CN115033599B - Graph query method, system and related device based on multi-party security - Google Patents

Graph query method, system and related device based on multi-party security Download PDF

Info

Publication number
CN115033599B
CN115033599B CN202210965991.1A CN202210965991A CN115033599B CN 115033599 B CN115033599 B CN 115033599B CN 202210965991 A CN202210965991 A CN 202210965991A CN 115033599 B CN115033599 B CN 115033599B
Authority
CN
China
Prior art keywords
graph
target
demander
data
data provider
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210965991.1A
Other languages
Chinese (zh)
Other versions
CN115033599A (en
Inventor
黄一珉
王湾湾
何浩
姚明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Dongjian Intelligent Technology Co ltd
Original Assignee
Shenzhen Dongjian Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Dongjian Intelligent Technology Co ltd filed Critical Shenzhen Dongjian Intelligent Technology Co ltd
Priority to CN202210965991.1A priority Critical patent/CN115033599B/en
Publication of CN115033599A publication Critical patent/CN115033599A/en
Application granted granted Critical
Publication of CN115033599B publication Critical patent/CN115033599B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2453Query optimisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/248Presentation of query results
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/29Geographical information databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9024Graphs; Linked lists

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computational Linguistics (AREA)
  • Software Systems (AREA)
  • Remote Sensing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the application discloses a graph query method, a system and a related device based on multi-party security, wherein the method comprises the following steps: performing vertex ID extraction on respective local graph data through each participant in a plurality of participants to obtain a plurality of vertex IDs, wherein each vertex ID corresponds to one user; determining intersection users among the multiple vertex IDs by using a privacy set intersection technology through multiple participants to obtain target intersection users; extracting an n-order neighborhood of a target intersection user through each data provider in at least one data provider, pseudonymizing the n-order neighborhood to obtain respective reference n-order neighborhoods, and storing the respective pseudonyms and dictionaries corresponding to original IDs; and executing a graph query task by the demander according to the local graph data of the demander and the reference n-order neighborhood of at least one data provider to obtain a target query result. By adopting the method and the device, the privacy query can be realized based on the graph.

Description

Graph query method, system and related device based on multi-party security
Technical Field
The present application relates to the field of privacy computing technologies and computer technologies, and in particular, to a graph query method, system and related device based on multi-party security.
Background
In practical application, a graph is composed of points and connecting lines among the points, is based on a model expression of object association relationship, has natural explanatory property, still retains the common topological property in different graph networks, and is widely applied to more and more scenes, such as anti-fraud, anti-money laundering, community discovery, accurate marketing, intelligent transportation, telecommunication fraud prevention and the like. The graph query refers to semantic query based on a graph structure (nodes, edges and attributes) to find graph data meeting the requirements of users, and the graph query is widely applied to actual scenes. If a bank usually judges the default risk of the user according to the number of blacklists having a transfer relation with the user, the conversion into a graph query task is as follows: in a bank transfer graph data network, users (vertexes) having an edge relation with the user A are inquired, and the number of blacklists in the neighborhood users (vertexes) is counted and returned.
In the scenario of multi-graph data fusion query, the conventional graph database query language cannot be satisfied. However, more and more scenes need to fuse multiple data to improve accuracy. From the perspective of privacy protection, multi-party data cannot be directly fused, and a possible solution is to encrypt and fuse image data based on a cryptography technology and then query based on a ciphertext database, such as GraphSE, but a large number of ciphertext operations face a large performance bottleneck. Therefore, how to implement privacy query based on graph is a urgent need to be solved.
Disclosure of Invention
The embodiment of the application provides a graph query method based on multi-party security and a related device, which can realize privacy query based on a graph.
In a first aspect, an embodiment of the present application provides a graph query method based on multi-party security, which is applied to a multi-party computing system, where the multi-party computing system includes a plurality of participants, each participant corresponds to one local map data, and the plurality of participants includes a demand party and a plurality of data providers; the method comprises the following steps:
performing vertex ID extraction on respective local graph data through each participant in the multiple participants to obtain multiple vertex IDs, wherein each vertex ID corresponds to one user;
determining intersection users among the vertex IDs by the participants through a privacy set intersection technology to obtain target intersection users;
extracting an n-order neighborhood of the target intersection user through each data provider in at least one data provider, pseudonymizing the n-order neighborhood to obtain respective reference n-order neighborhoods, and storing the respective pseudonyms and dictionaries corresponding to the original IDs; n is a positive integer;
and executing a graph query task by the demander according to the local graph data of the demander and the reference n-order neighborhood of the at least one data provider to obtain a target query result.
In a second aspect, an embodiment of the present application provides a multi-party computing system, where the multi-party computing system includes a plurality of participants, each participant corresponds to one piece of local map data, and the plurality of participants includes a demander and a plurality of data providers; wherein, the first and the second end of the pipe are connected with each other,
each participant in the multiple participants is used for performing vertex ID extraction on respective local graph data to obtain multiple vertex IDs, and each vertex ID corresponds to one user;
the multiple participants are used for determining intersection users among the multiple vertex IDs by using a privacy set intersection technology to obtain target intersection users;
each data provider in the at least one data provider is used for extracting an n-order neighborhood of the target intersection user, pseudonymizing the n-order neighborhood to obtain a respective reference n-order neighborhood, and storing the respective pseudonym and a dictionary corresponding to the original ID; n is a positive integer;
and the demander is used for executing a graph query task according to the local graph data of the demander and the reference n-order neighborhood of the at least one data provider to obtain a target query result.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor, a memory, a communication interface, and one or more programs, where the one or more programs are stored in the memory and configured to be executed by the processor, and the program includes instructions for executing the steps in the first aspect of the embodiment of the present application.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program for electronic data exchange, where the computer program enables a computer to perform some or all of the steps described in the first aspect of the embodiment of the present application.
In a fifth aspect, embodiments of the present application provide a computer program product, where the computer program product comprises a non-transitory computer-readable storage medium storing a computer program, where the computer program is operable to cause a computer to perform some or all of the steps as described in the first aspect of embodiments of the present application. The computer program product may be a software installation package.
The embodiment of the application has the following beneficial effects:
it can be seen that the graph query method, system and related device based on multi-party security described in the embodiments of the present application are applied to a multi-party computing system, where the multi-party computing system includes a plurality of participants, each participant corresponds to one piece of map data, and the plurality of participants includes a requesting party and a plurality of data providing parties; performing vertex ID extraction on respective local graph data through each participant in a plurality of participants to obtain a plurality of vertex IDs, wherein each vertex ID corresponds to one user; determining intersection users among the multiple vertex IDs by using a privacy set intersection technology through multiple participants to obtain target intersection users; extracting an n-order neighborhood of a target intersection user through each data provider in at least one data provider, pseudonymizing the n-order neighborhood to obtain respective reference n-order neighborhoods, and storing the respective pseudonyms and dictionaries corresponding to original IDs; n is a positive integer; the method comprises the steps that a demander executes a graph query task according to local graph data of the demander and a reference n-order neighborhood of at least one data provider to obtain a target query result, so that privacy query can be realized based on a graph, and safe and efficient multi-graph query is realized by firstly utilizing a privacy set intersection technology and a pseudonymization technology and then combining graph database query language.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic architecture diagram of a multi-party computing system for implementing a multi-party security-based graph query method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a graph query method based on multi-party security according to an embodiment of the present application;
FIG. 3 is a flow chart illustrating another graph query method based on multi-party security according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
The terms "first," "second," and the like in the description and claims of the present application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein may be combined with other embodiments.
The computing node described in this embodiment of the application may be an electronic device, and the electronic device may include a smart Phone (e.g., an Android Phone, an iOS Phone, a Windows Phone, etc.), a tablet computer, a palm computer, a vehicle data recorder, a server, a notebook computer, a Mobile Internet device (MID, mobile Internet Devices), or a wearable device (e.g., a smart watch, a bluetooth headset), which are merely examples, but are not exhaustive, and include but are not limited to the foregoing electronic device, and the electronic device may also be a cloud server, or the electronic device may also be a computer cluster. In the embodiment of the application, both the result side and the sender side can be the electronic device.
The following describes embodiments of the present application in detail.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a multi-party computing system for implementing a graph query method based on multi-party security according to an embodiment of the present disclosure, where as shown in the figure, the multi-party computing system includes a plurality of participants, each participant corresponds to one local map data, and the plurality of participants includes a requesting party and a plurality of data providing parties; the system can realize the following functions:
each participant in the multiple participants is used for performing vertex ID extraction on respective local graph data to obtain multiple vertex IDs, and each vertex ID corresponds to one user;
the multiple participants are used for determining intersection users among the multiple vertex IDs by using a privacy set intersection technology to obtain target intersection users;
each data provider in the at least one data provider is used for extracting an n-order neighborhood of the target intersection user, pseudonymizing the n-order neighborhood to obtain a respective reference n-order neighborhood, and storing a respective pseudonym and a dictionary corresponding to an original ID; n is a positive integer;
and the demander is used for executing a graph query task according to the local graph data of the demander and the reference n-order neighborhood of the at least one data provider to obtain a target query result.
Optionally, in the aspect that the graph query task is executed by the demander according to the local graph data of the demander and the reference n-th order neighborhood of the at least one data provider, so as to obtain the target query result, the method includes:
merging the local graph data of the demander and the reference n-order neighborhood corresponding to the at least one data provider by the demander, and writing a merging result into a graph database;
and executing a graph query task according to the graph database to obtain the target query result.
Optionally, the executing, by the demander, a graph query task according to the local graph data of the demander and the reference n-th order neighborhood of the at least one data provider to obtain a target query result includes:
merging the local graph data of the demander and the reference n-order neighborhood corresponding to the at least one data provider by the demander, and writing a merging result into a graph database;
executing a graph query task according to the graph database to obtain a first query result;
when the demander inquires a target node vertex of a target data provider, sending the pseudonym of the target node vertex to the target data provider; the target data provider is any one of the at least one data provider;
searching a corresponding original ID through the target data provider according to the pseudonym and a dictionary corresponding to the pseudonym and the original ID corresponding to the target data provider, performing graph query based on the original ID to obtain a second query result, and sending the second query result to the demander;
and combining the first query result and the second query result through the demander to obtain the target query result.
Optionally, the system is further configured to:
acquiring a target safety requirement level through the demander;
and when the target safety requirement level is lower than the preset safety level, acquiring label information corresponding to the reference n-order neighborhood through the demander, executing the graph query task according to the graph database through the label information to obtain a first query result, and determining the first query result as the target query result.
Optionally, the system is further configured to:
and when the target safety requirement level is not lower than the preset safety level, the step of sending the pseudonym of the target node vertex to the target data provider when the demander inquires the target node vertex of the target data provider is executed.
Optionally, there are more than a preset number of intersection users between the multiple participants.
Referring to fig. 2, fig. 2 is a schematic flowchart of a graph query method based on multi-party security according to an embodiment of the present disclosure, and is applied to the multi-party computing system shown in fig. 1, where the multi-party computing system includes a plurality of participants, each of the participants corresponds to one local map data, and the plurality of participants includes a demand party and a plurality of data providers; as shown in the figure, the graph query method based on multi-party security comprises the following steps:
201. and performing vertex ID extraction on respective local graph data by each participant in the multiple participants to obtain multiple vertex IDs, wherein each vertex ID corresponds to one user.
In a specific implementation, the multi-party computing system may include a plurality of participants, each of which may correspond to one local graph data, and the plurality of participants include a demander and a plurality of data providers, that is, one of the plurality of participants is a demander and the remaining participants are data providers. The map data may include a plurality of vertices, each vertex corresponding to a vertex ID, each vertex ID corresponding to a user, each vertex corresponding to at least one edge, each vertex corresponding to at least one vertex label, the vertex labels identifying whether the users are at risk. The local graph data may also be referred to as a local graph data network. The ID may be identified as an Identity (ID).
In the embodiment of the application, vertex IDs of respective local graph data can be extracted through each participant in a plurality of participants to obtain a plurality of vertex IDs, and each vertex ID corresponds to one user. For example, take two parties as an example, where the two parties may include an a party and a B party, the a party being a requiring party and the B party being a data providing party. The parties a and B can extract the vertex IDs (users) of the respective graph data.
Certainly, in specific implementation, the demander may also set a vertex range related to the query condition, that is, an n-order neighborhood of the query node, where n is a positive integer.
202. And determining intersection users among the plurality of vertex IDs by the plurality of participants by using a privacy set intersection technology to obtain target intersection users.
In a specific implementation, the intersection users among multiple vertex IDs can be determined by multiple participants through a privacy set intersection technology, so as to obtain target intersection users, that is, when each participant of the multiple participants is regarded as one mechanism, the intersection users among the mechanisms are obtained through the privacy set intersection technology, and users outside the intersection of the mechanisms are not exposed.
203. Extracting an n-order neighborhood of the target intersection user through each data provider in at least one data provider, pseudonymizing the n-order neighborhood to obtain respective reference n-order neighborhoods, and storing the respective pseudonyms and dictionaries corresponding to the original IDs; n is a positive integer.
In a specific implementation, in the embodiment of the present application, pseudonymization refers to replacing a real ID of a user with a meaningless ID. n is a positive integer, and the specific value of n can be determined by the query condition set by the demander. The n-order neighborhood of the target intersection user can be extracted through each data provider in at least one data provider, the n-order neighborhood is pseudonymized to obtain respective reference n-order neighborhoods, and the respective pseudonyms and dictionaries corresponding to the original IDs are stored, namely different dictionaries corresponding to different data providers correspond to different data providers.
In the embodiment of the application, the 1 st-order neighborhood is a user set which has a side relation with the intersection users in the data of the map, the 2 nd-order neighborhood is a user set which has a side relation with the 1 st-order neighborhood, and the n th-order neighborhood is a user set which has a side relation with the n-1 st-order neighborhood.
For example, in the case of only parties a and B, party B may extract an n-th order neighborhood of the intersection. Furthermore, the n-order neighborhood can be pseudonymized and then sent to the party A, and a dictionary corresponding to the pseudonym and the original ID is stored. Pseudonymization refers to replacing the real ID of a user with an meaningless ID, for example, "zhang san" is replaced with "1", "li si" is replaced with "2", and the stored dictionary is { "1": "zhangsan" and "2": "Liquan".
204. And executing a graph query task by the demander according to the local graph data of the demander and the reference n-order neighborhood of the at least one data provider to obtain a target query result.
In the specific implementation, a demand side merges according to local graph data of the demand side and a reference n-order neighborhood of at least one data provider, then the merged result is accessed to a graph database corresponding to the demand side, and a graph query task is executed based on the graph database to obtain a target query result. The number of the risk users around the user of the demand side can be determined by utilizing the query result, and the default risk of the user can be determined based on the number of the risk users, so that the risk of the demand side is reduced, and the safety of the demand side is ensured.
In the concrete implementation, the graph database query language is a language specially designed by combining graph structures, so that the graph database query language has high query efficiency, and if the graph database query language can still be used in the multi-graph query process, the performance loss of the multi-graph query is not great. In specific implementation, a graph query task usually only needs to access a small part of data (neighborhood of query vertices) in the whole graph, and is generally very sensitive to time delay, and results need to be returned in seconds or even milliseconds. Implementations are typically graph database based query languages such as Cypher, nGQL, SPARQL, and the like.
Because graph query generally only needs to access a small part of data in the whole graph, only neighborhood information of a query target needs to be found, and the process can be realized through the PSI technology. To continue using the graph database query language, the graph data itself needs plaintext, and pseudonymization is an excellent scheme for keeping the plaintext without exposing personal privacy data, and can improve the query efficiency.
Optionally, in step 204, the step of executing a graph query task by the demander according to the local graph data of the demander and the reference n-th order neighborhood of the at least one data provider to obtain a target query result may include the following steps:
a41, merging the local graph data of the demander and the reference n-order neighborhood corresponding to the at least one data provider through the demander, and writing a merging result into a graph database;
and A42, executing a graph query task according to the graph database to obtain the target query result.
In specific implementation, local graph data of a demander can be merged with a reference n-order neighborhood corresponding to at least one data provider through the demander, merged results are written into a graph database, and under the condition that a graph query instruction is received, a graph query task can be executed according to the graph database to obtain a target query result. The embodiment of the application is realized based on the existing graph database query language, and has high query efficiency.
Optionally, in step 204, the step of executing a graph query task by the demander according to the local graph data of the demander and the reference n-th order neighborhood of the at least one data provider to obtain a target query result may include the following steps:
b41, merging the local graph data of the demander and the reference n-order neighborhood corresponding to the at least one data provider through the demander, and writing a merging result into a graph database;
b42, executing a graph query task according to the graph database to obtain a first query result;
b43, when the demander inquires a target node vertex of a target data provider, sending the pseudonym of the target node vertex to the target data provider; the target data provider is any one of the at least one data provider;
b44, searching a corresponding original ID through the target data provider according to the pseudonym and a dictionary corresponding to the pseudonym and the original ID corresponding to the target data provider, performing graph query based on the original ID to obtain a second query result, and sending the second query result to the demander;
and B45, combining the first query result and the second query result through the demander to obtain the target query result.
In the specific implementation, local graph data of a demander can be merged with a reference n-order neighborhood corresponding to at least one data provider through the demander, a merged result is written into a graph database, a graph query task is executed according to the graph database to obtain a first query result, namely a primary query result, and when the demander queries a target node vertex of the target data provider, a pseudonym of the target node vertex is sent to the target data provider; the target data provider is any one of at least one data provider, the target data provider searches for a corresponding original ID according to a pseudonym and a dictionary corresponding to the pseudonym and the original ID, the corresponding original ID is searched for based on the original ID, a second query result is obtained and sent to a demand side, the first query result and the second query result are combined through the demand side to obtain the target query result, the graph data need to be in a plaintext due to the consideration of the pseudonym condition, the pseudonymization is an excellent scheme that the data still keeps the plaintext, the personal privacy data are not exposed, the query efficiency can be improved, and the query safety can be guaranteed. In the embodiment of the application, the query task of the multi-party graph data can be completed on the premise of not revealing privacy of data of all parties.
Optionally, the method may further include the following steps:
a1, obtaining a target safety requirement level through the demander;
a2, when the target safety requirement level is lower than the preset safety level, obtaining label information corresponding to the reference n-order neighborhood through the demander, executing a graph query task according to the graph database through the label information to obtain a first query result, and determining the first query result as the target query result.
The preset safety level can be preset or the system is defaulted, and the demander can set a corresponding safety requirement level according to the self inquiry requirement. The target safety requirement level can be obtained through the demander, when the target safety requirement level is lower than the preset safety level, the label information corresponding to the reference n-order neighborhood is obtained, the graph query task is executed through the label information, the first query result is obtained, the first query result is determined as the target query result, and the query efficiency can be improved.
In the embodiment of the application, if the security level is not high, the content of the n-order neighborhood sent after pseudonymization is influenced, and when the security level requirement is high, the n-order neighborhood cannot contain tag information, so that a demand side cannot complete all queries locally. When the requirement on the security level is not high, the n-order neighborhood can contain the label information, so that the demand party can complete all queries locally, and the security level does not influence the final query result.
Further, the method can also comprise the following steps:
and when the target safety requirement level is not lower than the preset safety level, the step of sending the pseudonym of the target node vertex to the target data provider when the demander inquires the target node vertex of the target data provider is executed.
In the specific implementation, when the target security requirement level is not lower than the preset security level, the security requirement is higher, that is, tagged data cannot be carried in the n-order neighborhood after pseudonymization, a demander cannot locally complete a graph query task, and the query security can be further ensured by the support of a data provider.
Optionally, there are more than a preset number of intersection users between the multiple participants.
The preset number may be preset or default to the system, that is, a certain number of intersection users exist among a plurality of participants.
For example, consider a scenario in which both bank a and bank B have graph data networks for transferring accounts between users, and have a certain intersection user, and both bank a and bank B have a label of whether the users are risk users, where party a is a demander and party B is a data provider, and party a wants to search the number of risk users around the user in combination with graph data information of party B, so as to determine the default risk of the user according to the value. That is, in the case of 2 participants, the specific flow of the embodiment of the present application is as follows:
s1, party A sets a vertex range related to a query condition, namely an n-order neighborhood of a query node;
s2, extracting vertex IDs (users) of respective graph data by the A party and the B party;
s3, the party A and the party B obtain intersection users among the mechanisms by using a privacy set intersection solving technology, and the users outside the intersection of the mechanisms are not exposed;
s4, the party B extracts an intersected n-order neighborhood (the 1-order neighborhood is a user set which has a side relation with an intersected user in the data of the local map, the 2-order neighborhood is a user set which has a side relation with the 1-order neighborhood, and the n-order neighborhood is a user set which has a side relation with the n-1-order neighborhood);
and S5, converting the n-order neighborhood into a pseudonym, sending the pseudonym to the party A, and storing the pseudonym and the dictionary corresponding to the original ID. Pseudonymization refers to replacing the real ID of a user with an meaningless ID, for example, "zhang san" is replaced with "1", "li si" is replaced with "2", and the stored dictionary is { "1": "zhangsan" and "2": "Liquan" };
s6, if the security requirement is low, the top point, the side and the top point label (whether the top point label is a risk user) after the pseudonymization can be sent to the party A together, the party A receives the n-order neighborhood of the intersection, the n-order neighborhood is merged with the local graph data, the graph data base is written, the graph query task can be completed locally, and the query result is output;
s7, if the requirement on security is high, and the label after pseudonymization still has certain privacy, only sending the top point and the side after pseudonymization to the A party, executing a query command of a database by the A party, and sending a top point ID (pseudonym) to a node of the B party when the top point of the node of the B party is queried;
s8, the party B receives the pseudonym, corresponds to an original ID according to the stored dictionary, performs graph query by using the original ID, and returns a query result to the party A;
and S9, the side A receives and merges the side B query result and the local query result, and outputs a final query result.
In the concrete implementation, as shown in fig. 3, a represents a party a, B represents a party B, a can extract a graph data user ID, B can also extract a graph data user ID, a and B are subjected to privacy set intersection, B extracts an intersected n-order neighborhood, pseudonyms of the n-order neighborhood are sent to a, dictionaries corresponding to pseudonyms and original IDs are stored, a receives the intersected n-order neighborhood, merges the n-order neighborhood with local graph data, writes into a graph database, executes a query instruction of the graph database, when information of the party B is queried, sends the query instruction to the party B, receives the pseudonyms, corresponds to the original IDs, carries out graph query by using the original IDs, returns a query result to the party a, and the query result of the side a receiving the party B and the query result of the party B are merged, and outputs the query result.
In the embodiment of the application, safe and efficient multi-square graph query is realized based on a Privacy Set Intersection (PSI) and kana technology and by combining the existing graph database query language.
It can be seen that the graph query method based on multi-party security described in the embodiment of the present application is applied to a multi-party computing system, the multi-party computing system includes a plurality of participants, each participant corresponds to one piece of local map data, and the plurality of participants includes a demand party and a plurality of data providers; performing vertex ID extraction on respective local graph data through each participant in a plurality of participants to obtain a plurality of vertex IDs, wherein each vertex ID corresponds to one user; determining intersection users among the vertex IDs by using a privacy set intersection technology through a plurality of participants to obtain target intersection users; extracting an n-order neighborhood of a target intersection user through each data provider in at least one data provider, pseudonymizing the n-order neighborhood to obtain respective reference n-order neighborhoods, and storing respective pseudonyms and dictionaries corresponding to original IDs; n is a positive integer; the method comprises the steps that a demander executes a graph query task according to local graph data of the demander and a reference n-order neighborhood of at least one data provider to obtain a target query result, so that privacy query can be realized based on a graph, and safe and efficient multi-graph query is realized by firstly utilizing a privacy set intersection technology and a pseudonymization technology and then combining graph database query language.
In accordance with the foregoing embodiments, please refer to fig. 4, fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application, as shown, the electronic device includes a processor, a memory, a communication interface, and one or more programs, the one or more programs are stored in the memory and configured to be executed by the processor, and are applied to a multi-party computing system, the multi-party computing system includes a plurality of participants, each of the participants corresponds to a local map data, and the plurality of participants includes a demander and a plurality of data providers; in an embodiment of the present application, the program includes instructions for performing the following steps:
performing vertex ID extraction on respective local graph data through each participant in the multiple participants to obtain multiple vertex IDs, wherein each vertex ID corresponds to one user;
determining intersection users among the vertex IDs by the participants through a privacy set intersection technology to obtain target intersection users;
extracting an n-order neighborhood of the target intersection user through each data provider in at least one data provider, pseudonymizing the n-order neighborhood to obtain respective reference n-order neighborhoods, and storing the respective pseudonyms and dictionaries corresponding to the original IDs; n is a positive integer;
and executing a graph query task by the demander according to the local graph data of the demander and the reference n-order neighborhood of the at least one data provider to obtain a target query result.
Optionally, in the aspect that the graph query task is executed by the demander according to the local graph data of the demander and the reference n-th order neighborhood of the at least one data provider, so as to obtain a target query result, the program includes instructions for executing the following steps:
merging the local graph data of the demander and the reference n-order neighborhood corresponding to the at least one data provider by the demander, and writing a merging result into a graph database;
and executing a graph query task according to the graph database to obtain the target query result.
Optionally, the graph query task is executed by the demander according to the local graph data of the demander and the reference n-th neighborhood of the at least one data provider, so as to obtain a target query result, where the program includes instructions for executing the following steps:
merging the local graph data of the demander and the reference n-order neighborhood corresponding to the at least one data provider by the demander, and writing a merging result into a graph database;
executing a graph query task according to the graph database to obtain a first query result;
when the demander inquires a target node vertex of a target data provider, sending the pseudonym of the target node vertex to the target data provider; the target data provider is any one of the at least one data provider;
searching a corresponding original ID through the target data provider according to the pseudonym and a dictionary corresponding to the pseudonym and the original ID corresponding to the target data provider, performing graph query based on the original ID to obtain a second query result, and sending the second query result to the demander;
and combining the first query result and the second query result through the demander to obtain the target query result.
Optionally, the program further includes instructions for performing the following steps:
acquiring a target safety requirement level through the demander;
and when the target safety requirement level is lower than the preset safety level, acquiring label information corresponding to the reference n-order neighborhood through the demander, executing the graph query task according to the graph database through the label information to obtain a first query result, and determining the first query result as the target query result.
Optionally, the program includes instructions for performing the following steps:
and when the target safety requirement level is not lower than the preset safety level, the step of sending the pseudonym of the target node vertex to the target data provider when the demander inquires the target node vertex of the target data provider is executed.
Optionally, the program includes instructions for performing the following steps:
there are more than a preset number of intersecting users between the multiple participants.
Embodiments of the present application also provide a computer storage medium, where the computer storage medium stores a computer program for electronic data exchange, the computer program enabling a computer to execute part or all of the steps of any one of the methods described in the above method embodiments, and the computer includes an electronic device.
Embodiments of the present application also provide a computer program product comprising a non-transitory computer readable storage medium storing a computer program operable to cause a computer to perform some or all of the steps of any one of the methods as set out in the above method embodiments. The computer program product may be a software installation package, the computer comprising an electronic device.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art will recognize that the embodiments described in this specification are preferred embodiments and that acts or modules referred to are not necessarily required for this application.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the above-described division of the units is only one type of division of logical functions, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some interfaces, devices or units, and may be an electric or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.
The integrated unit may be stored in a computer readable memory if it is implemented in the form of a software functional unit and sold or used as a stand-alone product. Based on such understanding, the technical solution of the present application may be substantially implemented or a part of or all or part of the technical solution contributing to the prior art may be embodied in the form of a software product stored in a memory, and including several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the above-mentioned method of the embodiments of the present application. And the aforementioned memory comprises: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable memory, which may include: flash Memory disks, read-Only memories (ROMs), random Access Memories (RAMs), magnetic or optical disks, and the like.
The foregoing detailed description of the embodiments of the present application has been presented to illustrate the principles and implementations of the present application, and the above description of the embodiments is only provided to help understand the method and the core concept of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, the specific implementation manner and the application scope may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (9)

1. A graph query method based on multi-party security is characterized by being applied to a multi-party computing system, wherein the multi-party computing system comprises a plurality of participants, each participant corresponds to one map data, and the plurality of participants comprise a demand party and a plurality of data providers; the method comprises the following steps:
performing vertex ID extraction on respective local graph data through each participant in the multiple participants to obtain multiple vertex IDs, wherein each vertex ID corresponds to one user;
determining intersection users among the plurality of vertex IDs by the plurality of participants by using a privacy set intersection technology to obtain target intersection users;
extracting an n-order neighborhood of the target intersection user through each data provider in at least one data provider, pseudonymizing the n-order neighborhood to obtain respective reference n-order neighborhoods, and storing the respective pseudonyms and dictionaries corresponding to the original IDs; n is a positive integer;
executing a graph query task by the demander according to the local graph data of the demander and the reference n-order neighborhood of the at least one data provider to obtain a target query result;
wherein, the obtaining of the target query result by the demander executing the graph query task according to the local graph data of the demander and the reference n-th order neighborhood of the at least one data provider comprises:
merging the local graph data of the demander and the reference n-order neighborhood corresponding to the at least one data provider by the demander, and writing a merging result into a graph database;
executing a graph query task according to the graph database to obtain a first query result;
when the demander inquires a target node vertex of a target data provider, sending the pseudonym of the target node vertex to the target data provider; the target data provider is any one of the at least one data provider;
searching a corresponding original ID through the target data provider according to the pseudonym and a dictionary corresponding to the pseudonym and the original ID corresponding to the target data provider, performing graph query based on the original ID to obtain a second query result, and sending the second query result to the demander;
and combining the first query result and the second query result through the demander to obtain the target query result.
2. The method of claim 1, wherein the obtaining of the target query result by the demander executing the graph query task according to the local graph data of the demander and the reference n-th neighborhood of the at least one data provider comprises:
merging the local graph data of the demander and the reference n-order neighborhood corresponding to the at least one data provider by the demander, and writing a merging result into a graph database;
and executing a graph query task according to the graph database to obtain the target query result.
3. The method of claim 1, further comprising:
acquiring a target safety requirement level through the demander;
and when the target safety requirement level is lower than a preset safety level, acquiring label information corresponding to the reference n-order neighborhood through the demander, executing the graph query task according to the graph database through the label information to obtain a first query result, and determining the first query result as the target query result.
4. The method of claim 3, further comprising:
and when the target safety requirement level is not lower than the preset safety level, the step of sending the pseudonym of the target node vertex to the target data provider when the demander inquires the target node vertex of the target data provider is executed.
5. The method of any of claims 1-4, wherein there are more than a preset number of intersecting users among the plurality of participants.
6. A multi-party computing system is characterized in that the multi-party computing system comprises a plurality of participants, each participant corresponds to local map data, and the plurality of participants comprise a demand party and a plurality of data providing parties; wherein the content of the first and second substances,
each participant in the multiple participants is used for performing vertex ID extraction on respective local graph data to obtain multiple vertex IDs, and each vertex ID corresponds to one user;
the multiple participants are used for determining intersection users among the multiple vertex IDs by using a privacy set intersection technology to obtain target intersection users;
each data provider in the at least one data provider is used for extracting an n-order neighborhood of the target intersection user, pseudonymizing the n-order neighborhood to obtain a respective reference n-order neighborhood, and storing the respective pseudonym and a dictionary corresponding to the original ID; n is a positive integer;
the demander is used for executing a graph query task according to the local graph data of the demander and the reference n-order neighborhood of the at least one data provider to obtain a target query result;
wherein, the executing graph query task according to the local graph data of the demand side and the reference n-order neighborhood of the at least one data provider side to obtain a target query result comprises:
merging the local graph data of the demander and the reference n-order neighborhood corresponding to the at least one data provider by the demander, and writing a merging result into a graph database;
executing a graph query task according to the graph database to obtain a first query result;
when the demander inquires a target node vertex of a target data provider, sending the pseudonym of the target node vertex to the target data provider; the target data provider is any one of the at least one data provider;
searching a corresponding original ID through the target data provider according to the pseudonym and a dictionary corresponding to the pseudonym and the original ID corresponding to the target data provider, performing graph query based on the original ID to obtain a second query result, and sending the second query result to the demander;
and combining the first query result and the second query result through the demander to obtain the target query result.
7. The system of claim 6, wherein the executing of the graph query task based on the local graph data of the requester and the reference n-th neighborhood of the at least one data provider to obtain the target query result comprises:
merging the local graph data of the demander and the reference n-order neighborhood corresponding to the at least one data provider by the demander, and writing a merging result into a graph database;
and executing a graph query task according to the graph database to obtain the target query result.
8. An electronic device, comprising a processor, a memory to store one or more programs and configured to be executed by the processor, the programs including instructions for performing the steps in the method of any of claims 1-5.
9. A computer-readable storage medium, characterized in that a computer program for electronic data exchange is stored, wherein the computer program causes a computer to perform the method according to any one of claims 1-5.
CN202210965991.1A 2022-08-12 2022-08-12 Graph query method, system and related device based on multi-party security Active CN115033599B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210965991.1A CN115033599B (en) 2022-08-12 2022-08-12 Graph query method, system and related device based on multi-party security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210965991.1A CN115033599B (en) 2022-08-12 2022-08-12 Graph query method, system and related device based on multi-party security

Publications (2)

Publication Number Publication Date
CN115033599A CN115033599A (en) 2022-09-09
CN115033599B true CN115033599B (en) 2022-11-11

Family

ID=83131194

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210965991.1A Active CN115033599B (en) 2022-08-12 2022-08-12 Graph query method, system and related device based on multi-party security

Country Status (1)

Country Link
CN (1) CN115033599B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115203487B (en) * 2022-09-15 2022-12-20 深圳市洞见智慧科技有限公司 Data processing method based on multi-party security graph and related device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102541867A (en) * 2010-12-15 2012-07-04 金蝶软件(中国)有限公司 Data dictionary generating method and system
CN114386070A (en) * 2022-01-12 2022-04-22 蚂蚁区块链科技(上海)有限公司 Multi-party safety intersection solving method and system
CN114417073A (en) * 2022-03-28 2022-04-29 之江实验室 Neighbor node query method and device of encryption graph and electronic equipment
CN114691721A (en) * 2022-03-24 2022-07-01 杭州海康威视数字技术股份有限公司 Graph data query method and device, electronic equipment and storage medium
CN114880504A (en) * 2022-07-08 2022-08-09 支付宝(杭州)信息技术有限公司 Graph data query method, device and equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11392623B2 (en) * 2019-12-11 2022-07-19 Oracle International Corporation Hybrid in-memory BFS-DFS approach for computing graph queries against heterogeneous graphs inside relational database systems
CN114818000B (en) * 2022-06-29 2022-09-20 深圳市洞见智慧科技有限公司 Privacy protection set confusion intersection method, system and related equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102541867A (en) * 2010-12-15 2012-07-04 金蝶软件(中国)有限公司 Data dictionary generating method and system
CN114386070A (en) * 2022-01-12 2022-04-22 蚂蚁区块链科技(上海)有限公司 Multi-party safety intersection solving method and system
CN114691721A (en) * 2022-03-24 2022-07-01 杭州海康威视数字技术股份有限公司 Graph data query method and device, electronic equipment and storage medium
CN114417073A (en) * 2022-03-28 2022-04-29 之江实验室 Neighbor node query method and device of encryption graph and electronic equipment
CN114880504A (en) * 2022-07-08 2022-08-09 支付宝(杭州)信息技术有限公司 Graph data query method, device and equipment

Also Published As

Publication number Publication date
CN115033599A (en) 2022-09-09

Similar Documents

Publication Publication Date Title
CN109857917B (en) Security knowledge graph construction method and system for threat intelligence
CN110362370B (en) Webpage language switching method and device and terminal equipment
CN110362372A (en) Page translation method, device, medium and electronic equipment
US20210240784A1 (en) Method, apparatus and storage medium for searching blockchain data
CN108846753B (en) Method and apparatus for processing data
CN110472438B (en) Transaction data processing and transaction inquiring method, device and equipment based on blockchain
US20210357461A1 (en) Method, apparatus and storage medium for searching blockchain data
CN106503111B (en) Webpage code-transferring method, device and client terminal
CN110096626A (en) Processing method, device, equipment and the storage medium of contract text data
CN115033599B (en) Graph query method, system and related device based on multi-party security
CN105791446A (en) Method, device and system for processing private lending
CN111625638A (en) Question processing method, device and equipment and readable storage medium
CN109670033A (en) Search method, device, equipment and the storage medium of content
CN112925954A (en) Method and apparatus for querying data in a graph database
CN112650890A (en) Graph database-based encrypted currency flow direction tracking method and device
CN110060154A (en) Works based on block chain deposit card method, system, device and equipment
CN109783589A (en) The method, apparatus and storage medium of electronic map parsing address
CN103544150A (en) Method and system for providing recommendation information for mobile terminal browser
US20140025661A1 (en) Method of displaying search result data, search server and mobile device
CN112307318A (en) Content publishing method, system and device
CN107979595B (en) Private data protection method and gateway system
CN109284452A (en) The online methods of exhibiting of electronic protocol, device, electronic equipment, storage medium
CN115203487B (en) Data processing method based on multi-party security graph and related device
CN108959294A (en) A kind of method and apparatus accessing search engine
CN109271564A (en) Declaration form querying method and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant