118 results about "Database encryption" patented technology

A database encryption system and method, the Structure Preserving Database Encryption (SPDE), is presented. In the SPDE method, each database cell is encrypted with its unique position. The SPDE method permits to convert a conventional database index into a secure one, so that the time complexity of all queries is maintained. No one with access to the encrypted database can learn anything about its content without the encryption key. Also a secure index for an encrypted database is provided. Furthermore, secure database indexing system and method are described, providing protection against information leakage and unauthorized modifications by using encryption, dummy values and pooling, and supporting discretionary access control in a multi-user environment.

One embodiment of the present invention provides a system for managing encryption within a database system that is managed by a database administrator, and wherein a user administrator not otherwise associated with the database system, manages users of the database system. This system performs encryption automatically and transparently to a user of the database system. The system operates by receiving a request to store data in a column of the database system. If a user has designated the column as an encrypted column, the system automatically encrypts the data using an encryption function. This encryption function uses a key stored in a keyfile managed by the security administrator. After encrypting the data, the system stores the data in the database system using a storage function of the database system.

A relational database system for encryption of individual data elements comprising a encryption devices of at least two different types, the types being tamper-proof hardware and software implemented. The encryption processes of the system are of at least two different security levels, differing in the type of encryption device holding the process keys for at least one of the process key categories and also differing in which type of device executing the algorithm of the process. Each data element to be protected is assigned an attribute indicating the usage of encryption process of a certain security level.

The invention relates to a security data item level database encryption method. Confidential data is encrypted by a data item level particle size; a hash function is used for deriving an encryption key of each data item according to a derived key and unique positioning information of the data item, even the data item encryption keys for encryption of all integral databases can be derived by using one key to reduce the using amount of the keys and facilitate key management; and a stream cipher algorithm is used for encrypting the data items to avoid filling. A ciphertext index is also encrypted by the stream cipher algorithm; each field (column) is encrypted by using the same key; therefore, searching keywords can be encrypted and then ciphertexts of corresponding fields are matched in spite of precise complete or incomplete searching. The method also has complete security functions of key management, secret sharing, security backup, mandatory access control, security connection and the like.

The user authority safety management system and method, wherein the system comprises a plurality of client end computers, a distributed application program server and a data base, the user calls the application program device for proceeding operation definition and role definition through the user interface on the client end computer, and store the information into the database. The invention realizes the user authority control based the system operation, thus guaranteeing the expandability of the system.

The invention provides an SQL rewrite based database external encryption/decryption system and a usage method thereof. The system comprises an SQL rewrite main module, a statement parsing module, a grammatical rule management module, an encryption/decryption table management module, a rewrite execution module and a data encryption/decryption module. The method comprises the steps of executing a rewritten data sheet creation process, a rewritten data insertion process and a data query process. According to the system and the method, an SQL rewrite technology is used, and data are encrypted and decrypted outside a database system, so that encryption/decryption costs of the database system are avoided.

Systems and processes for assembling de-identified patient healthcare data records in a longitudinal database are provided. The systems and processes may be implemented over multiple data suppliers and common database facilities while ensuring patient privacy. At the data supplier locations, patient-identifying attributes in the data records are placed in standard format and then doubly encrypted using a pair of encryption keys before transmission to a common database facility. The pair of encryption keys includes a key specific to the data supplier and a key specific to the common database facility. At the common database facility, the encryption specific to the data supplier is removed, so that multi-sourced data records have only the common database encryption. Without direct access to patient identifying-information, the encrypted data records are assigned dummy labels or tags by which the data records can be longitudinally linked in the database. The tags are assigned based on statistical matching of the values of a select set of encrypted data attributes with a reference database of tags and associated encrypted data attribute values.

The invention provides a database security system based on storage encryption, comprising a database encryption server, a database encryption expansion component, a safe database access interface anda management tool. A database encryption service system encrypts and decrypts all data in the database security system and intensively applies safety control and management; the database encryption expansion component connects with the database encryption service system and a database management system and calls a cipher service function of the database safety service system to encrypt and decryptroutine data; the safe database access interface provides safe and transparent database access support to an application system; the management tool is used for safety configuration management by management personnel. The database security system provides an interface standard conforming to database access, supports transparent encryption and decryption of routine data and big data object, and screens complex details realizing the security function of the database for the application system.

A method for encrypting a database, according to which a dedicated encryption module is placed inside a Database Management Software above a database cache. Each value of the database is encrypted together with the coordinates of said value using a dedicated encryption method, which assumes the existence of an internal cell identifier that can be queried but not tampered.

Provided is a system for suppressing database information leakage, and improving processing efficiency. A user system (20) for connecting to a database system (10) via a network (30) is provided with means (23, 24) for managing key information for encryption and decryption, and a storage unit (25) for storing the safety setting information for data and/or metadata. The user system (20) is further provided with an application response means (22) for: determining whether encryption of a database operation command is necessary; selecting an encryption algorithm according to the data and/or metadata when encryption is necessary, transmitting the database operation command to a database control means (12) after encryption thereof, and executing the database (11) operation; transmitting the database operation command to the database control means (12) when encryption is not necessary, and executing the database operation; receiving a processing result transmitted by the database control means; executing the necessary decryption or conversion when decryption or conversion of the processing result data and/or metadata is necessary; and returning the processing result data and/or metadata as a response to the database operation command. The user system (20) is also provided with a safety setting means (26) for setting the safety information for data stored in the database.

The invention provides an encipherment protection system and an encipherment protection method for a database in a cloud computing environment. The encipherment protection system provided by the invention comprises an application interface, a task management subsystem, a resource management subsystem and an encipherment engine pool. The encipherment protection system provided by the invention has the following advantages that 1. the encipherment protection system adopts the encipherment engine pool so as to avoid that the database performance is reduced by the influence of the overload operation of encipherment and decryption modules; 2. an application system is entirely transparent to final users of the database, so that the conversion between clear test and cipher text can be carried out according to the requirements; 3. the encipherment engine pool is fully independent from the database and the application system, so that the encipherment function of data can be realized without changing the database and the application system; 4. the encipherment engine pool constructed by using virtualization technologies has favorable manageability and elasticity, and can be constructed according to the requirements, the bottleneck problems of the fine granularity and the large concurrency access in the application of a relational database are solved, resources can be reasonably used, and the capability and the efficiency of a database server are enhanced.

The invention relates to a ciphertext indexing method for database encrypted fields and an in-base encryption system and belongs to the field of information security technology. According to the method, first, identification ID is mapped to encryption ID based on an encrypted field P1, (encryption ID, Hash value) is saved into a T2(ID2, P2), finally, a ciphertext index table T2 is established, and the table where the encrypted field P1 exists is recorded as T1, wherein the table T2 comprises a ciphertext index field P2, and fields ID2 in one-to-one correspondence with records in the T1 are recorded in the T2; and then, content of a to-be-encrypted field is mapped to the Hash value based on an order-preserving Hash function, equivalent query and range query of the encrypted field are realized based on the Hash value obtained after the record of the content of the to-be-encrypted field is mapped to the Hash value based on an encryption function, decryption is performed on the recorded ID2 according to query results to obtain a record set in the T1, and the record set is returned. Compared with the prior art, the method is good in reliability and high in universality, meanwhile has high security and can guarantee extremely high retrieval and storage efficiency.

The invention is suitable for the field of information security and provides a field-level database encryption device, which comprises a user information storage unit, a database field encryption setting unit and a database access preprocessor, wherein the user information storage unit is used for storing database encryption symmetric keys which are encrypted through user public keys; the database field encryption setting unit is used for setting whether fields in a database are encrypted or not; and the database access preprocessor is used for conducting encryption conversion or decryption conversion to database access statements according to the decrypted database encryption symmetric keys and field encryption setting information in the database field encryption setting unit. By using the field-level database encryption device, a user can select different symmetric encryption algorithms supported by a database system according to demands for different encryption intensities, an application program does not need to conduct encryption or decryption operation to the database, all data encryption and decryption operations are completed by the database system, a full-text retrieval function of data items can be supported, and the original database access statements are not needed to be changed and can be directly and transparently used.

The present disclosure is directed to a method for database encryption, which includes maintaining a database having fields and storing one or more data elements in a location associated with an IP address, wherein the IP address is 128 bits or greater and wherein the location of the IP address is remote from the location at which the database is maintained. The method may include storing, in at least one field of the database, a reference including an IP address corresponding with at least one of the data elements. In addition, the method may include retrieving the reference responsive to a request received from a user. Further, the method may include engaging a security layer around the data element, including performing at least one security check according to a security protocol, and determining whether to grant access to the at least one data element based on the security protocol.

The invention discloses a method and a system for partial matching query of an encrypted field in a database. The method comprises the following steps: creating a data record table; creating an encrypted index table for the encrypted field according to the data record table; obtaining and encrypting a to-be-queried field by program; querying completely matched data from the data record table through a structured query language (SQL) sentence, and recording the completely matched data as first values; carrying out secure hash algorithm (SHA) hashing on the to-be-queried field, and querying a corresponding unique data identifier from the encrypted index table through the SQL sentence; and querying all data with the unique data identifier in the data record table according to the corresponding unique data identifier, and recording the data as second values; and merging the first values with the second values. In the manner, an encryption scheme can be used only by partial matching query of the field under the condition of ensuring the performance, so that the safety and the usability of the system are improved.

The invention discloses a database encryption method and device, a database decryption method and device, a storage medium, and a terminal. The method comprises the steps of encrypting, based on secret keys, to-be-encrypted fields of a database; and mixing the secret keys according to a preset mixing manner, and storing the mixed secret keys. According to the method, the fields of the database areencrypted, and the secret keys are mixed, so that even if an unauthorized user cracks a mobile terminal and acquires database content, the user cannot acquire a correct secret key so as not to decrypt encrypted database fields, therefore, the database content is protected, the operating risk of the application is lowered, and the use safety for the user is improved.

The invention provides a database encryption and decryption method and device. The method comprises the steps that version information, a mark and an encryption algorithm corresponding to a database are written into a preset position in a database to be encrypted, an encrypted password is calculated according to the version information and the mark corresponding to the database to be encrypted, and the encrypted password is written into a password verifying position in the database; during decryption, an encryption password in the preset position and the content of the password verifying position in a database to be decrypted are read, and the encryption password and the content of the password verifying position are compared; if the encryption password and the content of the password verifying position are consistent, the database can be opened only when a secret key is obtained according to a secondary encryption algorithm and the password verifying position is backfilled with the secret key; the file loading correctness of the database can be ensured, meanwhile, the cracking difficulty of the database can be improved, and the safety of the encrypted database is improved.

The invention discloses an efficient database encryption method based on dictionary mapping. The method comprises at least a dictionary generation process, a dictionary encryption and storage process,a dictionary calling and decryption process, a ciphertext data generation and storage process, a ciphertext search process, a dictionary update process, and a double-dictionary running process. The efficient database encryption method based on dictionary mapping effectively prevents data information from disclosing after a database is invaded, and makes data break and breach much harder at the cost of small system performance.

A database encryption and query method keeping an order within a bucket partially, which encrypts and stores numeric data in a database, includes calculating a relative value of a plaintext within a bucket to which the plaintext is allocated; generating a first key value by producing a random number within the bucket; generating a second key value for defining a function having a bucket range of the bucket as an input; and changing the relative value based on the first and the second key value with keeping an order of the relative value partially to store the changed relative value. The first key value may be a value of separating order informations on the relative value. Further, the second key value may be a resultant value obtained by applying a mod 2 operation to the bucket size of the bucket.

According to an embodiment of the present invention, the invention relates to a method for encrypting a database and a database server. The method comprises encrypting a data value included in a data table stored in a memory and storing the encrypted data value in a persistent storage medium. The method comprises the following steps: a step of generating an encrypted data value based on the data value included in the data table stored in a memory; a step of generating a hash value that matches the encrypted data value at least partially based on the data value and positional information of the data value; and a step of determining to write the encrypted data value and the hash value on a persistent storage medium.

The invention discloses a secure data mirroring method with a key negotiation function. The system comprises a master database encryption module, a master database security mirroring module, a slave database security mirroring module and a slave database decryption module. The main database encryption module is responsible for performing encryption preprocessing and grouping encryption on data ofa main database based on a CBC mode, and transmitting the data in a ciphertext mode to ensure confidentiality; the slave database decryption module is responsible for decrypting and verifying the integrity of the mirror image data and restoring the mirror image data based on the CBC mode, and has the capability of resisting replay attack; the master database encryption module and the slave database decryption module distribute session keys through the key forwarding center to ensure the safety of key distribution; and the master database security mirroring module and the slave database security mirroring module avoid data leakage through authorization and encrypted mirroring data transmission. The invention provides an encrypted data mirroring method which realizes safe data synchronization and is suitable for master-slave replication among all databases.

The invention discloses a data acquisition system for an electricity vending system. The data acquisition system comprises a client application end, a server end and an electricity vending terminal, wherein the client application end is in communication and connection with the electricity vending terminal through the server end. The invention further discloses a self-upgrade type electricity vending system utilizing the data acquisition system and an automatic upgrading method thereof. The server end of the data acquisition system disclosed by the invention can provide the access to a main station terminal database, encryption service and the like through a provided WEB-SERVICE interface so as to respond to different requests of a client; and after a server receives the request, corresponding data or parameters can be obtained, and an electricity vending TOKEN code is further required in an encrypted way. According to the data acquisition system disclosed by the invention, mounting and use of the client can be facilitated; and simultaneously, data communication between the client and the server is of required data which is in TOKEN way purely, picture graphs, tables or other unrelated stream media data are not involved, and data traffic and bandwidth are saved.

The invention relates to a database data encryption and decryption method and device, computer equipment and a storage medium. The method comprises the steps that acquiring an access request initiatedby an application service to a database; reading a database configuration template according to the access request; when determining that a database table accessed by the access request contains encrypted and stored fields according to the database configuration template, calling an encryption and decryption interface to encrypt and decrypt data corresponding to the fields; wherein the database configuration template configures a configuration item containing fields needing to be encrypted and stored for each database table; wherein the encryption and decryption interface is generated according to a key corresponding to the application service, and the key is loaded from a key machine according to the application service identifier. The key distribution efficiency and security can be improved.