CN113742370A - Data query method and statistical information ciphertext generation method of full-encryption database - Google Patents
Data query method and statistical information ciphertext generation method of full-encryption database Download PDFInfo
- Publication number
- CN113742370A CN113742370A CN202111289678.2A CN202111289678A CN113742370A CN 113742370 A CN113742370 A CN 113742370A CN 202111289678 A CN202111289678 A CN 202111289678A CN 113742370 A CN113742370 A CN 113742370A
- Authority
- CN
- China
- Prior art keywords
- execution module
- data
- trusted execution
- optimizer
- statistical information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2453—Query optimisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Mathematical Physics (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiments disclosed in the present specification provide a data query method and a statistical information ciphertext generation method for a fully-encrypted database. Functionally splitting an optimizer of a database into an optimizer first component and an optimizer second component, wherein the optimizer first component is used for calculating a core parameter for determining an optimized query strategy according to data query condition information and statistical information plaintext; the second component of the optimizer is used for determining an optimized query strategy according to the core parameters. And deploying the first component of the optimizer at the trusted execution module (only the second component of the optimizer is reserved at the non-trusted execution module), and decrypting the first component of the optimizer at the trusted execution module according to the ciphertext of the statistical information to obtain the plaintext of the statistical information.
Description
Technical Field
The embodiments of the present disclosure relate to the field of database technologies, and in particular, to a data query method and a statistical information ciphertext generating method for a fully-encrypted database.
Background
In the field of database technology, an optimizer can be utilized to improve the efficiency of querying data stored in a relational database. After receiving a data query instruction sent by a user, the database management system calls the optimizer to determine an optimized query strategy, and then the database management system performs data query based on the optimized query strategy, so that the query cost can be saved as much as possible, and the query efficiency is improved.
The data query instruction typically specifies a number of data tables in the database and query conditions to be satisfied by data to be queried from the number of data tables. The optimizer may analyze and determine an optimized query policy based on statistical information (e.g., the number of rows in a table, the number of elements in a column after deduplication, a histogram, etc.) that the query condition corresponds to the data table.
In practical applications, in order to avoid exposing the data privacy of the user to the database management system, the user may encrypt the data and submit the encrypted data to the database management system, so as to store the encrypted data in the relational database. Such relational databases are often referred to as fully encrypted databases. However, it is difficult to apply the optimizer in the fully-encrypted database on the premise of ensuring that the data privacy of the user is not exposed to the database management system.
Disclosure of Invention
Embodiments of the present disclosure provide a data query method and a statistical information ciphertext generating method for a fully-encrypted database, so as to apply an optimizer in the fully-encrypted database on the premise of ensuring that data privacy of a user is not exposed to a database management system.
The technical scheme provided by the embodiments of the specification is as follows:
according to a first aspect of various embodiments of the present specification, a data query method for a fully-encrypted database is provided, which is applied to a database management system including a trusted execution module and an untrusted execution module; the trusted execution module is provided with a first component of an optimizer; the untrusted execution module is deployed with a second component of the optimizer; the first optimizer component and the second optimizer component are used for realizing an optimization function in a coordinated manner; the method comprises the following steps:
the non-trusted execution module determines data query condition information and data table identifiers of a plurality of data tables to be queried according to a data query instruction and sends the data table identifiers to the trusted execution module;
the trusted execution module acquires the statistical information ciphertexts corresponding to the data tables and decrypts the statistical information ciphertexts to obtain statistical information plaintexts;
the trusted execution module calls the first component of the optimizer, and calculates core parameters for determining an optimized query strategy according to the data query condition information and the statistical information plaintext;
the trusted execution module sends the core parameters to the untrusted execution module in a clear text form;
the untrusted execution module calls the second component of the optimizer and determines an optimized query strategy according to the core parameters; and performing data query based on the optimized query strategy.
According to a second aspect of various embodiments of the present specification, a method for generating a statistical information ciphertext is provided, where the method is applied to a database management system, and the method includes:
the method comprises the following steps that an untrusted execution module obtains a plurality of data tables to be counted from a full encryption database, wherein each data table comprises a plurality of encrypted data;
the non-trusted execution module sends the data tables to a trusted execution module;
the trusted execution module decrypts the data tables, and the decryption process includes: decrypting each encrypted data in each data table;
the trusted execution module calls a first component of an optimizer, and generates statistical information plaintext corresponding to the data tables according to the decrypted data tables;
and the trusted execution module encrypts the statistical information plaintext to obtain statistical information ciphertexts corresponding to the data tables.
According to a third aspect of various embodiments herein, a database management system is provided, which includes a trusted execution module and an untrusted execution module; the trusted execution module is provided with a first component of an optimizer; the untrusted execution module is deployed with a second component of the optimizer; the first optimizer component and the second optimizer component are used for realizing a collaborative realization optimization function;
the non-trusted execution module determines data query condition information and data table identifiers of a plurality of data tables to be queried according to the data query instruction and sends the data table identifiers to the trusted execution module; calling a second component of the optimizer, and determining an optimized query strategy according to core parameters; and performing data query based on the optimized query strategy.
The trusted execution module acquires the statistical information ciphertexts corresponding to the data tables and decrypts the statistical information ciphertexts to obtain statistical information plaintexts; calling the first component of the optimizer, and calculating a core parameter for determining an optimized query strategy according to the data query condition information and the statistical information plaintext; and sending the core parameters to the untrusted execution module in a clear text form.
