General database transparent encryption system

A transparent encryption and database technology, applied in the fields of information security and database encryption, can solve the problem of not supporting general database types and general SQL statement types, and achieve the effect of reducing storage overhead, high versatility, and preventing data leakage

Active Publication Date: 2017-07-07
戴林
View PDF5 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The purpose of the present invention is to propose a general database transparent encryption system for the existing database encryption technology that does n

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • General database transparent encryption system
  • General database transparent encryption system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] Such as figure 1 Shown is a structural schematic diagram of a general database transparent encryption system, which consists of figure 1 It can be seen that the database encryption system is composed of SQL gateway and encryption plug-in. The SQL gateway is located at the entrance of the database in the form of a proxy, accepts all access to the database, rewrites the access and forwards it to the database instance, and the database instance invokes the encryption plug-in according to the received request to realize transparent encryption and decryption of the database.

[0039] The specific steps for a SQL request to be processed are as follows:

[0040] Step (1) The client sends a SQL request;

[0041] Step (2) The SQL gateway receives the SQL request and rewrites it according to the SQL content;

[0042] Step (3) The SQL gateway sends the rewritten SQL request to the database instance;

[0043] Step (4) The database instance executes the received SQL request, and...

Embodiment 2

[0047] Taking the ORACLE database as an example, this embodiment describes in detail the encryption transformation process of the existing ORACLE data table by a general database transparent encryption system of the present invention.

[0048]Table 1 shows the original data table T1 before encryption in this embodiment. It includes two fields C1 and C2 and there are already some records. The field ROWID is a pseudo-column provided by the ORACLE system, and its value indicates the physical location of each record, and is also the unique identifier of the encrypted record. C1 is a character field, which is a non-sensitive field and does not need to be encrypted. C2 is a numeric field and is a field to be encrypted.

[0049] Table 1: T1

[0050] ROWID C1 C2 1 APPLE 1 2 BEE 2 3 CAT 3 4 DOG 4

[0051] First, for the table T1 in the above-mentioned embodiment 1, the field C2 is renamed to EC2, and the ciphertext encrypted by the origin...

Embodiment 3

[0058] This embodiment elaborates in detail the specific processing of the SELECT request during the implementation of a general database transparent encryption system of the present invention.

[0059] Depend on figure 2 It can be seen that for the SELECT request, the SQL gateway replaces the encrypted field before WHERE with a decryption function call, especially, replaces the encrypted field in the WHERE query condition or the encrypted field in the range query condition with the call of the order-preserving index function. For example, for an equivalence query:

[0060] SELECT C2 FROM T1 WHERE C2 = 2;

[0061] Rewritten on the SQL Gateway, this translates to:

[0062] SELECT DEC(EC2) AS C2 FROM T1 WHERE IDX_C2>=IDX_LOW(2)

[0063] AND IDX_C2<=IDX_UP(2);

[0064] The SQL gateway replaces the encrypted field C2 outside the query condition in the statement with the call of the decryption function DEC(). The parameter of this function call is the content of the correspond...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a general database transparent encryption system and belongs to the fields of information security and database encryption technologies. According to the system, first, an existing data table is subjected to encryption transformation, the table where an encrypted field P1 exists is recorded as T1, and a ciphertext index field I1 is established based on the encrypted field P1; and then, the content of a to-be-encrypted field is mapped to a Hash value based on an order-preserving Hash function, and the Hash value is used as an index value to be interposed into the field I1. The system comprises an SQL gateway module and an encryption plug-in module, wherein the SQL gateway module is used for receiving and rewriting an SQL statement sent by a client, sending the SQL statement to a database server and forwarding a result returned by the database server to the client; and the encryption plug-in module is located in a database, mainly comprises a series of user-defined functions (UDFs) and achieves encryption, decryption and ciphertext indexing functions according to the SQL statement obtained after rewriting. Compared with the prior art, the truly-general database encryption system is realized.

Description

technical field [0001] The invention relates to a gateway-type database transparent encryption system, which belongs to the technical field of information security and database encryption. Background technique [0002] At present, data leakage incidents occur frequently, and all walks of life are not immune. The storage of plaintext data in the database is insecure, and attackers can steal data through social engineering and technical intrusion. The security of the database is becoming more and more important. Encrypting the sensitive fields in the database is an effective security method. [0003] Encryption of sensitive database fields can be achieved by combining triggers and views, which is an in-library encryption method. Its core idea is to use the views and triggers provided by the database itself to hide the original table data and implement encryption and decryption in operations such as adding, deleting, modifying and checking data, and use the custom index mecha...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/60G06F21/62G06F17/30H04L9/06
CPCG06F16/21G06F21/602G06F21/6218H04L9/0643
Inventor 戴林
Owner 戴林
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap