CN112597456A - Watermark adding and verifying method and device for database - Google Patents
Watermark adding and verifying method and device for database Download PDFInfo
- Publication number
- CN112597456A CN112597456A CN202011614326.5A CN202011614326A CN112597456A CN 112597456 A CN112597456 A CN 112597456A CN 202011614326 A CN202011614326 A CN 202011614326A CN 112597456 A CN112597456 A CN 112597456A
- Authority
- CN
- China
- Prior art keywords
- data
- database
- attribute information
- signature
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000012795 verification Methods 0.000 claims abstract description 50
- 238000012545 processing Methods 0.000 claims abstract description 41
- 238000010586 diagram Methods 0.000 description 14
- 230000006870 function Effects 0.000 description 11
- 238000004590 computer program Methods 0.000 description 8
- 230000003287 optical effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 206010011971 Decreased interest Diseases 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/16—Program or content traceability, e.g. by watermarking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Multimedia (AREA)
- Databases & Information Systems (AREA)
- Technology Law (AREA)
- Editing Of Facsimile Originals (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The disclosure provides a method and a device for adding and verifying a watermark of a database. The method comprises the following steps: selecting a specified number of rows from a database of target users; executing any selected row, and processing each data positioned in the target column in the row by using a hash function to obtain a hash value; obtaining a private key in a public and private key pair for signature processing by using a data signature algorithm, carrying out signature processing on a hash value to obtain a signature value, and correspondingly storing a public key in the public and private key pair and the target user; obtaining watermark information through the hash value and the signature value; adding the watermark information to target locations in the rows, the target locations being in columns other than the target columns. The public key and the private key have uniqueness because each target user can generate different public and private key pairs in the digital signature algorithm. The reliability of the watermark verification result is improved.
Description
Technical Field
The invention relates to the field of data security, in particular to a method and a device for adding and verifying a watermark of a database.
Background
With the wide application of databases and the development of network technologies, database technologies are widely applied in networks, but a series of problems such as data loss, copy and steal, data leakage in databases and the like occur, so that copyright cannot be well protected. The loss of interest of the original data owner or the damage of sensitive privacy disclosure of the user and the like are caused.
In order to solve the scenes, a watermarking technology based on a database is provided, namely, a certain mark is embedded in the provided data, and then the mark is extracted through a specific algorithm so as to achieve the effects of copyright protection, anti-counterfeiting and the like. Thereby realizing the protection of the database.
In the prior art, when an original owner of data authorizes data owned by the original owner of the data to other users, the used watermark information is to embed special data information in the data, for example, to embed a specified character string in the data that needs to be authorized to other users, where the specified character string is the watermark information. When data leakage occurs, the specified character string can be searched in the leaked data, and if the specified character string is searched, the leaked data is determined to be the data of the user corresponding to the specified character string. However, the special data information embedded in the data that needs to be authorized by each user may be the same, or there may be a case where the data that needs to be authorized by any user itself contains the special data information embedded by other users, so that the watermark information cannot be accurately verified, and the reliability of the watermark verification result in the database is low.
Disclosure of Invention
The exemplary embodiments of the present disclosure provide a method and an apparatus for watermarking and verifying a database. For improving the reliability of watermark verification in databases.
A first aspect of the present disclosure provides a watermarking method of a database, the method including:
selecting a specified number of rows from a database of target users;
executing any selected row, and processing each data positioned in the target column in the row by using a hash function to obtain a hash value;
obtaining a private key in a public and private key pair for signature processing by using a data signature algorithm, carrying out signature processing on the hash value to obtain a signature value, and correspondingly storing a public key in the public and private key pair and the target user; wherein the public key is used to verify the signature value;
obtaining watermark information through the hash value and the signature value;
adding the watermark information to target locations in the rows, the target locations being in columns other than the target columns.
In the embodiment, the data is subjected to hash processing, the obtained hash value is signed through a digital signature algorithm, and the results of the hash processing and the signature are added to the watermark information, so that the watermark information can be verified directly through a public key generated by the digital signature algorithm when verification is performed based on the watermark information. Based on this, the watermark information in the database is verified through the public keys corresponding to the target users, so that the accuracy of the verification result is improved, and the reliability of the watermark verification result in the database is further improved.
In one embodiment, before obtaining the watermark information by the hash value and the signature value, the method further includes:
encrypting the attribute information of the data in the database to obtain encrypted attribute information; the attribute information of the data is a database name;
the obtaining of the watermark information through the hash value and the signature value includes:
and determining the watermark information according to the hash value, the signature value and the encrypted attribute information.
In the embodiment, the attribute information of the data is added to the watermark information, so that the reliability of the verification result can be further improved through the attribute information during tracing.
In an embodiment, the encrypting the attribute information of the data in the database to obtain the encrypted attribute information includes:
and encrypting the attribute information of the data by using an elliptic curve encryption algorithm to obtain the encrypted attribute information.
In the embodiment, the attribute information of the data is encrypted by using an elliptic curve encryption algorithm, so that the security of the attribute information is ensured.
In one embodiment, the determining the watermark information by the hash value, the signature value, and the encrypted attribute information includes:
and splicing the hash value, the signature value and the encrypted attribute information according to a preset rule to obtain the watermark information.
In this embodiment, the hash value, the signature value, and the encrypted attribute information are spliced according to a preset rule, so as to improve the reliability of the watermark verification result.
In a second aspect of the present disclosure, a watermark verification method for a database is provided, the method including:
searching watermark information in a database of a target user; the watermark information comprises a hash value and a signature value;
inputting a public key, the hash value and the signature value which are stored correspondingly to the target user into a digital signature algorithm to verify the signature value;
and if the verification is passed, determining that the data in the database is the data of the target user.
In this embodiment, the public key of the target user, and the hash value and the signature value in the watermark information are input to a digital signature algorithm to verify the signature value, so as to determine whether the data in the database is the data of the target user according to the verification result. Since the public key is public, the watermark information is verified by using the public key, so that the result obtained by verification is more reliable.
In one embodiment, the watermark information further includes encrypted attribute information;
after determining that the data in the database is the data of the target user if the verification is passed, the method further includes:
decrypting the encrypted attribute information to obtain decrypted attribute information, wherein the attribute information is attribute information of data in the database; the attribute information of the data is a database name;
and determining that the data in the database is the data of the target user by using the attribute information.
In the embodiment, the attribute information in the watermark information is used for decryption, and whether the data in the database is the data of the target user is judged by obtaining the decryption information, so that the reliability of the verification result is further improved.
In an embodiment, the decrypting the encrypted attribute information to obtain decrypted attribute information; the method comprises the following steps:
and decrypting the encrypted attribute information by using an elliptic curve encryption algorithm to obtain the decrypted attribute information.
The present embodiment decrypts the attribute information by the same elliptic encryption algorithm as that used in the attribute encryption, so that the attribute information is more accurate.
In one embodiment, the searching for watermark information in the database of the target user includes:
searching data corresponding to a preset rule in the database by using the preset rule; and the number of the first and second electrodes,
and determining the searched data as the watermark information.
The embodiment identifies the watermark information in the database according to the preset rule.
In a third aspect of the present disclosure, there is provided a watermarking apparatus for a database, the apparatus including:
a selection module for selecting a specified number of rows from a database of target users;
the hash processing module is used for executing aiming at any selected row and processing each data positioned in the target column in the row by using a hash function to obtain a hash value;
the signature processing module is used for obtaining a private key in a public and private key pair for signature processing by using a data signature algorithm, carrying out signature processing on the hash value to obtain a signature value, and correspondingly storing a public key in the public and private key pair and the target user; wherein the public key is used to verify the signature value;
the watermark information determining module is used for obtaining watermark information through the hash value and the signature value;
and the adding module is used for adding the watermark information to target positions in the rows, wherein the target positions are positioned in other columns except the target columns.
In one embodiment, the apparatus further comprises:
the attribute information encryption module is used for encrypting the attribute information of the data in the database before the watermark information is obtained through the hash value and the signature value to obtain the encrypted attribute information; the attribute information of the data is a database name;
the watermark information determining module is specifically configured to:
a first determining unit, configured to determine the watermark information according to the hash value, the signature value, and the encrypted attribute information.
In one embodiment, the attribute information encryption module is specifically configured to:
and encrypting the attribute information of the data by using an elliptic curve encryption algorithm to obtain the encrypted attribute information.
In an embodiment, the first determining unit is specifically configured to:
and splicing the hash value, the signature value and the encrypted attribute information according to a preset rule to obtain the watermark information.
In a fourth aspect of the present disclosure, there is provided a watermark verification apparatus for a database, the apparatus including:
the searching module is used for searching watermark information in a database of a target user; the watermark information comprises a hash value and a signature value;
the verification module is used for inputting the public key of the target user, the hash value and the signature value into a digital signature algorithm to verify the signature value;
and the first data determining module is used for determining that the data in the database is the data of the target user if the verification is passed.
In one embodiment, the watermark information further includes encrypted attribute information; the device further comprises:
the attribute information decryption module is used for decrypting the encrypted attribute information after determining that the data in the database is the data of the target user if the verification is passed, so as to obtain decrypted attribute information, wherein the attribute information of the data is the name of the database;
and the second data determining module is used for determining that the data in the database is the data of the target user by using the attribute information.
In one embodiment, the attribute information decryption module is specifically configured to:
and decrypting the encrypted attribute information by using an elliptic curve encryption algorithm to obtain the decrypted attribute information.
In one embodiment, the search module is specifically configured to:
searching data corresponding to a preset rule in the database by using the preset rule; and the number of the first and second electrodes,
and determining the searched data as the watermark information.
In a fifth aspect of the embodiments of the present disclosure, there is provided an electronic device, including:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor; the instructions are executable by the at least one processor to enable the at least one processor to perform the method of the first aspect and/or the second aspect.
According to a sixth aspect provided by embodiments of the present disclosure, there is provided a computer storage medium storing a computer program for executing the method according to the first and/or second aspect.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a schematic diagram of a suitable scenario in accordance with an embodiment of the present disclosure;
fig. 2 is one of the flow diagrams of a watermarking method of a database according to an embodiment of the present disclosure;
FIG. 3 is a database comparison diagram of a watermarking method of a database according to one embodiment of the present disclosure;
fig. 4 is a flowchart illustrating a watermark tracing method for a database according to an embodiment of the present disclosure;
FIG. 5 is a flow chart of a watermarking and tracing method for a database according to an embodiment of the present disclosure;
FIG. 6 is a watermarking arrangement of a database according to an embodiment of the present disclosure;
fig. 7 is a watermark tracing apparatus of a database according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
The term "and/or" in the embodiments of the present disclosure describes an association relationship of associated objects, and means that there may be three relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
The application scenario described in the embodiment of the present disclosure is for more clearly illustrating the technical solution of the embodiment of the present disclosure, and does not form a limitation on the technical solution provided in the embodiment of the present disclosure, and as a person having ordinary skill in the art knows, with the occurrence of a new application scenario, the technical solution provided in the embodiment of the present disclosure is also applicable to similar technical problems. In the description of the present disclosure, the term "plurality" means two or more unless otherwise specified.
In the prior art, when an original owner of data authorizes data owned by the original owner of the data to other users, the used watermark information is to embed special data information in the data, for example, to embed a specified character string in the data that needs to be authorized to other users, where the specified character string is the watermark information. When data leakage occurs, the specified character string can be searched in the leaked data, and if the specified character string is searched, the leaked data is determined to be the data of the user corresponding to the specified character string. However, the special data information embedded in the data that needs to be authorized by each user may be the same, or there may be a case where the data that needs to be authorized by any user itself contains the special data information embedded by other users, so that the watermark information cannot be accurately verified, and the reliability of the watermark verification result in the database is low.
Therefore, the present disclosure provides a method for adding a watermark to a database, in which data is hashed, the obtained hash value is signed by a digital signature algorithm, and each obtained result is added to watermark information, so that when tracing based on the watermark information, the watermark information can be verified by a public key generated by the digital signature algorithm directly. Based on this, the watermark information in the database is verified through the public keys correspondingly stored with the target users, so that the accuracy of the verification result is improved, and the reliability of the watermark verification result in the database is further improved. The embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, an application scenario of the watermarking method for a database includes a plurality of terminal devices 110 and a server 120, and three terminal devices 110 are taken as an example in fig. 1, so that the number of terminal devices 110 is not limited in practice. The terminal device 110 may be a mobile phone, a tablet computer, a personal computer, and the like. The server 120 may be implemented by a single server or may be implemented by a plurality of servers. The server 120 may be implemented by a physical server or may be implemented by a virtual server.
In one possible application scenario, the server 120 selects a specified number of rows from the target user's database; executing the operation according to any selected row, and processing each data positioned in the target column in the row by using a hash function to obtain a hash value; then, the server 120 obtains a private key in a public and private key pair for signature processing by using a data signature algorithm, performs signature processing on the hash value to obtain a signature value, and correspondingly stores a public key in the public and private key pair and the target user; wherein the public key is used to verify the signature value; obtaining watermark information through the hash value and the signature value; finally, the server 120 adds the watermark information to the target locations in the rows, which are located in columns other than the target column. And sends the database added with the watermark information to the terminal device 110 for display, so that the user can check the database added with the watermark information through the terminal device 110.
Fig. 2 is a schematic flowchart of a watermarking method for a database according to the present disclosure, which may include the following steps:
step 201: selecting a specified number of rows from a database of target users;
step 202: executing any selected row, and processing each data positioned in the target column in the row by using a hash function to obtain a hash value;
the method for determining the target column may be:
the first method is as follows: comparing example identifiers of all columns in the database with preset target column identifiers, and determining all columns with the same column identifiers and the target column identifiers in the database as target columns.
For example, the column identifiers in the database include identifier 1, identifier 2, identifier 3, identifier 4, and identifier 5. And if the target column identification comprises an identification 2, an identification 3 and an identification 4, determining the columns of which the columns are the identification 2, the identification 3 and the identification 4 in the database as the target columns.
The second method comprises the following steps: a specified number of target columns are randomly selected.
For example, if the specified number is 5, 5 columns are randomly selected as the target column from among the columns in the database.
Step 203: obtaining a private key in a public and private key pair for signature processing by using a data signature algorithm, carrying out signature processing on the hash value to obtain a signature value, and correspondingly storing a public key in the public and private key pair and the target user; wherein the public key is used to verify the signature value;
for example, the process of the digital signature algorithm may include:
(1) selecting prime numbers p and q, wherein q is a prime factor of p-1, and selecting an integer a so that a ^ q is 1mod p;
(2) randomly selecting an integer s as a private key of a user, wherein 0< s < q;
(3) calculating the public key of the user through formula (1), wherein the formula (1) is as follows:
v ═ a ^ -s mod p … formula (1);
(4) randomly selecting an integer r, and calculating an intermediate value through a formula (2); wherein, the formula (2) is:
x ═ a ^ r mod p … formula (2);
(5) obtaining a first partial signature e by using the hash value and the intermediate value;
(6) obtaining a second partial signature by formula (3), wherein formula (3) is:
y ═ r + s × e) mod p … equation (3);
(7) and obtaining a signature value (e, y) according to the first partial signature value e and the second partial signature value y.
It should be noted that the digital signature algorithm in the embodiment of the present disclosure is only used for explaining the embodiment of the present disclosure, and does not limit the digital signature algorithm of the present disclosure.
The public key generated by using the digital signature algorithm to perform signature each time is uniformly stored with the target user, so that the watermark information is conveniently used when tracing the source.
Step 204: obtaining watermark information through the hash value and the signature value;
in order to make the reliability of the watermark information higher, before step 204 is executed, in an embodiment, the attribute information of the data in the database is encrypted to obtain encrypted attribute information; the attribute information of the data is at least one of a database name, a data table name and a data owner name;
and encrypting the attribute information of the data by using an elliptic curve encryption algorithm to obtain the encrypted attribute information.
After obtaining the encrypted attribute information, step 204 may be implemented to determine the watermark information by the hash value, the signature value, and the encrypted attribute information.
In an embodiment, according to a preset rule, the hash value, the signature value, and the encrypted attribute information are spliced to obtain the watermark information.
For example, the preset rule may be: the method comprises the following steps that A + special characters 1+ B + special characters 2+ C, wherein A represents a hash value, B represents a signature value, and C represents encrypted attribute information. The special characters 1 and 2 may be the same or different. If the special character 1 is x, and the special character 2 is bit 1, the spliced watermark information is a x B1C.
It should be noted that the position and number of the special characters are not limited in this disclosure.
Thus, by adding attribute information of data, reliability of the watermark information is made higher.
Step 205: adding the watermark information to target locations in the rows, the target locations being in columns other than the target columns.
For example, as shown in fig. 3, which is a database comparison graph before and after adding watermark information, wherein the original data is data before adding no watermark information, it can be seen from the graph that the selected row is the first row and the fifth row, and the watermark information sign is added to the specified column in the first row and the fifth row.
Therefore, according to the method, data are subjected to Hash processing, the obtained Hash value is encrypted through a digital signature algorithm, and the structure obtained through encryption is added to the watermark information, so that the watermark information can be directly verified through a public key generated by the digital signature algorithm when verification is performed on the basis of the watermark information, different target users can generate different public and private key pairs in the digital signature algorithm, the private key is used for generating signatures, and the public key is used for verifying the generated signatures and has uniqueness. Based on this, the watermark information in the database is verified through the public keys correspondingly stored with the target users, so that the accuracy of the verification result is improved, and the reliability of the watermark verification result in the database is further improved.
Based on the same inventive concept, the present disclosure provides a watermark verification method for a database, and fig. 4 is a schematic flow chart of the watermark verification method for a database in an embodiment of the present disclosure, which may include the following steps:
step 401: searching watermark information in a database of a target user; the watermark information comprises a hash value and a signature value;
in one embodiment, a preset rule is utilized to search the database for data corresponding to the preset rule; and determining the searched data as the watermark information.
Step 402: inputting a public key, the hash value and the signature value which are stored correspondingly to the target user into a digital signature algorithm to verify the signature value;
for example, the signature verification method corresponding to the signature method in the digital signature algorithm described above is:
obtaining an intermediate value to be verified by using a public key and a signature value which are correspondingly stored by a target user; and obtaining a first part signature value to be verified by using the hash value and the intermediate value to be verified in the watermark information, comparing the first part signature value to be verified with the first part signature value in the signature values, and if the first part signature value and the intermediate value are the same, indicating that the verification is passed.
If the target user has a plurality of public keys, the public keys are acquired one by one according to the sequence of public key storage for verification, and the verification is finished until one public key passes the verification of the signature information. And if the verification of all the public keys on the signature information is not passed, the data in the database is not the data of the target user.
It should be noted that different digital signature algorithms have corresponding signature methods and signature verification methods, and the disclosure is not limited herein.
Step 403: and if the verification is passed, determining that the data in the database is the data of the target user.
Therefore, the public key of the target user, the hash value in the watermark information and the signature value are input into a digital signature algorithm to verify the signature value, and whether the data in the database is the data of the target user or not is determined according to the verification result. Since the public key is public, the public key is used for verifying the watermark information, so that the obtained result is more reliable.
In order to make the verification result more accurate, the watermark information further comprises encrypted attribute information; after step 403 is executed, in an embodiment, the encrypted attribute information is decrypted to obtain decrypted attribute information, where the attribute information is attribute information of data in the database;
and decrypting the encrypted attribute information by using an elliptic curve encryption algorithm to obtain the decrypted attribute information.
The attribute information is the source of the data in the database, such as the database name, the data table name, the original owner name (company name, etc.), and the like.
Therefore, the attribute information in the watermark information is used for decryption, and whether the data in the database is the data of the target user or not is judged by obtaining the decryption information, so that the reliability of the verification result is further improved.
For further understanding of the technical solution of the present disclosure, the following detailed description with reference to fig. 5 may include the following steps:
step 501: selecting a specified number of rows from a database of target users;
step 502: executing any selected row, and processing each data positioned in the target column in the row by using a hash function to obtain a hash value;
step 503: obtaining a private key in a public and private key pair for signature processing by using a data signature algorithm, carrying out signature processing on the hash value to obtain a signature value, and correspondingly storing a public key in the public and private key pair and the target user; wherein the public key is used to verify the signature value;
step 504: encrypting the attribute information of the data in the database to obtain encrypted attribute information; the attribute information of the data is a database name;
the execution sequence of step 502 and step 504 is not limited in this disclosure, and step 502 may be executed first, and then step 504 is executed; step 504 may be performed first, and then step 502 may be performed; step 502 and step 504 may also be performed simultaneously.
Step 505: splicing the hash value, the signature value and the encrypted attribute information according to a preset rule to obtain the watermark information;
step 506: adding the watermark information to target positions in the rows, the target positions being located in columns other than the target columns;
step 507: searching watermark information in a database of a target user;
step 508: inputting a public key, the hash value and the signature value which are stored correspondingly to the target user into a digital signature algorithm to verify the signature value;
step 509: if the verification is passed, determining the data in the database as the data of the target user;
step 510: decrypting the encrypted attribute information to obtain decrypted attribute information, wherein the attribute information is attribute information of data in the database;
step 511: and determining that the data in the database is the data of the target user by using the attribute information.
Based on the same disclosure concept, the watermarking method of the database as described above in the present disclosure can also be implemented by a watermarking device of the database. The effect of the watermark adding device of the database is similar to that of the method, and is not described herein again.
Fig. 6 is a schematic structural diagram of a watermarking apparatus for a database according to an embodiment of the present disclosure.
As shown in fig. 6, the watermarking apparatus 600 of the database of the present disclosure may include a selection module 610, a hash processing module 620, a signature processing module 630, a watermark information determination module 640, and an adding module 650.
A selection module 610 for selecting a specified number of rows from the database of target users;
a hash processing module 620, configured to execute on any selected row, and process each data in the row located in the target column by using a hash function to obtain a hash value;
the signature processing module 630 is configured to obtain a private key in a public and private key pair for signature processing by using a data signature algorithm, perform signature processing on the hash value to obtain a signature value, and correspondingly store a public key in the public and private key pair with the target user; wherein the public key is used to verify the signature value; a watermark information determining module 640, configured to obtain watermark information according to the hash value and the signature value;
an adding module 650, configured to add the watermark information to target locations in the rows, where the target locations are located in other columns than the target columns.
In one embodiment, the apparatus further comprises:
an attribute information encryption module 660, configured to encrypt the attribute information of the data in the database before obtaining the watermark information through the hash value and the signature value, to obtain encrypted attribute information; the attribute information of the data is a database name;
the watermark information determining module 640 is specifically configured to:
a first determining unit 641, configured to determine the watermark information by using the hash value, the signature value, and the encrypted attribute information.
In an embodiment, the attribute information encryption module 660 is specifically configured to:
and encrypting the attribute information of the data in the database by using an elliptic curve encryption algorithm to obtain the encrypted attribute information.
In an embodiment, the first determining unit 641 is specifically configured to:
and splicing the hash value, the signature value and the encrypted attribute information according to a preset rule to obtain the watermark information.
Based on the same inventive concept, the present disclosure further provides a watermark verification apparatus for a database, as shown in fig. 7, which is a schematic structural diagram of the watermark verification apparatus for the database, and the watermark verification apparatus 700 for the database includes a search module 710, a verification module 720 and a first data determination module 730.
A searching module 710, configured to search watermark information in a database of a target user; the watermark information comprises a hash value and a signature value;
a verification module 720, configured to input the public key, the hash value, and the signature value, which are stored correspondingly to the target user, into a digital signature algorithm to verify the signature value;
the first data determining module 730 is configured to determine that the data in the database is the data of the target user if the verification is passed.
In one embodiment, the watermark information further includes encrypted attribute information; the device further comprises:
the attribute information decryption module 740 is configured to, after determining that the data in the database is the data of the target user if the verification passes, decrypt the encrypted attribute information to obtain decrypted attribute information, where the attribute information is the attribute information of the data in the database; the attribute information of the data is a database name;
and a second data determining module 750, configured to determine, by using the attribute information, that the data in the database is the data of the target user.
In an embodiment, the attribute information decryption module 740 is specifically configured to:
and decrypting the encrypted attribute information by using an elliptic curve encryption algorithm to obtain the decrypted attribute information.
In an embodiment, the search module 710 is specifically configured to:
searching data corresponding to a preset rule in the database by using the preset rule; and the number of the first and second electrodes,
and determining the searched data as the watermark information.
After a method and an apparatus for watermarking and verifying a database according to an exemplary embodiment of the present disclosure are introduced, an electronic device according to another exemplary embodiment of the present disclosure is introduced.
As will be appreciated by one skilled in the art, aspects of the present disclosure may be embodied as a system, method or program product. Accordingly, various aspects of the present disclosure may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
In some possible implementations, an electronic device in accordance with the present disclosure may include at least one processor, and at least one computer storage medium. The computer storage medium stores program code, which, when executed by a processor, causes the processor to perform the steps of the watermarking and verifying method for a database according to various exemplary embodiments of the present disclosure described above in the present specification. For example, the processor may perform steps 201 and 205 as shown in FIG. 2 or steps 301 and 303 as shown in FIG. 3.
An electronic device 800 according to this embodiment of the disclosure is described below with reference to fig. 8. The electronic device 800 shown in fig. 8 is only an example and should not bring any limitations to the functionality and scope of use of the embodiments of the present disclosure.
As shown in fig. 8, the electronic device 800 is represented in the form of a general electronic device. The components of the electronic device 800 may include, but are not limited to: the at least one processor 801, the at least one computer storage medium 802, and the bus 803 that connects the various system components (including the computer storage medium 802 and the processor 801).
The computer storage media 802 may include readable media in the form of volatile computer storage media, such as random access computer storage media (RAM)821 and/or cache storage media 822, and may further include read-only computer storage media (ROM) 823.
The computer storage media 802 may also include a program/utility 825 having a set (at least one) of program modules 824, such program modules 824 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 800 may also communicate with one or more external devices 804 (e.g., keyboard, pointing device, etc.), with one or more devices that enable a user to interact with the electronic device 800, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 800 to communicate with one or more other electronic devices. Such communication may be through input/output (I/O) interfaces 805. Also, the electronic device 800 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 806. As shown, the network adapter 806 communicates with other modules for the electronic device 800 over the bus 803. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with electronic device 800, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
In some possible embodiments, the aspects of the database watermarking and verifying method provided by the present disclosure may also be implemented in the form of a program product, which includes program code for causing a computer device to perform the steps of the database watermarking and verifying method according to various exemplary embodiments of the present disclosure described above in this specification when the program product is run on the computer device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable diskette, a hard disk, a random access computer storage media (RAM), a read-only computer storage media (ROM), an erasable programmable read-only computer storage media (EPROM or flash memory), an optical fiber, a portable compact disc read-only computer storage media (CD-ROM), an optical computer storage media piece, a magnetic computer storage media piece, or any suitable combination of the foregoing.
The program product of the watermarking and verifying method of the database of the embodiments of the present disclosure may employ a portable compact disc read-only computer storage medium (CD-ROM) and include program code, and may be run on an electronic device. However, the program product of the present disclosure is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the consumer electronic device, partly on the consumer electronic device, as a stand-alone software package, partly on the consumer electronic device and partly on a remote electronic device, or entirely on the remote electronic device or server. In the case of remote electronic devices, the remote electronic devices may be connected to the consumer electronic device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external electronic device (e.g., through the internet using an internet service provider).
It should be noted that although several modules of the apparatus are mentioned in the above detailed description, such division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more of the modules described above may be embodied in one module, in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module described above may be further divided into embodiments by a plurality of modules.
Further, while the operations of the disclosed methods are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, magnetic disk computer storage media, CD-ROMs, optical computer storage media, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the present disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable computer storage medium that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable computer storage medium produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications can be made in the present disclosure without departing from the spirit and scope of the disclosure. Thus, if such modifications and variations of the present disclosure fall within the scope of the claims of the present disclosure and their equivalents, the present disclosure is intended to include such modifications and variations as well.
Claims (10)
1. A method of watermarking a database, the method comprising:
selecting a specified number of rows from a database of target users;
executing any selected row, and processing each data positioned in the target column in the row by using a hash function to obtain a hash value;
obtaining a private key in a public and private key pair for signature processing by using a data signature algorithm, carrying out signature processing on the hash value to obtain a signature value, and correspondingly storing a public key in the public and private key pair and the target user; wherein the public key is used to verify the signature value;
obtaining watermark information through the hash value and the signature value;
adding the watermark information to target locations in the rows, the target locations being in columns other than the target columns.
2. The method of claim 1, wherein before deriving the watermark information from the hash value and the signature value, the method further comprises:
encrypting the attribute information of the data in the database to obtain encrypted attribute information; the attribute information of the data is a database name;
the obtaining of the watermark information through the hash value and the signature value includes:
and determining the watermark information according to the hash value, the signature value and the encrypted attribute information.
3. The method according to claim 2, wherein the encrypting the attribute information of the data in the database to obtain the encrypted attribute information comprises:
and encrypting the attribute information of the data by using an elliptic curve encryption algorithm to obtain the encrypted attribute information.
4. The method of claim 2, wherein the determining the watermark information by the hash value, the signature value, and the encrypted attribute information comprises:
and splicing the hash value, the signature value and the encrypted attribute information according to a preset rule to obtain the watermark information.
5. A method of watermark verification of a database, the method comprising:
searching watermark information in a database of a target user; the watermark information comprises a hash value and a signature value;
inputting a public key, the hash value and the signature value which are stored correspondingly to the target user into a digital signature algorithm to verify the signature value;
and if the verification is passed, determining that the data in the database is the data of the target user.
6. The method according to claim 5, wherein the watermark information further includes encrypted attribute information;
after determining that the data in the database is the data of the target user if the verification is passed, the method further includes:
decrypting the encrypted attribute information to obtain decrypted attribute information, wherein the attribute information is attribute information of data in the database; the attribute information of the data is a database name;
and determining that the data in the database is the data of the target user by using the attribute information.
7. The method according to claim 6, wherein the decrypting the encrypted attribute information obtains decrypted attribute information; the method comprises the following steps:
and decrypting the encrypted attribute information by using an elliptic curve encryption algorithm to obtain the decrypted attribute information.
8. The method of claim 5, wherein the searching for watermark information in the database of the target user comprises:
searching data corresponding to a preset rule in the database by using the preset rule; and the number of the first and second electrodes,
and determining the searched data as the watermark information.
9. An apparatus for watermarking a database, the apparatus comprising:
a selection module for selecting a specified number of rows from a database of target users;
the hash processing module is used for executing aiming at any selected row and processing each data positioned in the target column in the row by using a hash function to obtain a hash value;
the signature processing module is used for obtaining a private key in a public and private key pair for signature processing by using a data signature algorithm, carrying out signature processing on the hash value to obtain a signature value, and correspondingly storing a public key in the public and private key pair and the target user; wherein the public key is used to verify the signature value;
the watermark information determining module is used for obtaining watermark information through the hash value and the signature value;
and the adding module is used for adding the watermark information to target positions in the rows, wherein the target positions are positioned in other columns except the target columns.
10. An apparatus for verifying a watermark in a database, the apparatus comprising:
the searching module is used for searching watermark information in a database of a target user; the watermark information comprises a hash value and a signature value;
the verification module is used for inputting a public key, the hash value and the signature value which are stored correspondingly to the target user into a digital signature algorithm to verify the signature value;
and the first data determining module is used for determining that the data in the database is the data of the target user if the verification is passed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011614326.5A CN112597456A (en) | 2020-12-30 | 2020-12-30 | Watermark adding and verifying method and device for database |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011614326.5A CN112597456A (en) | 2020-12-30 | 2020-12-30 | Watermark adding and verifying method and device for database |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112597456A true CN112597456A (en) | 2021-04-02 |
Family
ID=75206484
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011614326.5A Pending CN112597456A (en) | 2020-12-30 | 2020-12-30 | Watermark adding and verifying method and device for database |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112597456A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116541808A (en) * | 2023-07-06 | 2023-08-04 | 杭州美创科技股份有限公司 | Data watermark tracing method, device, computer equipment and storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001061913A2 (en) * | 2000-02-18 | 2001-08-23 | Verimatrix, Inc. | Network-based content distribution system |
| JP2005346192A (en) * | 2004-05-31 | 2005-12-15 | Victor Co Of Japan Ltd | Electronic document recording method and device, computer program, electronic document management system and electronic document browsing device |
| CN101236587A (en) * | 2008-02-15 | 2008-08-06 | 南通大学 | Outsourced database enquiry and verification method based on fragile watermark |
| CN101452553A (en) * | 2008-12-22 | 2009-06-10 | 武汉大学 | Trading method for protecting database copyright based on digital watermarking |
| CN102479297A (en) * | 2010-11-23 | 2012-05-30 | 工业和信息化部电信传输研究所 | Copyright protection method based on public key system and digital watermarking |
| CN104700346A (en) * | 2015-03-01 | 2015-06-10 | 江西科技学院 | Polar angle extension-based reversible blind database watermarking algorithm |
| CN109274644A (en) * | 2018-08-21 | 2019-01-25 | 华为技术有限公司 | A kind of data processing method, terminal and watermark server |
| CN110688675A (en) * | 2019-09-25 | 2020-01-14 | 卓尔智联(武汉)研究院有限公司 | Data leakage tracing device and method based on privacy protection and readable storage medium |
| CN111125750A (en) * | 2019-11-25 | 2020-05-08 | 中国科学院信息工程研究所 | Database watermark embedding and detecting method and system based on double-layer ellipse model |
| CN111797369A (en) * | 2020-07-08 | 2020-10-20 | 哈尔滨工业大学(威海) | Digital watermarking algorithm of relational database |
-
2020
- 2020-12-30 CN CN202011614326.5A patent/CN112597456A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001061913A2 (en) * | 2000-02-18 | 2001-08-23 | Verimatrix, Inc. | Network-based content distribution system |
| JP2005346192A (en) * | 2004-05-31 | 2005-12-15 | Victor Co Of Japan Ltd | Electronic document recording method and device, computer program, electronic document management system and electronic document browsing device |
| CN101236587A (en) * | 2008-02-15 | 2008-08-06 | 南通大学 | Outsourced database enquiry and verification method based on fragile watermark |
| CN101452553A (en) * | 2008-12-22 | 2009-06-10 | 武汉大学 | Trading method for protecting database copyright based on digital watermarking |
| CN102479297A (en) * | 2010-11-23 | 2012-05-30 | 工业和信息化部电信传输研究所 | Copyright protection method based on public key system and digital watermarking |
| CN104700346A (en) * | 2015-03-01 | 2015-06-10 | 江西科技学院 | Polar angle extension-based reversible blind database watermarking algorithm |
| CN109274644A (en) * | 2018-08-21 | 2019-01-25 | 华为技术有限公司 | A kind of data processing method, terminal and watermark server |
| CN110688675A (en) * | 2019-09-25 | 2020-01-14 | 卓尔智联(武汉)研究院有限公司 | Data leakage tracing device and method based on privacy protection and readable storage medium |
| CN111125750A (en) * | 2019-11-25 | 2020-05-08 | 中国科学院信息工程研究所 | Database watermark embedding and detecting method and system based on double-layer ellipse model |
| CN111797369A (en) * | 2020-07-08 | 2020-10-20 | 哈尔滨工业大学(威海) | Digital watermarking algorithm of relational database |
Non-Patent Citations (2)
| Title |
|---|
| 吴珊;叶敦范;邱耀明;: "一种安全数字水印协议的设计及应用", 信息技术, no. 03 * |
| 咸鹤群;: "机密数据库泄漏源检测与量化评估方案", 计算机学报, no. 04 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116541808A (en) * | 2023-07-06 | 2023-08-04 | 杭州美创科技股份有限公司 | Data watermark tracing method, device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110378139B (en) | Data key protection method, system, electronic equipment and storage medium | |
| CN109313690B (en) | Self-contained encrypted boot policy verification | |
| US8850206B2 (en) | Client-server system with security for untrusted server | |
| US9875370B2 (en) | Database server and client for query processing on encrypted data | |
| US20160094347A1 (en) | Method and system for secure management of computer applications | |
| CN117278224A (en) | Method and system for verifying identity attribute information | |
| KR20180084053A (en) | How to verify the execution integrity of an application on a target device | |
| JP2012118956A (en) | Index table-based code encryption and decryption device and method therefor | |
| CN115567188B (en) | Multi-key value hiding intersection solving method and device and storage medium | |
| CN111291339A (en) | Processing method, device and equipment of block chain data and storage medium | |
| US10572635B2 (en) | Automatic correction of cryptographic application program interfaces | |
| CN105893837A (en) | Application program installation method, security encryption chip and terminal | |
| CN111177693B (en) | Method, device, equipment and medium for verifying terminal root certificate | |
| US11748521B2 (en) | Privacy-enhanced computation via sequestered encryption | |
| CN105812313A (en) | Method and server for restoring session, and method and server for generating session credential | |
| US20110145568A1 (en) | Handling of the usage of software in a disconnected computing environment | |
| CN107171808A (en) | A kind of verification method and device of electronic record authenticity | |
| CN112597456A (en) | Watermark adding and verifying method and device for database | |
| CN113378195A (en) | Method, apparatus, medium, and program product for encrypted communication | |
| CN112115491A (en) | Symmetric encryption key protection method, device, equipment and storage medium | |
| CN116132041A (en) | Key processing method and device, storage medium and electronic equipment | |
| CN114117388A (en) | Device registration method, device registration apparatus, electronic device, and storage medium | |
| CN110955883B (en) | Method, device, equipment and storage medium for generating user key | |
| CN109347639B (en) | Method and device for generating serial number | |
| CN116155489A (en) | Key replacement method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |