CN113515538B - Inter-institution privacy data query and early warning method based on multiparty security calculation - Google Patents

Inter-institution privacy data query and early warning method based on multiparty security calculation Download PDF

Info

Publication number
CN113515538B
CN113515538B CN202110635248.5A CN202110635248A CN113515538B CN 113515538 B CN113515538 B CN 113515538B CN 202110635248 A CN202110635248 A CN 202110635248A CN 113515538 B CN113515538 B CN 113515538B
Authority
CN
China
Prior art keywords
data
network identity
encryption
key
prime number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110635248.5A
Other languages
Chinese (zh)
Other versions
CN113515538A (en
Inventor
甘立威
沈星
王萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan XW Bank Co Ltd
Original Assignee
Sichuan XW Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan XW Bank Co Ltd filed Critical Sichuan XW Bank Co Ltd
Priority to CN202110635248.5A priority Critical patent/CN113515538B/en
Publication of CN113515538A publication Critical patent/CN113515538A/en
Application granted granted Critical
Publication of CN113515538B publication Critical patent/CN113515538B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computational Linguistics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of data query, and particularly relates to an inter-institution privacy data query and early warning method based on multiparty security calculation, which is specifically described as follows: the mechanism A performs data alignment with the mechanism B through a DH-PSI protocol; during this process mechanism a and mechanism B save a certain amount of intermediate results for the subsequent DH-EK; after successful alignment, the mechanism B directly generates a symmetric key and a half key by using the intermediate result; the mechanism B utilizes the aligned data to search to obtain result data, encrypts the result data and sends ciphertext and a half secret key to the mechanism A; combining the intermediate result and the half secret key to obtain a symmetric secret key, and decrypting the ciphertext to obtain a result plaintext; the alignment result is used as a seed of DH-EK, and the result is known to both sides of the request without exchanging, so that a third party cannot steal data through monitoring and man-in-the-middle attack means. For both requesting parties, the non-matching successful information cannot be decrypted, so that the semi-honest partner cannot obtain more data.

