WO2015050361A1 - 데이터 컬럼 암호화 장치 및 방법 - Google Patents
데이터 컬럼 암호화 장치 및 방법 Download PDFInfo
- Publication number
- WO2015050361A1 WO2015050361A1 PCT/KR2014/009187 KR2014009187W WO2015050361A1 WO 2015050361 A1 WO2015050361 A1 WO 2015050361A1 KR 2014009187 W KR2014009187 W KR 2014009187W WO 2015050361 A1 WO2015050361 A1 WO 2015050361A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- column
- data
- backup
- encryption
- original table
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
- G06F11/1451—Management of the data involved in backup or backup restore by selection of backup contents
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
- G06F16/2379—Updates performed during online database operations; commit processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/80—Database-specific techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/805—Real-time
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/84—Using snapshots, i.e. a logical point-in-time copy of the data
Definitions
- the present invention relates to an apparatus and method for encrypting data columns, and more particularly, to an apparatus and method for encrypting columns of data written in a table form.
- the database includes indexes, constraints (Primary Key: PK, Foreign Key: FK, etc.), along with actual data constituting personal information such as social security numbers, addresses, and telephone numbers.
- the database administrator selects a target table and a target field of the target table from among the tables stored in the database and the fields of each table according to the privacy protection law.
- the selected target table and target fields of the target table are encrypted.
- the existing encryption technique may cause a conflict with other related tables or destroy the relationship due to constraints depending on the database, and even after encryption, indexes may be used to retrieve internal information or change the system, thereby causing a serious risk. There is a problem that occurs.
- Korean Laid-Open Patent Publication No. 2006-0087103 discloses an index column encryption method having a configuration in which an index of a column to be encrypted is removed and then the column is encrypted, and the index is regenerated for the encrypted column.
- This method of encrypting index columns has the advantage that security can be enhanced when encrypting an index or a column that has PKs set. There is a problem that is broken or data of the original table is lost. In addition, since encryption is performed while maintaining the attributes of the data of the table, there is a problem in that the data length cannot be changed due to the encryption scheme.
- An object of the present invention is to provide an apparatus and method for encrypting data columns that can adaptively cope with an encryption technique used when encrypting a data column, and can cope with an error situation that may occur during an encryption process. .
- Another technical problem to be solved by the present invention is a program for executing a data column encryption method on a computer that can adaptively cope with an encryption technique used when encrypting a column, and can cope with an error situation that may occur during encryption.
- a computer-readable recording medium for recording the data To provide a computer-readable recording medium for recording the data.
- an apparatus for encrypting a data column includes: a schema query unit for querying a schema of an original table which is a data table to be encrypted in a database in which a plurality of data tables are stored; Generate schema information of the backup table based on the schema of the original table, create the backup table using the schema information of the backup table, copy the data of the original table to the backup table, and back up to the original table.
- a backup execution unit for changing the original table by adding columns, deactivating constraints included in the changed original table, and copying original columns included in the changed original table to the backup column; And an encryption unit for encrypting data of an encryption target column, which is a column to be encrypted in the changed original table, and writing the data in each field of the original column of the changed original table.
- encryption of the data of the column to be encrypted is completed, the backup column is deleted from the changed original table and the constraint is activated.
- a data column encryption method comprising: a schema query step of querying a schema of an original table which is a data table to be encrypted in a database in which a plurality of data tables are stored; A backup table generation step of generating schema information of a backup table based on the schema of the original table, generating the backup table using the schema information of the backup table, and copying data of the original table to the backup table; Altering the original table by adding a backup column to the original table, deactivating the constraints included in the changed original table, and then copying the original columns included in the changed original table to the backup column step; An encryption step of encrypting data of an encryption target column, which is a column to be encrypted in the changed original table, and writing the data in each field of the original column of the changed original table; And a constraint activation step of deleting a backup column from the changed original table and activating a constraint upon completion of encryption of data of the encryption target column.
- the stability of the encryption process can be improved by creating a backup table for the original table and then encrypting the data column while not removing the index column of the original table.
- the attribute of the data of the column and encrypting it it is possible to adapt adaptively to the encryption technique used when encrypting the column.
- FIG. 1 is a view showing the configuration of a data column encryption apparatus according to the present invention.
- FIG. 2 is a flowchart illustrating a process of performing a preferred embodiment of a data column encryption method according to the present invention.
- FIG. 1 is a diagram showing the configuration of a data column encryption apparatus according to the present invention.
- the data column encryption apparatus 100 includes a schema inquiry unit 110, a backup execution unit 120, an encryption unit 130, and an index generation unit 140.
- the schema inquiry unit 110 inquires the schema of the original table which is a data table to be encrypted among a plurality of data tables stored in the database 200 or 200. Queries of these original table schemas include table script queries, index script queries, and constraint script queries. In this case, the schema query unit 110 may store the schema query result in a storage unit (not shown) included in the data column encryption apparatus 100 according to the present invention.
- the schema of the original table may already be stored in the database 200 or may be generated from the data table by the schema query unit 110.
- Tables 1 to 3 each include a department code and a department name of a specific company. In the case of the department information table, the schema information of the original table, the data of the original table, and the database 200 index are described.
- Tables 4 to 6 describe schema information of the original table, data of the original table, and the database 200 index when the original table is an employee information table in which employee information of a specific company is described.
- the backup performing unit 120 generates schema information of the backup table based on the schema of the inquired original table.
- the backup execution unit 120 creates a backup table using the generated schema information of the backup table and then copies the data of the original table to the backup table.
- a database index for the backup table is generated. In this case, an index starting with 'SYS_' is generated in the database 200, and the remaining indexes are generated by the backup performing unit 120.
- Tables 7 and 8 describe the indexes created in the database 200 after the backup of the department information table and after the backup of the department information table and the employee information table, respectively.
- the backup execution unit 120 disables the constraint including the PK, FK, Unique, and index of the original table (Disable), and the index starting with SYS_C, which is an index assigned by the database 200, is the database 200 Is deleted automatically.
- Table 9 describes the index table stored in the database 200 after the deletion of the index beginning with SYS_C.
- the backup execution unit 120 changes the original table by adding a backup column to the original table, and copies the value of the column whose attribute is to be changed among the original columns of the changed original table to the corresponding backup column.
- Table 10 and Table 11 list the schema information of the department information table and the employee information table after the addition of the backup column, respectively.
- Tables 12 and 13 list the department information table and the employee information table after the addition of the backup column, respectively. It is.
- the backup execution unit 120 deletes data of a column whose attribute is changed from the changed original table. This is because changing the column attribute requires emptying the data of the column whose attribute is changed.
- the attribute of the 'number' column is changed from INTEGER to CHAR.
- the data in the 'number' column is deleted.
- the backup performing unit 120 encrypts data in the data format of the encryption target column (for example, company number, department code, social security number, and phone number) among the columns of the changed original table. Change to the format corresponding to.
- the backup execution unit 120 changes the data type of the column to be encrypted to VARCHAR2 (24 bytes), and the change is performed in the schema table. Is written on.
- the encryption unit 130 encrypts data of an encryption target column, which is a column to be encrypted in the changed original table, and writes the data in each field of the original column of the changed original table. In this case, if the default value is set in the column, the encryption unit 130 also encrypts the default value.
- the encryption unit 130 may use a known encryption method for encrypting the data of the column to be encrypted. Encryption techniques are well known to those of ordinary skill in the art, and thus detailed descriptions thereof will be omitted.
- the backup execution unit 120 is a backup column (ie, 'company number_BAK', 'department code_BAK', Delete the 'Phone Number_BAK' and 'Resident Number_BAK' columns, and enable the constraint.
- the index generator 140 generates an index of the index table after encryption of the data of the column to be encrypted is completed.
- the database 200 automatically deletes the index when the constraint is deactivated. Therefore, the index needs to be regenerated after encryption is completed.
- the index generator 140 since the index corresponding to the number 4 and the social security number is an index starting with SYS_C, the index generator 140 regenerates the index corresponding to the number 4 and the social security number.
- the index generator 140 since the index generator 140 regenerates an index after encryption of data of an encryption target column is completed.
- the index generator 140 does not need to separately create the index.
- the backup execution unit 120 deletes the backup table. If an error occurs in the encryption process for the changed original table, the encryption process is performed again after restoring the original table based on the backup table. At this time, the encryption process for the changed original table means the entire process from deactivating the constraint of the original table to activating the constraint of the changed original table. If an error occurs during the encryption process, the original table is restored and then restored. The encryption process is performed.
- FIG. 2 is a flowchart illustrating a process of performing a preferred embodiment of a data column encryption method according to the present invention.
- the schema inquiry unit 110 inquires a schema of an original table which is a data table to be encrypted among a plurality of data tables stored in the database 200 (S200).
- the backup performing unit 120 generates schema information of the backup table based on the schema of the inquired original table (S210).
- the backup execution unit 120 generates a backup table using the generated schema information of the backup table and then copies the data of the original table to the backup table (S220).
- the backup execution unit 120 disables the constraints including the PK, FK, Unique, and index of the original table (S230). At this time, an index starting with SYS_C, which is an index assigned by the database 200, is automatically deleted by the database 200.
- the backup execution unit 120 changes the original table by adding a backup column to the original table (S240).
- the backup execution unit 120 copies the value of the column whose attribute is to be changed from the columns of the original table corresponding to the added backup column to the backup column (S250).
- the backup execution unit 120 deletes the data of the column whose property is changed from the changed original table, and encrypts the data format of the encryption target column to be encrypted among the columns of the changed original table. Change to a format corresponding to the technique (S260).
- the encryption unit 130 encrypts data of an encryption target column, which is a column to be encrypted in the changed original table, and writes the data in each field of the original column of the changed original table (S270).
- the backup execution unit 120 deletes the backup column from the changed original table, and activates the constraint (S280).
- step S290 refers to the entire process from deactivating the constraints of the original table in step S230 to activating the constraints of the changed original table in step S280. Will perform the steps.
- step S320 may be performed before step S300.
- the invention can also be embodied as computer readable code on a computer readable recording medium.
- the computer-readable recording medium includes all kinds of recording devices in which data that can be read by a computer system is stored. Examples of computer-readable recording media include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage, and the like, and may also be implemented in the form of a carrier wave (for example, transmission over the Internet). Include.
- the computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Quality & Reliability (AREA)
- Medical Informatics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
Description
컬럼명 | ID | PK | Null? | 데이터 형식 | 디폴트 | 히스토그램 | Num 식별자 |
부서명 | 2 | Y | VARCHAR2 (50Byte) | None | |||
부서코드 | 1 | 1 | N | CHAR (1Byte) | None |
부서코드 | 부서명 |
1 | 개발팀 |
2 | 지원팀 |
인덱스 | 스키마 | 테이블 스키마 | 테이블명 | 테이블 공간 |
DEPT_PK | EXAMPLE | EXAMPLE | DEPT | USERS |
SYS_IL0000095871C00036$$ | EXAMPLE | EXAMPLE | TOAD_PLAN_TABLE | USERS |
컬럼명 | ID | PK | Null? | 데이터 형식 | 디폴트 | 히스토그램 | Num 식별자 |
부서코드 | 2 | Y | CHAR (1Byte) | 1 | None | ||
사번 | 1 | 1 | N | INTEGER | None | ||
전화번호 | 4 | Y | VARCHAR2 (13Byte) | None | |||
주민번호 | 3 | Y | VARCHAR2 (14Byte) | None |
사번 | 부서코드 | 주민번호 | 전화번호 |
1000 | 1 | 820101-1234567 | 010-1234-5678 |
1001 | 2 | 830201-2345678 | 010-2345-6789 |
1002 | 1 | 840301-1234567 | 010-3456-7890 |
인덱스 | 스키마 | 테이블 스키마 | 테이블명 | 테이블 공간 |
DEPT_PK | EXAMPLE | EXAMPLE | DEPT | USERS |
SYS_C0019951 | EXAMPLE | EXAMPLE | EMPLOYEE | USERS |
SYS_C0019952 | EXAMPLE | EXAMPLE | EMPLOYEE | USERS |
SYS_IL0000095871C00036$$ | EXAMPLE | EXAMPLE | TOAD_PLAN_TABLE | USERS |
인덱스 | 스키마 | 테이블 스키마 | 테이블명 | 테이블 공간 |
DEPT_BAK_PK | EXAMPLE | EXAMPLE | DEPT_BAK | USERS |
DEPT_PK | EXAMPLE | EXAMPLE | DEPT | USERS |
SYS_C0019951 | EXAMPLE | EXAMPLE | EMPLOYEE | USERS |
SYS_C0019952 | EXAMPLE | EXAMPLE | EMPLOYEE | USERS |
SYS_IL0000095871C00036$$ | EXAMPLE | EXAMPLE | TOAD_PLAN_TABLE | USERS |
인덱스 | 스키마 | 테이블 스키마 | 테이블명 | 테이블 공간 |
DEPT_BAK_PK | EXAMPLE | EXAMPLE | DEPT_BAK | USERS |
DEPT_PK | EXAMPLE | EXAMPLE | DEPT | USERS |
SYS_C0019951 | EXAMPLE | EXAMPLE | EMPLOYEE | USERS |
SYS_C0019952 | EXAMPLE | EXAMPLE | EMPLOYEE | USERS |
SYS_C0019955 | EXAMPLE | EXAMPLE | EMPLOYEE_BAK | USERS |
SYS_C0019956 | EXAMPLE | EXAMPLE | EMPLOYEE_BAK | USERS |
SYS_IL0000095871C00036$$ | EXAMPLE | EXAMPLE | TOAD_PLAN_TABLE | USERS |
인덱스 | 스키마 | 테이블 스키마 | 테이블명 | 테이블 공간 |
DEPT_BAK_PK | EXAMPLE | EXAMPLE | DEPT_BAK | USERS |
SYS_C0019955 | EXAMPLE | EXAMPLE | EMPLOYEE_BAK | USERS |
SYS_C0019956 | EXAMPLE | EXAMPLE | EMPLOYEE_BAK | USERS |
SYS_IL0000095871C00036$$ | EXAMPLE | EXAMPLE | TOAD_PLAN_TABLE | USERS |
컬럼명 | ID | PK | Null? | 데이터 형식 | 디폴트 | 히스토그램 | Num 식별자 |
부서명 | 2 | Y | VARCHAR2 (50Byte) | None | |||
부서코드 | 1 | 1 | N | CHAR (1Byte) | None | ||
부서코드_BAK | 3 | Y | CHAR (1Byte) | None |
컬럼명 | ID | PK | Null? | 데이터 형식 | 디폴트 | 히스토그램 | Num 식별자 |
부서코드 | 2 | YY | CHAR (1Byte) | 1 | None | ||
부서코드_BAK | 6 | Y | CHAR (1Byte) | None | |||
사번 | 1 | 1 | Y | INTEGER | None | ||
사번_BAK | 5 | INTEGER | None | ||||
전화번호 | 4 | Y | VARCHAR2 (13Byte) | None | |||
전화번호_BAK | 7 | Y | VARCHAR2 (13Byte) | None | |||
주민번호 | 3 | Y | VARCHAR2 (14Byte) | None | |||
주민번호_BAK | 8 | Y | VARCHAR2 (14Byte) | None |
부서코드 | 부서명 | 부서코드_BAK |
1 | 개발팀 | 1 |
2 | 지원팀 | 2 |
사번 | 부서코드 | 주민번호 | 전화번호 | 사번_BAK | 부서코드_BAK | 주민번호_BAK | 전화번호_BAK |
1000 | 1 | 820101-1234567 | 010-1234-5678 | 1000 | 1 | 820101-1234567 | 010-1234-5678 |
1001 | 2 | 830201-2345678 | 010-2345-6789 | 1001 | 2 | 830201-2345678 | 010-2345-6789 |
1002 | 1 | 840301-1234567 | 010-3456-7890 | 1002 | 1 | 840301-1234567 | 010-3456-7890 |
Claims (13)
- 복수 개의 데이터 테이블이 저장되어 있는 데이터베이스에서 암호화를 수행할 데이터 테이블인 원본 테이블의 스키마를 조회하는 스키마 조회부;상기 원본 테이블의 스키마를 기초로 백업 테이블의 스키마 정보를 생성하고, 상기 백업 테이블의 스키마 정보를 이용하여 상기 백업 테이블을 생성한 후 원본 테이블의 데이터를 상기 백업 테이블에 복사하며, 상기 원본 테이블에 백업 컬럼을 추가하여 상기 원본 테이블을 변경하고, 상기 변경된 원본 테이블에 포함되어 있는 제약 조건을 비활성화한 후 상기 변경된 원본 테이블에 포함되어 있는 원본 컬럼들을 상기 백업 컬럼에 복사하는 백업 수행부; 및상기 변경된 원본 테이블에서 암호화가 수행될 컬럼인 암호화 대상 컬럼의 데이터를 암호화하여 상기 변경된 원본 테이블의 원본 컬럼의 각 필드에 기입하는 암호화부;를 포함하며,상기 백업 수행부는 상기 암호화부에 의해 상기 암호화 대상 컬럼의 데이터에 대한 암호화가 완료되면, 상기 변경된 원본 테이블에서 백업 컬럼을 삭제하고 제약 조건을 활성화하는 것을 특징으로 하는 데이터 컬럼 암호화 장치.
- 제 1항에 있어서,상기 제약 조건의 활성화 이후에, 상기 제약 조건의 비활성화시에 상기 데이터베이스에 의해 삭제된 인덱스를 재생성하는 인덱스 생성부를 더 포함하는 것을 특징으로 하는 데이터 컬럼 암호화 장치.
- 제 2항에 있어서,상기 인덱스 생성부는 상기 제약 조건의 활성화 이후에, 함수 기반 인덱스와 도메인 인덱스를 재생성하는 것을 특징으로 하는 데이터 컬럼 암호화 장치.
- 제 1항 또는 제 2항에 있어서,상기 백업 수행부는 상기 변경된 원본 테이블로부터 속성이 변경되는 컬럼의 데이터를 삭제하고, 상기 암호화 대상 컬럼의 데이터 형식을 데이터의 암호화를 수행할 암호화 기법에 대응하는 형식으로 변경하는 특징으로 하는 데이터 컬럼 암호화 장치.
- 제 1항 또는 제 2항에 있어서,상기 스키마 조회부는 상기 원본 테이블에 대응하여 테이블 스크립트, 인덱스 스크립트 및 제약조건 스크립트를 조회하는 것을 특징으로 하는 데이터 컬럼 암호화 장치.
- 제 1항 또는 제 2항에 있어서,상기 암호화부는 상기 암호화 대상 컬럼에 설정되어 있는 디폴트 값을 암호화하는 것을 특징으로 하는 데이터 컬럼 암호화 장치.
- 제 1항 또는 제 2항에 있어서,상기 백업 수행부는 상기 암호화부에 의해 상기 암호화 대상 컬럼의 데이터에 대한 암호화가 완료된 이후에 상기 백업 테이블을 삭제하는 것을 특징으로 하는 데이터 컬럼 암호화 장치.
- 복수 개의 데이터 테이블이 저장되어 있는 데이터베이스에서 암호화를 수행할 데이터 테이블인 원본 테이블의 스키마를 조회하는 스키마 조회 단계;상기 원본 테이블의 스키마를 기초로 백업 테이블의 스키마 정보를 생성하고, 상기 백업 테이블의 스키마 정보를 이용하여 상기 백업 테이블을 생성한 후 원본 테이블의 데이터를 상기 백업 테이블에 복사하는 백업 테이블 생성 단계;상기 원본 테이블에 백업 컬럼을 추가하여 상기 원본 테이블을 변경하고, 상기 변경된 원본 테이블에 포함되어 있는 제약 조건을 비활성화한 후 상기 변경된 원본 테이블에 포함되어 있는 원본 컬럼들을 상기 백업 컬럼에 복사하는 원본 테이블 변경 단계;상기 변경된 원본 테이블에서 암호화가 수행될 컬럼인 암호화 대상 컬럼의 데이터를 암호화하여 상기 변경된 원본 테이블의 원본 컬럼의 각 필드에 기입하는 암호화 단계; 및상기 암호화 대상 컬럼의 데이터에 대한 암호화가 완료되면, 상기 변경된 원본 테이블에서 백업 컬럼을 삭제하고 제약 조건을 활성화하는 제약 조건 활성화 단계;를 포함하는 것을 특징으로 하는 데이터 컬럼 암호화 방법.
- 제 8항에 있어서,상기 제약 조건의 활성화 이후에, 상기 제약 조건의 비활성화시에 상기 데이터베이스에 의해 삭제된 인덱스를 재생성하는 인덱스 생성 단계를 더 포함하는 것을 특징으로 하는 데이터 컬럼 암호화 방법.
- 제 8항 또는 제 9항에 있어서,상기 원본 테이블 변경 단계에서, 상기 변경된 원본 테이블로부터 속성이 변경되는 컬럼의 데이터를 삭제하고, 상기 암호화 대상 컬럼의 데이터 형식을 데이터의 암호화를 수행할 암호화 기법에 대응하는 형식으로 변경하는 특징으로 하는 데이터 컬럼 암호화 방법.
- 제 8항 또는 제 9항에 있어서,상기 암호화 단계에서, 상기 암호화 대상 컬럼에 설정되어 있는 디폴트 값을 암호화하는 것을 특징으로 하는 데이터 컬럼 암호화 방법.
- 제 8항 또는 제 9항에 있어서,상기 암호화 대상 컬럼의 데이터에 대한 암호화가 완료된 이후에 상기 백업 테이블을 삭제하는 단계를 더 포함하는 것을 특징으로 하는 데이터 컬럼 암호화 방법.
- 제 8항 또는 제 9항에 기재된 데이터 컬럼 암호화 방법을 컴퓨터에서 실행시키기 위한 프로그램을 기록한 컴퓨터로 읽을 수 있는 기록매체.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/026,378 US9892277B2 (en) | 2013-10-01 | 2014-09-30 | Device and method for encoding data column |
JP2016519942A JP6239744B2 (ja) | 2013-10-01 | 2014-09-30 | データカラム暗号化装置および方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130117242A KR101522870B1 (ko) | 2013-10-01 | 2013-10-01 | 데이터 컬럼 암호화 장치 및 방법 |
KR10-2013-0117242 | 2013-10-01 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015050361A1 true WO2015050361A1 (ko) | 2015-04-09 |
Family
ID=52778908
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2014/009187 WO2015050361A1 (ko) | 2013-10-01 | 2014-09-30 | 데이터 컬럼 암호화 장치 및 방법 |
Country Status (4)
Country | Link |
---|---|
US (1) | US9892277B2 (ko) |
JP (1) | JP6239744B2 (ko) |
KR (1) | KR101522870B1 (ko) |
WO (1) | WO2015050361A1 (ko) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9892277B2 (en) | 2013-10-01 | 2018-02-13 | Fasoo.Com Co., Ltd. | Device and method for encoding data column |
CN108475480A (zh) * | 2016-01-15 | 2018-08-31 | 三菱电机株式会社 | 加密装置、加密方法和加密程序 |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6733483B2 (ja) * | 2016-10-07 | 2020-07-29 | 富士通株式会社 | 符号化プログラム、符号化方法および符号化装置 |
KR101983120B1 (ko) * | 2016-11-25 | 2019-05-31 | 주식회사 실크로드소프트 | 데이터베이스의 이중화를 위한 방법 |
US11227065B2 (en) * | 2018-11-06 | 2022-01-18 | Microsoft Technology Licensing, Llc | Static data masking |
US11768701B2 (en) * | 2019-09-17 | 2023-09-26 | Western Digital Technologies, Inc. | Exception analysis for data storage devices |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20010056176A (ko) * | 1999-12-14 | 2001-07-04 | 이계철 | 객체 식별자를 이용한 데이터베이스 복제화 및 동기화 방법 |
KR20060087103A (ko) * | 2005-01-28 | 2006-08-02 | 펜타시큐리티시스템 주식회사 | 인덱스 컬럼 암호화 방법 |
KR20090067342A (ko) * | 2007-12-21 | 2009-06-25 | (주)이글로벌시스템 | 데이터베이스의 컬럼 단위 암호화 작업 시 무중단 구축방법 |
KR20110060674A (ko) * | 2009-11-30 | 2011-06-08 | 한국전자통신연구원 | 위탁 서비스를 위한 데이터의 부분 암복호화 방법 및 그 장치, 그리고 그 데이터의 이용방법 |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5857088A (en) * | 1991-10-24 | 1999-01-05 | Intel Corporation | System for configuring memory space for storing single decoder table, reconfiguring same space for storing plurality of decoder tables, and selecting one configuration based on encoding scheme |
JP2003069535A (ja) * | 2001-06-15 | 2003-03-07 | Mitsubishi Electric Corp | 誤り訂正多重化装置、誤り訂正多重分離装置、これらを用いた光伝送システムおよび誤り訂正多重化伝送方法 |
US10339336B2 (en) * | 2003-06-11 | 2019-07-02 | Oracle International Corporation | Method and apparatus for encrypting database columns |
US7743069B2 (en) * | 2004-09-03 | 2010-06-22 | Sybase, Inc. | Database system providing SQL extensions for automated encryption and decryption of column data |
US7797342B2 (en) * | 2004-09-03 | 2010-09-14 | Sybase, Inc. | Database system providing encrypted column support for applications |
US7827403B2 (en) * | 2005-04-13 | 2010-11-02 | Oracle International Corporation | Method and apparatus for encrypting and decrypting data in a database table |
US9325344B2 (en) * | 2010-12-03 | 2016-04-26 | International Business Machines Corporation | Encoding data stored in a column-oriented manner |
US9274864B2 (en) * | 2011-10-04 | 2016-03-01 | International Business Machines Corporation | Accessing large amounts of data in a dispersed storage network |
KR101522870B1 (ko) | 2013-10-01 | 2015-05-26 | 주식회사 파수닷컴 | 데이터 컬럼 암호화 장치 및 방법 |
-
2013
- 2013-10-01 KR KR1020130117242A patent/KR101522870B1/ko active IP Right Grant
-
2014
- 2014-09-30 WO PCT/KR2014/009187 patent/WO2015050361A1/ko active Application Filing
- 2014-09-30 US US15/026,378 patent/US9892277B2/en active Active
- 2014-09-30 JP JP2016519942A patent/JP6239744B2/ja active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20010056176A (ko) * | 1999-12-14 | 2001-07-04 | 이계철 | 객체 식별자를 이용한 데이터베이스 복제화 및 동기화 방법 |
KR20060087103A (ko) * | 2005-01-28 | 2006-08-02 | 펜타시큐리티시스템 주식회사 | 인덱스 컬럼 암호화 방법 |
KR20090067342A (ko) * | 2007-12-21 | 2009-06-25 | (주)이글로벌시스템 | 데이터베이스의 컬럼 단위 암호화 작업 시 무중단 구축방법 |
KR20110060674A (ko) * | 2009-11-30 | 2011-06-08 | 한국전자통신연구원 | 위탁 서비스를 위한 데이터의 부분 암복호화 방법 및 그 장치, 그리고 그 데이터의 이용방법 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9892277B2 (en) | 2013-10-01 | 2018-02-13 | Fasoo.Com Co., Ltd. | Device and method for encoding data column |
CN108475480A (zh) * | 2016-01-15 | 2018-08-31 | 三菱电机株式会社 | 加密装置、加密方法和加密程序 |
CN108475480B (zh) * | 2016-01-15 | 2021-03-23 | 三菱电机株式会社 | 加密装置、加密方法和保管装置 |
Also Published As
Publication number | Publication date |
---|---|
KR20150038897A (ko) | 2015-04-09 |
JP6239744B2 (ja) | 2017-11-29 |
JP2016537706A (ja) | 2016-12-01 |
US9892277B2 (en) | 2018-02-13 |
US20160246988A1 (en) | 2016-08-25 |
KR101522870B1 (ko) | 2015-05-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2015050361A1 (ko) | 데이터 컬럼 암호화 장치 및 방법 | |
EP2863310B1 (en) | Data processing method and apparatus, and shared storage device | |
US20190303610A1 (en) | On-demand de-identification of data in computer storage systems | |
US10146805B2 (en) | Method and apparatus for database sanitizing | |
US8533489B2 (en) | Searchable symmetric encryption with dynamic updating | |
CN106934298B (zh) | 一种通用数据库透明加密系统 | |
CN103166911B (zh) | 一种版本管理服务器权限管理方法和设备 | |
KR20070109851A (ko) | 난수를 이용하여 권리객체의 보안용 파일식별자를 생성하고활용하는 장치 및 방법 | |
CN102253991B (zh) | Url存储方法、网页过滤方法、装置及系统 | |
CN104598400A (zh) | 一种外设管理的方法、装置及系统 | |
CN104657672A (zh) | 用于对数据安全存档的方法和系统 | |
US9465954B1 (en) | Method and system for tracking masking of data | |
CN103559301A (zh) | 更新数据的方法、数据库触发器和搜索引擎 | |
CN105550306A (zh) | 多副本数据的读写方法及系统 | |
CN109690522A (zh) | 一种基于b+树索引的数据更新方法、装置及存储装置 | |
CN104750729A (zh) | 一种基于日志文件的数据管理方法及数据管理系统 | |
CN102262633B (zh) | 一种面向全文检索的结构化数据安全检索方法 | |
CN103186730B (zh) | 保护.net软件安全的方法和设备 | |
CN110807205A (zh) | 一种文件安全防护方法及装置 | |
KR101767104B1 (ko) | 파일 시스템에 메시지 숨기는 장치 및 방법 | |
CN104699720A (zh) | 海量数据融合存储方法及系统 | |
CN110688664B (zh) | 一种块链式账本中的权限管理方法、装置及设备 | |
CN106469281A (zh) | 一种云中数据文件的管理方法、云管理点和系统 | |
US9904602B1 (en) | Secure search | |
CN113297210A (zh) | 数据处理方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14851137 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2016519942 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15026378 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14851137 Country of ref document: EP Kind code of ref document: A1 |