CN109840420B - Data analysis processing method and device based on memory encryption and decryption - Google Patents
Data analysis processing method and device based on memory encryption and decryption Download PDFInfo
- Publication number
- CN109840420B CN109840420B CN201711191340.7A CN201711191340A CN109840420B CN 109840420 B CN109840420 B CN 109840420B CN 201711191340 A CN201711191340 A CN 201711191340A CN 109840420 B CN109840420 B CN 109840420B
- Authority
- CN
- China
- Prior art keywords
- decryption
- data
- encryption
- algorithm
- security policy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a data analysis processing method and a device based on memory encryption and decryption, wherein the method comprises the following steps: associating an encryption algorithm with the data model, and defining the encryption algorithm as a security policy; storing the security policy in a database; acquiring the security policy; and calling a decryption algorithm in the security policy, and decrypting and desensitizing the data model. The beneficial effects of the invention are as follows: according to the scheme, the analysis processing of the encrypted data is converted into the security policy management, the security policy is embedded in the database, the non-perception structured encrypted data analysis processing is realized, operators and developers can directly develop corresponding sql scripts to decrypt and desensitize the data model on the basis of the original standard sql business flow, the encrypted data is not required to be decrypted by adding manual flows, and the working efficiency and the data security are improved.
Description
Technical Field
The invention relates to the field of data encryption and decryption, in particular to a data analysis processing method and device based on memory encryption and decryption.
Background
With the development of big data technology, data sharing communication becomes more frequent. The distributed system deployment of big data, open network environment, complex data applications and numerous user accesses make big data more challenging in terms of confidentiality, integrity, availability, etc. The existing big data security is generally encrypted during data storage and transmission. However, in the data analysis process, the original semantics of the data need to be analyzed and processed, the original encrypted data cannot meet the service requirement, the encrypted data needs to be subjected to desensitization and decryption and then is subjected to analysis and processing, and generally, the data is subjected to desensitization and decryption into an intermediate table and then is subjected to analysis and processing, so that sensitive data is easily exposed by the scheme, and the risk of data management and control is increased.
And after the data table is desensitized and decrypted, an intermediate table is formed, and data operation analysts rewrite sql scripts through the intermediate table in the clear text to analyze and process according to the service. The intermediate table after desensitization decryption is exposed and the intermediate table data after desensitization decryption is accessible to a person with database rights. Moreover, the intermediate tables after desensitization and decryption occupy extra table space of the database, and for some large data tables, the frequent processing requires considerable resources.
For this situation we propose a way to process data based on in-memory desensitization decryption analysis.
Disclosure of Invention
In order to solve the defects in the prior art, the invention aims to provide a data analysis processing method and device based on memory encryption and decryption.
In order to achieve the above purpose, the technical scheme of the invention is as follows:
a data analysis processing method based on memory encryption and decryption comprises the following steps:
associating an encryption algorithm with the data model, and defining the encryption algorithm as a security policy;
storing the security policy in a database;
acquiring the security policy;
and calling a decryption algorithm in the security policy, and decrypting and desensitizing the data model.
Further, the step of decrypting and desensitizing the data model by calling a decryption algorithm in the security policy comprises the following steps,
converting the decryption algorithm into an sql processing script;
replacing the sql processing script currently executed in the memory;
and executing the replaced sql processing script, and decrypting and desensitizing the data model.
Further, the invoking the decryption algorithm in the security policy, after the decrypting and desensitizing step on the data model, comprises,
invoking an encryption algorithm in the security policy, and encrypting the decrypted and desensitized result data in the memory;
and storing the encrypted result data in a database.
Further, the step of associating the encryption algorithm with the data model, prior to defining the security policy step, comprises,
presetting an encryption algorithm and an access strategy for sensitive data in a data model according to a service scenario;
and encrypting the sensitive data according to a preset encryption algorithm and an access strategy to obtain a data model.
Further, the step of associating the encryption algorithm with the data model, defining as a security policy, comprises,
the data model is associated with the symmetric and asymmetric encryption algorithms, and corresponding security policies are defined, wherein the security policies comprise the data model, the encryption algorithm and decryption algorithm of metadata, algorithm parameters and access policies.
Further, the step of storing the security policy in a database includes,
developing a corresponding decryption algorithm according to a preset encryption algorithm and an access strategy;
and embeds the access policy and decryption algorithm implementation into the database.
The invention also provides a data analysis processing device based on memory encryption and decryption, which comprises an association unit, a first storage unit, an acquisition unit and a decryption unit,
the association unit is used for associating the encryption algorithm with the data model and defining a security policy;
the first storage unit is used for storing the security policy in a database;
the acquisition unit is used for acquiring the security policy;
and the decryption unit is used for invoking a decryption algorithm in the security policy and decrypting and desensitizing the data model.
Further, the decryption unit comprises a conversion module, a replacement module and an execution module,
the conversion module is used for converting the decryption algorithm into an sql processing script;
the replacing module is used for replacing the sql processing script currently executed in the memory;
and the execution module is used for executing the replaced sql processing script and decrypting and desensitizing the data model.
Further, the system also comprises a preset unit, a first encryption unit, a second encryption unit and a second storage unit,
the presetting unit is used for presetting an encryption algorithm and an access strategy for sensitive data in the data model according to the service scene;
the first encryption unit is used for encrypting the sensitive data according to a preset encryption algorithm and an access strategy to obtain a data model;
the second encryption unit is used for calling an encryption algorithm in the security policy and encrypting the decrypted and desensitized result data in the memory;
and the second storage unit is used for storing the encrypted result data in a database.
Further, the association unit comprises an association module, wherein the association module is used for associating the data model by using a symmetric encryption algorithm and an asymmetric encryption algorithm, and defining a corresponding security policy, and the security policy comprises the data model, an encryption algorithm and a decryption algorithm of metadata, algorithm parameters and an access policy;
the first storage unit includes a development module and an embedding module,
the development module is used for developing a corresponding decryption algorithm according to a preset encryption algorithm and an access strategy;
the embedding module is used for embedding the access strategy and the decryption algorithm implementation into the database.
The beneficial effects of the invention are as follows: according to the scheme, the analysis processing of the encrypted data is converted into the security policy management, the security policy is embedded in the database, the non-perception structured encrypted data analysis processing is realized, operators and developers can directly develop corresponding sql scripts to decrypt and desensitize the data model on the basis of the original standard sql business flow, the encrypted data is not required to be decrypted by adding manual flows, and the working efficiency and the data security are improved.
Drawings
FIG. 1 is a flow chart of a method for analyzing and processing data based on memory encryption and decryption according to an embodiment of the invention;
FIG. 2 is a flow chart of a method for invoking a decryption algorithm in a security policy to decrypt and desensitize a data model according to the present invention;
FIG. 3 is a flowchart of a method for storing security policies in a database in accordance with the present invention;
FIG. 4 is a flow chart of a method for analyzing and processing data based on memory encryption and decryption according to another embodiment of the present invention;
FIG. 5 is a block diagram illustrating a data analysis device based on memory encryption and decryption according to an embodiment of the present invention;
FIG. 6 is a block diagram illustrating a decryption unit of a memory encryption/decryption-based data analysis processing apparatus according to an embodiment of the present invention;
FIG. 7 is a block diagram illustrating a first storage unit of a memory encryption/decryption-based data analysis processing apparatus according to an embodiment of the present invention;
FIG. 8 is a block diagram illustrating a configuration of an association unit of a data analysis processing apparatus based on memory encryption and decryption according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a data analysis processing device based on memory encryption and decryption according to another embodiment of the present invention.
Detailed Description
For the purpose of illustrating the concepts and objects of the invention, the invention is further described in connection with the drawings and detailed description that follow.
