WO2023087760A1 - Procédé et appareil de partage de données, dispositif et support de stockage - Google Patents

Procédé et appareil de partage de données, dispositif et support de stockage Download PDF

Info

Publication number
WO2023087760A1
WO2023087760A1 PCT/CN2022/106833 CN2022106833W WO2023087760A1 WO 2023087760 A1 WO2023087760 A1 WO 2023087760A1 CN 2022106833 W CN2022106833 W CN 2022106833W WO 2023087760 A1 WO2023087760 A1 WO 2023087760A1
Authority
WO
WIPO (PCT)
Prior art keywords
sample
query
data
target
attribute
Prior art date
Application number
PCT/CN2022/106833
Other languages
English (en)
Chinese (zh)
Inventor
刘红宝
高鹏飞
郑建宾
邱震尧
周雍恺
程栋
庞悦
欧阳琛
金灵
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2023087760A1 publication Critical patent/WO2023087760A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the embodiments of the present invention relate to the technical field of data processing, and in particular, to a data sharing method, device, device, and storage medium.
  • Embodiments of the present application provide a data sharing method, device, device, and storage medium for realizing data sharing between different industries, institutions, and departments.
  • the embodiment of the present application provides a data sharing method, the method includes:
  • the querying system receiving a query request sent by the querying system, the query request including the target encrypted sample identifier and the public key of the querying party;
  • the embodiment of the present application provides a data sharing method, the method includes:
  • the query request is sent to the coordinator system by the query system, and the query request includes the target encrypted sample identification and the query public key;
  • the attribute decryption is to obtain at least one response sample attribute, and obtain the target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
  • the embodiment of the present application provides a data sharing device, the device includes:
  • the first receiving module is configured to receive a query request sent by the querying system, where the query request includes the target encrypted sample identifier and the public key of the querying party;
  • the first sending module is configured to send the query request to at least one data-side system, so that the at least one data-side system obtains corresponding response sample attributes based on the target encrypted sample identifier, and adopts the query method
  • the public key encrypts the response sample attribute to obtain the encrypted sample attribute, and generates a query result according to the target encrypted sample identifier and the encrypted sample attribute;
  • the first receiving module is also used to receive query results sent by at least one data-side system, and send the received query results to the query-side system, so that the query-side system uses the private key of the query-side system to query each query result Decrypt the encrypted sample attribute in, obtain at least one response sample attribute, and obtain the target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
  • the at least one data center system is each data center system communicatively connected to the coordinator system; or,
  • the at least one data cube system is selected from the various data cube systems according to data quality.
  • the query request also includes a target attribute category
  • the first sending module is specifically used for:
  • a recording module is also included, and the recording module is specifically used for:
  • the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, and the encryption algorithm used by the query system and each data system is the same.
  • the embodiment of the present application provides a data sharing device, the device includes:
  • the second receiving module is configured to receive a query request sent by the coordinator system, the query request is sent to the coordinator system by the query system, and the query request includes the target encrypted sample identifier and the query public key;
  • An encryption module configured to obtain corresponding response sample attributes based on the target encryption sample ID, and encrypt the response sample attributes with the queryer public key to obtain encrypted sample attributes, and obtain the encrypted sample attributes according to the target encryption sample ID and the encrypted sample attributes to generate query results;
  • the second sending module is configured to send the query result to the coordinator system, so that the coordinator system sends the query result to the inquirer system, and instructs the inquirer system to pair the query result with the inquirer private key decrypt the encrypted sample attribute in the query result, obtain at least one response sample attribute, and obtain the target sample attribute corresponding to the target encrypted sample identifier from the at least one response sample attribute.
  • the encryption module is specifically used for:
  • At least one sample attribute corresponding to the reference encrypted sample ID is used as a response sample attribute.
  • the encryption module is also used for:
  • a random sequence is generated, and the random sequence is used as a response sample attribute.
  • the encryption module is also used for:
  • the query request also includes a target attribute category
  • the encryption module is also used for:
  • the sample attribute that matches the target attribute category among at least one sample attribute corresponding to the reference encrypted sample ID is used as Response sample properties.
  • the query result also includes optional field information
  • the encryption module is also used for:
  • the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, and the encryption algorithm used by the query system and each data system is the same.
  • an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored on the memory and operable on the processor, and the processor implements the above data sharing method when executing the program. step.
  • an embodiment of the present application provides a computer-readable storage medium, which stores a computer program executable by a computer device, and when the program is run on the computer device, the computer device executes the above-mentioned data sharing method. step.
  • an embodiment of the present application provides a computer program product
  • the computer program product includes a computer program stored on a computer-readable storage medium
  • the computer program includes program instructions, and when the program instructions are executed by a computer device , causing the computer device to execute the steps of the above data sharing method.
  • the inquiring system sends a query request to the coordinator system, and the coordinator system then sends the query request to the data side system.
  • the data cube system obtains the corresponding response sample attributes based on the target encrypted sample ID, and then uses the public key of the query party to encrypt the response sample attributes to obtain the encrypted sample attributes, and then generates query results based on the target encrypted sample ID and encrypted sample attributes.
  • the data side system sends the query result to the coordinator system, and the coordinator system sends the query result to the query side system.
  • the inquiring system decrypts the encrypted sample attribute in the query result through the inquiring party's private key, obtains at least one response sample attribute, and obtains the target sample attribute corresponding to the target encrypted sample ID from the at least one response sample attribute.
  • the coordinator system connects the query system and each data system, avoiding the query request from the query system directly to each data system, and ensuring the privacy of the query information and the data privacy of the data system.
  • the query results sent by each data system are also encrypted data. Therefore, the coordinating system does not know the specific data received and sent, which ensures that the query request and query Security of Results.
  • FIG. 1 is a schematic diagram of a system architecture provided by an embodiment of the present application.
  • FIG. 2 is a schematic flow diagram of a data sharing method provided by an embodiment of the present application.
  • FIG. 3 is a schematic structural diagram of a query request provided by an embodiment of the present application.
  • FIG. 4 is a schematic structural diagram of a query request provided by an embodiment of the present application.
  • FIG. 5 is a schematic structural diagram of a query result provided by an embodiment of the present application.
  • FIG. 6 is a schematic structural diagram of a query result provided by an embodiment of the present application.
  • FIG. 7 is a schematic flow diagram of a data sharing method provided by an embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of a data sharing device provided by an embodiment of the present application.
  • FIG. 9 is a schematic structural diagram of a data sharing device provided by an embodiment of the present application.
  • FIG. 10 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
  • the system architecture includes at least a terminal device 101, an inquiring system 102, a coordinating system 103, a data system 104-1, and a data system 104-2. , . . . the data cube system 104-X, where X is an integer greater than 0.
  • the terminal device 101 is installed with a target application for querying data, and the application may be a pre-installed client, a web application, or a small program embedded in other applications.
  • the terminal device 101 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, etc., but is not limited thereto.
  • the query system 102, the coordinator system 103, the data system 104-1 to the data system 104-X are background servers of the target application and provide services for the target application.
  • the inquiring system 102 can be an independent physical server, or a server cluster or a distributed system composed of multiple physical servers, and can also provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud Cloud servers for basic cloud computing services such as communications, middleware services, domain name services, security services, content delivery network (Content Delivery Network, CDN), and big data and artificial intelligence platforms.
  • the coordinator system 103 can be an independent physical server, or a server cluster or a distributed system composed of multiple physical servers, and can also provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud Cloud servers for basic cloud computing services such as communications, middleware services, domain name services, security services, content delivery network (Content Delivery Network, CDN), and big data and artificial intelligence platforms. It should be noted that there may be multiple inquiring party systems 102 and coordinating party systems 103 , and the present application does not specifically limit the number of inquiring party systems 102 and coordinating party systems 103 .
  • the data cube system 104 ⁇ 1 to the data cube system 104 ⁇ X can be an independent physical server, or a server cluster or a distributed system composed of multiple physical servers, or provide cloud services, cloud databases, cloud computing, cloud Cloud servers for basic cloud computing services such as function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, content delivery network (Content Delivery Network, CDN), and big data and artificial intelligence platforms.
  • cloud services such as function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, content delivery network (Content Delivery Network, CDN), and big data and artificial intelligence platforms.
  • the terminal device 101 and the inquiring system 102 may be directly or indirectly connected through wired or wireless communication, which is not limited in this application.
  • the inquiring system 102 and the coordinating system 103 may be directly or indirectly connected through wired or wireless communication, which is not limited in this application.
  • the coordinator system 103 is connected to the data system 104-1 to the data system 104-X respectively, and can be connected directly or indirectly through wired or wireless communication, which is not limited in this application.
  • the terminal device 101 In response to the user's data query operation, the terminal device 101 sends a data query command to the querying system 102, and the data query command includes the target sample identifier.
  • the inquiring system 102 receives the data query instruction, encrypts the target sample ID with an encryption algorithm, and obtains the target encrypted sample ID.
  • the queryer system 102 sends a query request to the coordinator system 103, wherein the query request includes the target encrypted sample identifier and the queryer public key.
  • the coordinator system 103 receives the query request sent by the query system 102, and sends query requests to the data-side systems 104-1, ..., and the data-side systems 104-X respectively.
  • At least one of the data cube systems 104 ⁇ 1 to data cube systems 104 ⁇ X obtains corresponding response sample attributes based on the target encrypted sample identifier in the query request, and encrypts the response sample attributes with the query party public key , obtain the encrypted sample attribute, and generate a query result according to the target encrypted sample ID and the encrypted sample attribute.
  • the above-mentioned at least one data-side system respectively sends query results to the coordinator system 103 , and the coordinator system 103 sends each query result to the query-side system 102 .
  • the querying system 102 decrypts the encrypted sample attributes in each query result with the private key of the querying party, obtains at least one response sample attribute, and obtains the target sample attribute corresponding to the target encrypted sample ID from the at least one response sample attribute.
  • the solutions in the embodiments of the present application are applicable to the data sharing query requirements of different industries.
  • the establishment of a financial industry data security sharing alliance, etc. can be safely shared within the alliance, and the privacy data security of all parties can be guaranteed.
  • Data cube system 104 ⁇ 1 to data cube system 104 ⁇ X execute interactively, including the following steps:
  • Step S201 the inquiring system sends an inquiry request to the coordinating system.
  • the query request includes the target encrypted sample ID and the public key of the querying party.
  • the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, wherein the target sample ID can be an ID card number, a telephone number, and the like.
  • the encryption algorithm used by the query system and each data system is the same.
  • the encryption algorithm may be a symmetric encryption algorithm, an asymmetric encryption algorithm, or a hash algorithm.
  • the encryption algorithm is used to encrypt the target sample ID to obtain the target encrypted sample ID, which enhances the security of query information.
  • the inquiring party system determines the inquiring party's public key and inquiring party's private key based on an asymmetric encryption algorithm.
  • the asymmetric encryption algorithm may be any one of RSA algorithm, Elgamal algorithm, elliptic curve encryption algorithm and the like.
  • the query request includes the target encrypted sample identifier and the public key of the querying party.
  • the query request includes the target encrypted sample identifier, the public key of the querying party, and the target attribute category.
  • the target attribute category can restrict different scenarios and determine the response sample attributes in a specific scenario.
  • Step S202 the coordinating system sends a query request to the data system.
  • the coordinator system receives the query request sent by the query system, and records the identity information of the query party and the corresponding query request.
  • the coordinator system can send the query request to each data party system in the data sharing network in the form of broadcast.
  • the coordinator system can also select the broadcast data party system according to a certain probability value.
  • the coordinator system sends a query request to each data-side system connected by communication.
  • the coordinator system sends query requests to data party system 1, data party system 2, and data party system 3 respectively.
  • the coordinating system sends query requests to each data system connected by communication, which can effectively improve the matching degree of query requests and improve the quality of query results.
  • the coordinator system sends a query request to some of the data-side systems connected by communication.
  • some data cube systems are randomly selected by the coordinator system from each data cube system.
  • the coordinator system generates a random number for each data cube system, compares the random number corresponding to each data cube system with the preset value, and uses the data cube system corresponding to the random number that meets the preset conditions as part of the data square system.
  • the coordinator system generates a random number for each data cube system, and the random numbers corresponding to data cube system 1, data cube system 2, and data cube system 3 are 0.6, 0.4, and 0.9, respectively. Comparing each random number with the preset value 0.5, the random number 0.6 corresponding to the data cube system 1 is greater than 0.5, and the random number 0.9 corresponding to the data cube system 3 is greater than 0.5. Therefore, the data cube system 1 and the data cube system 3 are selected as part of the data cube systems, and the coordinating system sends query requests to the data cube system 1 and the data cube system 3.
  • some data cube systems are selected by the coordinator system from various data cube systems according to the data quality.
  • each data cube system determines a corresponding data quality score based on the data quality in each system.
  • Data quality is related to the data value of the data cube system and the credit of the data cube.
  • the coordinator system regards the data cube systems corresponding to the data quality scores that meet the preset conditions as part of the data cube systems.
  • data cube system 1 For example, it is assumed that three data cube systems are connected to the coordinator system, namely, data cube system 1, data cube system 2, and data cube system 3.
  • the data quality scores corresponding to each data cube system are 90 points, 78 points, and 93 points respectively.
  • the coordinator system sends query requests to some of the data-side systems in the communication connection, which effectively reduces the network load.
  • some data cube systems are selected from various data cube systems according to data quality, while reducing the network load, it also ensures the matching degree of query requests and improves the quality of query results.
  • Step S203 the data party system obtains the corresponding response sample attributes based on the target encrypted sample identifier.
  • the data cube system queries the desensitization database according to the target encrypted sample ID, and obtains the response sample attributes.
  • Embodiment 1 When the query request includes the target encrypted sample ID and the public key of the inquiring party, if there is a reference encrypted sample ID matching the target encrypted sample ID in the data party system, at least one sample corresponding to the reference encrypted sample ID will be referenced. attributes as response sample attributes.
  • the data cube system If there is no reference encrypted sample ID matching the target encrypted sample ID in the data cube system, in a possible implementation manner, the data cube system generates a random sequence and uses the random sequence as a response sample attribute.
  • the data cube system generates a random number, which is the probability of generating a random sequence, and then compares the random number with a preset threshold. If the random number is greater than the preset threshold, the data cube system Generate a random sequence and use this random sequence as a response sample attribute; otherwise, the data cube system will not do anything.
  • the data cube system includes data cube system 1 and data cube system 2, and the target encrypted sample identifier is aa.
  • the data cube system 1 includes three sets of reference encrypted sample IDs, and each set of reference encrypted sample IDs corresponds to two sample attributes, namely whether it is A or not.
  • the three sets of reference encrypted sample IDs are aa, bb, and cc, respectively, and the sample attributes corresponding to the reference encrypted sample ID aa are A and B respectively.
  • the sample attributes corresponding to the reference encrypted sample ID bb are non-A and non-B respectively.
  • the sample attributes corresponding to the reference encrypted sample ID cc are A and non-B respectively.
  • the data side system 1 queries Table 1 according to the target encrypted sample ID aa, determines that there is a reference encrypted sample ID matching the target encrypted sample ID aa in Table 1, and uses the sample attributes "A and B" corresponding to the reference encrypted sample ID aa as Response sample properties.
  • the data cube system 2 includes two sets of reference encrypted sample IDs, and each set of reference encrypted sample IDs corresponds to a sample attribute, that is, whether it is A or not.
  • the two sets of reference encrypted sample IDs are bb and cc respectively, and the sample attribute corresponding to the reference encrypted sample ID bb is not A.
  • the sample attribute corresponding to the reference encrypted sample ID cc is A.
  • the data side system 2 queries Table 2 according to the target encrypted sample ID aa, and determines that there is no reference encrypted sample ID matching the target encrypted sample ID aa in Table 2, then the data side system 2 generates a random sequence and takes the random sequence as a response Sample properties.
  • Embodiment 2 When the query request includes the marked encrypted sample ID, the public key of the querying party, and the target attribute category, if there is a reference encrypted sample ID matching the target encrypted sample ID in the data party system, the reference encrypted sample ID will be correspondingly Among at least one sample attribute of , the sample attribute matching the target attribute category is used as the response sample attribute.
  • the data cube system If there is no reference encrypted sample ID matching the target encrypted sample ID in the data cube system, in a possible implementation manner, the data cube system generates a random sequence and uses the random sequence as a response sample attribute.
  • the data cube system generates a random number, which is the probability of generating a random sequence, and then compares the random number with a preset threshold. If the random number is greater than the preset threshold, the data cube The system generates a random sequence and takes the random sequence as a response sample attribute; otherwise, the data side system does not do any processing.
  • the data cube system includes data cube system 1 and data cube system 2, the target encrypted sample identifier is aa, and the target attribute type is B or not.
  • the data in Data Cube System 1 is shown in Table 1.
  • the data side system 1 queries Table 1 according to the target encrypted sample ID aa, and determines that there is a reference encrypted sample ID matching the target encrypted sample ID aa in Table 1, then selects the sample from the two sample attributes corresponding to the reference encrypted sample ID aa Attribute "B", as a response sample attribute.
  • Data side system 1 queries table 2 according to target encrypted sample ID aa, and determines that there is no reference encrypted sample ID matching target encrypted sample ID aa in table 2, then data side system 2 generates a random number 0.3, and stores the random number Compared with the preset threshold 0.5, since the random number 0.3 is smaller than the preset threshold 0.5, the data party system 2 does not perform any processing.
  • the target attribute category limits different scenarios, and the target attribute category is used to filter the sample attributes to obtain the response sample attributes, which can more accurately match the sample attributes and obtain more accurate response sample attributes.
  • the target attribute category is used to filter the sample attributes to obtain the response sample attributes, which can more accurately match the sample attributes and obtain more accurate response sample attributes.
  • Step S204 the data party system encrypts the response sample attributes by using the query party's public key to obtain the encrypted sample attributes.
  • the data cube system can use the public key of the query party to encrypt only the response sample attributes to obtain encrypted sample attributes, and the data cube system can also use the query party public key to encrypt the response sample attributes and optional field information. Get encrypted sample properties.
  • the optional field information may be any one or combination of timestamps, random numbers, random character strings, and the like.
  • Step S205 the data side system generates a query result according to the target encrypted sample identifier and the encrypted sample attribute.
  • the query result when the data side system encrypts the response sample attribute with the queryer public key, the query result includes the target encrypted sample ID and the encrypted sample attribute, wherein the encrypted sample attribute includes the response sample attribute.
  • the query result when the data party system uses the public key of the query party to encrypt the response sample attributes and optional field information, the query result includes the target encrypted sample identifier and encrypted sample attributes, where the encrypted sample Properties include response sample properties and optional field information.
  • Step S206 the data party system sends the query result to the coordinator system.
  • the coordinating party system receives the query results sent by the data party system, and records each data party system and the corresponding query results sent. At the same time, the previously recorded identity information of the inquiring party and the querying request of the inquiring party correspond to the query results sent by each data party system.
  • the coordinator system records the identity information of the querying party, the querying request of the querying party, and each query result corresponding to the querying request, which ensures that the query information is traceable and cannot be tampered with, and is convenient for information verification and review.
  • Step S207 the coordinating system sends the query result to the querying system.
  • the coordinator system also provides a billing function, charges the corresponding fee to the query party, and pays the corresponding fee to the data system that provides the query result, effectively improving the enthusiasm of the data system to participate and promoting data sharing development of.
  • Step S208 the inquiring party system decrypts the encrypted sample attribute in the query result by using the inquiring party's private key, obtains at least one response sample attribute, and obtains the target sample attribute corresponding to the target encrypted sample ID from the at least one response sample attribute.
  • the inquiring party system decrypts the encrypted sample attributes through the inquiring party's private key to obtain the response sample attributes.
  • the inquiring party system decrypts the encrypted sample attributes through the inquiring party's private key, and obtains the concatenated field information of the response sample attributes and optional field information.
  • the optional field information in the concatenated field information is removed, that is, the response sample attributes are obtained.
  • the response sample attribute is used as the target sample attribute corresponding to the target encrypted sample ID . If the response sample attribute is a response sample attribute of a random sequence, the response sample attribute is removed.
  • the system composed of the inquiring system, the coordinating system and each data system realizes the data sharing of the data in each data system without leaving the database.
  • the query system can only obtain query results, but it is not clear which data system provides the query results.
  • the attributes of the response samples acquired by the inquiring system are only known to the inquiring system and the data system, and cannot be obtained by any third party, thereby improving the security of the query information and protecting the privacy of the identity information of the inquiring system.
  • the data cube system only provides query results, but it is not clear which query system is providing the query results. At the same time, the data cube system cannot know the query results generated by other data cube systems, thereby protecting the data privacy of the data cube system.
  • the coordinator system connects the query system and each data system, avoiding the query request from the query system directly to each data system, and ensuring the privacy of the query information and the data privacy of the data system.
  • the query request sent by the querying party is encrypted data
  • the query results sent by each data system are also encrypted data. Therefore, the coordinating system does not know the specific data received and sent, which ensures that the query request and query Security of Results.
  • step S301 the querying system sends a query request to the coordinating system, wherein the query request includes the target encrypted sample identifier, the querying party's public key, and the target attribute category.
  • Step S302 the coordinating party system records the identity information of the inquiring party and the inquiry request of the inquiring party.
  • Step S303 the coordinator system sends a query request to the data side system.
  • step S304 the data side system judges whether there is a reference encrypted sample ID matching the target encrypted sample ID, and if yes, executes step S305; otherwise, executes step S306.
  • step S305 the data side system takes the sample attribute matching the target attribute category among at least one sample attribute corresponding to the reference encrypted sample ID as the response sample attribute, and jumps to step S308.
  • step S306 the data side system generates a random number, and judges whether the random number is greater than a preset threshold, if yes, executes step S307; otherwise, ends.
  • step S307 the data cube system generates a random sequence and uses the random sequence as a response sample attribute.
  • step S308 the data party system encrypts the response sample attributes and optional field information using the queryer's public key to obtain encrypted sample attributes.
  • the optional field information may be timestamp, random number, random character string, etc.
  • Step S309 the data cube system generates a query result according to the target encrypted sample identifier and the encrypted sample attribute.
  • Step S310 the data party system sends the query result to the coordinator system.
  • step S311 the coordinator system records each data party system and corresponding query results sent.
  • Step S312 the coordinating system sends the query result to the querying system.
  • Step S313 the inquiring party system decrypts the encrypted sample attribute in the query result by using the inquiring party's private key, obtains at least one response sample attribute, and obtains the target sample attribute corresponding to the target encrypted sample ID from the at least one response sample attribute.
  • the system composed of the inquiring system, the coordinating system and each data system realizes the data sharing of the data in each data system without leaving the database.
  • the coordinator system connects the query system and each data system, avoiding the query request from the query system directly to each data system, and ensuring the privacy of the query information and the data privacy of the data system.
  • the query request sent by the querying party is encrypted data
  • the query results sent by each data system are also encrypted data. Therefore, the coordinating system does not know the specific data received and sent, which ensures that the query request and query Security of Results.
  • the target attribute category restricts different scenarios. By filtering the sample attributes through the target attribute category and obtaining the response sample attributes, the sample attributes can be matched more accurately and more accurate response sample attributes can be obtained. When there is no reference encrypted sample ID matching the target encrypted sample ID in the data cube system, a random sequence can be generated and returned according to the probability, which effectively reduces the network load and improves the network operation efficiency. In the case of the same response sample attributes, by encrypting the response sample attributes and optional field information to obtain different encrypted sample attributes, it can effectively solve the problem of obtaining the response sample attributes after the third party intercepts the encrypted sample attributes, and improves security during data transmission.
  • the coordinator system records the identity information of the query party, the query request of the query party, and each query result corresponding to the query request, ensuring that the query information is traceable and cannot be tampered with, which is convenient for information verification and review.
  • the embodiment of the present application provides a data sharing device, as shown in Figure 8, the device 800 includes:
  • the first receiving module 801 is configured to receive a query request sent by the querying system, and the query request includes the target encrypted sample identifier and the public key of the querying party;
  • the first sending module 802 is configured to send the query request to at least one data-side system, so that the at least one data-side system obtains corresponding response sample attributes based on the target encrypted sample identifier, and uses the query
  • the public key of the party encrypts the response sample attribute to obtain the encrypted sample attribute, and generates a query result according to the target encrypted sample identifier and the encrypted sample attribute;
  • the first receiving module 801 is also used to receive the query result sent by at least one data-side system, and send the received query result to the query-side system, so that the query-side system can use the private key of the query-side system to query each
  • the encrypted sample attribute in the result is decrypted, at least one response sample attribute is obtained, and the target sample attribute corresponding to the target encrypted sample identifier is obtained from the at least one response sample attribute.
  • the at least one data center system is each data center system communicatively connected to the coordinator system; or,
  • the at least one data cube system is selected from the various data cube systems according to data quality.
  • the query request also includes a target attribute category
  • the first sending module 802 is specifically used for:
  • a recording module 803 is also included, and the recording module 803 is specifically used for:
  • the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, and the encryption algorithm used by the query system and each data system is the same.
  • the embodiment of this application provides a data sharing device, as shown in Figure 9, the device 900 includes:
  • the second receiving module 901 is configured to receive a query request sent by the coordinator system, the query request is sent to the coordinator system by the query system, and the query request includes the target encrypted sample identifier and the query party public key ;
  • An encryption module 902 configured to obtain corresponding response sample attributes based on the target encryption sample identifier, and encrypt the response sample attributes with the queryer public key to obtain encrypted sample attributes, and encrypt the sample attributes according to the target encryption sample Identify and attribute the encrypted sample, and generate a query result;
  • the second sending module 903 is configured to send the query result to the coordinator system, so that the coordinator system sends the query result to the inquirer system, and instructs the inquirer system to use the inquirer private key pair
  • the encrypted sample attribute in the query result is decrypted to obtain at least one response sample attribute, and the target sample attribute corresponding to the target encrypted sample identifier is obtained from the at least one response sample attribute.
  • the encryption module 902 is specifically configured to:
  • At least one sample attribute corresponding to the reference encrypted sample ID is used as a response sample attribute.
  • the encryption module 902 is also used for:
  • a random sequence is generated, and the random sequence is used as a response sample attribute.
  • the encryption module 902 is also used for:
  • the query request also includes a target attribute category
  • the encryption module 902 is also used for:
  • the sample attribute that matches the target attribute category among at least one sample attribute corresponding to the reference encrypted sample ID is used as Response sample properties.
  • the query result also includes optional field information
  • the encryption module 902 is also used for:
  • the target encrypted sample ID is obtained by encrypting the target sample ID with an encryption algorithm, and the encryption algorithm used by the query system and each data system is the same.
  • the embodiment of the present application provides a computer device, which may be a terminal or a server, as shown in FIG. 10 , including at least one processor 1001 and a memory 1002 connected to the at least one processor.
  • the specific connection medium between the processor 1001 and the memory 1002 is not limited in the embodiment of the application, and the connection between the processor 1001 and the memory 1002 in FIG. 10 is taken as an example.
  • the bus can be divided into address bus, data bus, control bus and so on.
  • the memory 1002 stores instructions executable by at least one processor 1001, and at least one processor 1001 can execute the steps included in the above data sharing method by executing the instructions stored in the memory 1002.
  • the processor 1001 is the control center of the computer equipment, which can use various interfaces and lines to connect various parts of the computer equipment, by running or executing the instructions stored in the memory 1002 and calling the data stored in the memory 1002, thereby performing data processing.
  • the processor 1001 may include one or more processing units, and the processor 1001 may integrate an application processor and a modem processor.
  • the tuner processor mainly handles wireless communication. It can be understood that the foregoing modem processor may not be integrated into the processor 1001 .
  • the processor 1001 and the memory 1002 can be implemented on the same chip, and in some embodiments, they can also be implemented on independent chips.
  • the processor 1001 can be a general processor, such as a central processing unit (CPU), a digital signal processor, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a field programmable gate array or other programmable logic devices, discrete gates or transistors Logic devices and discrete hardware components can implement or execute the methods, steps and logic block diagrams disclosed in the embodiments of the present application.
  • a general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the methods disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor.
  • the memory 1002 as a non-volatile computer-readable storage medium, can be used to store non-volatile software programs, non-volatile computer-executable programs and modules.
  • the memory 1002 may include at least one type of storage medium, such as flash memory, hard disk, multimedia card, card-type memory, random access memory (Random Access Memory, RAM), static random access memory (Static Random Access Memory, SRAM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Magnetic Memory, Disk , CD, etc.
  • the memory 1002 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and can be accessed by a computer, but is not limited thereto.
  • the memory 1002 in the embodiment of the present application may also be a circuit or any other device capable of implementing a storage function, and is used for storing program instructions and/or data.
  • an embodiment of the present application provides a computer-readable storage medium, which stores a computer program executable by a computer device, and when the program runs on the computer device, the computer device executes the steps of the above data sharing method.
  • an embodiment of the present application provides a computer program product, the computer program product includes a computer program stored on a computer-readable storage medium, the computer program includes program instructions, when the program instructions are executed by the computer When executing, the computer is made to execute the steps of the above data sharing method.
  • the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions
  • the device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

Abstract

Des modes de réalisation de la présente demande se rapportent au domaine technique du traitement de données et concernent un procédé et un appareil de partage de données, un dispositif et un support de stockage. Le procédé comprend les étapes suivantes : un système interrogateur envoie une demande d'interrogation à un système côté données au moyen d'un système coordinateur ; le système côté données obtient un attribut d'échantillon de réponse correspondant sur la base d'un identifiant d'échantillon chiffré cible, puis chiffre l'attribut d'échantillon de réponse au moyen d'une clé publique d'interrogateur pour obtenir un attribut d'échantillon chiffré, puis génère un résultat d'interrogation en fonction de l'identifiant d'échantillon chiffré cible et de l'attribut d'échantillon chiffré ; le système côté données envoie le résultat d'interrogation au système interrogateur au moyen du système coordinateur ; le système interrogateur déchiffre l'attribut d'échantillon chiffré dans le résultat d'interrogation au moyen d'une clé privée d'interrogateur et obtient un attribut d'échantillon cible correspondant à l'identifiant d'échantillon chiffré cible. Le système coordinateur connecte le système interrogateur et les systèmes côté données, empêchant le système interrogateur d'envoyer directement une demande d'interrogation aux systèmes côté données et garantissant la confidentialité des informations de l'interrogateur et la confidentialité des données des systèmes de côté de données.
PCT/CN2022/106833 2021-11-22 2022-07-20 Procédé et appareil de partage de données, dispositif et support de stockage WO2023087760A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111402128.7A CN114116637A (zh) 2021-11-22 2021-11-22 一种数据共享方法、装置、设备及存储介质
CN202111402128.7 2021-11-22

Publications (1)

Publication Number Publication Date
WO2023087760A1 true WO2023087760A1 (fr) 2023-05-25

Family

ID=80371704

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/106833 WO2023087760A1 (fr) 2021-11-22 2022-07-20 Procédé et appareil de partage de données, dispositif et support de stockage

Country Status (3)

Country Link
CN (1) CN114116637A (fr)
TW (1) TWI812366B (fr)
WO (1) WO2023087760A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114116637A (zh) * 2021-11-22 2022-03-01 中国银联股份有限公司 一种数据共享方法、装置、设备及存储介质
CN115086037B (zh) * 2022-06-16 2024-04-05 京东城市(北京)数字科技有限公司 一种数据处理方法及装置、存储介质及电子设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120036360A1 (en) * 2010-01-06 2012-02-09 Telcordia Technologies, Inc. System and method establishing trusted relationships to enable secure exchange of private information
CN111988307A (zh) * 2020-08-18 2020-11-24 兰笺(苏州)科技有限公司 基于区块链技术的建筑工程用工信息共享平台及操作方法
CN113158247A (zh) * 2021-04-27 2021-07-23 同盾控股有限公司 用户查询方法和装置、存储介质、电子设备
CN113239395A (zh) * 2021-05-10 2021-08-10 深圳前海微众银行股份有限公司 数据查询方法、装置、设备、存储介质及程序产品
CN114116637A (zh) * 2021-11-22 2022-03-01 中国银联股份有限公司 一种数据共享方法、装置、设备及存储介质

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3637673B1 (fr) * 2018-10-10 2022-02-02 Sap Se Partage de données sécurisé
CN110059495B (zh) * 2018-12-14 2020-11-17 创新先进技术有限公司 数据共享方法、装置及系统、电子设备
CN112434109B (zh) * 2020-11-23 2021-11-16 交通银行股份有限公司 一种基于区块链技术的数据共享及保密查询方法、系统
CN113225302B (zh) * 2021-01-27 2022-06-24 暨南大学 一种基于代理重加密的数据共享系统及方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120036360A1 (en) * 2010-01-06 2012-02-09 Telcordia Technologies, Inc. System and method establishing trusted relationships to enable secure exchange of private information
CN111988307A (zh) * 2020-08-18 2020-11-24 兰笺(苏州)科技有限公司 基于区块链技术的建筑工程用工信息共享平台及操作方法
CN113158247A (zh) * 2021-04-27 2021-07-23 同盾控股有限公司 用户查询方法和装置、存储介质、电子设备
CN113239395A (zh) * 2021-05-10 2021-08-10 深圳前海微众银行股份有限公司 数据查询方法、装置、设备、存储介质及程序产品
CN114116637A (zh) * 2021-11-22 2022-03-01 中国银联股份有限公司 一种数据共享方法、装置、设备及存储介质

Also Published As

Publication number Publication date
TWI812366B (zh) 2023-08-11
CN114116637A (zh) 2022-03-01
TW202321938A (zh) 2023-06-01

Similar Documents

Publication Publication Date Title
WO2020207233A1 (fr) Procédé et appareil de gestion d'habilitations pour chaîne de blocs
US11438383B2 (en) Controlling permissible actions a computing device can perform on a data resource based on a use policy evaluating an authorized context of the device
US20200403778A1 (en) Dynamic blockchain system and method for providing efficient and secure distributed data access, data storage and data transport
US10341103B2 (en) Data analytics on encrypted data elements
US20200287874A1 (en) System and associated method for ensuring data privacy
WO2023087760A1 (fr) Procédé et appareil de partage de données, dispositif et support de stockage
CN106022155B (zh) 用于数据库安全管理的方法及服务器
US20140090023A1 (en) Method and Apparatus for Authenticating Location-based Services without Compromising Location Privacy
WO2018233051A1 (fr) Procédé et dispositif de diffusion de données, et serveur et support de stockage
WO2022068356A1 (fr) Procédé et appareil de chiffrement d'informations basés sur une chaîne de blocs, dispositif, et support
US11757877B1 (en) Decentralized application authentication
Li et al. An efficient blind filter: Location privacy protection and the access control in FinTech
CN112511599A (zh) 一种基于区块链的人防数据共享系统及方法
WO2023093090A1 (fr) Procédé et appareil d'alignement d'échantillon, dispositif et support de stockage
WO2023056249A1 (fr) Systèmes de garde pour jetons non fongibles
WO2022068234A1 (fr) Procédé et appareil de chiffrement basés sur une clé racine partagée, dispositif, et support
CN114398623A (zh) 一种安全策略的确定方法
US11947684B2 (en) Searching encrypted data
CN111090616B (zh) 一种文件管理方法、对应装置、设备及存储介质
US11133926B2 (en) Attribute-based key management system
Tian et al. A trusted control model of cloud storage
CN106878293A (zh) 基于云存储平台的数据存储方法和装置
Zhang et al. Encrypted and compressed key-value store with pattern-analysis security in cloud systems
US11809589B2 (en) Secure data structure for database system
US20230403279A1 (en) Internet protocol (ip) whitelisting for signed uniform resource locators (urls)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22894303

Country of ref document: EP

Kind code of ref document: A1