CN112217642A - Data encryption sharing method and device, electronic equipment and computer storage medium - Google Patents
Data encryption sharing method and device, electronic equipment and computer storage medium Download PDFInfo
- Publication number
- CN112217642A CN112217642A CN202011054474.6A CN202011054474A CN112217642A CN 112217642 A CN112217642 A CN 112217642A CN 202011054474 A CN202011054474 A CN 202011054474A CN 112217642 A CN112217642 A CN 112217642A
- Authority
- CN
- China
- Prior art keywords
- information
- client
- clients
- data
- coding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000004422 calculation algorithm Methods 0.000 claims description 33
- 230000006870 function Effects 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 10
- 239000000126 substance Substances 0.000 claims description 2
- 238000000605 extraction Methods 0.000 claims 1
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000007726 management method Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000002708 enhancing effect Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
Abstract
The invention relates to a data security technology, and discloses a data encryption sharing method, which comprises the following steps: receiving private keys and client information transmitted by n clients, and performing coding operation on the corresponding client information by using the private key of each client to obtain initial coding information of each client; selecting initial coding information of one client through traversal operation, sequentially acquiring private keys of other (n-1) clients, sequentially performing coding operation on the initial coding information by using the private keys of the other (n-1) clients to obtain final coding information, and obtaining the final coding information of the n clients according to the operation; and carrying out pairwise intersection operation on the final coding information of the n clients to obtain the common client information among the n clients. The invention also provides an encryption sharing device and equipment of the data and a computer readable storage medium. The invention solves the problems that the enterprise data needs to be shared and the privacy of the enterprise data needs to be protected.
Description
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a method and an apparatus for sharing data by encryption, an electronic device, and a computer-readable storage medium.
Background
The degree of data sharing reflects the information development level of one region and one country, and the higher the degree of data sharing is, the higher the information development level is. In the big data era, inter-enterprise data sharing makes an important ring in enterprise collaboration.
The collaboration between enterprises usually realizes the data custody by a third party, which has extremely high requirements on the credit level of the third party. Under the condition that no reliable third party is used as an intermediary, how to share the enterprise data and protect the privacy of the enterprise data becomes a problem to be solved urgently.
Disclosure of Invention
The invention provides a data encryption sharing method and device, electronic equipment and a computer readable storage medium, and mainly aims to solve the problems that enterprise data needs to be shared and privacy of the enterprise data needs to be protected.
In order to achieve the above object, the present invention provides a method for encrypting and sharing data, including:
step A: receiving private keys and client information transmitted by n clients, and performing coding operation on the corresponding client information by using the private key of each client to obtain initial coding information of each client, wherein n is a natural number greater than 1;
and B: selecting initial coding information of one client through traversal operation, sequentially acquiring private keys of other (n-1) clients, sequentially performing coding operation with the initial coding information by using the acquired private keys of the other (n-1) clients to obtain final coding information of the selected client, and repeating the operation to obtain final coding information of the n clients;
and C: and performing pairwise intersection operation on the final coding information of the n clients to obtain the common client information among the n clients.
Optionally, before receiving the private keys and the client information transmitted by the n clients, the method further includes the following steps, which are executed in each of the n clients:
acquiring local transaction data, and extracting information of the local transaction data to obtain the customer information;
and generating the private key corresponding to the client information according to a first constraint condition.
Optionally, the obtaining local transaction data and extracting information from the local transaction data to obtain the customer information includes:
obtaining historical transaction information from a pre-constructed local transaction system;
and extracting fields corresponding to the keywords from the historical transaction information according to the keywords input by the user to obtain the customer information.
Optionally, the first constraint condition is:
ri∈Z*N,i=1,2,3…n
and the ri is a private key of the ith client, N is the order of an elliptic curve algorithm, and Z is a preset coefficient, so that Z x N is a positive integer smaller than N.
Optionally, the encoding operation includes:
importing an elliptic curve algorithm into a trusted execution environment;
verifying the integrity of the elliptic curve algorithm in the trusted execution environment and executing encoding operations using the elliptic curve algorithm.
Optionally, the verifying the integrity of the elliptic curve algorithm in the trusted execution environment includes:
and acquiring program certification information and identity certification information of the trusted execution environment, sending the program certification information and the identity certification information to a trusted third party, and respectively verifying the program certification information and the identity certification information so as to determine the integrity of the elliptic curve algorithm.
Optionally, the selected final encoding information of the client is:
{rarbrc…rnΨ(ui)|ui∈XA}
the XA is selected customer information of the client, ui is one of data in the XA, ra, rb and rc … rn are private keys of the n clients respectively, and Ψ is a plaintext-elliptic curve encoding function.
In order to solve the above problem, the present invention further provides an apparatus for encrypted sharing of data, the apparatus comprising:
an information acquisition module: receiving private keys and client information transmitted by n clients, and performing coding operation on the corresponding client information by using the private key of each client to obtain initial coding information of each client, wherein n is a natural number greater than 1;
the coding operation module: selecting initial coding information of one client through traversal operation, sequentially acquiring private keys of other (n-1) clients, performing coding operation with the initial coding information sequentially by using the acquired private keys of the other (n-1) clients to obtain final coding information of the selected client, and repeating the operation to obtain final coding information of the n clients;
and an intersection operation module: and performing pairwise intersection operation on the final coding information of the n clients to obtain the common client information among the n clients.
In order to solve the above problem, the present invention also provides an electronic device, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores computer program instructions executable by the at least one processor to enable the at least one processor to implement the above-described method of cryptographic sharing of data.
In order to solve the above problem, the present invention also provides a computer-readable storage medium including a storage data area storing created data and a storage program area storing a computer program, wherein the computer program, when executed by a processor, implements the method for encrypted sharing of data as described in any one of the above.
The embodiment of the invention firstly utilizes the private key of each client and carries out coding operation on the client information to obtain the coding information, thereby ensuring the privacy of the client information, secondly sequentially utilizes the private keys of other clients to carry out coding operation with the initial coding information to obtain the final coding information of the selected client, further enhancing the privacy of the client information, and finally carries out pairwise intersection operation on the final coding information of the n clients to obtain the common client information among the n clients. Therefore, the data encryption sharing method, the data encryption sharing device, the electronic equipment and the computer storage medium solve the problem that the privacy of the data of the enterprise is protected while the data of the enterprise is shared.
Drawings
Fig. 1 is a schematic flowchart of a data encryption sharing method according to an embodiment of the present invention;
fig. 2 is a block diagram of an apparatus for encrypting and sharing data according to an embodiment of the present invention;
fig. 3 is a schematic internal structural diagram of an electronic device implementing a method for encrypting and sharing data according to an embodiment of the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The embodiment of the application provides a data encryption sharing method. The execution subject of the encryption sharing method of the data includes, but is not limited to, at least one of electronic devices that can be configured to execute the method provided by the embodiments of the present application, such as a server, a terminal, and the like. In other words, the data encryption sharing method may be performed by software or hardware installed in the terminal device or the server device, and the software may be a block chain platform. The server includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
The invention provides a data encryption sharing method. Fig. 1 is a schematic flow chart of a data encryption sharing method according to an embodiment of the present invention. In this embodiment, the method for encrypting and sharing data includes:
s1, receiving the private keys and the client information transmitted by n clients, and performing coding operation on the corresponding client information by using the private key of each client to obtain the initial coding information of each client, wherein n is a natural number greater than 1.
In the embodiment of the present invention, the encoding operation may adopt an elliptic curve algorithm, that is, the embodiment of the present invention uses the elliptic curve algorithm to operate the client information by using the private key. The elliptic curve algorithm is an encryption mode with small calculation amount, high processing speed and higher safety performance.
In an embodiment of the present invention, the encoding operation includes:
importing an elliptic curve algorithm into a trusted execution environment; verifying the integrity of the elliptic curve algorithm in the trusted execution environment and executing encoding operations using the elliptic curve algorithm.
The trusted execution environment is a tamper-proof and public and transparent execution environment, can safely process secret information such as passwords and private keys, guarantees that the information is absolutely not leaked to nodes or other people, and can prove that data is not tampered. The embodiment of the invention introduces the elliptic curve algorithm into a trusted execution environment to increase the credibility of the coding information operation.
Further, said verifying the integrity of said elliptic curve algorithm in said trusted execution environment comprises:
and acquiring program certification information and identity certification information of the trusted execution environment, sending the program certification information and the identity certification information to a trusted third party, and respectively verifying the program certification information and the identity certification information so as to determine the integrity of the elliptic curve algorithm.
In another embodiment of the present invention, before S1, the method further includes:
acquiring local transaction data, and extracting information of the local transaction data to obtain the customer information; and generating the private key corresponding to the client information according to a first constraint condition.
The local transaction system is a system for daily work of enterprises and comprises various historical transaction information. The Database Management System (DBMS) is a large software for managing and managing a Database, and is used for building, using and maintaining the Database. The system and the method carry out unified management and control on the database so as to ensure the safety and the integrity of the database.
Further, in the embodiment of the present invention, the first constraint condition is:
ri∈Z*N,i=1,2,3…n
and the ri is a private key of the ith client, N is the order of an elliptic curve algorithm, and Z is a preset coefficient, so that Z x N is a positive integer smaller than N.
In one example of the present invention, let n be 3, i.e., there are 3 clients A, B and C performing encrypted sharing of data between them, where the guest usesThe client information of the client A, B, C includes XA ═ u1, u2, u3}, XB ═ u1, u2}, XC ═ u1, u4 }; and the client A, B, C selects respective private keys ra, rb and rc respectively, and the obtained initial coding information of the client a is { ra Ψ (ui) | ui ∈ XA }, wherein Ψ is a plaintext-to-ellipse curve y2=x3+ ax + b.
S2, selecting initial coding information of one client through traversal operation, sequentially acquiring private keys of other (n-1) clients, and sequentially performing coding operation with the initial coding information by using the acquired private keys of the other (n-1) clients to obtain final coding information of the selected client.
The traversal is to make one access to each subset (or node) in the set (or tree) along a specific route, and in the embodiment of the present invention, the traversal operation is to perform an elliptic encoding operation on each private key in the other private key sets and the initial encoding information.
In this embodiment of the present invention, the selected final encoding information of the client is:
{rarbrc…rnΨ(ui)|ui∈xA}
the XA is selected customer information of the client, ui is one of data in the XA, ra, rb and rc … rn are private keys of the n clients respectively, and Ψ is a plaintext-elliptic curve encoding function.
In the above example, the obtained initial encoding information of the client a is { ra Ψ (ui) | ui ∈ XA }, and the embodiment of the present invention continues to perform an elliptic encoding operation on the initial encoding information { ra Ψ (ui) | ui ∈ XA } of the client a by using a private key rb of the client B to obtain { rarb Ψ (ui) | ui ∈ XA }, and then performs an elliptic encoding operation on { rarb Ψ (ui) | ui ∈ XA } by using a key rc of the client C to obtain final encoding information { rarb Ψ (ui) | ui ∈ XA } of the client a.
The above step of S2 is repeatedly executed until the final encoded information of n clients is obtained.
In the example of the present invention, according to the process of the company a encoding operation in S2, the final encoding information of the company B and the company C is obtained as { rarrc Ψ (ui) | ui ∈ XB } and { rarrc Ψ (ui) | ui ∈ XC }, respectively.
And S3, performing pairwise intersection operation on the final coding information of the n clients to obtain the common client information among the n clients.
In the embodiment of the invention, the final coding information of the n clients is subjected to pairwise intersection operation, namely { rarrc Ψ (ui) | ui belongs to XA }, andd { rarrc Ψ (ui) | ui belongs to XB }, andd { rarrc Ψ (ui) | belongs to XB }, so that common client information among the n clients is obtained.
The embodiment of the invention firstly utilizes the private key of each client and carries out coding operation on the client information to obtain the coding information, thereby ensuring the privacy of the client information, secondly sequentially utilizes the private keys of other clients to carry out coding operation with the initial coding information to obtain the final coding information of the selected client, further enhancing the privacy of the client information, and finally carries out pairwise intersection operation on the final coding information of the n clients to obtain the common client information among the n clients. Therefore, the data encryption sharing method, the data encryption sharing device, the electronic equipment and the computer storage medium solve the problem that the privacy of the data of the enterprise is protected while the data of the enterprise is shared.
Fig. 2 is a schematic block diagram of an apparatus for sharing data by encryption according to the present invention.
The encryption sharing apparatus 100 for data according to the present invention may be installed in an electronic device. According to the realized functions, the data encryption sharing device can comprise an information acquisition module 101, an encoding operation module 102 and an intersection operation module 103. The module of the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the information acquisition module 101 is configured to receive private keys and client information transmitted by n clients, and perform coding operation on the corresponding client information by using the private key of each client to obtain initial coding information of each client, where n is a natural number greater than 1;
the encoding operation module 102 is configured to select initial encoding information of one of the clients through traversal operation, sequentially acquire private keys of the other (n-1) clients, sequentially perform encoding operation with the initial encoding information by using the acquired private keys of the other (n-1) clients to obtain final encoding information of the selected client, and repeat the above operation to obtain final encoding information of the n clients;
and the intersection operation module 103 is configured to perform pairwise intersection operation on the final encoded information of the n clients to obtain common client information among the n clients.
In detail, when each module in the data encryption sharing apparatus 100 is running, a data encryption sharing method may be implemented, which includes the following steps:
step one, the information obtaining module 101 receives the private keys and the client information transmitted by n clients, and performs coding operation on the corresponding client information by using the private key of each client to obtain the initial coding information of each client.
In the embodiment of the present invention, the encoding operation may adopt an elliptic curve algorithm, that is, the embodiment of the present invention uses the elliptic curve algorithm to operate the client information by using the private key. The elliptic curve algorithm is an encryption mode with small calculation amount, high processing speed and higher safety performance.
In an embodiment of the present invention, the encoding operation includes:
importing an elliptic curve algorithm into a trusted execution environment; verifying the integrity of the elliptic curve algorithm in the trusted execution environment and executing encoding operations using the elliptic curve algorithm.
The trusted execution environment is a tamper-proof and public and transparent execution environment, can safely process secret information such as passwords and private keys, guarantees that the information is absolutely not leaked to nodes or other people, and can prove that data is not tampered. The embodiment of the invention introduces the elliptic curve algorithm into a trusted execution environment to increase the credibility of the coding information operation.
Further, said verifying the integrity of said elliptic curve algorithm in said trusted execution environment comprises:
and acquiring program certification information and identity certification information of the trusted execution environment, sending the program certification information and the identity certification information to a trusted third party, and respectively verifying the program certification information and the identity certification information so as to determine the integrity of the elliptic curve algorithm.
In another embodiment of the present invention, the information obtaining module 101 is further configured to:
acquiring local transaction data, and extracting information of the local transaction data to obtain the customer information; and generating the private key corresponding to the client information according to a first constraint condition.
The local transaction system is a system for daily work of enterprises and comprises various historical transaction information. The Database Management System (DBMS) is a large software for manipulating and managing a Database, and is used for building, using and maintaining the Database, referred to as DBMS for short. The system and the method carry out unified management and control on the database so as to ensure the safety and the integrity of the database.
Further, in the embodiment of the present invention, the first constraint condition is:
ri∈Z*N,i=1,2,3…n
and the ri is a private key of the ith client, N is the order of an elliptic curve algorithm, and Z is a preset coefficient, so that Z x N is a positive integer smaller than N.
In one example of the present invention, it is assumed that n is 3, that is, there are 3 clients A, B and C performing encrypted sharing of data, where the client information of the client A, B, C includes XA ═ { u1, u2, u3}, XB ═ u1, u2}, and XC ═ { u1, u4 }; and the client A, B, C selects the respective private key ra. rb and rc, then the obtained initial coding information of the client a is { ra Ψ (ui) | ui ∈ XA }, where Ψ is Ψ being a plaintext-to-elliptic curve y2=x3+ ax + b.
And step two, the encoding operation module 102 selects the initial encoding information of one of the clients through traversal operation, sequentially acquires the private keys of the other (n-1) clients, and sequentially performs encoding operation with the initial encoding information by using the acquired private keys of the other (n-1) clients to obtain the final encoding information of the selected client.
The traversal is to make one access to each subset (or node) in the set (or tree) along a specific route, and in the embodiment of the present invention, the traversal operation is to perform an elliptic encoding operation on each private key in the other private key sets and the initial encoding information.
In this embodiment of the present invention, the selected final encoding information of the client is:
{rarbrc…rnΨ(ui)|ui∈XA}
the XA is selected customer information of the client, ui is one of data in the XA, ra, rb and rc … rn are private keys of the n clients respectively, and Ψ is a plaintext-elliptic curve encoding function.
In the above example, the obtained initial encoding information of the client a is { ra Ψ (ui) | ui ∈ XA }, and the embodiment of the present invention continues to perform an elliptic encoding operation on the initial encoding information { ra Ψ (ui) | ui ∈ XA } of the client a by using a private key rb of the client B to obtain { rarb Ψ (ui) | ui ∈ XA }, and then performs an elliptic encoding operation on { rarb Ψ (ui) | ui ∈ XA } by using a key rc of the client C to obtain final encoding information { rarb Ψ (ui) | ui ∈ XA } of the client a.
The encoding operation module 102 repeatedly executes an operation of selecting initial encoding information of one of the clients through traversal operation, sequentially acquiring private keys of the other (n-1) clients, and sequentially executing encoding operation with the initial encoding information by using the acquired private keys of the other (n-1) clients to obtain final encoding information of the selected client until final encoding information of the n clients is obtained.
In the example of the present invention, according to the process of the company a encoding operation in the encoding operation module 102, the final encoding information of the company B and the company C is obtained as { rarrc Ψ (ui) | ui ∈ XB } and { rarrc Ψ (ui) | ui ∈ XC }, respectively.
And step three, the intersection operation module 103 performs pairwise intersection operation on the final coded information of the n clients to obtain the common client information among the n clients.
The intersection operation refers to intersection operation of a set, and pairwise intersection operation is performed on the final coding information of the n clients, namely { rarbrc Ψ (ui) | ui belongs to XA }, n { rarbrc Ψ (ui) | ui belongs to XB }, n { rarbrc Ψ (ui) | ui belongs to XC }, so that common client information among the n clients is obtained.
The embodiment of the invention firstly utilizes the private key of each client and carries out coding operation on the client information to obtain the coding information, thereby ensuring the privacy of the client information, secondly sequentially utilizes the private keys of other clients and sequentially carries out coding operation with the initial coding information to obtain the final coding information of the selected client, thereby further enhancing the privacy of the client information, and finally carries out pairwise intersection operation on the final coding information of the n clients to obtain the common client information among the n clients. Therefore, the data encryption sharing method, the data encryption sharing device, the electronic equipment and the computer storage medium solve the problem that the privacy of the data of the enterprise is protected while the data of the enterprise is shared.
Fig. 3 is a schematic structural diagram of an electronic device implementing the data encryption sharing method according to the present invention.
The electronic device 1 may comprise a processor 10, a memory 11 and a bus, and may further comprise a computer program, such as an encrypted shared program 12 of data, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, which includes flash memory, removable hard disk, multimedia card, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only to store application software installed in the electronic device 1 and various types of data, such as codes of the encrypted sharing program 12 of the data, but also to temporarily store data that has been output or is to be output.
The processor 10 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device 1 by running or executing programs or modules (for example, an encryption sharing program for executing data, etc.) stored in the memory 11 and calling data stored in the memory 11.
The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. The bus is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like.
Fig. 3 shows only an electronic device with components, and it will be understood by those skilled in the art that the structure shown in fig. 3 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
For example, although not shown, the electronic device 1 may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so as to implement functions of charge management, discharge management, power consumption management, and the like through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device 1 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the electronic device 1 may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used for establishing a communication connection between the electronic device 1 and other electronic devices.
Optionally, the electronic device 1 may further comprise a user interface, which may be a Display (Display), an input unit (such as a Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The encrypted sharing program 12 of data stored in the memory 11 of the electronic device 1 is a combination of a plurality of computer programs, and when running in the processor 10, can realize:
step A: receiving private keys and client information transmitted by n clients, and performing coding operation on the corresponding client information by using the private key of each client to obtain initial coding information of each client;
and B: selecting initial coding information of one client through traversal operation, sequentially acquiring private keys of other (n-1) clients, performing coding operation with the initial coding information sequentially by using the acquired private keys of the other (n-1) clients to obtain final coding information of the selected client, and obtaining final coding information of the n clients according to the operation;
and C: and performing pairwise intersection operation on the final coding information of the n clients, wherein the n clients share client information.
Further, the integrated modules/units of the electronic device 1, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. The computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
Further, the computer usable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any accompanying claims should not be construed as limiting the claim concerned.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.
Claims (10)
1. A method for encrypted sharing of data, the method running on a server, comprising:
step A: receiving private keys and client information transmitted by n clients, and performing coding operation on the corresponding client information by using the private key of each client to obtain initial coding information of each client, wherein n is a natural number greater than 1;
and B: selecting initial coding information of one client through traversal operation, sequentially acquiring private keys of other (n-1) clients, performing coding operation with the initial coding information sequentially by using the acquired private keys of the other (n-1) clients to obtain final coding information of the selected client, and repeating the operation to obtain final coding information of the n clients;
and C: and performing pairwise intersection operation on the final coding information of the n clients to obtain the common client information among the n clients.
2. The method for the encrypted sharing of data according to claim 1, wherein the step of receiving the private key and the client information transmitted by the n clients further comprises the following steps running in each of the n clients:
acquiring local transaction data, and extracting information of the local transaction data to obtain the customer information;
and generating the private key corresponding to the client information according to a first constraint condition.
3. The method for encrypting and sharing data according to claim 2, wherein the obtaining local transaction data and performing information extraction on the local transaction data to obtain the customer information comprises:
obtaining historical transaction information from a pre-constructed local transaction system;
and extracting fields corresponding to the keywords from the historical transaction information according to the keywords input by the user to obtain the customer information.
4. The method for encrypted sharing of data according to claim 2, wherein the first constraint is:
ri∈Z*N,i=1,2,3…n
and the ri is a private key of the ith client, N is the order of an elliptic curve algorithm, and Z is a preset coefficient, so that Z x N is a positive integer smaller than N.
5. The method for encrypted sharing of data according to claim 1, wherein the encoding operation includes:
importing an elliptic curve algorithm into a trusted execution environment;
verifying the integrity of the elliptic curve algorithm in the trusted execution environment and executing encoding operations using the elliptic curve algorithm.
6. The method of cryptographic sharing of data of claim 5, wherein said verifying the integrity of the elliptic curve algorithm in the trusted execution environment comprises:
and acquiring program certification information and identity certification information of the trusted execution environment, sending the program certification information and the identity certification information to a trusted third party, and respectively verifying the program certification information and the identity certification information so as to determine the integrity of the elliptic curve algorithm.
7. The method according to any one of claims 1 to 6, wherein the selected final encoding information of the client is:
{rarbrc…rnΨ(ui)|ui∈xA}
the XA is selected customer information of the client, ui is one of data in the XA, ra, rb and rc … rn are private keys of the n clients respectively, and Ψ is a plaintext-elliptic curve encoding function.
8. An apparatus for encrypted sharing of data, the apparatus comprising:
an information acquisition module: receiving private keys and client information transmitted by n clients, and performing coding operation on the corresponding client information by using the private key of each client to obtain initial coding information of each client, wherein n is a natural number greater than 1;
the coding operation module: selecting initial coding information of one client through traversal operation, sequentially acquiring private keys of other (n-1) clients, performing coding operation with the initial coding information sequentially by using the acquired private keys of the other (n-1) clients to obtain final coding information of the selected client, and repeating the operation to obtain final coding information of the n clients;
and an intersection operation module: and performing pairwise intersection operation on the final coding information of the n clients to obtain the common client information among the n clients.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores computer program instructions executable by the at least one processor to enable the at least one processor to perform a method of cryptographic sharing of data as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium comprising a stored data area storing created data and a stored program area storing a computer program, characterized in that the computer program, when executed by a processor, implements the method for cryptographic sharing of data according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011054474.6A CN112217642A (en) | 2020-09-30 | 2020-09-30 | Data encryption sharing method and device, electronic equipment and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011054474.6A CN112217642A (en) | 2020-09-30 | 2020-09-30 | Data encryption sharing method and device, electronic equipment and computer storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112217642A true CN112217642A (en) | 2021-01-12 |
Family
ID=74051555
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011054474.6A Withdrawn CN112217642A (en) | 2020-09-30 | 2020-09-30 | Data encryption sharing method and device, electronic equipment and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112217642A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112866254A (en) * | 2021-01-21 | 2021-05-28 | 中国工商银行股份有限公司 | Method, terminal and system for obtaining common clients |
| CN113486398A (en) * | 2021-07-13 | 2021-10-08 | 华控清交信息科技(北京)有限公司 | Information comparison method and device and electronic equipment |
| CN115242549A (en) * | 2022-09-21 | 2022-10-25 | 佛山市元亨利贞信息科技有限公司 | Data security sharing method, device, equipment and medium based on open protocol |
| CN115333875A (en) * | 2022-10-18 | 2022-11-11 | 北京网藤科技有限公司 | Data sharing method, system, device and storage medium |
-
2020
- 2020-09-30 CN CN202011054474.6A patent/CN112217642A/en not_active Withdrawn
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112866254A (en) * | 2021-01-21 | 2021-05-28 | 中国工商银行股份有限公司 | Method, terminal and system for obtaining common clients |
| CN113486398A (en) * | 2021-07-13 | 2021-10-08 | 华控清交信息科技(北京)有限公司 | Information comparison method and device and electronic equipment |
| CN113486398B (en) * | 2021-07-13 | 2024-03-29 | 华控清交信息科技(北京)有限公司 | Information comparison method and device and electronic equipment |
| CN115242549A (en) * | 2022-09-21 | 2022-10-25 | 佛山市元亨利贞信息科技有限公司 | Data security sharing method, device, equipment and medium based on open protocol |
| CN115242549B (en) * | 2022-09-21 | 2023-04-07 | 佛山市元亨利贞信息科技有限公司 | Data security sharing method, device, equipment and medium based on open protocol |
| CN115333875A (en) * | 2022-10-18 | 2022-11-11 | 北京网藤科技有限公司 | Data sharing method, system, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112217642A (en) | Data encryption sharing method and device, electronic equipment and computer storage medium | |
| CN112732297B (en) | Method and device for updating federal learning model, electronic equipment and storage medium | |
| CN112651035A (en) | Data processing method, device, electronic equipment and medium | |
| CN113055380B (en) | Message processing method and device, electronic equipment and medium | |
| CN113112252B (en) | Resource transfer method and device based on block chain, electronic equipment and storage medium | |
| CN114389889B (en) | File full life cycle management method and device based on block chain technology | |
| CN111695097A (en) | Login checking method and device and computer readable storage medium | |
| CN115270193B (en) | Data file secure sharing method and device based on block chain and collaborative synchronization | |
| CN113420049A (en) | Data circulation method and device, electronic equipment and storage medium | |
| CN113127915A (en) | Data encryption desensitization method and device, electronic equipment and storage medium | |
| CN113822675A (en) | Block chain based message processing method, device, equipment and storage medium | |
| CN113704665A (en) | Dynamic service publishing method, device, electronic equipment and storage medium | |
| CN112217639B (en) | Data encryption sharing method and device, electronic equipment and computer storage medium | |
| CN114417374A (en) | Intelligent contract business card method, device, equipment and storage medium based on block chain | |
| CN111651508A (en) | Operation and maintenance data management method and device, electronic equipment and storage medium | |
| CN115374150A (en) | Character string data query method and device, electronic equipment and storage medium | |
| CN113162763A (en) | Data encryption and storage method and device, electronic equipment and storage medium | |
| CN112069479B (en) | Face data calling method and device based on block chain | |
| CN112235409A (en) | File uploading method and device, electronic equipment and computer readable storage medium | |
| CN112988888B (en) | Key management method, device, electronic equipment and storage medium | |
| CN115643090A (en) | Longitudinal federal analysis method, device, equipment and medium based on privacy retrieval | |
| CN114826736A (en) | Information sharing method, device, equipment and storage medium | |
| CN112257078B (en) | Block chain encryption and decryption service security trusted system based on TEE technology | |
| CN113918517A (en) | Multi-type file centralized management method, device, equipment and storage medium | |
| CN114629663A (en) | Block chain-based digital commodity transaction method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20210112 |
|
| WW01 | Invention patent application withdrawn after publication |