Unlock instant, AI-driven research and patent intelligence for your innovation.

Table field level encryption and security access control method and system

A security access control, table field technology, applied in computer security devices, digital data authentication, digital data protection, etc., can solve the problem of database account password propagation, Azure cloud service column master key leakage, and column master key widespread dissemination and other problems to achieve the effect of resisting high-risk SQL operations, reducing the risk of transmission, and solving the risk of leakage

Pending Publication Date: 2022-05-10
济南超级计算技术研究院
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Because the column master key needs to be provided to the client, the column master key is widely disseminated, and there is a risk of leakage
Although SQL Server supports the Azure cloud key warehouse service, which can store column master keys in a centralized manner, not all systems support Azure cloud services, and some medical and financial institutions cannot use Azure cloud services due to factors such as security reviews. Risk of column master key disclosure
[0005] Furthermore, SQL Server does not support complete multi-factor authentication (MFA). If the account password authentication method is used, the database account password needs to be provided to the client, which will cause the dissemination of the database account password, and there is a risk of leakage.
In addition, SQL Server cannot flexibly set access rules, so it cannot effectively resist high-risk SQL operations

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Table field level encryption and security access control method and system
  • Table field level encryption and security access control method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] Such as figure 1 As shown, this embodiment provides a table field level encryption and security access control method, which is applied on the gateway side, including:

[0038] Connect to the first server through a virtual login password, and receive an access request message from the first server;

[0039] Parse the access request message to obtain the query parameters and their values ​​to be encrypted, and decrypt the ciphertext of the column encryption key according to the column master key according to the encryption type determined by the encryption field, the ciphertext of the column encryption key, and the column master key , encrypt the value of the query parameter according to the encryption type and the decrypted column encryption key, encapsulate the encrypted query parameter into an access request message, and forward it to the second server;

[0040] Receive a response message from the second server, parse and decrypt the response message, and send the de...

Embodiment 2

[0084] This embodiment provides a table field level encryption and security access control system, including:

[0085] The communication module is configured to connect to the first server through a virtual login password, and receive an access request message from the first server;

[0086] The encryption module is configured to parse the access request message, obtain the query parameters to be encrypted and their values, and decrypt the column according to the encryption type determined by the encrypted field, the ciphertext of the column encryption key, and the column master key Encrypt the ciphertext of the encryption key, encrypt the value of the query parameter according to the encryption type and the decrypted column encryption key, encapsulate the encrypted query parameter into the access request message, and forward it to the second server;

[0087] The decryption module is configured to receive a response message from the second server, parse and decrypt the respons...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a table field level encryption and security access control method and system, and the method comprises the steps: connecting a first server through a virtual login password, and receiving an access request message of the first server; analyzing the access request message to obtain a to-be-encrypted query parameter and a value thereof, determining an encryption type, a ciphertext of a column encryption key and a column master key according to the encryption field, decrypting the ciphertext of the column encryption key according to the column master key, encrypting the value of the query parameter according to the encryption type and the decrypted column encryption key, and storing the encrypted value of the query parameter. Packaging the encrypted query parameter into an access request message, and forwarding the access request message to a second server; and receiving a response message of the second server, analyzing and decrypting the response message, and sending the decrypted response message to the first server. Centralized storage, alternation, state updating and the like of the column master key are realized, propagation of the column master key is avoided, and the leakage risk is solved.

Description

technical field [0001] The invention relates to the technical field of data encryption, in particular to a table field level encryption and security access control method and system. Background technique [0002] The statements in this section merely provide background information related to the present invention and do not necessarily constitute prior art. [0003] Relational databases (SQL Server) support table field-level encryption operations (Always Encrypted), which can protect data from rogue administrators, backup thieves, and man-in-the-middle attacks. Supported encryption methods include deterministic encryption (Deterministic) and non-deterministic encryption (Randomized). The column master key (Master Key) is provided to the client in the form of an x.509 certificate to decrypt the column encryption key (Encryption Key), and then encrypt query parameters and decrypt query results. [0004] Because the column master key needs to be provided to the client, the co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/60G06F16/21G06F21/46G06F21/62
CPCG06F21/604G06F21/6218G06F21/46G06F16/21G06F21/602
Inventor 杨新群李晓峰戚勇王继志
Owner 济南超级计算技术研究院