CN113542233B - System and method for sharing list based on multiparty security calculation - Google Patents

System and method for sharing list based on multiparty security calculation Download PDF

Info

Publication number
CN113542233B
CN113542233B CN202110703999.6A CN202110703999A CN113542233B CN 113542233 B CN113542233 B CN 113542233B CN 202110703999 A CN202110703999 A CN 202110703999A CN 113542233 B CN113542233 B CN 113542233B
Authority
CN
China
Prior art keywords
list
information
client
module
receiving end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110703999.6A
Other languages
Chinese (zh)
Other versions
CN113542233A (en
Inventor
王萍
贾坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan XW Bank Co Ltd
Original Assignee
Sichuan XW Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan XW Bank Co Ltd filed Critical Sichuan XW Bank Co Ltd
Priority to CN202110703999.6A priority Critical patent/CN113542233B/en
Publication of CN113542233A publication Critical patent/CN113542233A/en
Application granted granted Critical
Publication of CN113542233B publication Critical patent/CN113542233B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Physics (AREA)
  • Mathematical Optimization (AREA)
  • Computer Hardware Design (AREA)
  • Mathematical Analysis (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a list sharing system and a method based on multiparty security calculation, which belong to the technical field of data processing and solve the problems that the block capacity is infinitely increased and the security of transmission information is to be improved in the prior art.

Description

System and method for sharing list based on multiparty security calculation
Technical Field
The invention belongs to the technical field of data processing, and particularly relates to a list sharing system and method based on multiparty security calculation.
Background
Affected by epidemic situation, and limited scene under finance field. On one hand, a large number of financial product services gradually migrate from offline to online, and the online speed of personal business such as credit products, financial products, insurance products and the like is increasingly increased; on the other hand, many small micro enterprises affected by epidemic situation cannot normally perform operation, and on-line automation of financial business becomes a requirement. The demands of online and intelligent financial institutions are urgent, and the demands become current industry consensus.
The high-speed development of "zero-contact" online financial transactions also presents serious fraud risk challenges to financial institutions. The network black ash is economically eroded, and the characteristics of industrialization, precision, mobility, technologization and the like gradually appear, so that personal financial security is seriously threatened. According to incomplete statistics, black ash production practitioners are over 200 ten thousand, and the economic scale of the black industry reaches hundreds of billions. In order to focus on the network black ash production activity, an effective scheme is to establish an industry list sharing mechanism and co-establish various black ash blacklists such as waste escaping liabilities, financial fraud, phishing, elder Lai, malicious complaints, black production practitioners and the like.
There are still some pain points in the list sharing scheme in the current industry, such as non-uniform identification and use standard, benign information circulation contribution mechanism and the like. From the technical scheme, currently, a blockchain mode is mainly adopted for list sharing, such as patent number CN201910969187.9, and a blockchain-based credit investigation blacklist sharing method and device are adopted; such as CN201810501190.3, a blockchain blacklist sharing method of hash desensitization processing is adopted. Although the scheme of the blockchain realizes the distributed account book, the problems that the capacity of the block is infinitely increased and the safety of the transmission information is to be improved are faced, so that a system capable of blocking financial fraud, reducing external fraud risks and bad risks and realizing automatic risk management and control is urgently needed.
Disclosure of Invention
Aiming at the problems that the block capacity is infinitely increased and the security of transmission information is to be improved in the prior art, the invention provides a list sharing system and a method based on multiparty security calculation, which aim at: the whole-course automatic wind control is realized, the core information is ensured to be available and invisible through an elliptic encryption algorithm, the safety of client information among financial institutions is ensured, and the system stability is improved.
The technical scheme adopted by the invention is as follows:
a multi-party security computation based list sharing system, comprising: the system comprises a list sharing system deployment module, a list uploading module, a list inquiring module and a list early warning module, wherein the list inquiring module and the list early warning module carry out information transmission through an elliptic encryption algorithm.
By adopting the scheme, the whole process automatic wind control after the lending in the lending before the uploading, inquiring and early warning of the list is realized through the system interface configuration by the list sharing system formed by the distributed node system deployment module, the list uploading module, the list inquiring module and the list early warning module, wherein the list inquiring module and the list early warning module encrypt by an elliptic encryption algorithm, the availability invisibility of core information among institutions is ensured by a method comprising public keys and random parameter values, the safety of information transmission and the privacy of customer information are enhanced, and the problem of infinite increase of the block chain block capacity is solved by only storing the information of the institutions on each financial institution node in the distributed system design scheme, and the high stability of the system is ensured. Meanwhile, the system design has high usability, strong expandability and high system toolization degree.
The list sharing system module comprises a front-end processor, and a list sharing system for multiparty secure computation is deployed in the front-end processor.
The list uploading module comprises an API interface and a file interface.
The list uploading module comprises a timing mode and a real-time mode.
A list sharing method based on multiparty security calculation is characterized by comprising the following steps:
step A: the method comprises the steps of deploying a distributed list sharing system deployment module, wherein a front-end processor is arranged in each of N financial institutions, and a monitoring node is arranged;
and (B) step (B): uploading name list information to a front-end processor by N financial institutions, wherein the list information comprises a client id and a list type;
step C: the inquiry request sending end inputs the client id into a list inquiry module, the list inquiry module encrypts the id through an elliptic encryption algorithm, then transmits the encrypted client id to the receiving end, and after the receiving end decrypts the client id, encrypts the result information through the list inquiry module through the elliptic encryption algorithm and transmits the result information to the inquiry request sending end to finish list inquiry;
step D: the list early warning module performs list early warning on the receipt of the intersection with the list information, integrates the client id of the list intersection information and the list type into an information set P-Q, and transmits the P-Q to a receiving end to finish the list early warning.
By adopting the scheme, the security of the information interaction process between each financial institution can be ensured by encrypting the client id and the corresponding list type by the elliptic encryption algorithm, and the core information between the financial institutions is invisible, so that the real-time monitoring and early warning of the list is realized in the early warning process based on the elliptic encryption algorithm, a new innovative scheme is provided for the automatic wind control after the lending of the 1 financial institution, and meanwhile, the early warning is only carried out on the client information of the financial institution, and the security of the client information between the financial institutions is also ensured.
The specific steps of the step C are as follows:
c1: the front-end processor of the sending end randomly generates 2 non-negative integers, which are marked as a and b, and an initialized elliptic curve Ep (a and b) is constructed, wherein the mathematical formula corresponding to the curve is as follows: y is 2 =x 3 +ax+b, the system randomly selects a point on the elliptic curve as a base point G;
c2: the sending end randomly generates a private key in the front-end processor, and the private key is recorded as k, wherein k is any real number. Meanwhile, generating an interactive public key K, wherein K=kG;
and C3: the sender initiates list inquiry information of id=d, maps the client primary key information d to ellipse, and marks M as
Figure SMS_1
And C4: the method comprises the steps that an emitting end automatically generates a random number r, r is any real number, and 2 encryption information items C1 and C2 are generated based on a client primary key ellipse mapping value M, wherein C1=M+rK and C2=rG;
c5: the sending end transmits the encrypted information to the receiving end, the receiving end decrypts the encrypted information, then performs information inquiry with the condition of id=d to obtain t records, encrypts the list types of the clients in the t records by an elliptic encryption algorithm, and transmits the encrypted information to the sending end;
c6: the sending end decrypts to obtain the list type of the inquiring client, writes the inquiring record into the inquiring list data table panel.
By adopting the scheme, the elliptic encryption algorithm can ensure that information leakage does not occur while customer information interaction among financial institutions.
The specific steps of the step C5 are as follows:
step C51: the receiving end obtains M through calculating a C1=M+rK formula;
step C52: the receiving end passes through the formula
Figure SMS_2
Solving the inquiry client d, i.e.)>
Figure SMS_3
Step C53: the receiving end performs id=d condition query in a shared list table panel.query to obtain t records, wherein the t records comprise B1, B2 and b3..
Step C54: elliptic mapping is carried out on the list information parameter B, which is marked as T, namely
Figure SMS_4
Step C55: the front-end processor of the receiving end generates a random number v and generates 2 encryption information items T1 and T2 based on T, wherein T1=T+vK and T2=vG;
step C56: the receiving end transmits the encrypted items T1 and T2 to the transmitting end.
The specific steps of the step C6 are as follows:
step C61: after the sending end obtains the encryption items T1 and T2, decrypting the elliptic mapping value T through a formula of T1=T+vK; the method comprises the steps of carrying out a first treatment on the surface of the
Step C62: by the formula
Figure SMS_5
Pop-up B, wherein->
Figure SMS_6
Then B is disassembled into an array, namely B=b 1 b 2 ……b t Split into arrays [ "b 1 ″,″b 2 ″,……,″b t ″];
Step C63: and the sending end writes the disassembled B into a query list data table panel.query to finish list query.
The specific steps of the step D are as follows:
step D1: the sending end uploads x records to the front-end processor, corresponding to the primary client identity key id=f1, f2, f3 … … fx, corresponding toThe list types are respectively ty 1 ,ty 2 ,……,ty x Recording an uploading name list information set as F;
step D2: splicing the customer identity primary key id information set of the uploading list information set and marking as Y, wherein Y=f 1 f 2 ……f x
Step D3: encrypting the customer identity primary key id information set Y through an elliptic encryption algorithm, and transmitting each parameter in the encrypted customer identity primary key id information set Y to a receiving end;
step D4: the receiving end decodes the encrypted information set Y and performs limiting condition id in (Y=f 1 f 2 ……f x ) Inquiring to obtain yn record, integrating non-empty information set as Y_Q, Y_Q=f y1 f y2 ……f yn Wherein, yn is more than or equal to 1 and less than or equal to x, y1, y2 and … …, and yn is an integer;
step D5: encrypting the non-empty information set Y_Q by an elliptic encryption algorithm, transmitting the encrypted non-empty information set Y_Q to an emitting end, decrypting the encrypted non-empty information set Y_Q by the emitting end to obtain Y_Q, inquiring the Type of a list in the uploading list information set according to the Y_Q, and splicing the result into a type_Q;
step D6: the sending end encrypts the type_Q through an elliptic encryption algorithm and transmits the type_Q to the receiving end, and the receiving end decrypts the type_Q to obtain the type_Q;
step D7: splitting and restoring Y_Q and type_Q into an early warning information set P_Q, writing the P-Q into a list early warning data table panel.warning, and automatically pushing the record to a corresponding financial institution by a system every time the panel.warning is written into the data record.
The elliptic encryption algorithm encryption mentioned in the steps D3, D4, D5 and D6 is the same as that in the steps C3 and C4, and the decryption method mentioned is the same as that in the steps C51 and C52.
In summary, due to the adoption of the technical scheme, the beneficial effects of the invention are as follows:
1. the system is characterized in that the whole process automation wind control after the lending in the pre-lending of the list uploading, the list inquiring and the list early warning is realized through the system interface configuration by a list sharing system formed by a distributed node system deployment module, a list uploading module, a list inquiring module and a list early warning module, wherein the list inquiring module and the list early warning module are encrypted through an elliptic encryption algorithm, the method comprising public keys and random parameter values ensures that the core information between institutions is invisible, the safety of information transmission and the privacy of client information are enhanced, and the distributed system design scheme only stores the information of the institutions on the nodes of each financial institution, so that the problem of infinite increase of the block chain block capacity is solved, and the high stability of the system is ensured. Meanwhile, the system design has high usability, strong expandability and high system toolization degree.
2. By encrypting the client id and the corresponding list type by an elliptic encryption algorithm, the security of the information interaction process between each financial institution and the availability of core information between institutions can be ensured, real-time monitoring and early warning of the list is realized in an early warning process based on the first-pass Brillouin encryption algorithm, a new innovation scheme is provided for automatic wind control after lending of 1 financial institution, and meanwhile, only the client information of the financial institution is early warned, and the security of the client information between the financial institutions is ensured.
3. By the elliptic encryption algorithm, the customer information interaction among all financial institutions can be ensured, and the information leakage condition is avoided.
Drawings
The invention will now be described by way of example and with reference to the accompanying drawings in which:
FIG. 1 is a list sharing system design of one embodiment of the present invention;
FIG. 2 is a list query flow diagram of one embodiment of the invention;
FIG. 3 is a list pre-warning flowchart of one embodiment of the present invention.
Detailed Description
All of the features disclosed in this specification, or all of the steps in a method or process disclosed, may be combined in any combination, except for mutually exclusive features and/or steps.
The present invention will be described in detail with reference to fig. 1 and 2.
Embodiment one:
a multi-party security computation based list sharing system, comprising: the system comprises a list sharing system deployment module, a list uploading module, a list inquiring module and a list early warning module, wherein the list inquiring module and the list early warning module carry out information transmission through an elliptic encryption algorithm.
The list sharing system module comprises a front-end processor, and a list sharing system for multiparty secure computation is deployed in the front-end processor.
The list uploading module comprises an API interface and a file interface.
The list uploading module comprises a timing mode, a temporary uploading mode and a real-time mode.
In the above embodiment, the front-end processor may be adjusted according to the number of financial institutions to be deployed, each financial institution sets a front-end processor, and the front-end processor may function as a gateway to implement information exchange between the internal and external networks, and then a list sharing system based on multiparty security computation needs to be deployed on the front-end processor of each financial institution, each distributed system is marked as a node, and uploading of a list, querying of a list, and early warning of a list all interact between the nodes. Meanwhile, a monitoring node is provided for mainly monitoring the call continuity of the system and ensuring the stable operation of the system. When the number of financial institutions is 4, the design scheme of the list sharing system based on multiparty security calculation is shown in fig. 1.
The list uploading module comprises an API interface and a file interface, wherein the API interface can complete single uploading of list information, and only one record is uploaded in one interaction; if the batch information needs to be uploaded, the batch information needs to be interacted for a plurality of times through the API interface. The file interface refers to batch uploading of list information, and batch record uploading is completed through one-time interaction;
the API interface calling mode is HTTP POST request, and the parameter format is JSON; the request parameters of the interface include 2 mandatory fields: id, the field is in a character string format, the length of the field is set to 32 bits, and the field is encrypted user identification card information of MD 5; the type is a character string format, the length of the field is set to be 4 bits, and the field consists of four integers of 0-9 and represents the coding of the list type. The list type codes are agreed by financial institutions, and the invention provides the following schemes for reference: 0001 represents a telecom fraud list; 0002 denotes an identity pseudo list, etc. The return parameters of the interface include 1 field: the resultatecode is in a character string format, is a mandatory field, is set to be 3 bits in length, consists of three integers of 0-9, and represents an interface call result code. The interface call result code 000 indicates that the list uploading is successful; 001 indicates a list upload failure; 002 indicates a request parameter error; if the financial institution A1 initiates a request: { id: "5 a4185412fa9b3a69296890ed36eec 73", type: "0001" }, the pen request return parameter is { resultCode: "000" }, then means that the financial institution A1 successfully uploaded a telecommunication fraud record for the customer 5a4185412fa9b3a69296890ed36eec 73.
The file interface mode is called by HTTP POST request, the parameter format is that the file assumes that the file has m records, the system automatically analyzes the file into JSON array comprising 2 necessary fields, and the file interface mode is as follows [ { id: "i 1 ”,″type″:″t 1 ”},……, {″id″:″i j ″,″type″:″t j ″},……,{″id″:″i m ″,″type″:″t m ″}]Wherein i is j And t j The values of the client identity primary key id and the list type are respectively represented, and j=1, 2, … …, m and m are positive integers. The return parameters of the interface include 1 field: the resultatecode is in a character string format, is a mandatory field, is set to be 3 bits in length, consists of three integers of 0-9, and represents an interface call result code. The interface calls a result code such as 000 to indicate that the list uploading is successful; 001 indicates a list upload failure; 002 indicates request parameter errors, etc.
The list uploading module comprises three modes, namely real-time uploading, timing uploading and temporary uploading. The real-time uploading refers to that the wind control system of the financial institution directly interfaces with the front-end processor system, and the system automatically triggers and invokes a list uploading API interface based on multiparty security calculation whenever the wind control system qualitatively or digs a fraudulent or high-risk user. The timing uploading refers to a set timing task, such as 5 am every day, a data system of a financial institution directly requests to call a list uploading APl interface based on multiparty security calculation in batches, or calls a list uploading file interface based on multiparty security calculation at one time based on a generated list file. Temporary uploading refers to temporarily uploading one or more name list records, and the general application scenario is that when a high-risk client is found in the post-loan collection or customer service processing process, relevant staff of a financial institution can directly upload files through a front-end processor system interface to realize uploading of lists.
When the financial institutions upload the name list information, the system automatically writes the list information into databases corresponding to the financial institutions, the names of the databases are marked as panel, the names of the data lists uploaded by the lists are shared list tables and marked as blackList, the database information of each financial institution is visible in the whole quantity of the financial institutions, and safe sharing is realized through list inquiry and early warning.
Embodiment two:
a list sharing method based on multiparty security calculation is characterized by comprising the following steps:
step A: the method comprises the steps of deploying a distributed list sharing system deployment module, wherein a front-end processor is arranged in each of N financial institutions, and a monitoring node is arranged;
and (B) step (B): uploading name list information to a front-end processor by N financial institutions, wherein the list information comprises a client id and a list type;
step C: the inquiry request sending end inputs the client id into a list inquiry module, the list inquiry module encrypts the id through an elliptic encryption algorithm, then transmits the encrypted client id to the receiving end, and after the receiving end decrypts the client id, encrypts the result information through the list inquiry module through the elliptic encryption algorithm and transmits the result information to the inquiry request sending end to finish list inquiry;
step D: the list early warning module performs list early warning on the receipt of the intersection with the list information, integrates the client id of the list intersection information and the list type into an information set P-Q, and transmits the P-Q to a receiving end to finish the list early warning.
The specific steps of the step C are as follows:
c1: the front-end processor of the sending end randomly generates 2 non-negative integers, which are marked as a and b, and an initialized elliptic curve Ep (a and b) is constructed, wherein the mathematical formula corresponding to the curve is as follows: y is 2 =x 3 +ax+b, the system randomly selects a point on the elliptic curve as a base point G;
c2: the sending end randomly generates a private key in the front-end processor, and the private key is recorded as k, wherein k is any real number. Meanwhile, generating an interactive public key K, wherein K=kG;
and C3: the sender initiates list inquiry information of id=d, maps the client primary key information d to ellipse, and marks M as
Figure SMS_7
And C4: the method comprises the steps that an emitting end automatically generates a random number r, r is any real number, and 2 encryption information items C1 and C2 are generated based on a client primary key ellipse mapping value M, wherein C1=M+rK and C2=rG;
c5: the sending end transmits the encrypted information to the receiving end, the receiving end decrypts the encrypted information, then performs information inquiry with the condition of id=d to obtain t records, encrypts the list types of the clients in the t records by an elliptic encryption algorithm, and transmits the encrypted information to the sending end;
c6: the sending end decrypts to obtain the list type of the inquiring client, writes the inquiring record into the inquiring list data table panel.
The specific steps of the step C5 are as follows:
step C51: the receiving end obtains M through calculating a C1=M+rK formula;
step C52: the receiving end passes through the formula
Figure SMS_8
Solving the inquiry client d, i.e.)>
Figure SMS_9
Step C53: the receiving end performs id=d condition query in a shared list panel.query to obtain t records, wherein the t records comprise B1, B2 and B3 … … bt total t list types to form a JSON formula array, and the queried array records are given to construct a list information parameter B, wherein B=b1b2b3 … … bt;
step C54: elliptic mapping is carried out on the list information parameter B, which is marked as T, namely
Figure SMS_10
Step C55: the front-end processor of the receiving end generates a random number v and generates 2 encryption information items T1 and T2 based on T, wherein T1=T+vK and T2=vG;
step C56: the receiving end transmits the encrypted items T1 and T2 to the transmitting end.
The specific steps of the step C6 are as follows:
step C61: after the sending end obtains the encryption items T1 and T2, decrypting the elliptic mapping value T through a formula of T1=T+vK; the method comprises the steps of carrying out a first treatment on the surface of the
Step C62: by the formula
Figure SMS_11
Solving for B, wherein->
Figure SMS_12
Then B is disassembled into an array, namely B=b 1 b 2 ……b t Split into arrays [ "b 1 ″,″b 2 ″,……,″b t ″];
Step C63: and the sending end writes the disassembled B into a query list data table panel.query to finish list query.
The specific steps of the step D are as follows:
step D1: the sending end uploads x records to the front-end processor, and the corresponding client identity primary keys id=f1, f2 and f3. 1 ,ty 2 ,……,ty x Recording an uploading name list information set as F;
step D2: splicing the customer identity primary key id information set of the uploading list information set and marking as Y, wherein Y=f 1 f 2 ……f x
Step D3: encrypting the customer identity primary key id information set Y through an elliptic encryption algorithm, and transmitting each parameter in the encrypted customer identity primary key id information set Y to a receiving end;
step D4: the receiving end decodes the encrypted information set Y and performs limiting condition id in (Y=f 1 f 2 ……f x ) Inquiring to obtain yn record, integrating non-empty information set as Y_Q, Y_Q=f y1 f y2 ……f yn Wherein, yn is more than or equal to 1 and less than or equal to x, y1, y2 and … …, and yn is an integer;
step D5: encrypting the non-empty information set Y_Q by an elliptic encryption algorithm, transmitting the encrypted non-empty information set Y_Q to an emitting end, decrypting the encrypted non-empty information set Y_Q by the emitting end to obtain Y_Q, inquiring the Type of a list in the uploading list information set according to the Y_Q, and splicing the result into a type_Q;
step D6: the sending end encrypts the type_Q through an elliptic encryption algorithm and transmits the type_Q to the receiving end, and the receiving end decrypts the type_Q to obtain the type_Q;
step D7: splitting and restoring Y_Q and type_Q into an early warning information set P_Q, writing the P_Q into a list early warning data table panel.warning, and automatically pushing the record to a corresponding financial institution by a system every time the panel.warning is written into the data record.
The elliptic encryption algorithm encryption mentioned in the steps D3, D4, D5 and D6 is the same as that in the steps C3 and C4, and the decryption method mentioned is the same as that in the steps C51 and C52.
In the above embodiment, in order to better understand the scheme, two financial institutions A1 and A2 are provided to perform information interaction, and the front-end processor of A1 randomly generates a private key to record k, where k is any real number. Meanwhile, generating an interactive public key K, wherein K=kG; assume that the financial institution A1 initiates a list information query of the customer identity primary key id=d, maps the customer primary key information id=d to an ellipse, denoted as M, i.e.
Figure SMS_13
The node system of the financial institution A1 automatically generates a random number r, r being any real number. Generating 2 encrypted information items C1 and C2 based on the customer primary key ellipse mapping value M, wherein c1=m+rk, c2=rG, G; the financial institution A1 transmits the elliptic parameters a and b, the elliptic base point G, the public key K and the encryption information items C1 and C2 to the financial institution A2; financial institution A2 decrypts elliptic map value M. I.e. calculate C1-kc2, C1-kc2=m+rk-k (rG) =m+rk-r (kG) =m; the financial institution A2 node system passes the formula +.>
Figure SMS_14
Inverse solving the query customer identity primary key d, i.e. +.>
Figure SMS_15
The limit condition id=d in the shared list table panel. Blacklist of the front-end processor node of the financial institution A2 is queried, and it is assumed that t records are queried, namely: customer with customer identity primary key id=d hits b 1 ,b 2 ,……,b t Totaling t list types, the formed JSON array is [ { "id": "d"; "type": "b 1 ″},{″id″:″d″;″type″:″b 2 ″},……,{″id″:″d″;″type″:″b t ″}]. Building a list information parameter B, b=b, based on array records of a query 1 b 2 ……b t The method comprises the steps of carrying out a first treatment on the surface of the The financial institution A2 system automatically maps the list information parameter B of the customer to ellipse, which is marked as T, namely
Figure SMS_16
The financial institution A2 system automatically generates a random number v, v being any real number. Generating 2 encrypted information items T1 and T2 based on the list information parameter elliptic mapping value T, wherein t1=t+vk, t2=vg; the financial institution A2 transmits the encrypted information items T1 and T2 to the financial institution A1;
financial institution A1 decrypts oval map value T. I.e. calculate T1-kT2, T1-kt2=t+vk-k (vG) =t+rk-r (kG) =t;
the financial institution A1 restores the list information of the customers whose identity primary key id=d. Calculating the list information parameter B based on the ellipse mapping value T, namely by a formula
Figure SMS_17
Inverse resolution of B, wherein->
Figure SMS_18
Splitting B into arrays, i.e. b=b 1 b 2 ......b t Split into arrays [ "b [ 1 ”,”b 2 ”,……,”b t ″]. At this time, the restored identity primary key id=d customer list information is { "id": "d"; "type": [ "b 1 ”,″b 2 ”,……,”b t ”]' i.e. the client who describes the main key id=d of the identity card hits t lists of types at the same time, b 1 ,b 2 ,……,b t . And simultaneously, writing the query record into a query list data table page. Thus, through the elliptic encryption algorithm, the privacy security of the user identity information value and the list information value in the list query process is ensured, and the high security of the information interaction between institutions is realized.
In the list early warning module, when a certain finance uploads a batch of list information, real-time early warning can be realized for other financial institutions intersected with the batch of list clients. In order to ensure information security among financial institutions, only own clients of the financial institutions are warned, wherein the own clients of the financial institutions are subject to records in a list query data table panel. Assuming that 3 records are shared by the financial institution A1 upload, the corresponding set of list information is [ { "id": "h1"; "type": u (U) 1 ”},
{id:″h3″;″type″:″U 3 ″},{″id″:″h4″;″type″:″U 4 ″}]If the panel query of the financial institution A2 includes three records, corresponding to the primary key id=h1, h2, and h3 of the customer identity, respectively; the early warning information pushed to the financial institution A2 at this time is:
[{″id″:″h1″;″type″:″U 1 ″},{″id″:″h3″;″type″:″U 3 ″}]
in order to better understand the scheme, two financial institutions A1 and A2 are set for information interaction; wherein the financial institution A1 uploads 3 records that are shared, and the corresponding list information set is:
[{“id”:”h1”;”type”:”U 1 ”}{”id”:”h3”;”type”:”U 3 ”}{id:″h4″;type:″U 4 ″}]
the panel query of the financial institution A2 comprises three records corresponding to the primary customer identity keys id=h1, h2, h3, respectively; the early warning information pushed to the financial institution A2 at this time is:
[{″id″:″h1″;″type″:″U 1 ″},{″id″:″h3″;″type″:″U 3 ″}]
the method comprises the following specific steps: the financial institution A1 uploads n list records through the front-end processor system, and the corresponding customer identity primary key ids are f respectively 1 ,f 2 ,……,f n The corresponding list types are respectively ty 1 ,ty 2 ,……,ty n And recording the uploaded list information set as F, wherein:
F=[{″id″:″f 1 ″;″type″:″ty 1 ″},{″id″:″f 2 ″;″type″:″ty 2 ″},{″id″:″f x ″;″type″:″ty n ″}]。
splicing the customer identity primary key id information set of the uploading list information set, and marking as Y, wherein Y=f 1 f 2 ……f x The front-end processor system of the financial institution A1 randomly generates 2 non-negative integers, which are recorded as A1 and b1, and an initialized elliptic curve Ep (A1 and b 1) is constructed, wherein the mathematical formula corresponding to the curve is as follows: y is 2 =x 3 +a1x+b1. Then, randomly selecting a point on the elliptic curve by the system as a base point G1; customer identity primary key id information set y=f uploaded by financial institution A1 1 f 2 ……f x Mapped onto ellipses, denoted as M1, namely:
Figure SMS_19
Figure SMS_20
the system automatically generates a random number r1, r1 being any real number. Generating 2 encryption information values C1_1 and C based on a customer identity primary key id information set ellipse mapping value M12_1, wherein c1_1=m1+r1k1, c2_1=r1g1;
the financial institution A1 transmits the elliptic parameters A1 and b1, the elliptic base point G1, the public key K1, the encrypted information items c1_1 and c2_1 to the financial institution A2;
the front-end processor system of the financial institution A2 passes through the formula
Figure SMS_21
Inverse solving for Y, wherein
Figure SMS_22
Condition id in (f) is defined in the data table panel.query of the front-end processor node of the financial institution A2 1 ,f 2 ,……,f n ) Inquiring, namely, assuming that yn record is inquired, and recording inquired non-empty identity primary key id information set as Y_Q, wherein Y_Q=f y1 f y2 ……f yn Wherein y1, y2, … …, yn n and y1, y2, … … are integers.
And carrying out elliptic mapping on the queried identity primary key id information set Y_Q. The financial institution A2 system automatically maps the queried list information parameter Y_Q to an ellipse, and marks as T1, namely:
Figure SMS_23
the financial institution A2 system automatically generates a random number v1, v1 being any real number. Generating 2 encryption information values t1_1 and t2_1 based on the list information parameter ellipse mapping value T1, wherein t1_1=t1+v1k1, t2_1=v1g1; the financial institution A2 transmits the encrypted information items t1_1 and t2_1 to the financial institution A1;
financial institution A1 decrypts oval mapping values T1 and YQ. First calculate T1 1 -k1T2,T1 1 -k1T2 1 =t1+v1k1-K1 (v 1G 1) =t1+v1k1-v 1 (K1G 1) =t1. The identity primary key id information set YQ of query is calculated based on the ellipse mapping value T1, namely by a formula
Figure SMS_24
Inverse solving Y_Q, wherein +.>
Figure SMS_25
Identity primary key id information set y_q=f y1 f y2 ……f yn Splitting Y_Q and limiting conditional customer identity primary key information:
id=f y1 or f y2 Or … … or f yn
In F= [ ("id": F) 1 ″;″type″:″ty 1 ″},{″id″:″f 2 ″;″type″:″ty 2 ″},{″id″:″f n ″;″type″:″ty n ″}]The queried list Type splice set is type_q, namely type_q=ty y1 ty y2 ......ty yn . Type Q is mapped onto an ellipse, denoted M2,
Figure SMS_26
an encryption information item of M2 is generated. The financial institution A1 system automatically generates a random number r2, r2 being any real number. Generating 2 encryption information values C1 based on the list type information elliptic mapping value M2 2 And C2 2 Wherein C1 2 =M2+r2K1,C2 2 =r2G1。
The financial institution A1 transmits the encrypted information items c1_2 and c2_2 to the financial institution A2, which calculates first: c1_2-k1c2_2, c1_2-kc2_2=m2+r2k1-k1 (r2g1) =m2+r2k1-r 2 (k1g1) =m2. Calculating the queried list Type information set type_Q based on the ellipse mapping value M2, namely through a formula
Figure SMS_27
Inverse solving type_Q, wherein +.>
Figure SMS_28
Primary key id information set y_q=f y1 f y2 ……f yn And parsing the post-list type information set: type_q=ty y1 ty y2 ……ty yn Splitting and restoring the information into an early warning information set P_Q, wherein:
P_Q=[{″id″:″y1″;″type″:″ty y1 ″},{″id″:″y2″;″type″:″ty y2 ″},{″id″:″yn″;″type″:″ty yn ″}]。
and then writing the record into a list early warning data table. Meanwhile, when the list early warning data table panel.warning is written into the data record, the system automatically pushes the record to a wind control system of a financial institution for early warning treatment.
The foregoing examples merely represent specific embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the present application. It should be noted that, for those skilled in the art, several variations and modifications can be made without departing from the technical solution of the present application, which fall within the protection scope of the present application.