According to the technical scheme, an optimizer of the database is functionally split into an optimizer first component and an optimizer second component, wherein the optimizer first component is used for calculating a core parameter for determining an optimized query strategy according to data query condition information and statistical information plaintext; the second component of the optimizer is used for determining an optimized query strategy according to the core parameters. On the basis of the existing database management system, a trusted execution module is deployed in the database management system, one or more functional modules except the trusted execution module in the database management system are called as non-trusted execution modules, a first component of an optimizer is deployed in the trusted execution module (only a second component of the optimizer is retained in the non-trusted execution module), and the trusted execution module decrypts according to a cipher text of statistical information to obtain a plaintext of the statistical information, so that the plaintext of the statistical information can be prevented from being leaked to the database management system.
Drawings
Fig. 1 is a schematic flowchart of a data query method for a fully-encrypted database provided in this specification.
Fig. 2 is a schematic diagram of a specific data query method provided in this specification.
Fig. 3 is a schematic flow chart of another data query method for a fully encrypted database provided in the present specification.
Fig. 4 is a schematic flowchart of a statistical information ciphertext generating method provided in this specification.
Fig. 5 is a schematic diagram of a specific statistical information ciphertext generating method provided in this specification.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the method may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.
For a fully encrypted database, the optimizer function still needs to be supported, and the optimizer needs to analyze and determine an optimized query strategy based on statistical information in plaintext. Although the statistical information corresponding to the data table does not relate to the specific content of the data in the data table, the statistical rules of the data in the data table can be reflected, the statistical rules of the data also belong to the data privacy of the user, and in any case, the possibility of reasoning out the data plaintext based on the statistical rules of the data also exists theoretically, so that more data privacy is revealed. Therefore, the user often does not want to expose the statistics corresponding to the data table to the database management system.
Therefore, how to not only reveal the data privacy of the user to the database management system, but also enable the database management system to use the optimizer to obtain the optimized query strategy to perform data query is a technical problem to be urgently solved in the field.
To this end, in one or more embodiments provided in this specification, an optimizer of a database is functionally split into an optimizer first component and an optimizer second component, where the optimizer first component is configured to calculate a core parameter for determining an optimized query policy according to data query condition information and statistical information plaintext; the second component of the optimizer is used for determining an optimized query strategy according to the core parameters. On the basis of the existing database management system, a trusted execution module is deployed in the database management system, one or more functional modules except the trusted execution module in the database management system are called as non-trusted execution modules, a first component of an optimizer is deployed in the trusted execution module (only a second component of the optimizer is retained in the non-trusted execution module), and the trusted execution module decrypts according to a cipher text of statistical information to obtain a plaintext of the statistical information, so that the plaintext of the statistical information can be prevented from being leaked to the database management system.
The technical solution provided in the present specification is described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of a data query method for a fully-encrypted database provided in this specification, including the following steps:
s100: and the untrusted execution module determines the data query condition information and the data table identifications of the data tables to be queried according to the data query instruction.
S102: and the non-trusted execution module sends the data query condition information and the data table identifications of the data tables to be queried to the trusted execution module.
The method shown in FIG. 1 may be applied to a database management system that includes trusted and untrusted execution modules. The database management system may be a software-level concept, and the trusted execution module and the untrusted execution module may also be a software-level concept. The trusted execution module and the untrusted execution module are decoupled in design, so that the trusted execution module is independent of the untrusted execution module, and data in the trusted execution module is not exposed to the untrusted execution module.
It should be noted that the untrusted execution module may be understood as one or more functional modules in an existing database management system, and the database management system in the technical solution provided in this specification is an improvement on the existing database management system, and the untrusted execution module is deployed in the existing database management system to obtain the database management system in the technical solution provided in this specification.
The trusted execution module can be deployed on a server or a server cluster on a hardware level, and the untrusted execution module can also be deployed on the server or the server cluster on the hardware level.
The untrusted execution module may be used to operate (or maintain) the fully encrypted database, where the operation may be, for example, an operation of writing (e.g., adding, modifying) data to the fully encrypted database, or an operation of reading (or querying) data from the fully encrypted database. Because the operations to write data to a fully encrypted database generally do not involve optimizer functions, this document focuses on operations to query data from a fully encrypted database.
An optimizer may be considered a program that provides an optimized query policy for untrusted execution modules. The optimizer can analyze and determine an optimized query strategy according to statistical information corresponding to a plurality of data tables to be queried and data query conditions specified by the untrusted execution module.
The statistical information corresponding to the data table may be obtained by the optimizer periodically or aperiodically performing a statistical calculation operation based on the data table in the fully encrypted database. The statistical information may be, for example, statistical indicators such as the number of rows in a table, the number of elements in a column after deduplication, a histogram, high frequency data distribution, and cardinality.
In view of this specification, the process of analyzing and determining the optimized query policy by the optimizer can be divided into two stages, where the first stage is that the optimizer calculates a plurality of core parameters (or called key indexes and key parameters) for determining the optimized query policy according to statistical information corresponding to a plurality of data tables to be queried and a data query condition specified by the untrusted execution module. The second stage is that the optimizer determines an optimized query strategy based on these core parameters.
In other words, the first stage operations performed by the optimizer may use the statistics, while the second stage operations performed by the optimizer may not use the statistics. Therefore, to ensure that statistical information is not revealed to the untrusted execution module, the first stage of operations performed by the optimizer may not be placed on execution by the untrusted execution module.
Therefore, the optimizer may be functionally split into two components, namely an optimizer first component and an optimizer second component, which are used to cooperatively implement the optimization function, and the optimization function implemented by the first component and the optimization function implemented by the second component may be different. The first component of the optimizer is responsible for performing the first stage operations and the second component of the optimizer is responsible for performing the second stage operations. The first component of the optimizer is deployed in a trusted execution module independent of an untrusted execution module, and only the statistical information is provided to the trusted execution module in the clear.
The data query instruction may be an instruction sent by the user to the untrusted execution module to query the corresponding data from the fully encrypted database. For example, the data query instruction may be an SQL statement.
The data query instruction typically specifies a data query condition and a number of data tables to be queried. For example, the data query instruction may include data query condition information (for characterizing the data query condition) and a number of data table identifications (for characterizing the number of data tables to be queried).
In some embodiments, the data query condition information may be in clear text, that is, the user sending the data query instruction does not mind revealing the data query condition to the untrusted execution module.
In other embodiments, at least part of the information of the data query condition information is encrypted information. Since the untrusted execution module does not have the capability of decrypting the encrypted information in the data query condition information (the encrypted information may be encrypted based on the user's key), the user may keep part or all of the information in the data query condition secret from the untrusted execution module. The encryption information in the data query condition information does not influence the subsequent query of the untrusted execution module for data from the fully encrypted database according to the optimized query strategy.
The untrusted execution module may send the data query condition information and the data table identifiers of the data tables to be queried to the trusted execution module. A trusted execution module may be understood as a module that is trusted by a user.
In some embodiments, the trusted execution module may be another module independent of the untrusted execution module if it is only required that data privacy is not exposed to the untrusted execution module.
In other embodiments, the trusted execution module needs to take the trust of the user if it is required that the data privacy cannot be revealed to any party other than the user. For example, the trusted execution module may be a module deployed on a device controlled by the user himself, such as an executive installed on the user's device.
In some embodiments, if at least a portion of the data query condition information is encrypted, the trusted execution module may have the capability to decrypt the encrypted information, which may be decrypted before an operation needs to be performed based on the data query condition information (e.g., before core parameters for determining an optimized query policy are calculated).
S104: and the trusted execution module acquires the statistical information ciphertexts corresponding to the data tables and decrypts the statistical information ciphertexts to obtain statistical information cleartexts.
And statistical information corresponding to the data table needs to be stored in a ciphertext mode, so that the plaintext of the statistical information is prevented from being leaked to the untrusted execution module. In some embodiments, the statistics ciphertext may be stored in a fully encrypted database, and the statistics plaintext may not be obtained because the untrusted execution module does not have decryption capabilities for the statistics ciphertext. The trusted execution module may receive the statistical information ciphertext corresponding to the data tables, which is read and sent by the untrusted execution module from the full encryption database.
In some embodiments, the statistics ciphertext may be stored in the trusted execution module, and even if the non-trusted execution module obtains the statistics ciphertext from the trusted execution module, it may be difficult to decrypt the statistics plaintext. And the trusted execution module may have decryption capability for the statistics ciphertext.
It should be noted here that, as for how to obtain the corresponding statistical information based on the data table in the fully-encrypted database without exposing the statistical information to the untrusted execution module, the detailed description will be given later, and no description will be given here.
S106: and the trusted execution module calls the first component of the optimizer and calculates the core parameters for determining the optimized query strategy according to the data query condition information and the statistical information plaintext.
The above core parameters are actually intermediate values generated in the process of analyzing and optimizing the query policy by the optimizer according to the data query conditions and the statistical information plaintext, and do not belong to user data privacy, nor provide convenience for reasoning out user data privacy.
For example, when a user wants to query all data in the data table 1 in the fully encrypted database that satisfy the specified condition a, the data in the data table 1 that satisfy the specified condition a may be calculated to account for approximately 80% of all data in the data table 1 based on the statistical information corresponding to the data table 1 and the specified condition a, and 80% of all data in the data table 1 is the core parameter. Since the proportion of 80% is high, an optimized query strategy for traversing the query over the 100 data tables is determined. If the calculated core parameter is not 80% but 20%, the traversal query efficiency is low due to the low proportion of 20%, and therefore, an optimized query strategy for querying by using the index can be determined.
S108: and the trusted execution module sends the core parameters to the untrusted execution module in a clear text mode.
Since the core parameters do not relate to user privacy, but can also be used to determine an optimized query policy, the core parameters can be sent to the untrusted execution module in clear text.
S110: and calling the second component of the optimizer by the untrusted execution module, and determining an optimized query strategy according to the core parameters.
In some cases, the optimizer second component may determine the optimized query strategy based only on the core parameters. In some cases, the optimizer second component may determine an optimized query strategy based on the core parameters and the plaintext portion of the data query.
S112: and the non-trusted execution module carries out data query based on the optimized query strategy.
Furthermore, if the user does not trust the trusted execution module, the trusted execution module may have a trusted execution environment TEE, and all or part of the operations performed by the trusted execution module may be placed in the TEE for execution, and the operations placed in the TEE for execution may be kept secret from the trusted execution module, as exemplified below.
For example, the trusted execution module may decrypt the statistics ciphertext to obtain the statistics plaintext in the TEE.
For example, the trusted execution module may invoke the optimizer first component in the TEE, and calculate core parameters for determining an optimized query policy according to the data query condition information and the statistical information plaintext. Because the code amount corresponding to the first component of the optimizer is small, and the storage space of the TEE is limited, the first component of the optimizer is deployed in the TEE of the trusted execution module, and the second component of the optimizer is retained in the untrusted execution module, so that privacy protection of statistical information can be realized by using a small amount of codes running in the TEE.
For example, the statistical information ciphertext corresponding to the data table may be stored in the TEE, and the trusted execution module may obtain the statistical information ciphertext in the TEE.
As another example, the trusted execution module may decrypt encrypted information in the data query condition information in the TEE before computing core parameters for determining an optimized query policy.
For another example, the trusted execution module may be a module that deploys the trusted execution environment TEE, and all or part of operations performed by the trusted execution module may be placed in the TEE for execution.
In addition, fig. 2 is a schematic diagram of a specific data query method provided in this specification. As shown in fig. 2, the database system includes a database management system and a database, and the database management system further includes a trusted execution module and an untrusted execution module. The untrusted execution module can receive an SQL (structured query language) statement sent by a user, and determine corresponding data query condition information and data table identifications of a plurality of data tables to be queried according to the SQL statement. Then, the untrusted execution module may obtain, from the database, the statistical information ciphertexts corresponding to the data tables, where the statistical information ciphertexts may be, for example, a base number cipher text, a high-frequency data distribution cipher text, a histogram cipher text, and the like. The untrusted execution end may send the statistical information ciphertext and the data query condition information to the trusted execution module. The trusted execution module may then calculate core parameters for determining an optimized query policy based on the deployed optimizer first component, and return the core parameters to the untrusted execution module. And the untrusted execution module determines an optimized query strategy by using the core parameters, and performs data query on the database.
In addition, fig. 3 is a schematic flow chart of another data query method for a fully encrypted database provided in this specification, including the following steps:
s300: and the untrusted execution module determines the data query condition information and the data table identifications of the data tables to be queried according to the data query instruction.
S302: and the non-trusted execution module sends the data query condition information and the data table identifications of the data tables to be queried to the trusted execution module.
S304: and the trusted execution module acquires the statistical information ciphertexts corresponding to the data tables and decrypts the statistical information ciphertexts to obtain statistical information cleartexts.
S306: the trusted execution module calls an optimizer, and core parameters for determining an optimized query strategy are calculated according to the data query condition information and the statistical information plaintext
S308: and the trusted execution module calls an optimizer and determines an optimized query strategy according to the core parameters.
S310: and the trusted execution module sends the optimization query strategy to the untrusted execution module.
S312: and the non-trusted execution module carries out data query based on the optimized query strategy.
The main difference between the method shown in fig. 3 and the method shown in fig. 1 is that the optimizer is integrally deployed in the trusted execution module, the trusted execution module determines the optimized query policy, and the untrusted execution module performs the query according to the optimized query policy provided by the trusted execution module. For other descriptions of the method shown in fig. 3, reference may be made to the foregoing description of the method shown in fig. 1, and further description is omitted.
Fig. 4 is a schematic flowchart of a method for generating a statistical information ciphertext according to this description, where the method shown in fig. 4 includes the following steps:
s400: and the untrusted execution module acquires a plurality of data tables to be counted from the full encryption database.
Wherein each data table contains a number of encrypted data.
S402: and the non-trusted execution module sends the data tables to the trusted execution module.
S404: the trusted execution module decrypts the data tables, and the decryption processing comprises the following steps: each encrypted data in each data table is decrypted.
S406: and the trusted execution module calls a first component of an optimizer or the optimizer and generates statistical information cleartexts corresponding to the data tables according to the decrypted data tables.
The method shown in fig. 4 is implemented in cooperation with the method shown in fig. 1 or fig. 3. If the method is matched with the method shown in fig. 1, in step S406, the trusted execution module calls the first component of the optimizer, and generates the statistical information plaintext corresponding to the data tables according to the decrypted data tables; if the method is matched with the method shown in fig. 3, in step S406, the trusted execution module invokes an optimizer, and generates statistical information plaintext corresponding to the data tables according to the decrypted data tables. The following description will be made by taking an example in which the method shown in fig. 4 is combined with the method shown in fig. 1.
S408: and the trusted execution module encrypts the statistical information plaintext to obtain statistical information ciphertexts corresponding to the data tables.
The optimizer first component may be used not only to calculate the core parameters but also to calculate the corresponding statistical information from the data table. Through the method flow shown in fig. 4, it can be realized that the corresponding statistical information is obtained based on the data table in the fully-encrypted database on the premise that the statistical information is not exposed to the untrusted execution module.
In some embodiments, the untrusted execution module may send statistical requirement information to the trusted execution module, and the trusted execution module may determine, according to the statistical requirement information, a plurality of data tables to be counted, and send a notification message specifying the plurality of data tables to the untrusted execution module.
In some embodiments, the trusted execution module may send the statistics ciphertext corresponding to the data tables to the untrusted execution module, and the untrusted execution module may store the statistics ciphertext corresponding to the data tables in the fully encrypted database.
In some embodiments, if the user does not trust the trusted execution module, the trusted execution module may have a TEE, and some or all operations performed by the trusted execution module may be placed in the TEE for execution, the operations placed in the TEE for execution being kept secret from the trusted execution module.
For example, the trusted execution module may decrypt the number of data tables in the TEE.
For example, the trusted execution module may invoke the first component of the optimizer in the TEE, and generate the statistical information plaintext corresponding to the data tables according to the decrypted data tables.
For example, the trusted execution module may encrypt the statistical information plaintext in the TEE to obtain statistical information ciphertexts corresponding to the data tables.
Fig. 5 is a schematic diagram of a specific statistical information ciphertext generation method provided in this specification. The database system shown in fig. 5 has the same architecture as the database system shown in fig. 2. As shown in fig. 5, the untrusted execution module may obtain several tables to be counted from the database, where each table is encrypted. The untrusted execution module sends the encrypted data tables to the trusted execution module, and the trusted execution module may decrypt the data tables and perform statistical operations on the decrypted data tables by using the first component of the optimizer to obtain statistical information plaintext (e.g., cardinality, histogram, high-frequency data distribution, etc.). Then, the trusted execution module may encrypt the statistical information plaintext corresponding to the data tables to obtain a statistical information ciphertext, and return the statistical information ciphertext to the untrusted execution module. The untrusted execution module may store the statistics ciphertext to a database.
In addition, the present specification also provides a database management system, which includes a trusted execution module and an untrusted execution module; the trusted execution module is provided with a first component of an optimizer; the untrusted execution module is used for operating a fully encrypted database, and is provided with a second component of the optimizer; the first optimizer component and the second optimizer component are used for realizing different functions of the same optimizer;
the non-trusted execution module determines data query condition information and data table identifiers of a plurality of data tables to be queried according to the data query instruction and sends the data table identifiers to the trusted execution module; calling a second component of the optimizer, and determining an optimized query strategy according to core parameters; performing data query based on the optimized query strategy;
the trusted execution module acquires the statistical information ciphertexts corresponding to the data tables and decrypts the statistical information ciphertexts to obtain statistical information plaintexts; calling the first component of the optimizer, and calculating a core parameter for determining an optimized query strategy according to the data query condition information and the statistical information plaintext; and sending the core parameters to the untrusted execution module in a clear text form.
The non-trusted execution module is used for acquiring a plurality of data tables to be counted from the full encryption database, wherein each data table comprises a plurality of encrypted data; sending the data tables to a trusted execution module;
the trusted execution module decrypts the data tables, and includes: decrypting each encrypted data in each data table; calling a first component of an optimizer, and generating statistical information plaintext corresponding to the data tables according to the decrypted data tables; and encrypting the statistical information plaintext to obtain statistical information ciphertexts corresponding to the data tables.
The specification also provides a data query device of the full-encryption database, which is applied to an untrusted execution module included in a database management system; the database management system further comprises a trusted execution module; the trusted execution module is provided with a first component of an optimizer; the untrusted execution module is deployed with a second component of the optimizer; the first optimizer component and the second optimizer component are used for realizing an optimization function in a coordinated manner; the device comprises:
the determining unit is used for determining data query condition information and data table identifiers of a plurality of data tables to be queried according to the data query instruction, and sending the data table identifiers to the trusted execution module so as to enable: the trusted execution module acquires the statistical information ciphertexts corresponding to the data tables and decrypts the statistical information ciphertexts to obtain statistical information plaintexts; the trusted execution module calls the first component of the optimizer, and calculates core parameters for determining an optimized query strategy according to the data query condition information and the statistical information plaintext; the trusted execution module sends the core parameters to the untrusted execution module in a clear text form;
the query unit calls the second component of the optimizer and determines an optimized query strategy according to the core parameters; and performing data query based on the optimized query strategy.
The specification also provides a data query device of a fully encrypted database, which is applied to a trusted execution module included in a database management system, wherein the database management system further comprises an untrusted execution module; the trusted execution module is provided with a first component of an optimizer; the untrusted execution module is deployed with a second component of the optimizer; the first optimizer component and the second optimizer component are used for realizing an optimization function in a coordinated manner; the device comprises:
the first acquisition unit is used for acquiring the data query condition information sent by the untrusted execution module and the data table identifications of a plurality of data tables to be queried; the data query condition and the data table identifications of the data tables are determined by the untrusted execution module according to the data query instruction;
the second acquisition unit is used for acquiring the statistical information ciphertexts corresponding to the data tables and decrypting the statistical information ciphertexts to obtain statistical information plaintexts;
the calculation unit is used for calling the first component of the optimizer and calculating a core parameter for determining an optimized query strategy according to the data query condition information and the statistical information plaintext;
the sending unit is used for sending the core parameters to the untrusted execution module in a plaintext form; so that: and the untrusted execution module calls the second component of the optimizer, determines an optimized query strategy according to the core parameters, and queries data based on the optimized query strategy.
This specification also provides a statistical information ciphertext generating apparatus, applied to an untrusted execution module, the apparatus including:
the acquisition unit is used for acquiring a plurality of data tables to be counted from the full encryption database, wherein each data table comprises a plurality of encrypted data;
the sending unit is used for sending the data tables to the trusted execution module; so that: the trusted execution module decrypts the data tables, and the decryption process includes: decrypting each encrypted data in each data table; the trusted execution module calls a first component of an optimizer, and generates statistical information plaintext corresponding to the data tables according to the decrypted data tables; and the trusted execution module encrypts the statistical information plaintext to obtain statistical information ciphertexts corresponding to the data tables.
This specification still provides a statistics information ciphertext generation device, is applied to trusted execution module, the device includes:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring and sending a plurality of data tables to be counted from a full-encryption database by an untrusted execution module, and each data table comprises a plurality of encrypted data;
the processing unit is used for carrying out decryption processing on the data tables and comprises the following steps: decrypting each encrypted data in each data table;
the generating unit is used for calling the first component of the optimizer and generating statistical information plaintext corresponding to the data tables according to the decrypted data tables;
and the encryption unit is used for encrypting the statistical information plaintext to obtain statistical information ciphertexts corresponding to the data tables.
The present specification also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the functionality of an untrusted execution module or a trusted execution module.
The present specification also provides a computing device comprising a memory, a processor; the memory is for storing computer instructions executable on the processor for implementing the functions of the untrusted execution module or the trusted execution module when the computer instructions are executed.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the various elements may be implemented in the same one or more software and/or hardware implementations of the present description.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks. In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In summary, in some embodiments disclosed herein, the digital article and the digital identity are connected by digital identity technology, and the digital identity may further include identity authentication information so that the transaction of the digital article can meet the requirements of KYC regulation. In some embodiments, some or all of the digital identities are fully authenticated by real name, providing a fully authenticated blockchain-based transaction system. The system is beneficial to the operation of anti-money laundering and fraud, and becomes a true credible transaction system. In some embodiments, the recording and verification functions of the digital article and the digital identity are combined, so that transaction elements such as transaction objects, transaction participants and the like can be recorded and verified conveniently, and the convenience and reliability of transactions are improved. In other embodiments, the intelligent contract in the blockchain system may be invoked by the client of the transacting party independently of the digital identity to create tables of associations between the digital item and its owner on the chain and store the tables of associations in the intelligent contract, thereby creditably recording ownership of the digital item on the chain.
The foregoing describes several embodiments of the present specification. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The terminology used in the description of the various embodiments is for the purpose of describing particular embodiments only and is not intended to be limiting of the embodiments herein. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in various embodiments of the present description to describe various information, the information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the various embodiments herein. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the method embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to the partial description of the method embodiment for relevant points. The above-described method embodiments are merely illustrative, wherein the modules described as separate components may or may not be physically separate, and the functions of the modules may be implemented in one or more software and/or hardware when implementing the embodiments of the present specification. And part or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalent replacements, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.
Claims (13)
1. A data query method of a full-encryption database is applied to a database management system comprising a trusted execution module and a non-trusted execution module; the trusted execution module is provided with a first component of an optimizer; the untrusted execution module is deployed with a second component of the optimizer; the first optimizer component and the second optimizer component are used for realizing an optimization function in a coordinated manner; the method comprises the following steps:
the non-trusted execution module determines data query condition information and data table identifiers of a plurality of data tables to be queried according to a data query instruction and sends the data table identifiers to the trusted execution module;
the trusted execution module acquires the statistical information ciphertexts corresponding to the data tables and decrypts the statistical information ciphertexts to obtain statistical information plaintexts;
the trusted execution module calls the first component of the optimizer, and calculates core parameters for determining an optimized query strategy according to the data query condition information and the statistical information plaintext;
the trusted execution module sends the core parameters to the untrusted execution module in a clear text form;
the untrusted execution module calls the second component of the optimizer and determines an optimized query strategy according to the core parameters; and performing data query based on the optimized query strategy.
2. The method of claim 1, wherein at least a part of the information of the data query condition is encrypted information;
the method further comprises the following steps:
and the trusted execution module decrypts the encrypted information in the data query condition information before calculating the core parameters for determining the optimized query strategy.
3. The method of claim 1, wherein the obtaining, by the trusted execution module, the statistical information ciphertexts corresponding to the data tables includes:
and the trusted execution module receives the statistical information ciphertext corresponding to the data tables, which is read and sent from the full-encryption database by the untrusted execution module.
4. A statistical information ciphertext generating method applied to the database management system of any one of claims 1 to 3, the method comprising:
the method comprises the following steps that an untrusted execution module obtains a plurality of data tables to be counted from a full encryption database, wherein each data table comprises a plurality of encrypted data;
the non-trusted execution module sends the data tables to a trusted execution module;
the trusted execution module decrypts the data tables, and the decryption process includes: decrypting each encrypted data in each data table;
the trusted execution module calls a first component of an optimizer, and generates statistical information plaintext corresponding to the data tables according to the decrypted data tables;
and the trusted execution module encrypts the statistical information plaintext to obtain statistical information ciphertexts corresponding to the data tables.
5. The method of claim 4, before the untrusted execution module obtains the tables to be counted from the fully encrypted database, the method further comprising:
the non-trusted execution module sends statistical demand information to the trusted execution module;
and the trusted execution module determines a plurality of data tables to be counted according to the counting demand information and sends a notification message which designates the data tables to the untrusted execution module.
6. The method of claim 5, further comprising:
the trusted execution module sends the statistical information ciphertexts corresponding to the data tables to the untrusted execution module;
and the non-trusted execution module stores the statistical information ciphertexts corresponding to the data tables to the full-encryption database.
7. A database management system comprises a trusted execution module and an untrusted execution module; the trusted execution module is provided with a first component of an optimizer; the untrusted execution module is deployed with a second component of the optimizer; the first optimizer component and the second optimizer component are used for realizing an optimization function in a coordinated manner;
the non-trusted execution module determines data query condition information and data table identifiers of a plurality of data tables to be queried according to the data query instruction and sends the data table identifiers to the trusted execution module; calling a second component of the optimizer, and determining an optimized query strategy according to core parameters; performing data query based on the optimized query strategy;
the trusted execution module acquires the statistical information ciphertexts corresponding to the data tables and decrypts the statistical information ciphertexts to obtain statistical information plaintexts; calling the first component of the optimizer, and calculating a core parameter for determining an optimized query strategy according to the data query condition information and the statistical information plaintext; and sending the core parameters to the untrusted execution module in a clear text form.
8. A data query method of a full-encryption database is applied to an untrusted execution module included in a database management system; the database management system further comprises a trusted execution module; the trusted execution module is provided with a first component of an optimizer; the untrusted execution module is deployed with a second component of the optimizer; the first optimizer component and the second optimizer component are used for realizing an optimization function in a coordinated manner; the method comprises the following steps:
according to the data query instruction, determining data query condition information and data table identifiers of a plurality of data tables to be queried, and sending the data table identifiers to the trusted execution module so as to enable: the trusted execution module acquires the statistical information ciphertexts corresponding to the data tables and decrypts the statistical information ciphertexts to obtain statistical information plaintexts; the trusted execution module calls the first component of the optimizer, and calculates core parameters for determining an optimized query strategy according to the data query condition information and the statistical information plaintext; the trusted execution module sends the core parameters to the untrusted execution module in a clear text form;
calling a second component of the optimizer, and determining an optimized query strategy according to the core parameters; and performing data query based on the optimized query strategy.
9. A data query method of a full-encryption database is applied to a trusted execution module included in a database management system, and the database management system also comprises an untrusted execution module; the trusted execution module is provided with a first component of an optimizer; the untrusted execution module is deployed with a second component of the optimizer; the first optimizer component and the second optimizer component are used for realizing an optimization function in a coordinated manner; the method comprises the following steps:
acquiring data query condition information sent by the untrusted execution module and data table identifiers of a plurality of data tables to be queried; the data query condition and the data table identifications of the data tables are determined by the untrusted execution module according to the data query instruction;
acquiring statistical information ciphertexts corresponding to the data tables, and decrypting the statistical information ciphertexts to obtain statistical information plaintexts;
calling the first component of the optimizer, and calculating a core parameter for determining an optimized query strategy according to the data query condition information and the statistical information plaintext;
sending the core parameters to the untrusted execution module in a clear text form; so that: and the untrusted execution module calls the second component of the optimizer, determines an optimized query strategy according to the core parameters, and queries data based on the optimized query strategy.
10. A method for generating a statistical information ciphertext, applied to an untrusted execution module included in a database management system according to any one of claims 1 to 3, the method comprising:
acquiring a plurality of data tables to be counted from a full encryption database, wherein each data table comprises a plurality of encrypted data;
sending the data tables to a trusted execution module; so that: the trusted execution module decrypts the data tables, and the decryption process includes: decrypting each encrypted data in each data table; the trusted execution module calls a first component of an optimizer, and generates statistical information plaintext corresponding to the data tables according to the decrypted data tables; and the trusted execution module encrypts the statistical information plaintext to obtain statistical information ciphertexts corresponding to the data tables.
11. A method for generating a statistical information ciphertext, applied to a trusted execution module included in the database management system according to any one of claims 1 to 3, the method comprising:
the method comprises the steps that a plurality of data tables to be counted are obtained and sent from a full encryption database by an untrusted execution module, wherein each data table comprises a plurality of encrypted data;
and decrypting the data tables, including: decrypting each encrypted data in each data table;
calling a first component of an optimizer, and generating statistical information plaintext corresponding to the data tables according to the decrypted data tables;
and encrypting the statistical information plaintext to obtain statistical information ciphertexts corresponding to the data tables.
12. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the functions of the untrusted execution module or the trusted execution module of the method according to any one of claims 1 to 6.
13. A computing device comprising a memory, a processor; the memory is used for storing computer instructions executable on the processor, and the processor is used for realizing the functions of the non-trusted execution module or the trusted execution module in the method of any one of claims 1 to 6 when executing the computer instructions.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111289678.2A CN113742370B (en) | 2021-11-02 | 2021-11-02 | Data query method and statistical information ciphertext generation method of full-encryption database |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111289678.2A CN113742370B (en) | 2021-11-02 | 2021-11-02 | Data query method and statistical information ciphertext generation method of full-encryption database |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113742370A true CN113742370A (en) | 2021-12-03 |
| CN113742370B CN113742370B (en) | 2022-04-19 |
Family
ID=78727166
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111289678.2A Active CN113742370B (en) | 2021-11-02 | 2021-11-02 | Data query method and statistical information ciphertext generation method of full-encryption database |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113742370B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024001028A1 (en) * | 2022-06-29 | 2024-01-04 | 蚂蚁区块链科技(上海)有限公司 | Method and apparatus for maintaining blockchain data, and electronic device and storage medium |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101067823A (en) * | 2006-05-02 | 2007-11-07 | 国际商业机器公司 | System and method for optimizing federated databases magagement |
| CN101316381A (en) * | 2007-05-30 | 2008-12-03 | 华源润通(北京)科技有限公司 | Terminal and total system data security protection method for mobile inquiry system |
| CN101542478A (en) * | 2006-06-26 | 2009-09-23 | 尼尔森(美国)有限公司 | Methods and apparatus for improving data warehouse performance |
| CN102243629A (en) * | 2010-05-12 | 2011-11-16 | 北京安华金和科技有限公司 | Transparent encryption and decryption method for database based on multi-level view and trigger |
| CN105677812A (en) * | 2015-12-31 | 2016-06-15 | 华为技术有限公司 | Method and device for querying data |
| CA2992458A1 (en) * | 2015-07-14 | 2017-01-19 | Fmr Llc | Computationally efficient transfer processing, auditing, and search apparatuses, methods and systems |
| CN106446153A (en) * | 2016-09-21 | 2017-02-22 | 广州特道信息科技有限公司 | Distributed newSQL database system and method |
| CN107403446A (en) * | 2016-05-18 | 2017-11-28 | 西门子保健有限责任公司 | Method and system for the image registration using intelligent human agents |
| CN110024422A (en) * | 2016-12-30 | 2019-07-16 | 英特尔公司 | The name of Internet of Things and block chained record |
| CN110750797A (en) * | 2019-09-27 | 2020-02-04 | 南京大学 | Cloud database encryption method based on combined encryption |
| US20200042734A1 (en) * | 2018-08-06 | 2020-02-06 | Snowflake Inc. | Secure Data Sharing In A Multi-Tenant Database System |
| US10599400B2 (en) * | 2016-07-14 | 2020-03-24 | International Business Machines Corporation | Code origination data management for host placement |
| CN112800088A (en) * | 2021-01-19 | 2021-05-14 | 东北大学 | Database ciphertext retrieval system and method based on bidirectional security index |
| CN112860738A (en) * | 2021-04-23 | 2021-05-28 | 支付宝(杭州)信息技术有限公司 | Query optimization method, device and system for multi-party security database |
-
2021
- 2021-11-02 CN CN202111289678.2A patent/CN113742370B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101067823A (en) * | 2006-05-02 | 2007-11-07 | 国际商业机器公司 | System and method for optimizing federated databases magagement |
| CN101542478A (en) * | 2006-06-26 | 2009-09-23 | 尼尔森(美国)有限公司 | Methods and apparatus for improving data warehouse performance |
| CN101316381A (en) * | 2007-05-30 | 2008-12-03 | 华源润通(北京)科技有限公司 | Terminal and total system data security protection method for mobile inquiry system |
| CN102243629A (en) * | 2010-05-12 | 2011-11-16 | 北京安华金和科技有限公司 | Transparent encryption and decryption method for database based on multi-level view and trigger |
| CA2992458A1 (en) * | 2015-07-14 | 2017-01-19 | Fmr Llc | Computationally efficient transfer processing, auditing, and search apparatuses, methods and systems |
| CN105677812A (en) * | 2015-12-31 | 2016-06-15 | 华为技术有限公司 | Method and device for querying data |
| CN107403446A (en) * | 2016-05-18 | 2017-11-28 | 西门子保健有限责任公司 | Method and system for the image registration using intelligent human agents |
| US10599400B2 (en) * | 2016-07-14 | 2020-03-24 | International Business Machines Corporation | Code origination data management for host placement |
| CN106446153A (en) * | 2016-09-21 | 2017-02-22 | 广州特道信息科技有限公司 | Distributed newSQL database system and method |
| CN110024422A (en) * | 2016-12-30 | 2019-07-16 | 英特尔公司 | The name of Internet of Things and block chained record |
| US20200042734A1 (en) * | 2018-08-06 | 2020-02-06 | Snowflake Inc. | Secure Data Sharing In A Multi-Tenant Database System |
| CN110750797A (en) * | 2019-09-27 | 2020-02-04 | 南京大学 | Cloud database encryption method based on combined encryption |
| CN112800088A (en) * | 2021-01-19 | 2021-05-14 | 东北大学 | Database ciphertext retrieval system and method based on bidirectional security index |
| CN112860738A (en) * | 2021-04-23 | 2021-05-28 | 支付宝(杭州)信息技术有限公司 | Query optimization method, device and system for multi-party security database |
Non-Patent Citations (2)
| Title |
|---|
| 王兰春: "基于统计的关系数据库查询优化器模型分析与研究", 《现代计算机(专业版)》 * |
| 石剑平 等: "SQL Server 2005查询优化技术的研究与实现", 《信息系统工程》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024001028A1 (en) * | 2022-06-29 | 2024-01-04 | 蚂蚁区块链科技(上海)有限公司 | Method and apparatus for maintaining blockchain data, and electronic device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113742370B (en) | 2022-04-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3673608B1 (en) | Data storage method, data query method and apparatuses | |
| CN111475849B (en) | Private data query method and device based on blockchain account | |
| CN108932297B (en) | Data query method, data sharing method, device and equipment | |
| CN108681966B (en) | Information supervision method and device based on block chain | |
| CN110580262B (en) | Private data query method and device based on intelligent contract | |
| CN112215601B (en) | Service processing method, device and equipment based on block chain | |
| CN111523110B (en) | Authority query configuration method and device based on chain codes | |
| US11726968B2 (en) | Methods, apparatuses, and devices for transferring data assets based on blockchain | |
| CN109918925A (en) | Date storage method, back end and storage medium | |
| CN111475850B (en) | Intelligent contract-based privacy data query method and device | |
| US10594490B2 (en) | Filtering encrypted data using indexes | |
| CN110580413A (en) | Private data query method and device based on down-link authorization | |
| EP3259868B1 (en) | Protecting sensitive data security | |
| CN111612462B (en) | Method, node and storage medium for implementing privacy protection in blockchain | |
| EP3964995B1 (en) | Data processing methods, apparatuses, and devices | |
| CN111639362B (en) | Method, node and storage medium for implementing privacy protection in blockchain | |
| CN113742370B (en) | Data query method and statistical information ciphertext generation method of full-encryption database | |
| CN114327261A (en) | Data file storage method and data security agent | |
| CN113297611B (en) | Data processing, encryption storage and reading method, device and storage medium | |
| CN114398623A (en) | Method for determining security policy | |
| CN114896611A (en) | Data processing method, processor and machine readable storage medium | |
| CN113886418B (en) | Data processing method, device, electronic equipment and machine-readable storage medium | |
| CN114546271B (en) | Data read-write method, device and system based on block chain | |
| CN113886418A (en) | Data processing method and device, electronic equipment and machine-readable storage medium | |
| CN115695421A (en) | Data sharing method and device based on block chain, storage medium and processor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40064001 Country of ref document: HK |