CN102426637A - Method for encrypting and storing embedded database - Google Patents
Method for encrypting and storing embedded database Download PDFInfo
- Publication number
- CN102426637A CN102426637A CN2011103394853A CN201110339485A CN102426637A CN 102426637 A CN102426637 A CN 102426637A CN 2011103394853 A CN2011103394853 A CN 2011103394853A CN 201110339485 A CN201110339485 A CN 201110339485A CN 102426637 A CN102426637 A CN 102426637A
- Authority
- CN
- China
- Prior art keywords
- encryption
- database
- function
- memory module
- mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a method for encrypting and storing an embedded database. The method at least comprises the following steps of: appointing an encrypting and storing mode while initializing the database, and encrypting and decrypting a function by a user when a user-defined encrypting mode is appointed, wherein the encrypting and storing mode comprises a non-encrypting mode, the user-defined encrypting mode and a default encrypting mode. The invention provides a set of complete encrypting and storing scheme to the embedded database. When the user selects to encrypt data, the basic default encrypting mode is provided and an interface for an enhanced and expanded user-defined encrypting and decrypting function is also provided, thereby realizing the multilayer flexible configuration for the encryption and storage.
Description
Technical field
The present invention relates to a kind of encryption expanded storage means that the embedded database storage is encrypted that is applied to, belong to the database storage techniques field.
Background technology
Commonly used embedded database such as SQLite, eXtremDB etc. in the prior art scheme, data file generally with the plaintext stored in form on storage medium.Yet this storage mode exists very big potential safety hazard, and through the ciphered data file in case by unauthorized access or lose accidentally, the safety of data just has no to ensure and can say.
Simultaneously, as far as the embedded database of basic AES storage is arranged, can't satisfy the different requirements of customers that some pays much attention to security sometimes.Therefore, be necessary outside basic AES, the AES that can supply the user to select to use the greater strength of oneself developing to be provided, to realize the flexible switching between basic AES and the User Defined AES.
In the master thesis " safety research of embedded database SQLite " (Kunming University of Science and Technology authorized in 2010) of Liu Lin,, successfully embedded database SQLite has been realized safety practice through research to frequently-used data storehouse security strategy.Through encrypting, make the memory contents of embedded database become ciphertext, thereby can reduce stolen or lose the loss that causes because of storage medium.
Summary of the invention
In order to satisfy the user, and between basic AES and User Defined AES, switch flexibly, the present invention proposes a kind of embedded database and encrypt storage means for the increasingly high encryption memory requirement of embedded database data file.
For realizing above-mentioned goal of the invention, the present invention adopts following technical scheme:
A kind of embedded database is encrypted storage means, comprises following steps at least:
During the initialization data storehouse, specify and encrypt memory module, said encryption memory module comprises not encryption mode, Custom Encryption pattern and acquiescence encryption mode;
When being appointed as said Custom Encryption pattern, by User Defined encryption function and decryption function.
Wherein, when specify to encrypt memory module be said not encryption mode, database was with plaintext stored in form data; When specifying the encryption memory module to be said Custom Encryption pattern or said acquiescence encryption mode, database is with ciphertext stored in form data.
When specify to encrypt memory module be said Custom Encryption pattern, need checking encryption function and decryption function before opening database once more, be by possessing the user-defined of authority and checking is passed through, then database unlatching like this encryption function and decryption function.
The said user who possesses authority is the registered user.
When specify to encrypt memory module be said acquiescence encryption mode, need checking encryption function and decryption function before opening database once more, pass through like this encryption function and deciphering function validates, then database is opened.
Concrete verification method does; When specifying the encryption memory module to be said Custom Encryption pattern or said acquiescence encryption mode; Preserve a standard plaintext and a standard ciphertext in the database; Said standard ciphertext is expressly encrypted the encryption function encryption generation of being adopted in the memory module through specifying by said standard; Open once more before the database, use to specify encrypt memory module to said standard expressly carry out behind the cryptographic operation with database in the said standard ciphertext of preserving compare, the two unanimity is then verified and is passed through.
Use the embedded database among the present invention can expand the encryption storage scheme; Not only can realize the high strength encrypting of data file; And has a dirigibility of selecting AES; Improved embedded database storage safety of data greatly, also be convenient to the user and operate according to concrete encryption requirements.
Description of drawings
Below in conjunction with accompanying drawing and instantiation the present invention is done further detailed description.
Fig. 1 is the encryption and decryption architectural schematic of embedded database among the present invention;
Fig. 2 is the encryption flow figure of embedded database among the present invention.
Embodiment
Encryption and decryption architectural schematic for embedded database among the present invention shown in Figure 1.Comprise memory mirror/buffer zone 100, security module 200, database file district 300 in the database; Difference according to encryption mode; Encryption and decryption function in the security module can be set at acquiescence encryption and decryption function and User Defined encryption and decryption function; Use encryption function to accomplish and encrypt, decryption function is accomplished deciphering.The inspection of encryption and decryption function and the mechanism of giving for change of user key when simultaneously, database can also provide the ciphered data library file that has existed opened.
As shown in Figure 2, be the encryption flow figure of embedded database among the present invention.In this embodiment, embedded database is encrypted storage means and is comprised following steps at least:
Step S10, the initialization data storehouse.
Step S11 specifies encryption mode.During the initialization data storehouse, database can point out the user to specify the encryption memory module, encrypts memory module and comprises not encryption mode, Custom Encryption pattern and acquiescence encryption mode;
Step S12, definition encryption function, decryption function.When the user is appointed as the Custom Encryption pattern, next need be by User Defined encryption function and decryption function.If User Defined encryption function and decryption function, open so once more and need this encryption function of checking and decryption function before the database, be by possessing the user-defined of authority and checking is passed through, then database unlatching like this encryption function and decryption function.Otherwise database can not be opened.
When the user was appointed as not encryption mode, data storage was not encrypted.
When the user was appointed as the acquiescence encryption mode, data storage was encrypted with the mode of system default.
That is to say that under the encryption mode, database is not with plaintext stored in form data; Under Custom Encryption pattern or the acquiescence encryption mode, database is with ciphertext stored in form data.
Step S20 opens database.
When specify encrypting memory module for encryption mode not, the user opens database and need not to verify.
When specifying the encryption memory module for the acquiescence encryption mode, open the encryption function and the decryption function that need verification system to give tacit consent to before the database, pass through like this encryption function and deciphering function validates, then database is opened.
When specifying the encryption memory module to be the Custom Encryption pattern; Opening database needs this encryption function of checking and decryption function and user's authority before; Like this encryption function and decryption function is by possessing the user-defined of authority and verifying and pass through that then database is opened.In this embodiment, the user who possesses authority is the registered user.
The mode of checking encryption function and decryption function can be diversified.For example; In this embodiment; Concrete verification method is: when specifying the encryption memory module to be said Custom Encryption pattern or said acquiescence encryption mode; Preserve a standard plaintext and a standard ciphertext in the database, said standard ciphertext expressly through having specified the encryption function that is adopted in the encryption memory module to encrypt generation, is opened before the database by said standard once more; Use to specify encrypt memory module to said standard expressly carry out behind the cryptographic operation with database in the said standard ciphertext of preserving compare, the two unanimity is then verified and is passed through.
Similarly, can also detect the validity of decryption function.In addition, can also in database file, keep the ciphertext of the user key of current use, it is to use encryption function and company's key of current appointment to carry out that cryptographic operation generates.
In sum, the present invention is that a cover that is applicable to embedded database can be expanded the encryption storage scheme.Specifically, when data base initialize, can specify and not encrypt, give tacit consent to encryption mode and three kinds of patterns of User Defined encryption mode.If be appointed as not encryption mode, then use the clear-text way storing data files.If be appointed as the acquiescence encryption mode, then use the AES data file encryption of acquiescence, with ciphertext stored in form data file.If be appointed as the User Defined encryption mode, then after the initialization, must registered user's Custom Encryption function and decryption function, Database Systems will be used user-defined encryption function data file encryption like this, with ciphertext stored in form data file.Like this, under encryption mode, basic acquiescence encryption mode both was provided, the registration interface of the User Defined encryption and decryption function of enhancing and extended pattern was provided again, thereby realized encrypting the multilayer flexible configuration of storage.
Those skilled in the art should understand that embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of the embodiment of complete hardware embodiment, complete software implementation example or combination software and hardware aspect.And the present invention can be employed in the form that one or more computer-usable storage medium (including but not limited to magnetic disk memory and optical memory etc.) that wherein include computer usable program code go up the computer program of implementing.
More than embedded database provided by the present invention encrypted storage means carried out detailed explanation.To those skilled in the art, any conspicuous change of under the prerequisite that does not deviate from connotation of the present invention, it being done all will constitute to infringement of patent right of the present invention, with corresponding legal responsibilities.
Claims (6)
1. an embedded database is encrypted storage means, it is characterized in that, comprises following steps at least:
During the initialization data storehouse, specify and encrypt memory module, said encryption memory module comprises not encryption mode, Custom Encryption pattern and acquiescence encryption mode;
When being appointed as said Custom Encryption pattern, by User Defined encryption function and decryption function.
2. embedded database as claimed in claim 1 is encrypted storage means, it is characterized in that, when specifying that to encrypt memory module be said not encryption mode, database is with plaintext stored in form data; When specifying the encryption memory module to be said Custom Encryption pattern or said acquiescence encryption mode, database is with ciphertext stored in form data.
3. embedded database as claimed in claim 1 is encrypted storage means; It is characterized in that; When specify to encrypt memory module be said Custom Encryption pattern; Needing checking encryption function and decryption function before opening database once more, is by possessing the user-defined of authority and verifying and pass through that then database is opened like this encryption function and decryption function.
4. embedded database as claimed in claim 3 is encrypted storage means, it is characterized in that the said user who possesses authority is the registered user.
5. embedded database as claimed in claim 1 is encrypted storage means; It is characterized in that; When specify to encrypt memory module be said acquiescence encryption mode; Need checking encryption function and decryption function before opening database once more, pass through like this encryption function and deciphering function validates, then database is opened.
6. encrypt storage means like claim 3 or 5 described embedded databases; It is characterized in that; Verification method is: when specifying the encryption memory module to be said Custom Encryption pattern or said acquiescence encryption mode; Preserve a standard plaintext and a standard ciphertext in the database, said standard ciphertext expressly through having specified the encryption function that is adopted in the encryption memory module to encrypt generation, is opened before the database by said standard once more; Use to specify encrypt memory module to said standard expressly carry out behind the cryptographic operation with database in the said standard ciphertext of preserving compare, the two unanimity is then verified and is passed through.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110339485.3A CN102426637B (en) | 2011-11-01 | 2011-11-01 | A kind of embedded database cryptographic storage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110339485.3A CN102426637B (en) | 2011-11-01 | 2011-11-01 | A kind of embedded database cryptographic storage method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102426637A true CN102426637A (en) | 2012-04-25 |
| CN102426637B CN102426637B (en) | 2016-04-13 |
Family
ID=45960616
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110339485.3A Active CN102426637B (en) | 2011-11-01 | 2011-11-01 | A kind of embedded database cryptographic storage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102426637B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103106372A (en) * | 2013-01-17 | 2013-05-15 | 上海交通大学 | Lightweight class privacy data encryption method and system for Android system |
| CN104679816A (en) * | 2014-12-17 | 2015-06-03 | 北京可思云海科技有限公司 | Application method of SQLITE database in embedded system |
| WO2015154469A1 (en) * | 2014-09-09 | 2015-10-15 | 中兴通讯股份有限公司 | Database operation method and device |
| CN105574429A (en) * | 2015-11-30 | 2016-05-11 | 东莞酷派软件技术有限公司 | File data encryption and decryption method and device and terminal |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1501263A (en) * | 2002-11-13 | 2004-06-02 | �������ʿƿƼ�����˾ | Method of actualizing safety data storage and algorithm storage in virtue of semiconductor memory device |
| US20050228836A1 (en) * | 2004-04-08 | 2005-10-13 | Bacastow Steven V | Apparatus and method for backing up computer files |
| CN101782910A (en) * | 2009-01-15 | 2010-07-21 | 盛冠商务咨询(上海)有限公司 | SQLite visual management method |
-
2011
- 2011-11-01 CN CN201110339485.3A patent/CN102426637B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1501263A (en) * | 2002-11-13 | 2004-06-02 | �������ʿƿƼ�����˾ | Method of actualizing safety data storage and algorithm storage in virtue of semiconductor memory device |
| US20050228836A1 (en) * | 2004-04-08 | 2005-10-13 | Bacastow Steven V | Apparatus and method for backing up computer files |
| CN101782910A (en) * | 2009-01-15 | 2010-07-21 | 盛冠商务咨询(上海)有限公司 | SQLite visual management method |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103106372A (en) * | 2013-01-17 | 2013-05-15 | 上海交通大学 | Lightweight class privacy data encryption method and system for Android system |
| CN103106372B (en) * | 2013-01-17 | 2015-10-28 | 上海交通大学 | For lightweight privacy data encryption method and the system of android system |
| WO2015154469A1 (en) * | 2014-09-09 | 2015-10-15 | 中兴通讯股份有限公司 | Database operation method and device |
| CN105389319A (en) * | 2014-09-09 | 2016-03-09 | 中兴通讯股份有限公司 | Database operation method and device |
| CN104679816A (en) * | 2014-12-17 | 2015-06-03 | 北京可思云海科技有限公司 | Application method of SQLITE database in embedded system |
| CN104679816B (en) * | 2014-12-17 | 2018-02-06 | 上海彩亿信息技术有限公司 | A kind of SQLITE database application methods under embedded system |
| CN105574429A (en) * | 2015-11-30 | 2016-05-11 | 东莞酷派软件技术有限公司 | File data encryption and decryption method and device and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102426637B (en) | 2016-04-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210294879A1 (en) | Securing executable code integrity using auto-derivative key | |
| CN101821746B (en) | Device and method for backup of rights objects | |
| CN100446018C (en) | Secure information storage method and information security apparatus thereof | |
| CN104025500A (en) | Secure key storage using physically unclonable functions | |
| CN103067170B (en) | encrypting method based on EXT2 file system | |
| GB2388680A (en) | Method and apparatus for encrypting data | |
| EP2264640B1 (en) | Feature specific keys for executable code | |
| CN102084313A (en) | Systems and method for data security | |
| CN102347834A (en) | Trusted mobile platform architecture | |
| CN103294969B (en) | File system mounted method and device | |
| CN104573549A (en) | Credible method and system for protecting confidentiality of database | |
| CN106533663B (en) | Data ciphering method, encryption method, apparatus and data decryption method, decryption method, apparatus | |
| US20100031045A1 (en) | Methods and system and computer medium for loading a set of keys | |
| CN107508801A (en) | A kind of file tamper-proof method and device | |
| CN102236756A (en) | File encryption method based on TCM (trusted cryptography module) and USBkey | |
| CN103914662A (en) | Access control method and device of file encrypting system on the basis of partitions | |
| CN103971034A (en) | Method and device for protecting Java software | |
| CN103929312A (en) | Mobile terminal and method and system for protecting individual information of mobile terminal | |
| CN102426637A (en) | Method for encrypting and storing embedded database | |
| CN101174941B (en) | Off-line digital copyright protection method and device for mobile terminal document | |
| CN103379483A (en) | Method, device and mobile terminal for mobile terminal information security management | |
| EP3314807B1 (en) | Secure programming of secret data | |
| Schleiffer et al. | Secure key management-a key feature for modern vehicle electronics | |
| CN102811124A (en) | System validation method based on two-card three-password technique | |
| CN100596058C (en) | System and method for managing credible calculating platform key authorization data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |