[go: up one dir, main page]

TW201301077A - Database data management method and system - Google Patents

Database data management method and system Download PDF

Info

Publication number
TW201301077A
TW201301077A TW100122980A TW100122980A TW201301077A TW 201301077 A TW201301077 A TW 201301077A TW 100122980 A TW100122980 A TW 100122980A TW 100122980 A TW100122980 A TW 100122980A TW 201301077 A TW201301077 A TW 201301077A
Authority
TW
Taiwan
Prior art keywords
field
data
database
encrypted
client computer
Prior art date
Application number
TW100122980A
Other languages
Chinese (zh)
Inventor
Ming-Taw Chung
Wei-Ling Bin
Chih-Ti Chen
Original Assignee
Hon Hai Prec Ind Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hon Hai Prec Ind Co Ltd filed Critical Hon Hai Prec Ind Co Ltd
Publication of TW201301077A publication Critical patent/TW201301077A/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention provides a database data management method and system. The method includes: receiving a client computer's needs to access the database in the host; verifying the client computer's permission, to determine whether the client computer has access permission, when the client computer has access license, selecting the client computer's needs, if the client computer want to encrypt the data in the database, then encrypting the sensitive database information, receiving the client computer's operation on the database and having the same data manipulation corresponding to the database; if the client computer need to decrypt the data in the database, then decrypting the sensitive database information. The present invention can protect sensitive data, to achieve data security for database encryption and decryption process.

Description

資料庫資料管理方法及系統Database data management method and system

本發明涉及一種資料庫資料管理方法及系統。The invention relates to a database data management method and system.

目前電腦系統的維護主要有以下方式:(1)將其交給本公司內部的專業IT部門維護,(2)將其外包給公司以外的機構維護,(3)請專業的DBA進行維護,DBA全稱為DataBase Administrator,指資料庫管理員。At present, the maintenance of computer systems mainly includes the following methods: (1) handing it over to the professional IT department within the company for maintenance, (2) outsourcing it to the organization outside the company for maintenance, and (3) asking the professional DBA for maintenance, DBA. Fully referred to as DataBase Administrator, refers to the database administrator.

這三種維護方式都會帶來以下的缺點:These three maintenance methods will bring the following shortcomings:

(1)對於一些存儲敏感資料的電腦系統,由於需要IT人員的維護,一些敏感資料容易被IT人員竊取並進行非法交易,這樣不僅洩漏了個人的隱私,同時也對公司的資訊安全帶來了嚴重的潛在威脅。(1) For some computer systems that store sensitive data, because of the maintenance of IT personnel, some sensitive information is easily stolen by IT personnel and illegally traded, which not only leaks personal privacy, but also brings information security to the company. A serious potential threat.

(2)資料庫的維護需要極高的系統許可權和資料庫許可權,這樣DBA就可以對敏感資料進行查看、修改甚至是刪除的動作,這樣對資料庫進行維護,IT人員可能會洩密資料,從而造成公司的財產損失。(2) The maintenance of the database requires extremely high system license and database permission, so that the DBA can view, modify or even delete the sensitive data, so that the database can be maintained and the IT staff may disclose the information. , resulting in the loss of property of the company.

鑒於以上內容,有必要提供一種資料庫資料管理方法及系統,可以對敏感資料進行保護,實現對資料庫資料安全的加密及解密過程。In view of the above, it is necessary to provide a database data management method and system, which can protect sensitive data and realize the process of encrypting and decrypting the data of the database.

所述資料庫資料管理方法,應用於資料庫資料的管理,該方法包括以下步驟:接收步驟:接收用戶端電腦對主機中資料庫的訪問需求,所述用戶端電腦通過網路連接至主機;驗證步驟:驗證用戶端電腦的許可權,判斷用戶端電腦是否有訪問許可權,當用戶端電腦有訪問許可權時,則執行選擇步驟,否則,直接結束流程,驗證過程中對用戶端電腦的電腦名稱、IP位址及用戶端密鑰進行驗證;選擇步驟:選擇用戶端電腦對主機的訪問需求,當用戶端電腦需要加密資料庫的資料時,則執行加密步驟,當用戶端電腦需要解密資料庫的資料時,則執行解密步驟;加密步驟:加密資料庫中的敏感資料;處理步驟:接收用戶端電腦對資料庫的資料操作,並對應在資料庫中進行相同的資料操作,所述對資料庫的資料操作,為對資料庫中的資料進行增加、刪除、修改、查詢的操作;解密步驟:解密資料庫中的敏感資料。The data base data management method is applied to the management of the database data, and the method comprises the following steps: receiving the step of: receiving the access requirement of the user computer to the database in the host, wherein the user terminal computer is connected to the host through the network; Verification step: verify the permission of the client computer, determine whether the client computer has access permission, and when the client computer has access permission, perform the selection step; otherwise, directly terminate the process, and verify the process to the client computer. The computer name, IP address and client key are verified; the selection step is: selecting the access requirement of the host computer to the host, and when the client computer needs to encrypt the data of the database, the encryption step is performed, when the user computer needs to decrypt When the data of the database is used, the decryption step is performed; the encryption step: encrypting the sensitive data in the database; and the processing step: receiving the data operation of the database by the client computer, and performing the same data operation in the database, The operation of the data in the database is to add, delete, and modify the data in the database. Action query; decryption step: decrypting database of sensitive information.

所述資料庫資料管理系統,運行於主機中,該系統包括:接收模組,用於接收用戶端電腦對主機中資料庫的訪問需求,所述用戶端電腦通過網路連接至主機;驗證模組,用於驗證用戶端電腦的許可權,判斷用戶端電腦是否有訪問許可權,驗證過程中對用戶端電腦的電腦名稱、IP位址及用戶端密鑰進行驗證;選擇模組,用於當用戶端電腦有訪問許可權時,選擇用戶端電腦對主機的訪問需求,判斷用戶端電腦是需要加密資料庫的資料,還是需要解密資料庫的資料;加密模組,用於當用戶端電腦需要加密資料庫的資料時,加密資料庫中的敏感資料;處理模組,用於接收用戶端電腦對資料庫的資料操作,並對應在資料庫中進行相同的資料操作,所述對資料庫的資料操作,為對資料庫中的資料進行增加、刪除、修改、查詢的操作;解密模組,用於當用戶端電腦需要解密資料庫的資料時,解密資料庫中的敏感資料。The database data management system is run in a host, the system includes: a receiving module, configured to receive a user terminal computer to access a database in the host, the client computer is connected to the host through a network; The group is used to verify the permission of the client computer, determine whether the client computer has access permission, verify the computer name, IP address and client key of the client computer during the verification process; select the module for When the client computer has access permission, select the access requirement of the client computer to the host, determine whether the client computer needs to encrypt the data of the database, or need to decrypt the data of the database; the encryption module is used as the client computer. When the data of the database needs to be encrypted, the sensitive data in the database is encrypted; the processing module is configured to receive the data operation of the database by the client computer, and perform the same data operation in the database, the pair of databases The data operation is to add, delete, modify, and query the data in the database; the decryption module is used to be used as the user terminal. To decrypt data from a database, the database decryption of sensitive information.

相較於習知技術,本發明所述之資料庫資料管理方法及系統,使具有維護許可權的工作人員也無法看到真實資料,可以對敏感資料進行保護,從而實現對資料庫資料安全的加密及解密過程。Compared with the prior art, the data base data management method and system of the present invention enable a staff member with maintenance permission to see the real data, and can protect the sensitive data, thereby realizing the security of the database data. Encryption and decryption process.

如圖1所示,係為本發明資料庫資料管理系統較佳實施例之架構圖。1 is an architectural diagram of a preferred embodiment of a database material management system of the present invention.

資料庫資料管理系統10運行於主機1中,該主機1中還包括資料庫11,所述主機1通過網路2與用戶端電腦3連接。所述用戶端電腦3可有多個,圖1中僅畫出一個。所述網路2可以是企業內部網(Intranet)或乙太網(Ethernet),也可以是網際網路(Internet)或其他類型的通訊網路。The database material management system 10 runs in the host 1, and the host 1 further includes a database 11, which is connected to the client computer 3 via the network 2. There may be more than one client computer 3, and only one is shown in FIG. The network 2 can be an intranet or an Ethernet, or an Internet or other type of communication network.

如圖2所示,係為本發明資料庫資料管理系統較佳實施例之功能模組圖。As shown in FIG. 2, it is a functional module diagram of a preferred embodiment of the database material management system of the present invention.

所述資料庫資料管理系統10包括接收模組100、驗證模組101、選擇模組102、加密模組103、解密模組104、處理模組105。The database management system 10 includes a receiving module 100, a verification module 101, a selection module 102, an encryption module 103, a decryption module 104, and a processing module 105.

所述接收模組100用於接收用戶端電腦3對主機1中資料庫11的訪問需求。The receiving module 100 is configured to receive an access requirement of the client computer 3 to the database 11 in the host 1.

所述驗證模組101用於驗證用戶端電腦3的許可權,判斷用戶端電腦3是否有訪問許可權。驗證過程中對用戶端電腦3的電腦名稱、IP位址及用戶端密鑰進行驗證,只有當所述三者完全正確時,才能證明用戶端電腦3是安全管理員添加了用戶信任憑證的用戶,才可以對資料庫11中的某些敏感資料進行加密及解密操作。所述用戶端密鑰是加密及解密用戶端電腦3的電腦名稱及IP位址的密鑰。The verification module 101 is configured to verify the permission of the client computer 3 and determine whether the client computer 3 has access permission. During the verification process, the computer name, IP address and client key of the client computer 3 are verified. Only when the three are completely correct can the client computer 3 be a user whose security administrator has added the user trust certificate. Only certain sensitive data in the database 11 can be encrypted and decrypted. The client key is a key for encrypting and decrypting the computer name and IP address of the client computer 3.

安全管理員是資料庫11中的用戶,主要負責授權的工作,通過對資料庫資料管理系統10添加用戶信任憑證,將敏感資料的訪問許可權授權給某一用戶端電腦3。安全管理員擁有最大的許可權,只有安全管理員能直接查看到資料庫11中所有敏感資料的加密及解密的資訊。安全管理員可以對所有敏感資料進行加密及解密操作。The security administrator is the user in the database 11, and is mainly responsible for the authorized work. By adding the user trust credentials to the database material management system 10, the access permission of the sensitive data is authorized to a certain client computer 3. The security administrator has the largest permission, and only the security administrator can directly view the encrypted and decrypted information of all sensitive data in the database 11. Security administrators can encrypt and decrypt all sensitive data.

主機1中安全管理員隨機產生一個主密鑰Master Key,所述Master Key是用於加密及解密資料庫11中的敏感資料的密鑰。Master Key在資料庫資料管理系統10中至關重要,如果有人拿到了Master Key,那麼就可以破解資料庫11中的所有加密資料,所以為了對Master Key進行保護,還需要對Master Key(其實就是一串字串)進行再次加密,這樣Master Key即使被人拿到了,也是一串密文。因此安全管理員會產生一個User Key,User Key存儲於主機1的系統檔案中,利用User Key作為密鑰對Master Key進行MD5不可逆加密,並將加密後密鑰Table Key存放在資料庫11中。綜上所述:對主密鑰Master Key的管理採取不可逆的MD5方式加密,這樣只有安全管理員知道密碼,增強了主密鑰Master Key的安全性。安全管理員可產生多個User Key,不同的User Key可對應擁有對於資料庫11的不同敏感資料的訪問許可權。在主機1對用戶端電腦3添加用戶信任憑證時,對應不同的訪問許可權,將User Key賦予用戶端電腦3,所述User Key即為用戶端密鑰。即主機1中只有一個Master Key,但可同時存在多個User Key,不同的User Key對應不同敏感資料的訪問許可權,不同的User Key可以被賦予不同的用戶端電腦3,每個User Key均可與Master Key生成一個Table Key存儲於資料庫11中。The security administrator in the host 1 randomly generates a master key, which is a key for encrypting and decrypting sensitive data in the database 11. Master Key is very important in the database data management system 10. If someone gets the Master Key, then all the encrypted data in the database 11 can be cracked. Therefore, in order to protect the Master Key, the Master Key is required. A string of strings is re-encrypted so that the Master Key is a string of ciphertext even if it is taken. Therefore, the security administrator generates a User Key, which is stored in the system file of the host 1, uses the User Key as a key to perform MD5 irreversible encryption on the Master Key, and stores the encrypted key Table Key in the database 11. To sum up: the management of the master key Master Key adopts irreversible MD5 encryption, so that only the security administrator knows the password and enhances the security of the master key Master Key. The security administrator can generate multiple User Keys, and different User Keys can have access permissions for different sensitive materials of the database 11. When the host 1 adds the user trust credential to the client computer 3, the user key is assigned to the client computer 3 corresponding to different access permissions, and the user key is the client key. That is, there is only one Master Key in the host 1, but multiple User Keys can exist at the same time. Different User Keys correspond to different sensitive data access rights. Different User Keys can be assigned to different user computers 3, and each User Key is A Table Key can be generated with the Master Key and stored in the database 11.

所述選擇模組102用於當用戶端電腦3有訪問許可權時,選擇用戶端電腦3對主機1的訪問需求,判斷用戶端電腦3是需要加密資料庫11的資料,還是需要解密資料庫11的資料。The selection module 102 is configured to select the access requirement of the client computer 3 to the host 1 when the client computer 3 has the access permission, determine whether the client computer 3 needs to encrypt the data of the database 11, or need to decrypt the database. 11 information.

所述加密模組103用於當用戶端電腦3需要加密資料庫11的資料時,加密資料庫11中的敏感資料。The encryption module 103 is configured to encrypt sensitive data in the database 11 when the client computer 3 needs to encrypt the data of the database 11.

所述加密模組103通過下述步驟加密敏感資料:從ALL_TABLES中取得需加密欄位的資料類型,並根據不同的資料類型調用相應的處理方法,所述需加密欄位為敏感資料所在欄位,所述ALL_TABLES是資料庫11中所有表的一個集合,所述處理方法指對應不同的資料類型的不同的加密處理方法,如資料類型為字元或數值類型,則其所對應的加密處理方法不同;從資料庫11的資料字典中取得需加密欄位的相關資訊,並移除需加密欄位上的相關約束,所述相關資訊如預設值等,所述資料字典中存儲著需加密欄位的相關屬性資訊,如預設值、相關約束等,所述相關約束指需加密欄位上的約束條件,如欄位為性別時,則其約束條件為只能輸入“男”或“女”;在需加密欄位所在表中添加臨時欄位,並將需加密欄位中資料複製至臨時欄位中;將需加密欄位清空,並將需加密欄位中資料類型轉變為RAW類型;將臨時欄位中資料進行加密,並將加密後資料複製至需加密欄位中,所述加密為利用主機1中安全管理員所產生的Master Key作為密鑰,採取加密演算法對臨時欄位中資料進行加密,所述加密演算法為AES256、AES、3DES-2KEY三種加密演算法其中之一;記錄加密的相關資訊至一個記錄表中,並刪除臨時欄位,所述記錄表中包括需加密欄位資料類型、需加密欄位上的相關約束、從資料字典中取得的需加密欄位的相關資訊以及採取的加密演算法。The encryption module 103 encrypts the sensitive data by the following steps: obtaining the data type of the field to be encrypted from the ALL_TABLES, and calling the corresponding processing method according to different data types, where the encrypted field is the field of the sensitive data. The ALL_TABLES is a set of all the tables in the database 11, and the processing method refers to different encryption processing methods corresponding to different data types. If the data type is a character or a numeric type, the corresponding encryption processing method is used. Different; obtain the relevant information of the field to be encrypted from the data dictionary of the database 11 and remove the relevant constraints on the field to be encrypted, such as a preset value, etc., the data dictionary stores the encryption to be encrypted Relevant attribute information of the field, such as preset value, related constraints, etc., the relevant constraint refers to the constraint condition on the field to be encrypted. If the field is gender, the constraint condition is that only "male" or " Female"; add a temporary field in the table where the encrypted field is required, and copy the data in the encrypted field to the temporary field; the encrypted field will be cleared, and the encrypted column will be needed. The data type is changed to the RAW type; the data in the temporary field is encrypted, and the encrypted data is copied into the required encryption field, and the encryption is performed by using the Master Key generated by the security administrator in the host 1 as a key. The encryption algorithm is used to encrypt the data in the temporary field, and the encryption algorithm is one of three encryption algorithms: AES256, AES, and 3DES-2KEY; recording the encrypted related information into a record table, and deleting the temporary field The record table includes the type of the data field to be encrypted, the relevant constraints on the field to be encrypted, the related information of the field to be encrypted obtained from the data dictionary, and the encryption algorithm adopted.

在加密前,敏感資料是可見的,在加密模組103對敏感資料進行加密後,該敏感資料所在表的名稱變更為“E$+原表名”,敏感資料是隱藏的,用戶端電腦3的用戶是見不到敏感資料的,此時在資料庫11中,產生一張和原表名名字相同的視圖供用戶端電腦3的用戶進行操作,此視圖中敏感資料是隱藏的。Before the encryption, the sensitive data is visible. After the encryption module 103 encrypts the sensitive data, the name of the sensitive data table is changed to “E$+ original table name”, and the sensitive data is hidden, and the user computer 3 The user does not see the sensitive data. At this time, in the database 11, a view having the same name as the original table name is generated for the user of the client computer 3, and the sensitive data in this view is hidden.

所述處理模組105用於接收用戶端電腦3對資料庫11的資料操作,並對應在資料庫11中進行相同的資料操作。所述對資料庫11的資料操作,為對資料庫11中的資料進行增加、刪除、修改、查詢的操作。The processing module 105 is configured to receive the data operation of the database 11 by the client computer 3, and perform the same data operation in the database 11. The data operation on the database 11 is an operation of adding, deleting, modifying, and querying the data in the database 11.

當用戶端電腦3的用戶需要對資料庫11中的資料進行增加、刪除、修改和查詢的相關操作時,所述接收模組100接收用戶端電腦3輸入的User Key,並調用存儲在資料庫11中對應的Table Key,之後用戶端電腦3的用戶在所述和原表名名字相同的視圖上進行資料操作,對應該在視圖上的資料操作,則處理模組105在資料庫11中對應進行同樣的資料操作。When the user of the client computer 3 needs to perform operations related to adding, deleting, modifying and querying the data in the database 11, the receiving module 100 receives the User Key input by the client computer 3 and calls the stored in the database. After the corresponding Table Key, the user of the client computer 3 performs the data operation on the view with the same name as the original table name, and corresponds to the data operation in the view, the processing module 105 corresponds to the data library 11 Do the same data operation.

此時,如果用戶端電腦3的用戶輸入User Key直接去訪問“E$+原表名”這張表,則返回的是加密文本,同理用戶不輸入User Key而是直接去訪問和原表名名字相同的視圖,則會返回空文本。由此來實現用戶端電腦3對敏感資料的透明化操作,杜絕了用戶操作到敏感資料。At this time, if the user of the client computer 3 inputs the User Key and directly accesses the "E$+ original table name" table, the returned text is the encrypted text, and the same user does not input the User Key but directly accesses the original table. A view with the same name will return empty text. Thereby, the transparent operation of the sensitive data by the client computer 3 is realized, and the user operates the sensitive data.

所述解密模組104用於當用戶端電腦3需要對資料庫11的資料進行操作時,解密資料庫11中的敏感資料。The decryption module 104 is configured to decrypt sensitive data in the database 11 when the client computer 3 needs to operate on the data of the database 11.

所述解密模組104通過下述步驟解密敏感資料:從所述記錄表中取得需解密欄位資料,並在需解密欄位所在表中添加RAW類型臨時欄位,所述需解密欄位為敏感資料所在欄位;將需解密欄位複製至臨時欄位,並將需解密欄位清空;將需解密欄位資料類型轉換為原資料類型;將臨時欄位資料進行解密,並將解密後資料複製至需解密欄位,所述解密為由所述記錄表上得到需解密欄位的加密演算法,並利用所述Master Key做為密鑰,採取相關解密演算法進行逆向解密;恢復需解密欄位的預設值及欄位約束;將加密相關資訊從所述記錄表上移除,並刪除臨時欄位。所述原資料類型、需解密欄位的預設值及欄位約束由所述記錄表上得到。The decryption module 104 decrypts the sensitive data by acquiring the data of the field to be decrypted from the record table, and adding a temporary field of the RAW type in the table where the field to be decrypted is added, and the field to be decrypted is The field where the sensitive data is located; the field to be decrypted is copied to the temporary field, and the field to be decrypted is cleared; the type of the data to be decrypted is converted to the original data type; the temporary field data is decrypted, and the data is decrypted. The data is copied to the field to be decrypted, and the decryption is an encryption algorithm obtained by the record table to obtain a decryption field, and the master key is used as a key, and the relevant decryption algorithm is used for reverse decryption; Decrypt the preset value of the field and the field constraint; remove the encrypted related information from the record table, and delete the temporary field. The original data type, the preset value of the field to be decrypted, and the field constraint are obtained from the record table.

在解密過程中,首先需要接收模組100接收用戶端電腦3的用戶端密鑰User Key,並調用存儲在資料庫11中對應的Table Key,解密模組104即可對相關敏感資料進行解密。In the decryption process, the receiving module 100 first needs to receive the user key User Key of the client computer 3, and calls the corresponding Table Key stored in the database 11, and the decryption module 104 can decrypt the relevant sensitive data.

本發明以保護敏感資料,讓維護人員也無法看到真實資料為目的,利用用戶端密鑰管理(加強對加密操作人員密碼的管理和保護)、IP和主機管控(限制加密操作人員登錄的用戶端電腦3以及唯一的IP位址)、操作流程日誌監控(為本發明中所述記錄表,對加密操作人員所作的任何一個動作都有詳盡的記錄)特性,從而形成了一個特有的資料加密及解密流程。The invention protects sensitive data, and the maintenance personnel can not see the real data for the purpose, using the client key management (enhance the management and protection of the encryption operator password), IP and host management (restricting the user who logs in to the encryption operator) The end computer 3 and the unique IP address), the operation flow log monitoring (the recording table described in the present invention, and the detailed operation of any action performed by the encryption operator) are characterized, thereby forming a unique data encryption. And the decryption process.

如圖3所示,係為本發明資料庫資料管理方法較佳實施例之流程圖。As shown in FIG. 3, it is a flowchart of a preferred embodiment of the data management method of the database of the present invention.

步驟S100,所述接收模組100接收用戶端電腦3對主機1中資料庫11的訪問需求。In step S100, the receiving module 100 receives the access requirement of the client computer 3 to the database 11 in the host 1.

步驟S101,所述驗證模組101驗證用戶端電腦3的許可權,判斷用戶端電腦3是否有訪問許可權。當用戶端電腦3有訪問許可權時,則執行步驟S102,否則,直接結束流程。In step S101, the verification module 101 verifies the permission of the client computer 3, and determines whether the client computer 3 has access permission. When the client computer 3 has the access permission, step S102 is performed; otherwise, the flow is directly ended.

驗證過程中對用戶端電腦3的電腦名稱、IP位址及用戶端密鑰進行驗證,只有當所述三者完全正確時,才能證明用戶端電腦3是安全管理員添加了用戶信任憑證的用戶,才可以對資料庫11中的敏感資料進行加密及解密操作。所述用戶端密鑰是加密及解密用戶端電腦3的電腦名稱及IP位址的密鑰。During the verification process, the computer name, IP address and client key of the client computer 3 are verified. Only when the three are completely correct can the client computer 3 be a user whose security administrator has added the user trust certificate. Only the sensitive data in the database 11 can be encrypted and decrypted. The client key is a key for encrypting and decrypting the computer name and IP address of the client computer 3.

步驟S102,所述選擇模組102選擇用戶端電腦3對主機1的訪問需求,判斷用戶端電腦3是需要加密資料庫11的資料,還是需要解密資料庫11的資料。當用戶端電腦3需要加密資料庫11的資料時,則執行步驟S103,當用戶端電腦3需要解密資料庫11的資料時,則執行步驟S104。In step S102, the selection module 102 selects the access requirement of the client computer 3 to the host 1, determines whether the client computer 3 needs to encrypt the data of the database 11, or needs to decrypt the data of the database 11. When the client computer 3 needs to encrypt the data of the database 11, the process proceeds to step S103. When the client computer 3 needs to decrypt the data of the database 11, the process proceeds to step S104.

步驟S103,所述加密模組103加密資料庫11中的敏感資料。所述加密過程將在圖4中詳細介紹。In step S103, the encryption module 103 encrypts the sensitive data in the database 11. The encryption process will be described in detail in FIG.

在加密前,敏感資料時可見的,在加密模組103對敏感資料進行加密後,該敏感資料所在表的名稱變更為“E$+原表名”,用戶端電腦3的用戶是見不到敏感資料的,此時在資料庫11中,產生一張和原表名名字相同的視圖供用戶端電腦3的用戶進行操作,在該視圖中敏感資料也是隱藏的。Before the encryption, when the sensitive data is visible, after the encryption module 103 encrypts the sensitive data, the name of the table where the sensitive data is located is changed to “E$+ original table name”, and the user of the user computer 3 cannot see For sensitive data, in the database 11, a view having the same name as the original table name is generated for the user of the client computer 3 to operate, and the sensitive data is also hidden in the view.

步驟S105,所述處理模組105接收用戶端電腦3對資料庫11的資料操作。所述對資料庫11的資料操作,為對資料庫11中的資料進行增加、刪除、修改、查詢的操作。In step S105, the processing module 105 receives the data operation of the database 11 by the client computer 3. The data operation on the database 11 is an operation of adding, deleting, modifying, and querying the data in the database 11.

當用戶端電腦3的用戶需要對資料庫11中的資料進行增加、刪除、修改和查詢的相關操作時,所述接收模組100接收用戶端電腦3輸入的User Key,並調用存儲在資料庫11中對應的Table Key,之後用戶端電腦3的用戶在所述和原表名名字相同的視圖上進行資料操作,對應該在視圖上的資料操作,處理模組105在資料庫11進行同樣的資料操作。When the user of the client computer 3 needs to perform operations related to adding, deleting, modifying and querying the data in the database 11, the receiving module 100 receives the User Key input by the client computer 3 and calls the stored in the database. After the corresponding Table Key, the user of the client computer 3 performs the data operation on the view with the same name as the original table name, and the processing module 105 performs the same operation in the database 11 corresponding to the data operation on the view. Data operation.

步驟S104,所述解密模組104解密資料庫11中的敏感資料。所述解密過程將在圖5中詳細介紹。In step S104, the decryption module 104 decrypts the sensitive data in the database 11. The decryption process will be described in detail in FIG.

在解密過程中,首先接收模組100需要接收用戶端電腦3的用戶端密鑰User Key,並調用存儲在資料庫11中對應的Table Key,解密模組104即可對相關敏感資料進行解密。In the decryption process, first, the receiving module 100 needs to receive the user key User Key of the client computer 3, and calls the corresponding Table Key stored in the database 11, and the decryption module 104 can decrypt the relevant sensitive data.

如圖4所示,係為本發明資料庫資料管理方法較佳實施例之加密子流程圖。As shown in FIG. 4, it is a cipher sub-flow diagram of a preferred embodiment of the data management method of the present invention.

步驟S1030,所述加密模組103從ALL_TABLES中取得需加密欄位的資料類型,並根據不同的資料類型調用相應的處理方法,所述需加密欄位為敏感資料所在欄位,所述ALL_TABLES是資料庫11中所有表的一個集合,所述處理方法指對應不同的資料類型的不同的加密處理方法,如資料類型為字元或數值類型,則其所對應的加密處理方法不同。In step S1030, the encryption module 103 obtains the data type of the field to be encrypted from the ALL_TABLES, and invokes a corresponding processing method according to different data types. The required encryption field is a field in which the sensitive data is located, and the ALL_TABLES is A set of all the tables in the database 11, the processing method refers to different encryption processing methods corresponding to different data types. If the data type is a character or a numeric type, the corresponding encryption processing method is different.

步驟S1031,所述加密模組103從資料庫11的資料字典中取得需加密欄位的相關資訊,並移除需加密欄位上的相關約束,所述相關資訊如預設值等,所述資料字典中存儲著需加密欄位的相關屬性資訊,如預設值、相關約束等,所述相關約束指需加密欄位上的約束條件,如欄位為性別時,則其約束條件為只能輸入“男”或“女”。Step S1031, the encryption module 103 obtains related information of the field to be encrypted from the data dictionary of the database 11, and removes related constraints on the field to be encrypted, such as a preset value, etc. The data dictionary stores related attribute information of the field to be encrypted, such as a preset value, a related constraint, etc., and the related constraint refers to a constraint condition on the field to be encrypted. If the field is gender, the constraint condition is only Can enter "male" or "female".

步驟S1032,所述加密模組103在需加密欄位所在表中添加臨時欄位,並將需加密欄位中資料複製至臨時欄位中。In step S1032, the encryption module 103 adds a temporary field in the table where the field to be encrypted, and copies the data in the field to be copied into the temporary field.

步驟S1033,所述加密模組103將需加密欄位清空,並將需加密欄位中資料類型轉變為RAW類型。In step S1033, the encryption module 103 clears the field to be encrypted, and converts the data type in the field to be RAW into a RAW type.

步驟S1034,所述加密模組103將臨時欄位中資料進行加密,並將加密後資料複製至需加密欄位中,所述加密為利用主機1中安全管理員所產生的Master Key作為密鑰,採取加密演算法對臨時欄位中資料進行加密,所述加密演算法為AES256、AES、3DES-2KEY三種加密演算法之一。In step S1034, the encryption module 103 encrypts the data in the temporary field, and copies the encrypted data into the field to be encrypted. The encryption is performed by using the master key generated by the security administrator in the host 1 as a key. The encryption algorithm is used to encrypt the data in the temporary field, and the encryption algorithm is one of three encryption algorithms: AES256, AES, and 3DES-2KEY.

步驟S1035,所述加密模組103記錄加密的相關資訊至一個記錄表中,並刪除臨時欄位,所述記錄表中包括需加密欄位資料類型、需加密欄位上的相關約束、從資料字典中取得需加密欄位的相關資訊以及採取的加密演算法。Step S1035, the encryption module 103 records the encrypted related information into a record table, and deletes the temporary field, where the record table includes the type of the data field to be encrypted, the relevant constraint on the field to be encrypted, and the data. The dictionary obtains information about the fields to be encrypted and the encryption algorithm taken.

如圖5所示,係為本發明資料庫資料管理方法較佳實施例之解密子流程圖。As shown in FIG. 5, it is a decryption sub-flow chart of a preferred embodiment of the database material management method of the present invention.

步驟S1040,所述解密模組104從所述記錄表上取得需解密欄位資料,並在需解密欄位所在表中添加RAW類型臨時欄位,所述需解密欄位為敏感資料所在欄位。In step S1040, the decryption module 104 obtains the field to be decrypted from the record table, and adds a RAW type temporary field in the table where the field needs to be decrypted, and the field to be decrypted is the field where the sensitive data is located. .

步驟S1041,所述解密模組104將需解密欄位複製至臨時欄位,並將需解密欄位清空。In step S1041, the decryption module 104 copies the field to be decrypted to the temporary field, and clears the field to be decrypted.

步驟S1042,所述解密模組104將需解密欄位資料類型轉換為原資料類型。所述原資料類型由所述記錄表上得到。In step S1042, the decryption module 104 converts the type of the data to be decrypted into the original data type. The original data type is obtained from the record table.

步驟S1043,所述解密模組104將臨時欄位資料進行解密,並將解密後資料複製至需解密欄位,所述解密為由所述記錄表上得到需解密欄位的加密演算法,並利用主機1中安全管理員所產生的Master Key做為密鑰,採取相關解密演算法進行逆向解密。Step S1043, the decryption module 104 decrypts the temporary field data, and copies the decrypted data to the field to be decrypted, and the decryption is an encryption algorithm obtained by the record table to obtain a field to be decrypted, and The master key generated by the security administrator in the host 1 is used as a key, and the relevant decryption algorithm is used for reverse decryption.

步驟S1044,所述解密模組104恢復需解密欄位的預設值及欄位約束。所述需解密欄位的預設值及欄位約束由所述記錄表上得到。In step S1044, the decryption module 104 restores the preset value and the field constraint of the field to be decrypted. The preset value and the field constraint of the field to be decrypted are obtained from the record table.

步驟S1045,所述解密模組104將加密相關資訊從所述記錄表上移除,並刪除臨時欄位。In step S1045, the decryption module 104 removes the encryption related information from the record table, and deletes the temporary field.

綜上所述,本發明符合發明專利要件,爰依法提出專利申請。惟,以上所述者僅爲本發明之較佳實施例,本發明之範圍並不以上述實施例爲限,舉凡熟悉本案技藝之人士援依本發明之精神所作之等效修飾或變化,皆應涵蓋於以下申請專利範圍內。In summary, the present invention complies with the requirements of the invention patent and submits a patent application according to law. The above is only the preferred embodiment of the present invention, and the scope of the present invention is not limited to the above-described embodiments, and equivalent modifications or variations made by those skilled in the art in light of the spirit of the present invention are It should be covered by the following patent application.

1...主機1. . . Host

10...資料庫資料管理系統10. . . Database data management system

11...資料庫11. . . database

2...網路2. . . network

3...用戶端電腦3. . . Client computer

100...接收模組100. . . Receiving module

101...驗證模組101. . . Verification module

102...選擇模組102. . . Selection module

103...加密模組103. . . Cryptographic module

104...解密模組104. . . Decryption module

105...處理模組105. . . Processing module

S100...接收用戶端電腦對主機中資料庫的訪問需求S100. . . Receiving access requirements of the client computer to the database in the host

S101...驗證用戶端電腦的許可權,判斷用戶端電腦是否有訪問許可權S101. . . Verify the permissions of the client computer and determine if the client computer has access permissions.

S102...加密資料庫的資料還是解密資料庫的資料S102. . . Encrypt data in the database or decrypt the data in the database

S103...加密資料庫中的敏感資料S103. . . Encrypt sensitive data in the database

S104...解密資料庫中的敏感資料S104. . . Decrypt sensitive data in the database

S105...接收用戶端電腦對資料庫的資料操作,並對應在資料庫中進行相同的資料操作S105. . . Receiving data operations of the client computer on the database, and performing the same data operation in the database

圖1係為本發明資料庫資料管理系統較佳實施例之架構圖。1 is a block diagram of a preferred embodiment of a database material management system of the present invention.

圖2係為本發明資料庫資料管理系統較佳實施例之功能模組圖。2 is a functional block diagram of a preferred embodiment of the database material management system of the present invention.

圖3係為本發明資料庫資料管理方法較佳實施例之流程圖。3 is a flow chart of a preferred embodiment of a database management method of the present invention.

圖4係為本發明資料庫資料管理方法較佳實施例之加密子流程圖。4 is a cipher sub-flow diagram of a preferred embodiment of the data repository management method of the present invention.

圖5係為本發明資料庫資料管理方法較佳實施例之解密子流程圖。FIG. 5 is a flowchart of a decryption subroutine of a preferred embodiment of the data management method of the database of the present invention.

S100...接收用戶端電腦對主機中資料庫的訪問需求S100. . . Receiving access requirements of the client computer to the database in the host

S101...驗證用戶端電腦的許可權,判斷用戶端電腦是否有訪問許可權S101. . . Verify the permissions of the client computer and determine if the client computer has access permissions.

S102...加密資料庫的資料還是解密資料庫的資料S102. . . Encrypt data in the database or decrypt the data in the database

S103...加密資料庫中的敏感資料S103. . . Encrypt sensitive data in the database

S104...解密資料庫中的敏感資料S104. . . Decrypt sensitive data in the database

S105...接收用戶端電腦對資料庫的資料操作,並對應在資料庫中進行相同的資料操作S105. . . Receiving data operations of the client computer on the database, and performing the same data operation in the database

Claims (10)

一種資料庫資料管理方法,其中,該方法包括步驟:
接收步驟:接收用戶端電腦對主機中資料庫的訪問需求,所述用戶端電腦通過網路連接至主機;
驗證步驟:驗證用戶端電腦的許可權,判斷用戶端電腦是否有訪問許可權,當用戶端電腦有訪問許可權時,則執行選擇步驟,否則,直接結束流程,驗證過程中對用戶端電腦的電腦名稱、IP位址及用戶端密鑰進行驗證;
選擇步驟:選擇用戶端電腦對主機的訪問需求,當用戶端電腦需要加密資料庫的資料時,則執行加密步驟,當用戶端電腦需要解密資料庫的資料時,則執行解密步驟;
加密步驟:加密資料庫中的敏感資料;
處理步驟:接收用戶端電腦對資料庫的資料操作,並對應在資料庫中進行相同的資料操作,所述對資料庫的資料操作為對資料庫中的資料進行增加、刪除、修改、查詢的操作;
解密步驟:解密資料庫中的敏感資料。A database data management method, wherein the method comprises the steps of:
Receiving step: receiving the access requirement of the client computer to the database in the host, the client computer connecting to the host through the network;
Verification step: verify the permission of the client computer, determine whether the client computer has access permission, and when the client computer has access permission, perform the selection step; otherwise, directly terminate the process, and verify the process to the client computer. Verify the computer name, IP address and client key;
Selection step: selecting the access requirement of the host computer to the host. When the client computer needs to encrypt the data of the database, the encryption step is performed. When the user computer needs to decrypt the data of the database, the decryption step is performed;
Encryption step: encrypt sensitive data in the database;
Processing step: receiving the data operation of the database by the client computer, and performing the same data operation in the database, wherein the data operation of the database is to add, delete, modify, and query the data in the database. operating;
Decryption step: Decrypt sensitive data in the database. 如申請專利範圍第1項所述之資料庫資料管理方法,其中,所述加密步驟包括:
從ALL_TABLES中取得需加密欄位的資料類型,並根據不同的資料類型調用相應的處理方法,所述需加密欄位為敏感資料所在欄位,所述ALL_TABLES是資料庫中所有表的一個集合;
從資料庫的資料字典中取得需加密欄位的屬性資訊,並移除需加密欄位上的約束條件;
在需加密欄位所在表中添加臨時欄位,並將需加密欄位中資料複製至臨時欄位中;
將需加密欄位清空,並將需加密欄位中資料類型轉變為RAW類型;
將臨時欄位中資料進行加密,並將加密後資料複製至需加密欄位中,所述加密為利用主機所產生的主密鑰,採取加密演算法對臨時欄位中資料進行加密,所述主密鑰是安全管理員所產生的,用於加密及解密資料庫中的敏感資料的密鑰,所述安全管理員為資料庫中的用戶;
記錄加密的相關資訊至一個記錄表中,並刪除臨時欄位,所述記錄表中包括需加密欄位資料類型、需加密欄位上的約束條件、從資料字典中取得需加密欄位的屬性資訊以及採取的加密演算法。The method for managing data in a database according to claim 1, wherein the encrypting step comprises:
Obtaining the data type of the field to be encrypted from ALL_TABLES, and calling the corresponding processing method according to different data types, wherein the required encryption field is a field in which the sensitive data is located, and the ALL_TABLES is a collection of all the tables in the database;
Obtain the attribute information of the field to be encrypted from the data dictionary of the database, and remove the constraint on the field to be encrypted;
Add a temporary field in the table where the encrypted field is to be added, and copy the data in the encrypted field to the temporary field;
Clear the field to be encrypted and convert the data type in the encrypted field to RAW type;
Encrypting the data in the temporary field, and copying the encrypted data into the field to be encrypted, the encryption is to use the master key generated by the host, and the encryption algorithm is used to encrypt the data in the temporary field. The master key is a key generated by the security administrator for encrypting and decrypting sensitive data in the database, and the security administrator is a user in the database;
Recording the encrypted related information into a record table, and deleting the temporary field, the record table includes the type of the data field to be encrypted, the constraint on the field to be encrypted, and the attribute to be encrypted from the data dictionary. Information and the encryption algorithm taken. 如申請專利範圍第2項所述之資料庫資料管理方法,其中,所述加密步驟還包括:
在資料庫中產生一張和原表名名字相同的視圖,供用戶端電腦的用戶進行資料操作。The method for managing data in a database according to the second aspect of the invention, wherein the encrypting step further comprises:
A view with the same name as the original table name is generated in the database for the user of the user computer to perform data operations. 如申請專利範圍第1項所述之資料庫資料管理方法,其中,所述解密步驟包括:
從所述記錄表上取得需解密欄位資料,並在需解密欄位所在表中添加RAW類型臨時欄位,所述需解密欄位為敏感資料所在欄位;
將需解密欄位複製至臨時欄位,並將需解密欄位清空;
將需解密欄位資料類型轉換為原資料類型,所述原資料類型由所述記錄表上得到;
將臨時欄位資料進行解密,並將解密後資料複製至需解密欄位,所述解密為由所述記錄表上得到需解密欄位的加密演算法,並利用所述主密鑰,採取相關解密演算法進行逆向解密;
恢復需解密欄位的預設值及欄位約束條件,所述需解密欄位的預設值及欄位約束條件由所述記錄表上得到;
將加密相關資訊從所述記錄表上移除,並刪除臨時欄位。The method for managing data in a database according to claim 1, wherein the decrypting step comprises:
Obtaining the field information to be decrypted from the record table, and adding a RAW type temporary field in the table where the field to be decrypted is located, where the decrypted field is a field in which the sensitive data is located;
Copy the field to be decrypted to the temporary field and clear the field to be decrypted;
Converting the need to decrypt the field data type to the original data type, the original data type being obtained from the record table;
Decrypting the temporary field data, and copying the decrypted data to the field to be decrypted, the decryption is an encryption algorithm obtained by the record table to decrypt the field, and using the master key to take relevant Decryption algorithm for reverse decryption;
Restoring a preset value and a field constraint condition for decrypting the field, and the preset value and the field constraint condition of the field to be decrypted are obtained from the record table;
The encryption related information is removed from the record table and the temporary field is deleted. 如申請專利範圍第1項所述之資料庫資料管理方法,其中,在要進行解密步驟或處理步驟之前還包括:
接收用戶端電腦用戶輸入的用戶端密鑰,並調用儲存於資料庫中對應該用戶端密鑰的Table Key,所述Table Key為利用用戶端密鑰對主密鑰進行MD5不可逆加密所產生的密鑰。The method for managing data in the database according to claim 1, wherein before the decrypting step or the processing step, the method further comprises:
Receiving the client key input by the user of the user computer, and calling the Table Key corresponding to the client key stored in the database, wherein the Table Key is generated by using the client key to perform MD5 irreversible encryption on the master key. Key. 一種資料庫資料管理系統,其中,該系統包括:
接收模組,用於接收用戶端電腦對主機中資料庫的訪問需求,所述用戶端電腦通過網路連接至主機;
驗證模組,用於驗證用戶端電腦的許可權,判斷用戶端電腦是否有訪問許可權,驗證過程中對用戶端電腦的電腦名稱、IP位址及用戶端密鑰進行驗證;
選擇模組,用於當用戶端電腦有訪問許可權時,選擇用戶端電腦對主機的訪問需求,判斷用戶端電腦是需要加密資料庫的資料,還是需要解密資料庫的資料;
加密模組,用於當用戶端電腦需要加密資料庫的資料時,加密資料庫中的敏感資料;
處理模組,用於接收用戶端電腦對資料庫的資料操作,並對應在資料庫中進行相同的資料操作,所述對資料庫的資料操作為對資料庫中的資料進行增加、刪除、修改、查詢的操作;
解密模組,用於當用戶端電腦需要解密資料庫的資料時,解密資料庫中的敏感資料。A database material management system, wherein the system comprises:
a receiving module, configured to receive a user terminal computer to access a database in the host, and the client computer is connected to the host through a network;
The verification module is used to verify the permission of the client computer, determine whether the client computer has the access permission, and verify the computer name, IP address and client key of the client computer during the verification process;
The selection module is configured to select the access requirement of the client computer to the host when the client computer has the access permission, determine whether the client computer needs to encrypt the data of the database, or need to decrypt the data of the database;
The encryption module is configured to encrypt sensitive data in the database when the client computer needs to encrypt the data of the database;
The processing module is configured to receive data operations of the user computer on the database, and perform the same data operation in the database, wherein the data operation of the database is to add, delete, and modify data in the database. , the operation of the query;
The decryption module is configured to decrypt sensitive data in the database when the client computer needs to decrypt the data of the database. 如申請專利範圍第6項所述之資料庫資料管理系統,其中,所述加密模組加密資料庫中的敏感資料包括:
從ALL_TABLES中取得需加密欄位的資料類型,並根據不同的資料類型調用相應的處理方法,所述需加密欄位為敏感資料所在欄位,所述ALL_TABLES是資料庫中所有表的一個集合;
從資料庫的資料字典中取得需加密欄位的屬性資訊,並移除需加密欄位上的約束條件;
在需加密欄位所在表中添加臨時欄位,並將需加密欄位中資料複製至臨時欄位中;
將需加密欄位清空,並將需加密欄位中資料類型轉變為RAW類型;
將臨時欄位中資料進行加密,並將加密後資料複製至需加密欄位中,所述加密為利用主機所產生的主密鑰,採取加密演算法對臨時欄位中資料進行加密,所述主密鑰是安全管理員所產生的,用於加密及解密資料庫中的敏感資料的密鑰,所述安全管理員為資料庫中的用戶;
記錄加密的相關資訊至一個記錄表中,並刪除臨時欄位,所述記錄表中包括需加密欄位資料類型、需加密欄位上的約束條件、從資料字典中取得需加密欄位的屬性資訊以及採取的加密演算法。The database management system of claim 6, wherein the encryption module encrypts the sensitive data in the database comprises:
Obtaining the data type of the field to be encrypted from ALL_TABLES, and calling the corresponding processing method according to different data types, wherein the required encryption field is a field in which the sensitive data is located, and the ALL_TABLES is a collection of all the tables in the database;
Obtain the attribute information of the field to be encrypted from the data dictionary of the database, and remove the constraint on the field to be encrypted;
Add a temporary field in the table where the encrypted field is to be added, and copy the data in the encrypted field to the temporary field;
Clear the field to be encrypted and convert the data type in the encrypted field to RAW type;
Encrypting the data in the temporary field, and copying the encrypted data into the field to be encrypted, the encryption is to use the master key generated by the host, and the encryption algorithm is used to encrypt the data in the temporary field. The master key is a key generated by the security administrator for encrypting and decrypting sensitive data in the database, and the security administrator is a user in the database;
Recording the encrypted related information into a record table, and deleting the temporary field, the record table includes the type of the data field to be encrypted, the constraint on the field to be encrypted, and the attribute to be encrypted from the data dictionary. Information and the encryption algorithm taken. 如申請專利範圍第7項所述之資料庫資料管理系統,其中,所述加密模組還用於:
在資料庫中產生一張和原表名名字相同的視圖,供用戶端電腦的用戶進行操作。The database management system of claim 7, wherein the encryption module is further configured to:
A view with the same name as the original table name is generated in the database for the user of the client computer to operate. 如申請專利範圍第6項所述之資料庫資料管理系統,其中,所述解密模組解密資料庫中的敏感資料包括:
從所述記錄表上取得需解密欄位資料,並在需解密欄位所在表中添加RAW類型臨時欄位,所述需解密欄位為敏感資料所在欄位;
將需解密欄位複製至臨時欄位,並將需解密欄位清空;
將需解密欄位資料類型轉換為原資料類型,所述原資料類型由所述記錄表上得到;
將臨時欄位資料進行解密,並將解密後資料複製至需解密欄位,所述解密為由所述記錄表上得到需解密欄位的加密演算法,並利用所述主密鑰,採取相關解密演算法進行逆向解密;
恢復需解密欄位的預設值及欄位約束條件,所述需解密欄位的預設值及欄位約束條件由所述記錄表上得到;
將加密相關資訊從所述記錄表上移除,並刪除臨時欄位。The database management system of claim 6, wherein the decryption module decrypts the sensitive data in the database includes:
Obtaining the field information to be decrypted from the record table, and adding a RAW type temporary field in the table where the field to be decrypted is located, where the decrypted field is a field in which the sensitive data is located;
Copy the field to be decrypted to the temporary field and clear the field to be decrypted;
Converting the need to decrypt the field data type to the original data type, the original data type being obtained from the record table;
Decrypting the temporary field data, and copying the decrypted data to the field to be decrypted, the decryption is an encryption algorithm obtained by the record table to decrypt the field, and using the master key to take relevant Decryption algorithm for reverse decryption;
Restoring a preset value and a field constraint condition for decrypting the field, and the preset value and the field constraint condition of the field to be decrypted are obtained from the record table;
The encryption related information is removed from the record table and the temporary field is deleted. 如申請專利範圍第6項所述之資料庫資料管理系統,其中,所述接收模組還用於:
當處理模組需要進行資料操作或解密模組需要解密時,接收用戶端電腦用戶輸入的用戶端密鑰,並調用儲存於資料庫中對應該用戶端密鑰的Table Key,所述Table Key為利用用戶端密鑰對主密鑰進行MD5不可逆加密所產生的密鑰。The database management system of claim 6, wherein the receiving module is further configured to:
When the processing module needs to perform data operation or the decryption module needs to be decrypted, the user terminal key input by the user computer is received, and the Table Key corresponding to the user key stored in the database is called, and the Table Key is The key generated by MD5 irreversible encryption of the master key using the client key.
TW100122980A 2011-06-23 2011-06-30 Database data management method and system TW201301077A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011101710860A CN102841902A (en) 2011-06-23 2011-06-23 Database data management method and system

Publications (1)

Publication Number Publication Date
TW201301077A true TW201301077A (en) 2013-01-01

Family

ID=47369275

Family Applications (1)

Application Number Title Priority Date Filing Date
TW100122980A TW201301077A (en) 2011-06-23 2011-06-30 Database data management method and system

Country Status (2)

Country Link
CN (1) CN102841902A (en)
TW (1) TW201301077A (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104601325B (en) * 2013-10-31 2018-03-16 华为技术有限公司 Data ciphering method, data decryption method, device, equipment and system
CN108270735A (en) * 2016-12-31 2018-07-10 中国移动通信集团陕西有限公司 A kind of data leakage prevention method and equipment
CN108809906B (en) * 2017-05-03 2020-07-07 腾讯科技(深圳)有限公司 Data processing method, system and device
CN108108633B (en) * 2017-12-20 2021-07-13 中国科学院深圳先进技术研究院 A kind of data file and its access method, device and equipment
WO2019119304A1 (en) * 2017-12-20 2019-06-27 中国科学院深圳先进技术研究院 Data file, and access method, device and equipment therefor
CN108540645B (en) * 2018-03-12 2021-01-08 维沃移动通信有限公司 Mobile terminal operation method and mobile terminal
CN109697370A (en) * 2018-09-30 2019-04-30 深圳财富农场互联网金融服务有限公司 Database data encipher-decipher method, device, computer equipment and storage medium
CN111931239A (en) * 2020-09-21 2020-11-13 安徽长泰信息安全服务有限公司 A data leakage prevention system for database security protection
CN113378225A (en) * 2021-06-24 2021-09-10 平安普惠企业管理有限公司 Online sensitive data acquisition method and device, electronic equipment and storage medium
CN116484396B (en) * 2023-03-13 2023-10-31 数影星球(杭州)科技有限公司 Method and system for encrypting clipboard content based on browser
CN116366243B (en) * 2023-03-28 2025-07-25 加客云科技(河北)有限公司 Data transmission and encryption method and system for digital collaborative office

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101127108B (en) * 2006-08-15 2014-11-05 阿里巴巴集团控股有限公司 Method for accessing a information source via a computer system
CN101373507A (en) * 2007-08-24 2009-02-25 英业达股份有限公司 Data management method and data management system using same
CN101504706B (en) * 2009-03-03 2011-05-11 中国科学院软件研究所 Database information encryption method and system
CN101561815B (en) * 2009-05-19 2010-10-13 华中科技大学 Distributed Ciphertext Full-text Retrieval System

Also Published As

Publication number Publication date
CN102841902A (en) 2012-12-26

Similar Documents

Publication Publication Date Title
TW201301077A (en) Database data management method and system
EP2430789B1 (en) Protection of encryption keys in a database
EP3298532B1 (en) Encryption and decryption system and method
EP4068130B1 (en) Data sharing system, data sharing method, and data sharing program
CN102236766B (en) Security data item level database encryption system
US8375224B2 (en) Data masking with an encrypted seed
TWI532355B (en) Trustworthy extensible markup language for trustworthy computing and data services
US20100095118A1 (en) Cryptographic key management system facilitating secure access of data portions to corresponding groups of users
US20100325732A1 (en) Managing Keys for Encrypted Shared Documents
WO2017023385A2 (en) Secure searchable and shareable remote storage system and method
JP2013511103A (en) Non-container data for trusted computing and data services
JP2013513889A (en) Confirmable trust for data through the wrapper complex
EP3949252A1 (en) Cryptographic systems
JP5511925B2 (en) Encryption device with access right, encryption system with access right, encryption method with access right, and encryption program with access right
WO2018080857A1 (en) Systems and methods for creating, storing, and analyzing secure data
Alomari et al. SecloudDB: A unified API for secure SQL and NoSQL cloud databases
US20250202683A1 (en) Data protection using pseudonymization and anonymization
TWI823673B (en) A password encryption management system
Wu et al. A New User-controlled and Efficient Encrypted Data Sharing Model in Cloud Storage
Rady et al. SCIQ-CD: A Secure Scheme to Provide Confidentiality and Integrity of Query results for Cloud Databases
Lodha et al. Web Database Security Algorithms
Singh et al. Enforcing Database Security using Encryption and Secure Database Catalog
Schemes Impact of Big Data on Security
Sumaneev et al. Solution For Cloud Databases’ Privacy Issue
Mahendar et al. MUTUAL TRUST TO PROVIDE DATA SECURITY IN CLOUD COMPUTING AND OUTSOURCED DATABASES