WO2023087760A1 - Data sharing method and apparatus, device, and storage medium - Google Patents

Data sharing method and apparatus, device, and storage medium Download PDF

Info

Publication number
WO2023087760A1
WO2023087760A1 PCT/CN2022/106833 CN2022106833W WO2023087760A1 WO 2023087760 A1 WO2023087760 A1 WO 2023087760A1 CN 2022106833 W CN2022106833 W CN 2022106833W WO 2023087760 A1 WO2023087760 A1 WO 2023087760A1
Authority
WO
WIPO (PCT)
Prior art keywords
sample
query
data
target
attribute
Prior art date
Application number
PCT/CN2022/106833
Other languages
French (fr)
Chinese (zh)
Inventor
刘红宝
高鹏飞
郑建宾
邱震尧
周雍恺
程栋
庞悦
欧阳琛
金灵
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2023087760A1 publication Critical patent/WO2023087760A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the embodiments of the present invention relate to the technical field of data processing, and in particular, to a data sharing method, device, device, and storage medium.
  • Embodiments of the present application provide a data sharing method, device, device, and storage medium for realizing data sharing between different industries, institutions, and departments.
  • the embodiment of the present application provides a data sharing method, the method includes:
  • the querying system receiving a query request sent by the querying system, the query request including the target encrypted sample identifier and the public key of the querying party;
  • the embodiment of the present application provides a data sharing method, the method includes:
  • the query request is sent to the coordinator system by the query system, and the query request includes the target encrypted sample identification and the query public key;
  • the attribute decryption is to obtain at least one response sample attribute, and obtain the target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
  • the embodiment of the present application provides a data sharing device, the device includes:
  • the first receiving module is configured to receive a query request sent by the querying system, where the query request includes the target encrypted sample identifier and the public key of the querying party;
  • the first sending module is configured to send the query request to at least one data-side system, so that the at least one data-side system obtains corresponding response sample attributes based on the target encrypted sample identifier, and adopts the query method
  • the public key encrypts the response sample attribute to obtain the encrypted sample attribute, and generates a query result according to the target encrypted sample identifier and the encrypted sample attribute;
  • the first receiving module is also used to receive query results sent by at least one data-side system, and send the received query results to the query-side system, so that the query-side system uses the private key of the query-side system to query each query result Decrypt the encrypted sample attribute in, obtain at least one response sample attribute, and obtain the target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
  • the at least one data center system is each data center system communicatively connected to the coordinator system; or,
  • the at least one data cube system is selected from the various data cube systems according to data quality.
  • the query request also includes a target attribute category
  • the first sending module is specifically used for:
  • a recording module is also included, and the recording module is specifically used for:
  • the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, and the encryption algorithm used by the query system and each data system is the same.
  • the embodiment of the present application provides a data sharing device, the device includes:
  • the second receiving module is configured to receive a query request sent by the coordinator system, the query request is sent to the coordinator system by the query system, and the query request includes the target encrypted sample identifier and the query public key;
  • An encryption module configured to obtain corresponding response sample attributes based on the target encryption sample ID, and encrypt the response sample attributes with the queryer public key to obtain encrypted sample attributes, and obtain the encrypted sample attributes according to the target encryption sample ID and the encrypted sample attributes to generate query results;
  • the second sending module is configured to send the query result to the coordinator system, so that the coordinator system sends the query result to the inquirer system, and instructs the inquirer system to pair the query result with the inquirer private key decrypt the encrypted sample attribute in the query result, obtain at least one response sample attribute, and obtain the target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
  • the encryption module is specifically used for:
  • At least one sample attribute corresponding to the reference encrypted sample ID is used as a response sample attribute.
  • the encryption module is also used for:
  • a random sequence is generated, and the random sequence is used as a response sample attribute.
  • the encryption module is also used for:
  • the query request also includes a target attribute category
  • the encryption module is also used for:
  • the sample attribute that matches the target attribute category among at least one sample attribute corresponding to the reference encrypted sample ID is used as Response sample properties.
  • the query result also includes optional field information
  • the encryption module is also used for:
  • the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, and the encryption algorithm used by the query system and each data system is the same.
  • an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored on the memory and operable on the processor, and the processor implements the above data sharing method when executing the program. step.
  • an embodiment of the present application provides a computer-readable storage medium, which stores a computer program executable by a computer device, and when the program is run on the computer device, the computer device executes the above-mentioned data sharing method. step.
  • an embodiment of the present application provides a computer program product
  • the computer program product includes a computer program stored on a computer-readable storage medium
  • the computer program includes program instructions, and when the program instructions are executed by a computer device , causing the computer device to execute the steps of the above data sharing method.
  • the inquiring system sends a query request to the coordinator system, and the coordinator system then sends the query request to the data side system.
  • the data cube system obtains the corresponding response sample attributes based on the target encrypted sample ID, and then uses the public key of the query party to encrypt the response sample attributes to obtain the encrypted sample attributes, and then generates query results based on the target encrypted sample ID and encrypted sample attributes.
  • the data side system sends the query result to the coordinator system, and the coordinator system sends the query result to the query side system.
  • the inquiring system decrypts the encrypted sample attribute in the query result through the inquiring party's private key, obtains at least one response sample attribute, and obtains the target sample attribute corresponding to the target encrypted sample ID from the at least one response sample attribute.
  • the coordinator system connects the query system and each data system, avoiding the query request from the query system directly to each data system, and ensuring the privacy of the query information and the data privacy of the data system.
  • the query results sent by each data system are also encrypted data. Therefore, the coordinating system does not know the specific data received and sent, which ensures that the query request and query Security of Results.
  • FIG. 1 is a schematic diagram of a system architecture provided by an embodiment of the present application.
  • FIG. 2 is a schematic flow diagram of a data sharing method provided by an embodiment of the present application.
  • FIG. 3 is a schematic structural diagram of a query request provided by an embodiment of the present application.
  • FIG. 4 is a schematic structural diagram of a query request provided by an embodiment of the present application.
  • FIG. 5 is a schematic structural diagram of a query result provided by an embodiment of the present application.
  • FIG. 6 is a schematic structural diagram of a query result provided by an embodiment of the present application.
  • FIG. 7 is a schematic flow diagram of a data sharing method provided by an embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of a data sharing device provided by an embodiment of the present application.
  • FIG. 9 is a schematic structural diagram of a data sharing device provided by an embodiment of the present application.
  • FIG. 10 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
  • the system architecture includes at least a terminal device 101, an inquiring system 102, a coordinating system 103, a data system 104-1, and a data system 104-2. , . . . the data cube system 104-X, where X is an integer greater than 0.
  • the terminal device 101 is installed with a target application for querying data, and the application may be a pre-installed client, a web application, or a small program embedded in other applications.
  • the terminal device 101 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, etc., but is not limited thereto.
  • the query system 102, the coordinator system 103, the data system 104-1 to the data system 104-X are background servers of the target application and provide services for the target application.
  • the inquiring system 102 can be an independent physical server, or a server cluster or a distributed system composed of multiple physical servers, and can also provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud Cloud servers for basic cloud computing services such as communications, middleware services, domain name services, security services, content delivery network (Content Delivery Network, CDN), and big data and artificial intelligence platforms.
  • the coordinator system 103 can be an independent physical server, or a server cluster or a distributed system composed of multiple physical servers, and can also provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud Cloud servers for basic cloud computing services such as communications, middleware services, domain name services, security services, content delivery network (Content Delivery Network, CDN), and big data and artificial intelligence platforms. It should be noted that there may be multiple inquiring party systems 102 and coordinating party systems 103 , and the present application does not specifically limit the number of inquiring party systems 102 and coordinating party systems 103 .
  • the data cube system 104 ⁇ 1 to the data cube system 104 ⁇ X can be an independent physical server, or a server cluster or a distributed system composed of multiple physical servers, or provide cloud services, cloud databases, cloud computing, cloud Cloud servers for basic cloud computing services such as function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, content delivery network (Content Delivery Network, CDN), and big data and artificial intelligence platforms.
  • cloud services such as function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, content delivery network (Content Delivery Network, CDN), and big data and artificial intelligence platforms.
  • the terminal device 101 and the inquiring system 102 may be directly or indirectly connected through wired or wireless communication, which is not limited in this application.
  • the inquiring system 102 and the coordinating system 103 may be directly or indirectly connected through wired or wireless communication, which is not limited in this application.
  • the coordinator system 103 is connected to the data system 104-1 to the data system 104-X respectively, and can be connected directly or indirectly through wired or wireless communication, which is not limited in this application.
  • the terminal device 101 In response to the user's data query operation, the terminal device 101 sends a data query command to the querying system 102, and the data query command includes the target sample identifier.
  • the inquiring system 102 receives the data query instruction, encrypts the target sample ID with an encryption algorithm, and obtains the target encrypted sample ID.
  • the queryer system 102 sends a query request to the coordinator system 103, wherein the query request includes the target encrypted sample identifier and the queryer public key.
  • the coordinator system 103 receives the query request sent by the query system 102, and sends query requests to the data-side systems 104-1, ..., and the data-side systems 104-X respectively.
  • At least one of the data cube systems 104 ⁇ 1 to data cube systems 104 ⁇ X obtains corresponding response sample attributes based on the target encrypted sample identifier in the query request, and encrypts the response sample attributes with the query party public key , obtain the encrypted sample attribute, and generate a query result according to the target encrypted sample ID and the encrypted sample attribute.
  • the above-mentioned at least one data-side system respectively sends query results to the coordinator system 103 , and the coordinator system 103 sends each query result to the query-side system 102 .
  • the querying system 102 decrypts the encrypted sample attributes in each query result with the private key of the querying party, obtains at least one response sample attribute, and obtains the target sample attribute corresponding to the target encrypted sample ID from the at least one response sample attribute.
  • the solutions in the embodiments of the present application are applicable to the data sharing query requirements of different industries.
  • the establishment of a financial industry data security sharing alliance, etc. can be safely shared within the alliance, and the privacy data security of all parties can be guaranteed.
  • Data cube system 104 ⁇ 1 to data cube system 104 ⁇ X execute interactively, including the following steps:
  • Step S201 the inquiring system sends an inquiry request to the coordinating system.
  • the query request includes the target encrypted sample ID and the public key of the querying party.
  • the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, wherein the target sample ID can be an ID card number, a telephone number, and the like.
  • the encryption algorithm used by the query system and each data system is the same.
  • the encryption algorithm may be a symmetric encryption algorithm, an asymmetric encryption algorithm, or a hash algorithm.
  • the encryption algorithm is used to encrypt the target sample ID to obtain the target encrypted sample ID, which enhances the security of query information.
  • the inquiring party system determines the inquiring party's public key and inquiring party's private key based on an asymmetric encryption algorithm.
  • the asymmetric encryption algorithm may be any one of RSA algorithm, Elgamal algorithm, elliptic curve encryption algorithm and the like.
  • the query request includes the target encrypted sample identifier and the public key of the querying party.
  • the query request includes the target encrypted sample identifier, the public key of the querying party, and the target attribute category.
  • the target attribute category can restrict different scenarios and determine the response sample attributes in a specific scenario.
  • Step S202 the coordinating system sends a query request to the data system.
  • the coordinator system receives the query request sent by the query system, and records the identity information of the query party and the corresponding query request.
  • the coordinator system can send the query request to each data party system in the data sharing network in the form of broadcast.
  • the coordinator system can also select the broadcast data party system according to a certain probability value.
  • the coordinator system sends a query request to each data-side system connected by communication.
  • the coordinator system sends query requests to data party system 1, data party system 2, and data party system 3 respectively.
  • the coordinating system sends query requests to each data system connected by communication, which can effectively improve the matching degree of query requests and improve the quality of query results.
  • the coordinator system sends a query request to some of the data-side systems connected by communication.
  • some data cube systems are randomly selected by the coordinator system from each data cube system.
  • the coordinator system generates a random number for each data cube system, compares the random number corresponding to each data cube system with the preset value, and uses the data cube system corresponding to the random number that meets the preset conditions as part of the data square system.
  • the coordinator system generates a random number for each data cube system, and the random numbers corresponding to data cube system 1, data cube system 2, and data cube system 3 are 0.6, 0.4, and 0.9, respectively. Comparing each random number with the preset value 0.5, the random number 0.6 corresponding to the data cube system 1 is greater than 0.5, and the random number 0.9 corresponding to the data cube system 3 is greater than 0.5. Therefore, the data cube system 1 and the data cube system 3 are selected as part of the data cube systems, and the coordinating system sends query requests to the data cube system 1 and the data cube system 3.
  • some data cube systems are selected by the coordinator system from various data cube systems according to the data quality.
  • each data cube system determines a corresponding data quality score based on the data quality in each system.
  • Data quality is related to the data value of the data cube system and the credit of the data cube.
  • the coordinator system regards the data cube systems corresponding to the data quality scores that meet the preset conditions as part of the data cube systems.
  • data cube system 1 For example, it is assumed that three data cube systems are connected to the coordinator system, namely, data cube system 1, data cube system 2, and data cube system 3.
  • the data quality scores corresponding to each data cube system are 90 points, 78 points, and 93 points respectively.
  • the coordinator system sends query requests to some of the data-side systems in the communication connection, which effectively reduces the network load.
  • some data cube systems are selected from various data cube systems according to data quality, while reducing the network load, it also ensures the matching degree of query requests and improves the quality of query results.
  • Step S203 the data party system obtains the corresponding response sample attributes based on the target encrypted sample identifier.
  • the data cube system queries the desensitization database according to the target encrypted sample ID, and obtains the response sample attributes.
  • Embodiment 1 When the query request includes the target encrypted sample ID and the public key of the inquiring party, if there is a reference encrypted sample ID matching the target encrypted sample ID in the data party system, at least one sample corresponding to the reference encrypted sample ID will be referenced. attributes as response sample attributes.
  • the data cube system If there is no reference encrypted sample ID matching the target encrypted sample ID in the data cube system, in a possible implementation manner, the data cube system generates a random sequence and uses the random sequence as a response sample attribute.
  • the data cube system generates a random number, which is the probability of generating a random sequence, and then compares the random number with a preset threshold. If the random number is greater than the preset threshold, the data cube system Generate a random sequence and use this random sequence as a response sample attribute; otherwise, the data cube system will not do anything.
  • the data cube system includes data cube system 1 and data cube system 2, and the target encrypted sample identifier is aa.
  • the data cube system 1 includes three sets of reference encrypted sample IDs, and each set of reference encrypted sample IDs corresponds to two sample attributes, namely whether it is A or not.
  • the three sets of reference encrypted sample IDs are aa, bb, and cc, respectively, and the sample attributes corresponding to the reference encrypted sample ID aa are A and B respectively.
  • the sample attributes corresponding to the reference encrypted sample ID bb are non-A and non-B respectively.
  • the sample attributes corresponding to the reference encrypted sample ID cc are A and non-B respectively.
  • the data side system 1 queries Table 1 according to the target encrypted sample ID aa, determines that there is a reference encrypted sample ID matching the target encrypted sample ID aa in Table 1, and uses the sample attributes "A and B" corresponding to the reference encrypted sample ID aa as Response sample properties.
  • the data cube system 2 includes two sets of reference encrypted sample IDs, and each set of reference encrypted sample IDs corresponds to a sample attribute, that is, whether it is A or not.
  • the two sets of reference encrypted sample IDs are bb and cc respectively, and the sample attribute corresponding to the reference encrypted sample ID bb is not A.
  • the sample attribute corresponding to the reference encrypted sample ID cc is A.
  • the data side system 2 queries Table 2 according to the target encrypted sample ID aa, and determines that there is no reference encrypted sample ID matching the target encrypted sample ID aa in Table 2, then the data side system 2 generates a random sequence and takes the random sequence as a response Sample properties.
  • Embodiment 2 When the query request includes the marked encrypted sample ID, the public key of the querying party, and the target attribute category, if there is a reference encrypted sample ID matching the target encrypted sample ID in the data party system, the reference encrypted sample ID will be correspondingly Among at least one sample attribute of , the sample attribute matching the target attribute category is used as the response sample attribute.
  • the data cube system If there is no reference encrypted sample ID matching the target encrypted sample ID in the data cube system, in a possible implementation manner, the data cube system generates a random sequence and uses the random sequence as a response sample attribute.
  • the data cube system generates a random number, which is the probability of generating a random sequence, and then compares the random number with a preset threshold. If the random number is greater than the preset threshold, the data cube The system generates a random sequence and takes the random sequence as a response sample attribute; otherwise, the data side system does not do any processing.
  • the data cube system includes data cube system 1 and data cube system 2, the target encrypted sample identifier is aa, and the target attribute type is B or not.
  • the data in Data Cube System 1 is shown in Table 1.
  • the data side system 1 queries Table 1 according to the target encrypted sample ID aa, and determines that there is a reference encrypted sample ID matching the target encrypted sample ID aa in Table 1, then selects the sample from the two sample attributes corresponding to the reference encrypted sample ID aa Attribute "B", as a response sample attribute.
  • Data side system 1 queries table 2 according to target encrypted sample ID aa, and determines that there is no reference encrypted sample ID matching target encrypted sample ID aa in table 2, then data side system 2 generates a random number 0.3, and stores the random number Compared with the preset threshold 0.5, since the random number 0.3 is smaller than the preset threshold 0.5, the data party system 2 does not perform any processing.
  • the target attribute category limits different scenarios, and the target attribute category is used to filter the sample attributes to obtain the response sample attributes, which can more accurately match the sample attributes and obtain more accurate response sample attributes.
  • the target attribute category is used to filter the sample attributes to obtain the response sample attributes, which can more accurately match the sample attributes and obtain more accurate response sample attributes.
  • Step S204 the data party system encrypts the response sample attributes by using the query party's public key to obtain the encrypted sample attributes.
  • the data cube system can use the public key of the query party to encrypt only the response sample attributes to obtain encrypted sample attributes, and the data cube system can also use the query party public key to encrypt the response sample attributes and optional field information. Get encrypted sample properties.
  • the optional field information may be any one or combination of timestamps, random numbers, random character strings, and the like.
  • Step S205 the data side system generates a query result according to the target encrypted sample identifier and the encrypted sample attribute.
  • the query result when the data side system encrypts the response sample attribute with the queryer public key, the query result includes the target encrypted sample ID and the encrypted sample attribute, wherein the encrypted sample attribute includes the response sample attribute.
  • the query result when the data party system uses the public key of the query party to encrypt the response sample attributes and optional field information, the query result includes the target encrypted sample identifier and encrypted sample attributes, where the encrypted sample Properties include response sample properties and optional field information.
  • Step S206 the data party system sends the query result to the coordinator system.
  • the coordinating party system receives the query results sent by the data party system, and records each data party system and the corresponding query results sent. At the same time, the previously recorded identity information of the inquiring party and the querying request of the inquiring party correspond to the query results sent by each data party system.
  • the coordinator system records the identity information of the querying party, the querying request of the querying party, and each query result corresponding to the querying request, which ensures that the query information is traceable and cannot be tampered with, and is convenient for information verification and review.
  • Step S207 the coordinating system sends the query result to the querying system.
  • the coordinator system also provides a billing function, charges the corresponding fee to the query party, and pays the corresponding fee to the data system that provides the query result, effectively improving the enthusiasm of the data system to participate and promoting data sharing development of.
  • Step S208 the inquiring party system decrypts the encrypted sample attribute in the query result by using the inquiring party's private key, obtains at least one response sample attribute, and obtains the target sample attribute corresponding to the target encrypted sample ID from the at least one response sample attribute.
  • the inquiring party system decrypts the encrypted sample attributes through the inquiring party's private key to obtain the response sample attributes.
  • the inquiring party system decrypts the encrypted sample attributes through the inquiring party's private key, and obtains the concatenated field information of the response sample attributes and optional field information.
  • the optional field information in the concatenated field information is removed, that is, the response sample attributes are obtained.
  • the response sample attribute is used as the target sample attribute corresponding to the target encrypted sample ID . If the response sample attribute is a response sample attribute of a random sequence, the response sample attribute is removed.
  • the system composed of the inquiring system, the coordinating system and each data system realizes the data sharing of the data in each data system without leaving the database.
  • the query system can only obtain query results, but it is not clear which data system provides the query results.
  • the attributes of the response samples acquired by the inquiring system are only known to the inquiring system and the data system, and cannot be obtained by any third party, thereby improving the security of the query information and protecting the privacy of the identity information of the inquiring system.
  • the data cube system only provides query results, but it is not clear which query system is providing the query results. At the same time, the data cube system cannot know the query results generated by other data cube systems, thereby protecting the data privacy of the data cube system.
  • the coordinator system connects the query system and each data system, avoiding the query request from the query system directly to each data system, and ensuring the privacy of the query information and the data privacy of the data system.
  • the query request sent by the querying party is encrypted data
  • the query results sent by each data system are also encrypted data. Therefore, the coordinating system does not know the specific data received and sent, which ensures that the query request and query Security of Results.
  • step S301 the querying system sends a query request to the coordinating system, wherein the query request includes the target encrypted sample identifier, the querying party's public key, and the target attribute category.
  • Step S302 the coordinating party system records the identity information of the inquiring party and the inquiry request of the inquiring party.
  • Step S303 the coordinator system sends a query request to the data side system.
  • step S304 the data side system judges whether there is a reference encrypted sample ID matching the target encrypted sample ID, and if yes, executes step S305; otherwise, executes step S306.
  • step S305 the data side system takes the sample attribute matching the target attribute category among at least one sample attribute corresponding to the reference encrypted sample ID as the response sample attribute, and jumps to step S308.
  • step S306 the data side system generates a random number, and judges whether the random number is greater than a preset threshold, if yes, executes step S307; otherwise, ends.
  • step S307 the data cube system generates a random sequence and uses the random sequence as a response sample attribute.
  • step S308 the data party system encrypts the response sample attributes and optional field information using the queryer's public key to obtain encrypted sample attributes.
  • the optional field information may be timestamp, random number, random character string, etc.
  • Step S309 the data cube system generates a query result according to the target encrypted sample identifier and the encrypted sample attribute.
  • Step S310 the data party system sends the query result to the coordinator system.
  • step S311 the coordinator system records each data party system and corresponding query results sent.
  • Step S312 the coordinating system sends the query result to the querying system.
  • Step S313 the inquiring party system decrypts the encrypted sample attribute in the query result by using the inquiring party's private key, obtains at least one response sample attribute, and obtains the target sample attribute corresponding to the target encrypted sample ID from the at least one response sample attribute.
  • the system composed of the inquiring system, the coordinating system and each data system realizes the data sharing of the data in each data system without leaving the database.
  • the coordinator system connects the query system and each data system, avoiding the query request from the query system directly to each data system, and ensuring the privacy of the query information and the data privacy of the data system.
  • the query request sent by the querying party is encrypted data
  • the query results sent by each data system are also encrypted data. Therefore, the coordinating system does not know the specific data received and sent, which ensures that the query request and query Security of Results.
  • the target attribute category restricts different scenarios. By filtering the sample attributes through the target attribute category and obtaining the response sample attributes, the sample attributes can be matched more accurately and more accurate response sample attributes can be obtained. When there is no reference encrypted sample ID matching the target encrypted sample ID in the data cube system, a random sequence can be generated and returned according to the probability, which effectively reduces the network load and improves the network operation efficiency. In the case of the same response sample attributes, by encrypting the response sample attributes and optional field information to obtain different encrypted sample attributes, it can effectively solve the problem of obtaining the response sample attributes after the third party intercepts the encrypted sample attributes, and improves security during data transmission.
  • the coordinator system records the identity information of the query party, the query request of the query party, and each query result corresponding to the query request, ensuring that the query information is traceable and cannot be tampered with, which is convenient for information verification and review.
  • the embodiment of the present application provides a data sharing device, as shown in Figure 8, the device 800 includes:
  • the first receiving module 801 is configured to receive a query request sent by the querying system, and the query request includes the target encrypted sample identifier and the public key of the querying party;
  • the first sending module 802 is configured to send the query request to at least one data-side system, so that the at least one data-side system obtains corresponding response sample attributes based on the target encrypted sample identifier, and uses the query
  • the public key of the party encrypts the response sample attribute to obtain the encrypted sample attribute, and generates a query result according to the target encrypted sample identifier and the encrypted sample attribute;
  • the first receiving module 801 is also used to receive the query result sent by at least one data-side system, and send the received query result to the query-side system, so that the query-side system can use the private key of the query-side system to query each
  • the encrypted sample attribute in the result is decrypted, at least one response sample attribute is obtained, and the target sample attribute corresponding to the target encrypted sample identifier is obtained from the at least one response sample attribute.
  • the at least one data center system is each data center system communicatively connected to the coordinator system; or,
  • the at least one data cube system is selected from the various data cube systems according to data quality.
  • the query request also includes a target attribute category
  • the first sending module 802 is specifically used for:
  • a recording module 803 is also included, and the recording module 803 is specifically used for:
  • the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, and the encryption algorithm used by the query system and each data system is the same.
  • the embodiment of this application provides a data sharing device, as shown in Figure 9, the device 900 includes:
  • the second receiving module 901 is configured to receive a query request sent by the coordinator system, the query request is sent to the coordinator system by the query system, and the query request includes the target encrypted sample identifier and the query party public key ;
  • An encryption module 902 configured to obtain corresponding response sample attributes based on the target encryption sample identifier, and encrypt the response sample attributes with the queryer public key to obtain encrypted sample attributes, and encrypt the sample attributes according to the target encryption sample Identify and attribute the encrypted sample, and generate a query result;
  • the second sending module 903 is configured to send the query result to the coordinator system, so that the coordinator system sends the query result to the inquirer system, and instructs the inquirer system to use the inquirer private key pair
  • the encrypted sample attribute in the query result is decrypted to obtain at least one response sample attribute, and the target sample attribute corresponding to the target encrypted sample identifier is obtained from the at least one response sample attribute.
  • the encryption module 902 is specifically configured to:
  • At least one sample attribute corresponding to the reference encrypted sample ID is used as a response sample attribute.
  • the encryption module 902 is also used for:
  • a random sequence is generated, and the random sequence is used as a response sample attribute.
  • the encryption module 902 is also used for:
  • the query request also includes a target attribute category
  • the encryption module 902 is also used for:
  • the sample attribute that matches the target attribute category among at least one sample attribute corresponding to the reference encrypted sample ID is used as Response sample properties.
  • the query result also includes optional field information
  • the encryption module 902 is also used for:
  • the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, and the encryption algorithm used by the query system and each data system is the same.
  • the embodiment of the present application provides a computer device, which may be a terminal or a server, as shown in FIG. 10 , including at least one processor 1001 and a memory 1002 connected to the at least one processor.
  • the specific connection medium between the processor 1001 and the memory 1002 is not limited in the embodiment of the application, and the connection between the processor 1001 and the memory 1002 in FIG. 10 is taken as an example.
  • the bus can be divided into address bus, data bus, control bus and so on.
  • the memory 1002 stores instructions executable by at least one processor 1001, and at least one processor 1001 can execute the steps included in the above data sharing method by executing the instructions stored in the memory 1002.
  • the processor 1001 is the control center of the computer equipment, which can use various interfaces and lines to connect various parts of the computer equipment, by running or executing the instructions stored in the memory 1002 and calling the data stored in the memory 1002, thereby performing data processing.
  • the processor 1001 may include one or more processing units, and the processor 1001 may integrate an application processor and a modem processor.
  • the tuner processor mainly handles wireless communication. It can be understood that the foregoing modem processor may not be integrated into the processor 1001 .
  • the processor 1001 and the memory 1002 can be implemented on the same chip, and in some embodiments, they can also be implemented on independent chips.
  • the processor 1001 can be a general processor, such as a central processing unit (CPU), a digital signal processor, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a field programmable gate array or other programmable logic devices, discrete gates or transistors Logic devices and discrete hardware components can implement or execute the methods, steps and logic block diagrams disclosed in the embodiments of the present application.
  • a general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the methods disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor.
  • the memory 1002 as a non-volatile computer-readable storage medium, can be used to store non-volatile software programs, non-volatile computer-executable programs and modules.
  • the memory 1002 may include at least one type of storage medium, such as flash memory, hard disk, multimedia card, card-type memory, random access memory (Random Access Memory, RAM), static random access memory (Static Random Access Memory, SRAM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Magnetic Memory, Disk , CD, etc.
  • the memory 1002 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and can be accessed by a computer, but is not limited thereto.
  • the memory 1002 in the embodiment of the present application may also be a circuit or any other device capable of implementing a storage function, and is used for storing program instructions and/or data.
  • an embodiment of the present application provides a computer-readable storage medium, which stores a computer program executable by a computer device, and when the program runs on the computer device, the computer device executes the steps of the above data sharing method.
  • an embodiment of the present application provides a computer program product, the computer program product includes a computer program stored on a computer-readable storage medium, the computer program includes program instructions, when the program instructions are executed by the computer When executing, the computer is made to execute the steps of the above data sharing method.
  • the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions
  • the device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

Abstract

Embodiments of the present application relate to the technical field of data processing, and provide a data sharing method and apparatus, a device, and a storage medium. The method comprises: a querier system sends a query request to a data side system by means of a coordinator system; the data side system obtains a corresponding response sample attribute on the basis of a target encrypted sample identifier, then encrypts the response sample attribute by means of a querier public key to obtain an encrypted sample attribute, and then generates a query result according to the target encrypted sample identifier and the encrypted sample attribute; the data side system sends the query result to the querier system by means of the coordinator system; the querier system decrypts the encrypted sample attribute in the query result by means of a querier private key, and obtains a target sample attribute corresponding to the target encrypted sample identifier. The coordinator system connects the querier system and data side systems, preventing the querier system from directly sending a query request to the data side systems, and ensuring the privacy of information of the querier and the privacy of data of the data side systems.

Description

一种数据共享方法、装置、设备及存储介质A data sharing method, device, equipment and storage medium
相关申请的交叉引用Cross References to Related Applications
本申请要求在2021年11月22日提交中国专利局、申请号为202111402128.7、申请名称为“一种数据共享方法、装置、设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202111402128.7 and the application title "A data sharing method, device, equipment and storage medium" submitted to the China Patent Office on November 22, 2021, the entire contents of which are incorporated by reference incorporated in this application.
技术领域technical field
本发明实施例涉及数据处理技术领域,尤其涉及一种数据共享方法、装置、设备及存储介质。The embodiments of the present invention relate to the technical field of data processing, and in particular, to a data sharing method, device, device, and storage medium.
背景技术Background technique
在万物互联的场景中,不同的行业、机构、部门之间的数据联合会形成一个巨大的数据联盟。不同机构之间对对方所掌握的数据信息,有很大的共享需求。然而,越来越多的机构在数据合作中对自身数据的保护要求有所加强,在当前欠缺数据保护的环境下,各个机构之间无法实现数据共享。这使得数据无法有效地在不同的行业、机构、部门之间共享与流动,无法发挥数据自身的价值。In the scenario of the Internet of Everything, the data federation between different industries, institutions, and departments will form a huge data alliance. There is a great need to share the data information held by each other among different institutions. However, more and more institutions have strengthened their own data protection requirements in data cooperation. In the current environment of lack of data protection, data sharing among various institutions cannot be realized. This makes it impossible for data to be effectively shared and flowed among different industries, institutions, and departments, and the value of data itself cannot be fully utilized.
现有的数据共享技术主要针对同一机构,实现了不同业务系统之间的数据共享。对于不同行业、不同机构之间,在不泄露自身数据的前提下,无法有效地实现数据共享。Existing data sharing technologies are mainly aimed at the same organization, realizing data sharing between different business systems. For different industries and different organizations, it is impossible to effectively realize data sharing without disclosing their own data.
发明内容Contents of the invention
本申请实施例提供了一种数据共享方法、装置、设备及存储介质,用于实现不同的行业、机构、部门之间的数据共享。Embodiments of the present application provide a data sharing method, device, device, and storage medium for realizing data sharing between different industries, institutions, and departments.
一方面,本申请实施例提供了一种数据共享方法,该方法包括:On the one hand, the embodiment of the present application provides a data sharing method, the method includes:
接收查询方系统发送的查询请求,所述查询请求中包括目标加密样本标识和查询方公钥;receiving a query request sent by the querying system, the query request including the target encrypted sample identifier and the public key of the querying party;
向至少一个数据方系统发送所述查询请求,以使所述至少一个数据方系统分别基于所述目标加密样本标识,获得相应的响应样本属性,并采用所述查询方公钥对所述响应样本属性进行加密,获得加密样本属性,并根据所述目标加密样本标识和所述加密样本属性,生成查询结果;sending the query request to at least one data party system, so that the at least one data party system obtains the corresponding response sample attributes based on the target encrypted sample identifier, and uses the query party public key to query the response sample Encrypting attributes to obtain encrypted sample attributes, and generating query results according to the target encrypted sample identifier and the encrypted sample attributes;
接收至少一个数据方系统发送的查询结果,并将接收的查询结果发送至所述查询方系统,以使所述查询方系统通过查询方私钥分别对各个查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从所述至少一个响应样本属性中,获得所述目标加密样本标识对应的目标样本属性。receiving query results sent by at least one data-side system, and sending the received query results to the query-side system, so that the query-side system can respectively decrypt the encrypted sample attributes in each query result through the query-side private key, and obtain at least one response sample attribute, and obtain a target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
一方面,本申请实施例提供了一种数据共享方法,该方法包括:On the one hand, the embodiment of the present application provides a data sharing method, the method includes:
接收协调方系统发送的查询请求,所述查询请求是由查询方系统发送至所述协调方系 统的,所述查询请求中包括目标加密样本标识和查询方公钥;Receiving the query request sent by the coordinator system, the query request is sent to the coordinator system by the query system, and the query request includes the target encrypted sample identification and the query public key;
基于所述目标加密样本标识,获得相应的响应样本属性,并采用所述查询方公钥对所述响应样本属性进行加密,获得加密样本属性,并根据所述目标加密样本标识和所述加密样本属性,生成查询结果;Obtain the corresponding response sample attribute based on the target encrypted sample ID, and encrypt the response sample attribute with the public key of the inquiring party to obtain the encrypted sample attribute, and obtain the encrypted sample attribute according to the target encrypted sample ID and the encrypted sample Attributes to generate query results;
发送所述查询结果至所述协调方系统,以使所述协调方系统发送查询结果至所述查询方系统,并指示所述查询方系统通过查询方私钥对所述查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从所述至少一个响应样本属性中,获得所述目标加密样本标识对应的目标样本属性。sending the query result to the coordinator system, so that the coordinator system sends the query result to the query system, and instructs the query system to encrypt the encrypted sample in the query result through the query party private key The attribute decryption is to obtain at least one response sample attribute, and obtain the target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
一方面,本申请实施例提供了一种数据共享装置,该装置包括:On the one hand, the embodiment of the present application provides a data sharing device, the device includes:
第一接收模块,用于接收查询方系统发送的查询请求,所述查询请求中包括目标加密样本标识和查询方公钥;The first receiving module is configured to receive a query request sent by the querying system, where the query request includes the target encrypted sample identifier and the public key of the querying party;
第一发送模块,用于向至少一个数据方系统发送所述查询请求,以使所述至少一个数据方系统分别基于所述目标加密样本标识,获得相应的响应样本属性,并采用所述查询方公钥对所述响应样本属性进行加密,获得加密样本属性,并根据所述目标加密样本标识和所述加密样本属性,生成查询结果;The first sending module is configured to send the query request to at least one data-side system, so that the at least one data-side system obtains corresponding response sample attributes based on the target encrypted sample identifier, and adopts the query method The public key encrypts the response sample attribute to obtain the encrypted sample attribute, and generates a query result according to the target encrypted sample identifier and the encrypted sample attribute;
第一接收模块,还用于接收至少一个数据方系统发送的查询结果,并将接收的查询结果发送至所述查询方系统,以使所述查询方系统通过查询方私钥分别对各个查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从所述至少一个响应样本属性中,获得所述目标加密样本标识对应的目标样本属性。The first receiving module is also used to receive query results sent by at least one data-side system, and send the received query results to the query-side system, so that the query-side system uses the private key of the query-side system to query each query result Decrypt the encrypted sample attribute in, obtain at least one response sample attribute, and obtain the target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
可选地,所述至少一个数据方系统是与所述协调方系统通信连接的各个数据方系统;或者,Optionally, the at least one data center system is each data center system communicatively connected to the coordinator system; or,
所述至少一个数据方系统是按照数据质量从所述各个数据方系统中选取获得的。The at least one data cube system is selected from the various data cube systems according to data quality.
可选地,所述查询请求中还包括目标属性类别;Optionally, the query request also includes a target attribute category;
所述第一发送模块具体用于:The first sending module is specifically used for:
向至少一个数据方系统发送所述查询请求,以使所述至少一个数据方系统分别基于所述目标加密样本标识和所述目标属性类别,获得相应的响应样本属性。Sending the query request to at least one data-side system, so that the at least one data-side system obtains corresponding response sample attributes based on the target encrypted sample identifier and the target attribute category respectively.
可选地,还包括记录模块,所述记录模块具体用于:Optionally, a recording module is also included, and the recording module is specifically used for:
记录所述查询方系统的身份信息、所述查询方系统的查询请求以及接收的查询结果。Recording the identity information of the inquiring system, the query request of the inquiring system, and the received query results.
可选地,所述目标加密样本标识是采用加密算法对目标样本标识进行加密获得的,所述查询方系统和各个数据方系统采用的加密算法相同。Optionally, the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, and the encryption algorithm used by the query system and each data system is the same.
一方面,本申请实施例提供了一种数据共享装置,该装置包括:On the one hand, the embodiment of the present application provides a data sharing device, the device includes:
第二接收模块,用于接收协调方系统发送的查询请求,所述查询请求是由查询方系统发送至所述协调方系统的,所述查询请求中包括目标加密样本标识和查询方公钥;The second receiving module is configured to receive a query request sent by the coordinator system, the query request is sent to the coordinator system by the query system, and the query request includes the target encrypted sample identifier and the query public key;
加密模块,用于基于所述目标加密样本标识,获得相应的响应样本属性,并采用所述查询方公钥对所述响应样本属性进行加密,获得加密样本属性,并根据所述目标加密样本标识和所述加密样本属性,生成查询结果;An encryption module, configured to obtain corresponding response sample attributes based on the target encryption sample ID, and encrypt the response sample attributes with the queryer public key to obtain encrypted sample attributes, and obtain the encrypted sample attributes according to the target encryption sample ID and the encrypted sample attributes to generate query results;
第二发送模块,用于发送所述查询结果至所述协调方系统,以使所述协调方系统发送查询结果至所述查询方系统,并指示所述查询方系统通过查询方私钥对所述查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从所述至少一个响应样本属性中,获得所述目标加密样本标识对应的目标样本属性。The second sending module is configured to send the query result to the coordinator system, so that the coordinator system sends the query result to the inquirer system, and instructs the inquirer system to pair the query result with the inquirer private key decrypt the encrypted sample attribute in the query result, obtain at least one response sample attribute, and obtain the target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
可选地,所述加密模块具体用于:Optionally, the encryption module is specifically used for:
若所述数据方系统中,存在与所述目标加密样本标识匹配的参考加密样本标识,则将所述参考加密样本标识对应的至少一个样本属性作为响应样本属性。If there is a reference encrypted sample ID matching the target encrypted sample ID in the data party system, at least one sample attribute corresponding to the reference encrypted sample ID is used as a response sample attribute.
可选地,所述加密模块还用于:Optionally, the encryption module is also used for:
若所述数据方系统中不存在与所述目标加密样本标识匹配的参考加密样本标识,则生成随机序列,并将所述随机序列作为响应样本属性。If there is no reference encrypted sample ID matching the target encrypted sample ID in the data party system, a random sequence is generated, and the random sequence is used as a response sample attribute.
可选地,所述加密模块还用于:Optionally, the encryption module is also used for:
若所述数据方系统中不存在与所述目标加密样本标识匹配的参考加密样本标识,且所述数据方系统对应的随机序列生成概率大于预设阈值,则生成随机序列。If there is no reference encrypted sample identifier matching the target encrypted sample identifier in the data cube system, and the random sequence generation probability corresponding to the data cube system is greater than a preset threshold, a random sequence is generated.
可选地,所述查询请求中还包括目标属性类别;Optionally, the query request also includes a target attribute category;
所述加密模块还用于:The encryption module is also used for:
若所述数据方系统中,存在与所述目标加密样本标识匹配的参考加密样本标识,则将所述参考加密样本标识对应的至少一个样本属性中,与所述目标属性类别匹配的样本属性作为响应样本属性。If there is a reference encrypted sample ID that matches the target encrypted sample ID in the data party system, the sample attribute that matches the target attribute category among at least one sample attribute corresponding to the reference encrypted sample ID is used as Response sample properties.
可选地,所述查询结果中还包括可选字段信息;Optionally, the query result also includes optional field information;
所述加密模块还用于:The encryption module is also used for:
采用所述查询方公钥对所述响应样本属性和可选字段信息进行加密,获得加密样本属性。Encrypting the response sample attributes and optional field information by using the inquiring party's public key to obtain encrypted sample attributes.
可选地,所述目标加密样本标识是采用加密算法对目标样本标识进行加密获得的,所述查询方系统和各个数据方系统采用的加密算法相同。Optionally, the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, and the encryption algorithm used by the query system and each data system is the same.
一方面,本申请实施例提供了一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现上述数据共享方法的步骤。On the one hand, an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored on the memory and operable on the processor, and the processor implements the above data sharing method when executing the program. step.
一方面,本申请实施例提供了一种计算机可读存储介质,其存储有可由计算机设备执行的计算机程序,当所述程序在计算机设备上运行时,使得所述计算机设备执行上述数据共享方法的步骤。On the one hand, an embodiment of the present application provides a computer-readable storage medium, which stores a computer program executable by a computer device, and when the program is run on the computer device, the computer device executes the above-mentioned data sharing method. step.
一方面,本申请实施例提供了一种计算机程序产品,所述计算机程序产品包括存储在计算机可读存储介质上的计算机程序,所述计算机程序包括程序指令,当所述程序指令被计算机设备执行时,使所述计算机设备执行上述数据共享方法的步骤。On the one hand, an embodiment of the present application provides a computer program product, the computer program product includes a computer program stored on a computer-readable storage medium, the computer program includes program instructions, and when the program instructions are executed by a computer device , causing the computer device to execute the steps of the above data sharing method.
在本申请实施例中,查询方系统发送查询请求至协调方系统,协调方系统再将查询请求发送至数据方系统。数据方系统基于目标加密样本标识,获得相应的响应样本属性,再采用查询方公钥对响应样本属性进行加密,获得加密样本属性,再根据目标加密样本标识和加密样本属性,生成查询结果。数据方系统发送查询结果至协调方系统,协调方系统将查询结果发送至查询方系统。查询方系统通过查询方私钥对查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从至少一个响应样本属性中,获得目标加密样本标识对应的目标样本属性。协调方系统连接查询方系统和各个数据方系统,避免了查询方系统直接向各个数据方系统发送查询请求,保证了查询方信息的隐私性和数据方系统数据的隐私性。同时,由于查询方发送的查询请求是加密后的数据,各个数据方系统发送的查询结果也是加密后的数据,因此,协调方系统并不知晓具体接收和发送的数据,保障了查询请求和查询结果的安全性。In this embodiment of the application, the inquiring system sends a query request to the coordinator system, and the coordinator system then sends the query request to the data side system. The data cube system obtains the corresponding response sample attributes based on the target encrypted sample ID, and then uses the public key of the query party to encrypt the response sample attributes to obtain the encrypted sample attributes, and then generates query results based on the target encrypted sample ID and encrypted sample attributes. The data side system sends the query result to the coordinator system, and the coordinator system sends the query result to the query side system. The inquiring system decrypts the encrypted sample attribute in the query result through the inquiring party's private key, obtains at least one response sample attribute, and obtains the target sample attribute corresponding to the target encrypted sample ID from the at least one response sample attribute. The coordinator system connects the query system and each data system, avoiding the query request from the query system directly to each data system, and ensuring the privacy of the query information and the data privacy of the data system. At the same time, since the query request sent by the querying party is encrypted data, the query results sent by each data system are also encrypted data. Therefore, the coordinating system does not know the specific data received and sent, which ensures that the query request and query Security of Results.
附图说明Description of drawings
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present invention. For Those skilled in the art can also obtain other drawings based on these drawings without any creative effort.
图1为本申请实施例提供的一种系统架构示意图;FIG. 1 is a schematic diagram of a system architecture provided by an embodiment of the present application;
图2为本申请实施例提供的一种数据共享方法的流程示意图;FIG. 2 is a schematic flow diagram of a data sharing method provided by an embodiment of the present application;
图3为本申请实施例提供的一种查询请求的结构示意图;FIG. 3 is a schematic structural diagram of a query request provided by an embodiment of the present application;
图4为本申请实施例提供的一种查询请求的结构示意图;FIG. 4 is a schematic structural diagram of a query request provided by an embodiment of the present application;
图5为本申请实施例提供的一种查询结果的结构示意图;FIG. 5 is a schematic structural diagram of a query result provided by an embodiment of the present application;
图6为本申请实施例提供的一种查询结果的结构示意图;FIG. 6 is a schematic structural diagram of a query result provided by an embodiment of the present application;
图7为本申请实施例提供的一种数据共享方法的流程示意图;FIG. 7 is a schematic flow diagram of a data sharing method provided by an embodiment of the present application;
图8为本申请实施例提供的一种数据共享装置的结构示意图;FIG. 8 is a schematic structural diagram of a data sharing device provided by an embodiment of the present application;
图9为本申请实施例提供的一种数据共享装置的结构示意图;FIG. 9 is a schematic structural diagram of a data sharing device provided by an embodiment of the present application;
图10为本申请实施例提供的一种计算机设备的结构示意图。FIG. 10 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
具体实施方式Detailed ways
为了使本发明的目的、技术方案及有益效果更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the object, technical solution and beneficial effects of the present invention more clear, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.
参考图1,其为本申请实施例适用的一种系统架构图,该系统架构至少包括终端设备101、查询方系统102、协调方系统103以及数据方系统104~1、数据方系统104~2、…、数据方系统104~X,其中,X为大于0的整数。Referring to FIG. 1 , it is a system architecture diagram applicable to the embodiment of the present application. The system architecture includes at least a terminal device 101, an inquiring system 102, a coordinating system 103, a data system 104-1, and a data system 104-2. , . . . the data cube system 104-X, where X is an integer greater than 0.
终端设备101安装有用于查询数据的目标应用,该应用可以是预先安装的客户端、网页版应用或嵌入在其他应用中的小程序等。终端设备101可以是智能手机、平板电脑、笔记本电脑、台式计算机等,但并不局限于此。The terminal device 101 is installed with a target application for querying data, and the application may be a pre-installed client, a web application, or a small program embedded in other applications. The terminal device 101 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, etc., but is not limited thereto.
查询方系统102、协调方系统103、数据方系统104~1至数据方系统104~X为目标应用的后台服务器,为目标应用提供服务。查询方系统102可以是独立的物理服务器,也可以是多个物理服务器构成的服务器集群或者分布式系统,还可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、内容分发网路(Content Delivery Network,CDN)、以及大数据和人工智能平台等基础云计算服务的云服务器。The query system 102, the coordinator system 103, the data system 104-1 to the data system 104-X are background servers of the target application and provide services for the target application. The inquiring system 102 can be an independent physical server, or a server cluster or a distributed system composed of multiple physical servers, and can also provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud Cloud servers for basic cloud computing services such as communications, middleware services, domain name services, security services, content delivery network (Content Delivery Network, CDN), and big data and artificial intelligence platforms.
协调方系统103可以是独立的物理服务器,也可以是多个物理服务器构成的服务器集群或者分布式系统,还可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、内容分发网路(Content Delivery Network,CDN)、以及大数据和人工智能平台等基础云计算服务的云服务器。需要说明的是,查询方系统102和协调方系统103也可以是多个,本申请对查询方系统102和协调方系统103的数量不做具体限定。The coordinator system 103 can be an independent physical server, or a server cluster or a distributed system composed of multiple physical servers, and can also provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud Cloud servers for basic cloud computing services such as communications, middleware services, domain name services, security services, content delivery network (Content Delivery Network, CDN), and big data and artificial intelligence platforms. It should be noted that there may be multiple inquiring party systems 102 and coordinating party systems 103 , and the present application does not specifically limit the number of inquiring party systems 102 and coordinating party systems 103 .
数据方系统104~1至数据方系统104~X可以是独立的物理服务器,也可以是多个物理 服务器构成的服务器集群或者分布式系统,还可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、内容分发网路(Content Delivery Network,CDN)、以及大数据和人工智能平台等基础云计算服务的云服务器。The data cube system 104~1 to the data cube system 104~X can be an independent physical server, or a server cluster or a distributed system composed of multiple physical servers, or provide cloud services, cloud databases, cloud computing, cloud Cloud servers for basic cloud computing services such as function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, content delivery network (Content Delivery Network, CDN), and big data and artificial intelligence platforms.
终端设备101与查询方系统102可以通过有线或无线通信方式进行直接或间接地连接,本申请在此不做限制。查询方系统102与协调方系统103可以通过有线或无线通信方式进行直接或间接地连接,本申请在此不做限制。协调方系统103分别与数据方系统104~1至数据方系统104~X相连接,可以通过有线或无线通信方式进行直接或间接地连接,本申请在此不做限制。The terminal device 101 and the inquiring system 102 may be directly or indirectly connected through wired or wireless communication, which is not limited in this application. The inquiring system 102 and the coordinating system 103 may be directly or indirectly connected through wired or wireless communication, which is not limited in this application. The coordinator system 103 is connected to the data system 104-1 to the data system 104-X respectively, and can be connected directly or indirectly through wired or wireless communication, which is not limited in this application.
终端设备101响应于用户的数据查询操作,发送数据查询指令至查询方系统102,数据查询指令中包括目标样本标识。In response to the user's data query operation, the terminal device 101 sends a data query command to the querying system 102, and the data query command includes the target sample identifier.
查询方系统102接收数据查询指令,对目标样本标识采用加密算法进行加密,获取目标加密样本标识。查询方系统102发送查询请求至协调方系统103,其中,查询请求中包括目标加密样本标识和查询方公钥。协调方系统103接收查询方系统102发送的查询请求,分别向数据方系统104~1、…、数据方系统104~X发送查询请求。The inquiring system 102 receives the data query instruction, encrypts the target sample ID with an encryption algorithm, and obtains the target encrypted sample ID. The queryer system 102 sends a query request to the coordinator system 103, wherein the query request includes the target encrypted sample identifier and the queryer public key. The coordinator system 103 receives the query request sent by the query system 102, and sends query requests to the data-side systems 104-1, ..., and the data-side systems 104-X respectively.
数据方系统104~1至数据方系统104~X中的至少一个数据方系统分别基于查询请求中的目标加密样本标识,获得相应的响应样本属性,并采用查询方公钥对响应样本属性进行加密,获得加密样本属性,并根据目标加密样本标识和加密样本属性,生成查询结果。At least one of the data cube systems 104~1 to data cube systems 104~X obtains corresponding response sample attributes based on the target encrypted sample identifier in the query request, and encrypts the response sample attributes with the query party public key , obtain the encrypted sample attribute, and generate a query result according to the target encrypted sample ID and the encrypted sample attribute.
上述至少一个数据方系统分别将查询结果发送至协调方系统103,协调方系统103将各个查询结果发送至查询方系统102。The above-mentioned at least one data-side system respectively sends query results to the coordinator system 103 , and the coordinator system 103 sends each query result to the query-side system 102 .
查询方系统102通过查询方私钥分别对各个查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从至少一个响应样本属性中,获得目标加密样本标识对应的目标样本属性。The querying system 102 decrypts the encrypted sample attributes in each query result with the private key of the querying party, obtains at least one response sample attribute, and obtains the target sample attribute corresponding to the target encrypted sample ID from the at least one response sample attribute.
在实际应用中,本申请实施例中的方案适用于不同行业的数据共享查询需求。比如,构建金融行业数据安全共享联盟等,均可以在联盟内部进行安全共享,并保障各方的隐私数据安全。In practical applications, the solutions in the embodiments of the present application are applicable to the data sharing query requirements of different industries. For example, the establishment of a financial industry data security sharing alliance, etc., can be safely shared within the alliance, and the privacy data security of all parties can be guaranteed.
基于图1所述的系统架构图,本申请实施例提供了一种数据共享方法的流程,如图2所示,该方法的流程由图1所示的查询方系统102、协调方系统103以及数据方系统104~1至数据方系统104~X交互执行,包括以下步骤:Based on the system architecture diagram described in FIG. 1, the embodiment of the present application provides a flow of a data sharing method, as shown in FIG. Data cube system 104~1 to data cube system 104~X execute interactively, including the following steps:
步骤S201、查询方系统发送查询请求至协调方系统。Step S201, the inquiring system sends an inquiry request to the coordinating system.
具体地,查询请求中包括目标加密样本标识和查询方公钥。目标加密样本标识是采用加密算法对目标样本标识进行加密获得的,其中,目标样本标识可以是身份证号码、电话号码等。查询方系统和各个数据方系统采用的加密算法相同。其中,加密算法可以是对称加密算法,也可以是非对称加密算法,还可以是哈希算法。采用加密算法对目标样本标识加密,获得目标加密样本标识,增强了查询信息的安全性。Specifically, the query request includes the target encrypted sample ID and the public key of the querying party. The target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, wherein the target sample ID can be an ID card number, a telephone number, and the like. The encryption algorithm used by the query system and each data system is the same. Wherein, the encryption algorithm may be a symmetric encryption algorithm, an asymmetric encryption algorithm, or a hash algorithm. The encryption algorithm is used to encrypt the target sample ID to obtain the target encrypted sample ID, which enhances the security of query information.
查询方系统基于非对称加密算法,确定查询方公钥和查询方私钥。其中,非对称加密算法可以是RSA算法、Elgamal算法、椭圆曲线加密算法等任意一种。The inquiring party system determines the inquiring party's public key and inquiring party's private key based on an asymmetric encryption algorithm. Wherein, the asymmetric encryption algorithm may be any one of RSA algorithm, Elgamal algorithm, elliptic curve encryption algorithm and the like.
一种可能的实施方式,参见图3,查询请求包括目标加密样本标识和查询方公钥。For a possible implementation manner, referring to FIG. 3 , the query request includes the target encrypted sample identifier and the public key of the querying party.
另一种可能的实施方式,参见图4,查询请求包括目标加密样本标识、查询方公钥以及目标属性类别。目标属性类别可以限制不同的场景,确定特定场景下的响应样本属性。For another possible implementation, referring to FIG. 4 , the query request includes the target encrypted sample identifier, the public key of the querying party, and the target attribute category. The target attribute category can restrict different scenarios and determine the response sample attributes in a specific scenario.
步骤S202、协调方系统发送查询请求至数据方系统。Step S202, the coordinating system sends a query request to the data system.
具体地,协调方系统接收查询方系统发送的查询请求,并记录下查询方的身份信息以及对应的查询请求。Specifically, the coordinator system receives the query request sent by the query system, and records the identity information of the query party and the corresponding query request.
协调方系统可以采用广播的形式,将查询请求发送至数据共享网络中的各个数据方系统。协调方系统还可以按照一定的概率值选择广播的数据方系统。The coordinator system can send the query request to each data party system in the data sharing network in the form of broadcast. The coordinator system can also select the broadcast data party system according to a certain probability value.
一种可能的实施方式,协调方系统向通信连接的各个数据方系统发送查询请求。In a possible implementation manner, the coordinator system sends a query request to each data-side system connected by communication.
举例来说,设定3个数据方系统与协调方系统相连接,分别是数据方系统1、数据方系统2、数据方系统3。协调方系统分别向数据方系统1、数据方系统2、数据方系统3发送查询请求。For example, it is assumed that three data cube systems are connected to the coordinator system, namely, data cube system 1, data cube system 2, and data cube system 3. The coordinating party system sends query requests to data party system 1, data party system 2, and data party system 3 respectively.
本申请实施例中,协调方系统向通信连接的各个数据方系统发送查询请求,可以有效地提高查询请求的匹配程度,提高查询结果的质量。In the embodiment of the present application, the coordinating system sends query requests to each data system connected by communication, which can effectively improve the matching degree of query requests and improve the quality of query results.
另一种可能的实施方式,协调方系统向通信连接的部分数据方系统发送查询请求。In another possible implementation manner, the coordinator system sends a query request to some of the data-side systems connected by communication.
第一种情况,部分数据方系统是协调方系统随机从各个数据方系统中选取的。In the first case, some data cube systems are randomly selected by the coordinator system from each data cube system.
具体地,协调方系统针对每个数据方系统生成一个随机数,将每个数据方系统对应的随机数与预设值相比较,将满足预设条件的随机数对应的数据方系统作为部分数据方系统。Specifically, the coordinator system generates a random number for each data cube system, compares the random number corresponding to each data cube system with the preset value, and uses the data cube system corresponding to the random number that meets the preset conditions as part of the data square system.
举例来说,设定3个数据方系统与协调方系统相连接,分别是数据方系统1、数据方系统2、数据方系统3。For example, it is assumed that three data cube systems are connected to the coordinator system, namely, data cube system 1, data cube system 2, and data cube system 3.
协调方系统针对每个数据方系统生成一个随机数,数据方系统1、数据方系统2、数据方系统3对应的随机数分别为0.6、0.4、0.9。将各个随机数分别与预设值0.5相比较,数据方系统1对应的随机数0.6大于0.5,数据方系统3对应的随机数0.9大于0.5。因此,数据方系统1和数据方系统3作为选取的部分数据方系统,协调方系统向数据方系统1和数据方系统3发送查询请求。The coordinator system generates a random number for each data cube system, and the random numbers corresponding to data cube system 1, data cube system 2, and data cube system 3 are 0.6, 0.4, and 0.9, respectively. Comparing each random number with the preset value 0.5, the random number 0.6 corresponding to the data cube system 1 is greater than 0.5, and the random number 0.9 corresponding to the data cube system 3 is greater than 0.5. Therefore, the data cube system 1 and the data cube system 3 are selected as part of the data cube systems, and the coordinating system sends query requests to the data cube system 1 and the data cube system 3.
第二种情况,部分数据方系统是协调方系统按照数据质量从各个数据方系统中选取的。In the second case, some data cube systems are selected by the coordinator system from various data cube systems according to the data quality.
具体地,各个数据方系统基于各自系统中的数据质量,确定对应的数据质量分值。数据质量与数据方系统的数据价值、数据方信用等相关。协调方系统基于各个数据方系统的数据质量分值,将满足预设条件的数据质量分值对应的数据方系统作为部分数据方系统。Specifically, each data cube system determines a corresponding data quality score based on the data quality in each system. Data quality is related to the data value of the data cube system and the credit of the data cube. Based on the data quality scores of each data cube system, the coordinator system regards the data cube systems corresponding to the data quality scores that meet the preset conditions as part of the data cube systems.
举例来说,设定3个数据方系统与协调方系统相连接,分别是数据方系统1、数据方系统2、数据方系统3。各个数据方系统对应的数据质量分值分别为90分、78分、93分。For example, it is assumed that three data cube systems are connected to the coordinator system, namely, data cube system 1, data cube system 2, and data cube system 3. The data quality scores corresponding to each data cube system are 90 points, 78 points, and 93 points respectively.
设定预设条件为选取数据质量分值大于85分的数据方系统作为部分数据方系统,因此,选取数据方系统1和数据方系统3作为部分数据方系统,并向数据方系统1和数据方系统3发送查询请求。Set the default condition to select the data cube system with a data quality score greater than 85 as part of the data cube system. Therefore, select data cube system 1 and data cube system 3 as part of the data cube system, and send data to data cube system 1 and data cube system Party system 3 sends a query request.
需要说明的是,除了按照数据质量从各个数据方系统中选取接收查询请求的数据方系统之外,还可以按照数据方信用、网络延时情况等因素。It should be noted that, in addition to selecting the data party system that receives the query request from various data party systems according to the data quality, it can also be based on factors such as data party credit and network delay.
在本申请实施例中,协调方系统向通信连接的部分数据方系统发送查询请求,有效地降低了网络负载。当部分数据方系统是按照数据质量从各个数据方系统中选取时,在降低网络负载的同时,也保证了查询请求的匹配程度,提高查询结果的质量。In the embodiment of the present application, the coordinator system sends query requests to some of the data-side systems in the communication connection, which effectively reduces the network load. When some data cube systems are selected from various data cube systems according to data quality, while reducing the network load, it also ensures the matching degree of query requests and improves the quality of query results.
步骤S203、数据方系统基于目标加密样本标识,获得相应的响应样本属性。Step S203, the data party system obtains the corresponding response sample attributes based on the target encrypted sample identifier.
具体地,数据方系统根据目标加密样本标识查询脱敏数据库,获得响应样本属性。Specifically, the data cube system queries the desensitization database according to the target encrypted sample ID, and obtains the response sample attributes.
实施方式一、当查询请求中包括目标加密样本标识和查询方公钥时,若数据方系统中,存在与目标加密样本标识匹配的参考加密样本标识,则将参考加密样本标识对应的至少一个样本属性作为响应样本属性。 Embodiment 1. When the query request includes the target encrypted sample ID and the public key of the inquiring party, if there is a reference encrypted sample ID matching the target encrypted sample ID in the data party system, at least one sample corresponding to the reference encrypted sample ID will be referenced. attributes as response sample attributes.
若数据方系统中不存在与目标加密样本标识匹配的参考加密样本标识,一种可能的实施方式,数据方系统生成随机序列,并将该随机序列作为响应样本属性。If there is no reference encrypted sample ID matching the target encrypted sample ID in the data cube system, in a possible implementation manner, the data cube system generates a random sequence and uses the random sequence as a response sample attribute.
另一种可能的实施方式,数据方系统生成一个随机数,该随机数为随机序列生成概率,然后将该随机数与预设阈值相比较,若该随机数大于预设阈值,那么数据方系统生成随机序列,并将该随机序列作为响应样本属性;否则,数据方系统不做任何处理。In another possible implementation, the data cube system generates a random number, which is the probability of generating a random sequence, and then compares the random number with a preset threshold. If the random number is greater than the preset threshold, the data cube system Generate a random sequence and use this random sequence as a response sample attribute; otherwise, the data cube system will not do anything.
举例来说,设定数据方系统包括数据方系统1和数据方系统2,目标加密样本标识是aa。For example, it is assumed that the data cube system includes data cube system 1 and data cube system 2, and the target encrypted sample identifier is aa.
如表1所示,数据方系统1包括三组参考加密样本标识,每组参考加密样本标识对应两个样本属性,分别为是否为A,是否为B。As shown in Table 1, the data cube system 1 includes three sets of reference encrypted sample IDs, and each set of reference encrypted sample IDs corresponds to two sample attributes, namely whether it is A or not.
三组参考加密样本标识分别为aa、bb和cc,参考加密样本标识aa对应的样本属性分别为A、B。参考加密样本标识bb对应的样本属性分别为非A、非B。参考加密样本标识cc对应的样本属性分别为A、非B。The three sets of reference encrypted sample IDs are aa, bb, and cc, respectively, and the sample attributes corresponding to the reference encrypted sample ID aa are A and B respectively. The sample attributes corresponding to the reference encrypted sample ID bb are non-A and non-B respectively. The sample attributes corresponding to the reference encrypted sample ID cc are A and non-B respectively.
表1.Table 1.
参考加密样本标识Refer to encrypted sample ID 是否为AIs it A 是否为BIs it B
aaaa AA BB
bbbb 非ANot A 非Bnon-B
cccc AA 非Bnon-B
数据方系统1根据目标加密样本标识aa查询表1,确定表1中存在与目标加密样本标识aa相匹配的参考加密样本标识,将参考加密样本标识aa对应的样本属性“A和B”,作为响应样本属性。The data side system 1 queries Table 1 according to the target encrypted sample ID aa, determines that there is a reference encrypted sample ID matching the target encrypted sample ID aa in Table 1, and uses the sample attributes "A and B" corresponding to the reference encrypted sample ID aa as Response sample properties.
如表2所示,数据方系统2包括两组参考加密样本标识,每组参考加密样本标识对应一个样本属性,即是否为A。As shown in Table 2, the data cube system 2 includes two sets of reference encrypted sample IDs, and each set of reference encrypted sample IDs corresponds to a sample attribute, that is, whether it is A or not.
两组参考加密样本标识分别为bb和cc,参考加密样本标识bb对应的样本属性为非A。参考加密样本标识cc对应的样本属性为A。The two sets of reference encrypted sample IDs are bb and cc respectively, and the sample attribute corresponding to the reference encrypted sample ID bb is not A. The sample attribute corresponding to the reference encrypted sample ID cc is A.
表2.Table 2.
参考加密样本标识Refer to encrypted sample ID 是否为AIs it A
bbbb 非ANot A
cccc AA
数据方系统2根据目标加密样本标识aa查询表2,确定表2中不存在与目标加密样本标识aa相匹配的参考加密样本标识,则数据方系统2生成随机序列,并将该随机序列作为响应样本属性。The data side system 2 queries Table 2 according to the target encrypted sample ID aa, and determines that there is no reference encrypted sample ID matching the target encrypted sample ID aa in Table 2, then the data side system 2 generates a random sequence and takes the random sequence as a response Sample properties.
实施方式二、当查询请求中包括标加密样本标识、查询方公钥和目标属性类别时,若数据方系统中,存在与目标加密样本标识匹配的参考加密样本标识,则将参考加密样本标识对应的至少一个样本属性中,与目标属性类别匹配的样本属性作为响应样本属性。Embodiment 2: When the query request includes the marked encrypted sample ID, the public key of the querying party, and the target attribute category, if there is a reference encrypted sample ID matching the target encrypted sample ID in the data party system, the reference encrypted sample ID will be correspondingly Among at least one sample attribute of , the sample attribute matching the target attribute category is used as the response sample attribute.
若数据方系统中不存在与目标加密样本标识匹配的参考加密样本标识,一种可能的实施方式,数据方系统生成随机序列,并将该随机序列作为响应样本属性。If there is no reference encrypted sample ID matching the target encrypted sample ID in the data cube system, in a possible implementation manner, the data cube system generates a random sequence and uses the random sequence as a response sample attribute.
另一种可能的实施方式,数据方系统生成一个随机数,该随机数为随机序列生成概率, 然后并将该随机数与预设阈值相比较,若该随机数大于预设阈值,那么数据方系统生成随机序列,并将该随机序列作为响应样本属性;否则,数据方系统不做任何处理。In another possible implementation, the data cube system generates a random number, which is the probability of generating a random sequence, and then compares the random number with a preset threshold. If the random number is greater than the preset threshold, the data cube The system generates a random sequence and takes the random sequence as a response sample attribute; otherwise, the data side system does not do any processing.
举例来说,数据方系统包括数据方系统1和数据方系统2,目标加密样本标识是aa,目标属性类别为是否为B。For example, the data cube system includes data cube system 1 and data cube system 2, the target encrypted sample identifier is aa, and the target attribute type is B or not.
数据方系统1中的数据如表1所示。数据方系统1根据目标加密样本标识aa查询表1,确定表1中存在与目标加密样本标识aa相匹配的参考加密样本标识,则从参考加密样本标识aa对应的两个样本属性中,选择样本属性“B”,作为响应样本属性。The data in Data Cube System 1 is shown in Table 1. The data side system 1 queries Table 1 according to the target encrypted sample ID aa, and determines that there is a reference encrypted sample ID matching the target encrypted sample ID aa in Table 1, then selects the sample from the two sample attributes corresponding to the reference encrypted sample ID aa Attribute "B", as a response sample attribute.
数据方系统2中的数据如表2所示。数据方系统1根据目标加密样本标识aa查询表2,确定表2中不存在与目标加密样本标识aa相匹配的参考加密样本标识,则数据方系统2生成一个随机数0.3,并将该随机数与预设阈值0.5相比较,由于随机数0.3小于预设阈值0.5,因此,数据方系统2不做任何处理。The data in Data Cube System 2 is shown in Table 2. Data side system 1 queries table 2 according to target encrypted sample ID aa, and determines that there is no reference encrypted sample ID matching target encrypted sample ID aa in table 2, then data side system 2 generates a random number 0.3, and stores the random number Compared with the preset threshold 0.5, since the random number 0.3 is smaller than the preset threshold 0.5, the data party system 2 does not perform any processing.
在本申请实施例中,目标属性类别限制了不同的场景,通过目标属性类别筛选样本属性,获得响应样本属性,可以更加精准地对样本属性进行匹配,获取更加精准的响应样本属性。当数据方系统中不存在与目标加密样本标识匹配的参考加密样本标识,可以按照概率生成随机序列并返回,有效地降低了网络负载,提高了网络运行效率。In this embodiment of the application, the target attribute category limits different scenarios, and the target attribute category is used to filter the sample attributes to obtain the response sample attributes, which can more accurately match the sample attributes and obtain more accurate response sample attributes. When there is no reference encrypted sample ID matching the target encrypted sample ID in the data cube system, a random sequence can be generated and returned according to the probability, which effectively reduces the network load and improves the network operation efficiency.
步骤S204、数据方系统采用查询方公钥对响应样本属性进行加密,获得加密样本属性。Step S204, the data party system encrypts the response sample attributes by using the query party's public key to obtain the encrypted sample attributes.
本申请实施例中,数据方系统可以采用查询方公钥仅对响应样本属性进行加密,获得加密样本属性,数据方系统也可以采用查询方公钥对响应样本属性和可选字段信息进行加密,获得加密样本属性。In the embodiment of this application, the data cube system can use the public key of the query party to encrypt only the response sample attributes to obtain encrypted sample attributes, and the data cube system can also use the query party public key to encrypt the response sample attributes and optional field information. Get encrypted sample properties.
具体地,可选字段信息可以是时间戳、随机数、随机字符串等任意一种或多种组合。Specifically, the optional field information may be any one or combination of timestamps, random numbers, random character strings, and the like.
在本申请实施例中,在响应样本属性相同的情况下,通过对响应样本属性和可选字段信息进行加密,获得不同的加密样本属性,可以有效地解决第三方拦截加密样本属性后,破解获取响应样本属性的问题,提高了数据传输过程中的安全性。In this embodiment of the application, when the response sample attributes are the same, by encrypting the response sample attributes and optional field information, different encrypted sample attributes can be obtained, which can effectively solve the problem of third party intercepting encrypted sample attributes, cracking and obtaining Responding to questions about sample properties improves security during data transmission.
步骤S205、数据方系统根据目标加密样本标识和加密样本属性,生成查询结果。Step S205, the data side system generates a query result according to the target encrypted sample identifier and the encrypted sample attribute.
一种可能的实施方式,参见图5,当数据方系统采用查询方公钥对响应样本属性进行加密时,查询结果包括目标加密样本标识和加密样本属性,其中,加密样本属性包括响应样本属性。A possible implementation manner, referring to FIG. 5 , when the data side system encrypts the response sample attribute with the queryer public key, the query result includes the target encrypted sample ID and the encrypted sample attribute, wherein the encrypted sample attribute includes the response sample attribute.
另一种可能的实施方式,参见图6,当数据方系统采用查询方公钥对响应样本属性和可选字段信息进行加密时,查询结果包括目标加密样本标识和加密样本属性,其中,加密样本属性包括响应样本属性和可选字段信息。Another possible implementation, referring to Figure 6, when the data party system uses the public key of the query party to encrypt the response sample attributes and optional field information, the query result includes the target encrypted sample identifier and encrypted sample attributes, where the encrypted sample Properties include response sample properties and optional field information.
步骤S206、数据方系统发送查询结果至协调方系统。Step S206, the data party system sends the query result to the coordinator system.
协调方系统接收数据方系统发送的查询结果,并记录下各个数据方系统以及对应发送的查询结果。同时,将之前记录的查询方的身份信息、查询方的查询请求,与各个数据方系统发送的查询结果相对应。The coordinating party system receives the query results sent by the data party system, and records each data party system and the corresponding query results sent. At the same time, the previously recorded identity information of the inquiring party and the querying request of the inquiring party correspond to the query results sent by each data party system.
在本申请实施例中,协调方系统记录查询方的身份信息、查询方的查询请求,以及查询请求对应的各个查询结果,保证了查询信息可追溯,并且不可篡改,便于信息核对和复盘。In this embodiment of the application, the coordinator system records the identity information of the querying party, the querying request of the querying party, and each query result corresponding to the querying request, which ensures that the query information is traceable and cannot be tampered with, and is convenient for information verification and review.
步骤S207、协调方系统发送查询结果至查询方系统。Step S207, the coordinating system sends the query result to the querying system.
可选地,协调方系统还提供计费功能,向查询方收取对应的费用,并且向提供查询结果的数据方系统支付对应的费用,有效地提高了数据方系统参与的积极性,促进了数据共 享的发展。Optionally, the coordinator system also provides a billing function, charges the corresponding fee to the query party, and pays the corresponding fee to the data system that provides the query result, effectively improving the enthusiasm of the data system to participate and promoting data sharing development of.
步骤S208、查询方系统通过查询方私钥对查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从至少一个响应样本属性中,获得目标加密样本标识对应的目标样本属性。Step S208, the inquiring party system decrypts the encrypted sample attribute in the query result by using the inquiring party's private key, obtains at least one response sample attribute, and obtains the target sample attribute corresponding to the target encrypted sample ID from the at least one response sample attribute.
若加密样本属性中只包括响应样本属性时,查询方系统通过查询方私钥对加密样本属性解密,即获取响应样本属性。If the encrypted sample attributes only include the response sample attributes, the inquiring party system decrypts the encrypted sample attributes through the inquiring party's private key to obtain the response sample attributes.
若加密样本属性中包括响应样本属性和可选字段信息时,查询方系统通过查询方私钥对加密样本属性解密,获取响应样本属性和可选字段信息的拼接字段信息。将拼接字段信息中的可选字段信息去除,即获取到响应样本属性。If the encrypted sample attributes include response sample attributes and optional field information, the inquiring party system decrypts the encrypted sample attributes through the inquiring party's private key, and obtains the concatenated field information of the response sample attributes and optional field information. The optional field information in the concatenated field information is removed, that is, the response sample attributes are obtained.
进一步地,针对每个响应样本属性,若该响应样本属性为从数据方系统中查询获得的参考加密样本标识对应的样本属性,则将该响应样本属性,作为目标加密样本标识对应的目标样本属性。若该响应样本属性为随机序列的响应样本属性,则去除该响应样本属性。Further, for each response sample attribute, if the response sample attribute is the sample attribute corresponding to the reference encrypted sample ID obtained from the data party system, the response sample attribute is used as the target sample attribute corresponding to the target encrypted sample ID . If the response sample attribute is a response sample attribute of a random sequence, the response sample attribute is removed.
在本申请实施例中,由查询方系统、协调方系统以及各个数据方系统组成的系统,实现了在各个数据方系统中的数据在不出库的情况下的数据共享。查询方系统仅能获取查询结果,但是并不清楚是由哪个数据方系统提供的查询结果。同时,查询方系统所获取的响应样本属性仅查询方系统和数据方系统知晓,任何第三方都无法获得,从而提高了查询信息的安全性,也保护了查询方系统的身份信息的隐私。In the embodiment of the present application, the system composed of the inquiring system, the coordinating system and each data system realizes the data sharing of the data in each data system without leaving the database. The query system can only obtain query results, but it is not clear which data system provides the query results. At the same time, the attributes of the response samples acquired by the inquiring system are only known to the inquiring system and the data system, and cannot be obtained by any third party, thereby improving the security of the query information and protecting the privacy of the identity information of the inquiring system.
数据方系统仅提供查询结果,但是并不清楚是向哪个查询方系统提供查询结果,同时,数据方系统无法知晓其他数据方系统产生的查询结果,从而保护数据方系统的数据隐私。The data cube system only provides query results, but it is not clear which query system is providing the query results. At the same time, the data cube system cannot know the query results generated by other data cube systems, thereby protecting the data privacy of the data cube system.
协调方系统连接查询方系统和各个数据方系统,避免了查询方系统直接向各个数据方系统发送查询请求,保证了查询方信息的隐私性和数据方系统数据的隐私性。同时,由于查询方发送的查询请求是加密后的数据,各个数据方系统发送的查询结果也是加密后的数据,因此,协调方系统并不知晓具体接收和发送的数据,保障了查询请求和查询结果的安全性。The coordinator system connects the query system and each data system, avoiding the query request from the query system directly to each data system, and ensuring the privacy of the query information and the data privacy of the data system. At the same time, since the query request sent by the querying party is encrypted data, the query results sent by each data system are also encrypted data. Therefore, the coordinating system does not know the specific data received and sent, which ensures that the query request and query Security of Results.
为了更好地解释本申请实施例,下面以具体实施例场景为例,介绍本申请实施例提供的一种数据共享方法的流程,如图7所示:In order to better explain the embodiment of the present application, the following uses a specific embodiment scenario as an example to introduce the flow of a data sharing method provided by the embodiment of the present application, as shown in Figure 7:
步骤S301,查询方系统发送查询请求至协调方系统,其中,查询请求中包括目标加密样本标识、查询方公钥和目标属性类别。In step S301, the querying system sends a query request to the coordinating system, wherein the query request includes the target encrypted sample identifier, the querying party's public key, and the target attribute category.
步骤S302,协调方系统记录查询方的身份信息以及查询方的查询请求。Step S302, the coordinating party system records the identity information of the inquiring party and the inquiry request of the inquiring party.
步骤S303,协调方系统发送查询请求至数据方系统。Step S303, the coordinator system sends a query request to the data side system.
步骤S304,数据方系统判断是否存在与目标加密样本标识匹配的参考加密样本标识,若是,则执行步骤S305;否则,执行步骤S306。In step S304, the data side system judges whether there is a reference encrypted sample ID matching the target encrypted sample ID, and if yes, executes step S305; otherwise, executes step S306.
步骤S305,数据方系统将参考加密样本标识对应的至少一个样本属性中,与目标属性类别匹配的样本属性作为响应样本属性,并跳转至步骤S308。In step S305, the data side system takes the sample attribute matching the target attribute category among at least one sample attribute corresponding to the reference encrypted sample ID as the response sample attribute, and jumps to step S308.
步骤S306,数据方系统生成一个随机数,并判断该随机数是否大于预设阈值,若是,则执行步骤S307;否则,结束。In step S306, the data side system generates a random number, and judges whether the random number is greater than a preset threshold, if yes, executes step S307; otherwise, ends.
步骤S307,数据方系统生成随机序列,并将该随机序列作为响应样本属性。In step S307, the data cube system generates a random sequence and uses the random sequence as a response sample attribute.
步骤S308,数据方系统采用查询方公钥对响应样本属性和可选字段信息进行加密,获得加密样本属性。In step S308, the data party system encrypts the response sample attributes and optional field information using the queryer's public key to obtain encrypted sample attributes.
其中,可选字段信息可以是时间戳、随机数、随机字符串等。Among them, the optional field information may be timestamp, random number, random character string, etc.
步骤S309,数据方系统根据目标加密样本标识和加密样本属性,生成查询结果。Step S309, the data cube system generates a query result according to the target encrypted sample identifier and the encrypted sample attribute.
步骤S310,数据方系统发送查询结果至协调方系统。Step S310, the data party system sends the query result to the coordinator system.
步骤S311,协调方系统记录各个数据方系统以及对应发送的查询结果。In step S311, the coordinator system records each data party system and corresponding query results sent.
步骤S312,协调方系统发送查询结果至查询方系统。Step S312, the coordinating system sends the query result to the querying system.
步骤S313,查询方系统通过查询方私钥对查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从至少一个响应样本属性中,获得目标加密样本标识对应的目标样本属性。Step S313, the inquiring party system decrypts the encrypted sample attribute in the query result by using the inquiring party's private key, obtains at least one response sample attribute, and obtains the target sample attribute corresponding to the target encrypted sample ID from the at least one response sample attribute.
在本申请实施例中,由查询方系统、协调方系统以及各个数据方系统组成的系统,实现了在各个数据方系统中的数据在不出库的情况下的数据共享。协调方系统连接查询方系统和各个数据方系统,避免了查询方系统直接向各个数据方系统发送查询请求,保证了查询方信息的隐私性和数据方系统数据的隐私性。同时,由于查询方发送的查询请求是加密后的数据,各个数据方系统发送的查询结果也是加密后的数据,因此,协调方系统并不知晓具体接收和发送的数据,保障了查询请求和查询结果的安全性。In the embodiment of the present application, the system composed of the inquiring system, the coordinating system and each data system realizes the data sharing of the data in each data system without leaving the database. The coordinator system connects the query system and each data system, avoiding the query request from the query system directly to each data system, and ensuring the privacy of the query information and the data privacy of the data system. At the same time, since the query request sent by the querying party is encrypted data, the query results sent by each data system are also encrypted data. Therefore, the coordinating system does not know the specific data received and sent, which ensures that the query request and query Security of Results.
目标属性类别限制了不同的场景,通过目标属性类别筛选样本属性,获得响应样本属性,可以更加精准地对样本属性进行匹配,获取更加精准的响应样本属性。当数据方系统中不存在与目标加密样本标识匹配的参考加密样本标识,可以按照概率生成随机序列并返回,有效地降低了网络负载,提高了网络运行效率。在响应样本属性相同的情况下,通过对响应样本属性和可选字段信息进行加密,获得不同的加密样本属性,可以有效地解决第三方拦截加密样本属性后,破解获取响应样本属性的问题,提高了数据传输过程中的安全性。协调方系统记录查询方的身份信息、查询方的查询请求,以及查询请求对应的各个查询结果,保证了查询信息可追溯,并且不可篡改,便于信息核对和复盘。The target attribute category restricts different scenarios. By filtering the sample attributes through the target attribute category and obtaining the response sample attributes, the sample attributes can be matched more accurately and more accurate response sample attributes can be obtained. When there is no reference encrypted sample ID matching the target encrypted sample ID in the data cube system, a random sequence can be generated and returned according to the probability, which effectively reduces the network load and improves the network operation efficiency. In the case of the same response sample attributes, by encrypting the response sample attributes and optional field information to obtain different encrypted sample attributes, it can effectively solve the problem of obtaining the response sample attributes after the third party intercepts the encrypted sample attributes, and improves security during data transmission. The coordinator system records the identity information of the query party, the query request of the query party, and each query result corresponding to the query request, ensuring that the query information is traceable and cannot be tampered with, which is convenient for information verification and review.
基于相同的技术构思,本申请实施例提供了一种数据共享装置,如图8所示,该装置800包括:Based on the same technical concept, the embodiment of the present application provides a data sharing device, as shown in Figure 8, the device 800 includes:
第一接收模块801,用于接收查询方系统发送的查询请求,所述查询请求中包括目标加密样本标识和查询方公钥;The first receiving module 801 is configured to receive a query request sent by the querying system, and the query request includes the target encrypted sample identifier and the public key of the querying party;
第一发送模块802,用于向至少一个数据方系统发送所述查询请求,以使所述至少一个数据方系统分别基于所述目标加密样本标识,获得相应的响应样本属性,并采用所述查询方公钥对所述响应样本属性进行加密,获得加密样本属性,并根据所述目标加密样本标识和所述加密样本属性,生成查询结果;The first sending module 802 is configured to send the query request to at least one data-side system, so that the at least one data-side system obtains corresponding response sample attributes based on the target encrypted sample identifier, and uses the query The public key of the party encrypts the response sample attribute to obtain the encrypted sample attribute, and generates a query result according to the target encrypted sample identifier and the encrypted sample attribute;
第一接收模块801,还用于接收至少一个数据方系统发送的查询结果,并将接收的查询结果发送至所述查询方系统,以使所述查询方系统通过查询方私钥分别对各个查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从所述至少一个响应样本属性中,获得所述目标加密样本标识对应的目标样本属性。The first receiving module 801 is also used to receive the query result sent by at least one data-side system, and send the received query result to the query-side system, so that the query-side system can use the private key of the query-side system to query each The encrypted sample attribute in the result is decrypted, at least one response sample attribute is obtained, and the target sample attribute corresponding to the target encrypted sample identifier is obtained from the at least one response sample attribute.
可选地,所述至少一个数据方系统是与所述协调方系统通信连接的各个数据方系统;或者,Optionally, the at least one data center system is each data center system communicatively connected to the coordinator system; or,
所述至少一个数据方系统是按照数据质量从所述各个数据方系统中选取获得的。The at least one data cube system is selected from the various data cube systems according to data quality.
可选地,所述查询请求中还包括目标属性类别;Optionally, the query request also includes a target attribute category;
所述第一发送模块802具体用于:The first sending module 802 is specifically used for:
向至少一个数据方系统发送所述查询请求,以使所述至少一个数据方系统分别基于所述目标加密样本标识和所述目标属性类别,获得相应的响应样本属性。Sending the query request to at least one data-side system, so that the at least one data-side system obtains corresponding response sample attributes based on the target encrypted sample identifier and the target attribute category respectively.
可选地,还包括记录模块803,所述记录模块803具体用于:Optionally, a recording module 803 is also included, and the recording module 803 is specifically used for:
记录所述查询方系统的身份信息、所述查询方系统的查询请求以及接收的查询结果。Recording the identity information of the inquiring system, the query request of the inquiring system, and the received query results.
可选地,所述目标加密样本标识是采用加密算法对目标样本标识进行加密获得的,所述查询方系统和各个数据方系统采用的加密算法相同。Optionally, the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, and the encryption algorithm used by the query system and each data system is the same.
基于相同的技术构思,本申请实施例提供了一种数据共享装置,如图9所示,该装置900包括:Based on the same technical concept, the embodiment of this application provides a data sharing device, as shown in Figure 9, the device 900 includes:
第二接收模块901,用于接收协调方系统发送的查询请求,所述查询请求是由查询方系统发送至所述协调方系统的,所述查询请求中包括目标加密样本标识和查询方公钥;The second receiving module 901 is configured to receive a query request sent by the coordinator system, the query request is sent to the coordinator system by the query system, and the query request includes the target encrypted sample identifier and the query party public key ;
加密模块902,用于基于所述目标加密样本标识,获得相应的响应样本属性,并采用所述查询方公钥对所述响应样本属性进行加密,获得加密样本属性,并根据所述目标加密样本标识和所述加密样本属性,生成查询结果;An encryption module 902, configured to obtain corresponding response sample attributes based on the target encryption sample identifier, and encrypt the response sample attributes with the queryer public key to obtain encrypted sample attributes, and encrypt the sample attributes according to the target encryption sample Identify and attribute the encrypted sample, and generate a query result;
第二发送模块903,用于发送所述查询结果至所述协调方系统,以使所述协调方系统发送查询结果至所述查询方系统,并指示所述查询方系统通过查询方私钥对所述查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从所述至少一个响应样本属性中,获得所述目标加密样本标识对应的目标样本属性。The second sending module 903 is configured to send the query result to the coordinator system, so that the coordinator system sends the query result to the inquirer system, and instructs the inquirer system to use the inquirer private key pair The encrypted sample attribute in the query result is decrypted to obtain at least one response sample attribute, and the target sample attribute corresponding to the target encrypted sample identifier is obtained from the at least one response sample attribute.
可选地,所述加密模块902具体用于:Optionally, the encryption module 902 is specifically configured to:
若所述数据方系统中,存在与所述目标加密样本标识匹配的参考加密样本标识,则将所述参考加密样本标识对应的至少一个样本属性作为响应样本属性。If there is a reference encrypted sample ID matching the target encrypted sample ID in the data party system, at least one sample attribute corresponding to the reference encrypted sample ID is used as a response sample attribute.
可选地,所述加密模块902还用于:Optionally, the encryption module 902 is also used for:
若所述数据方系统中不存在与所述目标加密样本标识匹配的参考加密样本标识,则生成随机序列,并将所述随机序列作为响应样本属性。If there is no reference encrypted sample ID matching the target encrypted sample ID in the data party system, a random sequence is generated, and the random sequence is used as a response sample attribute.
可选地,所述加密模块902还用于:Optionally, the encryption module 902 is also used for:
若所述数据方系统中不存在与所述目标加密样本标识匹配的参考加密样本标识,且所述数据方系统对应的随机序列生成概率大于预设阈值,则生成随机序列。If there is no reference encrypted sample identifier matching the target encrypted sample identifier in the data cube system, and the random sequence generation probability corresponding to the data cube system is greater than a preset threshold, a random sequence is generated.
可选地,所述查询请求中还包括目标属性类别;Optionally, the query request also includes a target attribute category;
所述加密模块902还用于:The encryption module 902 is also used for:
若所述数据方系统中,存在与所述目标加密样本标识匹配的参考加密样本标识,则将所述参考加密样本标识对应的至少一个样本属性中,与所述目标属性类别匹配的样本属性作为响应样本属性。If there is a reference encrypted sample ID that matches the target encrypted sample ID in the data party system, the sample attribute that matches the target attribute category among at least one sample attribute corresponding to the reference encrypted sample ID is used as Response sample properties.
可选地,所述查询结果中还包括可选字段信息;Optionally, the query result also includes optional field information;
所述加密模块902还用于:The encryption module 902 is also used for:
采用所述查询方公钥对所述响应样本属性和可选字段信息进行加密,获得加密样本属性。Encrypting the response sample attributes and optional field information by using the inquiring party's public key to obtain encrypted sample attributes.
可选地,所述目标加密样本标识是采用加密算法对目标样本标识进行加密获得的,所述查询方系统和各个数据方系统采用的加密算法相同。Optionally, the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, and the encryption algorithm used by the query system and each data system is the same.
基于相同的技术构思,本申请实施例提供了一种计算机设备,计算机设备可以是终端或服务器,如图10所示,包括至少一个处理器1001,以及与至少一个处理器连接的存储器1002,本申请实施例中不限定处理器1001与存储器1002之间的具体连接介质,图10中处理器1001和存储器1002之间通过总线连接为例。总线可以分为地址总线、数据总线、控制总线等。Based on the same technical concept, the embodiment of the present application provides a computer device, which may be a terminal or a server, as shown in FIG. 10 , including at least one processor 1001 and a memory 1002 connected to the at least one processor. The specific connection medium between the processor 1001 and the memory 1002 is not limited in the embodiment of the application, and the connection between the processor 1001 and the memory 1002 in FIG. 10 is taken as an example. The bus can be divided into address bus, data bus, control bus and so on.
在本申请实施例中,存储器1002存储有可被至少一个处理器1001执行的指令,至少一个处理器1001通过执行存储器1002存储的指令,可以执行上述数据共享方法中所包括的步骤。In the embodiment of the present application, the memory 1002 stores instructions executable by at least one processor 1001, and at least one processor 1001 can execute the steps included in the above data sharing method by executing the instructions stored in the memory 1002.
其中,处理器1001是计算机设备的控制中心,可以利用各种接口和线路连接计算机设备的各个部分,通过运行或执行存储在存储器1002内的指令以及调用存储在存储器1002内的数据,从而进行数据共享。可选的,处理器1001可包括一个或多个处理单元,处理器1001可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器1001中。在一些实施例中,处理器1001和存储器1002可以在同一芯片上实现,在一些实施例中,它们也可以在独立的芯片上分别实现。Among them, the processor 1001 is the control center of the computer equipment, which can use various interfaces and lines to connect various parts of the computer equipment, by running or executing the instructions stored in the memory 1002 and calling the data stored in the memory 1002, thereby performing data processing. shared. Optionally, the processor 1001 may include one or more processing units, and the processor 1001 may integrate an application processor and a modem processor. The tuner processor mainly handles wireless communication. It can be understood that the foregoing modem processor may not be integrated into the processor 1001 . In some embodiments, the processor 1001 and the memory 1002 can be implemented on the same chip, and in some embodiments, they can also be implemented on independent chips.
处理器1001可以是通用处理器,例如中央处理器(CPU)、数字信号处理器、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件,可以实现或者执行本申请实施例中公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者任何常规的处理器等。结合本申请实施例所公开的方法的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。The processor 1001 can be a general processor, such as a central processing unit (CPU), a digital signal processor, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a field programmable gate array or other programmable logic devices, discrete gates or transistors Logic devices and discrete hardware components can implement or execute the methods, steps and logic block diagrams disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the methods disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor.
存储器1002作为一种非易失性计算机可读存储介质,可用于存储非易失性软件程序、非易失性计算机可执行程序以及模块。存储器1002可以包括至少一种类型的存储介质,例如可以包括闪存、硬盘、多媒体卡、卡型存储器、随机访问存储器(Random Access Memory,RAM)、静态随机访问存储器(Static Random Access Memory,SRAM)、可编程只读存储器(Programmable Read Only Memory,PROM)、只读存储器(Read Only Memory,ROM)、带电可擦除可编程只读存储器(Electrically Erasable Programmable Read-Only Memory,EEPROM)、磁性存储器、磁盘、光盘等等。存储器1002是能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。本申请实施例中的存储器1002还可以是电路或者其它任意能够实现存储功能的装置,用于存储程序指令和/或数据。The memory 1002, as a non-volatile computer-readable storage medium, can be used to store non-volatile software programs, non-volatile computer-executable programs and modules. The memory 1002 may include at least one type of storage medium, such as flash memory, hard disk, multimedia card, card-type memory, random access memory (Random Access Memory, RAM), static random access memory (Static Random Access Memory, SRAM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Magnetic Memory, Disk , CD, etc. The memory 1002 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and can be accessed by a computer, but is not limited thereto. The memory 1002 in the embodiment of the present application may also be a circuit or any other device capable of implementing a storage function, and is used for storing program instructions and/or data.
基于同一发明构思,本申请实施例提供了一种计算机可读存储介质,其存储有可由计算机设备执行的计算机程序,当程序在计算机设备上运行时,使得计算机设备执行上述数据共享方法的步骤。Based on the same inventive concept, an embodiment of the present application provides a computer-readable storage medium, which stores a computer program executable by a computer device, and when the program runs on the computer device, the computer device executes the steps of the above data sharing method.
基于同一发明构思,本申请实施例提供了一种计算机程序产品,所述计算机程序产品包括存储在计算机可读存储介质上的计算机程序,所述计算机程序包括程序指令,当所述程序指令被计算机执行时,使所述计算机执行上述数据共享方法的步骤。Based on the same inventive concept, an embodiment of the present application provides a computer program product, the computer program product includes a computer program stored on a computer-readable storage medium, the computer program includes program instructions, when the program instructions are executed by the computer When executing, the computer is made to execute the steps of the above data sharing method.
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本申请是参照根据本申请的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指 令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.
显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the application without departing from the spirit and scope of the application. In this way, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application is also intended to include these modifications and variations.

Claims (17)

  1. 一种数据共享方法,应用于协调方系统,其特征在于,包括:A data sharing method applied to a coordinating party system, characterized in that it includes:
    接收查询方系统发送的查询请求,所述查询请求中包括目标加密样本标识和查询方公钥;receiving a query request sent by the querying system, the query request including the target encrypted sample identifier and the public key of the querying party;
    向至少一个数据方系统发送所述查询请求,以使所述至少一个数据方系统分别基于所述目标加密样本标识,获得相应的响应样本属性,并采用所述查询方公钥对所述响应样本属性进行加密,获得加密样本属性,并根据所述目标加密样本标识和所述加密样本属性,生成查询结果;sending the query request to at least one data party system, so that the at least one data party system obtains the corresponding response sample attributes based on the target encrypted sample identifier, and uses the query party public key to query the response sample Encrypting attributes to obtain encrypted sample attributes, and generating query results according to the target encrypted sample identifier and the encrypted sample attributes;
    接收至少一个数据方系统发送的查询结果,并将接收的查询结果发送至所述查询方系统,以使所述查询方系统通过查询方私钥分别对各个查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从所述至少一个响应样本属性中,获得所述目标加密样本标识对应的目标样本属性。receiving query results sent by at least one data-side system, and sending the received query results to the query-side system, so that the query-side system can respectively decrypt the encrypted sample attributes in each query result through the query-side private key, and obtain at least one response sample attribute, and obtain a target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
  2. 如权利要求1所述的方法,其特征在于,所述至少一个数据方系统是与所述协调方系统通信连接的各个数据方系统;或者,The method according to claim 1, wherein said at least one data party system is each data party system communicatively connected to said coordinating party system; or,
    所述至少一个数据方系统是按照数据质量从所述各个数据方系统中选取获得的。The at least one data cube system is selected from the various data cube systems according to data quality.
  3. 如权利要求1所述的方法,其特征在于,所述查询请求中还包括目标属性类别;The method according to claim 1, wherein the query request also includes a target attribute category;
    所述向至少一个数据方系统发送所述查询请求,以使所述至少一个数据方系统分别基于所述目标加密样本标识,获得相应的响应样本属性,包括:The sending the query request to at least one data-side system, so that the at least one data-side system respectively obtains corresponding response sample attributes based on the target encrypted sample ID includes:
    向至少一个数据方系统发送所述查询请求,以使所述至少一个数据方系统分别基于所述目标加密样本标识和所述目标属性类别,获得相应的响应样本属性。Sending the query request to at least one data-side system, so that the at least one data-side system obtains corresponding response sample attributes based on the target encrypted sample identifier and the target attribute category respectively.
  4. 如权利要求1至3任一所述的方法,其特征在于,还包括:The method according to any one of claims 1 to 3, further comprising:
    记录所述查询方系统的身份信息、所述查询方系统的查询请求以及接收的查询结果。Recording the identity information of the inquiring system, the query request of the inquiring system, and the received query results.
  5. 如权利要求1至3任一所述的方法,其特征在于,所述目标加密样本标识是采用加密算法对目标样本标识进行加密获得的,所述查询方系统和各个数据方系统采用的加密算法相同。The method according to any one of claims 1 to 3, wherein the target encrypted sample ID is obtained by encrypting the target sample ID using an encryption algorithm, and the encryption algorithm used by the query system and each data system same.
  6. 一种数据共享方法,应用于数据方系统,其特征在于,包括:A data sharing method applied to a data cube system, characterized in that it comprises:
    接收协调方系统发送的查询请求,所述查询请求是由查询方系统发送至所述协调方系统的,所述查询请求中包括目标加密样本标识和查询方公钥;receiving a query request sent by the coordinator system, the query request is sent to the coordinator system by the query system, and the query request includes the target encrypted sample identifier and the query public key;
    基于所述目标加密样本标识,获得相应的响应样本属性,并采用所述查询方公钥对所述响应样本属性进行加密,获得加密样本属性,并根据所述目标加密样本标识和所述加密样本属性,生成查询结果;Obtain the corresponding response sample attribute based on the target encrypted sample ID, and encrypt the response sample attribute with the public key of the inquiring party to obtain the encrypted sample attribute, and obtain the encrypted sample attribute according to the target encrypted sample ID and the encrypted sample Attributes to generate query results;
    发送所述查询结果至所述协调方系统,以使所述协调方系统发送查询结果至所述查询方系统,并指示所述查询方系统通过查询方私钥对所述查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从所述至少一个响应样本属性中,获得所述目标加密样本标识对应的目标样本属性。sending the query result to the coordinator system, so that the coordinator system sends the query result to the query system, and instructs the query system to encrypt the encrypted sample in the query result through the query party private key The attribute decryption is to obtain at least one response sample attribute, and obtain the target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
  7. 如权利要求6所述的方法,其特征在于,所述基于所述目标加密样本标识,获得相应的响应样本属性,包括:The method according to claim 6, wherein said obtaining corresponding response sample attributes based on said target encrypted sample identification comprises:
    若所述数据方系统中,存在与所述目标加密样本标识匹配的参考加密样本标识,则将所述参考加密样本标识对应的至少一个样本属性作为响应样本属性。If there is a reference encrypted sample ID matching the target encrypted sample ID in the data party system, at least one sample attribute corresponding to the reference encrypted sample ID is used as a response sample attribute.
  8. 如权利要求7所述的方法,其特征在于,还包括:The method of claim 7, further comprising:
    若所述数据方系统中不存在与所述目标加密样本标识匹配的参考加密样本标识,则生成随机序列,并将所述随机序列作为响应样本属性。If there is no reference encrypted sample ID matching the target encrypted sample ID in the data party system, a random sequence is generated, and the random sequence is used as a response sample attribute.
  9. 如权利要求8所述的方法,其特征在于,所述若所述数据方系统中不存在与所述目标加密样本标识匹配的参考加密样本标识,则生成随机序列,包括:The method according to claim 8, wherein if there is no reference encrypted sample ID matching the target encrypted sample ID in the data party system, generating a random sequence comprises:
    若所述数据方系统中不存在与所述目标加密样本标识匹配的参考加密样本标识,且所述数据方系统对应的随机序列生成概率大于预设阈值,则生成随机序列。If there is no reference encrypted sample identifier matching the target encrypted sample identifier in the data cube system, and the random sequence generation probability corresponding to the data cube system is greater than a preset threshold, a random sequence is generated.
  10. 如权利要求7所述的方法,其特征在于,所述查询请求中还包括目标属性类别;The method according to claim 7, wherein the query request also includes a target attribute category;
    所述若所述数据方系统中,存在与所述目标加密样本标识匹配的参考加密样本标识,则将所述参考加密样本标识对应的至少一个样本属性作为响应样本属性,包括:If there is a reference encrypted sample ID matching the target encrypted sample ID in the data party system, then at least one sample attribute corresponding to the reference encrypted sample ID is used as a response sample attribute, including:
    若所述数据方系统中,存在与所述目标加密样本标识匹配的参考加密样本标识,则将所述参考加密样本标识对应的至少一个样本属性中,与所述目标属性类别匹配的样本属性作为响应样本属性。If there is a reference encrypted sample ID that matches the target encrypted sample ID in the data party system, the sample attribute that matches the target attribute category among at least one sample attribute corresponding to the reference encrypted sample ID is used as Response sample properties.
  11. 如权利要求6所述的方法,其特征在于,所述查询结果中还包括可选字段信息;The method according to claim 6, wherein the query result further includes optional field information;
    所述采用所述查询方公钥对所述响应样本属性进行加密,获得加密样本属性,包括:Encrypting the response sample attributes with the public key of the inquiring party to obtain encrypted sample attributes includes:
    采用所述查询方公钥对所述响应样本属性和可选字段信息进行加密,获得加密样本属性。Encrypting the response sample attributes and optional field information by using the inquiring party's public key to obtain encrypted sample attributes.
  12. 如权利要求6所述的方法,其特征在于,所述目标加密样本标识是采用加密算法对目标样本标识进行加密获得的,所述查询方系统和各个数据方系统采用的加密算法相同。The method according to claim 6, wherein the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, and the encryption algorithm used by the query system and each data system is the same.
  13. 一种数据共享装置,其特征在于,包括:A data sharing device, characterized in that it comprises:
    第一接收模块,用于接收查询方系统发送的查询请求,所述查询请求中包括目标加密样本标识和查询方公钥;The first receiving module is configured to receive a query request sent by the querying system, where the query request includes the target encrypted sample identifier and the public key of the querying party;
    第一发送模块,用于向至少一个数据方系统发送所述查询请求,以使所述至少一个数据方系统分别基于所述目标加密样本标识,获得相应的响应样本属性,并采用所述查询方公钥对所述响应样本属性进行加密,获得加密样本属性,并根据所述目标加密样本标识和所述加密样本属性,生成查询结果;The first sending module is configured to send the query request to at least one data-side system, so that the at least one data-side system obtains corresponding response sample attributes based on the target encrypted sample identifier, and adopts the query method The public key encrypts the response sample attribute to obtain the encrypted sample attribute, and generates a query result according to the target encrypted sample identifier and the encrypted sample attribute;
    第一接收模块,还用于接收至少一个数据方系统发送的查询结果,并将接收的查询结果发送至所述查询方系统,以使所述查询方系统通过查询方私钥分别对各个查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从所述至少一个响应样本属性中,获得所述目标加密样本标识对应的目标样本属性。The first receiving module is also used to receive query results sent by at least one data-side system, and send the received query results to the query-side system, so that the query-side system uses the private key of the query-side system to query each query result Decrypt the encrypted sample attribute in, obtain at least one response sample attribute, and obtain the target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
  14. 一种数据共享装置,其特征在于,包括:A data sharing device, characterized in that it comprises:
    第二接收模块,用于接收协调方系统发送的查询请求,所述查询请求是由查询方系统发送至所述协调方系统的,所述查询请求中包括目标加密样本标识和查询方公钥;The second receiving module is configured to receive a query request sent by the coordinator system, the query request is sent to the coordinator system by the query system, and the query request includes the target encrypted sample identifier and the query public key;
    加密模块,用于基于所述目标加密样本标识,获得相应的响应样本属性,并采用所述查询方公钥对所述响应样本属性进行加密,获得加密样本属性,并根据所述目标加密样本标识和所述加密样本属性,生成查询结果;An encryption module, configured to obtain corresponding response sample attributes based on the target encryption sample ID, and encrypt the response sample attributes with the queryer public key to obtain encrypted sample attributes, and obtain the encrypted sample attributes according to the target encryption sample ID and the encrypted sample attributes to generate query results;
    第二发送模块,用于发送所述查询结果至所述协调方系统,以使所述协调方系统发送查询结果至所述查询方系统,并指示所述查询方系统通过查询方私钥对所述查询结果中的加密样本属性解密,获取至少一个响应样本属性,并从所述至少一个响应样本属性中,获得所述目标加密样本标识对应的目标样本属性。The second sending module is configured to send the query result to the coordinator system, so that the coordinator system sends the query result to the inquirer system, and instructs the inquirer system to pair the query result with the inquirer private key decrypt the encrypted sample attribute in the query result, obtain at least one response sample attribute, and obtain the target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
  15. 一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述程序时实现权利要求1~12任一权利要求所述方法的步骤。A computer device, comprising a memory, a processor, and a computer program stored in the memory and operable on the processor, characterized in that, when the processor executes the program, it realizes any of claims 1-12 steps of the method described above.
  16. 一种计算机可读存储介质,其特征在于,其存储有可由计算机设备执行的计算机程序,当所述程序在计算机设备上运行时,使得所述计算机设备执行权利要求1~12任一所述方法的步骤。A computer-readable storage medium, characterized in that it stores a computer program executable by a computer device, and when the program is run on the computer device, the computer device executes the method described in any one of claims 1-12 A step of.
  17. 一种计算机程序产品,其特征在于,所述计算机程序产品包括存储在计算机可读存储介质上的计算机程序,所述计算机程序包括程序指令,当所述程序指令被计算机设备执行时,使所述计算机设备执行权利要求1~12任一所述方法的步骤。A computer program product, characterized in that the computer program product includes a computer program stored on a computer-readable storage medium, the computer program includes program instructions, and when the program instructions are executed by a computer device, the The computer equipment executes the steps of the method described in any one of claims 1-12.
PCT/CN2022/106833 2021-11-22 2022-07-20 Data sharing method and apparatus, device, and storage medium WO2023087760A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111402128.7 2021-11-22
CN202111402128.7A CN114116637A (en) 2021-11-22 2021-11-22 Data sharing method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
WO2023087760A1 true WO2023087760A1 (en) 2023-05-25

Family

ID=80371704

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/106833 WO2023087760A1 (en) 2021-11-22 2022-07-20 Data sharing method and apparatus, device, and storage medium

Country Status (3)

Country Link
CN (1) CN114116637A (en)
TW (1) TWI812366B (en)
WO (1) WO2023087760A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114116637A (en) * 2021-11-22 2022-03-01 中国银联股份有限公司 Data sharing method, device, equipment and storage medium
CN115086037B (en) * 2022-06-16 2024-04-05 京东城市(北京)数字科技有限公司 Data processing method and device, storage medium and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120036360A1 (en) * 2010-01-06 2012-02-09 Telcordia Technologies, Inc. System and method establishing trusted relationships to enable secure exchange of private information
CN111988307A (en) * 2020-08-18 2020-11-24 兰笺(苏州)科技有限公司 Block chain technology-based construction engineering work information sharing platform and operation method
CN113158247A (en) * 2021-04-27 2021-07-23 同盾控股有限公司 User query method and device, storage medium and electronic equipment
CN113239395A (en) * 2021-05-10 2021-08-10 深圳前海微众银行股份有限公司 Data query method, device, equipment, storage medium and program product
CN114116637A (en) * 2021-11-22 2022-03-01 中国银联股份有限公司 Data sharing method, device, equipment and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3637673B1 (en) * 2018-10-10 2022-02-02 Sap Se Secure data sharing
CN110059495B (en) * 2018-12-14 2020-11-17 创新先进技术有限公司 Data sharing method, device and system and electronic equipment
CN112434109B (en) * 2020-11-23 2021-11-16 交通银行股份有限公司 Data sharing and secret query method and system based on block chain technology
CN113225302B (en) * 2021-01-27 2022-06-24 暨南大学 Data sharing system and method based on proxy re-encryption

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120036360A1 (en) * 2010-01-06 2012-02-09 Telcordia Technologies, Inc. System and method establishing trusted relationships to enable secure exchange of private information
CN111988307A (en) * 2020-08-18 2020-11-24 兰笺(苏州)科技有限公司 Block chain technology-based construction engineering work information sharing platform and operation method
CN113158247A (en) * 2021-04-27 2021-07-23 同盾控股有限公司 User query method and device, storage medium and electronic equipment
CN113239395A (en) * 2021-05-10 2021-08-10 深圳前海微众银行股份有限公司 Data query method, device, equipment, storage medium and program product
CN114116637A (en) * 2021-11-22 2022-03-01 中国银联股份有限公司 Data sharing method, device, equipment and storage medium

Also Published As

Publication number Publication date
TWI812366B (en) 2023-08-11
CN114116637A (en) 2022-03-01
TW202321938A (en) 2023-06-01

Similar Documents

Publication Publication Date Title
WO2020207233A1 (en) Permission control method and apparatus for blockchain
US11438383B2 (en) Controlling permissible actions a computing device can perform on a data resource based on a use policy evaluating an authorized context of the device
US20200403778A1 (en) Dynamic blockchain system and method for providing efficient and secure distributed data access, data storage and data transport
US10341103B2 (en) Data analytics on encrypted data elements
US20200287874A1 (en) System and associated method for ensuring data privacy
WO2023087760A1 (en) Data sharing method and apparatus, device, and storage medium
CN106022155B (en) Method and server for database security management
US20140090023A1 (en) Method and Apparatus for Authenticating Location-based Services without Compromising Location Privacy
US11757877B1 (en) Decentralized application authentication
WO2022068356A1 (en) Blockchain-based information encryption method and apparatus, device and medium
WO2018233051A1 (en) Data release method and device, and server and storage medium
Li et al. An efficient blind filter: Location privacy protection and the access control in FinTech
CN112511599A (en) Civil air defense data sharing system and method based on block chain
WO2023093090A1 (en) Sample alignment method and apparatus, device, and storage medium
WO2023056249A1 (en) Custodial systems for non-fungible tokens
WO2022068234A1 (en) Encryption method and apparatus based on shared root key, device and medium
US11947684B2 (en) Searching encrypted data
CN117371011A (en) Data hiding query method, electronic device and readable storage medium
CN111090616B (en) File management method, corresponding device, equipment and storage medium
US11133926B2 (en) Attribute-based key management system
Tian et al. A trusted control model of cloud storage
CN106878293A (en) Date storage method and device based on cloud storage platform
Zhang et al. Encrypted and compressed key-value store with pattern-analysis security in cloud systems
Suneetha et al. Data security model using artificial neural networks and database fragmentation in cloud environment
US11809589B2 (en) Secure data structure for database system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22894303

Country of ref document: EP

Kind code of ref document: A1