Description

Inter-institution privacy data query and early warning method based on multiparty security calculation
Technical Field
The invention belongs to the technical field of data query and data cryptography, and particularly relates to an inter-institution privacy data query and early warning method based on multiparty security calculation.
Background
At present, the following three technical schemes are generally adopted in the field of wind control to ensure the safety of information data.
The first is to acquire data from a person through a personal credit statement of the person. The method can ensure the safety of information data, but the reporting period exceeds 12 hours, which is insufficient for providing sufficient protection for frequent credit and debit among a plurality of institutions in a short time (generally, the interval is less than 1 hour) under the internet financial environment.
And secondly, symmetrically encrypting the abstract and the information data by means of symmetrical encryption, special lines and the like, and exchanging and then solving the intersection. The mode has risks of man-in-the-middle attack, library collision and the like, and can be used for protecting the system to a certain extent by periodically exchanging certificate signatures and the like, but cannot defend a semi-honest calculation model, and the safety risk is high.
The third is a method of using privacy set intersection+rsa transmission AES key, which allows two parties holding respective sets to jointly calculate the intersection operation of the two sets, and at the end of protocol interaction, one or both parties should get the correct intersection, and no information in the other party set beyond the intersection is obtained. Malicious behavior of the participants may also be resisted if a PSI scheme based on unintentional transmission is used. But this way to secure the information data may be attacked by a man-in-the-middle.
Disclosure of Invention
The invention provides a method for inquiring and early warning private data among institutions based on multiparty security calculation, aiming at solving the problem that the private data inquiry in the prior art is vulnerable to the attack of middle people.
In order to achieve the above purpose, the present invention provides the following technical solutions:
the inter-institution privacy data query and early warning method based on multiparty security calculation comprises a requester and a data holder for carrying out privacy set exchange on user information based on DH-PSI protocol, wherein key exchange is carried out between the requester and the data holder based on DH-EK protocol; the requester generates a filter based on the network identity of the user information, and the data holder can acquire matching data based on the filter;
the method comprises the following steps:
step 1: the requester constructs a network identity according to personal information of a user X, generates a filter according to the network identity, performs first encryption operation on the network identity, packages the encrypted network identity, a random prime number public key and the filter to form initial request data, and sends the initial request data to a data holder;
step 2: analyzing the initial request data by the data holder to obtain an encrypted network identity and a filter, filtering the local data of the data holder based on the filter to obtain initial matching data, performing primary encryption on the initial matching data, and performing secondary encryption operation on the network identity; packaging the encrypted initial matching data and the network identity after the secondary encryption operation to form matching data; and sending the matching data to the requesting party;
step 3: the requester analyzes the matching data to obtain a network identity after secondary encryption and initial matching data after primary encryption; performing secondary encryption operation on the primary encrypted initial matching data; matching the initial matching data after the secondary encryption through the network identity after the secondary encryption to obtain the position information of the network identity after the secondary encryption in the initial matching data after the secondary encryption; transmitting the location information to a data holder;
step 4: the data holder searches in the initial matching data based on the position information to obtain the data which is defined in the initial request data and is wanted to be queried by the requester, namely the corresponding data; the data requesting party constructs a symmetric key and a symmetric half key according to the initial request data in the step 2; and carrying out symmetric encryption operation on the corresponding data; sending the encrypted corresponding data and the symmetric half key to a requester; generating and recording corresponding early warning information;
step 5: the requester encrypts the symmetric half secret key to obtain a symmetric secret key; decrypting the corresponding data encrypted by the symmetric key to obtain the data information wanted by the requester; and updates the local data based on the decrypted corresponding data.
The matching data comprises serial numbers, network identification after secondary encryption and initial matching data after primary encryption.
The initial request data described in step 1 further includes a random prime number public key P and a running water number lid.
The corresponding data in the step 4 comprises a network identity and user related data information (hereinafter referred to as user related data information) corresponding to the network identity;
preferably, the method for performing the first encryption on the network identity in the step 1 is as follows: the requester generates a random prime number public key P and a random prime number private key a, and performs encryption operation based on the random prime number public key P and the random prime number private key a.
Preferably, the construction mode of the network identity in the step 1 is as follows: firstly, abstracting personal information of a user by adopting a sha-256 abstracting algorithm to obtain a network identity; and extracting the first three bits of the network identity mark to generate a filter.
Preferably, the primary encryption operation on the initial matching data in the step 2 is as follows: the data holder generates a random private key b and performs encryption operation based on the random private key b and a random prime number public key P in the initial request data;
the operation of carrying out secondary encryption on the network identity is as follows: the encryption operation is performed based on the random private key b generated by the data holder and the random prime number public key P in the initial request data.
Preferably, the operation of the requester in step 3 for performing the secondary encryption on the initial matching data is as follows: the requester performs a secondary encryption operation on the primary encrypted initial matching data based on the random prime number private key a and the random prime number public key P.
The encryption operation on the corresponding data described in step 4 is as follows: generating a random prime number private key q by a data holder, encrypting the network identity mark which is obtained in the step 2 and is subjected to primary encryption to obtain an AES (advanced encryption Standard) key, and encrypting related data information of a user by an AES encryption method; and extracting the user network identity in the user related data, and encrypting the network identity once based on the generated random prime number private key q and the random prime number public key P obtained in the step 2.
The specific encryption and decryption operations in the step 5 are as follows: firstly, carrying out secondary encryption on the network identity identifier which is encrypted in the step 4 based on the random prime number private key a and the random prime number public key P generated in the step 1 to obtain an AES secret key; and decrypting the network identity and the user related data after the secondary encryption by adopting the AES secret key.
The name of the invention refers to 'multiparty security calculation', so that a plurality of data holders are provided, and therefore, a data requester can request the plurality of data holders to check whether related data of a certain user exists or not, and judge the condition of the user based on the related data so as to provide early warning information.
For example, if there are information for a user to transact a credit card among a plurality of data holders and there are a plurality of unrevealed records, the information can be provided to the requester by the data information queried from the plurality of holders.
Compared with the prior art, the invention has the beneficial effects that:
1. the invention achieves the effect of immune man-in-the-middle attack, and the reason is as follows: the man-in-the-middle refers to an indirect intrusion attack mode, and a computer controlled by an intruder is virtually placed between two communication computers connected with a network through various technical means, and the computer is called as a man-in-the-middle; even if the intermediate replaces the network identity which is encrypted once between the step 1 and the step 2, the replaced network identity cannot be matched with correct data, so that the intermediate cannot acquire correct data information by adopting the method; if the intermediate does not replace the encrypted network identity, but the intermediate does not know the random prime number private key a, so that the encrypted network identity and the user related data information cannot be decrypted, and the intermediate cannot acquire the data information transmitted between the requester and the data holder through the method; therefore, the invention effectively avoids the attack of the man-in-the-middle through the mode.
2. According to the invention, the filter is arranged, and only the first three digits of the network identity are intercepted, so that when the data holder retrieves corresponding initial request data based on the first three digits of the network identity, the initial request data contains the network identity of a plurality of users, and the data holder does not know the relevant information of which user the request party specifically needs to inquire, thereby ensuring the security of privacy data of specific users; and by setting the filter, the calculation scale is reduced, so that the whole system has enough throughput under the gigabit internet.
3. The invention adopts DH-PSI and DH-EK protocol to combine for inquiring data, because DH-PSI and DH-EK protocol have certain similarity, can share the intermediate result, thus reduce the data transmission times, reduce waiting delay.
Drawings
FIG. 1 is a schematic flow chart of the present invention;
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
An embodiment of the present invention will be described in detail with reference to fig. 1;
mechanism A is the requestor, mechanism B is the data holder;
query_info is the initial request data; lid is the running water number;
filter is a filter; eid is the network identity of user X; eid' is a network identity after primary encryption;
step 1: the organization A uses a data summarization algorithm to abstract the personal information of the user X to obtain eid; intercepting eid by a mechanism A, and taking the first three bits to obtain a filter; the mechanism A generates lid, a random prime number public key P and a random prime number private key a; encrypting eid based on the generated random prime number public key P and the random prime number private key a: eid (eid) a mod P, giving eid'; packaging eid', lid, filter and random prime number public key P to obtain query_info; sending the query_info to the institution B;
step 2: mechanism B analyzes the query_info to obtain eid', lid, filter and random elementA digital public key P; the mechanism B generates a random prime number private key B; the mechanism B filters the local data of the mechanism B through a filter field to obtain an initial matching data set S, and extracts the initial matching data set S to obtain S - The method comprises the steps of carrying out a first treatment on the surface of the Mechanism B is based on a random prime number public key P and a random prime number private key B pair S - And (3) performing encryption operation: s is S - b mod P, to give S'; the mechanism B encrypts eid' based on the random prime number public key P and the random prime number private key B: eid' b mod P, giving eid "; the mechanism B packages the lid, the eid and the S' to obtain matching data resp; the organization B sends the matching data resp to the organization a.
The mechanism B filters the local data of the mechanism B through a filter field to filter the data except eid; only the network identity of the user is reserved, and the rest data are filtered by a filter.
The mechanism B extracts the preliminary matching data set S, and the first three bits of the network identity identification in the preliminary matching data set S are the same as the data in the filter.
The S is - Representing initial matching data, wherein S' is the initial matching data after primary encryption; resp is matching data; eid "is the initial matching data after the secondary encryption.
Step 3: the mechanism A analyzes the matching data resp to obtain lid, eid and S'; the mechanism A encrypts S' based on the random prime number public key P and the random prime number private key a generated in the step 1: s'. a mod P, to give S'; the mechanism A matches the S 'through the eid' to obtain the position information index of the eid 'in the S'; mechanism a sends index and lid to mechanism B.
The position information index is the position of user data information which the mechanism A wants to inquire in initial matching data S;
s' is initial matching data after secondary encryption; eid "is the network identity after the second encryption.
The description of the matching of the mechanism A to the S "through the eid" and the obtaining of the position information index of the eid "in the S" is as follows:
it can be seen that the first encryption of SThe method comprises the following steps: s is S - b mod P; the second encryption is: s'. a mod P;
The first encryption of eid is: eid (eid) a mod P; the second encryption is: eid' b mod P;
Here use is made of eid ab =eid ba The principle of (2) is that if ciphertext is equal, the corresponding plaintext is equal, so that decryption is not needed, and the position information can be directly obtained.
Step 4: the mechanism B uses the position information index to search in the matching data resp to obtain corresponding data date; the mechanism B records the request of the mechanism A to obtain the final result data of the mechanism B cur The method comprises the steps of carrying out a first treatment on the surface of the Mechanism B passes through the position information index and the final result data cur Updating the local data; the mechanism B generates a random prime number private key q; encryption of eid' by mechanism B to obtain AES key eid E The method comprises the steps of carrying out a first treatment on the surface of the Mechanism B uses eid for data E AES encryption is carried out to obtain data B The method comprises the steps of carrying out a first treatment on the surface of the The mechanism B extracts the data to obtain eid; mechanism B performs encryption operations on eid: eid (eid) q mod P, resulting in a half key eid B The method comprises the steps of carrying out a first treatment on the surface of the Mechanism B pair data B And eid B Packaging to obtain data E The method comprises the steps of carrying out a first treatment on the surface of the Mechanism B will data E Sending to the mechanism A;
in the step 4, encrypting eid' by the mechanism B; encrypting eid' analyzed in the step 2 by the mechanism B;
in step 4, the mechanism B passes through the position information index and the final result data cur Updating the local data; the early warning information is obtained;
the data B Corresponding data after AES encryption; data is corresponding data;
step 5: mechanism A pair data E Analyzing to obtain data B And eid B The method comprises the steps of carrying out a first treatment on the surface of the Mechanism A vs eid B And (3) performing encryption operation: eid (eid) B a mod P, obtaining the AES key eid E The method comprises the steps of carrying out a first treatment on the surface of the Mechanism A uses eid E For data B And performing AES decryption to obtain a final result data. Mechanism a updates the local data set through eid, data.
The following is a description of the preferred embodiments of the present invention;
all steps corresponding to step 1 above:
the institution a takes the value of eid for user X: (using the sha-256 digest algorithm)
1D841BC0EE98309CB7916670B7F0FDEF5F4C35150711A41405EF3633B56322CF;
At this time, the filter takes the value: 1D8;
the water number lid is: query10010001;
taking the public key P as follows: 88F924EECEEDA7FE92E1F5AF;
taking a private key a as follows: 980553F0DB2FD09DE3C7;
then: eid' =5cb 08B556564AF4896E6C8F3;
Figure BDA0003105411640000051
Figure BDA0003105411640000061
mechanism A sends query_info to mechanism B;
corresponding to the step 2:
the mechanism B takes the private key B as follows: 1C80FFBD2918F71D9AB59;
if the local data set of the organization B is:
Figure BDA0003105411640000062
Figure BDA0003105411640000063
Figure BDA0003105411640000071
the mechanism B sends the matching data resp to the mechanism A;
corresponding to the above step 3:
Figure BDA0003105411640000072
index takes the value: [0]
the mechanism A sends the lid in the step 1 and the position information index in the step 5 to the mechanism B;
corresponding to the above step 4: the data takes on a value of [ D1];
data cur the value is as follows: [ D1] recording information about the current request according to the service specific requirements]
The updated data set of the mechanism B is as follows:
Figure BDA0003105411640000073
all steps corresponding to step 10 above:
Figure BDA0003105411640000081
mechanism B will data E Sending to the mechanism A;
corresponding to the step 5: eid calculated by mechanism A E The value is as follows: 2B8EEC8FC74AE55E17B2B876 is the same as mechanism B.
The data obtained by decryption of the mechanism A takes the following values: [D1]
mechanism a updates the local data set through eid, data.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present disclosure describes embodiments, not every embodiment is provided with a separate embodiment, and that this description is provided for clarity only, and that the disclosure is not limited to the embodiments described in detail below, and that the embodiments described in the examples may be combined as appropriate to form other embodiments that will be apparent to those skilled in the art.

Claims (6)

1. An inter-institution privacy data query and early warning method based on multiparty security calculation is characterized in that: the method comprises the steps that a requester and a data holder for carrying out privacy set exchange on user information based on DH-PSI protocol are included, and key exchange is carried out between the requester and the data holder based on DH-KE protocol; the requester generates a filter based on the network identity of the user information, and the data holder can acquire matching data based on the filter;
the method comprises the following steps:
step 1: the requester constructs a network identity according to personal information of a user X, generates a filter according to the network identity, performs first encryption operation on the network identity, packages the encrypted network identity, a random prime number public key and the filter to form initial request data, and sends the initial request data to a data holder; the construction mode of the network identity is as follows: firstly, abstracting personal information of a user by adopting a sha-256 abstracting algorithm to obtain a network identity; extracting the first three bits of the network identity mark to generate a filter;
step 2: analyzing the initial request data by the data holder to obtain an encrypted network identity and a filter, filtering the local data of the data holder based on the filter to obtain initial matching data, performing primary encryption on the initial matching data, and performing secondary encryption operation on the network identity; packaging the encrypted initial matching data and the network identity after the secondary encryption operation to form matching data; and sending the matching data to the requesting party;
step 3: the requester analyzes the matching data to obtain a network identity after secondary encryption and initial matching data after primary encryption; performing secondary encryption operation on the primary encrypted initial matching data; matching the initial matching data after the secondary encryption through the network identity after the secondary encryption to obtain the position information of the network identity after the secondary encryption in the initial matching data after the secondary encryption; transmitting the location information to a data holder;
step 4: the data holder searches in the initial matching data based on the position information to obtain the data which is defined in the initial request data and is wanted to be queried by the requester, namely the corresponding data; the data holder constructs a symmetric key and a symmetric half key according to the initial request data in the step 2; and carrying out symmetric encryption operation on the corresponding data; sending the encrypted corresponding data and the symmetric half key to a requester; generating and recording corresponding early warning information;
step 5: the requester encrypts the symmetric half secret key to obtain a symmetric secret key; decrypting the corresponding data encrypted by the symmetric key to obtain the data information wanted by the requester; and updating the local data based on the decrypted corresponding data;
the initial request data in the step 1 further comprises a random prime number public key P and a serial number lid;
the matching data comprises a serial number, a network identity after secondary encryption and initial matching data after primary encryption;
the corresponding data in step 4 includes the network identity and the user related data information corresponding to the network identity.
2. The inter-institution privacy data query and early warning method based on multiparty security computation of claim 1, wherein the method is characterized in that: the first encryption method for the network identity in the step 1 is as follows: the requester generates a random prime number public key P and a random prime number private key a, and performs encryption operation based on the random prime number public key P and the random prime number private key a.
3. The inter-institution privacy data query and early warning method based on multiparty security computation of claim 2, wherein the method is characterized in that: the primary encryption operation on the initial matching data in the step 2 is as follows: the data holder generates a random private key b and performs encryption operation based on the random private key b and a random prime number public key P in the initial request data;
the operation of carrying out secondary encryption on the network identity is as follows: the encryption operation is performed based on the random private key b generated by the data holder and the random prime number public key P in the initial request data.
4. The inter-institution privacy data query and early warning method based on multiparty security computation according to claim 3, wherein: in the step 3, the operation of the requester for carrying out secondary encryption on the initial matching data is as follows: the requester performs a secondary encryption operation on the primary encrypted initial matching data based on the random prime number private key a and the random prime number public key P.
5. The inter-institution privacy data query and early warning method based on multiparty security computation of claim 4, wherein the method comprises the following steps: the encryption operation on the corresponding data described in step 4 is as follows: generating a random prime number private key q by a data holder, encrypting the network identity mark which is obtained in the step 2 and is subjected to primary encryption to obtain an AES (advanced encryption Standard) key, and encrypting related data information of a user by an AES encryption method; and extracting the user network identity in the user related data, and encrypting the network identity once based on the generated random prime number private key q and the random prime number public key P obtained in the step 2.
6. The method for querying and pre-warning private data among institutions based on multiparty security computation according to claim 5, wherein the method comprises the following steps: the specific encryption and decryption operations in the step 5 are as follows: firstly, carrying out secondary encryption on the network identity identifier which is encrypted in the step 4 based on the random prime number private key a and the random prime number public key P generated in the step 1 to obtain an AES secret key; and decrypting the network identity and the user related data after the secondary encryption by adopting the AES secret key.
CN202110635248.5A 2021-06-08 2021-06-08 Inter-institution privacy data query and early warning method based on multiparty security calculation Active CN113515538B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110635248.5A CN113515538B (en) 2021-06-08 2021-06-08 Inter-institution privacy data query and early warning method based on multiparty security calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110635248.5A CN113515538B (en) 2021-06-08 2021-06-08 Inter-institution privacy data query and early warning method based on multiparty security calculation

Publications (2)

Publication Number Publication Date
CN113515538A CN113515538A (en) 2021-10-19
CN113515538B true CN113515538B (en) 2023-07-07

Family

ID=78065555

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110635248.5A Active CN113515538B (en) 2021-06-08 2021-06-08 Inter-institution privacy data query and early warning method based on multiparty security calculation

Country Status (1)

Country Link
CN (1) CN113515538B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115062347B (en) * 2022-08-17 2022-11-04 四川新网银行股份有限公司 Data privacy security sharing method and system for guaranteeing data value accuracy

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107689947A (en) * 2016-08-05 2018-02-13 华为国际有限公司 A kind of method and apparatus of data processing
CN109951443A (en) * 2019-01-28 2019-06-28 湖北工业大学 The set intersection calculation method and system of secret protection under a kind of cloud environment
CN110622165A (en) * 2018-04-19 2019-12-27 谷歌有限责任公司 Security measures for determining privacy set intersections
CN112613077A (en) * 2021-01-22 2021-04-06 支付宝(杭州)信息技术有限公司 Privacy-protecting multi-party data processing method, device and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8526603B2 (en) * 2011-07-08 2013-09-03 Sap Ag Public-key encrypted bloom filters with applications to private set intersection
US9231757B2 (en) * 2012-12-05 2016-01-05 Inha-Industry Partnership Institute Proxy signature scheme
WO2017167741A1 (en) * 2016-03-29 2017-10-05 Koninklijke Philips N.V. System and method for distribution of identity based key material and certificate

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107689947A (en) * 2016-08-05 2018-02-13 华为国际有限公司 A kind of method and apparatus of data processing
CN110622165A (en) * 2018-04-19 2019-12-27 谷歌有限责任公司 Security measures for determining privacy set intersections
CN109951443A (en) * 2019-01-28 2019-06-28 湖北工业大学 The set intersection calculation method and system of secret protection under a kind of cloud environment
CN112613077A (en) * 2021-01-22 2021-04-06 支付宝(杭州)信息技术有限公司 Privacy-protecting multi-party data processing method, device and system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
基于同态加密和Bloom过滤器的云外包多方隐私集合比较协议;张恩;金刚刚;;计算机应用(第08期);122-126 *
整数环上同态加密算法及其应用研究;薛锦;《中国优秀硕士学位论文全文数据库 信息科技辑》(第07期);I138-40 *
隐私保护的可验证外包属性基解密方案;李聪;杨晓元;王绪安;;小型微型计算机系统(第09期);107-111 *

Also Published As

Publication number Publication date
CN113515538A (en) 2021-10-19

Similar Documents

Publication Publication Date Title
US11038853B2 (en) Secure multi-party protocol
US9704159B2 (en) Purchase transaction system with encrypted transaction information
JP3560439B2 (en) Device for performing encryption key recovery
US7860243B2 (en) Public key encryption for groups
CN103124269B (en) Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment
CN110969431B (en) Secure hosting method, device and system for private key of blockchain digital coin
WO2018189681A1 (en) Data tokenization
CN109951453A (en) A kind of safe encryption method based on block chain
US20090271627A1 (en) Secure Data Transmission
JP2000502553A (en) Key agreement and transport protocol using intrinsic signature
US20080044023A1 (en) Secure Data Transmission
CN111797427A (en) Block chain user identity supervision method and system considering privacy protection
GB2603495A (en) Generating shared keys
CN113515538B (en) Inter-institution privacy data query and early warning method based on multiparty security calculation
CN109787747A (en) Anti- quantum calculation multi-enciphering cloud storage method and system based on multiple unsymmetrical key ponds
CN109951286A (en) A kind of encrypted authentication system and method for medical treatment block chain communication system
Wu et al. Security Architecture for sensitive information systems
CN114866244B (en) Method, system and device for controllable anonymous authentication based on ciphertext block chaining encryption
CN116506154A (en) Safe verifiable federal learning scheme
CN100566239C (en) The key transmission method of multi-stage intelligent key apparatus and system
CN105791301B (en) A kind of facing multiple users group believes close isolated key distribution management method
CN111342968B (en) Method and system for issuing double digital certificates
CN106651376A (en) Electronic commerce information security processing method
RU2819174C1 (en) Method of determining source of data packets in telecommunication networks
Li et al. EPPSQ: Achieving efficient and privacy-preserving statistics queries over encrypted data in smart grids

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant