[go: up one dir, main page]

CN101464902B - A method and system for verifying outsourced database query results - Google Patents

A method and system for verifying outsourced database query results Download PDF

Info

Publication number
CN101464902B
CN101464902B CN2009100760403A CN200910076040A CN101464902B CN 101464902 B CN101464902 B CN 101464902B CN 2009100760403 A CN2009100760403 A CN 2009100760403A CN 200910076040 A CN200910076040 A CN 200910076040A CN 101464902 B CN101464902 B CN 101464902B
Authority
CN
China
Prior art keywords
tuple
verification
query
outsourced database
query result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2009100760403A
Other languages
Chinese (zh)
Other versions
CN101464902A (en
Inventor
张敏
陈驰
冯登国
洪澄
张德胜
陈荣国
张明波
谢炯
程昌秀
卢战伟
景宁
熊伟
邓亚丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Software of CAS
National University of Defense Technology
Institute of Geographic Sciences and Natural Resources of CAS
Original Assignee
Institute of Software of CAS
National University of Defense Technology
Institute of Geographic Sciences and Natural Resources of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Software of CAS, National University of Defense Technology, Institute of Geographic Sciences and Natural Resources of CAS filed Critical Institute of Software of CAS
Priority to CN2009100760403A priority Critical patent/CN101464902B/en
Publication of CN101464902A publication Critical patent/CN101464902A/en
Application granted granted Critical
Publication of CN101464902B publication Critical patent/CN101464902B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本发明公开了一种外包数据库查询结果验证方法及其系统,属于计算机软件技术领域。本发明的方法为:首先对外包数据库进行封装,嵌入顺序标记属性和验证对象属性;然后修改查询语句,利用返回的元组验证对象属性验证返回结果集的真实性、利用返回的元组顺序标记属性验证返回结果集的完备性;本发明的系统包括外包数据库封装器、查询改写模块、完备性验证模块、真实性验证模块,所述外包数据库封装器包括顺序对象嵌入组件和验证对象嵌入组件。与现有技术相比,本发明可以在不改变现有数据库管理系统功能的前提下,允许普通用户对外包数据库SQL查询结果的真实性与完备性进行验证,具有DBMS透明、灵活性高、可以精确定位数据篡改位置的特点。

Figure 200910076040

The invention discloses a method and system for verifying query results of an outsourced database, belonging to the technical field of computer software. The method of the present invention is as follows: firstly encapsulate the outsourced database, embed sequence mark attributes and verification object attributes; then modify the query statement, verify the authenticity of the returned result set by using the returned tuple verification object attributes, and use the returned tuple sequence mark Attributes verify the completeness of the returned result set; the system of the present invention includes an outsourced database wrapper, a query rewriting module, a completeness verification module, and an authenticity verification module, and the outsourced database wrapper includes a sequential object embedding component and a verification object embedding component. Compared with the prior art, the present invention can allow ordinary users to verify the authenticity and completeness of the outsourced database SQL query results without changing the functions of the existing database management system, and has the advantages of DBMS transparency, high flexibility, and Features that pinpoint the location of data tampering.

Figure 200910076040

Description

A kind of outsourced database query result verification method and system thereof
Technical field
The present invention relates to a kind of Query Result verification method and system thereof, relate in particular to a kind of Outsourced database (annotating: entrust) Query Result verification method and system thereof in the database of third party's operation, can be used for the authenticity and the completeness of outsourcing database SQL Query Result are verified, belong to computer software technical field.
Background technology
Since nineteen nineties, service outsourcing develops into an important content of economic globalization gradually.The IT service outsourcing can help enterprise to reduce cost, and improves service quality, and strengthens self competitive power.Increasing manufacturer is selected its non-core services outsourcing, thereby pooling of resources and energy are put into core business.IT service outsourcing in recent years progressively is developed to business workflow outsourcing by simple IT infrastructure outsourcing.Because business datum is kept in the Database Systems in most of infosystems, this inevitably need be with Database Systems and service outsourcing (hereinafter to be referred as Outsourced database) thereof.A typical scene is: data-base content supplier (being called for short the owner) submits to Database Systems operation service provider (being called for short the server) with Outsourced database, and the latter disposes storage, the management of data base management system (DBMS) and responsible Outsourced database and safeguards.Database user (user) proposes query requests and obtains return results to the server.The triadic relation as shown in Figure 1.
Because from the owner and user's angle, the server is not credible fully, for the business datum of enterprise has brought new security risk so database service wraps in when bringing above-mentioned every advantage outward yet.In order to prevent database service person, need enough technological means to guarantee the correctness of Outsourced database to arbitrarily the distorting of data.From domestic consumer's angle, when requirement is initiated SQL query and obtained query results Outsourced database, can also verify the correctness of this query results, thereby be sure of that the server is in the database service that is providing secure and trusted to rely.Particularly, the correctness of query results comprises result's authenticity and completeness.Authenticity is that data come from database owner really, is not that the server forges; Completeness explanation server has returned all and has met the data content of querying condition, does not omit, perhaps in order to improve the correct result of a reason returning part such as system throughput.
Existing multiple cryptographic technique can the validation database tuple authenticity, for example various hashing algorithms (SHA-1 etc.), Digital Signature Algorithm (RSA Algorithm, DSA algorithm etc.), and message authentication code (MAC) etc. all can be used for finding distorting the tuple content.Yet tuple level protection can't check out that tuple is lost, tuple repeats other situations such as insertion.Above-mentioned algorithm faces following difficulty when realizing the protection of inquiry completeness: on the one hand, if database owner is signed whole tables of data content, all the elements could be verified during then the user need obtain showing, and user's part tuple in the question blank only in most cases, thereby the obvious cost of this way is excessive; On the other hand, database owner can't be predicted the content that the user will inquire about, and also can not carry out online response to user inquiring checking request.Therefore traditional information integrity guard method can not directly apply to the SQL query result verification of Outsourced database.
There is a kind of typical solution at the problems referred to above at present, requires the owner, abbreviate AS as in advance for each table in the Outsourced database calculates the special checking structure of a similar index tree.Tables of data is transferred to the server with AS to be safeguarded.The data base management system (DBMS) (being called for short DBMS) that operates in server's end is calculated and returns this result's authorization information according to AS when returning the SQL query result.Particularly, these class methods have following specific (special) requirements to DBMS: the special storage organization of (1) expansion.AS is a kind of special data index that has authorization information, needs to increase its structure of definition and management method; (2) expanding query authentication function.DBMS calculates and returns corresponding authorization information when the SQL query result is provided; (3) special communications protocol is returned identifying object or the like when returning the SQL query result.
Clearly, this method and SQL standard are also incompatible, and present commercial DBMS can't satisfy this specific demand.Therefore this enquiry and verification method can't be applied in practice.
Summary of the invention
At the problems referred to above, the invention provides an outsourced database query result verification method and system, support that domestic consumer carries out authenticity and completeness verification to the SQL query result that Outsourced database returned.This verification method can find in time whether the related data-base content of query results is destroyed, and for example whether has unnecessary tuple, and tuple is lost, or the tuple content such as is distorted at situation.This verification method is transparent for server, only needs database service person that normal database service is provided, and therefore allows the server directly to use the commercial or DBMS that increases income (as Oracle, SQL Server, PostgreSQL etc.) of existing main flow, need not any transformation.In addition, compare with existing method, verification method proposed by the invention and system be the locator data position of distorting accurately, obtains the correct result set of part.
Particularly, outsourced database query result verification method of the present invention comprises two core contents: Outsourced database encapsulation, and SQL query result verification.
(1) Outsourced database encapsulation
The Outsourced database encapsulation process occurs in the owner and surrenders before the database, and its effect is that each raw data table in the storehouse is carried out pre-service, embeds integrity protection information.Outsourced database after the encapsulation can be submitted to server's operation, and wherein embedded information is supported the Query Result checking of user to the tables of data content.This encapsulation process can realize by following steps:
The first step, embedding order object in database table.
The order object comprises two classes: (1) two border tuple: minimum border tuple t Min, its value is less than all tuple attributes values in the table; And maximum border tuple t Max, its value is greater than all tuple attributes values in the table.But no matter the database tuple is sorted t according to any ordering attribute MinWith t MaxIt all is respectively the bound of tuple sequence.(2) sequence notation of each tuple.This is marked with several components, each component be used for the minute book tuple in the next-door neighbour forerunner's tuple on certain attribute (but that is: because the order of tuple on each ordering attribute may be different, but can select several ordering attribute respectively tuple to be carried out sequence notation, the next-door neighbour forerunner tuple of each mark component minute book tuple on a corresponding attribute.Next-door neighbour's forerunner tuple is: on a certain attribute, the property value of certain tuple is the most contiguous and less than the property value of this tuple, this tuple is called next-door neighbour forerunner's tuple of this tuple on this attribute).The content of mark both can be its major key, major key hash value, ID numbering etc. directly marks, also can be indirect mark, for example write down the various ways such as difference between its ID and this tuple ID.The present invention does not do particular determination.From maximum border tuple, can travel through all tuples just until minimum border tuple according to any one sequence notation component, all tuples constitute a complete daisy chaining.A plurality of sequence notation components are kept at the sequence notation attribute A of an expansion after compression SeqIn.
The present invention is by inserting border, upper and lower boundary tuple t MinWith t Max, can better realize the completeness of Query Result.
In second step, in database table, embed identifying object.
Identifying object is the integrity check value of each tuple content, is used for the integrality of each tuple of proof list.The information integrity protection algorithm that can select the current password technology to be supported is single tuple calculation of integrity proof test value.The present invention does not do specific (special) requirements.For example it can be the owner according to the digital signature of its private key to this tuple, also can be a message authentication code (MAC), its key is shared with the user by the owner.Because the order of embedding object in step 1, this moment, the tuple content comprised original tuple and sequence notation thereof.Identifying object is stored in the checking attribute A of another new expansion VrfIn.
In sum, the processing through the Outsourced database wrapper has increased two tuple t newly in the original tables of data MinWith t Max, and expanded two new attribute A SeqWith A Vrf
(2) Outsourced database SQL query checking
Outsourced database SQL query proof procedure occurs in user side.It comprises three key steps such as SQL query rewriting, Query Result authenticity verification, Query Result completeness verification:
The first step: SQL query is rewritten.
This step is made amendment to the query statement that the user submits to, makes it not only to return former SQL query result set, also returns the required information of checking result set simultaneously.Suppose that former query statement is a querying condition with attribute Ai, user inquiring statement Q xAfter rewriting, become as next group polling:
(1) newly-increased query statement Q Min, return the coboundary tuple t of this result set UpWherein, coboundary tuple t UpBe the next-door neighbour forerunner tuple of first tuple in the result set on attribute Ai;
(2) newly-increased query statement Q Max, return the lower boundary tuple t of this result set LowWherein, lower boundary tuple t LowNext-door neighbour forerunner's tuple on attribute Ai is last tuple in the result set;
(3) revise user inquiring statement Q xBe Q x', return all properties, comprise the sequence notation attribute A of expansion SeqWith identifying object attribute A VrfThis inquiry return results collection T x'.
Above-mentioned three inquiries are submitted to the server as a db transaction, then all return results are further handled.
If comprise a plurality of querying conditions in other query statements, promptly need on a plurality of attributes, inquire about respectively, then former querying condition can be inquired about respectively according to each attribute, resolve into the inquiry on a plurality of above-mentioned attributes like this after, carry out above-mentioned steps more successively and handle.
Second step: Query Result authenticity verification.
This step is used for the authenticity of the verification step one SQL result set that returns.Suddenly all tuple-sets that return for previous step (are t Up∪ t Low∪ T x'), verify whether its integrality is destroyed.This proof procedure is realized by the concrete protection algorithm integrallty that database owner sets.RSA for example, signature algorithm such as DSA and various MAC algorithms etc.The tuple by checking is not directly abandoned.If border tuple t UpOr t LowBe dropped, then resubmit the border inquiry, seek next boundary value.Repeat this process until the border tuple t that finds table MinOr t Max
All tuple-sets by checking are for further processing.Comprise that two new border tuples (are labeled as t respectively Up 2, t Low 2), and the result set after the checking (is labeled as T x 2).
The 3rd step: Query Result completeness verification.
This step is used to verify the completeness of SQL result set.For tuple-set and the up-and-down boundary tuple thereof after the step 2 screening, check whether they constitute a complete chain just for the sequence notation component of attribute Ai.That is: from lower boundary tuple t Low 2Beginning ends at t Up 2T x 2In each tuple all occur and only occur 1 time.
If report that then completeness verification passes through, otherwise reporting errors.
Based on above-mentioned Outsourced database SQL query result verification method, the present invention also provides a kind of Outsourced database SQL query result verification system.Described system architecture is divided into four parts: the Outsourced database wrapper, module, Query Result completeness verification module, and Query Result authenticity verification module are rewritten in inquiry.
The deployment of this system and operational mode are as shown in Figure 2.Wherein, the Outsourced database wrapper is deployed in owner's end, and the Outsourced database after the owner will encapsulate is transferred to the server and safeguarded operation.Inquiry is rewritten module, Query Result completeness verification module and Query Result authenticity verification module and all is deployed in the user side that need carry out result verification.The SQL query that database user sent, after rewriting processing, enquiry module sends to server's end, its return results is verified the authenticity and the completeness of SQL query result set content respectively successively via Query Result authenticity verification module and Query Result completeness verification resume module.
The effect of above-mentioned Outsourced database wrapper is that each tables of data in the storehouse is carried out pre-service, embeds certain content so that the content that user rs authentication should be shown.It comprises two core components: the order object embeds assembly and identifying object embeds assembly, respectively embedding order object and identifying object in tables of data.The process that the encapsulation process of tables of data is promptly handled through two said modules successively.
Module is rewritten in above-mentioned inquiry will revise the query statement that the user submits to, make it not only to return former SQL query result set, also return the required information of this result set of checking simultaneously: comprise the up-and-down boundary tuple of former result set, and all return the sequence notation attribute and the identifying object attribute of tuple.
Above-mentioned Query Result authenticity verification module is used to verify the authenticity of SQL result set.Check above-mentioned inquiry rewrite module resulting all return tuple (comprising former SQL result set and border tuple thereof), judge whether the integrality of tuple destroyed.The concrete protection algorithm integrallty that this proof procedure sets by database owner.RSA for example, signature algorithm such as DSA and various MAC algorithms etc.Abandon all ruined tuples.
Above-mentioned Query Result completeness verification module is used to verify the completeness of SQL result set.The tuple-set of inspection after above-mentioned Query Result authenticity verification module screening checks whether the sequence notation of all tuples constitutes a complete chain just.If report that then completeness verification passes through, otherwise reporting errors.
Compared with prior art, good effect of the present invention is:
Adopt Outsourced database encapsulation of the present invention and Query Result verification method, can expand the outsourcing data-base content, embed specific authorization information, thereby under the prerequisite that does not change available data base management system function, allow domestic consumer that the authenticity and the completeness of outsourcing database SQL Query Result are verified.The present invention has the following advantages:
1, DBMS is transparent.Support main flow business data base management system;
2, dirigibility height.Proof procedure is initiated by the user, allows the user according to actual conditions the selectivity checking to be carried out in inquiry;
3, the accurate locator data position of distorting.Can locate wrong tuple, the user can obtain the correct result set of part.
Description of drawings
Fig. 1, existing Outsourced database operation scene and three class participants thereof;
Fig. 2, Outsourced database of the present invention encapsulation and SQL query result verification system construction drawing;
Wherein: 1---conventional database systems, 2---the Outsourced database wrapper, 3---SQL query result verification system;
Fig. 3, method flow diagram of the present invention.
Embodiment:
The present invention will be further described in detail below in conjunction with accompanying drawing and an example, but the scope that does not limit the present invention in any way.Method flow of the present invention as shown in Figure 3.
In this example, suppose only to comprise a tables of data TestTable in the Outsourced database, but this table has 4 integer type ordering attribute: ID, A1, A2, A3.Wherein Property ID is the major key of table.Having 4 records in the table is respectively t1, t2, t3, t4.This table raw data is as follows:
Figure G2009100760403D00061
The Outsourced database owner carried out encapsulation process to database before it is submitted to the server.
(1) Outsourced database encapsulation process
The first step: embed assembly through the order object and handle, the owner is embedding order object in TestTable.Comprise: (1) has increased by two border tuples (being respectively record t0 and t999), and (2) have expanded sequence notation attribute (A_seq), and is all tuples calculating genesis sequence flag attribute contents.The TestTable table thes contents are as follows after this resume module:
Figure G2009100760403D00062
Be example with t3 tuple (tuple of ID=3) below, the generative process of its attribute A_seq content is described.
If the value of all tuples according to attribute A1 sorted, next-door neighbour forerunner's tuple of t3 is t2; If according to A2 or A3 ordering, then next-door neighbour forerunner's tuple of t3 is respectively t2 or t0.Therefore the sequence notation of t3 is (2,2,0).Its content zip (2,2,0) after overcompression is kept among the A_seq.[annotate: when next-door neighbour forerunner tuple value is not unique, get Major key the maximum.For t3, t2, t1 have identical A2 property value (t2.A2=t1.A2=7), thus get the maximum tuple t2 of ID value (because t2.ID>t1.ID).In like manner according to the A2 ordering, next-door neighbour forerunner's tuple of t2 is t1.】
Second step: foregoing is transferred to identifying object and is embedded the assembly processing, further embeds identifying object in expansion TestTable table.What suppose use is signature algorithm, through after this resume module, this table expansion of content attribute A_sig, become following form:
Figure G2009100760403D00071
Be example still below, the generative process of A_sig is described with t3 tuple (tuple of ID=3).
The signature S3=SIG of tuple t3 (h (3||6||9||5||zip (2,2,0)) PRSIG () wherein PRIt is signature function; Signature key is possessory private key PR.
Be contracted out to the server through the table TestTable after the encapsulation process.Server end administration oracle database management system provides the inquiry service to this database table.
(2) Outsourced database enquiry proof procedure
Suppose that the user need submit following inquiry to:
qs:SELECT*FROM?TestTable?WHERE?A1>4?AND?A1<7;
The predetermined result collection of this inquiry should be Tx={t2, t3}.
If the user need verify Query Result, need to carry out successively following processing so:
Resume module is rewritten in the first step, inquiry.
This module is that qs has increased following two inquiries:
qx:SELECT*FROM?TestTable?WHERE?A1?IN
(SELECT?Max(A1)FROM?TestTable?WHERE?A1<=4);
qy:SELECT*FROM?TestTable?WHERE?A1?IN
(SELECT?Min(A1)FROM?TestTable?WHERE?A1>=7);
Wherein qx returns tuple t1, and qy returns tuple t4.Be respectively predetermined result collection { t2, the up-and-down boundary of t3}.That is: t Up=t1, t Low=t4.
For the validity of illustration method, we suppose that tuple t2 loses in the Outsourced database.Only comprise tuple t3, i.e. a Tx={t3} in the actual SQL of the returning result set.Tuple t so Up=t1, t Low=t4 and tuple-set Tx={t3} transfer to next step processing.
Second step, authenticity verification resume module.
This module is verified the authenticity of concentrated each tuple of above-mentioned return results by adopting signature algorithm, promptly connects all properties value except that A_sig in the tuple successively, and calculates its signature S.Relatively whether S is consistent with the A_sig property value of tuple then.If unanimity is then passed through checking, otherwise judges that this tuple content is destroyed.
With tuple t3 is example, checking SIG (h (3||6||9||5||zip (2,2,0)) PRWhether equal S3.If equate then to pass through checking, otherwise verify and do not pass through that tuple is dropped.Suppose that three tuples are all by checking, tuple t so 2 Up=t1, t 2 Low=t4 and tuple-set T 2X={t3} constitutes true tuple-set, transfers to next step execution.
The 3rd step, completeness verification resume module.
Whether this module verification The above results is complete.Because querying condition is at attribute A1, so need extract first component in each tuple sequence notation during checking.By lower boundary tuple t 2 Low=t4 begins, and progressively whether the checks sequence chain is complete.Obtain sequence notation after t4.Aseq decompresses and be (3,0,3), its first component, promptly the sequence notation component at attribute A1 is 3.Show that its forerunner's tuple should be t3, because t3 ∈ Tx begins to handle tuple t3 below.The sequence notation component that in like manner calculates t3 is 2, yet t2 does not belong to result set Tx, shows and exist tuple to lose.And the tuple A1 property value of losing is between t3.A1 and t1.A1.Therefore this checking is not passed through.But can confirm that t3 is correct as a result.

Claims (10)

1.一种外包数据库查询结果验证方法,其步骤为:1. A method for verifying the results of an outsourced database query, the steps of which are: 1)外包数据库封装:1) Outsourced database encapsulation: a)对外包数据库内所含各外包数据库表中的每个元组进行顺序标记,并将其作为对应元组的顺序标记属性添加到外包数据库表中;a) sequentially mark each tuple in each outsourced database table contained in the outsourced database, and add it to the outsourced database table as the sequentially marked attribute of the corresponding tuple; b)采用信息完整性保护算法计算上述外包数据库表中每个元组数据的完整性校验值,得到每个元组对应的验证对象,并将其作为对应元组的验证对象属性添加到所述外包数据库表中;b) Use the information integrity protection algorithm to calculate the integrity check value of each tuple data in the above outsourced database table, obtain the verification object corresponding to each tuple, and add it as the verification object attribute of the corresponding tuple to all In the outsourced database table; 2)外包数据库查询结果验证:2) Verification of outsourced database query results: i)根据查询条件对所述外包数据库表进行查询,返回查询结果集;所述查询结果集中的元组包括所述顺序标记属性和验证对象属性;i) querying the outsourced database table according to the query condition, and returning a query result set; the tuple in the query result set includes the sequence tag attribute and the verification object attribute; ii)采用步骤b)所选择的信息完整性保护算法和返回的元组验证对象属性,对所述查询结果集中的元组进行真实性验证,丢弃所有被破坏的元组后得到真实元组集;ii) using the information integrity protection algorithm selected in step b) and the returned tuple verification object attributes to verify the authenticity of the tuples in the query result set, discarding all destroyed tuples to obtain the real tuple set ; iii)根据返回的元组顺序标记属性验证所述真实元组集中的元组完备性。iii) Verifying the completeness of the tuples in the true tuple set according to the returned tuple sequence tag attribute. 2.如权利要求1所述的方法,其特征在于对每个元组的若干个可排序属性分别进行顺序标记,用于记录本元组按照不同排序属性排序时对应的紧邻前驱元组;所述紧邻前驱元组为多个元组时,取所述多个元组中元组主键值最大者为本元组的紧邻前驱元组。2. method as claimed in claim 1, it is characterized in that several sortable attributes of each tuple are carried out sequence mark respectively, for recording this tuple when sorting according to different sorting attributes, the corresponding immediate predecessor tuple; When the immediate predecessor tuple is multiple tuples, the one with the largest tuple primary key value among the multiple tuples is the immediate predecessor tuple of this tuple. 3.如权利要求2所述的方法,其特征在于所述顺序标记经压缩后作为对应元组的扩展属性添加到所述外包数据库表中。3. The method according to claim 2, characterized in that the sequence mark is added to the outsourced database table as an extended attribute of the corresponding tuple after being compressed. 4.如权利要求1所述的方法,其特征在于在所述数据库表中添加上、下边界元组,用于标记所述数据库表中元组序列的边界;所述顺序标记的方法为:采用记录每个元组的紧邻前驱元组的方法对每个元组进行顺序标记,使所有元组构成一个完整的顺序链;所述顺序标记的内容为:元组的主键或元组的主键hash值或元组的ID编号。4. method as claimed in claim 1 is characterized in that adding upper and lower boundary tuples in described database table, is used to mark the boundary of tuple sequence in described database table; The method of described order mark is: Use the method of recording the immediate preceding tuple of each tuple to sequentially mark each tuple, so that all tuples form a complete sequence chain; the content of the sequence mark is: the primary key of the tuple or the primary key of the tuple The ID number of the hash value or tuple. 5.如权利要求1或2或3或4所述的方法,其特征在于所述查询结果集还包括该查询结果集的上边界元组和下边界元组,用于标记该查询结果集中元组序列的边界。5. The method according to claim 1 or 2 or 3 or 4, characterized in that the query result set also includes an upper boundary tuple and a lower boundary tuple of the query result set, which are used to mark the query result set. The bounds of the group sequence. 6.如权利要求5所述的方法,其特征在于真实性验证过程中,如果所述查询结果集的上边界元组被破坏,则丢弃该上边界元组并寻找下一个上边界元组,直至查到所述外包数据库表的上边界元组;如果所述查询结果集的下边界元组被破坏,则丢弃该下边界元组并寻找下一个下边界元组,直至查到所述外包数据库表的下边界元组。6. The method according to claim 5, wherein in the authenticity verification process, if the upper boundary tuple of the query result set is destroyed, discard the upper boundary tuple and find the next upper boundary tuple, Until the upper boundary tuple of the outsourcing database table is found; if the lower boundary tuple of the query result set is destroyed, discard the lower boundary tuple and search for the next lower boundary tuple until the outsourcing The lower bound tuple of the database table. 7.如权利要求1或6所述的方法,其特征在于通过检查所述真实元组集中所有元组在所查询的属性上的顺序标记是否构成一个完整的链,来判断所述查询结果集中元组完备性。7. The method according to claim 1 or 6, characterized in that by checking whether the sequence marks of all tuples in the query attribute form a complete chain in the real tuple set, the query result set is judged Tuple completeness. 8.如权利要求1所述的方法,其特征在于所述信息完整性保护算法为散列算法、或数字签名算法、或消息认证码。8. The method according to claim 1, wherein the information integrity protection algorithm is a hash algorithm, or a digital signature algorithm, or a message authentication code. 9.一种外包数据库查询结果验证系统,其包括外包数据库封装器、查询改写模块、完备性验证模块、真实性验证模块;9. An outsourced database query result verification system, which includes an outsourced database wrapper, a query rewriting module, a completeness verification module, and an authenticity verification module; 所述外包数据库封装器包括顺序对象嵌入组件和验证对象嵌入组件;所述顺序对象嵌入组件用于对外包数据库中的每个元组进行顺序标记,并将其作为对应元组的顺序标记属性添加到所述外包数据库表中;所述验证对象嵌入组件用于为每个元组数据及其顺序标记计算完整性校验值,得到每个元组对应的验证对象,并将其作为对应元组的验证对象属性添加到所述外包数据库表中;The outsourcing database encapsulator includes a sequence object embedding component and a verification object embedding component; the sequence object embedding component is used to sequentially mark each tuple in the outsourced database, and add it as the sequence mark attribute of the corresponding tuple Into the outsourced database table; the verification object embedding component is used to calculate the integrity check value for each tuple data and its sequence mark, obtain the verification object corresponding to each tuple, and use it as the corresponding tuple The verification object attribute of is added to the outsourced database table; 所述查询改写模块用于修改查询语句,使返回的查询结果集中的元组包括所述顺序标记属性和验证对象属性;The query rewriting module is used to modify the query statement, so that the tuple in the returned query result set includes the sequence mark attribute and the verification object attribute; 所述真实性验证模块用于验证所述查询结果集的真实性,从而得到真实元组集;所述完备性验证模块用于验证真实元组集的元组完备性。The authenticity verification module is used to verify the authenticity of the query result set to obtain a real tuple set; the completeness verification module is used to verify the tuple completeness of the real tuple set. 10.如权利要求9所述的系统,其特征在于所述顺序对象嵌入组件还在所述外包数据库表中嵌入外包数据库表上、下边界元组;所述查询改写模块修改查询语句,使返回的查询结果集中的元组还包括查询结果集的上、下边界元组。10. The system according to claim 9, wherein said sequential object embedding component also embeds the upper and lower boundary tuples of the outsourced database table in said outsourced database table; said query rewriting module revises the query statement to return The tuples in the query result set also include the upper and lower boundary tuples of the query result set.
CN2009100760403A 2009-01-06 2009-01-06 A method and system for verifying outsourced database query results Active CN101464902B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009100760403A CN101464902B (en) 2009-01-06 2009-01-06 A method and system for verifying outsourced database query results

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009100760403A CN101464902B (en) 2009-01-06 2009-01-06 A method and system for verifying outsourced database query results

Publications (2)

Publication Number Publication Date
CN101464902A CN101464902A (en) 2009-06-24
CN101464902B true CN101464902B (en) 2010-09-08

Family

ID=40805477

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009100760403A Active CN101464902B (en) 2009-01-06 2009-01-06 A method and system for verifying outsourced database query results

Country Status (1)

Country Link
CN (1) CN101464902B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102073716A (en) * 2011-01-05 2011-05-25 北京大学 Method for verifying query result in data outsourcing environment
CN102662946B (en) * 2012-02-20 2015-10-07 北京地拓科技发展有限公司 The method and system of change is recorded in a kind of automatic monitoring data storehouse
CN103984728B (en) * 2014-05-16 2017-02-01 西安交通大学 Range query integrity verification method for outsourcing space database
CN106708853B (en) * 2015-11-13 2020-12-29 创新先进技术有限公司 Data verification method and device
CN114936145B (en) * 2022-04-07 2025-08-19 支付宝(杭州)信息技术有限公司 Database testing method and device, storage medium and database pressure testing device

Also Published As

Publication number Publication date
CN101464902A (en) 2009-06-24

Similar Documents

Publication Publication Date Title
US10754848B2 (en) Method for registration of data in a blockchain database and a method for verifying data
US20210109917A1 (en) System and Method for Processing a Database Query
US8006084B2 (en) Apparatus and method for managing plurality of certificates
US20200387859A1 (en) Methods, Application Server, Block Chain Node and Media For Logistics Tracking and Source Tracing
CN112184442B (en) Criminal case evidence circulation record management method and system based on blockchain
CN111291000B (en) Blockchain-based file acquisition methods, equipment and storage media
CN109598147B (en) Data processing method and device based on block chain and electronic equipment
CN110851127B (en) Universal evidence-storing method based on blockchain
CN109255056B (en) Data reference processing method, device, equipment and storage medium of block chain
CN109508564B (en) Block chain-based digital asset storage system and method
CN112347521A (en) Medical data management method and system based on medical block chain
CN101464902B (en) A method and system for verifying outsourced database query results
CN110990879B (en) Data evidence storing method based on block chain
CN112634034B (en) Reservation method, reservation device, electronic equipment and computer readable storage medium
CN116361292B (en) Cross-chain resource mapping and management method and system
WO2022206431A1 (en) Method and apparatus for querying ledger data of fabric blockchain
CA3088147A1 (en) Data isolation in distributed hash chains
EP4040720B1 (en) Secure identity card using unclonable functions
CN109918451A (en) Blockchain-based database management method and system
CN115687276B (en) File processing method and device, electronic equipment and storage medium
CN115081031A (en) Tamper-proof block chain data storage method and system
CN110807203B (en) Data processing method, service operation center platform, system and storage medium
CN116760632B (en) Data processing method, device, equipment and readable storage medium
CN113221164A (en) Block chain-based data verification method and device and electronic equipment
CN116662443B (en) Alliance chain ledger expansion storage method based on state data collaboration

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant