[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN112398861B - Encryption system and method for sensitive data in web configuration system - Google Patents

Encryption system and method for sensitive data in web configuration system Download PDF

Info

Publication number
CN112398861B
CN112398861B CN202011293850.7A CN202011293850A CN112398861B CN 112398861 B CN112398861 B CN 112398861B CN 202011293850 A CN202011293850 A CN 202011293850A CN 112398861 B CN112398861 B CN 112398861B
Authority
CN
China
Prior art keywords
sql
executed
sensitive data
injection attack
sentences
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011293850.7A
Other languages
Chinese (zh)
Other versions
CN112398861A (en
Inventor
朱亮亮
邱泽晶
李文庆
郭松
冯澎湃
胡文博
余梦
邵雪松
杨斌
黄奇峰
王忠东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Jiangsu Electric Power Co ltd Marketing Service Center
Wuhan Energy Efficiency Evaluation Co Ltd Of State Grid Electric Power Research Institute
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
State Grid Electric Power Research Institute
Original Assignee
State Grid Jiangsu Electric Power Co ltd Marketing Service Center
Wuhan Energy Efficiency Evaluation Co Ltd Of State Grid Electric Power Research Institute
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
State Grid Electric Power Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Jiangsu Electric Power Co ltd Marketing Service Center, Wuhan Energy Efficiency Evaluation Co Ltd Of State Grid Electric Power Research Institute, State Grid Corp of China SGCC, State Grid Jiangsu Electric Power Co Ltd, State Grid Electric Power Research Institute filed Critical State Grid Jiangsu Electric Power Co ltd Marketing Service Center
Priority to CN202011293850.7A priority Critical patent/CN112398861B/en
Publication of CN112398861A publication Critical patent/CN112398861A/en
Application granted granted Critical
Publication of CN112398861B publication Critical patent/CN112398861B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a quick encryption system for sensitive data in a web configuration system, wherein a safety login module completes user access authentication and blacklist filtering of the encryption system, an SQL injection attack identification and sensitive data screening module performs SQL injection attack identification on an SQL sentence to be executed and adds a user account number corresponding to the SQL injection attack identification and sensitive data screening module into a user blacklist, the SQL injection attack identification and sensitive data screening module also performs sensitive data screening on the SQL sentence to be executed by utilizing a typical field in the SQL sentence, and an ECC data encryption module encrypts the screened sensitive SQL data by utilizing an elliptic curve password code. The invention can realize the rapid data encryption of the Web system and improve the system performance.

Description

web组态化系统中敏感数据的加密系统及方法Encryption system and method for sensitive data in web configuration system

技术领域technical field

本发明涉及智能电网技术领域,具体地指一种web组态化系统中敏感数据的加密系统及方法。The invention relates to the technical field of smart grids, in particular to a system and method for encrypting sensitive data in a web configuration system.

背景技术Background technique

智能电网中客户侧用能控制系统作为连接客户和智慧能源服务平台的纽带,是支撑客户侧泛在电力物联网的重要手段,也是落实需求响应及能效提升等各类综合能源业务的执行单元。客户侧用能控制系统应用场景种类繁多,对数据采集监控、需求响应等共性需求认识不足,开发成本高,可移植和复用性差。利用基于WEB的组态化的开发平台体系和应用环境为用户提供基于组态化开发引擎框架的用能控制系统搭建的标准化流程及应用模式,解决当前模式下用能控制系统开发效率较低、建设成本较高的问题,支撑电力系统客户侧用能控制系统快速部署、高效落地实施。The customer-side energy consumption control system in the smart grid serves as the link between the customer and the smart energy service platform. It is an important means to support the ubiquitous power Internet of Things on the customer side, and is also the execution unit of various comprehensive energy services such as demand response and energy efficiency improvement. The client-side energy control system has a wide variety of application scenarios, lack of understanding of common requirements such as data collection and monitoring, demand response, high development costs, and poor portability and reusability. The WEB-based configurable development platform system and application environment are used to provide users with a standardized process and application model for the construction of an energy control system based on a configurable development engine framework, so as to solve the problem that the development efficiency of the energy control system in the current mode is low, The problem of high construction cost supports the rapid deployment and efficient implementation of the energy consumption control system on the client side of the power system.

这种基于WEB的组态系统,业务功能完全模块组件化,利用可靠的服务云平台,根据具体应用场景及需求,通过组件之间的相互组合可以任意拼凑出一个满足用户需求的客户侧用能控制系统,以WEB的形式展现给用户。智能电网中用能控制系统承载着大量的敏感数据,然而基于WEB的应用程序在客户端通常对用户输入数据的合法性判断过滤不严,导致攻击者可以在原有查询语句中加入额外的SQL(结构化查询语言,Structured QueryLanguage)语句以实现非法操作,欺骗数据库服务器执行非授权的查询等操作。为了防止数据库中的敏感数据被窃取、篡改、删除,需要设计一种用于Web系统的敏感数据加密方法。This WEB-based configuration system has completely modularized business functions, using a reliable service cloud platform, according to specific application scenarios and requirements, through the mutual combination of components, a client-side energy consumption that meets user needs can be assembled arbitrarily. The control system is presented to the user in the form of WEB. The energy control system in the smart grid carries a large amount of sensitive data. However, WEB-based applications usually do not strictly filter the validity of user input data on the client side, so that attackers can add additional SQL ( Structured query language (Structured QueryLanguage) statement to achieve illegal operations, deceive the database server to perform unauthorized queries and other operations. In order to prevent the sensitive data in the database from being stolen, tampered and deleted, a sensitive data encryption method for Web system needs to be designed.

发明内容SUMMARY OF THE INVENTION

本发明的目的就是要提供一种web组态化系统中敏感数据的加密系统及方法,本发明能实现Web系统的数据快速加密,提高系统性能。The purpose of the present invention is to provide a system and method for encrypting sensitive data in a web configuration system, and the present invention can realize fast data encryption of the web system and improve system performance.

为实现此目的,本发明所设计的web组态化系统中敏感数据的加密系统,其特征在于:它包括安全登录模块、SQL注入攻击识别和敏感数据筛选模块、ECC数据加密模块;In order to realize this purpose, the encryption system of sensitive data in the web configuration system designed by the present invention is characterized in that: it comprises a security login module, a SQL injection attack identification and a sensitive data screening module, and an ECC data encryption module;

所述安全登录模块用于完成加密系统的用户接入认证和黑名单过滤,并将通过接入认证和黑名单过滤的用户输送的待执行的SQL语句输送到SQL注入攻击识别和敏感数据筛选模块;The secure login module is used to complete the user access authentication and blacklist filtering of the encryption system, and transmits the SQL statement to be executed transmitted by the user through the access authentication and blacklist filtering to the SQL injection attack identification and sensitive data screening module ;

所述SQL注入攻击识别和敏感数据筛选模块用于对待执行的SQL语句进行SQL注入攻击识别,并将识别到SQL注入攻击对应的用户账号加入用户黑名单,SQL注入攻击识别和敏感数据筛选模块还利用SQL语句中的典型字段对待执行的SQL语句进行敏感数据筛选,ECC数据加密模块用于对筛选出的敏感SQL数据利用椭圆曲线密码编码进行加密。The SQL injection attack identification and sensitive data screening module is used to identify the SQL statement to be executed for SQL injection attack, and add the user account corresponding to the identified SQL injection attack to the user blacklist, and the SQL injection attack identification and sensitive data screening module also Use typical fields in the SQL statement to filter sensitive data of the SQL statement to be executed, and the ECC data encryption module is used to encrypt the filtered sensitive SQL data using elliptic curve cipher coding.

本发明的有益效果为:The beneficial effects of the present invention are:

本发明对传输数据进行识别,对非敏感数据仅进行入侵检测以识别恶意攻击者,减少服务器加解密操作次数;同时,利用轻量化改进的ECC加密算法对敏感数据进行加密,保证了敏感数据的安全,减少加解密操作耗时;从而实现Web系统的数据快速加密,提高系统性能。The invention identifies the transmission data, only performs intrusion detection on the non-sensitive data to identify malicious attackers, and reduces the number of server encryption and decryption operations; at the same time, the sensitive data is encrypted by using a lightweight and improved ECC encryption algorithm to ensure the sensitive data. Security, reducing the time-consuming of encryption and decryption operations; thus realizing fast encryption of data in the Web system and improving system performance.

附图说明Description of drawings

图1为本发明的结构示意图;Fig. 1 is the structural representation of the present invention;

图2是Web组态软件敏感数据加密方法的流程图;Fig. 2 is the flow chart of the sensitive data encryption method of Web configuration software;

图3是用户接入认证流程图;3 is a flowchart of user access authentication;

图4是SQL注入攻击识别策略框架;Figure 4 is the SQL injection attack identification strategy framework;

图5是SQL注入攻击识别策略流程图;Figure 5 is a flowchart of SQL injection attack identification strategy;

图6是敏感数据筛选策略流程图;Figure 6 is a flowchart of a sensitive data screening strategy;

图7是改进的ECC加密算法流程图。Figure 7 is a flowchart of the improved ECC encryption algorithm.

其中,1—安全登录模块、2—SQL注入攻击识别和敏感数据筛选模块、3—ECC数据加密模块。Among them, 1-secure login module, 2-SQL injection attack identification and sensitive data screening module, 3-ECC data encryption module.

具体实施方式Detailed ways

以下结合附图和具体实施例对本发明作进一步的详细说明:The present invention will be described in further detail below in conjunction with the accompanying drawings and specific embodiments:

本发明所设计的web组态化系统中敏感数据的加密系统,如图1所示,它包括安全登录模块1、SQL注入攻击识别和敏感数据筛选模块2、ECC数据加密模块3,所述安全登录模块1用于完成加密系统的用户接入认证和黑名单过滤,并将通过接入认证和黑名单过滤的用户输送的待执行的SQL语句输送到SQL注入攻击识别和敏感数据筛选模块2,所述SQL注入攻击识别和敏感数据筛选模块2用于对待执行的SQL语句进行SQL注入攻击识别,并将识别到SQL注入攻击对应的用户账号加入用户黑名单,SQL注入攻击识别和敏感数据筛选模块2还利用SQL语句中的典型字段对待执行的SQL语句进行敏感数据筛选,ECC数据加密模块3用于对筛选出的敏感SQL数据利用椭圆曲线密码编码(ECC,Elliptic Curves Cryptography)进行加密。The encryption system for sensitive data in the web configuration system designed by the present invention, as shown in Figure 1, includes a secure login module 1, a SQL injection attack identification and sensitive data screening module 2, and an ECC data encryption module 3. The security The login module 1 is used to complete the user access authentication and blacklist filtering of the encryption system, and transmit the to-be-executed SQL statements transmitted by the users who have passed the access authentication and blacklist filtering to the SQL injection attack identification and sensitive data filtering module 2, The described SQL injection attack identification and sensitive data screening module 2 is used for SQL injection attack identification to be performed on the SQL statement to be executed, and the user account corresponding to the identified SQL injection attack is added to the user blacklist, and the SQL injection attack identification and sensitive data screening module 2. It also uses typical fields in the SQL statement to filter sensitive data of the SQL statement to be executed, and the ECC data encryption module 3 is used to encrypt the filtered sensitive SQL data using Elliptic Curves Cryptography (ECC, Elliptic Curves Cryptography).

上述技术方案中,所述安全登录模块1完成加密系统的用户接入认证和黑名单过滤的具体方法为:In the above technical solution, the specific method for the secure login module 1 to complete the user access authentication and blacklist filtering of the encryption system is:

利用预留手机号从安全登录模块1中获得验证码,通过验证码进行加密系统的用户接入认证,安全登录模块1利用用户黑名单对用户账号及IP进行过滤。The verification code is obtained from the secure login module 1 by using the reserved mobile phone number, and the user access authentication of the encryption system is performed through the verification code. The secure login module 1 uses the user blacklist to filter the user account and IP.

上述技术方案中,所述SQL注入攻击识别和敏感数据筛选模块2用于对待执行的SQL语句进行SQL注入攻击识别的具体方法为:In the above-mentioned technical scheme, the concrete method that described SQL injection attack identification and sensitive data screening module 2 is used to carry out SQL injection attack identification to the SQL statement to be executed is:

SQL注入攻击识别和敏感数据筛选模块2将待执行的SQL语句标准化处理:首先将带有编码或干扰字符的待执行SQL语句转变为正常语句或相对应的字符串;将转变为正常语句或相对应字符串的待执行SQL语句分类,厘清待执行SQL语句的操作类型以及其使用的数据库表名;裁剪待执行SQL语句,删除掉待执行SQL语句中用户输入的字符串;将删除了用户输入的字符串的待执行SQL语句与SQL语句模板库中的语句进行相似度计算,其中SQL语句模版库中是经典SQL语句格式,若相似度大于预设相似度阈值则将待执行的SQL语句传输给服务器执行,否则,向该用户预留手机发送告警短信,并将其帐号和IP地址加入黑名单(将非法语句来源地址计入黑名单)。The SQL injection attack identification and sensitive data screening module 2 standardizes the SQL statements to be executed: first, the to-be-executed SQL statements with encoding or interference characters are converted into normal statements or corresponding strings; Classify the SQL statement to be executed corresponding to the string, clarify the operation type of the SQL statement to be executed and the database table name used; trim the SQL statement to be executed, delete the string entered by the user in the SQL statement to be executed; delete the user input The similarity between the SQL statement to be executed and the statement in the SQL statement template library is calculated. The SQL statement template library is in the classic SQL statement format. If the similarity is greater than the preset similarity threshold, the SQL statement to be executed will be transmitted. Execute to the server, otherwise, send an alarm message to the user's reserved mobile phone, and add his account and IP address to the blacklist (the source address of the illegal sentence is included in the blacklist).

上述技术方案中,所述SQL注入攻击识别和敏感数据筛选模块2利用SQL语句中的典型字段对待执行的SQL语句进行敏感数据筛选的具体方法为:In the above-mentioned technical scheme, the SQL injection attack identification and sensitive data screening module 2 utilizes typical fields in the SQL statement to perform sensitive data screening of the SQL statement to be executed. The specific method is:

根据服务器的数据库表中包含敏感数据的字段建立敏感数据数据集,例如,存储账号密码、证件号、交易、电话号码等信息的字段名称,扫描待执行SQL语句,若包含敏感数据集中的字段名称则需要对该SQL语句进行加密处理,否则直接发送给服务器执行。Create a sensitive data dataset based on the fields containing sensitive data in the database table of the server, for example, the field names that store account password, certificate number, transaction, phone number and other information, scan the SQL statement to be executed, if the field name in the sensitive dataset is included The SQL statement needs to be encrypted, otherwise it is directly sent to the server for execution.

上述技术方案中,ECC数据加密模块3对筛选出的敏感SQL数据利用椭圆曲线密码编码进行加密的具体方法为:In the above technical solution, the specific method for encrypting the screened sensitive SQL data by the ECC data encryption module 3 using elliptic curve cipher coding is:

随机生成一个椭圆曲线E并选择椭圆上的一个点作为基点G,选择一个私密钥k,生成公密钥K=kG,产生随机数r,利用椭圆曲线明文嵌入算法将明文m编码到该椭圆曲线E上的点M,即计算椭圆曲线上点M的坐标;Randomly generate an elliptic curve E and select a point on the ellipse as the base point G, select a private key k, generate a public key K=kG, generate a random number r, and use the elliptic curve plaintext embedding algorithm to encode the plaintext m into the ellipse Point M on the curve E, that is to calculate the coordinates of the point M on the elliptic curve;

将随机数r通过双基链表示法展开,控制基链数即展开式中非零元素的个数,使得后续标量乘计算中点加和点倍运算次数大幅降低,利用ECC数据加密模块3中的随机数划分方法,估算最优基链数,计算随机整数r与公密钥K的标量乘,以及随机整数r与基点G的标量乘,并利用随机整数r与公密钥K的标量乘,以及随机整数r与基点G的标量乘计算得到对应的密文C1和密文C2Expand the random number r through the double-base chain representation, and control the number of base chains, that is, the number of non-zero elements in the expansion, so that the number of operations of point addition and point multiplication in the subsequent scalar multiplication calculation is greatly reduced. The random number division method of , estimates the optimal number of base chains, calculates the scalar multiplication of the random integer r and the public key K, and the scalar multiplication of the random integer r and the base point G, and uses the scalar multiplication of the random integer r and the public key K , and the scalar multiplication of the random integer r and the base point G to obtain the corresponding ciphertext C 1 and ciphertext C 2 .

上述技术方案中,对随机数r进行NAF(non adjacent form)编码,rn表示随机数r经过NAF编码后的整数,st为第t项的前导系数(展开的基数链的系数项);In the above technical solution, NAF (non-adjacent form) encoding is performed on the random number r, where r n represents the integer of the random number r after NAF encoding, and s t is the leading coefficient of the t-th item (the coefficient item of the expanded radix chain);

Figure BDA0002784779150000051
Figure BDA0002784779150000051

其中,n表示随机数r经过NAF编码后的n位整数;Among them, n represents the n-bit integer of the random number r after NAF encoding;

设置预计算规模限制权重以限制后续计算的计算量,即点加和点倍运算次数ψ,其计算公式如下:The pre-calculation scale limit weight is set to limit the calculation amount of the subsequent calculation, that is, the number of point addition and point multiplication operations ψ, and the calculation formula is as follows:

Figure BDA0002784779150000052
Figure BDA0002784779150000052

其中,r为随机整数,EB为基底{2,3,5,7},

Figure BDA0002784779150000053
表示对基底求平均数并向下求整;Among them, r is a random integer, EB is the base {2,3,5,7},
Figure BDA0002784779150000053
Indicates that the base is averaged and rounded down;

根据预计算规模限制权重将NAF编码后长度为n的整数rn划分,即随机数r的展开式,以便降低后续标量乘计算的计算量;Divide the NAF-encoded integer r n of length n according to the pre-computed scale limit weight, that is, the expansion of the random number r, in order to reduce the computation amount of subsequent scalar multiplication;

Figure BDA0002784779150000054
Figure BDA0002784779150000054

Figure BDA0002784779150000055
Figure BDA0002784779150000055

其中,

Figure BDA0002784779150000056
表示经过划分后rn的展开式第t项,
Figure BDA0002784779150000057
表示经过划分后rn的展开式第
Figure BDA0002784779150000058
项;in,
Figure BDA0002784779150000056
represents the t- th term of the expansion of rn after division,
Figure BDA0002784779150000057
represents the expansion of rn after division
Figure BDA0002784779150000058
item;

基数链(基链表示法展开,控制基链数即展开式中非零元素的个数)最大长度为The maximum length of the base chain (the base chain notation is expanded, and the number of control base chains is the number of non-zero elements in the expansion) is

Figure BDA0002784779150000059
Figure BDA0002784779150000059

对于

Figure BDA00027847791500000510
的最优多基数链为for
Figure BDA00027847791500000510
The optimal multi-cardinality chain of is

Figure BDA00027847791500000511
Figure BDA00027847791500000511

其中,Π为累乘符号,γ为基底EB对应的指数系数,si为第i项的前导系数,eb属于基底EB的集合;Wherein, Π is the cumulative multiplication symbol, γ is the exponential coefficient corresponding to the base EB, si is the leading coefficient of the i -th item, and eb belongs to the set of the base EB;

计算随机整数r与公密钥K的标量乘,以及随机整数r与基点G的标量乘;Calculate the scalar multiplication of the random integer r and the public key K, and the scalar multiplication of the random integer r and the base point G;

Figure BDA0002784779150000061
Figure BDA0002784779150000061

Figure BDA0002784779150000062
Figure BDA0002784779150000062

其中,d表示基数链个数,

Figure BDA0002784779150000063
表示经过划分后的rn的展开式第t项;Among them, d represents the number of cardinality chains,
Figure BDA0002784779150000063
represents the t- th term of the expansion of rn after division;

计算密文C1和C2Calculate the ciphertexts C 1 and C 2 ;

C1=M十rKC 1 =M+rK

C2=rG。C 2 =rG.

一种web组态化系统中敏感数据的加密方法,如图2所示,它包括如下步骤:An encryption method for sensitive data in a web configuration system, as shown in Figure 2, includes the following steps:

步骤1:安全登录模块1完成加密系统的用户接入认证和黑名单过滤,并将通过接入认证和黑名单过滤的用户输送的待执行的SQL语句输送到SQL注入攻击识别和敏感数据筛选模块2;Step 1: The secure login module 1 completes the user access authentication and blacklist filtering of the encryption system, and transmits the SQL statements to be executed sent by the users who have passed the access authentication and blacklist filtering to the SQL injection attack identification and sensitive data filtering module 2;

步骤2:所述SQL注入攻击识别和敏感数据筛选模块2对待执行的SQL语句进行SQL注入攻击识别,并将识别到SQL注入攻击对应的用户账号加入用户黑名单,SQL注入攻击识别和敏感数据筛选模块2还利用SQL语句中的典型字段对待执行的SQL语句进行敏感数据筛选;Step 2: The SQL injection attack identification and sensitive data screening module 2 performs SQL injection attack identification on the SQL statement to be executed, and adds the user account corresponding to the identified SQL injection attack to the user blacklist, SQL injection attack identification and sensitive data screening Module 2 also utilizes typical fields in the SQL statement to filter sensitive data of the SQL statement to be executed;

ECC数据加密模块3对筛选出的敏感SQL数据利用椭圆曲线密码编码进行加密。The ECC data encryption module 3 encrypts the filtered sensitive SQL data by using elliptic curve cipher coding.

上述技术方案的步骤1中,安全登录模块1完成加密系统的用户接入认证和黑名单过滤的具体方法为:In step 1 of the above technical solution, the specific method for the secure login module 1 to complete the user access authentication and blacklist filtering of the encryption system is as follows:

利用预留手机号从安全登录模块1中获得验证码,通过验证码进行加密系统的用户接入认证,安全登录模块1利用用户黑名单对用户账号及IP进行过滤。The verification code is obtained from the secure login module 1 by using the reserved mobile phone number, and the user access authentication of the encryption system is performed through the verification code. The secure login module 1 uses the user blacklist to filter the user account and IP.

考虑到智能电网中客户侧用能控制系统相对固定的应用场景,利用预留手机号完成登录操作。完整的用户接入认证流程如图3所示,用户输入预留手机号向服务器发送登录请求,服务器根据手机号码、用户权限映射表查询该号码是否具有访问权限,然后通过移动运营商向用户发送登录验证码,用户的登入需要三个信息,包括帐号、密码及验证码。验证用户IP地址是否在黑名单中,拒绝使用黑名单中IP地址的用户登入。用户登入后,服务器查询历史登录信息,若用户IP地址发生变动,向用户发送告警信息。Considering the relatively fixed application scenario of the customer-side energy control system in the smart grid, the reserved mobile phone number is used to complete the login operation. The complete user access authentication process is shown in Figure 3. The user enters the reserved mobile phone number and sends a login request to the server. The server queries whether the number has access rights according to the mobile phone number and the user rights mapping table, and then sends a message to the user through the mobile operator. Login verification code, the user needs three pieces of information to log in, including account number, password and verification code. Verify whether the user's IP address is in the blacklist, and deny users who use the IP address in the blacklist to log in. After the user logs in, the server queries the historical login information, and if the user's IP address changes, it sends an alarm message to the user.

上述技术方案的步骤2中,所述SQL注入攻击识别和敏感数据筛选模块2对待执行的SQL语句进行SQL注入攻击识别的具体方法为:In step 2 of the above technical solution, the specific method for identifying the SQL injection attack on the SQL statement to be executed by the SQL injection attack identification and sensitive data screening module 2 is:

SQL注入攻击识别和敏感数据筛选模块2将待执行的SQL语句标准化处理,首先将带有编码或干扰字符的待执行SQL语句转变为正常语句或相对应的字符串(即将带转义字符的SQL语句转换为标准SQL语句);然后,将转变为正常语句或相对应字符串的待执行SQL语句分类,厘清待执行SQL语句的操作类型以及其使用的数据库表名;裁剪待执行SQL语句,删除掉待执行SQL语句中用户输入的字符串;将删除了用户输入字符串的待执行SQL语句与SQL语句模板库中的语句进行相似度计算,若相似度大于预设相似度阈值则将待执行的SQL语句传输给服务器执行,否则,向该用户预留手机发送告警短信并将其帐号和IP地址加入黑名单。The SQL injection attack identification and sensitive data screening module 2 standardizes the SQL statements to be executed, and first converts the SQL statements to be executed with encoding or interference characters into normal statements or corresponding strings (that is, SQL statements with escape characters). The statement is converted into a standard SQL statement); then, classify the SQL statement to be executed that is converted into a normal statement or a corresponding string, clarify the operation type of the SQL statement to be executed and the database table name used by it; cut the SQL statement to be executed, delete Remove the string entered by the user in the SQL statement to be executed; the similarity calculation is performed between the SQL statement to be executed after the string input by the user is deleted and the statement in the SQL statement template library. If the similarity is greater than the preset similarity threshold, it will be executed. The SQL statement is transmitted to the server for execution, otherwise, an alarm message is sent to the user's reserved mobile phone and the account and IP address are added to the blacklist.

所述SQL注入攻击识别和敏感数据筛选模块2利用SQL语句中的典型字段对待执行的SQL语句进行敏感数据筛选的具体方法为:The SQL injection attack identification and sensitive data screening module 2 utilizes typical fields in the SQL statement to perform sensitive data screening of the SQL statement to be executed The specific method is:

根据服务器的数据库表中包含敏感数据的字段建立敏感数据数据集,扫描待执行SQL语句,若包含敏感数据集中的字段名称则需要对该SQL语句进行加密处理,否则直接发送给服务器执行。Create a sensitive data dataset based on the fields containing sensitive data in the database table of the server, scan the SQL statement to be executed, and encrypt the SQL statement if it contains the field name in the sensitive data set, otherwise it is directly sent to the server for execution.

如图4所示,SQL注入攻击识别分为两个部分,即SQL语句标准化模块和基于SQL语句相似度的注入攻击识别模块。SQL注入攻击识别策略流程如图5所示,首先将带有编码或干扰字符的SQL语句转变为正常语句或相对应的字符串;然后,将SQL语句分类,厘清其操作类型以及其使用的数据库表名;裁剪SQL语句,删除掉SQL语句中用户输入的字符串;将标准化的SQL语句与SQL语句模板库中的语句进行相似度计算,其中SQL模板库存储的是经典SQL语句格式。相似度的计算公式如下:As shown in Figure 4, the SQL injection attack identification is divided into two parts, namely the SQL statement standardization module and the injection attack identification module based on the similarity of SQL statements. The process of SQL injection attack identification strategy is shown in Figure 5. First, convert SQL statements with encoding or interference characters into normal statements or corresponding strings; then, classify SQL statements to clarify their operation types and the database they use Table name; trim the SQL statement and delete the strings entered by the user in the SQL statement; calculate the similarity between the standardized SQL statement and the statement in the SQL statement template library, where the SQL template library stores the classic SQL statement format. The formula for calculating similarity is as follows:

η=∑op·tn,op,tn=(0,1)η=∑op·tn, op, tn=(0, 1)

其中,待执行SQL语句与模板库中当前语句进行匹配,若待操作表为非敏感数据表tn为1,执行动作相同则op为1,反之则为0。Among them, the SQL statement to be executed is matched with the current statement in the template library. If the table to be operated is a non-sensitive data table, tn is 1, and the execution action is the same, then op is 1, otherwise, it is 0.

若相似度大于阈值,将该SQL语句传输给服务器执行,否则向该用户预留手机发送告警短信并将其帐号和IP地址加入黑名单。If the similarity is greater than the threshold, the SQL statement is transmitted to the server for execution; otherwise, an alarm message is sent to the user's reserved mobile phone and the account and IP address are added to the blacklist.

如图6所示,敏感数据筛选策略流程图步骤如下:先根据服务器中的数据库表中包含敏感数据的字段建立敏感数据数据集,例如,存储账号密码、证件号、交易、电话号码等信息的字段名称。扫描待执行SQL语句,若包含敏感数据集中的字段名称则需要对该SQL语句进行加密处理,否则直接发送给服务器执行。As shown in Figure 6, the steps of the sensitive data screening strategy flow chart are as follows: First, create a sensitive data dataset according to the fields containing sensitive data in the database table in the server, for example, store account password, certificate number, transaction, phone number and other information. Field Name. Scan the SQL statement to be executed. If it contains the field name in the sensitive data set, the SQL statement needs to be encrypted. Otherwise, it is directly sent to the server for execution.

上述技术方案的步骤3中,ECC数据加密模块3对筛选出的敏感SQL数据利用椭圆曲线密码编码进行加密的具体方法为,如图7所示:In step 3 of the above technical solution, the specific method that the ECC data encryption module 3 uses elliptic curve cipher coding to encrypt the screened sensitive SQL data is, as shown in Figure 7:

随机生成一个椭圆曲线E并选择椭圆上的一个点作为基点G,选择一个私密钥k,生成公密钥K=kG,产生随机数r,利用椭圆曲线明文嵌入算法将明文m编码到该椭圆曲线E上的点M,即计算椭圆曲线上点M的坐标;Randomly generate an elliptic curve E and select a point on the ellipse as the base point G, select a private key k, generate a public key K=kG, generate a random number r, and use the elliptic curve plaintext embedding algorithm to encode the plaintext m into the ellipse Point M on the curve E, that is to calculate the coordinates of the point M on the elliptic curve;

将随机数r通过双基链表示法展开,控制基链数即展开式中非零元素的个数,利用ECC数据加密模块3中的随机数划分方法,估算最优基链数,计算随机整数r与公密钥K的标量乘,以及随机整数r与基点G的标量乘,并利用随机整数r与公密钥K的标量乘,以及随机整数r与基点G的标量乘计算得到对应的密文C1和密文C2Expand the random number r through the double base chain representation, control the base chain number, that is, the number of non-zero elements in the expansion formula, use the random number division method in the ECC data encryption module 3, estimate the optimal base chain number, and calculate the random integer The scalar multiplication of r and the public key K, and the scalar multiplication of the random integer r and the base point G, and the scalar multiplication of the random integer r and the public key K, and the scalar multiplication of the random integer r and the base point G are used to obtain the corresponding encryption. Text C 1 and cipher text C 2 .

本说明书未作详细描述的内容属于本领域专业技术人员公知的现有技术。The content not described in detail in this specification belongs to the prior art known to those skilled in the art.

本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by those skilled in the art, the embodiments of the present application may be provided as a method, a system, or a computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the present application. It will be understood that each process and/or block in the flowchart illustrations and/or block diagrams, and combinations of processes and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.

最后应当说明的是:以上实施例仅用以说明本发明的技术方案而非对其限制,尽管参照上述实施例对本发明进行了详细的说明,所属领域的普通技术人员应当理解:依然可以对本发明的具体实施方式进行修改或者等同替换,而未脱离本发明精神和范围的任何修改或者等同替换,其均应涵盖在本发明的权利要求保护范围之内。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit them. Although the present invention has been described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: the present invention can still be Modifications or equivalent replacements are made to the specific embodiments of the present invention, and any modifications or equivalent replacements that do not depart from the spirit and scope of the present invention shall be included within the protection scope of the claims of the present invention.

Claims (8)

1. An encryption system for sensitive data in a web-configured system, comprising: the system comprises a security login module (1), an SQL injection attack recognition and sensitive data screening module (2) and an ECC data encryption module (3);
the security login module (1) is used for completing user access authentication and blacklist filtering of an encryption system, and transmitting SQL sentences to be executed, which are transmitted by users through the access authentication and the blacklist filtering, to the SQL injection attack identification and sensitive data screening module (2);
the SQL injection attack identification and sensitive data screening module (2) is used for carrying out SQL injection attack identification on an SQL sentence to be executed and adding a user account number corresponding to the identified SQL injection attack into a user blacklist, the SQL injection attack identification and sensitive data screening module (2) also carries out sensitive data screening on the SQL sentence to be executed by utilizing a typical field in the SQL sentence, and the ECC data encryption module (3) is used for encrypting the screened sensitive SQL data by utilizing elliptic curve password coding;
the specific method for the SQL injection attack recognition and sensitive data screening module (2) to perform the SQL injection attack recognition on the SQL statement to be executed is as follows:
the SQL injection attack recognition and sensitive data screening module (2) standardizes SQL sentences to be executed: converting the SQL sentence to be executed with the coding or interference characters into a normal sentence or a corresponding character string; classifying the SQL sentences to be executed which are converted into normal sentences or corresponding character strings, and clarifying the operation types of the SQL sentences to be executed and the database table names used by the SQL sentences; cutting the SQL sentence to be executed, and deleting the character string input by the user in the SQL sentence to be executed; similarity calculation is carried out on the SQL sentences to be executed with the character strings input by the user and the sentences in the SQL sentence template library, if the similarity is larger than a preset similarity threshold, the SQL sentences to be executed are transmitted to a server to be executed, and if not, the source addresses of the illegal SQL sentences are counted into a blacklist;
the specific method for the ECC data encryption module (3) to encrypt the screened sensitive SQL data by utilizing elliptic curve cryptography coding comprises the following steps:
randomly generating an elliptic curve E, selecting a point on an ellipse as a base point G, selecting a private key K, generating a public key K = kG, generating a random number r, and encoding a plaintext M to a point M on the elliptic curve E by using an elliptic curve plaintext embedding algorithm, namely calculating the coordinate of the point M on the elliptic curve;
the random number r is expanded by a representation of a double-base chain,controlling the base chain number, namely the number of nonzero elements in the expansion, estimating the optimal base chain number by using a random number division method in an ECC data encryption module (3), calculating the scalar multiplication of a random integer r and a public key K and the scalar multiplication of the random integer r and a base point G, and obtaining a corresponding ciphertext C by using the scalar multiplication of the random integer r and the public key K and the scalar multiplication of the random integer r and the base point G 1 And ciphertext C 2
2. The system for encrypting sensitive data in a web-configured system as claimed in claim 1, wherein: the specific method for the secure login module (1) to complete user access authentication and blacklist filtering of the encryption system is as follows:
and obtaining a verification code from the security login module (1) by using the reserved mobile phone number, performing user access authentication of the encryption system through the verification code, and filtering a user account and an IP (Internet protocol) by using a user blacklist through the security login module (1).
3. The system for encrypting sensitive data in a web-configured system as claimed in claim 1, wherein: the specific method for screening the sensitive data of the SQL sentence to be executed by the SQL injection attack identification and sensitive data screening module (2) by using the typical field in the SQL sentence is as follows:
and establishing a sensitive data set according to fields containing sensitive data in a database table of the server, scanning the SQL sentence to be executed, if the field name in the sensitive data set is contained, encrypting the SQL sentence, otherwise, directly sending the SQL sentence to the server for execution.
4. The system of claim 3, wherein the encryption system for sensitive data in a web configuration system comprises:
NAF encoding the random number r, r n Denotes the integer of the random number r after NAF coding, s t Leading coefficient of t-th item;
Figure FDA0003763081650000021
wherein n represents an n-bit integer of the random number r after NAF coding; the predicted calculation scale restriction weight ψ is set, which is calculated as follows:
Figure FDA0003763081650000031
wherein r is a random integer, EB is a substrate {2,3,5,7},
Figure FDA0003763081650000032
means to average and round down the basis;
encoding NAF according to pre-calculated scale limiting weight to obtain integer r with length n n Dividing;
Figure FDA0003763081650000033
Figure FDA0003763081650000034
wherein,
Figure FDA0003763081650000035
represents r after division n The term "t" of the expansion of (1),
Figure FDA0003763081650000036
represents r after division n Is of an expanded type
Figure FDA0003763081650000037
An item;
maximum length of radix chain
Figure FDA0003763081650000038
For the
Figure FDA0003763081650000039
Is the optimal multi-radix chain of
Figure FDA00037630816500000310
Wherein pi is a multiplication sign, gamma is an exponential coefficient corresponding to the substrate EB, and s i EB belongs to the set of the base EB for the leading coefficient of the ith item;
calculating a scalar multiplication of the random integer r and the public key K and a scalar multiplication of the random integer r and the base point G;
Figure FDA00037630816500000311
Figure FDA0003763081650000041
wherein d represents the number of radix chains,
Figure FDA0003763081650000042
represents the divided r n Item t of the expansion;
computing a ciphertext C 1 And C 2
C 1 =M+rK
C 2 =rG。
5. A method for encrypting sensitive data in a web configuration system according to claim 1, comprising the steps of:
step 1: the security login module (1) completes user access authentication and blacklist filtering of an encryption system, and transmits SQL sentences to be executed, which are transmitted by a user through the access authentication and the blacklist filtering, to the SQL injection attack identification and sensitive data screening module (2);
and 2, step: the SQL injection attack recognition and sensitive data screening module (2) performs SQL injection attack recognition on an SQL sentence to be executed, adds a user account number corresponding to the identified SQL injection attack into a user blacklist, and the SQL injection attack recognition and sensitive data screening module (2) also performs sensitive data screening on the SQL sentence to be executed by utilizing a typical field in the SQL sentence;
and 3, step 3: and the ECC data encryption module (3) encrypts the screened sensitive SQL data by using elliptic curve cryptography.
6. The method of claim 5, wherein the sensitive data is encrypted according to the following steps: in the step 1, the specific method for the secure login module (1) to complete the user access authentication and the blacklist filtering of the encryption system is as follows:
and obtaining a verification code from the security login module (1) by using the reserved mobile phone number, performing user access authentication of the encryption system through the verification code, and filtering a user account and an IP (Internet protocol) by using a user blacklist through the security login module (1).
7. The method of claim 5, wherein the sensitive data is encrypted according to a key value selected from the group consisting of: in the step 2, the specific method for the SQL injection attack recognition and sensitive data screening module (2) to perform the SQL injection attack recognition on the SQL statement to be executed is as follows:
the SQL injection attack recognition and sensitive data screening module (2) standardizes the SQL sentences to be executed, and firstly converts the SQL sentences to be executed with coding or interference characters into normal sentences or corresponding character strings; then, classifying the SQL sentences to be executed which are converted into normal sentences or corresponding character strings, and clarifying the operation types of the SQL sentences to be executed and the database table names used by the SQL sentences; cutting the SQL sentence to be executed, and deleting the character string input by the user in the SQL sentence to be executed; similarity calculation is carried out on the SQL sentences to be executed with the user input character strings deleted and the sentences in the SQL sentence template library, if the similarity is larger than a preset similarity threshold value, the SQL sentences to be executed are transmitted to a server to be executed, and otherwise, the source addresses of the illegal SQL sentences are included in a blacklist;
the SQL injection attack recognition and sensitive data screening module (2) utilizes typical fields in SQL sentences to screen the sensitive data of the SQL sentences to be executed, and the specific method comprises the following steps:
and establishing a sensitive data set according to fields containing sensitive data in a database table of the server, scanning the SQL sentence to be executed, if the field name in the sensitive data set is contained, encrypting the SQL sentence, otherwise, directly sending the SQL sentence to the server for execution.
8. The method of claim 5, wherein the sensitive data is encrypted according to the following steps: in the step 3, the specific method for the ECC data encryption module (3) to encrypt the screened sensitive SQL data by using elliptic curve cryptography is as follows:
randomly generating an elliptic curve E, selecting a point on an ellipse as a base point G, selecting a private key K, generating a public key K = kG, generating a random number r, and encoding a plaintext M to a point M on the elliptic curve E by using an elliptic curve plaintext embedding algorithm, namely calculating the coordinate of the point M on the elliptic curve;
expanding a random number r by a double-base-chain representation method, controlling the base chain number, namely the number of nonzero elements in the expansion, estimating the optimal base chain number by using a random number division method in an ECC data encryption module (3), calculating scalar multiplication of a random integer r and a public key K, scalar multiplication of the random integer r and a base point G, and calculating to obtain a corresponding ciphertext C by using the scalar multiplication of the random integer r and the public key K and the scalar multiplication of the random integer r and the base point G 1 And ciphertext C 2
CN202011293850.7A 2020-11-18 2020-11-18 Encryption system and method for sensitive data in web configuration system Active CN112398861B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011293850.7A CN112398861B (en) 2020-11-18 2020-11-18 Encryption system and method for sensitive data in web configuration system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011293850.7A CN112398861B (en) 2020-11-18 2020-11-18 Encryption system and method for sensitive data in web configuration system

Publications (2)

Publication Number Publication Date
CN112398861A CN112398861A (en) 2021-02-23
CN112398861B true CN112398861B (en) 2022-10-14

Family

ID=74606640

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011293850.7A Active CN112398861B (en) 2020-11-18 2020-11-18 Encryption system and method for sensitive data in web configuration system

Country Status (1)

Country Link
CN (1) CN112398861B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113987511A (en) * 2021-10-28 2022-01-28 中国平安人寿保险股份有限公司 Method and device for detecting SQL injection vulnerability, computer equipment and storage medium
CN115103357B (en) * 2022-08-26 2022-11-25 汉仪科技(深圳)有限公司 5G communication encryption system based on FPGA

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104767757A (en) * 2015-04-17 2015-07-08 国家电网公司 Multi-dimensional security monitoring method and system based on WEB business

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105704146A (en) * 2016-03-18 2016-06-22 四川长虹电器股份有限公司 System and method for SQL injection prevention
US10574692B2 (en) * 2016-05-30 2020-02-25 Christopher Nathan Tyrwhitt Drake Mutual authentication security system with detection and mitigation of active man-in-the-middle browser attacks, phishing, and malware and other security improvements
CN109271798A (en) * 2018-09-13 2019-01-25 深圳萨摩耶互联网金融服务有限公司 Sensitive data processing method and system
US11741196B2 (en) * 2018-11-15 2023-08-29 The Research Foundation For The State University Of New York Detecting and preventing exploits of software vulnerability using instruction tags
CN110866281A (en) * 2019-11-20 2020-03-06 满江(上海)软件科技有限公司 Safety compliance processing system and method for sensitive data
CN111695152B (en) * 2020-05-26 2023-05-12 东南大学 A MySQL database protection method based on security agent

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104767757A (en) * 2015-04-17 2015-07-08 国家电网公司 Multi-dimensional security monitoring method and system based on WEB business

Also Published As

Publication number Publication date
CN112398861A (en) 2021-02-23

Similar Documents

Publication Publication Date Title
US10552631B2 (en) Efficient implementation for differential privacy using cryptographic functions
US11546348B2 (en) Data service system
CN108737115B (en) A privacy-preserving method for solving intersection of private attribute sets
US8341417B1 (en) Data storage using encoded hash message authentication code
CN108712259B (en) An efficient audit method for cloud storage based on identity-based proxy upload data
CN110674941B (en) Data encryption transmission method and system based on neural network
CN106817358A (en) The encryption and decryption method and equipment of a kind of user resources
CN113348455A (en) Apparatus and method for providing authentication, non-repudiation, managed access, and twin discrimination of data using data control signatures
CN112398861B (en) Encryption system and method for sensitive data in web configuration system
JP6738061B2 (en) Ciphertext verification system, method, and recording medium
CN117155549A (en) Key distribution method, key distribution device, computer equipment and storage medium
CN116032464A (en) A Property Data Encryption System Based on Quantum Communication
CN114448641A (en) A privacy encryption method, electronic device, storage medium and chip
CN104935783B (en) A kind of safe active distorted image detection method and device
Salvakkam et al. An improved lattice based certificateless data integrity verification techniques for cloud computing
CN110572392A (en) Identity authentication method based on HyperLegger network
CN113507367B (en) Online/offline integrity auditing method for outsourcing data in cloud environment
Joseph et al. Design a hybrid optimization and homomorphic encryption for securing data in a cloud environment
CN118890222B (en) A data exchange method, system, device and storage medium
Libed et al. Enhancing MD5 Collision Susceptibility
Sengupta et al. Editing-enabled signatures: A new tool for editing authenticated data
CN117395052B (en) Equipment data encryption method of pension system, storage medium and electronic equipment
Chaum et al. WOTSwana: A Generalized S leeve Construction for Multiple Proofs of Ownership
Adeniyi et al. Secure Sensitive Data Sharing Using RSA and ElGamal Cryptographic Algorithms with Hash Functions. Information 2022, 13, 442
Dharmadhikari et al. Augmented security scheme for shared dynamic data with efficient lightweight elliptic curve cryptography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant