[go: up one dir, main page]

CN119377987A - Key updating method, device, equipment and storage medium for fully secret database - Google Patents

Key updating method, device, equipment and storage medium for fully secret database Download PDF

Info

Publication number
CN119377987A
CN119377987A CN202411476709.9A CN202411476709A CN119377987A CN 119377987 A CN119377987 A CN 119377987A CN 202411476709 A CN202411476709 A CN 202411476709A CN 119377987 A CN119377987 A CN 119377987A
Authority
CN
China
Prior art keywords
key
target
client
ciphertext
column
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411476709.9A
Other languages
Chinese (zh)
Inventor
秦凯莉
陈琦
宁亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Dream Database Co ltd
Original Assignee
Wuhan Dream Database Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Dream Database Co ltd filed Critical Wuhan Dream Database Co ltd
Priority to CN202411476709.9A priority Critical patent/CN119377987A/en
Publication of CN119377987A publication Critical patent/CN119377987A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种全密态数据库的密钥更新方法、装置、设备及存储介质。该方法包括:创建目标客户端主密钥;采用客户端本地存储的初始客户端主密钥解密初始列加密密钥密文,获得列加密密钥明文;采用目标客户端主密钥加密列加密密钥明文,获得目标列加密密钥密文;将目标列加密密钥密文更新到服务器的系统表中,并采用目标客户端主密钥更新客户端本地存储的初始客户端主密钥,实现了对全密态数据库中的客户端主密钥的更新,保障密钥存储设备的安全;并且在客户端主密钥更新过程中,保证了客户端与服务端的密钥一致性,从而保证了密钥的连续可用性。

The present invention discloses a key update method, device, equipment and storage medium for a fully secret database. The method comprises: creating a target client master key; using the initial client master key stored locally on the client to decrypt the initial column encryption key ciphertext to obtain the column encryption key plaintext; using the target client master key to encrypt the column encryption key plaintext to obtain the target column encryption key ciphertext; updating the target column encryption key ciphertext to the system table of the server, and using the target client master key to update the initial client master key stored locally on the client, thereby realizing the update of the client master key in the fully secret database and ensuring the security of the key storage device; and in the process of updating the client master key, ensuring the key consistency between the client and the server, thereby ensuring the continuous availability of the key.

Description

Secret key updating method, device, equipment and storage medium of full-secret database
Technical Field
The present invention relates to the field of database technologies, and in particular, to a method, an apparatus, a device, and a storage medium for updating a secret key of a full-secret database.
Background
The full-secret state database is a database system specially processing ciphertext data, and aims to solve the problem of privacy protection of the full life cycle of data. For the encryption mode of the traditional database, the encryption mode of the traditional database needs to be decrypted to the plaintext for inquiring when the conditional inquiry is carried out. For a full-secret database, all data inquiry does not need decryption, and the private data always exists in the form of ciphertext in a database server.
In a full-secret database, two encryption keys are involved in implementing full-secret encryption, a client master key (Customer MASTER KEY, CMK) and a column encryption key (Column Encryption Key, CEK). The client master key CMK is used to encrypt a column encryption key CEK, one CMK may be used to encrypt one or more CEKs, the column encryption key CEK is used to encrypt column data, and one CEK may be used to encrypt one or more rows of column data. The CMK is stored in the client in the form of a file, and CEK ciphertext encrypted by the CMK is stored in the server.
In the life cycle of the key, the security of the key may decrease over time, so that updating the key in the full-secret database is required while ensuring continuous availability of the key.
Disclosure of Invention
The invention provides a method, a device, equipment and a storage medium for updating a secret key of a full-secret database, which realize the updating of the secret key in the full-secret database, ensure the consistency of the secret keys of a client and a server and ensure the continuous availability of the secret keys in the updating process.
According to an aspect of the present invention, there is provided a key updating method of an all-secret database, including:
Creating a target client master key;
decrypting the initial column encryption key ciphertext by adopting an initial client master key locally stored by a client to obtain a column encryption key plaintext;
encrypting the column encryption key plaintext by adopting the target client master key to obtain a target column encryption key ciphertext;
And updating the target column encryption key ciphertext into a system table of a server, and updating the initial client master key locally stored by the client by adopting the target client master key.
According to another aspect of the present invention, there is provided a method for updating a key of an all-secret database, including:
Creating a target column encryption key plaintext;
Encrypting the target column encryption key plaintext by using the acquired client side master key to acquire a target column encryption key ciphertext, and updating the target column encryption key ciphertext into a system table of a server;
Acquiring an initial data column ciphertext encrypted by adopting an initial column encryption key ciphertext from a database;
decrypting the initial data column ciphertext by adopting the initial column encryption key ciphertext to obtain a data column plaintext, and encrypting the data column plaintext by adopting a target column encryption key ciphertext to obtain a target data column ciphertext;
and writing the target data column ciphertext into the database.
According to another aspect of the present invention, there is provided a key updating apparatus of an all-secret database, including:
The creation module is used for creating a target client master key;
the decryption module is used for decrypting the initial column encryption key ciphertext by adopting an initial client master key locally stored by the client to obtain a column encryption key plaintext;
The encryption module is used for encrypting the column encryption key plaintext by adopting the target client master key to obtain a target column encryption key ciphertext;
And the updating module is used for updating the target column encryption key ciphertext into a system table of the server and updating the initial client master key locally stored by the client by adopting the target client master key.
According to another aspect of the present invention, there is provided a key updating apparatus of an all-secret database, including:
the creation module is used for creating a target column encryption key plaintext;
the encryption module is used for encrypting the target column encryption key plaintext by adopting the acquired client side master key, obtaining a target column encryption key ciphertext, and updating the target column encryption key ciphertext into a system table of the server;
the acquisition module is used for acquiring an initial data column ciphertext encrypted by adopting an initial column encryption key ciphertext from the database;
The decryption module is used for decrypting the initial data column ciphertext by adopting the initial column encryption key ciphertext to obtain a data column plaintext, and encrypting the data column plaintext by adopting the target column encryption key ciphertext to obtain a target data column ciphertext;
and the writing module is used for writing the target data column ciphertext into the database.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor, and
A memory communicatively coupled to the at least one processor, wherein,
The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the method for updating a cryptographic database according to any one of the embodiments of the present invention.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to implement the method for updating a secret database according to any of the embodiments of the present invention when executed.
The technical scheme of the embodiment of the invention comprises the steps of creating a target client master key, decrypting an initial column encryption key ciphertext by adopting an initial client master key locally stored by a client to obtain a column encryption key plaintext, encrypting the column encryption key plaintext by adopting the target client master key to obtain a target column encryption key ciphertext, updating the target column encryption key ciphertext to a system table of a server, updating the initial client master key locally stored by the client by adopting the target client master key, solving the problem of updating the client master key CMK in a full-secret database, ensuring the safety of key storage equipment, and ensuring the key consistency of the client and the server in the process of updating the client master key, thereby ensuring the continuous usability of the key.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for updating a secret key of a full-secret database according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method for updating a secret key of a full-secret database according to a second embodiment of the present invention;
FIG. 3 is a flowchart of a method for updating a secret key of a full-secret database according to a third embodiment of the present invention;
Fig. 4 is a schematic structural diagram of a key updating device of a full-secret database according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of a key updating device of a full-secret database according to a fifth embodiment of the present invention;
Fig. 6 is a schematic structural diagram of an electronic device implementing a method for updating a secret key of an all-secret database according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "target," "initial," and the like in the description and claims of the present invention and the above-described drawings are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a flowchart of a method for updating a key of a full-secret database according to an embodiment of the present invention, where the method may be performed by a key updating device of the full-secret database, and the key updating device of the full-secret database may be implemented in hardware and/or software, and the key updating device of the full-secret database may be configured in a client. As shown in fig. 1, the method includes:
s110, creating a target client master key.
The target client master key refers to a new client master key, and is used for updating the client master key originally used in the full-secret database. The client master key CMK is used to encrypt the column encryption key CEK, which is represented in plaintext form, i.e. the column encryption key plaintext.
In this embodiment, the target client master key is calculated on the client by a preset condition and key algorithm. Illustratively, the key algorithm may employ an asymmetric key algorithm. The preset condition may be that the target client master key is created periodically according to a preset period, so as to realize periodic update of the client master key, or the target client master key may be created when combined with an update instruction according to a user demand.
S120, decrypting the initial column encryption key ciphertext by adopting an initial client master key locally stored by the client to obtain a column encryption key plaintext.
The initial client master key refers to a client master key used in the full-secret database before the key is not updated. The initial column encryption key ciphertext is a ciphertext obtained by encrypting a column encryption key plaintext by using an initial client side master key. Column encryption key plaintext refers to the column encryption key CEK expressed in plaintext form.
In this embodiment, the initial client master key is stored in the client local, and since the client master key is used to encrypt the column encryption key plaintext, the initial column encryption key ciphertext is read from the server to the client local, and the column encryption key plaintext can be obtained by decrypting the initial column encryption key ciphertext with the initial client master key.
In an alternative embodiment, the column encryption key plaintext is written into a cache local to the client.
In this embodiment, in order to avoid incomplete update of the client side master key, the initial column encryption key stores the column encryption key plaintext in the cache of the client side after the client side is decrypted by the initial client side master key, and is used for decrypting the encrypted column data in the client side master key updating process. S130, encrypting the column encryption key plaintext by using the target client side master key to obtain a target column encryption key ciphertext.
The target column encryption key ciphertext is a new column encryption key ciphertext obtained by encrypting a column encryption key plaintext by using a new target client master key.
In this embodiment, the client master key is used to encrypt the column encryption key plaintext, so after the target client master key is created, the newly created target client master key is used to encrypt the column encryption key plaintext to obtain the target column encryption key ciphertext.
And S140, updating the target column encryption key ciphertext into a system table of the server, and updating the initial client master key locally stored by the client by adopting the target client master key.
In a full-secret database, the key and the private column data are not present in the server in plain text form in order to guarantee the security of the data. Therefore, a system table is set in the full-secret database for storing the hash value of the client master key CMK, the column encryption key ciphertext CEK, and the encrypted data column encrypted by the column encryption key ciphertext CEK. The primary information contained in the system table includes, illustratively, CMKs: CMK_ID, CMK name, CMK path, encrypted CMK algorithm ID, public key hash value, private key hash value, CEKs: CEK_ID, CEK name, CMK_ID, CMK name, encrypted CEK algorithm ID, current CEK ciphertext, original CEK ciphertext, COLs: column name, table name, schema name, CMK_ID, CEK_ID, CEK name, CMK_ID, CMK name, encryption algorithm ID.
In this embodiment, the target column encryption key ciphertext is updated to the system table of the server in the form of ciphertext, and the initial client master key stored locally by the client is updated using the target client master key. And the server updates the current column encryption key ciphertext and the original column encryption key ciphertext in the system table according to the target column encryption key ciphertext updated by the client. The client master key used by the target column encryption key ciphertext in the server is ensured to be consistent with the client master key locally stored by the client, so that the continuous usability of the key in the updating process can be ensured.
The method for updating the target column encryption key ciphertext into the system table of the server may be, for example, that in the system table of the server, the original CEK ciphertext field is updated by using the initial column encryption key ciphertext stored in the current CEK ciphertext field, and the current CEK ciphertext field is updated by using the target column encryption key ciphertext.
The technical scheme of the embodiment of the invention comprises the steps of creating a target client master key, decrypting an initial column encryption key ciphertext by adopting an initial client master key locally stored by a client to obtain a column encryption key plaintext, encrypting the column encryption key plaintext by adopting the target client master key to obtain a target column encryption key ciphertext, updating the target column encryption key ciphertext to a system table of a server, updating the initial client master key locally stored by the client by adopting the target client master key, realizing the updating of the client master key CMK in a full-secret database, ensuring the safety of key storage equipment, and ensuring the key consistency of the client and the server in the process of updating the client master key, thereby ensuring the continuous availability of the key.
Example two
Fig. 2 is a flowchart of a method for updating a key of a full-secret database according to a second embodiment of the present invention, where a specific implementation process of creating a target client master key, decrypting an initial column encrypted key ciphertext, and a verification and use process of an updated client master key after updating the client master key in the full-secret database are further defined based on the foregoing embodiment.
As shown in fig. 2, the method includes:
s210, creating a target client master key.
In an alternative embodiment, creating the target client master key includes creating a target client public key and a target client private key locally at the client using an asymmetric key algorithm, and taking the target client public key and the target client private key as the target client master key.
S220, decrypting the initial column encryption key ciphertext by adopting an initial client master key locally stored by the client to obtain a column encryption key plaintext.
In an alternative embodiment, decrypting the initial column encryption key ciphertext using an initial client master key stored locally at the client to obtain a column encryption key plaintext includes locally obtaining a private key from the initial client master key from the client and obtaining the initial column encryption key ciphertext from the server, and decrypting the initial column encryption key ciphertext using the private key from the initial client master key to obtain the column encryption key plaintext.
S230, encrypting the column encryption key plaintext by using the target client side master key to obtain a target column encryption key ciphertext.
S240, updating the target column encryption key ciphertext into a system table of the server, and updating the initial client master key locally stored by the client by using the target client master key.
S250, calculating the hash value of the target client side master key, and updating the hash value of the target client side master key into a system table of the server.
In the embodiment, the target client master key comprises a target client public key and a target client private key, a hash value of the target client public key and a hash value of the target client private key are calculated, and the hash value of the target client public key and the hash value of the target client private key are updated into a system table.
Illustratively, the hash value of the target client master key is calculated by a hash algorithm. The hash algorithm (Secure Hash Algorithm, SHA) is a data encryption algorithm whose idea is to receive a piece of plaintext and then transform it into a piece of ciphertext in an irreversible manner, which can also be understood simply as a process of taking a string of input codes and transforming them into an output sequence of a fixed number of bits of shorter length, i.e. a hash value.
S260, obtaining the hash value of the client side master key to be used, and comparing the hash value of the client side master key to be used with the hash value of the target client side master key.
The client master key to be used comprises a public key used in the process of encrypting the column encryption key plaintext or a private key used in the process of decrypting the column encryption key plaintext. The client master key to be used may be a client master key stored in a client local file or a client master key obtained from a client cache.
In this embodiment, in the process of obtaining the client master key to be used and encrypting or decrypting the column encryption key plaintext by using the client master key to be used, the hash value of the client master key to be used is calculated, the hash value of the target client master key is obtained from the server, and whether the hash values are consistent is compared, so that whether database rollback occurs or the key is tampered in the process of updating the target client master key is checked.
And S270, if the two keys are the same, encrypting the column encryption key plaintext by adopting the target client master key or decrypting the column encryption key ciphertext.
In this embodiment, if the hash value of the client master key to be used is the same as the hash value of the target client master key, it is indicated that the client master key to be used can be normally used, and the column encryption key plaintext is encrypted by using the public key in the client master key to be used or the column encryption key ciphertext is decrypted by using the public key in the client master key to be used.
And S280, if the client master key is different, sending out prompt information, wherein the prompt information is used for prompting a user that the client master key to be used is wrong.
In this embodiment, if the hash value of the client master key to be used is different from the hash value of the target client master key, it is indicated that the database rollback may occur or the key is tampered, and a prompt message needs to be sent to prompt the user that the client master key to be used is wrong and cannot be used normally, and the user determines whether the key is tampered or the database rollback is caused by operations such as key tampering.
In the embodiment, a target client master key is created, an initial column encryption key ciphertext stored locally by a client is adopted to decrypt the initial column encryption key ciphertext to obtain a column encryption key plaintext, the target client master key ciphertext is adopted to encrypt the column encryption key plaintext to obtain a target column encryption key ciphertext, the target column encryption key ciphertext is updated to a system table of a server, the initial client master key stored locally by the client is updated by the target client master key, a hash value of the target client master key is calculated, the hash value of the target client master key is updated to the system table of the server, the hash value of the client master key to be used is obtained, the hash value of the client master key to be used is compared with the hash value of the target client master key, if the hash value of the client master key to be used is the same, the column encryption key plaintext is encrypted or the column encryption key ciphertext is decrypted by the client master key to be used, if the hash value of the client master key to be used is different, prompt information is sent out to prompt a user to prompt the client master key to be wrong, and the problem that the database rolls back or the key is tampered to cause that the client information is inconsistent with the server key information is avoided.
Example III
Fig. 3 is a flowchart of a method for updating a key of a full-secret database according to a third embodiment of the present invention, where the method may be performed by a key updating device of the full-secret database, and the key updating device of the full-secret database may be implemented in hardware and/or software, and the key updating device of the full-secret database may be configured in a client. As shown in fig. 3, the method includes:
s310, creating a target column encryption key plaintext.
The target column encryption key plaintext refers to a new column encryption key plaintext, and is used for updating the column encryption key plaintext originally used in the full-secret database.
In this embodiment, the manner of creating the target column encryption key plaintext may be to calculate the target column encryption key plaintext by a symmetric algorithm.
S320, encrypting the target column encryption key plaintext by using the acquired client side master key to acquire a target column encryption key ciphertext, and updating the target column encryption key ciphertext into a system table of the server.
The target column encryption key ciphertext is obtained by encrypting a target column encryption key plaintext by using a client side master key.
In this embodiment, in the process of updating the column encryption key, the client master key is generally not updated, so as to avoid causing update confusion. One may be selected from the client master keys stored locally at the client or the previously used client master key may still be maintained. And encrypting the target column encryption key plaintext by using the client master key to obtain a target column encryption key ciphertext corresponding to the target column encryption key plaintext, storing the target column encryption key ciphertext into a system table of a server, and waiting for subsequent updating of the initial column encryption key ciphertext.
The updating of the target column encryption key ciphertext into the system table of the server illustratively includes updating the original CEK ciphertext field with the initial column encryption key ciphertext stored in the current CEK ciphertext field, and updating the current CEK ciphertext field with the target column encryption key ciphertext. The initial column encryption key ciphertext is obtained by encrypting an initial column encryption key plaintext by using a client side master key.
In the embodiment of the invention, the target column encryption key ciphertext and the initial column encryption key ciphertext are both stored in a system table of a server, the target column encryption key ciphertext stored in the system table is preferentially adopted to decrypt the column encryption data in the process of decrypting the encrypted column data by adopting the column encryption key ciphertext, if decryption fails, the initial column encryption key ciphertext is acquired from the server, and the initial column encryption key ciphertext is adopted to decrypt the column encryption data, so that the failure of decrypting the encrypted column data is avoided.
In an alternative embodiment, the obtaining the client master key comprises obtaining the client master key used by encrypting the initial column encryption key ciphertext, or obtaining a client master key parameter, and searching the client master key locally on the client according to the client master key parameter.
In another alternative embodiment, the initial column encryption key ciphertext is stored to a system table of the server.
In the embodiment of the invention, the initial column encryption key ciphertext is also stored in a system table of the server, the target column encryption key ciphertext stored in the server is preferentially adopted to decrypt the column encryption data in the process of decrypting the encrypted column data by adopting the column encryption key ciphertext, if decryption fails, the initial column encryption key ciphertext is acquired from the server, and the initial column encryption key ciphertext is adopted to decrypt the column encryption data, so that the failure of decrypting the encrypted column data is avoided.
S330, acquiring an initial data column ciphertext encrypted by adopting an initial column encryption key ciphertext from a database.
The initial data column ciphertext is an initial data column encrypted by the initial column encryption key ciphertext.
In this embodiment, the initial data column ciphertext encrypted by the initial column encryption key ciphertext is queried in the database, and the initial data column ciphertext is read from the database to the client. Alternatively, the database may be an internal database in the server or an external database.
S340, decrypting the data column ciphertext by using the initial column encryption key ciphertext to obtain a data column plaintext, and encrypting the data column plaintext by using the target column encryption key ciphertext to obtain a target data column ciphertext.
The target data column ciphertext is ciphertext obtained by encrypting data column plaintext by using a target column encryption key ciphertext.
In this embodiment, locally at the client, the initial column encryption key ciphertext is used to decrypt the corresponding initial data column ciphertext, so as to obtain a data column plaintext corresponding to the initial data column ciphertext. And then, encrypting the data column plaintext by using the target column encryption key ciphertext to obtain the target data column ciphertext.
S350, writing the target data column ciphertext into the database.
In this embodiment, the target column encryption key ciphertext is written into the database.
The technical scheme of the embodiment of the invention comprises the steps of creating a target column encryption key plaintext, encrypting the target column encryption key plaintext by using an acquired client side master key to obtain a target column encryption key ciphertext, updating the target column encryption key ciphertext to a system table of a server, acquiring initial data column ciphertext encrypted by using the initial column encryption key ciphertext from a database, decrypting the initial data column ciphertext by using the initial column encryption key ciphertext to obtain a data column plaintext, encrypting the data column plaintext by using the target column encryption key ciphertext to obtain a target data column ciphertext, writing the target data column ciphertext into the database, realizing updating of a column encryption key CEK in a full-secret-state database, guaranteeing the safety of key storage equipment, and guaranteeing the key consistency of the client side and a server side in the process of updating the column encryption key, thereby guaranteeing the continuous usability of keys.
Example IV
Fig. 4 is a schematic structural diagram of a key updating device of a full-secret database according to a fourth embodiment of the present invention. As shown in fig. 4, the apparatus includes a creation module 410, a decryption module 420, an encryption module 430, and an update module 440, wherein,
A creation module 410 for creating a target client master key;
The decryption module 420 is configured to decrypt the initial column encryption key ciphertext by using an initial client master key locally stored by the client, to obtain a column encryption key plaintext;
An encryption module 430, configured to encrypt the column encryption key plaintext using the target client master key to obtain a target column encryption key ciphertext;
and the updating module 440 is configured to update the target column encryption key ciphertext to a system table of a server, and update the initial client master key locally stored by the client with the target client master key.
The technical scheme of the embodiment of the invention comprises the steps of creating a target client master key, decrypting an initial column encryption key ciphertext by adopting an initial client master key locally stored by a client to obtain a column encryption key plaintext, encrypting the column encryption key plaintext by adopting the target client master key to obtain a target column encryption key ciphertext, updating the target column encryption key ciphertext to a system table of a server, updating the initial client master key locally stored by the client by adopting the target client master key, realizing the updating of the client master key in a full-secret database, ensuring the safety of key storage equipment, and ensuring the consistency of keys of the client and a server in the updating process of the client master key, thereby ensuring the continuous usability of the keys.
Optionally, the creation module 410 is specifically configured to:
creating a target client public key and a target client private key locally at the client by adopting an asymmetric key algorithm;
and taking the target client public key and the target client private key as target client master keys.
Optionally, the method further comprises:
The hash calculation module is used for calculating the hash value of the target client master key after updating the target column encryption key ciphertext to a system table of a server and adopting the target client master key to update the initial client master key locally stored by a client;
And the writing module is used for updating the hash value of the target client master key into a system table of the server.
Optionally, the method further comprises:
the hash acquisition module is used for acquiring the hash value of the client master key to be used after updating the hash value of the target client master key into a system table of a server;
The comparison module is used for comparing the hash value of the client master key to be used with the hash value of the target client master key;
the encryption and decryption module is used for encrypting the column encryption data or decrypting the column encryption data by adopting the target column encryption key ciphertext if the target column encryption key ciphertext is the same;
And the prompt module is used for sending prompt information if the client master key is different, wherein the prompt information is used for prompting a user that the client master key to be used is wrong.
The key updating device of the full-secret database provided by the embodiment of the invention can execute the key updating method of the full-secret database provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the executing method.
Example five
Fig. 5 is a schematic structural diagram of a key updating device for a full-secret database according to a fifth embodiment of the present invention. As shown in fig. 5, the apparatus includes a creation module 510, an encryption module 520, an acquisition module 530, a decryption module 540, and a writing module 550, wherein,
A creating module 510, configured to create a plaintext of the encryption key of the target column;
The encryption module 520 is configured to encrypt the target column encryption key plaintext using the obtained client master key, obtain a target column encryption key ciphertext, and update the target column encryption key ciphertext to a system table of a server;
an obtaining module 530, configured to obtain, from a database, an initial data column ciphertext encrypted using an initial column encryption key ciphertext;
The decryption module 540 is configured to decrypt the initial data column ciphertext by using the initial column encryption key ciphertext to obtain a data column plaintext, and encrypt the data column plaintext by using a target column encryption key ciphertext to obtain a target data column ciphertext;
A writing module 550, configured to write the target data column ciphertext into the database.
The technical scheme of the embodiment of the invention comprises the steps of creating a target column encryption key plaintext, encrypting the target column encryption key plaintext by using an acquired client side master key to obtain a target column encryption key ciphertext, updating the target column encryption key ciphertext to a system table of a server, acquiring initial data column ciphertext encrypted by using the initial column encryption key ciphertext from a database, decrypting the initial data column ciphertext by using the initial column encryption key ciphertext to obtain a data column plaintext, encrypting the data column plaintext by using the target column encryption key ciphertext to obtain a target data column ciphertext, writing the target data column ciphertext into the database, realizing updating of a column encryption key CEK in a full-secret-state database, guaranteeing the safety of key storage equipment, and guaranteeing the key consistency of the client side and a server side in the process of updating the column encryption key, thereby guaranteeing the continuous usability of keys.
Optionally, the encryption module 520 includes:
a first obtaining unit, configured to obtain a client master key used for encrypting the initial column encryption key ciphertext;
Or the second acquisition unit is used for acquiring the client master key parameter and searching the client master key locally in the client according to the client master key parameter.
The key updating device of the full-secret database provided by the embodiment of the invention can execute the key updating method of the full-secret database provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the executing method.
Example six
Fig. 6 shows a schematic diagram of the structure of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 6, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including an input unit 16, such as a keyboard, mouse, etc., an output unit 17, such as various types of displays, speakers, etc., a storage unit 18, such as a magnetic disk, optical disk, etc., and a communication unit 19, such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 11 performs the various methods and processes described above, such as the method of updating the keys of the full-secret database.
In some embodiments, the method of updating the key of the full-secret database may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as the storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the above-described method of updating the keys of the full-secret database may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the full-secret database key updating method in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include being implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be a special or general purpose programmable processor, operable to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to the user and a keyboard and a pointing device (e.g., a mouse or a trackball) by which the user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user, for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback), and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a Local Area Network (LAN), a Wide Area Network (WAN), a blockchain network, and the Internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.

Claims (10)

1.一种全密态数据库的密钥更新方法,其特征在于,应用于客户端,所述方法包括:1. A method for updating a key of a fully encrypted database, characterized in that it is applied to a client and comprises: 创建目标客户端主密钥;Create the target client master key; 采用客户端本地存储的初始客户端主密钥解密初始列加密密钥密文,获得列加密密钥明文;Decrypt the initial column encryption key ciphertext using the initial client master key stored locally on the client to obtain the column encryption key plaintext; 采用所述目标客户端主密钥加密所述列加密密钥明文,获得目标列加密密钥密文;Encrypting the column encryption key plaintext using the target client master key to obtain a target column encryption key ciphertext; 将所述目标列加密密钥密文更新到服务器的系统表中,并采用所述目标客户端主密钥更新客户端本地存储的所述初始客户端主密钥。The target column encryption key ciphertext is updated to the system table of the server, and the target client master key is used to update the initial client master key stored locally on the client. 2.根据权利要求1所述的方法,其特征在于,创建目标客户端主密钥,包括:2. The method according to claim 1, wherein creating a target client master key comprises: 在客户端本地采用非对称密钥算法创建目标客户端公钥和目标客户端私钥;Create a target client public key and a target client private key locally using an asymmetric key algorithm on the client; 将所述目标客户端公钥和所述目标客户端私钥作为目标客户端主密钥。The target client public key and the target client private key are used as the target client master key. 3.根据权利要求1所述的方法,其特征在于,在将所述目标列加密密钥密文更新到服务器的系统表中,并采用所述目标客户端主密钥更新客户端本地存储的所述初始客户端主密钥之后,还包括:3. The method according to claim 1, characterized in that after updating the target column encryption key ciphertext to the system table of the server and using the target client master key to update the initial client master key stored locally on the client, it also includes: 计算所述目标客户端主密钥的哈希值;Calculate the hash value of the target client master key; 将所述目标客户端主密钥的哈希值更新到服务器的系统表中。The hash value of the target client master key is updated into the server's system table. 4.根据权利要求3所述的方法,其特征在于,在将所述目标客户端主密钥的哈希值更新到服务器的系统表中之后,还包括:4. The method according to claim 3, characterized in that after updating the hash value of the target client master key into the system table of the server, it also includes: 获取待使用客户端主密钥的哈希值;Get the hash value of the client master key to be used; 比较所述待使用客户端主密钥的哈希值与所述目标客户端主密钥的哈希值;Comparing the hash value of the to-be-used client master key with the hash value of the target client master key; 若相同,则采用所述目标列加密密钥密文对列加密数据进行加密或者对所述列加密数据进行解密;If they are the same, using the target column encryption key ciphertext to encrypt the column encrypted data or decrypt the column encrypted data; 若不同,则发出提示信息,所述提示信息用于提示用户待使用客户端主密钥错误。If they are different, a prompt message is issued, wherein the prompt message is used to remind the user that the client master key to be used is incorrect. 5.一种全密态数据库的密钥更新方法,其特征在于,应用于客户端,所述方法包括:5. A method for updating a key of a fully encrypted database, characterized in that it is applied to a client and comprises: 创建目标列加密密钥明文;Create target column encryption key plaintext; 采用获取到的客户端主密钥加密所述目标列加密密钥明文,获得目标列加密密钥密文,并将所述目标列加密密钥密文更新到服务器的系统表中;Encrypt the target column encryption key plaintext using the acquired client master key to obtain the target column encryption key ciphertext, and update the target column encryption key ciphertext to the system table of the server; 从数据库中获取采用初始列加密密钥密文加密的初始数据列密文;Obtaining from the database the initial data column ciphertext encrypted using the initial column encryption key ciphertext; 采用所述初始列加密密钥密文解密所述初始数据列密文得到数据列明文,并采用目标列加密密钥密文加密所述数据列明文,得到目标数据列密文;Decrypting the initial data column ciphertext using the initial column encryption key ciphertext to obtain data column plaintext, and encrypting the data column plaintext using the target column encryption key ciphertext to obtain target data column ciphertext; 将所述目标数据列密文写入所述数据库中。The target data column ciphertext is written into the database. 6.根据权利要求5所述的方法,其特征在于,获取客户端主密钥,包括:6. The method according to claim 5, characterized in that obtaining the client master key comprises: 获取所述初始列加密密钥密文加密所使用的客户端主密钥;Obtain a client master key used for encrypting the ciphertext of the initial column encryption key; 或者,获取客户端主密钥参数,根据所述客户端主密钥参数在客户端本地查找客户端主密钥。Alternatively, a client master key parameter is obtained, and the client master key is searched locally on the client according to the client master key parameter. 7.一种全密态数据库的密钥更新装置,其特征在于,包括:7. A key updating device for a fully encrypted database, comprising: 创建模块,用于创建目标客户端主密钥;Create a module for creating a target client master key; 解密模块,用于采用客户端本地存储的初始客户端主密钥解密初始列加密密钥密文,获得列加密密钥明文;A decryption module, used to decrypt the initial column encryption key ciphertext by using the initial client master key stored locally on the client to obtain the column encryption key plaintext; 加密模块,用于采用所述目标客户端主密钥加密所述列加密密钥明文,获得目标列加密密钥密文;An encryption module, used to encrypt the column encryption key plaintext by using the target client master key to obtain a target column encryption key ciphertext; 更新模块,用于将所述目标列加密密钥密文更新到服务器的系统表中,并采用所述目标客户端主密钥更新客户端本地存储的所述初始客户端主密钥。The update module is used to update the target column encryption key ciphertext into the system table of the server, and use the target client master key to update the initial client master key stored locally on the client. 8.一种全密态数据库的密钥更新装置,其特征在于,包括:8. A key updating device for a fully encrypted database, comprising: 创建模块,用于创建目标列加密密钥明文;Create a module to create the target column encryption key plaintext; 加密模块,用于采用获取到的客户端主密钥加密所述目标列加密密钥明文,获得目标列加密密钥密文,并将所述目标列加密密钥密文更新到服务器的系统表中;An encryption module, used to encrypt the target column encryption key plaintext by using the acquired client master key, obtain the target column encryption key ciphertext, and update the target column encryption key ciphertext to the system table of the server; 获取模块,用于从数据库中获取采用初始列加密密钥密文加密的初始数据列密文;An acquisition module, used for acquiring the initial data column ciphertext encrypted by using the initial column encryption key ciphertext from the database; 解密模块,用于采用所述初始列加密密钥密文解密所述初始数据列密文得到数据列明文,并采用目标列加密密钥密文加密所述数据列明文,得到目标数据列密文;A decryption module, configured to use the initial column encryption key ciphertext to decrypt the initial data column ciphertext to obtain a data column plaintext, and use the target column encryption key ciphertext to encrypt the data column plaintext to obtain a target data column ciphertext; 写入模块,用于将所述目标数据列密文写入所述数据库中。A writing module is used to write the ciphertext of the target data column into the database. 9.一种电子设备,其特征在于,所述电子设备包括:9. An electronic device, characterized in that the electronic device comprises: 至少一个处理器;以及at least one processor; and 与所述至少一个处理器通信连接的存储器;其中,a memory communicatively connected to the at least one processor; wherein, 所述存储器存储有可被所述至少一个处理器执行的计算机程序,所述计算机程序被所述至少一个处理器执行,以使所述至少一个处理器能够执行权利要求1-6中任一项所述的全密态数据库的密钥更新方法。The memory stores a computer program executable by the at least one processor, and the computer program is executed by the at least one processor so that the at least one processor can execute the key update method for a fully confidential database according to any one of claims 1 to 6. 10.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机指令,所述计算机指令用于使处理器执行时实现权利要求1-6中任一项所述的全密态数据库的密钥更新方法。10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores computer instructions, and the computer instructions are used to enable a processor to implement the key update method for a fully confidential database according to any one of claims 1 to 6 when executed.
CN202411476709.9A 2024-10-22 2024-10-22 Key updating method, device, equipment and storage medium for fully secret database Pending CN119377987A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411476709.9A CN119377987A (en) 2024-10-22 2024-10-22 Key updating method, device, equipment and storage medium for fully secret database

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411476709.9A CN119377987A (en) 2024-10-22 2024-10-22 Key updating method, device, equipment and storage medium for fully secret database

Publications (1)

Publication Number Publication Date
CN119377987A true CN119377987A (en) 2025-01-28

Family

ID=94338784

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411476709.9A Pending CN119377987A (en) 2024-10-22 2024-10-22 Key updating method, device, equipment and storage medium for fully secret database

Country Status (1)

Country Link
CN (1) CN119377987A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103051641A (en) * 2013-01-17 2013-04-17 中国银行股份有限公司 Method and system for updating multiple-client key, and information security transmission method
US20160365976A1 (en) * 2015-06-12 2016-12-15 Konica Minolta, Inc. Cryptographic System, Updating Method, and Non-Transitory Storage Medium Encoded with Computer Readable Program
US20200021567A1 (en) * 2018-07-11 2020-01-16 Mastercard International Incorporated Methods and systems for encrypting data for a web application
US20230098090A1 (en) * 2021-09-24 2023-03-30 Sap Se Sql extension to key transfer system with authenticity, confidentiality, and integrity
CN115987597A (en) * 2022-12-16 2023-04-18 四川阵风科技有限公司 Key updating method and system based on software, terminal equipment and virtual server
CN117061101A (en) * 2023-08-09 2023-11-14 中国银联股份有限公司 Key updating method, device, equipment and storage medium
CN118260310A (en) * 2024-05-06 2024-06-28 北京海量数据技术股份有限公司 Non-equivalent query method and system for secret database
CN118573366A (en) * 2024-05-30 2024-08-30 武汉达梦数据库股份有限公司 Secret key information acquisition method and device based on full secret database, electronic equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103051641A (en) * 2013-01-17 2013-04-17 中国银行股份有限公司 Method and system for updating multiple-client key, and information security transmission method
US20160365976A1 (en) * 2015-06-12 2016-12-15 Konica Minolta, Inc. Cryptographic System, Updating Method, and Non-Transitory Storage Medium Encoded with Computer Readable Program
US20200021567A1 (en) * 2018-07-11 2020-01-16 Mastercard International Incorporated Methods and systems for encrypting data for a web application
US20230098090A1 (en) * 2021-09-24 2023-03-30 Sap Se Sql extension to key transfer system with authenticity, confidentiality, and integrity
CN115987597A (en) * 2022-12-16 2023-04-18 四川阵风科技有限公司 Key updating method and system based on software, terminal equipment and virtual server
CN117061101A (en) * 2023-08-09 2023-11-14 中国银联股份有限公司 Key updating method, device, equipment and storage medium
CN118260310A (en) * 2024-05-06 2024-06-28 北京海量数据技术股份有限公司 Non-equivalent query method and system for secret database
CN118573366A (en) * 2024-05-30 2024-08-30 武汉达梦数据库股份有限公司 Secret key information acquisition method and device based on full secret database, electronic equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
薛金红;田秀霞;宋谦;田福粮;: "面向CryptDB的用户身份验证方案", 上海电力大学学报, no. 02, 15 April 2020 (2020-04-15) *

Similar Documents

Publication Publication Date Title
CN112988764B (en) Data storage method, device, equipment and storage medium
CN117494162B (en) Data storage encryption system, method, device and medium
CN115473722B (en) Data encryption method, device, electronic device and storage medium
CN114880630B (en) Method and device for obtaining software usage rights
CN111400743A (en) Transaction processing method and device based on block chain network, electronic equipment and medium
CN115150063A (en) Model encryption method and device and electronic equipment
CN114417374A (en) Blockchain-based smart contract business card method, device, device and storage medium
CN115238310A (en) Data encryption and decryption method, device, equipment and storage medium
CN111459672B (en) Transaction processing method, device, equipment and medium based on block chain network
CN113794706B (en) Data processing method, device, electronic device and readable storage medium
US11886301B2 (en) Encryption key management
CN117633835A (en) Data processing method, device, equipment and storage medium
CN119377987A (en) Key updating method, device, equipment and storage medium for fully secret database
CN112565156A (en) Information registration method, device and system
CN115688165A (en) Node file processing method, device, equipment and storage medium
CN115208561A (en) Secret-free login method and device, computer equipment and storage medium
CN119416204B (en) Data migration method, device, equipment, medium and product based on trusted execution environment in trusted data space
CN117424808B (en) Equipment configuration method and device, electronic equipment and storage medium
CN118626567A (en) Data synchronization method, device, electronic device and storage medium
CN118296621A (en) Periodic updating method, device, equipment and medium for License encrypted file
CN120614110A (en) Key synchronization method, device, equipment, storage medium and product
CN116633583A (en) Data security management system, method, equipment and medium
CN120750610A (en) Security authentication method, device, equipment and medium
CN116881215A (en) File sharing method, device, equipment and storage medium
CN119416204A (en) Data migration method, device, equipment, storage medium and product based on trusted execution environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination