CN105740726A - Extended information encryption method and system - Google Patents
Extended information encryption method and system Download PDFInfo
- Publication number
- CN105740726A CN105740726A CN201610071788.4A CN201610071788A CN105740726A CN 105740726 A CN105740726 A CN 105740726A CN 201610071788 A CN201610071788 A CN 201610071788A CN 105740726 A CN105740726 A CN 105740726A
- Authority
- CN
- China
- Prior art keywords
- data
- request
- unit
- extension information
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an extended information encryption method and system. The method comprises the following steps: defining a range of encrypted data; carrying out encryption initialization on historical data in a database according to the defined range of the encrypted data; intercepting a request sent to the database by an application system; and checking whether information of the intercepted request contains defined encrypted data, if the checking result is positive, encrypting or decrypting the request, and if the checking result is negative, ending the interception. The system comprises an encrypted data definition unit and an interception unit, wherein the interception unit is connected with the encrypted data definition unit; and the interception unit further comprises an initialization unit, a judgement unit and an encryption processing unit. According to the extended information encryption method and system, the newly added information can be encrypted on the basis of not changing the original encryption processing program, and the encryption processing is convenient and rapid.
Description
Technical field
The present invention relates to information protection field, extend information ciphering method and system particularly to one.
Background technology
Along with developing rapidly of the Internet and social networks, the Internet unlimited has also brought a lot of beyond thought worry bringing simultaneously easily, such as user data leakage etc., to therefore, the protection of information just being seemed more and more important.And the development along with society, it is necessary to the information of protection has been not limited solely to the user profile of routine, and increasing application system needs the sensitive user information of its maintenance is encrypted.
In prior art, data ciphering and deciphering processes and is directly programmed in service logic, change along with business, application system needs the tables of data for newly increasing or the sensitive information field that newly increases to carry out manual encryption in iteratively faster is developed, or revise existing encryption program, unusual complexity, loaded down with trivial details.
Summary of the invention
The present invention is directed to above-mentioned problems of the prior art, one extension information ciphering method and system are proposed, it is possible to directly extension information is encrypted, it is not necessary to existing encryption program is modified, the information to newly increasing that can complete is encrypted, convenient and swift.
For solving above-mentioned technical problem, the present invention is achieved through the following technical solutions:
The present invention provides a kind of extension information ciphering method, and it comprises the following steps:
S11: definition adds the scope of ciphertext data;
S12: the scope according to adding ciphertext data described in being defined is encrypted initialization for the historical data in data base;
S13: request application system being sent to described data base intercepts;
S14: whether comprising in the information of the described request that inspection is intercepted and add ciphertext data described in being defined, if comprised, it being encrypted or decryption processing, if do not comprised, terminates to intercept.
It is preferred that the scope adding ciphertext data described in being defined in described step S11 includes multilamellar mark, and descending successively identify.
It is preferred that also include between described step S12 and S13:
S15: when application system sends a request to described data base, carries out state judgement, it is determined whether be in init state, if be in, not entering S13, if be not at, entering S13.
Preferably, the information of described request intercepted in described step S14 comprise when adding ciphertext data described in being defined, also include: judge the type of described request, if for reading request of data, then return to described application system to reading after data are decrypted, if asked for write data, then it is sent to described data base after write data being encrypted.
Preferably, also include after described step S14: when described application system be sent to the request of described data base be write data request, and when write data is carried out buffer memory, after the data after encryption are write described data base, by the said write data dump in described buffer memory.
It is preferred that described step S12 also includes after being encrypted initialization: described encrypted initialization is carried out error checking and number of packages confirms.
It is preferred that described step S12 also includes: the historical data encrypted in described data base is decrypted initialization process.
The present invention also provides for a kind of extension information encryption system, comprising:
Add ciphertext data definition unit, for defining the scope adding ciphertext data;
Interception unit, is arranged between application system and data base, and the request for described application system is sent to described data base intercepts;
And described interception unit is connected with the described ciphertext data definition unit that adds, described interception unit farther includes:
Initialization unit, for being encrypted initialization according to the scope adding ciphertext data described in being defined for the historical data in data base;
Identifying unit, for judge whether the information of the described request being intercepted comprises be defined described in add ciphertext data;
Cryptographic processing unit, for being encrypted the data in the information of intercepted described request according to the scope adding ciphertext data described in being defined.
It is preferred that described interception unit also includes: state determination unit, it is used for judging whether described extension information encryption system is in init state.
It is preferred that described interception unit also includes: request type identifying unit, for judging the type of the described request being intercepted.
It is preferred that extension information encryption system also includes: key generator, the key used during for generating, verify encryption.
It is preferred that extension information encryption system also includes: buffer memory clearing cell, for the data in buffer memory are purged.
Compared to prior art, the invention have the advantages that
(1) extension information ciphering method provided by the invention and system, it is possible to not changing on the basis of original encryption treatment system, tables of data or sensitive information to newly increasing are encrypted, it is possible to increase the new confidential information that adds at any time, convenient and swift, simple to operate;
(2) when the information newly increased is encrypted, it is not necessary to original encryption program is modified, in application system iteratively faster is developed, encipheror constantly need not being changed, cost is low, it is achieved speed is fast, go for the encryption of different application systems, highly versatile.
Certainly, the arbitrary product implementing the present invention it is not absolutely required to reach all the above advantage simultaneously.
Accompanying drawing explanation
Below in conjunction with accompanying drawing, embodiments of the present invention are described further:
Fig. 1 is the flow chart of the extension information ciphering method of embodiments of the invention 1;
Fig. 2 is the flow chart of the extension information ciphering method of embodiments of the invention 2;
Fig. 3 is the schematic diagram of the extension information encryption system of embodiments of the invention 3;
Fig. 4 is the schematic diagram of the extension information encryption system of embodiments of the invention 4.
Label declaration: 1-adds ciphertext data definition unit, 2-interception unit, 3-application system, 4-data base;
21-initialization unit, 22-identifying unit, 23-cryptographic processing unit, 24-state determination unit.
Detailed description of the invention
Below embodiments of the invention being elaborated, the present embodiment is carried out under premised on technical solution of the present invention, gives detailed embodiment and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
Embodiment 1:
The extension information ciphering method of the present invention is described in detail by the present embodiment, and its flow chart is as it is shown in figure 1, it comprises the following steps:
S101: definition adds the scope of ciphertext data, the scope adding ciphertext data can be made up of multilamellar mark, and first the descending scope successively identifying encrypted data, as defined tables of data, re-define the data row comprised in this tables of data, both form a descending range of search object;
S102: the scope adding ciphertext data according to being defined is encrypted initialization for the historical data in data base;
S103: between application system and data base, request application system being sent to data base intercepts;
S104: check whether the information of intercepted request comprises be defined add ciphertext data, if comprised, it is encrypted or decryption processing, if do not comprised, terminate to intercept, particularly as follows: whether the tables of data traveled through in intercepted request is within the scope of the encryption being defined, if then do not terminated intercept process, as then continued, determine whether that the data in the request being intercepted arrange whether within the scope of the encryption being defined, if, it being encrypted or decryption processing, if do not existed, terminating to intercept.
Wherein, step S102 specifically includes following steps:
S1021: the scope adding ciphertext data that traversal is defined, obtains the record needing encryption;Specific practice is: adopt the loop control statement of program language to travel through the scope adding ciphertext data obtained from step S101;
S1022: perform data encryption;Specific practice is: carry out the encryption of information by calling AES symmetric cryptography API;
S1023: carry out error checking and number of packages confirmation to adding ciphertext data, specific practice is: carry out bulk lookup unencryption expressly by regular expression, such as, when encrypting for phone number, it is possible to inquire about, by SELECT*FROMtableWHEREphonenumberREGEXP " ^ [1] [35678] [0-9] { 9} $ " order, the existence that whether there is clear data;The comparison adopting log recording bar number judges whether encryption is all successfully completed;
S1024: return whether encrypt success message to user interface.
Embodiment 2:
The present embodiment is on the basis of embodiment 1, also includes between step S102 and S103:
S105: when application system sends a request to data base, carry out state judgement, determine whether to be in init state, if be in encryption data initialization state, do not enter S103, do not carry out follow-up intercept process, if being in state during regular traffic processes, entering S103, carrying out follow-up intercept process.
If system is in encryption data initialization state, then illustrate that the information encryption requirements of extension is carried out historical data encrypted initialization by application system manager, now can close intercept process, because solving secret meeting generation systems mistake and and data corruption for not having the clear data of encryption to carry out intercepting;If system is in regular traffic process state, then illustrates that application system manager is complete in the information encryption requirements of extension historical data encrypted initialization, now can open intercept process, check intercepted request content.
In preferred embodiment, if system is in state during regular traffic processes, and this request comprises be defined when adding ciphertext data, may further comprise: the type judging this request, if reading request of data namely inquire about data, then call after data deciphering algorithm is decrypted for data and return to application system;If write data request and inserted or updated data, then call after DEA is encrypted for internal storage data and be sent to data base.
In preferred embodiment, if application system takes cache policy for write data, then after adding ciphertext data write into Databasce, also include: remove the encryption object instance in buffer memory, to ensure when next time obtains these data being by intercepting and having carried out data deciphering process.
In preferred embodiment, step S102 can also include: is decrypted initialization process for the historical data encrypted in data base, uses when this function is for being become non-encrypted state according to the changes in demand of law or business from encrypted state for some information.
Embodiment 3:
The extension information encryption system of the present invention is described in detail by the present embodiment, and it is for realizing the extension confidence encryption method that embodiment 1 describes, and its schematic diagram is as it is shown on figure 3, comprising: add ciphertext data definition unit 1, be used for defining the scope adding ciphertext data;Interception unit 2, is arranged between application system 3 and data base 4, and the request for application system 3 is sent to data base 4 intercepts;And interception unit 2 is connected with adding ciphertext data definition unit 1, further, interception unit farther includes: initialization unit 21, for being encrypted initialization according to the scope adding ciphertext data described in being defined for the historical data in data base;Identifying unit 22, for judge whether the information of the request being intercepted comprises be defined add ciphertext data;Cryptographic processing unit 23, for being encrypted the data in the information of intercepted request according to the scope adding ciphertext data being defined.
Embodiment 4:
The present embodiment is on the basis of embodiment 1, interception unit 2 adds state determination unit 24, for whether decision-making system is in init state, if being in init state, terminate to intercept, if being not at init state, namely it is in regular traffic process, then proceeds to intercept, then carry out follow-up step.
In preferred embodiment, interception unit 2 also includes: request type identifying unit, for judging the type of the request being intercepted, if reading request of data namely inquire about data, then calls after data deciphering algorithm is decrypted for data and returns to application system;If write data request and inserted or updated data, then call after DEA is encrypted for internal storage data and be sent to data base.
In preferred embodiment, extension information encryption system also includes: key generator, and the key used during for dynamically generating, verify encryption further increases the safety of information.
In preferred embodiment, extension information encryption system also includes: buffer memory clearing cell, for removing the encryption object instance in buffer memory, to ensure when next time obtains these data being by intercepting and having carried out data deciphering process.
Disclosed herein is only the preferred embodiments of the present invention, and these embodiments are chosen and specifically described to this specification, is to explain principles of the invention and practical application better, is not limitation of the invention.The modifications and variations that any those skilled in the art do within the scope of description, all should drop in the scope that the present invention protects.
Claims (12)
1. an extension information ciphering method, it is characterised in that comprise the following steps:
S11: definition adds the scope of ciphertext data;
S12: the scope according to adding ciphertext data described in being defined is encrypted initialization for the historical data in data base;
S13: request application system being sent to described data base intercepts;
S14: whether comprising in the information of the described request that inspection is intercepted and add ciphertext data described in being defined, if comprised, it being encrypted or decryption processing, if do not comprised, terminates to intercept.
2. extension information ciphering method according to claim 1, it is characterised in that add the scope of ciphertext data described in being defined in described step S11 and include multilamellar mark, and descending successively identify.
3. extension information ciphering method according to claim 1, it is characterised in that also include between described step S12 and S13:
S15: when application system sends a request to described data base, carries out state judgement, it is determined whether be in init state, if be in, not entering S13, if be not at, entering S13.
4. extension information ciphering method according to claim 1, it is characterized in that, the information of described request intercepted in described step S14 comprise when adding ciphertext data described in being defined, also include: judge the type of described request, if for reading request of data, then returning to described application system to reading after data are decrypted, if asked for write data, being then sent to described data base after write data being encrypted.
5. extension information ciphering method according to claim 1, it is characterized in that, also include after described step S14: when described application system be sent to the request of described data base be write data request, and when write data is carried out buffer memory, after the data after encryption are write described data base, by the said write data dump in described buffer memory.
6. extension information ciphering method according to claim 1, it is characterised in that described step S12 also includes after being encrypted initialization: described encrypted initialization is carried out error checking and number of packages confirms.
7. extension information ciphering method according to claim 1, it is characterised in that described step S12 also includes: the historical data encrypted in described data base is decrypted initialization process.
8. an extension information encryption system, it is characterised in that including:
Add ciphertext data definition unit, for defining the scope adding ciphertext data;
Interception unit, is arranged between application system and data base, and the request for described application system is sent to described data base intercepts;
And described interception unit is connected with the described ciphertext data definition unit that adds, further, described interception unit includes:
Initialization unit, for being encrypted initialization according to the scope adding ciphertext data described in being defined for the historical data in data base;
Identifying unit, for judge whether the information of the described request being intercepted comprises be defined described in add ciphertext data;
Cryptographic processing unit, for being encrypted the data in the information of intercepted described request according to the scope adding ciphertext data described in being defined.
9. extension information encryption system according to claim 8, it is characterised in that described interception unit also includes: state determination unit, is used for judging whether described extension information encryption system is in init state.
10. extension information encryption system according to claim 8, it is characterised in that described interception unit also includes: request type identifying unit, for judging the type of the described request being intercepted.
11. extension information encryption system according to claim 8, it is characterised in that also include: key generator, the key used during for generating, verify encryption.
12. extension information encryption system according to claim 8, it is characterised in that also include: buffer memory clearing cell, for being purged the data in buffer memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610071788.4A CN105740726B (en) | 2016-02-02 | 2016-02-02 | A kind of extension information ciphering method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610071788.4A CN105740726B (en) | 2016-02-02 | 2016-02-02 | A kind of extension information ciphering method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105740726A true CN105740726A (en) | 2016-07-06 |
| CN105740726B CN105740726B (en) | 2019-01-15 |
Family
ID=56245685
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610071788.4A Expired - Fee Related CN105740726B (en) | 2016-02-02 | 2016-02-02 | A kind of extension information ciphering method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105740726B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113127915A (en) * | 2021-05-12 | 2021-07-16 | 平安信托有限责任公司 | Data encryption desensitization method and device, electronic equipment and storage medium |
| CN113505377A (en) * | 2021-05-25 | 2021-10-15 | 重庆沄析工业互联网有限公司 | Method for integrating SM4 data encryption and decryption technology based on software framework |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101587479A (en) * | 2008-06-26 | 2009-11-25 | 北京人大金仓信息技术股份有限公司 | Database management system kernel oriented data encryption/decryption system and method thereof |
| CN101639882A (en) * | 2009-08-28 | 2010-02-03 | 华中科技大学 | Database security system based on storage encryption |
| CN101819618A (en) * | 2010-03-19 | 2010-09-01 | 杨筑平 | File encryption method |
| CN102193842A (en) * | 2010-03-15 | 2011-09-21 | 成都市华为赛门铁克科技有限公司 | Data backup method and device |
| CN102769622A (en) * | 2012-07-20 | 2012-11-07 | 大唐移动通信设备有限公司 | Method, device and system for synchronization of account numbers |
| US20130227298A1 (en) * | 2008-08-20 | 2013-08-29 | Felica Networks, Inc. | Information processing apparatus, information processing method, information processing program and information processing system |
| CN104657674A (en) * | 2015-01-16 | 2015-05-27 | 北京邮电大学 | Isolation protection system and isolation protection method of private data in mobile phone |
-
2016
- 2016-02-02 CN CN201610071788.4A patent/CN105740726B/en not_active Expired - Fee Related
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101587479A (en) * | 2008-06-26 | 2009-11-25 | 北京人大金仓信息技术股份有限公司 | Database management system kernel oriented data encryption/decryption system and method thereof |
| US20130227298A1 (en) * | 2008-08-20 | 2013-08-29 | Felica Networks, Inc. | Information processing apparatus, information processing method, information processing program and information processing system |
| CN101639882A (en) * | 2009-08-28 | 2010-02-03 | 华中科技大学 | Database security system based on storage encryption |
| CN102193842A (en) * | 2010-03-15 | 2011-09-21 | 成都市华为赛门铁克科技有限公司 | Data backup method and device |
| CN101819618A (en) * | 2010-03-19 | 2010-09-01 | 杨筑平 | File encryption method |
| CN102769622A (en) * | 2012-07-20 | 2012-11-07 | 大唐移动通信设备有限公司 | Method, device and system for synchronization of account numbers |
| CN104657674A (en) * | 2015-01-16 | 2015-05-27 | 北京邮电大学 | Isolation protection system and isolation protection method of private data in mobile phone |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113127915A (en) * | 2021-05-12 | 2021-07-16 | 平安信托有限责任公司 | Data encryption desensitization method and device, electronic equipment and storage medium |
| CN113505377A (en) * | 2021-05-25 | 2021-10-15 | 重庆沄析工业互联网有限公司 | Method for integrating SM4 data encryption and decryption technology based on software framework |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105740726B (en) | 2019-01-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11025415B2 (en) | Cryptographic operation method, method for creating working key, cryptographic service platform, and cryptographic service device | |
| US9917817B1 (en) | Selective encryption of outgoing data | |
| CN104283688B (en) | A kind of USBKey security certification systems and safety certifying method | |
| CN110637301B (en) | Reducing disclosure of sensitive data in virtual machines | |
| US10887085B2 (en) | System and method for controlling usage of cryptographic keys | |
| CN101404056A (en) | Software protection method, apparatus and equipment | |
| CN103246850A (en) | Method and device for processing file | |
| CN111274611A (en) | Data desensitization method, device and computer readable storage medium | |
| CN106992851A (en) | TrustZone-based database file password encryption and decryption method and device and terminal equipment | |
| CN112953974B (en) | Data collision method, device, equipment and computer readable storage medium | |
| CN108416224B (en) | A kind of data encryption/decryption method and device | |
| CN102693597A (en) | Local printing method based on remote bill information and apparatus thereof | |
| CN112788001A (en) | Data encryption-based data processing service processing method, device and equipment | |
| WO2019186554A1 (en) | Method of secure communication among protected containers and system thereof | |
| CN112749412A (en) | Method, system, equipment and storage medium for processing passenger identity information | |
| Eugster et al. | Ensuring confidentiality in the cloud of things | |
| CN106326733A (en) | Method and apparatus for managing applications in mobile terminal | |
| US20240028759A1 (en) | Database access method and apparatus | |
| CN106548351A (en) | A kind of optimization method and terminal of fingerprint payment flow | |
| CN105740726A (en) | Extended information encryption method and system | |
| CN104182691B (en) | data encryption method and device | |
| CN105119917B (en) | Strengthen the method and system of Information Security | |
| US10275604B2 (en) | Security record transfer in a computing system | |
| CN103577771A (en) | Virtual desktop data leakage-preventive protection technology on basis of disk encryption | |
| Lee et al. | Classification and analysis of security techniques for the user terminal area in the internet banking service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190115 Termination date: 20200202 |