CN106790152A - A kind of database transmissions encryption method - Google Patents

A kind of database transmissions encryption method Download PDF

Info

Publication number
CN106790152A
CN106790152A CN201611241032.6A CN201611241032A CN106790152A CN 106790152 A CN106790152 A CN 106790152A CN 201611241032 A CN201611241032 A CN 201611241032A CN 106790152 A CN106790152 A CN 106790152A
Authority
CN
China
Prior art keywords
ports
client
packet
server
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611241032.6A
Other languages
Chinese (zh)
Inventor
马涌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Huaruan Goldencis Software Co Ltd
Original Assignee
Shandong Huaruan Goldencis Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Huaruan Goldencis Software Co Ltd filed Critical Shandong Huaruan Goldencis Software Co Ltd
Priority to CN201611241032.6A priority Critical patent/CN106790152A/en
Publication of CN106790152A publication Critical patent/CN106790152A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A kind of database transmissions encryption method, comprises the following steps:A) forms server and drives;B) forms client and drives;C) clients driving judges whether the flow at connection server end is X ports;D) servers drive whether the packet after judging encryption is X ports;E) server end judges whether port is X ports to the packet for needing to return to client;f)Client determines whether X ports to the packet that server is returned.Database transmits encryption method in addition to meeting the function that data are encrypted in network transmission, the network environment of client need not be changed, also without the client and server program that modification client has been carried out, the data that the driving needed only in client and server end loading data encrypting and deciphering is capable of achieving to access database are encryption in network transmission, it is ensured that the security of data.

Description

A kind of database transmissions encryption method
Technical field
The present invention relates to field of data encryption, and in particular to a kind of database transmissions encryption method.
Background technology
Database transmissions cipher mode conventional on the market is carried out by the way of ssl connections at present, what this needed Be early stage to programming when just employ the connected mode of ssl and carry out, and do not considered if the programming initial stage Using ssl encryption connection modes, and common connected mode is used, the complexity of later stage modification program will be very big.Using ssl Connected mode also needs to configure key, and complexity is also very big.The scheme for solving this problem on the market at present is mostly in Between add the encryption gateway of physics, it is necessary to increase an equipment and relatively costly.It is encrypted for database in the prior art Many encryption gateways using one physics of addition are realized, although and any code for changing server and client side need not be sought with regard to energy Transmission encryption is realized, but it is relatively costly, and need to be concatenated on network, once gateway goes wrong, whole database connection May break.
The content of the invention
The present invention in order to overcome the shortcomings of above technology, there is provided it is a kind of need not additionally increase new physical equipment, into This is low, the simple database transmissions encryption method of implementation.
The present invention overcomes the technical scheme that its technical problem is used to be:
A kind of database transmissions encryption method, comprises the following steps:
A) will form server and drive in netfilter hooks drive load to server linux system kernel;
B) clients form client and drive using API HOOK modes load driver;
C) clients driving judges whether the flow at connection server end is X ports, if X ports, client drives and will grab The packet inclusion got is encrypted using AES, is then directly let pass if not X ports;
D) servers drive whether the packet after judging encryption is X ports, if server is driven the inclusion of packet It is decrypted according to decipherment algorithm corresponding with AES, is then directly let pass if not X ports;
E) server end judges whether port is X ports to the packet for needing to return to client, if server driving is right Packet inclusion is encrypted using AES, is then directly let pass if not X ports;
f)Client determines whether X ports to the packet that server is returned, if client drives being calculated according to encryption Method relative to decipherment algorithm be decrypted, then directly let pass if not X ports.
Port x is any one port of 1024-65535 range intervals.
Above-mentioned AES is carried out by the way of tea encryptions, and encryption key is a fixed key value.
Above-mentioned AES is encrypted using DES modes.
The beneficial effects of the invention are as follows:Database transmits encryption method except meeting what data were encrypted in network transmission Outside function, it is not necessary to change the network environment of client, it is not required that the client and server program that modification client has been carried out, The driving needed only in client and server end loading data encrypting and deciphering is capable of achieving the data for accessing database in network It is encryption in transmission, it is ensured that the security of data.
Specific embodiment
The present invention will be further described below.
A kind of database transmissions encryption method, comprises the following steps:
A) will form server and drive in netfilter hooks drive load to server linux system kernel, netfilter Hook is driven in drive load to linux system kernel using insmod.B) clients load drive using API HOOK modes Dynamic to form client driving, the send functions of socket and recv functions can be carried out HOOK by driver.API HOOK technologies It is a kind of technology for changing API implementing results, Microsoft itself has also used this inside Windows operating system Individual technology, such as Windows compatibility modes.C) clients driving judges whether the flow at connection server end is X ports, such as Fruit is X ports, and client drives the packet inclusion that will be grabbed to be encrypted using AES, if not X ports then Directly let pass.D) servers drive whether the packet after judging encryption is X ports, if server is driven packet Inclusion be decrypted according to decipherment algorithm corresponding with AES, then directly let pass if not X ports.E) server end Packet to needing to return to client judges whether port is X ports, if server drives being used to packet inclusion AES is encrypted, and is then directly let pass if not X ports.f)Client judges whether to the packet that server is returned Be X ports, if client drive according to AES relative to decipherment algorithm be decrypted, if not X ports Then directly let pass.Wherein client carries out not all packet in encryption process to packet and is required for delaying Deposit, just needs remove its packet header only to meet the packet of X ports, inclusion is extracted and is cached, the inclusion of caching Encryption and decryption is carried out according to enciphering and deciphering algorithm, while the inclusion in former message is replaced, by packet accept.Wherein server logarithm Not all packet in encryption process is carried out according to bag to be required for being cached, only meet the packet of X ports Need inclusion to be extracted the removal of its packet header and cached, the inclusion of caching carries out encryption and decryption according to enciphering and deciphering algorithm, together When replace inclusion in former message, by packet accept.In addition to meeting the function that data are encrypted in network transmission, it is not required to Change the network environment of client, it is not required that the client and server program that modification client has been carried out, it is thus only necessary to The data that the driving that client and server end loads data encrypting and deciphering is capable of achieving to access database are to add in network transmission Close, it is ensured that the security of data.
Further, port x is any one port of 1024-65535 range intervals.To the emphasis of the encryption and decryption of packet Be it is reversible, therefore AES using tea encryption by the way of carry out, encryption key is a fixed key value.If will letter Single encryption and decryption mode, AES also can carry out encryption and decryption using DES modes.

Claims (4)

1. a kind of database transmissions encryption method, it is characterised in that:Comprise the following steps:
A) will form server and drive in netfilter hooks drive load to server linux system kernel;
B) clients form client and drive using API HOOK modes load driver;
C) clients driving judges whether the flow at connection server end is X ports, if X ports, client drives and will grab The packet inclusion got is encrypted using AES, is then directly let pass if not X ports;
D) servers drive whether the packet after judging encryption is X ports, if server is driven the inclusion of packet It is decrypted according to decipherment algorithm corresponding with AES, is then directly let pass if not X ports;
E) server end judges whether port is X ports to the packet for needing to return to client, if server driving is right Packet inclusion is encrypted using AES, is then directly let pass if not X ports;
f)Client determines whether X ports to the packet that server is returned, if client drives being calculated according to encryption Method relative to decipherment algorithm be decrypted, then directly let pass if not X ports.
2. database transmissions encryption method according to claim 1, it is characterised in that:Port x is 1024-65535 scopes Interval any one port.
3. database transmissions encryption method according to claim 1, it is characterised in that:The AES is added using tea Close mode is carried out, and encryption key is a fixed key value.
4. database transmissions encryption method according to claim 1, it is characterised in that:The AES uses DES side Formula is encrypted.
CN201611241032.6A 2016-12-29 2016-12-29 A kind of database transmissions encryption method Pending CN106790152A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611241032.6A CN106790152A (en) 2016-12-29 2016-12-29 A kind of database transmissions encryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611241032.6A CN106790152A (en) 2016-12-29 2016-12-29 A kind of database transmissions encryption method

Publications (1)

Publication Number Publication Date
CN106790152A true CN106790152A (en) 2017-05-31

Family

ID=58924027

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611241032.6A Pending CN106790152A (en) 2016-12-29 2016-12-29 A kind of database transmissions encryption method

Country Status (1)

Country Link
CN (1) CN106790152A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105022966A (en) * 2015-07-21 2015-11-04 郭俊雄 Database data encryption and decryption method and system
CN106131207A (en) * 2016-08-03 2016-11-16 杭州安恒信息技术有限公司 A kind of method and system bypassing audit HTTPS packet

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105022966A (en) * 2015-07-21 2015-11-04 郭俊雄 Database data encryption and decryption method and system
CN106131207A (en) * 2016-08-03 2016-11-16 杭州安恒信息技术有限公司 A kind of method and system bypassing audit HTTPS packet

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
巫钟兴: "《一种数据加密传输方案的设计与实现》", 《北京化工大学学报(自然科学版)》 *

Similar Documents

Publication Publication Date Title
US9917812B2 (en) Inline inspection of security protocols
JP2022023942A (en) Client to cloud or remote server secure data or file object encryption gateway
CN101141244B (en) Network enciphered data virus detection and elimination system and proxy server and method
US8984268B2 (en) Encrypted record transmission
CA2467988A1 (en) System and method for initiating secure network connection from a client to a network host
CN205389215U (en) PLC data acquisition and encryption and decryption system based on two net gapes
US8281122B2 (en) Generation and/or reception, at least in part, of packet including encrypted payload
EP2846509B1 (en) Tls protocol extension
CN110798316A (en) Encryption key generation method, decryption key generation method, encryption key generation program, decryption key generation program, and decryption program
CN110266485B (en) Internet of things safety communication control method based on NB-IoT
WO2005057841A1 (en) The method for generating the dynamic cryptogram in network transmission and the method for transmitting network data
CN104009841B (en) A kind of message encryption method under instant messaging situation
CN102780702A (en) System and method for document security transmission
Zibideh et al. Modified data encryption standard encryption algorithm with improved error performance and enhanced security in wireless fading channels
CN104735094A (en) Information separation based data security transmission system and method
CN107276996A (en) The transmission method and system of a kind of journal file
KR20140091221A (en) Security apparatus for decrypting data encrypted according to the web security protocol and operating method thereof
CN110768958B (en) IPv4 data encryption method and IPv4 data decryption method
CN106790152A (en) A kind of database transmissions encryption method
Huang et al. The Research of VPN on WLAN
CN108111515B (en) End-to-end secure communication encryption method suitable for satellite communication
CN108809888B (en) Safety network construction method and system based on safety module
CN108566270B (en) Novel encryption method using double block cipher
CN202713365U (en) System for network data stream hardware encryption
Iyappan et al. Pluggable encryption algorithm in secure shell (SSH) protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170531

RJ01 Rejection of invention patent application after publication