A distributed database key management method, device and storage medium

CN122241731APending Publication Date: 2026-06-19JINZHUAN INFORMATION TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
JINZHUAN INFORMATION TECHNOLOGY CO LTD
Filing Date
2026-03-12
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

In distributed databases, the secure storage and unified management of keys face challenges, including storage risks across multiple data nodes, difficulties in key updates and synchronization in dynamic environments, and high operational costs and risks associated with traditional key management methods across a large number of nodes.

Method used

The system employs a collaborative approach between management nodes and external hardware cryptographic devices. Key generation, updating, backup, and recovery are achieved through a proxy process. Keys are centrally stored on the external hardware cryptographic devices and processed by the devices when needed. Encryption and decryption operations are completed on the device side, while the management platform coordinates all operations.

Benefits of technology

Significantly improves key security, reduces the risk of leakage, increases operational efficiency, enhances system scalability and disaster recovery capabilities, and ensures system security and data availability.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122241731A_ABST
    Figure CN122241731A_ABST
Patent Text Reader

Abstract

This invention relates to the field of database technology and discloses a distributed database key management method, device, and storage medium. The method includes key generation and updating, key backup and recovery. Key-related operations are performed through a secure link between the management node in the distributed database cluster and the agent processes of each component. All encryption and decryption are performed on an external hardware cryptographic device. The key does not leave the external hardware cryptographic device during use, which has extremely high security and avoids the risk of enterprise encrypted data leakage.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of database technology, and in particular to a distributed database key management method. Background Technology

[0002] In today's digital age, data has become a core asset for enterprises and organizations. Database systems, especially relational and distributed databases, serve as the core infrastructure for data storage, management, and services; their security directly impacts the confidentiality, integrity, and availability of data. Among the many database security technologies, data encryption is one of the last and most critical lines of defense for protecting sensitive information and preventing unauthorized access. The effectiveness of encryption technology fundamentally depends on key management. The key is the "key" to the encryption and decryption process; its security and the rigor of its lifecycle management directly determine the strength of data encryption. Therefore, a sound and reliable key management system is an indispensable cornerstone of database security architecture.

[0003] Distributed databases achieve load balancing and horizontal scaling by distributing data across multiple independent nodes (or shards). However, this distributed data characteristic also presents unprecedented challenges to traditional key management schemes, and there are many difficulties in implementing them. Storage risks across multiple data nodes: Staticly storing keys locally on each data node significantly increases the exposure surface of the keys. If any node is compromised, the keys stored on that node may be leaked, leading to localized or even wider data breaches. A key challenge is how to securely and distributedly store keys, ensuring that the security of the entire system's keys is not compromised even if some nodes are compromised.

[0004] Key updates and synchronization in dynamic environments present challenges: For security best practices, keys need to be rotated periodically. In distributed systems, updating a large number of keys used for massive amounts of data requires ensuring that all relevant nodes can quickly and consistently obtain the new keys and coordinate the data re-encryption process. Improper handling of this process can easily lead to serious problems such as data inconsistency or service crashes.

[0005] Traditional database key management mostly involves single-machine databases, with relatively simple system structures and minimal component key updates. Manual key updates using a traditional hierarchical key management system are easily achievable. However, distributed databases spread data across hundreds or thousands of nodes, including various types of nodes (compute nodes and data nodes). Manually updating keys on each node using scripts or commands is not only time-consuming and labor-intensive but also poses a risk of key leakage. Furthermore, the more nodes there are, the greater the risk of key exposure. Therefore, securely storing keys within nodes and mitigating this risk is crucial. Summary of the Invention

[0006] To overcome the shortcomings of existing technologies, this invention proposes a key management scheme under a distributed database architecture, which can realize the unified management of database encryption and communication keys in a distributed database cluster, supports key generation, updating, backup and recovery operations, and effectively solves the problem of secure storage and unified management of keys in a distributed database system.

[0007] To achieve the objective of this invention, this application provides a distributed database key management method, characterized by comprising: Key generation and updating, including: The management node notifies the external hardware cryptographic device to generate a new key; The management node, based on the metadata information of the distributed database cluster, notifies each component to update the key through a secure connection of the agent process; The agent process uses a new key to encrypt the original data before storing it, based on the component type and the preset script; Key backup, including: The management node notifies the external hardware cryptographic device to export the required key; After obtaining the data key, the management node encrypts the data and imports it into multiple external encrypted storage devices. Key recovery includes: The storage devices storing the component data import their respective data key components into the management node; Once the data reaches the decryption threshold, the management node recovers the data key and imports it into an external hardware cryptographic device. The management node notifies the component agent process to update the key based on the component type and key type. The agent process decrypts the original working key using an external hardware cryptographic device, decrypts the original data, and regenerates a new encrypted working key. The new working key is then used to encrypt the data.

[0008] To achieve the objectives of this invention, this application also provides an electronic device, including a processor and a memory, wherein the memory stores a program that can run on the processor, characterized in that the program, when executed by the processor, implements the steps of the above-described distributed database key management method.

[0009] To achieve the objectives of this invention, embodiments of this application also provide a computer-readable storage medium storing at least one program, characterized in that the at least one program can be executed by at least one processor to implement the steps of the above-described distributed database key management method.

[0010] The key management method for distributed databases provided by this invention is particularly suitable for securely managing and coordinating the keys of various nodes in a distributed database system, and uniformly updating, destroying, and backing them up. It effectively solves the problems of node key leakage and key synchronization in distributed database systems, and can efficiently manage various encryption keys while ensuring system security.

[0011] Compared with the prior art, the present invention has the following significant advantages and beneficial effects: (1) Significantly improve key security and fundamentally reduce the risk of key leakage. Traditional key management methods require distributing and storing keys across various distributed nodes. The more nodes there are, the larger the potential attack surface exposed to the keys. This invention addresses this by keeping critical keys permanently stored in an external, specialized hardware cryptographic device (such as an HSM). Encryption and decryption operations are performed directly on this device, with the entire process handled by the external hardware cryptographic device. The keys themselves never appear in the memory or disk of the distributed nodes. This fundamentally eliminates the risk of key leakage due to node intrusion. Operations are performed through a secure link between the management platform and the agent process, ensuring the confidentiality and integrity of the keys during transmission and use.

[0012] (2) Achieve efficient centralized and automated key management, greatly reducing operation and maintenance costs and human error. This invention provides a centralized management platform for the entire cluster's keys, overcoming the drawbacks of manually executing scripts or commands to update keys on hundreds or thousands of nodes. Administrators can easily manage the generation, updating, backup, and recovery of keys across the entire cluster through a unified management platform, significantly improving operational efficiency and avoiding tedious and error-prone manual intervention. Standardizing and automating the key management process reduces security risks caused by improper operation or negligence.

[0013] (3) Perfectly meets the complex requirements of distributed architecture and enhances system scalability This invention is specifically designed for large-scale distributed environments containing multiple nodes (compute nodes and data nodes), easily handling dynamic increases or decreases in the number of nodes. New nodes only require the deployment of an agent and connection to the management platform to be incorporated into a unified key management system, eliminating the need to redesign complex key distribution schemes. It can simultaneously manage keys for encrypting static database data and keys for encrypting dynamic communication between nodes, meeting the comprehensive security requirements of distributed databases.

[0014] Improve system reliability and disaster recovery capabilities With a reliable key backup mechanism, keys can be quickly recovered even in the event of hardware cryptographic device failure or system disaster, ensuring that encrypted data can be accessed normally and guaranteeing the continuity of distributed database services and data availability. Attached Figure Description

[0015] Figure 1 This is a flowchart illustrating a distributed database key management method. Figure 2 A schematic diagram of the key generation and update system; Figure 3 A schematic diagram of the key generation and update process; Figure 4 A system diagram for key backup and recovery; Figure 5 A flowchart illustrating the key backup process; Figure 6 This is a flowchart illustrating the key recovery process. Detailed Implementation

[0016] To make the technical solution of the present invention easier to understand, the technical solution of the present invention will be further described in detail below with reference to specific embodiments and accompanying drawings. Obviously, the following embodiments are merely some embodiments of the present invention and do not constitute a limitation on the technical solution of the present invention. For those skilled in the art, other embodiments can be obtained based on the embodiments of this application without creative effort.

[0017] It should be noted that the order of steps described in the method embodiments below does not constitute a limitation on the technical solution of the present invention. For those skilled in the art, some steps can be reasonably adjusted according to the embodiments of this application without creative effort.

[0018] Example 1

[0019] This embodiment provides a distributed database key management method, such as... Figure 1 As shown, it includes: S101. Key Generation and Update like Figure 2 , Figure 3 As shown, the specific process for key generation and updating includes: S1011, The management node notifies the external hardware cryptographic device to generate the required key.

[0020] External hardware cryptographic devices generate keys using methods such as hardware random number algorithms, SM2, and RSA. Different algorithms are selected based on the application scenario. Key types mainly include: Data key: Used for encryption. This key is a random number generated by an algorithm (such as a hardware random number algorithm).

[0021] Working key: Used to encrypt business data. When encrypting data, each data node (DN) connects to an external hardware cryptographic device (encryption machine) through a proxy process to generate an independent random number working key, and encrypts the business data using a symmetric encryption algorithm (such as the SM4 algorithm). This working key is encrypted with the data key and stored locally. It needs to be decrypted with the data key before it can be used.

[0022] Communication Key: An asymmetric key pair used to issue certificates required for the TLCP protocol between compute nodes (CN) and data nodes (DN). This key is generated using asymmetric encryption algorithms (including SM2, RSA, etc.) and is used to issue certificates required for TLCP interaction. The certificate is issued by the management node using this asymmetric key pair after generating a certificate request, and the issued certificate is stored as the communication key.

[0023] S1012. The management node, based on the metadata information of the distributed database cluster, notifies each component to update the key through a secure connection of the agent process.

[0024] In this embodiment, the management node stores the metadata information of the entire distributed database cluster. After a new key is generated, the management node, based on the information of each node in the cluster from the metadata, notifies each component to update the key via a secure connection through the agent process.

[0025] S1013. The agent process encrypts the original data using the new key through the encryption machine and stores it according to the component type and the preset script. When an old key exists, the agent process first decrypts the original data using the old key through the encryption machine, and then encrypts it again using the new key.

[0026] The component types include compute nodes and data nodes. The pre-defined script can be understood as a set of encrypted data transformation methods, which can take the form of a script, program, or hardware transformation. Its main purpose is to decrypt previously encrypted data using the original key and then re-encrypt and store it using a new key. The specific implementation process of this step includes: First, the working key encrypted locally is decrypted using the encryption machine. The decrypted working key is then used to decrypt the business data, and a new working key is generated. The business data is then encrypted again, and the newly generated working key is then encrypted using the new data key and saved locally.

[0027] Once all nodes have updated their keys, the encrypted data is updated. Subsequent use of data from nodes involves decryption via the encryption machine.

[0028] S102, Key Backup like Figure 4 , Figure 5 As shown, the specific key backup process includes: S1021, The management node notifies the encryption machine to export the required key.

[0029] S1022. After obtaining the data key, the management node encrypts the data key using a threshold algorithm.

[0030] Threshold algorithms are a core concept in the fields of secret sharing and secure multi-party computation, and are a general term for a class of methods and protocols. The core idea is to distribute and manage secrets so that a certain number of participants (reaching the "threshold") must cooperate to recover the secret or complete the computation; participants fewer than this number will not receive any information. Specifically, this embodiment uses the Shamir algorithm to implement the threshold algorithm.

[0031] S1023, The management node imports the encrypted data key into multiple external encrypted storage devices.

[0032] S103, Key Recovery like Figure 4 , Figure 6 As shown, the key recovery process includes: S1031, The storage devices storing component data import their respective data key components into the management node.

[0033] Specifically, the component data here refers to the data component of the data key encrypted using the threshold algorithm.

[0034] S1032. After the component reaches the decryption threshold, the management node recovers the data key through the threshold algorithm and imports it into the encryption machine.

[0035] S1033. The management node notifies the component agent process to update the key based on the component type and key type of the metadata.

[0036] S1034. The agent process decrypts the original working key through the encryption machine, decrypts the original data, and regenerates a new encrypted working key. The new working key is then used to encrypt the data.

[0037] At this point, the data in the data nodes has been encrypted using the regenerated working key, and the database is functioning normally.

[0038] The distributed database key management method in this embodiment is mainly applied to data encryption and encryption key management in computer distributed database systems. Its application scenarios include: (1) When there are encryption requirements for the data, secure key generation and key update of the entire database cluster are implemented.

[0039] (2) To prevent the encryption service from crashing, the key is backed up and restored after the encryption service is restored.

[0040] (3) Migrate the encryption service, and after the key is securely exported through the key backup function, it is restored in the new system.

[0041] This distributed database key management method is applicable to security scenarios across multiple industries, such as finance and telecommunications, which involve massive amounts of data and have extremely high requirements for database confidentiality. This method helps these industries efficiently and securely manage the keys of various components when using a distributed database, enabling multiple key operations, such as updates, backups, and restores, with minimal impact on business operations. This distributed database key management method executes key-related operations through a secure link between the management node in the distributed database cluster and the agent processes of each component. Important keys are stored in external hardware cryptographic devices, and all encryption and decryption are performed on these external devices, not locally within the components. The keys never leave the external hardware cryptographic device during use, significantly reducing the risk of key leakage and providing extremely high security, thus avoiding the risk of enterprise encrypted data leakage.

[0042] Example 2 This embodiment provides an electronic device, including a processor and a memory communicatively connected to the processor. The memory stores a program executable on the processor, which, when executed by the processor, implements the steps of the distributed database key management method provided in the above embodiment.

[0043] The above programs can be written in one or more programming languages ​​or a combination thereof, including object-oriented programming languages ​​such as Java, Smalltalk, and C++, as well as conventional procedural programming languages ​​such as C or similar languages. The program code can be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server.

[0044] Example 3 This embodiment provides a computer-readable storage medium storing at least one program that can be executed by at least one processor to implement the steps of the distributed database key management method provided in the above embodiment.

[0045] The aforementioned computer-readable storage media include: USB flash drives, portable hard drives, read-only memory, random access memory, magnetic disks, optical disks, and other media and combinations thereof capable of storing program code. With the development of science and technology, the meaning of storage media may become increasingly broad, extending beyond physical media.

[0046] Those skilled in the art will understand that the above embodiments are specific embodiments for implementing the present invention. In addition to the above embodiments, the present invention may have other implementation methods. All technical solutions formed by equivalent substitution or equivalent transformation fall within the protection scope claimed by the present invention.

Claims

1. A distributed database key management method, characterized in that, include: Key generation and updating, including: The management node notifies the external hardware cryptographic device to generate a new key; The management node, based on the metadata information of the distributed database cluster, notifies each component to update the key through a secure connection of the agent process; The agent process uses a new key to encrypt the original data before storing it, based on the component type and the preset script; Key backup, including: The management node notifies the external hardware cryptographic device to export the required key; After obtaining the data key, the management node encrypts the data and imports it into multiple external encrypted storage devices. Key recovery includes: The storage devices storing the component data import their respective data key components into the management node; Once the data reaches the decryption threshold, the management node recovers the data key and imports it into an external hardware cryptographic device. The management node notifies the component agent process to update the key based on the component type and key type. The agent process decrypts the original working key using an external hardware cryptographic device, decrypts the original data, and regenerates a new encrypted working key. The new working key is then used to encrypt the data.

2. The distributed database key management method as described in claim 1, characterized in that, Before the proxy process encrypts the original data using the new key, it also includes: the proxy process decrypting the original data using the old key through an external hardware cryptographic device.

3. The distributed database key management method as described in claim 1, characterized in that: The management node uses a threshold algorithm to encrypt and recover data keys.

4. The distributed database key management method as described in claim 1, characterized in that: The component types include compute nodes and data nodes.

5. The distributed database key management method as described in claim 1, characterized in that: The key types include data keys, working keys, and communication keys.

6. An electronic device comprising a processor and a memory, the memory storing a program executable on the processor, characterized in that, When the program is executed by the processor, it implements the steps of the distributed database key management method according to any one of claims 1-5.

7. A computer-readable storage medium storing at least one program, characterized in that, The at least one program may be executed by at least one processor to implement the steps of the distributed database key management method according to any one of claims 1-5.