A method for database encryption using an encrypted string
By using encrypted strings in the database management system and generating encryption keys with hardware information, the problems of coarse data management and key security in traditional database management systems are solved. This enables fine-grained access control and protection against social engineering and brute-force attacks, thereby improving data storage security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SHANDONG HENGYUN INFORMATION TECH CO LTD
- Filing Date
- 2026-04-08
- Publication Date
- 2026-06-23
Smart Images

Figure QLYQS_16 
Figure QLYQS_21 
Figure QLYQS_22
Abstract
Description
Technical Field
[0001] This invention relates to the field of information security technology, and specifically to a method for encrypting a database using encrypted strings. Background Technology
[0002] In contemporary society, where the value of data assets is becoming increasingly prominent, data management requires more granularity, stricter security access control, and more rigorous data access logic.
[0003] Traditional database management systems, which use a rudimentary account + password management model, have the following problems:
[0004] 1. Data management is too broad. All tables and all data under the same account can be clearly accessed, making fine-grained control impossible. For example, setting access permissions for table A to a specific host, or only allowing applications with authentication keys to access table A.
[0005] 2. Key Security Measures: Traditionally, passwords are set by administrators, making them vulnerable to attacks using brute-force algorithms and social engineering techniques, leading to password leaks. In some environments, passwords are set in application configuration files, making them easily accessible to application administrators—all potential risks.
[0006] 3. Data leaks caused by storage media, such as when a hard drive storing database files is taken to another computer and data leaks occur due to access to the data files. Summary of the Invention
[0007] To overcome the shortcomings of the above technologies, this invention provides a method for effectively preventing social engineering and brute-force attacks by using encrypted strings to encrypt databases.
[0008] The technical solution adopted by this invention to overcome its technical problems is:
[0009] A method for encrypting a database using an encrypted string includes:
[0010] S1. In the database management system, add a column to the data dictionary table that records information about all data tables in the database. This column records whether the corresponding table in the database is an encryption algorithm used by the encrypted meter.
[0011] S2. When creating a new data table in the database, select "encrypted table" in the corresponding column of the data dictionary, and the administrator enters three coordinate points;
[0012] S3. When the database management system receives a table creation command, it receives three coordinate points and uses computer hardware information to generate a fourth coordinate point.
[0013] S4. Calculate the identification code authKey using the four coordinate points;
[0014] S5. Using the identification code authKey as the encryption key, the information to be written to the database is encrypted and stored as ciphertext, or the encrypted data read out is decrypted.
[0015] S6. When reading or modifying a created data table, provide three coordinate points to the database management system and generate a fourth coordinate point using computer hardware information. Calculate the identification code authKey. After the database management system verifies that the authKey encryption and decryption are correct, it performs read and write operations on the table data.
[0016] Furthermore, in step S1, the database management system is a relational database management system or an embedded database management system.
[0017] Furthermore, in step S2, the administrator inputs three coordinate points as follows: , , coordinates The X-axis coordinate is Y-axis coordinate is Z-axis coordinates are coordinates The X-axis coordinate is Y-axis coordinate is Z-axis coordinates are coordinates The X-axis coordinate is Y-axis coordinate is Z-axis coordinates are .
[0018] Furthermore, the fourth coordinate point in step S3 is... coordinates The dimension is three-dimensional. CPU identification code This is the motherboard identification code. This is the network card identification code.
[0019] Furthermore, step S4 includes the following steps:
[0020] S4-1. Through formula The adjusted coordinates were calculated. Through formula The adjusted coordinates were calculated. Through formula The adjusted coordinates were calculated. Construct coordinate points , ;
[0021] S4-2. Through formula The spatial centroid was calculated. Spatial centroid The X-axis coordinate is Y-axis coordinate is Z-axis coordinates are ;
[0022] S4-3. Based on coordinate points Calculate the length of the six weighted edges , , , , , ;
[0023] S4-4. Through formula The volume of the parallelepiped was calculated. , To take the norm;
[0024] S4-5. Using the lengths of the six weighted edges , , , , , Spatial centroid Volume of a parallelepiped The identification code authKey is calculated.
[0025] Furthermore, in step S4-3, the formula is used... The edge weight length is calculated. Through formula The edge weight length is calculated. Through formula The edge weight length is calculated. Through formula The edge weight length is calculated. Through formula The edge weight length is calculated. Through formula The edge weight length is calculated. .
[0026] Furthermore, through the formula The authentication code authKey is calculated, where, For Hamiltonian operators, , The unit vector in the X-axis direction. It is the unit vector in the Y-axis direction. It is the unit vector in the Z-axis direction. , To take the absolute value, , , , , This is for rounding down.
[0027] Furthermore, in step S5, the AES-256 algorithm or the SM4 algorithm is used to obtain the encryption and decryption key for writing data to the authKey.
[0028] The beneficial effects of this invention are: avoiding subjective issues caused by administrators and effectively preventing problems such as social engineering and brute-force attacks. Distributed storage of encryption parameters effectively avoids data leakage caused by storage media migration. For example, before each encryption operation, the algorithm extracts certain unique hardware identifiers as parameters for computation. When the database is migrated to a new hardware server platform (e.g., the hard drive is stolen and placed on another server), the hardware change will cause the computation results to deviate from the correct values, making decryption impossible. Data authorization can be precise down to the data table level, providing underlying technical support for data classification and grading. Detailed Implementation
[0029] The present invention will be further described below.
[0030] A method for encrypting a database using an encrypted string includes:
[0031] S1. In the database management system, add a column to the data dictionary table that records information about all data tables in the database. This column records whether the corresponding table in the database uses an encryption algorithm.
[0032] S2. When creating a new data table in the database, select "encrypted table" in the corresponding column of the data dictionary, and the administrator enters three coordinate points.
[0033] S3. When the database management system receives a create table command, it receives three coordinate points and uses computer hardware information to generate a fourth coordinate point.
[0034] S4. Calculate the identification code authKey using the four coordinate points.
[0035] S5. Using the identification code authKey as the encryption key, the information to be written to the database is encrypted and stored as ciphertext, or the encrypted data read out is decrypted.
[0036] S6. When reading or modifying a created data table, provide three coordinate points to the database management system and generate a fourth coordinate point using computer hardware information. Calculate the identification code authKey. After the database management system verifies that the authKey encryption and decryption are correct, it performs read and write operations on the table data.
[0037] By distributing the parameters for password calculation across multiple different locations, an algorithm combines these parameters when database fields need to be accessed to obtain the correct decryption key. Parameters set by the administrator are no longer expressed as passwords but instead as spatial coordinates. The administrator provides three spatial coordinates, obtains a hardware identification code, and generates a fourth spatial coordinate. The purpose of generating the authKey through an algorithm is to replace the traditional method of administrators subjectively setting passwords. Coordinates replace strings, and the algorithm ensures password complexity and security. The database management system itself only stores the algorithm and encrypted data files; it does not store any keys. The administrator only possesses a subset of keys, presented in a coordinate system. There is a strict binding to the server running the database system; changing the device renders it unusable.
[0038] In one embodiment of the present invention, the database management system in step S1 is a relational database management system or an embedded database management system.
[0039] In one embodiment of the present invention, in step S2, the administrator inputs three coordinate points as follows: , , coordinates The X-axis coordinate is Y-axis coordinate is Z-axis coordinates are coordinates The X-axis coordinate is Y-axis coordinate is Z-axis coordinates are coordinates The X-axis coordinate is Y-axis coordinate is Z-axis coordinates are .
[0040] In one embodiment of the present invention, the fourth coordinate point in step S3 is: coordinates The dimension is three-dimensional. CPU identification code This is the motherboard identification code. This is the network card identification code.
[0041] In one embodiment of the present invention, step S4 includes the following steps:
[0042] S4-1. Through formula The adjusted coordinates were calculated. Through formula The adjusted coordinates were calculated. Through formula The adjusted coordinates were calculated. Construct coordinate points , .
[0043] S4-2. Through formula The spatial centroid was calculated. Spatial centroid The X-axis coordinate is Y-axis coordinate is Z-axis coordinates are .
[0044] S4-3. Based on coordinate points Calculate the length of the six weighted edges , , , , , .
[0045] S4-4. In three-dimensional space, four vertices not on the same plane form a tetrahedron. The volume of the tetrahedron needs to be calculated. The volume of the parallelepiped spanned by three vectors originating from the same point can be calculated using the formula... The volume of the parallelepiped was calculated. , To take the norm.
[0046] S4-5. Using the lengths of the six weighted edges , , , , , Spatial centroid Volume of a parallelepiped The identification code authKey is calculated.
[0047] In one embodiment of the present invention, step S4-3 is performed using the formula The edge weight length is calculated. Through formula The edge weight length is calculated. Through formula The edge weight length is calculated. Through formula The edge weight length is calculated. Through formula The edge weight length is calculated. Through formula The edge weight length is calculated. .
[0048] In one embodiment of the present invention, through formula The authentication code authKey is calculated, where, For Hamiltonian operators, , The unit vector in the X-axis direction. It is the unit vector in the Y-axis direction. It is the unit vector in the Z-axis direction. , To take the absolute value, , , , , This formula is for rounding down. It is a unique feature quantization and encoding model for four-point configurations in three-dimensional space, used for high-fidelity feature extraction and unique characterization of the geometric topology formed by four points in three-dimensional space. The formula uses the coordinates of the four points, the centroid of the space, the geometric scale of the six edges between the point sets, and the volume of the tetrahedron as basic geometric parameters. Through multi-level nonlinear mappings such as vector operations, integral transformations, series summations, multiplication operations, and matrix algebraic transformations, it fuses discrete spatial geometric information into a single compact feature value.
[0049] This feature value can uniquely identify a set of four spatial configurations, exhibiting high sensitivity and strong discriminative power against coordinate perturbations, positional offsets, and scale changes. It enables accurate matching, uniqueness verification, and tamper-proof identification of spatial configurations. By integrating multi-dimensional geometric features, it effectively improves the uniqueness and stability of spatial structure identification, and can be applied to technical scenarios such as spatial configuration recognition, data uniqueness binding, encrypted feature generation, and geometric topology verification.
[0050] In one embodiment of the present invention, in step S5, the AES-256 algorithm or the SM4 algorithm is used to obtain the encryption and decryption key for writing data to the identification code authKey.
[0051] Finally, it should be noted that the above descriptions are merely preferred embodiments of the present invention and are not intended to limit the present invention. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art can still modify the technical solutions described in the foregoing embodiments or make equivalent substitutions for some of the technical features. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the protection scope of the present invention.
Claims
1. A method for encrypting a database using an encrypted string, characterized in that, include: S1. In the database management system, add a column to the data dictionary table that records information about all data tables in the database. This column records whether the corresponding table in the database is an encryption algorithm used by the encrypted meter. S2. When creating a new data table in the database, select "encrypted table" in the corresponding column of the data dictionary, and the administrator enters three coordinate points; S3. When the database management system receives a table creation command, it receives three coordinate points and uses computer hardware information to generate a fourth coordinate point. S4. Calculate the identification code authKey using the four coordinate points; S5. Using the identification code authKey as the encryption key, the information to be written to the database is encrypted and stored as ciphertext, or the encrypted data read out is decrypted. S6. When reading or modifying a created data table, provide three coordinate points to the database management system and generate a fourth coordinate point using computer hardware information. Calculate the identification code authKey. After the database management system verifies that the authKey encryption and decryption are correct, it performs read and write operations on the table data. In step S2, the administrator inputs three coordinate points as follows: , , coordinates The X-axis coordinate is Y-axis coordinate is Z-axis coordinates are coordinates The X-axis coordinate is Y-axis coordinate is Z-axis coordinates are coordinates The X-axis coordinate is Y-axis coordinate is Z-axis coordinates are ; The fourth coordinate point in step S3 is coordinates The dimension is three-dimensional. CPU identification code This is the motherboard identification code. For network card identification code; Step S4 includes the following steps: S4-1. Through formula The adjusted coordinates were calculated. Through formula The adjusted coordinates were calculated. Through formula The adjusted coordinates were calculated. Construct coordinate points , ; S4-2. Through formula The spatial centroid was calculated. Spatial centroid The X-axis coordinate is Y-axis coordinate is Z-axis coordinates are ; S4-3. Based on coordinate points Calculate the length of the six weighted edges , , , , , ; S4-4. Through formula The volume of the parallelepiped was calculated. , To take the norm; S4-5. Using the lengths of the six weighted edges , , , , , Spatial centroid Volume of a parallelepiped The identification code authKey is calculated.
2. The method for encrypting a database using an encrypted string according to claim 1, characterized in that: In step S1, the database management system is either a relational database management system or an embedded database management system.
3. The method for encrypting a database using an encrypted string according to claim 1, characterized in that: In step S4-3, the formula is used. The edge weight length is calculated. Through formula The edge weight length is calculated. Through formula The edge weight length is calculated. Through formula The edge weight length is calculated. Through formula The edge weight length is calculated. Through formula The edge weight length is calculated. .
4. The method for encrypting a database using an encrypted string according to claim 2, characterized in that: Through formula The authentication code authKey is calculated, where, For Hamiltonian operators, , The unit vector in the X-axis direction. It is the unit vector in the Y-axis direction. It is the unit vector in the Z-axis direction. , To take the absolute value, , , , , This is for rounding down.
5. The method for encrypting a database using an encrypted string according to claim 1, characterized in that: In step S5, the AES-256 algorithm or SM4 algorithm is used to obtain the encryption and decryption key for writing data to the authKey.