CN106790152A - A kind of database transmissions encryption method - Google Patents
A kind of database transmissions encryption method Download PDFInfo
- Publication number
- CN106790152A CN106790152A CN201611241032.6A CN201611241032A CN106790152A CN 106790152 A CN106790152 A CN 106790152A CN 201611241032 A CN201611241032 A CN 201611241032A CN 106790152 A CN106790152 A CN 106790152A
- Authority
- CN
- China
- Prior art keywords
- ports
- client
- packet
- server
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of database transmissions encryption method, comprises the following steps:A) forms server and drives;B) forms client and drives;C) clients driving judges whether the flow at connection server end is X ports;D) servers drive whether the packet after judging encryption is X ports;E) server end judges whether port is X ports to the packet for needing to return to client;f)Client determines whether X ports to the packet that server is returned.Database transmits encryption method in addition to meeting the function that data are encrypted in network transmission, the network environment of client need not be changed, also without the client and server program that modification client has been carried out, the data that the driving needed only in client and server end loading data encrypting and deciphering is capable of achieving to access database are encryption in network transmission, it is ensured that the security of data.
Description
Technical field
The present invention relates to field of data encryption, and in particular to a kind of database transmissions encryption method.
Background technology
Database transmissions cipher mode conventional on the market is carried out by the way of ssl connections at present, what this needed
Be early stage to programming when just employ the connected mode of ssl and carry out, and do not considered if the programming initial stage
Using ssl encryption connection modes, and common connected mode is used, the complexity of later stage modification program will be very big.Using ssl
Connected mode also needs to configure key, and complexity is also very big.The scheme for solving this problem on the market at present is mostly in
Between add the encryption gateway of physics, it is necessary to increase an equipment and relatively costly.It is encrypted for database in the prior art
Many encryption gateways using one physics of addition are realized, although and any code for changing server and client side need not be sought with regard to energy
Transmission encryption is realized, but it is relatively costly, and need to be concatenated on network, once gateway goes wrong, whole database connection
May break.
The content of the invention
The present invention in order to overcome the shortcomings of above technology, there is provided it is a kind of need not additionally increase new physical equipment, into
This is low, the simple database transmissions encryption method of implementation.
The present invention overcomes the technical scheme that its technical problem is used to be:
A kind of database transmissions encryption method, comprises the following steps:
A) will form server and drive in netfilter hooks drive load to server linux system kernel;
B) clients form client and drive using API HOOK modes load driver;
C) clients driving judges whether the flow at connection server end is X ports, if X ports, client drives and will grab
The packet inclusion got is encrypted using AES, is then directly let pass if not X ports;
D) servers drive whether the packet after judging encryption is X ports, if server is driven the inclusion of packet
It is decrypted according to decipherment algorithm corresponding with AES, is then directly let pass if not X ports;
E) server end judges whether port is X ports to the packet for needing to return to client, if server driving is right
Packet inclusion is encrypted using AES, is then directly let pass if not X ports;
f)Client determines whether X ports to the packet that server is returned, if client drives being calculated according to encryption
Method relative to decipherment algorithm be decrypted, then directly let pass if not X ports.
Port x is any one port of 1024-65535 range intervals.
Above-mentioned AES is carried out by the way of tea encryptions, and encryption key is a fixed key value.
Above-mentioned AES is encrypted using DES modes.
The beneficial effects of the invention are as follows:Database transmits encryption method except meeting what data were encrypted in network transmission
Outside function, it is not necessary to change the network environment of client, it is not required that the client and server program that modification client has been carried out,
The driving needed only in client and server end loading data encrypting and deciphering is capable of achieving the data for accessing database in network
It is encryption in transmission, it is ensured that the security of data.
Specific embodiment
The present invention will be further described below.
A kind of database transmissions encryption method, comprises the following steps:
A) will form server and drive in netfilter hooks drive load to server linux system kernel, netfilter
Hook is driven in drive load to linux system kernel using insmod.B) clients load drive using API HOOK modes
Dynamic to form client driving, the send functions of socket and recv functions can be carried out HOOK by driver.API HOOK technologies
It is a kind of technology for changing API implementing results, Microsoft itself has also used this inside Windows operating system
Individual technology, such as Windows compatibility modes.C) clients driving judges whether the flow at connection server end is X ports, such as
Fruit is X ports, and client drives the packet inclusion that will be grabbed to be encrypted using AES, if not X ports then
Directly let pass.D) servers drive whether the packet after judging encryption is X ports, if server is driven packet
Inclusion be decrypted according to decipherment algorithm corresponding with AES, then directly let pass if not X ports.E) server end
Packet to needing to return to client judges whether port is X ports, if server drives being used to packet inclusion
AES is encrypted, and is then directly let pass if not X ports.f)Client judges whether to the packet that server is returned
Be X ports, if client drive according to AES relative to decipherment algorithm be decrypted, if not X ports
Then directly let pass.Wherein client carries out not all packet in encryption process to packet and is required for delaying
Deposit, just needs remove its packet header only to meet the packet of X ports, inclusion is extracted and is cached, the inclusion of caching
Encryption and decryption is carried out according to enciphering and deciphering algorithm, while the inclusion in former message is replaced, by packet accept.Wherein server logarithm
Not all packet in encryption process is carried out according to bag to be required for being cached, only meet the packet of X ports
Need inclusion to be extracted the removal of its packet header and cached, the inclusion of caching carries out encryption and decryption according to enciphering and deciphering algorithm, together
When replace inclusion in former message, by packet accept.In addition to meeting the function that data are encrypted in network transmission, it is not required to
Change the network environment of client, it is not required that the client and server program that modification client has been carried out, it is thus only necessary to
The data that the driving that client and server end loads data encrypting and deciphering is capable of achieving to access database are to add in network transmission
Close, it is ensured that the security of data.
Further, port x is any one port of 1024-65535 range intervals.To the emphasis of the encryption and decryption of packet
Be it is reversible, therefore AES using tea encryption by the way of carry out, encryption key is a fixed key value.If will letter
Single encryption and decryption mode, AES also can carry out encryption and decryption using DES modes.
Claims (4)
1. a kind of database transmissions encryption method, it is characterised in that:Comprise the following steps:
A) will form server and drive in netfilter hooks drive load to server linux system kernel;
B) clients form client and drive using API HOOK modes load driver;
C) clients driving judges whether the flow at connection server end is X ports, if X ports, client drives and will grab
The packet inclusion got is encrypted using AES, is then directly let pass if not X ports;
D) servers drive whether the packet after judging encryption is X ports, if server is driven the inclusion of packet
It is decrypted according to decipherment algorithm corresponding with AES, is then directly let pass if not X ports;
E) server end judges whether port is X ports to the packet for needing to return to client, if server driving is right
Packet inclusion is encrypted using AES, is then directly let pass if not X ports;
f)Client determines whether X ports to the packet that server is returned, if client drives being calculated according to encryption
Method relative to decipherment algorithm be decrypted, then directly let pass if not X ports.
2. database transmissions encryption method according to claim 1, it is characterised in that:Port x is 1024-65535 scopes
Interval any one port.
3. database transmissions encryption method according to claim 1, it is characterised in that:The AES is added using tea
Close mode is carried out, and encryption key is a fixed key value.
4. database transmissions encryption method according to claim 1, it is characterised in that:The AES uses DES side
Formula is encrypted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611241032.6A CN106790152A (en) | 2016-12-29 | 2016-12-29 | A kind of database transmissions encryption method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611241032.6A CN106790152A (en) | 2016-12-29 | 2016-12-29 | A kind of database transmissions encryption method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106790152A true CN106790152A (en) | 2017-05-31 |
Family
ID=58924027
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611241032.6A Pending CN106790152A (en) | 2016-12-29 | 2016-12-29 | A kind of database transmissions encryption method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106790152A (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105022966A (en) * | 2015-07-21 | 2015-11-04 | 郭俊雄 | Database data encryption and decryption method and system |
CN106131207A (en) * | 2016-08-03 | 2016-11-16 | 杭州安恒信息技术有限公司 | A kind of method and system bypassing audit HTTPS packet |
-
2016
- 2016-12-29 CN CN201611241032.6A patent/CN106790152A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105022966A (en) * | 2015-07-21 | 2015-11-04 | 郭俊雄 | Database data encryption and decryption method and system |
CN106131207A (en) * | 2016-08-03 | 2016-11-16 | 杭州安恒信息技术有限公司 | A kind of method and system bypassing audit HTTPS packet |
Non-Patent Citations (1)
Title |
---|
巫钟兴: "《一种数据加密传输方案的设计与实现》", 《北京化工大学学报(自然科学版)》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9917812B2 (en) | Inline inspection of security protocols | |
JP2022023942A (en) | Client to cloud or remote server secure data or file object encryption gateway | |
CN101141244B (en) | Network enciphered data virus detection and elimination system and proxy server and method | |
US8984268B2 (en) | Encrypted record transmission | |
CA2467988A1 (en) | System and method for initiating secure network connection from a client to a network host | |
CN205389215U (en) | PLC data acquisition and encryption and decryption system based on two net gapes | |
US8281122B2 (en) | Generation and/or reception, at least in part, of packet including encrypted payload | |
EP2846509B1 (en) | Tls protocol extension | |
CN110798316A (en) | Encryption key generation method, decryption key generation method, encryption key generation program, decryption key generation program, and decryption program | |
CN110266485B (en) | Internet of things safety communication control method based on NB-IoT | |
WO2005057841A1 (en) | The method for generating the dynamic cryptogram in network transmission and the method for transmitting network data | |
CN104009841B (en) | A kind of message encryption method under instant messaging situation | |
CN102780702A (en) | System and method for document security transmission | |
Zibideh et al. | Modified data encryption standard encryption algorithm with improved error performance and enhanced security in wireless fading channels | |
CN104735094A (en) | Information separation based data security transmission system and method | |
CN107276996A (en) | The transmission method and system of a kind of journal file | |
KR20140091221A (en) | Security apparatus for decrypting data encrypted according to the web security protocol and operating method thereof | |
CN110768958B (en) | IPv4 data encryption method and IPv4 data decryption method | |
CN106790152A (en) | A kind of database transmissions encryption method | |
Huang et al. | The Research of VPN on WLAN | |
CN108111515B (en) | End-to-end secure communication encryption method suitable for satellite communication | |
CN108809888B (en) | Safety network construction method and system based on safety module | |
CN108566270B (en) | Novel encryption method using double block cipher | |
CN202713365U (en) | System for network data stream hardware encryption | |
Iyappan et al. | Pluggable encryption algorithm in secure shell (SSH) protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |
|
RJ01 | Rejection of invention patent application after publication |