Claims (8)

1. The list sharing method based on multiparty security calculation comprises a shared list system, wherein the shared list system comprises a list sharing system deployment module, a list uploading module, a list inquiring module and a list early warning module, and is characterized in that the list inquiring module and the list early warning module carry out information transmission through an elliptic encryption algorithm;
the list sharing method comprises the following steps:
step A: the method comprises the steps of deploying a distributed list sharing system deployment module, wherein a front-end processor is arranged in each of N financial institutions, and a monitoring node is arranged;
and (B) step (B): uploading name list information to a front-end processor by N financial institutions, wherein the list information comprises a client id and a list type;
step C: the inquiry request sending end inputs the client id into a list inquiry module, the list inquiry module encrypts the id through an elliptic encryption algorithm, the encrypted client id is transmitted to the receiving end, the receiving end decrypts the client id, and the result information corresponding to the client id is encrypted through the list inquiry module through the elliptic encryption algorithm and transmitted to the inquiry request sending end, so that list inquiry is completed;
step D: the list early warning module performs list early warning on a receiving end with an intersection with list information, integrates and encrypts a client id set of the list intersection information and a list type set into an information set P-Q, and transmits the P-Q to the receiving end to finish list early warning;
the specific steps of the step C are as follows:
c1: the front-end processor of the sending end randomly generates 2 non-negative integers, which are marked as a and b, and an initialized elliptic curve Ep (a and b) is constructed, wherein the mathematical formula corresponding to the curve is as follows: y is 2 =x 3 +ax+b, the system randomly selects a point on the elliptic curve as a base point G;
c2: the sending end randomly generates a private key in the front-end processor, and the private key is recorded as k which is any real number; meanwhile, generating an interactive public key K, wherein K=kG;
and C3: the sender initiates list inquiry information of id=d, maps the client primary key information d to ellipse, and marks M as
Figure QLYQS_1
The sending end automatically generates a random number r, r is any real number, and generates 2 encryption information items C1 and C2 based on a client primary key ellipse mapping value M, wherein C1=M+rK, and C2=rG;
c5: the sending end transmits the encrypted information to the receiving end, the receiving end decrypts the encrypted information, then performs information inquiry with the condition of id=d to obtain t records, encrypts the list types of the clients in the t records by an elliptic encryption algorithm, and transmits the encrypted information to the sending end;
c6: the sending end decrypts to obtain the list type of the inquiring client, and writes the inquiring record into the inquiring list data table
And (5) panel.query, and ending list query.
2. The method for sharing a list based on multiparty security computing of claim 1, wherein the list sharing system module comprises a front-end processor, wherein the front-end processor stores a list sharing system of multiparty security computing.
3. The method for sharing a list based on multiparty security computation according to claim 1, wherein the list uploading module comprises an API interface and a file interface.
4. The method for sharing a list based on multiparty security computation of claim 1, wherein the list upload module comprises a timing mode and a real-time mode.
5. The method for sharing a list based on multiparty security computation according to claim 1, wherein the specific steps of step C5 are as follows:
step C51: the receiving end obtains M through calculating a C1=M+rK formula;
step C52: the receiving end passes through the formula
Figure QLYQS_2
Solving the inquiry client d, i.e.)>
Figure QLYQS_3
Step C53: the receiving end performs id=d condition query in a shared list panel.query to obtain t records, wherein the t records comprise B1, B2 and B3 … … bt total t list types to form a JSON formula array, and the queried array records are given to construct a list information parameter B, wherein B=b1b2b3 … … bt;
step C54: elliptic mapping is carried out on the list information parameter B, which is marked as T, namely
Figure QLYQS_4
Step C55, the front-end processor of the receiving end generates a random number v and generates 2 encrypted information items T1 and T2 based on T, wherein t1=t+vk, t2=vg;
step C56: the receiving end transmits the encrypted items T1 and T2 to the transmitting end.
6. The method for sharing a list based on multiparty security computation according to claim 1, wherein the specific steps of step C6 are as follows:
step C61: after the sending end obtains the encryption items T1 and T2, decrypting the elliptic mapping value T through a formula of T1=T+vK;
step C62: by the formula
Figure QLYQS_5
Solving for B, wherein->
Figure QLYQS_6
Then B is disassembled into an array, namely B=b 1 b 2 ……b t Split into arrays [ "b [ 1 ","b 2 ",……,"b t "];
Step C63: and the sending end writes the disassembled B into a query list data table panel.query to finish list query.
7. The method for sharing lists based on multiparty security computation according to claim 5, wherein the specific steps of step D are as follows:
step D1: the sending end uploads x records to the front-end processor, and the corresponding primary keys id=f1, f2, f3 … … fx of the client identity and the corresponding types of the lists are respectively ty 1 ,ty 2 ,……,ty x Recording an uploading name list information set as F;
step D2: splicing the customer identity primary key id information set of the uploading list information set and marking as Y, wherein Y=f 1 f 2 ……f x
Step D3: encrypting the customer identity primary key id information set Y through an elliptic encryption algorithm, and transmitting each parameter in the encrypted customer identity primary key id information set Y to a receiving end;
step D4: the receiving end decodes the encrypted information set Y and performs limiting condition idin (Y=f in the front-end processor according to Y 1 f 2 ……f x ) Inquiring to obtain yn record, integrating non-empty information set as Y_Q, Y_Q=f y1 f y2 ……f yn Wherein, yn is more than or equal to 1 and less than or equal to x, y1, y2 and … …, and yn is an integer;
step D5: encrypting the non-empty information set Y_Q by an elliptic encryption algorithm, transmitting the encrypted non-empty information set Y_Q to an emitting end, decrypting the encrypted non-empty information set Y_Q by the emitting end to obtain Y_Q, inquiring the Type of a list in the uploading list information set according to the Y_Q, and splicing the result into a type_Q;
step D6: the sending end encrypts the type_Q through an elliptic encryption algorithm and transmits the type_Q to the receiving end, and the receiving end decrypts the type_Q to obtain the type_Q;
step D7: splitting and restoring Y_Q and type_Q into an early warning information set P_Q, writing the P_Q into a list early warning data table panel.warning, and automatically pushing the record to a corresponding financial institution by a system every time the panel.warning is written into the data record.
8. The method for sharing a list based on equal multiparty security calculation according to claim 6, wherein the elliptic encryption algorithm encryption mentioned in the steps D3, D4, D5 and D6 is the same as the steps C3 and C4, and the decryption method mentioned is the same as the steps C51 and C52.
CN202110703999.6A 2021-06-24 2021-06-24 System and method for sharing list based on multiparty security calculation Active CN113542233B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110703999.6A CN113542233B (en) 2021-06-24 2021-06-24 System and method for sharing list based on multiparty security calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110703999.6A CN113542233B (en) 2021-06-24 2021-06-24 System and method for sharing list based on multiparty security calculation

Publications (2)

Publication Number Publication Date
CN113542233A CN113542233A (en) 2021-10-22
CN113542233B true CN113542233B (en) 2023-05-12

Family

ID=78125777

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110703999.6A Active CN113542233B (en) 2021-06-24 2021-06-24 System and method for sharing list based on multiparty security calculation

Country Status (1)

Country Link
CN (1) CN113542233B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101334901A (en) * 2007-06-28 2008-12-31 内蒙古银安科技开发有限责任公司 Resident identity card based ticket real name control method
CN105335354A (en) * 2015-12-09 2016-02-17 中国联合网络通信集团有限公司 Cheat information recognition method and device
CN111177769A (en) * 2020-04-10 2020-05-19 支付宝(杭州)信息技术有限公司 Private data protection list query method and related list query system
CN111881479A (en) * 2020-07-30 2020-11-03 江苏苏宁银行股份有限公司 Anti-money laundering list sharing system and method based on block chain
CN112884564A (en) * 2021-01-08 2021-06-01 四川新网银行股份有限公司 Real-time debt sharing risk management and control system and method based on multi-party security calculation
US11030685B1 (en) * 2014-05-14 2021-06-08 Affirm, Inc. Refinancing tools for purchasing transactions

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101334901A (en) * 2007-06-28 2008-12-31 内蒙古银安科技开发有限责任公司 Resident identity card based ticket real name control method
US11030685B1 (en) * 2014-05-14 2021-06-08 Affirm, Inc. Refinancing tools for purchasing transactions
CN105335354A (en) * 2015-12-09 2016-02-17 中国联合网络通信集团有限公司 Cheat information recognition method and device
CN111177769A (en) * 2020-04-10 2020-05-19 支付宝(杭州)信息技术有限公司 Private data protection list query method and related list query system
CN111881479A (en) * 2020-07-30 2020-11-03 江苏苏宁银行股份有限公司 Anti-money laundering list sharing system and method based on block chain
CN112884564A (en) * 2021-01-08 2021-06-01 四川新网银行股份有限公司 Real-time debt sharing risk management and control system and method based on multi-party security calculation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
发挥大数据和信息技术优势 构建电信诈骗防控长效机制;靳晓鹏;《金融电子化》;20161115(第11期);全文 *

Also Published As

Publication number Publication date
CN113542233A (en) 2021-10-22

Similar Documents

Publication Publication Date Title
US20240074004A1 (en) Verification of interactions system and method
US7103772B2 (en) Pervasive, user-centric network security enabled by dynamic datagram switch and an on-demand authentication and encryption scheme through mobile intelligent data carriers
US9300636B2 (en) Secure data exchange technique
US6842628B1 (en) Method and system for event notification for wireless PDA devices
US10263775B2 (en) Policy-based key recovery
US7073066B1 (en) Offloading cryptographic processing from an access point to an access point server using Otway-Rees key distribution
CN111159306B (en) Information publishing method and device based on block chain and computer equipment
CN101375284B (en) Secure data parser method and system
US20180212753A1 (en) End-To-End Secure Operations Using a Query Vector
CN108989346B (en) Third-party valid identity escrow agile authentication access method based on account hiding
CN112287379B (en) Service data using method, device, equipment, storage medium and program product
Aggarwal et al. Security aspect in instant mobile messaging applications
CN114223175A (en) Generating a sequence of network data while preventing acquisition or manipulation of time data
Dhiran et al. Video fraud detection using blockchain
CN112600830B (en) Service data processing method and device, electronic equipment and storage medium
CN113449829A (en) Data transmission method based on optical character recognition technology and related device
CN113542233B (en) System and method for sharing list based on multiparty security calculation
CN116366256A (en) Ethernet intelligent contract vulnerability information security sharing system and method thereof
US11374753B2 (en) System and method for selective transparency for public ledgers
CN114418769A (en) Block chain transaction charging method and device and readable storage medium
CN111695932A (en) Block chain public key method and system based on point transaction
Emmanuel et al. Mobile Banking in Developing Countries: Secure Framework for Delivery of SMS-banking Services
van Oorschot Public Key Cryptography’s Impact on Society: How Diffie and Hellman Changed the World
CN204791026U (en) Thief -proof secure transmission system of getting of sensitive information
US20110288976A1 (en) Total computer security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant