Transparent encryption and decryption method for database based on multi-level view and trigger

Abstract

The invention discloses a transparent encryption and decryption method for a database based on a multi-level view and a trigger, which is used for encrypting and protecting data in a relational database and preventing information from being stolen illegally. Based on the view and the trigger, which are universal to the relational database, an aim of being correspondingly transparent is achieved by implementing automatic encryption and decryption of sensitive data through implementing the multi-level view and using the trigger based on a row identifier, and an application system is not needed to be modified; precise judgment on query actions to the database is implemented through the multi-level view, so that a special ciphertext and plaintext data caching strategy based on an LRU cache management mechanism is established for different types of query actions, a strategy of pre-decrypting the ciphertext data in batches is established, and efficient ciphertext query is implemented.

Description

technical field [0001] The invention relates to the field of computer data security, in particular to a method for encrypting and decrypting data in a relational database. Background technique [0002] With the rapid development of computer technology, the application of database has been very extensive and has penetrated into various fields. Government organizations, commercial organizations, and financial institutions all use database servers to save various sensitive data such as important personnel information, trade records, and market decision-making information. The importance of these data is unquestionable, it is related to the security of the country and the rise and fall of enterprises. Therefore, how to effectively ensure the security of the database system and realize the confidentiality, integrity, validity and availability of data has become an important research topic for people in the industry. At present, the mainstream commercial databases used in China ...

AI Technical Summary

Problems solved by technology

[0003] In the prior art, the encryption protection method based on the database front agent is generally adopted. The disadvantage of this method is that the application must use the API provided by the encryption front agent, so the existing program needs to be modified, and the transparency of the application cannot be realized; The second is that the features of a large number of database products cannot be used normally, and this "pre-encryption and decryption" method is invalid for stored procedures and functions executed inside the database

[0004] In recent years, database-based views and triggers have been used to implement transparent encryption and decryption methods. This method currently uses a single-level view, which cannot implement encryption processing on tables without primary keys, and cannot achieve true application transparency. For tables with composite primary keys, its data update performance will be affected; at the same time, it cannot accurately determine how the database optimizer handles the data retrieval method of any query operation request, resulting in the inability to perform effective data caching and batch pre-decryption processing. processing, which greatly affects the performance of the query