Cipher text field retrieval scheme
1. Scenario requirements
In normal encryption mode, the entire content will be Being encrypted as a whole, the ciphertext no longer has the function of being fuzzy queried. Considering that some fields have fuzzy query requirements, our SDK can provide an advanced encryption mode, and the encrypted ciphertext can still support the fuzzy query function. Here we give a brief introduction to this model to help ISVs make choices when determining their solutions.
Under normal encryption, we must use full-text matching when retrieving the encrypted data in the database. For example, the name: "Zhang Dati" is encrypted in the ordinary way and becomes "DQ21aTz/oe9qT2Xje1tTcddQ". When querying the database, if you want to obtain records about "Zhang Dati", the corresponding filtering condition is to filter out the encrypted name as ""DQ21aTz/" oe9qT2Xje1tTcddQ" records. However, if we want to retrieve the records of people whose names contain "大铁", we could originally use database fuzzy query (such as SQL like statement) to obtain it. Now after encryption, we cannot meet such requirements.
Now, our encryption products try to meet this need to the greatest extent. We have an encryption mode that allows fuzzy queries, and still allows ISVs to perform fuzzy queries on records.
But there are certain costs for using this method:
• Supports fuzzy query encryption method, producing The ciphertext output is relatively long;
• The supported fuzzy query clause length must be greater than or equal to 4 English / numbers, or 2 Chinese characters . Queries that are too short are not supported (for security reasons );
• There may be redundant results in the returned result list, and you need to add filtering logic: decrypt the records first, and then filter;
This product allows you to set the encryption mode of each field independently. Please confirm the encryption scheme of each field according to your application scenario. Please review and select carefully based on your business. Once encryption is started, the cost of changing it becomes higher.
2. Introduction to the plan
2.1Normal method:
1) is only applicable to mobile phone numbers Fields other than: In the SQL statement, they will appear in the where clause in the form of (key = "value"), or they will not exist in the where clause.
#2)Counter phone number field: fuzzy query of the first three digits (key like “%top 3 digits”) that appear in the where clause of the SQL statement. (Note: That is, fuzzy query of the first 3 digits of the mobile phone number)
2.2 Support fuzzy query method:
1)Fuzzy search part of the full-text arbitrary string that appears (key like “%partial%”) in the where clause of the SQL statement. (Only applicable to fields other than mobile phone number:)
2)Only for mobile phone number field: Appears in the where clause of the SQL statement (key like Fuzzy query of the last four digits of "%last four digits"). (Note: Query records through the last 4 digits of the mobile phone number. Fuzzy queries with less than 4 digits are not supported)
Please confirm the encryption scheme of each field according to your application scenario.
Note: Please review carefully based on your business. choose. Once encryption is started, the cost of changing it becomes higher.
Depending on the encryption scheme you use for each field, the encryption length may be different. Modify the length of RDS accordingly:
| ##Exact query(Scenario 1,2) | Fuzzy query ( Scenario 3) | |
| ##nick/ receiver_name | varchar(32 characters length*4) | varchar(32 characters length*8) |
| normal(other scenarios) | varchar(32 characters length*4) | ##varchar (32 characters length*8)|
| | Scenario 4 | Fuzzy query ( Scenario 5) |
| varchar(16 (number length-8) (24)) | varchar(20 (character length*4)) |
| Scenario
| Field | Clear text | |
| nick/ receiver_name / | normal | taobaoTEST##~CKoqAl2hWzh54uBFv9Suug==~1~ | |
| nick/ receiver_name / | normaltaobaoTEST | ##~CKoqAl2hWzh54uBFv9Suug==~ weroiHKLphWWioZ32nkndkWEfjhwiensdfwWKHrw~1~ | |
#Normal way | |||
| phone | ##13834566786$138$SuR h6AtlSj8Z59W2W9EQ==$1$ | Support fuzzy query method | |
| ##13834566786 | ##$SuR h6AtlSj8Z59W2W9EQ= =$Zut6yIQxS3DclSj/Z5YdwH9EQ2x$1$ | Code modification plans under different scenarios: will be displayed in the code development plan. |
FAQ
There is no FAQ about this document