The sql is known collectively as the "structured query language (Structured Query Language)", and was originally developed by IBM's san jose research laboratory as a query language for its relational database management SYSTEM, the precursor of which is the squire language. The SQL language has simple structure, powerful function and easy learning, so that the SQL language has been widely applied since the 1981 of IBM corporation. Today, both large database management systems like Oracle, sybase, informix, SQL server and database development systems commonly used on microcomputers like Visual Foxporo, powerBuilder support the SQL language as query language.
The asymmetric encryption algorithm requires two keys: public key and private key
(privatekey). The public key and the private key are a pair, and if the data is encrypted by the public key, the data can be decrypted only by the corresponding private key; if the data is encrypted with a private key, then decryption is only possible with the corresponding public key. Because two different keys are used for encryption and decryption, this algorithm is called an asymmetric encryption algorithm.
Symmetric encryption algorithms are well-established techniques that apply earlier encryption algorithms. In the symmetric encryption algorithm, a data sender processes plaintext (original data) and an encryption key (miyao) together through a special encryption algorithm, and then the plaintext (original data) and the encryption key (miyao) are changed into complex encrypted ciphertext to be sent out. After receiving the ciphertext, the receiver needs to decrypt the ciphertext by using the encryption key and the inverse algorithm of the same algorithm to restore the ciphertext into readable plaintext if the receiver wants to interpret the ciphertext. In the symmetric encryption algorithm, only one key is used, and both the sender and the receiver encrypt and decrypt data by using the key, which requires that the decryption party must know the encryption key in advance.
Referring to fig. 1-3, a data analysis processing method based on memory encryption and decryption is provided according to an embodiment of the present invention, which includes the following steps:
s30, associating the encryption algorithm with the data model to define a security policy.
S40, storing the security policy in a database.
S50, acquiring a security policy.
S60, invoking a decryption algorithm in the security policy, and decrypting and desensitizing the data model.
Specifically, step S30 includes step S31 of associating with the data model using symmetric and asymmetric encryption algorithms, defined as corresponding security policies.
Specifically, the security policy includes a data model, an encryption algorithm and a decryption algorithm of metadata, algorithm parameters, and an access policy. The encryption algorithm and the decryption algorithm of the original data are corresponding, the encryption algorithm is used for encrypting the data, the decryption algorithm is used for decrypting and desensitizing the data encrypted by the encryption algorithm, and further data analysis processing is carried out.
Symmetric and asymmetric encryption algorithms, including in particular symmetric encryption algorithms and asymmetric encryption algorithms. The symmetric encryption algorithm and the asymmetric encryption algorithm are all conventional encryption algorithms, and are different from each other in the following steps:
the asymmetric encryption algorithm requires two keys: public key and private key
(privatekey). The public key and the private key are a pair, and if the data is encrypted by the public key, the data can be decrypted only by the corresponding private key; if the data is encrypted with a private key, then decryption is only possible with the corresponding public key. Because two different keys are used for encryption and decryption, this algorithm is called an asymmetric encryption algorithm.
Symmetric encryption algorithms are well-established techniques that apply earlier encryption algorithms. In the symmetric encryption algorithm, a data sender processes plaintext (original data) and an encryption key (miyao) together through a special encryption algorithm, and then the plaintext (original data) and the encryption key (miyao) are changed into complex encrypted ciphertext to be sent out. After receiving the ciphertext, the receiver needs to decrypt the ciphertext by using the encryption key and the inverse algorithm of the same algorithm to restore the ciphertext into readable plaintext if the receiver wants to interpret the ciphertext. In the symmetric encryption algorithm, only one key is used, and both the sender and the receiver encrypt and decrypt data by using the key, which requires that the decryption party must know the encryption key in advance.
As shown in fig. 3, step S40 specifically includes the following steps:
s41, developing a corresponding decryption algorithm according to a preset encryption algorithm and an access strategy.
S42, embedding the access strategy and decryption algorithm implementation into the database.
For step S41, a corresponding encryption algorithm for encrypting the data and an access policy for invoking the data later are pre-defined for the data at the beginning. The encrypted data through the encryption algorithm needs to be decrypted and desensitized through the corresponding decryption algorithm.
For step S42, the access policy and decryption algorithm implementation are embedded into the database, and the sql processing script is used to call from the database, and the encrypted data is decrypted and desensitized in the memory in a sql-like manner.
For step S50, the security policy is acquired, that is, the data model, the encryption algorithm and decryption algorithm, the algorithm parameter and the access policy of the metadata included in the security policy are acquired, which are mainly used for acquiring the decryption algorithm, the algorithm parameter and the access policy in the security policy. The security policy provides encryption and decryption algorithms for the data model for decrypting and desensitizing the encrypted data.
As shown in fig. 2, specifically, step S60, invoking a decryption algorithm in the security policy, and performing decryption desensitization on the data model, specifically includes the following steps:
s61, converting the decryption algorithm into an sql processing script.
S62, replacing the sql processing script currently executed in the memory.
S63, executing the replaced sql processing script, and decrypting and desensitizing the data model.
For step S61, after the decryption algorithm in the security policy is acquired, the decryption algorithm is invoked by sql syntax. For the conventional operation support personnel, the encryption strategy and algorithm used are not required to be known specifically, only the standard sql processing script is required to be written, the decryption algorithm is called through the sql processing script, the decryption algorithm is converted into the corresponding sql processing script to decrypt and desensitize the encrypted data, and the whole background encryption and decryption processing analysis process is transparent to the operation support personnel and is not perceived.
For step S62, after the decryption algorithm is converted into the sql procedure script, the sql procedure script currently executed in the memory is replaced for the subsequent data analysis.
For step S63, the replaced sql processing script is executed, and the decryption algorithm is used to decrypt and desensitize the data in the memory, and perform data analysis processing, so that the security of data processing is improved, and the sensitive data does not need to externally expose plaintext information, and compared with the existing technical scheme, no additional table space is needed, thereby reducing the consumption and occupation of resources.
Referring to fig. 4, in another embodiment of the present invention, before associating the encryption algorithm with the data model and defining the security policy in step S30, the method includes the following steps:
s10, presetting an encryption algorithm and an access strategy for sensitive data in a data model according to service scenes;
and S20, encrypting the sensitive data according to a preset encryption algorithm and an access strategy to obtain a data model.
For step S10, at the beginning, according to the service scenario, the encryption and decryption requirements of the data model are determined, and according to the encryption and decryption requirements, an encryption algorithm and an access policy are preset for the sensitive data of the data model, and the decryption algorithm is obtained according to the actual encryption algorithm and is used for subsequent data decryption and desensitization. The sensitive data is encrypted by an encryption algorithm in the whole process, and can be decrypted only by a corresponding decryption algorithm, so that the safety of data processing is improved, and plaintext information is not required to be exposed to the outside for the sensitive data
For step S20, the corresponding encryption algorithm is preset in step S10, and the data user may perform encryption operation on the sensitive data according to the actual encryption algorithm and the access policy, so as to improve the security of the sensitive data.
In the embodiment of fig. 4, step S60, after the decryption algorithm in the security policy decrypts and desensitizes the data model, includes the following steps:
s70, an encryption algorithm in the security policy is called, and the decrypted and desensitized result data is encrypted in the memory.
S80, storing the encrypted result data in a database.
For step S70, the result data, that is, the above sensitive data, is obtained after decryption and desensitization, and after the result data is called by a worker, the result data needs to be encrypted again by an encryption algorithm, so that the security of the data is ensured, and a third party cannot obtain the data without a decryption algorithm.
For step S80, after the result data is called by the staff, the result data needs to be encrypted again by the encryption algorithm and stored in the database for other people to call continuously.
According to the scheme, the analysis processing of the encrypted data is converted into the security policy management, the security policy is embedded in the database, the non-perception structured encrypted data analysis processing is realized, operators and developers can directly develop corresponding sql scripts to decrypt and desensitize the data model on the basis of the original standard sql business flow, the encrypted data is not required to be decrypted by adding manual flows, and the working efficiency and the data security are improved.
Referring to fig. 5-8, the present invention further provides a memory encryption and decryption-based data analysis processing apparatus, which includes a correlation unit 30, a first storage unit 40, an acquisition unit 50 and a decryption unit 60,
an association unit 30, configured to associate the encryption algorithm with the data model, and define a security policy;
a first storage unit 40 for storing the security policy in a database;
an acquisition unit 50 for acquiring a security policy;
and the decryption unit 60 is used for invoking a decryption algorithm in the security policy and performing decryption desensitization on the data model.
As shown in fig. 8, for the association unit 30, the association unit 30 comprises an association module 31, the association module 31 being adapted to associate with the data model using symmetric and asymmetric encryption algorithms, defined as corresponding security policies.
The security policy includes a data model, encryption and decryption algorithms for metadata, algorithm parameters, and access policies. The encryption algorithm and the decryption algorithm of the original data are corresponding, the encryption algorithm is used for encrypting the data, the decryption algorithm is used for decrypting and desensitizing the data encrypted by the encryption algorithm, and further data analysis processing is carried out.
As shown in fig. 7, for the first storage unit 40, the first storage unit 40 includes a development module 41 and an embedding module 42. The method comprises the following steps:
the development module 41 is configured to develop a corresponding decryption algorithm according to a preset encryption algorithm and access policy.
An embedding module 42 for and embedding the access policy and decryption algorithm implementation into the database.
For the development module 41, corresponding encryption algorithms for encrypting the data and access policies for invoking the data later are pre-defined for the data at the beginning. The encrypted data through the encryption algorithm needs to be decrypted and desensitized through the corresponding decryption algorithm.
For the embedding module 42, the access policy and decryption algorithm implementation are embedded into the database, and the sql processing script can be used to call from the database, and the encrypted data can be decrypted and desensitized in the memory in a sql-like manner.
For the obtaining unit 50, a security policy, that is, a data model, an encryption algorithm and a decryption algorithm of metadata, an algorithm parameter, an access policy, and the like included in the security policy are obtained, and are mainly used for obtaining the decryption algorithm, the algorithm parameter, and the access policy in the security policy. The security policy provides encryption and decryption algorithms for the data model for decrypting and desensitizing the encrypted data.
As shown in fig. 6, for the decryption unit 60, the decryption unit 60 includes a conversion module 61, a replacement module 62, and an execution module 63. The method comprises the following steps:
the conversion module 61 is configured to convert the decryption algorithm into an sql processing script.
The replacing module 62 is configured to replace the sql processing script currently executed in the memory.
And the execution module 63 is used for executing the replaced sql processing script and decrypting and desensitizing the data model.
For the translation unit, after the decryption algorithm in the security policy is obtained, the decryption algorithm is invoked by sql syntax. For the conventional operation support personnel, the encryption strategy and algorithm used are not required to be known specifically, only the standard sql processing script is required to be written, the decryption algorithm is called through the sql processing script, the decryption algorithm is converted into the corresponding sql processing script to decrypt and desensitize the encrypted data, and the whole background encryption and decryption processing analysis process is transparent to the operation support personnel and is not perceived.
For the replacement module 62, after the decryption algorithm is converted into the sql procedure script, the sql procedure script currently executed in the memory is replaced for subsequent data analysis processing.
For the execution module 63, the replaced sql processing script is decrypted and desensitized by using a decryption algorithm in the memory, and is subjected to data analysis processing, so that the safety of data processing is improved, the sensitive data does not need to externally expose plaintext information, and compared with the prior art, the external data processing method does not need extra table space, and the consumption and occupation of resources are reduced.
According to the scheme, the analysis processing of the encrypted data is converted into the security policy management, the security policy is embedded in the database, the non-perception structured encrypted data analysis processing is realized, operators and developers can directly develop corresponding sql scripts to decrypt and desensitize the data model on the basis of the original standard sql business flow, the encrypted data is not required to be decrypted by adding manual flows, and the working efficiency and the data security are improved.
Referring to fig. 9, another embodiment of the present invention provides a data analysis processing apparatus based on memory encryption and decryption, which includes a preset unit 10, a first encryption unit 20, a second encryption unit 70, and a second storage unit 80 in addition to the association unit 30, the first storage unit 40, the acquisition unit 50, and the decryption unit 60, and is specifically as follows:
the presetting unit 10 is used for presetting an encryption algorithm and an access strategy for sensitive data in the data model according to the service scenario;
the first encryption unit 20 is configured to encrypt the sensitive data according to a preset encryption algorithm and an access policy to obtain a data model;
a second encryption unit 70, configured to invoke an encryption algorithm in the security policy, and encrypt the decrypted and desensitized result data in the memory;
and a second storage unit 80 for storing the encrypted result data in a database.
For the preset unit 10, at the beginning, according to the service scenario, the encryption and decryption requirements of the data model are determined, and according to the encryption and decryption requirements, an encryption algorithm and an access strategy are preset for sensitive data of the data model, and the decryption algorithm is obtained according to the actual encryption algorithm and used for subsequent data decryption and desensitization. The sensitive data is encrypted by an encryption algorithm in the whole process, and can be decrypted only by a corresponding decryption algorithm, so that the safety of data processing is improved, and plaintext information is not required to be exposed to the outside for the sensitive data
For the first encryption unit 20, the corresponding encryption algorithm is preset through the preset unit 10, so that the data user can encrypt the sensitive data according to the actual encryption algorithm and the access policy, and the security of the sensitive data is improved.
For the second encryption unit 70, the result data, that is, the above sensitive data, is obtained after decryption and desensitization, and the result data needs to be encrypted again by an encryption algorithm after being called by a staff, so that the security of the data is ensured, and a third party cannot acquire the data without a decryption algorithm.
For the second storage unit 80, after the result data is called by the staff, the result data needs to be encrypted by the second encryption unit 70 and stored in the database for other people to call.
According to the scheme, the analysis processing of the encrypted data is converted into the security policy management, the security policy is embedded in the database, the non-perception structured encrypted data analysis processing is realized, operators and developers can directly develop corresponding sql scripts to decrypt and desensitize the data model on the basis of the original standard sql business flow, the encrypted data is not required to be decrypted by adding manual flows, and the working efficiency and the data security are improved.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the invention, and all equivalent structures or equivalent processes using the descriptions and drawings of the present invention or directly or indirectly applied to other related technical fields are included in the scope of the invention.
Claims (7)
1. The data analysis processing method based on memory encryption and decryption is characterized by comprising the following steps:
presetting an encryption algorithm and an access strategy for sensitive data in a data model according to a service scene;
encrypting the sensitive data according to a preset encryption algorithm and an access strategy to obtain a data model;
associating an encryption algorithm with the data model, and defining a security policy, wherein the security policy comprises the data model, an encryption algorithm and a decryption algorithm of metadata;
storing the security policy in a database;
acquiring the security policy;
invoking a decryption algorithm in the security policy, and decrypting and desensitizing the data model;
the step of decrypting and desensitizing the data model by calling a decryption algorithm in the security policy comprises the following steps:
converting the decryption algorithm into a corresponding sql processing script;
replacing the corresponding sql processing script with the sql processing script currently executed in the memory;
and executing the replaced sql processing script, and decrypting and desensitizing the data model.
2. The memory encryption and decryption-based data analysis processing method according to claim 1, wherein after the step of invoking the decryption algorithm in the security policy to decrypt and desensitize the data model, the method comprises,
invoking an encryption algorithm in the security policy, and encrypting the decrypted and desensitized result data in the memory;
and storing the encrypted result data in a database.
3. The memory encryption and decryption based data analysis processing method according to claim 1, wherein the step of associating the encryption algorithm with the data model to define a security policy comprises,
the symmetric and asymmetric encryption algorithms are used to associate with the data model and define corresponding security policies, which also include algorithm parameters and access policies.
4. The memory encryption and decryption based data analysis processing method according to claim 3, wherein the step of storing the security policy in a database comprises,
developing a corresponding decryption algorithm according to a preset encryption algorithm and an access strategy;
and embeds the access policy and decryption algorithm implementation into the database.
5. The data analysis processing device based on memory encryption and decryption is characterized by comprising a preset unit, a first encryption unit, a correlation unit, a first storage unit, an acquisition unit and a decryption unit,
the presetting unit is used for presetting an encryption algorithm and an access strategy for sensitive data in the data model according to the service scene;
the first encryption unit is used for encrypting the sensitive data according to a preset encryption algorithm and an access strategy to obtain a data model;
the association unit is used for associating the encryption algorithm with the data model and defining a security policy;
the first storage unit is used for storing the security policy in a database;
the acquisition unit is used for acquiring the security policy;
the decryption unit is used for invoking a decryption algorithm in the security policy and decrypting and desensitizing the data model;
wherein the decryption unit includes: the device comprises a conversion module, a replacement module and an execution module,
the conversion module is used for converting the decryption algorithm into a corresponding sql processing script;
the replacing module is used for replacing the corresponding sql processing script with the sql processing script currently executed in the memory;
and the execution module is used for executing the replaced sql processing script and decrypting and desensitizing the data model.
6. The memory encryption and decryption based data analysis processing apparatus according to claim 5, further comprising a second encryption unit and a second storage unit,
the second encryption unit is used for calling an encryption algorithm in the security policy and encrypting the decrypted and desensitized result data in the memory;
and the second storage unit is used for storing the encrypted result data in a database.
7. The memory encryption and decryption based data analysis processing apparatus according to claim 6, wherein the association unit includes an association module for associating with a data model using symmetric and asymmetric encryption algorithms, defining a corresponding security policy, the security policy further including algorithm parameters and an access policy;
the first storage unit comprises a development module and an embedding module, wherein the development module is used for developing a corresponding decryption algorithm according to a preset encryption algorithm and an access strategy; the embedding module is used for embedding the access strategy and the decryption algorithm implementation into the database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711191340.7A CN109840420B (en) | 2017-11-24 | 2017-11-24 | Data analysis processing method and device based on memory encryption and decryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711191340.7A CN109840420B (en) | 2017-11-24 | 2017-11-24 | Data analysis processing method and device based on memory encryption and decryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109840420A CN109840420A (en) | 2019-06-04 |
| CN109840420B true CN109840420B (en) | 2023-07-04 |
Family
ID=66876397
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711191340.7A Active CN109840420B (en) | 2017-11-24 | 2017-11-24 | Data analysis processing method and device based on memory encryption and decryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109840420B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103092980A (en) * | 2013-01-31 | 2013-05-08 | 中国科学院自动化研究所 | Method and system of data automatic conversion and storage |
| CN103279715A (en) * | 2013-05-22 | 2013-09-04 | 李凤华 | Database data encryption and decryption method and device |
| CN103853985A (en) * | 2012-12-05 | 2014-06-11 | ***通信集团黑龙江有限公司 | Data encryption method, decryption method and decryption device |
| CN104657673A (en) * | 2013-11-22 | 2015-05-27 | Sap欧洲公司 | Average-complexity ideal-security order-preserving encryption |
| CN106095391A (en) * | 2016-05-31 | 2016-11-09 | 携程计算机技术(上海)有限公司 | Based on big data platform and the computational methods of algorithm model and system |
| CN106649587A (en) * | 2016-11-17 | 2017-05-10 | 国家电网公司 | High-security desensitization method based on big data information system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020166051A1 (en) * | 2001-05-03 | 2002-11-07 | Marvin Moser | Method, system, and apparatus for encrypting a web browser script |
| KR100624691B1 (en) * | 2004-09-09 | 2006-09-15 | 삼성전자주식회사 | Apparatus and method for decryption processing of block encrypted data |
-
2017
- 2017-11-24 CN CN201711191340.7A patent/CN109840420B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103853985A (en) * | 2012-12-05 | 2014-06-11 | ***通信集团黑龙江有限公司 | Data encryption method, decryption method and decryption device |
| CN103092980A (en) * | 2013-01-31 | 2013-05-08 | 中国科学院自动化研究所 | Method and system of data automatic conversion and storage |
| CN103279715A (en) * | 2013-05-22 | 2013-09-04 | 李凤华 | Database data encryption and decryption method and device |
| CN104657673A (en) * | 2013-11-22 | 2015-05-27 | Sap欧洲公司 | Average-complexity ideal-security order-preserving encryption |
| CN106095391A (en) * | 2016-05-31 | 2016-11-09 | 携程计算机技术(上海)有限公司 | Based on big data platform and the computational methods of algorithm model and system |
| CN106649587A (en) * | 2016-11-17 | 2017-05-10 | 国家电网公司 | High-security desensitization method based on big data information system |
Non-Patent Citations (1)
| Title |
|---|
| 一种基于格式保留的加密算法在经营分析***中的应用;赵洪松;苏燕;;通信管理与技术(04);第44-45页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109840420A (en) | 2019-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20150235049A1 (en) | Maintaining Data Privacy in a Shared Data Storage System | |
| CN108154038B (en) | Data processing method and device | |
| US20140281520A1 (en) | Secure cloud data sharing | |
| US10127401B2 (en) | Redacting restricted content in files | |
| AU2015384779B2 (en) | Automated integration of video evidence with data records | |
| DE102013203126B4 (en) | System, method and program product for transparent access to encrypted non-relational data in real time | |
| CN109815719A (en) | A kind of database security encryption system that can search for | |
| JP2009099151A (en) | User query processing system and method by query encryption transformation in database including encrypted column | |
| US10380357B1 (en) | Forensic investigation tool | |
| CN111460503B (en) | Data sharing method, device, equipment and storage medium | |
| US8644513B2 (en) | Database processing on externally encrypted data | |
| CN111079162B (en) | Data encryption method, data decryption method and data encryption system based on block chain | |
| US9767294B2 (en) | Intermediate server, database query processing method and program | |
| CN112417476A (en) | Desensitization method and data desensitization system for sensitive data | |
| WO2019114137A1 (en) | Password calling method, server, and storage medium | |
| US20220329413A1 (en) | Database integration with an external key management system | |
| US10402587B2 (en) | Application-level in-place encryption | |
| CN114969128B (en) | Secure multi-party computing technology-based secret query method, system and storage medium | |
| CN114428784A (en) | Data access method and device, computer equipment and storage medium | |
| KR20200047992A (en) | Method for simultaneously processing encryption and de-identification of privacy information, server and cloud computing service server for the same | |
| US10223543B1 (en) | Dynamic external views with encryption to support global data compliance for global archives | |
| CN109840420B (en) | Data analysis processing method and device based on memory encryption and decryption | |
| CN116975926A (en) | Database proxy encryption system based on trusted execution environment | |
| CN102045326B (en) | Document safety control method, device and system | |
| DE112019005865T5 (en) | DATA PROCESSING DEVICE AND DATA PROCESSING METHODS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |