对该 对该 对该 对该 对该 对该 对该 对该 对该 对该 对该 对该 对该 对该 对该 对该Finally, as shown in steps S35 to S36, the subcontracted database (4) of the decryption service is processed and the solution is solved; ^ = the database D has been repaired. In the step S35, the data decryption operation of the decryption processing unit i2 is selected according to the number 1 and the step S3i generated in step S33. The encrypted data segments W in the β are subjected to data decryption operations to obtain the decrypted data segments d, <. In the preferred embodiment, the data decryption operation module (2) executes the following equation (7) to obtain the data segments by 2, . .(7) d>=f'1 (x, X )(mod P) > U / < „
其中,广沁代表該函式的一反函式。 在步驟S36 t,該解密處理單元12之該資料庫還原模 組122冑已解密的該等資料段«,..乂還原成已維修之該資 料庫Z)。 貝 综上所述,本發明藉由簡易的模(modulo)運算,使 得欲委外處理之資料庫㈣内容可達到—絲度的資料保密 及安全性,故確實能達成本發明之目的。 准以上所述者’僅為本發明之較佳實施例而已,當不 能以此限定本發明實施之範圍,即大凡依本發明中請專利 範圍及發明說明内容所作之簡單的等效變化與修飾,皆仍 屬本發明專利涵蓋之範圍内。 【圖式簡單說明】 •圖1是―方塊圖,說明本發明用於資料庫委外處理之 資料保密系統之一較佳實施例; 圖2是-流程圖,說明在該較佳實施例中,由一加密 處理單元所執行的步驟;及 圖3是一流程圖,說明在該較佳實施例中,由一解密 7 201201031 處理單元所執行的步驟。 201201031 【主要元件符號說明】 1 ···· …貿料保雄糸統 12·· 11 ••… ••…加密處理單元 121 111 ........資料庫分割模組 組 112 ........資料加密運算模 122 113 ........委外資料庫提供 S31〜S36 · 模組 解密處理單元 資料解密運算模 資料庫還原模組 資料庫維修薇商 步驟Among them, Hirose represents an inverse of this function. In step S36 t, the database restoration module 122 of the decryption processing unit 12 restores the decrypted data segments «, .. 乂 to the repaired library Z). In summary, the present invention achieves the object of the present invention by simple modulo operation, so that the content of the database (4) to be processed outside can achieve the confidentiality and security of the silkiness. The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, that is, the simple equivalent changes and modifications made in the scope of the patent and the description of the invention in the present invention. All remain within the scope of the invention patent. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram showing a preferred embodiment of a data security system for database outsourcing processing; FIG. 2 is a flow chart illustrating the preferred embodiment. The steps performed by an encryption processing unit; and FIG. 3 is a flow chart illustrating the steps performed by a decryption unit 7 201201031 processing unit in the preferred embodiment. 201201031 [Description of main component symbols] 1 ···· ... 贸 糸 12 12·· 11 ••... ••... Encryption processing unit 121 111 ........Database segmentation module group 112 .. ......Data Encryption Operation Module 122 113 ........External Database Provides S31~S36 · Module Decryption Processing Unit Data Decryption Operation Module Database Restore Module Database Maintenance Weishang Step
99