Database transparent encryption and decryption implementation method and system based on virtual block device

A technology of transparent encryption and decryption and virtual block device, applied in the field of transparent encryption and decryption of databases, it can solve the problems of low efficiency, not achieving complete transparency, and poor fuzzy query support, and achieve the effect of simple configuration and transparent application.

Pending Publication Date: 2022-02-11
北京中安星云软件技术有限公司
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] For the PostgreSQL database, the encryption method used can be encryption before inserting data, decrypting after reading, or calling the encryption function of the database to encrypt data. This requires adding an encryption and decryption device between the application and the database. The index will have an impact, and the effect of complete transparency has not been achieved
[0006] The existing encryption of the PostgreSQL database is performed at the database level, and the plaintext information in the table is directly encrypted into ciphertext. The disadvantage of this implementation is that it does not support fuzzy queries well, and the efficiency is not high.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Database transparent encryption and decryption implementation method and system based on virtual block device
  • Database transparent encryption and decryption implementation method and system based on virtual block device
  • Database transparent encryption and decryption implementation method and system based on virtual block device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0036] see figure 1 and Figure 5 , figure 1 A schematic diagram of the steps of a method for implementing transparent encryption and decryption of a database based on a virtual block device provided by an embodiment of the present invention is as follows:

[0037] Figure 5 It is the kernel architecture diagram of Device Mapper. Device Mapper is a general device mapping mechanism that supports logical volume management in the linux2.6 kernel. It provides a highly modular architecture for block device drivers. DM can flexibly manage virtual volumes in the system. block device.

[0038] Device Mapper is a kernel-based advanced volume management technology framework in Linux systems. Docker's devicemapper storage driver is based on the framework's thin provisioning and snapshot functions to manage images and containers. Note: Device Mapper is a technical framework of Linux, and devicemapper is a storage driver provided by Docker Engine based on DeviceMapper.

[0039]device...

Embodiment 2

[0048] see figure 2 , figure 2 A schematic diagram of the detailed steps of a method for implementing transparent encryption and decryption of a database based on a virtual block device provided by an embodiment of the present invention is as follows:

[0049] Step S200, creating a virtual disk;

[0050] In some implementations, the virtual disk is created by fallocate -l 16G / home / postgres.vol.

[0051] Step S210, format the virtual disk in luks mode;

[0052] In some implementations, the virtual disk is formatted using cryptsetup luksFormat / home / postgres.vol.

[0053] In some embodiments, LUKS (Linux Unified Key Setup) is a standard for Linux hard disk encryption. By providing a standard on-disk format, it not only facilitates compatibility between distributions, but also provides secure management of multiple user passwords. Compared with existing solutions, LUKS stores all necessary setting information in the partition information header, enabling users...

Embodiment 3

[0075] see image 3 , image 3 A schematic diagram of a system module for realizing transparent encryption and decryption of a database based on a virtual block device provided by an embodiment of the present invention is as follows:

[0076] PostgreSQL encryption module 10, used for automatically encrypting the data under the block device through dm-crypt when the user writes data, and then writing it to the disk;

[0077] The PostgreSQL decryption module 20 automatically decrypts the data under the block device and returns it to the application program when the user reads the data.

[0078] In some implementations, transparent data encryption can literally be divided into three parts, data, encryption, and transparency. Data, plaintext data that users need to protect. Encryption and information security have always been accompanied by the development of the world. Encryption is an important means of information security. Commonly used encryption methods can be d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a transparent database encryption and decryption implementation method and system based on virtual block equipment, and relates to the technical field of data safety. The transparent database encryption and decryption implementation method based on the virtual block device comprises the steps that when a user writes data, the data under the block device are automatically encrypted through dm-crypt and then written into a disk; and when a user reads the data, automatically decrypting the data under the block device and returning the decrypted data to the application program. According to the method, the TDE function of the POSTGRESQL database can be achieved by using a Device Mapper mechanism, encryption and decryption are operated at the block device level, any operation of the database is not affected, but data of a disk is stored in an encrypted mode, and therefore the transparent encryption requirement of a user is met. In addition, the invention further provides a database transparent encryption and decryption implementation system based on the virtual block device. The system comprises an encryption module and a decryption module.

Description

technical field [0001] The invention relates to the technical field of data security, in particular to a method and system for implementing transparent encryption and decryption of databases based on virtual block devices. Background technique [0002] PostgreSQL is a free object-relational database server released under a flexible BSD-style license. It provides users with an alternative to other open source database systems and proprietary systems. Reliability is PostgreSQL's highest priority. Known for its rock-solid quality and good engineering, it supports high-transaction, mission-critical applications. PostgreSQL is very well documented, with a large free online manual and an archived reference manual for older versions. PostgreSQL's community support is fantastic, as well as commercial support from independent vendors. [0003] Data consistency and integrity are also high priority features of PostgreSQL. PostgreSQL fully supports ACID features. It provides strong...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/60G06F16/28G06F3/06
CPCG06F21/602G06F16/284G06F3/062G06F3/0632G06F3/0643G06F3/0665G06F3/0676
Inventor 唐更新任洪权宋辉赵卫国
Owner 北京中安星云软件技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap