CN114760129B - Data access method, device, equipment and storage medium - Google Patents
Data access method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114760129B CN114760129B CN202210374822.0A CN202210374822A CN114760129B CN 114760129 B CN114760129 B CN 114760129B CN 202210374822 A CN202210374822 A CN 202210374822A CN 114760129 B CN114760129 B CN 114760129B
- Authority
- CN
- China
- Prior art keywords
- certificate
- data
- access
- source information
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to the field of data access technologies, and in particular, to a data access method, apparatus, device, and storage medium. Obtaining a CA certificate, and generating a server certificate and a corresponding client certificate; extracting data source information corresponding to a preset resource database, encrypting the client certificate, constructing access certificate data, and uploading the access certificate data to the preset certificate database; acquiring a data access request, analyzing the data access request to obtain a corresponding data identifier, and inquiring corresponding access certificate data from a preset certificate database; obtaining a client certificate and data source information in the client certificate, decrypting the client certificate, and accessing a resource database according to the decrypted client certificate and the data source information; the method solves the problems that the copying and transmitting processes of the digital certificate are complex and the security risk is high because the certificate is not encrypted in the existing database access scheme.
Description
Technical Field
The present invention relates to the field of data access technologies, and in particular, to a data access method, apparatus, device, and storage medium.
Background
In the data age, the interaction of applications in terminal devices with databases is an indispensable process. With the increase of data volume, databases of various types are continuously appeared and popularized, and how to efficiently connect different databases is the focus of current research.
In the prior art, the process of connecting a database and accessing data is mainly completed through the configuration of a digital certificate, and the purpose of safely transmitting the data is achieved by manually configuring the certificate.
In summary, the existing database access scheme has the problems that the copying and transmission process of the digital certificate is complex and the security risk is high because the certificate is not encrypted.
Disclosure of Invention
The application mainly aims to provide a data access method, a device, equipment and a storage medium, which are used for solving the problems that the copying and transmission processes of a digital certificate are complex and the security risk is high because the certificate is not encrypted in the existing database access scheme.
The first aspect of the present invention provides a data access method, including: obtaining a CA (certificate authority) certificate, and generating a server certificate and a corresponding client certificate according to the CA certificate by a preset certificate generation mode; extracting data source information corresponding to a preset resource database, encrypting the client certificate, and constructing access certificate data according to the corresponding relation among the server certificate, the client certificate and the data source information; uploading the access certificate data to a preset certificate database; acquiring a data access request, analyzing the data access request to obtain a corresponding data identifier, and inquiring corresponding access certificate data from a preset certificate database according to the data identifier; analyzing the access certificate data, obtaining the client certificate and the data source information, decrypting the client certificate, and accessing the resource database according to the decrypted client certificate and the data source information.
Optionally, in a first implementation manner of the first aspect of the present invention, the obtaining a CA certificate, generating, according to the CA certificate, a server certificate and a corresponding client certificate by a preset certificate generation manner includes: acquiring the CA certificate and the IP address of a database server, and generating the server certificate based on the address of a preset resource database server according to the CA certificate; and generating the corresponding client certificate based on the user name according to the server certificate.
Optionally, in a second implementation manner of the first aspect of the present invention, the extracting data source information corresponding to a preset resource database, encrypting the client certificate, and constructing access certificate data according to a correspondence among the server certificate, the client certificate, and the data source information includes: acquiring an IP address corresponding to the resource database; acquiring all user names which can access the IP address and access passwords corresponding to the user names to obtain the data source information, wherein the data source information takes the IP address as a data source information identifier; analyzing the server certificate and the client certificate to respectively obtain corresponding IP addresses; encrypting the client certificate based on a CA signature corresponding to the CA certificate; and extracting data source information identified by taking the IP address as data source information, and constructing access certificate data based on a server certificate and a client certificate corresponding to the IP address and the data source information.
Optionally, in a third implementation manner of the first aspect of the present invention, the querying, according to the data identifier, corresponding access certificate data from a preset certificate database includes: analyzing the data identifier, judging whether the data identifier comprises an IP address of a resource database server, and if not, acquiring a resource database name or a resource database server name in the data identifier; inquiring a corresponding IP address of a resource database server in a preset IP address table according to the name of the resource database or the name of the resource database server; searching the access certificate data corresponding to the IP address information in the certificate database by taking the IP address of the resource database server as an index, and acquiring the matched access certificate data; and if the data identifier comprises the IP address of the resource database server, searching the access certificate data corresponding to the IP address information in the certificate database by taking the IP address of the resource database server as an index, and acquiring the matched access certificate data.
Optionally, in a fourth implementation manner of the first aspect of the present invention, the analyzing the access certificate data to obtain a client certificate and data source information therein, decrypting the client certificate, and accessing a resource database according to the decrypted client certificate and the data source information includes: analyzing the access certificate data to obtain a client certificate and data source information; decrypting the client certificate based on a CA certificate corresponding to the CA certificate; obtaining a path connected with a resource database through a JDBC interface according to the client certificate and the corresponding data source information; establishing connection under SSL protocol through user name and access password in data source information; and importing the client certificate into an SSL certificate library and verifying, and if the verification is passed, accessing the database.
Optionally, in a fifth implementation manner of the first aspect of the present invention, before the acquiring a CA certificate, generating a server certificate and a corresponding client certificate according to the CA certificate by a preset certificate generation manner, the method further includes: configuring a preset CA authentication center through Openssl configuration files; generating a pair of public key and private key through the CA authentication center; acquiring the public key, generating a certificate request file and sending the certificate request file to the CA authentication center; and the CA authentication center processes the certificate request file to generate a corresponding CA certificate.
Optionally, in a sixth implementation manner of the first aspect of the present invention, before analyzing the access certificate data, obtaining a client certificate and data source information therein, decrypting the client certificate, and accessing a resource database according to the decrypted client certificate and the data source information, the method further includes: traversing access certificate data in the certificate database to acquire an access certificate data sequence to be synchronized; traversing access certificate data in a preset synchronous data storage place to acquire a synchronized access certificate data sequence; comparing the access certificate data sequence to be synchronized with the access certificate data sequence to be synchronized to obtain a comparison result; generating a corresponding synchronous request according to the comparison result, and sending the synchronous request to a certificate database; and copying the access certificate data appointed by the synchronous request according to the synchronous request, and transmitting the access certificate data to the synchronous data storage place.
A second aspect of the present invention provides a data access apparatus comprising: the certificate generation module is used for acquiring a CA certificate, and generating a server certificate and a corresponding client certificate according to the CA certificate by a preset certificate generation mode; the construction module is used for extracting data source information in a preset resource database, encrypting the client certificate and constructing access certificate data according to the corresponding relation among the server certificate, the client certificate and the data source information; the uploading module is used for uploading the access certificate data to a preset certificate database; the query module is used for acquiring the data access request, analyzing the data identifier in the data access request, and querying corresponding access certificate data from a preset certificate database according to the data identifier; the access module is used for analyzing the access certificate data, obtaining the client certificate and the data source information, decrypting the client certificate, and accessing the resource database according to the decrypted client certificate and the data source information.
Optionally, in a first implementation manner of the second aspect of the present invention, the certificate generation module includes: the first generation unit is used for acquiring the CA certificate and the IP address of the database server, and generating the server certificate based on the address of the preset resource database server according to the CA certificate; and the second generation unit is used for generating the corresponding client certificate based on the user name according to the server certificate.
Optionally, in a second implementation manner of the second aspect of the present invention, the construction module includes: the first acquisition unit is used for acquiring the IP address corresponding to the resource database; the second acquisition unit is used for acquiring all user names which can access the IP address and access passwords corresponding to the user names to obtain the data source information, wherein the data source information takes the IP address as a data source information identifier; the IP extraction unit is used for analyzing the server certificate and the client certificate to respectively obtain corresponding IP addresses; an encryption unit, configured to encrypt the client certificate based on a CA signature corresponding to the CA certificate; and the construction unit is used for extracting the data source information which takes the IP address as the data source information identification, and constructing access certificate data based on the server certificate and the client certificate corresponding to the IP address and the data source information.
Optionally, in a third implementation manner of the second aspect of the present invention, the query module includes: the identification analysis unit is used for analyzing the data identification, judging whether the data identification comprises an IP address of a resource database server, and if not, acquiring a resource database name or a resource database server name; the first query unit is used for querying the corresponding IP address of the resource database server in a preset IP address table according to the name of the resource database or the name of the resource database server; the second query unit is used for searching the access certificate data corresponding to the IP address information in the certificate database by taking the IP address of the resource database server as an index, and acquiring the matched access certificate data; and the certificate acquisition unit is used for searching the access certificate data corresponding to the IP address information in the certificate database by taking the IP address of the resource database server as an index if the data identifier comprises the IP address of the resource database server, and acquiring the matched access certificate data.
Optionally, in a fourth implementation manner of the second aspect of the present invention, the access module includes: the third analysis unit is used for analyzing the access certificate data to obtain a client certificate and data source information; a certificate decryption unit, configured to decrypt the client certificate based on a CA certificate corresponding to the CA certificate; the path acquisition unit is used for acquiring a path connected with the resource database through a JDBC interface according to the client certificate and the corresponding data source information; the connection establishment unit is used for establishing connection based on the SSL protocol through the user name and the access password in the data source information; the data access unit is used for importing the client certificate into an SSL certificate library and verifying, and if the verification is passed, the data access unit accesses the database.
Optionally, in a fifth implementation manner of the second aspect of the present invention, the data access device further includes a CA certificate module, configured to configure a preset CA authentication center through a Openssl configuration file; generating a pair of public key and private key through the CA authentication center; acquiring the public key, generating a certificate request file and sending the certificate request file to the CA authentication center; and the CA authentication center processes the certificate request file to generate a corresponding CA certificate.
Optionally, in a sixth implementation manner of the second aspect of the present invention, the data access device further includes a data synchronization module, configured to traverse access certificate data in the certificate database, and obtain an access certificate data sequence to be synchronized; traversing access certificate data in a preset synchronous data storage place to acquire a synchronized access certificate data sequence; comparing the access certificate data sequence to be synchronized with the access certificate data sequence to be synchronized to obtain a comparison result; generating a corresponding synchronous request according to the comparison result, and sending the synchronous request to a certificate database; and copying the access certificate data appointed by the synchronous request according to the synchronous request, and transmitting the access certificate data to the synchronous data storage place.
A third aspect of the present invention provides a computer apparatus comprising: a memory and at least one processor, the memory having instructions stored therein; the at least one processor invokes the instructions in the memory to cause the computer device to perform the steps of the data access method described above.
A fourth aspect of the present invention provides a computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the steps of the data access method described above.
In the technical scheme of the invention, the method specifically comprises the steps of obtaining a CA certificate, and generating a server certificate and a corresponding client certificate; extracting data source information corresponding to a preset resource database, encrypting the client certificate, constructing access certificate data, and uploading the access certificate data to the preset certificate database; acquiring a data access request, analyzing the data access request to obtain a corresponding data identifier, and inquiring corresponding access certificate data from a preset certificate database; obtaining a client certificate and data source information in the client certificate, decrypting the client certificate, and accessing a resource database according to the decrypted client certificate and the data source information; the method solves the problems that the copying and transmitting processes of the digital certificate are complex and the security risk is high because the certificate is not encrypted in the existing database access scheme.
Drawings
FIG. 1 is a schematic diagram of a first embodiment of a data access method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a second embodiment of a data access method according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating a third embodiment of a data access method according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an embodiment of a data access device according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of another embodiment of a data access device according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of one embodiment of a computer device in an embodiment of the invention.
Detailed Description
The method aims to solve the problems that in the prior art, the copying and transmission processes of the digital certificate are complex and the security risk is high because the certificate is not encrypted in the process of accessing the database. The application provides a data access method, a data access device, data access equipment and a storage medium. The method comprises the steps of obtaining a CA certificate, and generating a server certificate and a corresponding client certificate; extracting data source information corresponding to a preset resource database, encrypting the client certificate, constructing access certificate data, and uploading the access certificate data to the preset certificate database; acquiring a data access request, analyzing the data access request to obtain a corresponding data identifier, and inquiring corresponding access certificate data from a preset certificate database; obtaining a client certificate and data source information in the client certificate, decrypting the client certificate, and accessing a resource database according to the decrypted client certificate and the data source information; the method solves the problems that the copying and transmitting processes of the digital certificate are complex and the security risk is high because the certificate is not encrypted in the existing database access scheme.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
For easy understanding, the following describes a specific flow of an embodiment of the present invention, referring to fig. 1, and the implementation steps of the first embodiment of the data access method in the embodiment of the present invention are as follows:
101. Obtaining a CA (certificate authority) certificate, and generating a server certificate and a corresponding client certificate according to the CA certificate by a preset certificate generation mode;
for this step, it is possible to implement the following method:
acquiring IP addresses of all the resource database servers, and calculating hash values corresponding to the IP addresses through a hash value calculation algorithm;
Generating a server certificate according to a preset certificate generation mode based on the CA certificate, the IP address and the corresponding hash value, for example, adding a separator between the CA certificate, the IP address and the corresponding hash value to generate the corresponding server certificate;
Acquiring all user names with access rights of a resource database server;
Based on the CA certificate, the IP address and the user name, generating a client certificate according to a preset certificate generation mode, for example, adding a separator between the CA certificate, the IP address and the user name, and generating a corresponding server certificate.
102. Extracting data source information corresponding to a preset resource database, encrypting a client certificate, and constructing access certificate data according to the corresponding relation among a server certificate, the client certificate and the data source information;
In this step, the correspondence between the server certificate, the client certificate, and the data source information includes: after the server certificate, the client certificate and the data source information are analyzed, the IP addresses respectively corresponding to the server certificate, the client certificate and the data source information are the same;
in this step, the process of constructing access certificate data includes:
analyzing the server certificate and the client certificate to obtain a corresponding IP address;
Numbering the IP addresses to obtain IP address identification numbers, wherein the IP address identification numbers are stored in an IP address identification number table;
constructing access certificate data of a tree structure based on corresponding data source information by taking the IP address as a root node;
And identifying the access certificate data according to the corresponding relation between the access certificate data and the IP address identification number.
103. Uploading the access certificate data to a preset certificate database;
for this step, it is possible to implement the following method:
acquiring access certificate data in a local database by calling an SQL command;
The access credential data in the local database is uploaded to the remote database via SQL SERVER MANAGEMENT Studio.
104. Acquiring a data access request, analyzing the data access request to obtain a corresponding data identifier, and inquiring corresponding access certificate data from a preset certificate database according to the data identifier;
In the step, the data identifier at least comprises any one of an IP address of a resource database server, an identification number of the resource database and an identification number of the resource database server;
in this step, the process of querying the corresponding access certificate data from the preset certificate database according to the data identifier includes:
analyzing the data identifier, and judging whether the data identifier comprises the IP address of the resource database server or not;
If so, inquiring an IP address identification number corresponding to the IP address of the resource database server in the IP address identification number table;
Searching access certificate data with corresponding identification in the certificate database by taking the IP address identification number as an index;
If the data identifier does not comprise the IP address of the resource database server, analyzing the resource database identifier or the resource database server identifier in the data identifier, and obtaining a corresponding IP address according to the corresponding relation between the resource database identifier or the resource database server identifier and the IP address;
inquiring an IP address identification number corresponding to the IP address in the IP address identification number table;
And searching access certificate data with corresponding identification in the certificate database by taking the IP address identification number as an index.
105. Analyzing the access certificate data, obtaining the client certificate and the data source information, decrypting the client certificate, and accessing the resource database according to the decrypted client certificate and the data source information.
In this step, the process of accessing the resource database according to the decrypted client certificate and the data source information includes:
Calling a driverManager/getConnection () method, and establishing JDBC connection through the decrypted client certificate and the data source information, for example, calling driverManager/getConnection (String user, string password), wherein the String user represents a user name in the data source information, and the String password represents an access password in the data source information;
And accessing a resource database through the JDBC connection.
Through implementation of the method, the CA certificate is obtained, and a server certificate and a corresponding client certificate are generated; extracting data source information corresponding to a preset resource database, encrypting the client certificate, constructing access certificate data, and uploading the access certificate data to the preset certificate database; acquiring a data access request, analyzing the data access request to obtain a corresponding data identifier, and inquiring corresponding access certificate data from a preset certificate database; obtaining a client certificate and data source information in the client certificate, decrypting the client certificate, and accessing a resource database according to the decrypted client certificate and the data source information; by constructing access certificate data of the tree structure based on the data source information and uploading the access certificate data to a preset certificate database, the copying and transmitting efficiency of the digital certificate is improved; by encrypting the client certificate and constructing access certificate data according to the corresponding relation among the server certificate, the client certificate and the data source information, the security risk caused by not encrypting the certificate is eliminated; the method solves the problems that the copying and transmitting processes of the digital certificate are complex and the security risk is high because the certificate is not encrypted in the existing database access scheme.
Referring to fig. 2, in a second embodiment of the data access method according to the embodiment of the present invention, the implementation steps of the method are as follows:
201. Generating a CA certificate through a preset CA authentication center;
in the step, the preset CA authentication center comprises computer equipment with legal usable IP addresses, wherein Openssl is installed on the computer equipment;
for this step, it is possible to implement the following method:
Generating, by the Web client, a corresponding public-private key pair, for example, executing a command: "openssl genrsa-des3-out/etc/httpd/conf.d/https.key", generating a corresponding public-private key pair (/ https.key);
Generating a certificate request file by a public key of the public-private key pair, for example, executing a command: "openssreq-new-key/etc/httpd/conf.d/https.key-out/etc/httpd/conf.d/https.csr", where the certificate request file is denoted "/etc/httpd/conf.d/https.csr";
transmitting the certificate request file to the CA authentication center, for example, through an SCP command;
and acquiring a corresponding CA certificate from the CA authentication center.
202. Constructing a corresponding server certificate and a corresponding client certificate based on the CA certificate, the server identification information and the identification information of the client;
for this step, it is possible to implement the following method:
Acquiring the server identification information and the identification information of the client, for example, acquiring a server identification number and a client identification number;
Combining the CA certificate and the identification information in a preset mode to obtain a corresponding server certificate and a corresponding client certificate, for example, splicing the CA certificate and the server identification number, and adding a separator between the CA certificate and the server identification number to obtain the corresponding server certificate; and splicing the CA certificate, the server identification number and the client identification number, and adding a separator between the CA certificate, the server identification number and the client identification number to obtain a corresponding client certificate.
203. Encrypting a client certificate and uploading the client certificate to a preset certificate database;
In this step, the process of encrypting the client certificate includes:
Calculating a Hash value (fingerprint) of the client certificate through a fingerprint algorithm;
Acquiring a private key corresponding to a client certificate issued by the CA authentication center;
According to the private key, a signature algorithm (Signature algorithm) is called to encrypt the Hash value;
And merging and storing the encrypted Hash value and the client certificate to obtain the encrypted client certificate.
In practical application, if the server certificate needs to be encrypted, the server certificate is encrypted by adopting the method for encrypting the client certificate, which is described in the step.
204. Acquiring data source information corresponding to a preset resource database, and storing the data source information to a preset data source information storage position;
In the step, the data source information at least comprises a server IP address, a user name and an access password corresponding to a resource database;
In this step, the preset data source information storage location is located on a local storage device.
In practical applications, the preset data source information storage location may also be deployed in a cloud database.
205. Acquiring a data access request, and inquiring corresponding client side certificates and data source information;
for this step, it is possible to implement the following method:
Acquiring a data access request;
analyzing the data access request to obtain the identification information of the database to be accessed;
inquiring a corresponding server identification number and a server IP address through the database identification information;
searching at a data source information storage place by taking the server IP address as an index, and acquiring matched data source information;
Analyzing the data source information to obtain a user name and an access password;
sending a file request based on the server identification number to a certificate database;
and inquiring the corresponding client certificate in the certificate database through the file request.
206. Decrypting the client certificate and accessing the resource database through the decrypted client certificate, the user name and the access password.
In this step, the process of accessing the resource database through the decrypted client certificate, the user name and the access password includes:
Sending a connection establishment request through a user name;
verifying the matching through public and private keys of the client certificate;
if the verification is successful, establishing an encryption connection through an access password, and accessing a resource database through the encryption connection;
if the verification fails, a new client certificate is acquired and the connection establishment request is resent.
Through implementation of the method, the CA certificate is obtained, and a server certificate and a corresponding client certificate are generated; extracting data source information corresponding to a preset resource database, encrypting the client certificate, and uploading the encrypted client certificate to the preset certificate database; acquiring a data access request, and inquiring corresponding access certificate data from a preset certificate database; obtaining a client certificate and data source information in the client certificate, decrypting the client certificate, and accessing a resource database according to the decrypted client certificate and the data source information; the CA certificate is generated through the preset CA authentication center, and the data source information and the digital certificate are uploaded, so that the copying and transmitting efficiency of the digital certificate is improved; the client certificate is encrypted through a signature algorithm, so that the security risk is reduced; the method solves the problems that the copying and transmitting processes of the digital certificate are complex and the security risk is high because the certificate is not encrypted in the existing database access scheme.
Referring to fig. 3, in a third embodiment of the data access method according to the present invention, the implementation steps of the method are as follows:
301. Acquiring data source information of a resource database, and extracting a server certificate and a client certificate corresponding to the data source information;
in the step, the data source information at least comprises resource database address information and client address information;
in the step, the server certificate and the client certificate respectively contain resource database address information and client address information;
for this step, it is possible to implement the following method:
Acquiring data source information, all server certificates and all client certificates;
analyzing the data source information to obtain the address information of the resource database and the address information of the client;
and traversing all the server certificates and all the client certificates by taking the address information of the resource database and the address information of the client as indexes, and extracting the matched server certificates and the matched client certificates.
302. Constructing access certificate data based on the data source information, the server certificate and the client certificate, and uploading the access certificate data to a preset certificate database;
for this step, it is possible to implement the following method:
Encrypting the server certificate and the client certificate respectively through CA signature to obtain an encrypted server certificate and an encrypted client certificate;
Storing the data source information, the encrypted server certificate and the encrypted client certificate with corresponding relations in a multi-dimensional array form, for example, storing the data source information, the encrypted server certificate and the encrypted client certificate in a first dimension, a second dimension and a third dimension respectively in a three-dimensional array form;
All the multidimensional arrays are uploaded to a preset certificate database.
303. Synchronizing access credential data in a credential database to each data source usage node;
for this step, it is possible to implement the following method:
Sending an acquisition request to a certificate database through each data source using node;
when a plurality of acquisition requests for the same file are received at the same time, judging whether a request queue meeting the condition exists;
If the request queue meeting the condition does not exist, randomly selecting one acquisition request from a plurality of acquisition requests, transmitting corresponding access certificate data according to the acquisition request, creating a request queue, and putting the rest of the acquisition requests into the request queue;
If the request queue meeting the condition exists, selecting an acquisition request according to the sequence in the request queue, and transmitting corresponding access certificate data according to the acquisition request.
304. Establishing a connection with a resource database through a data source using node;
for this step, it is possible to implement the following method:
analyzing the access certificate data through a data source using node to obtain data source information, an encrypted server certificate and an encrypted client certificate;
Decrypting the encrypted server certificate and the encrypted client certificate through CA authentication to obtain a server certificate and a client certificate;
And establishing the JDBC connection with the resource database based on the server certificate, the client certificate and the data source information through the data source using node.
305. And performing data access operation on the resource database through connection with the resource database.
Creating a state object;
Sending the SQL sentence to a database through the state object;
And performing access operation on the data in the resource database through the execution of the SQL statement.
In practical application, different types of state objects are selected according to different application scenes, for example: creating a state when the data access operation is to execute a simple SQL Statement without parameters; when the data access operation is to execute a precompiled SQL Statement with or without parameters, create a prepedStatement (inherit from the State); the call to perform the database storage procedure for the data access operation is to create CallableStatement (inherit from preparedstatment).
Through implementation of the method, the CA certificate is obtained, and a server certificate and a corresponding client certificate are generated; extracting data source information corresponding to a preset resource database, encrypting the client certificate, constructing access certificate data, and uploading the access certificate data to the preset certificate database; acquiring a data access request, analyzing the data access request to obtain a corresponding data identifier, and inquiring corresponding access certificate data from a preset certificate database; obtaining a client certificate and data source information in the client certificate, decrypting the client certificate, and accessing a resource database according to the decrypted client certificate and the data source information; according to the method, the access certificate data is constructed based on the data source information, the server certificate and the client certificate, the certificate is encrypted and then uploaded, and the data source uses the nodes to synchronize the certificate, so that the copying and transmitting efficiency of the digital certificate is improved, and the problems that the copying and transmitting process of the digital certificate is complex and the security risk is high due to the fact that the certificate is not encrypted in the existing database access scheme are solved.
The data access method in the embodiment of the present invention is described above, and the data access device in the embodiment of the present invention is described below, referring to fig. 4, where an embodiment of the data access device in the embodiment of the present invention includes:
The certificate generation module 401 is configured to obtain a CA certificate, and generate a server certificate and a corresponding client certificate according to the CA certificate by using a preset certificate generation manner;
a construction module 402, configured to extract data source information in a preset resource database, encrypt the client certificate, and construct access certificate data according to a correspondence among the server certificate, the client certificate, and the data source information;
An uploading module 403, configured to upload the access credential data to a preset credential database;
the query module 404 is configured to obtain a data access request, parse a data identifier therein, and query corresponding access certificate data from a preset certificate database according to the data identifier;
And the access module 405 is configured to parse the access certificate data, obtain a client certificate and data source information therein, decrypt the client certificate, and access a resource database according to the decrypted client certificate and the data source information.
Through the implementation of the device, the CA certificate is obtained, and a server certificate and a corresponding client certificate are generated; extracting data source information corresponding to a preset resource database, encrypting the client certificate, constructing access certificate data, and uploading the access certificate data to the preset certificate database; acquiring a data access request, analyzing the data access request to obtain a corresponding data identifier, and inquiring corresponding access certificate data from a preset certificate database; obtaining a client certificate and data source information in the client certificate, decrypting the client certificate, and accessing a resource database according to the decrypted client certificate and the data source information; the method solves the problems that the copying and transmitting processes of the digital certificate are complex and the security risk is high because the certificate is not encrypted in the existing database access scheme.
Referring to fig. 5, another embodiment of the data access device according to the present invention includes:
The certificate generation module 401 is configured to obtain a CA certificate, and generate a server certificate and a corresponding client certificate according to the CA certificate by using a preset certificate generation manner;
a construction module 402, configured to extract data source information in a preset resource database, encrypt the client certificate, and construct access certificate data according to a correspondence among the server certificate, the client certificate, and the data source information;
An uploading module 403, configured to upload the access credential data to a preset credential database;
the query module 404 is configured to obtain a data access request, parse a data identifier therein, and query corresponding access certificate data from a preset certificate database according to the data identifier;
The access module 405 is configured to parse the access certificate data, obtain a client certificate and data source information therein, decrypt the client certificate, and access a resource database according to the decrypted client certificate and the data source information;
the CA certificate module 406 is configured to configure a preset CA authentication center through Openssl configuration files; generating a pair of public key and private key through the CA authentication center; acquiring the public key, generating a certificate request file and sending the certificate request file to the CA authentication center; the CA authentication center processes the certificate request file to generate a corresponding CA certificate;
the data synchronization module 407 is configured to traverse the access certificate data in the certificate database and obtain an access certificate data sequence to be synchronized; traversing access certificate data in a preset synchronous data storage place to acquire a synchronized access certificate data sequence; comparing the access certificate data sequence to be synchronized with the access certificate data sequence to be synchronized to obtain a comparison result; generating a corresponding synchronous request according to the comparison result, and sending the synchronous request to a certificate database; copying the access certificate data appointed by the synchronous request according to the synchronous request, and transmitting the access certificate data to the synchronous data storage place;
in this embodiment, the certificate generation module 401 includes:
A first generation unit 4011, configured to obtain the CA certificate and an IP address of a database server, and generate, according to the CA certificate, the server certificate based on a preset address of a resource database server;
a second generation unit 4012, configured to generate, according to the server certificate, the corresponding client certificate based on a user name;
in this embodiment, the construction module 402 includes:
A first obtaining unit 4021, configured to obtain an IP address corresponding to the resource database;
a second obtaining unit 4022, configured to obtain all usernames that can access the IP address and access passwords corresponding to the usernames, to obtain the data source information, where the data source information uses the IP address as a data source information identifier;
The IP extraction unit 4023 is configured to parse the server certificate and the client certificate to obtain corresponding IP addresses respectively;
An encrypting unit 4024 configured to encrypt the client certificate based on a CA signature corresponding to the CA certificate;
A constructing unit 4025 configured to extract data source information identified by the IP address as data source information, and construct access credential data based on a server credential and a client credential corresponding to the IP address and the data source information;
In this embodiment, the query module 404 includes:
an identifier parsing unit 4041, configured to parse the data identifier, determine whether the data identifier includes an IP address of a resource database server, and if not, obtain a resource database name or a resource database server name therein;
A first query unit 4042, configured to query, according to the resource database name or the resource database server name, a corresponding resource database server IP address in a preset IP address table;
A second query unit 4043, configured to search the certificate database for the access certificate data corresponding to the IP address information with the IP address of the resource database server as an index, and obtain the matched access certificate data;
A certificate acquiring unit 4044, configured to, if the data identifier includes an IP address of a resource database server, search the certificate database for the access certificate data corresponding to the IP address information with the IP address of the resource database server as an index, and acquire the matched access certificate data;
The access module 405 includes:
a third parsing unit 4051, configured to parse the access credential data to obtain a client credential and data source information;
a certificate decryption unit 4052 configured to decrypt the client certificate based on CA authentication corresponding to the CA certificate;
A path obtaining unit 4053, configured to obtain a path connected to the resource database through a JDBC interface according to the client certificate and the corresponding data source information;
a connection establishment unit 4054, configured to establish a connection based on SSL protocol by using the user name and the access password in the data source information;
and the data access unit 4055 is used for importing the client certificate into an SSL certificate library and verifying, and if the verification is passed, accessing the database.
Through the implementation of the device, the CA certificate is obtained, and a server certificate and a corresponding client certificate are generated; extracting data source information corresponding to a preset resource database, encrypting the client certificate, constructing access certificate data, and uploading the access certificate data to the preset certificate database; acquiring a data access request, analyzing the data access request to obtain a corresponding data identifier, and inquiring corresponding access certificate data from a preset certificate database; obtaining a client certificate and data source information in the client certificate, decrypting the client certificate, and accessing a resource database according to the decrypted client certificate and the data source information; the method solves the problems that the copying and transmitting processes of the digital certificate are complex and the security risk is high because the certificate is not encrypted in the existing database access scheme.
Referring to FIG. 6, one embodiment of a computer device in accordance with embodiments of the present invention is described in detail below from a hardware processing perspective.
Fig. 6 is a schematic diagram of a computer device according to an embodiment of the present invention, where the computer device 600 may have a relatively large difference due to configuration or performance, and may include one or more processors (central processing units, CPU) 610 (e.g., one or more processors) and a memory 620, and one or more storage mediums 630 (e.g., one or more mass storage devices) storing applications 633 or data 632. Wherein the memory 620 and the storage medium 630 may be transitory or persistent storage. The program stored on the storage medium 630 may include one or more modules (not shown), each of which may include a series of instruction operations in the computer device 600. Still further, the processor 610 may be configured to communicate with a storage medium 630 and execute a series of instruction operations in the storage medium 630 on the computer device 600.
The computer device 600 may also include one or more power supplies 640, one or more wired or wireless network interfaces 650, one or more input/output interfaces 660, and/or one or more operating systems 631, such as Windows Serve, mac OS X, unix, linux, freeBSD, and the like. It will be appreciated by those skilled in the art that the computer device structure shown in FIG. 6 is not limiting of the computer device provided by the present application and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
The present invention also provides a computer readable storage medium, which may be a non-volatile computer readable storage medium, and which may also be a volatile computer readable storage medium, having stored therein instructions that, when executed on a computer, cause the computer to perform the steps of the data access method described above.
In practice, the methods provided above may be implemented based on artificial intelligence techniques, where artificial intelligence (ARTIFICIAL INTELLIGENCE, AI) is a theory, method, technique, and application system that uses a digital computer or digital computer-controlled machine to simulate, extend, and expand human intelligence, sense the environment, acquire knowledge, and use knowledge to obtain optimal results. The cloud server can be executed based on a server, and the server can be an independent server or a cloud server for providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDNs), basic cloud computing services such as big data and artificial intelligence platforms and the like.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus and units described above may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (8)
1. A data access method, the data access method comprising:
Obtaining a CA (certificate authority) certificate, and generating a server certificate and a corresponding client certificate according to the CA certificate by a preset certificate generation mode;
extracting an IP address corresponding to the resource database; acquiring all user names which can access the IP address and access passwords corresponding to the user names to obtain data source information, wherein the data source information is identified by taking the IP address as the data source information; analyzing the server certificate, the client certificate and the data source information to obtain that the IP addresses respectively corresponding to the server certificate, the client certificate and the data source information are the same; encrypting the client certificate based on a CA signature corresponding to the CA certificate; extracting data source information identified by taking the IP address as data source information, and constructing access certificate data based on the server certificate, the client certificate and the data source information corresponding to the IP address;
Uploading the access certificate data to a preset certificate database;
Acquiring a data access request, analyzing the data access request to obtain a corresponding data identifier, analyzing the data identifier, judging whether the data identifier comprises an IP address of a resource database server, and if not, acquiring a resource database name or a resource database server name; inquiring a corresponding IP address of a resource database server in a preset IP address table according to the name of the resource database or the name of the resource database server; searching the access certificate data corresponding to the IP address information in the certificate database by taking the IP address of the resource database server as an index, and acquiring the matched access certificate data; if the data identifier comprises an IP address of a resource database server, searching the access certificate data corresponding to the IP address information in the certificate database by taking the IP address of the resource database server as an index, and acquiring the matched access certificate data;
Analyzing the access certificate data, obtaining the client certificate and the data source information, decrypting the client certificate, and accessing the resource database according to the decrypted client certificate and the data source information.
2. The data access method according to claim 1, wherein the obtaining the CA certificate, according to the CA certificate, generates a server certificate and a corresponding client certificate by a preset certificate generation manner, includes:
Acquiring the CA certificate and the IP addresses of all the resource database servers, and generating a server certificate based on the IP addresses of the preset resource database servers according to the CA certificate;
and generating the corresponding client certificate based on the user name according to the server certificate.
3. The method for accessing data according to claim 1, wherein said parsing the access certificate data to obtain a client certificate and data source information therein, decrypting the client certificate, and accessing a resource database according to the decrypted client certificate and the data source information, comprises:
analyzing the access certificate data to obtain a client certificate and data source information;
decrypting the client certificate based on a CA certificate corresponding to the CA certificate;
Obtaining a path connected with a resource database through a JDBC interface according to the client certificate and the corresponding data source information;
establishing connection under SSL protocol through user name and access password in data source information;
And importing the client certificate into an SSL certificate library and verifying, and if the verification is passed, accessing the database.
4. The data access method according to claim 1, further comprising, before the obtaining the CA certificate, generating the server certificate and the corresponding client certificate according to the CA certificate by a preset certificate generation manner:
configuring a preset CA authentication center through Openssl configuration files;
generating a pair of public key and private key through the CA authentication center;
Acquiring the public key, generating a certificate request file and sending the certificate request file to the CA authentication center;
And the CA authentication center processes the certificate request file to generate a corresponding CA certificate.
5. The data access method according to claim 1, wherein, before parsing the access certificate data to obtain a client certificate and data source information therein, decrypting the client certificate, and accessing a resource database according to the decrypted client certificate and the data source information, further comprising:
Traversing access certificate data in the certificate database to acquire an access certificate data sequence to be synchronized;
Traversing access certificate data in a preset synchronous data storage place to acquire a synchronized access certificate data sequence;
comparing the access certificate data sequence to be synchronized with the synchronized access certificate data sequence to obtain a comparison result;
Generating a corresponding synchronous request according to the comparison result, and sending the synchronous request to a certificate database;
and copying the access certificate data appointed by the synchronous request according to the synchronous request, and transmitting the access certificate data to the synchronous data storage place.
6. A data access device, the data access device comprising:
the certificate generation module is used for acquiring a CA certificate, and generating a server certificate and a corresponding client certificate according to the CA certificate by a preset certificate generation mode;
the construction module is used for extracting the IP address corresponding to the resource database; acquiring all user names which can access the IP address and access passwords corresponding to the user names to obtain data source information, wherein the data source information is identified by taking the IP address as the data source information; analyzing the server certificate, the client certificate and the data source information to obtain that the IP addresses respectively corresponding to the server certificate, the client certificate and the data source information are the same; encrypting the client certificate based on a CA signature corresponding to the CA certificate; extracting data source information identified by taking the IP address as data source information, and constructing access certificate data based on the server certificate, the client certificate and the data source information corresponding to the IP address;
the uploading module is used for uploading the access certificate data to a preset certificate database;
The query module is used for acquiring a data access request, analyzing the data access request to obtain a corresponding data identifier, analyzing the data identifier, judging whether the data identifier comprises an IP address of a resource database server, and acquiring a resource database name or a resource database server name if the data identifier does not comprise the IP address; inquiring a corresponding IP address of a resource database server in a preset IP address table according to the name of the resource database or the name of the resource database server; searching the access certificate data corresponding to the IP address information in the certificate database by taking the IP address of the resource database server as an index, and acquiring the matched access certificate data; if the data identifier comprises an IP address of a resource database server, searching the access certificate data corresponding to the IP address information in the certificate database by taking the IP address of the resource database server as an index, and acquiring the matched access certificate data;
the access module is used for analyzing the access certificate data, obtaining the client certificate and the data source information, decrypting the client certificate, and accessing the resource database according to the decrypted client certificate and the data source information.
7. A computer device, comprising: a memory and at least one processor, the memory having instructions stored therein, the memory and the at least one processor being interconnected by a line;
The at least one processor invokes the instructions in the memory to cause the computer device to perform the steps of the data access method of any of claims 1-5.
8. A computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor realizes the steps of the data access method according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210374822.0A CN114760129B (en) | 2022-04-11 | 2022-04-11 | Data access method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210374822.0A CN114760129B (en) | 2022-04-11 | 2022-04-11 | Data access method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114760129A CN114760129A (en) | 2022-07-15 |
| CN114760129B true CN114760129B (en) | 2024-07-09 |
Family
ID=82329586
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210374822.0A Active CN114760129B (en) | 2022-04-11 | 2022-04-11 | Data access method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114760129B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115834583A (en) * | 2022-11-23 | 2023-03-21 | 南方电网数字平台科技(广东)有限公司 | A method and system for cloud-side secure communication |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109587101A (en) * | 2017-09-29 | 2019-04-05 | 腾讯科技(深圳)有限公司 | A kind of digital certificate management method, device and storage medium |
| CN110971593A (en) * | 2019-11-19 | 2020-04-07 | 许昌许继软件技术有限公司 | Database secure network access method |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3791464B2 (en) * | 2002-06-07 | 2006-06-28 | ソニー株式会社 | Access authority management system, relay server and method, and computer program |
| CN101742508A (en) * | 2009-12-21 | 2010-06-16 | 中兴通讯股份有限公司 | System and method for transferring files between WAPI terminal and application server |
| CN111416807B (en) * | 2020-03-13 | 2022-06-07 | 苏州科达科技股份有限公司 | Data acquisition method, device and storage medium |
| CN112291279B (en) * | 2020-12-31 | 2021-04-06 | 南京敏宇数行信息技术有限公司 | Router intranet access method, system and equipment and readable storage medium |
-
2022
- 2022-04-11 CN CN202210374822.0A patent/CN114760129B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109587101A (en) * | 2017-09-29 | 2019-04-05 | 腾讯科技(深圳)有限公司 | A kind of digital certificate management method, device and storage medium |
| CN110971593A (en) * | 2019-11-19 | 2020-04-07 | 许昌许继软件技术有限公司 | Database secure network access method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114760129A (en) | 2022-07-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yang et al. | Lightweight and privacy-preserving delegatable proofs of storage with data dynamics in cloud storage | |
| Yang et al. | An efficient and secure dynamic auditing protocol for data storage in cloud computing | |
| US8693690B2 (en) | Organizing an extensible table for storing cryptographic objects | |
| Blass et al. | PRISM–privacy-preserving search in MapReduce | |
| JP6180177B2 (en) | Encrypted data inquiry method and system capable of protecting privacy | |
| US9219722B2 (en) | Unclonable ID based chip-to-chip communication | |
| Li et al. | Integrity-verifiable conjunctive keyword searchable encryption in cloud storage | |
| Zhang et al. | An expressive (zero-knowledge) set accumulator | |
| CN110457915B (en) | Efficient and searchable symmetric encryption method and system with forward and backward security | |
| CN104995632A (en) | Privacy Preserving Database System | |
| Giri et al. | A survey on data integrity techniques in cloud computing | |
| CN114629713B (en) | Identity verification method, device and system | |
| EP3350744B1 (en) | Digital data locker system providing enhanced security and protection for data storage and retrieval | |
| CN114679272B (en) | Cloud storage system and method using quantum key encryption | |
| Shao et al. | Achieve efficient and verifiable conjunctive and fuzzy queries over encrypted data in cloud | |
| CN120128436B (en) | Motion data safety management method and system in meta-universe intelligent motion | |
| CN114760129B (en) | Data access method, device, equipment and storage medium | |
| Manjyanaik et al. | Preserving Confidential Data Using Improved Rivest-Shamir Adleman to Secure Multi-Cloud. | |
| Zhu et al. | A Verifiable and Efficient Symmetric Searchable Encryption Scheme for Dynamic Dataset With Forward and Backward Privacy | |
| Li et al. | Secure deduplication storage systems with keyword search | |
| CN104283930B (en) | Keyword search system for security index and method for establishing the system | |
| CN113609077A (en) | File retrieval method, system, storage medium and equipment | |
| CN115048432A (en) | Bloom filter-based fuzzy keyword public auditing method | |
| Suguna et al. | Privacy preserving data auditing protocol for secure storage in mobile cloud computing | |
| Chouhan et al. | Reliable verification of distributed encoded data fragments in the cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |