Data access control device and data access control method

Abstract

The invention provides a data access control device. The device comprises an encryption setting module, a data encryption module and an access control module, wherein the encryption setting module sets an encryption field and a ciphertext field for a data sheet; the data encryption module encrypts the data of the encryption field, and records the obtained encrypted ciphertext into the ciphertext field; and when a user requests to access the data of the encryption field, the access control module decrypts the data of the ciphertext field according to the decryption key obtained by the user, after the decryption succeeds, the access control module records plaintext data obtained by the decryption into a corresponding field and provides the field to the user. The invention also provides a data access control method. By the technical scheme provided by the invention, the security of encryption information can be well ensured without destroying the original structure of a database and the data sheet and without increasing the calculation pressure of encryption and decryption of the database simultaneously and user access permission can be conveniently controlled.

Description

technical field [0001] The present invention relates to the field of computer technology, in particular, to a data access control device and a data access control method. Background technique [0002] In the management of modern medium and large enterprises, there are usually hundreds of users operating and using ERP (Enterprise Resource Planning) management software. Among these operating users, identities and responsibilities are different, and different positions and positions use and view data from different angles. Relying on a single function to distinguish usage permissions can no longer meet the requirements of the existing fine-grained management. [0003] In medium and large ERP management systems, usually some information can only be seen by members of specific roles, and even in the same report, operators with different identities can see different data permissions. For example, in the CRM (Customer Relationship Management) system or member management system, ho...

AI Technical Summary

Problems solved by technology

[0011] This session-based encryption method has the following defects: 1. The key is associated with user information and set by the user in advance, so that only the person who sets the password can decrypt it, and there is no certain type of person who can decrypt and view the data through authorization

2. Because the encryption and decryption are all done by the database, the requirements for the database are relatively high, which is not conducive to wide application

3. Both the encryption algorithm and the key are stored in the database, which is inherently insecure. After knowing the database password, all encrypted information can be decrypted

[0012] In addition, the encryption and decryption methods in this solution are all completed by the data container component of the client. Since there are many customer information points, it is necessary to encrypt and store the data when sensitive information is entered into the system, which affects the security of the encryption key. The requirements are relatively high, so it is best to store the encryption key and decryption key separately. If the same key is used for encryption and decryption, there will be hidden dangers to data security.

Images