Specific embodiment
The feature and exemplary embodiment of the various aspects of this specification is described more fully below, in order to make this specification
Objects, technical solutions and advantages are more clearly understood, and below in conjunction with drawings and the specific embodiments, carry out to this specification further
Detailed description.It should be understood that embodiment described herein is only this specification a part of the embodiment, rather than whole implementation
Example.To those skilled in the art, this specification can be the case where not needing some details in these details
Lower implementation.Below to the description of embodiment just for the sake of more preferable to this specification to provide by showing the example of this specification
Understanding.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence " including ... ", it is not excluded that including
There is also other identical elements in the process, method, article or equipment of the element.
Fig. 1 shows this specification one exemplary data query system architecture diagram.As shown in Figure 1, the data query system
Frame of uniting includes user equipment 100 and database supplier server 200.Wherein, it is taken in user equipment 100 and database supplier
A peace can be established by trusted service management (Trusted Service Management, TSM) platform between business device 200
Complete believable transmission channel.When user carries out data query by user equipment 100, user equipment 100, which can be used, to be passed through
The sensitive database and data converter of transmission channel downloading carry out data query.
Another exemplary data query system architecture diagram Fig. 2 shows this specification.As shown in Fig. 2, the data query
System tray includes user equipment 100, database supplier server 200 and cloud server 300.Wherein, database supplier
A safe and reliable transmission channel can be established between server 200 and cloud server 300 by TSM platform.In user
When carrying out data query by user equipment 100, user equipment 100 can carry out data query by cloud server 300, should
The sensitive database downloaded by the transmission channel can be used in cloud server 300 and data converter completes the number of user
It is investigated that asking.
In the present specification, user equipment specifically can be mobile phone, tablet computer, PC etc..Database supplier
Server and cloud server are server, and server can be a kind of high performance electronic calculator, for storing and locating
Data are managed, to provide the background service of data query or data downloading for corresponding user equipment.TSM platform can be used
In realizing between servers, between server and user equipment establish a safe and reliable transmission channel, passed for data
The safeguard protection of defeated process.
It is looked into since the user in Fig. 1 and Fig. 2 can carry out data by the equipment other than database provider server 300
It askes, the data converter and sensitive database are not stored in database provider server 300, it can thus be avoided with
The inquiry record at family is monitored by database provider, is able to use the privacy at family with more safety.Simultaneously as sensitive data
Sensitive data in library is using data converter to obtained data after the conversion of original sensitive data, therefore, user into
During row data query, sensitive data and ciphertext in sensitive database are shown, can be mentioned to avoid database provider
The sensitive data of confession is learnt by user, improves the personal secrets of database provider.
Fig. 3 shows the flow diagram of the data query method of this specification one embodiment offer.As shown in figure 3,
The data query method includes:
S410, data query instruction is received;
S420, it is instructed in response to data query, it is to be checked to include in data query instruction using data converter
Data object carries out conversion process;
With the presence or absence of the sensitive number to match with the data object to be checked after conversion in S430, inquiry sensitive database
According to;Wherein, sensitive data is using data converter to the data obtained after the conversion of original sensitive data;
S440, feedback query result.
This specification embodiment can be turned using the data being stored in the equipment other than the server of database provider
Program and sensitive database are changed to obtain the query result of data object to be checked, accordingly it is possible to prevent the inquiry of user records
By database, provider is monitored, and improves the personal secrets of user.Meanwhile the sensitive data in this specification embodiment is to utilize
The data that data converter obtains after converting to original sensitive data, when inquiring data, first with data converter
Data object to be checked is subjected to conversion process, then inquiring again in sensitive database whether there is and the number to be checked after conversion
The sensitive data to match according to object, therefore, sensitive data and ciphertext during data query, in sensitive database
It has been shown that, the sensitive data that can be provided to avoid database provider are learnt by user, improve the privacy peace of database provider
Quan Xing.
In the present specification, by Fig. 1 and data query system architecture diagram shown in Fig. 2 it is found that data query shown in Fig. 3
Method can be applied in user equipment or cloud server, as long as the equipment other than database supplier's server.
In order to further increase the personal secrets for the user for carrying out data query, in this specification one embodiment,
Data query method is preferably applied to user and carries out in the user equipment of inquiry operation, i.e. user equipment shown in Fig. 1.This
When, it can satisfy the query service demand of user, in the sensitive number that user is provided by user equipment using database provider
During carrying out data query according to library, user can not need to set with other other than user equipment every time with offline search
It is standby to interact, therefore can be improved the privacy of user.
In the following, will continue to look into the data of this specification embodiment so that data query method is applied to user equipment as an example
Inquiry method is described in detail.
In this specification one embodiment, before step S410, which can also include:
Obtain data converter and sensitive database.
It specifically, can be logical by managing the transmission that platform TSM is established using trusted service in specification embodiment
Road obtains data converter and sensitive database.
In this specification one embodiment, it can lead to before user carries out data query for the first time by user equipment
It crosses user equipment and sends data download request to the server of database provider, so that the server of database provider responds
Data converter and sensitive database are sent to user equipment in the data download request, so that user equipment be made to obtain data
Conversion program and sensitive database, so that user can use acquired data converter and sensitive database passes through user
Equipment carries out data query.
In another embodiment of this specification, the same of data query can be carried out by user equipment for the first time in user
When, i.e., while user sends data query to user equipment for the first time and instructs, by user equipment to the clothes of database provider
Business device sends data download request, so that the server of database provider is sent out in response to the data download request to user equipment
Data converter and sensitive database are sent, so that user equipment is made to obtain data converter and sensitive database, so that with
Family can use acquired data converter and sensitive database and be counted based on the data query sent for the first time instruction
It is investigated that asking.
In this specification embodiment, the sensitive data in sensitive database may include telephone number data or number of addresses
According to the data of databases provider's need for confidentiality such as equal data relevant to people's privacy and website blacklist data.Due to
In this specification embodiment, the sensitive data in sensitive database is after being converted using data converter to initial data
Data, for example, sensitive data is the character string obtained after being converted using data converter to initial data, and user
The specific data conversion algorithm in track data conversion program is not known, therefore, sensitive data is encryption data for a user, can
The sensitive data provided to avoid database provider is learnt by user, improves the personal secrets of database provider.
In this specification embodiment, data converter can include at least one of following algorithms or a variety of groups
It closes: rivest, shamir, adelman RSA, Advanced Encryption Standardalgorithm (Advanced Encryption Standard, AES), formal
Data encryption standard algorithm (Data Encryption Standard, DES) and secure hash algorithm (Secure Hash
Algorithm, SHA).Wherein, SHA algorithm can be specially SHA256 algorithm, and SHA256 algorithm is that input data length is
The SHA algorithm of 256bits.
In some embodiments of this specification, the algorithm in data converter can be the algorithm pre-set, this
When, the data converter that different user equipmenies is got is identical data converter.In other of this specification
In embodiment, the algorithm in data converter can also be according to the user of request downloading data conversion program and sensitive database
Equipment determines that the data converter that is, different user equipmenies is got is different data converter, further to mention
The safety of high sensitive data.
In this specification one embodiment, when data converter includes SHA algorithm, due to SHA algorithm have compared with
Therefore high safety and Gray code after user equipment gets data converter and sensitive database, can incite somebody to action
Data converter is directly mounted in the common running environment operating system of user equipment, such as rich operating system (Rich
OS in).Accordingly, the sensitive database being made of sensitive data can also be directly stored in the common running environment of user equipment
In operating system, such as in rich operating system (Rich OS).
After data converter installation, an interface can be generated, which can be used for and other data query groups
Part association, and by other data query components interface, to use data converter.For example, other data query groups
Part may include one or more groups receive with data query instruction, inquiry data and feedback query result
Part.
It is above-mentioned in the case where in the common running environment operating system that data converter is directly mounted at user equipment
Other data query components can also be directly mounted in the common running environment operating system of user equipment, it can realize
To the function of keeping secret of sensitive data.
At this point, whole data query components can form an application in common running environment operating system, use
Family can realize the inquiry to sensitive data by the application.
In another embodiment of this specification, user equipment get data converter and sensitive database it
Afterwards, data converter can be installed in the safe operation system of user equipment.Wherein, safe operation system is one only
It stands on other than common running environment and is used to provide the system of security service for common running environment, journey can be converted with hiding data
Sequence and its including algorithm.At this point, may include any simple or complicated algorithm in data converter.
In the case where in the safe operation system that data converter is directly mounted at user equipment, data converter
Other corresponding data query components are also installed in the safe operation system of user equipment, so as to utilize safe operation system
System further realizes the function of keeping secret to sensitive data, prevents user's decompiling from going out the algorithm in data converter.
At this point, the data query component for receiving data query instruction and feedback query result can be at least one general
Interface applications in logical running environment operating system, user can realize the inquiry to sensitive data by the application.
In this specification one embodiment, the safe operation of user equipment is directly mounted in data converter program
In the case where in system, safe operation system can be safety element (Secure Element, SE), due to its safety compared with
Height, therefore the personal secrets of database provider can be further increased.If safe operation system is SE, obtained in user equipment
After getting data converter and sensitive database, sensitive database is also stored in the storage outside safe operation system and is set
In standby, to guarantee that the processing capacity of SE can efficiently carry out data query.Wherein, storage equipment can be common running environment
Storage equipment in storage equipment in operating system, such as rich operating system (Rich OS), or outside user equipment
Storage equipment.
In another embodiment of this specification, the safety fortune of user equipment is directly mounted in data converter program
In the case where in row system, safe operation system can be credible performing environment (Trusted Execution
Environment, TEE), TEE be with the Rich OS on user equipment and the running environment deposited, it has the execution of its own
Space, it is higher than the security level of Rich OS, it can satisfy the demand for security of most of applications, in the present specification, Ke Yibao
Demonstrate,prove the personal secrets of database provider.If safe operation system be TEE, user equipment get data converter and
After sensitive database, also sensitive database is stored in outside the storage equipment or safe operation system of safe operation system
It stores in equipment.Specifically, if the data volume in sensitive database is smaller, i.e. the data volume of sensitive database is less than or equal to
The sensitive database that sensitive data is constituted can be directly stored in the storage equipment of safe operation system by preset data amount,
If the data volume of sensitive data is larger, i.e., the data volume of sensitive database is greater than preset data amount, can be by sensitive data structure
At sensitive database be stored in the storage equipment of common running environment operating system, such as rich operating system (Rich OS)
In storage equipment, or the storage equipment outside user equipment.
In some embodiments of this specification, if safe operation system is TEE, sensitive database can use preset
The storage of secure storage scheme.Wherein, secure storage scheme can include at least elastic file service (Scalable File
Service, SFS) secure storage scheme and structuralized query language distribution (Structured Query Language File
Steam, SQLFS) secure storage scheme, to realize that sensitive database loads in trusted context, to meet except existence is looked into
The function that bigger group other than looking for is searched.
Fig. 4 shows the flow diagram of the data query method of another embodiment of this specification offer.Such as Fig. 4 institute
Show, unlike embodiment illustrated in fig. 3, the data query method is before response data inquiry instruction, further includes:
Whether the quantity for the data query instruction that S520, judgement receive in the given time is less than or equal to present count
Amount;
If S530, in the given time, the quantity of the data query instruction received is less than or equal to preset quantity, then really
The instruction of provisioning response data query.
In the present specification, it is only just determined when the quantity of the data query instruction received is less than or equal to preset quantity
Currently received data query instruction is responded, and if the quantity of the data query instruction received is greater than preset quantity,
It then determines and is not responding to currently received data query instruction.
Thus, it is possible to the inquiry times by setting user within each predetermined time, to prevent user to sensitive data
Library carries out hitting library, to guarantee the safety of sensitive data.Wherein, the predetermined time can be 12 hours, one day, a week or one
A month, specifically, it can according to need and preset by database provider.
Fig. 5 shows the flow diagram of the data query method of another embodiment of this specification offer.Such as Fig. 5 institute
Show, which includes:
S610, conversion process is carried out to original sensitive data using data converter, obtains sensitive data, and generate quick
Feel database;
S620, data converter and sensitive database are sent to target device, so that target device is receiving data
In the case where inquiry instruction, the data object to be checked for including in data query instruction is converted using data converter
Processing, and inquire with the presence or absence of the sensitive data to match with the data object to be checked after conversion in sensitive database, to obtain
Obtain the query result of data object to be checked.
This specification embodiment as a result, can be utilized and is stored in the equipment other than the server of database provider
Data converter and sensitive database obtain the query result of data object to be checked, accordingly it is possible to prevent user's looks into
Consultation record is monitored by database provider, improves the personal secrets of user.Meanwhile the sensitive data in this specification embodiment
To be turned when inquiring data first with data using data converter to the data obtained after the conversion of original sensitive data
Change program and data object to be checked be subjected to conversion process, then inquire again in sensitive database with the presence or absence of with after conversion to
The sensitive data that inquiry data object matches, therefore, during data query, the sensitive data in sensitive database is simultaneously
Ciphertext shows that the sensitive data that can be provided to avoid database provider is learnt by user, improves database provider's
Personal secrets.
In specification embodiment, data query method can be applied to Fig. 1 and database provider shown in Fig. 2 clothes
Business device, target device can be Fig. 1 and user equipment shown in Fig. 2 or cloud server.
In this specification one embodiment, database provider server can generate number according to pre-set algorithm
Conversion process is carried out to original sensitive data according to conversion program, and using data converter, and generates sensitive database, then
After the data download request for receiving target device transmission, in response to the data download request by data converter and sensitivity
Database is sent to target device, so that target device be made to obtain data converter and sensitive database, so that user can be with
Data query is carried out by target device using acquired data converter and sensitive database, to guarantee sensitive data
Safety.
In another embodiment of this specification, database provider server can be in response to the number of target device transmission
It is requested according to downloading, the data converter generated by suitable algorithm is determined according to target device, and utilize data converter
Conversion process is carried out to original sensitive data, and generates sensitive database, then sends out data converter and sensitive database
It send to target device, so that target device be made to obtain data converter and sensitive database, has been obtained so that user can use
The data converter and sensitive database obtained carries out data query by target device, thus further using different algorithms
Improve the safety of sensitive data.
In this specification embodiment, data query method further include:
According to the access right of target device, target device is determined in the given time, respond the data query received
The preset quantity of instruction.
It wherein, may include the access right of target device in data download request, database provider server can be with
Determine that target device can inquire the number of sensitive data within each predetermined time according to the access right, and according to determining
Number come be arranged target device respond in the given time receive data query instruction preset quantity, to realize number
Control according to library provider to the query service of target device is effectively prevented user's decompiling by way of hitting library and goes out data
Algorithm in conversion program further increases the safety of sensitive data.
Fig. 6 shows the structural schematic diagram of the data query device of this specification one embodiment offer.As shown in fig. 6,
The data query device 700 includes:
Instruction receiving unit 710 is configured to receive data query instruction;
Date Conversion Unit 720 is configured to instruct in response to data query, using data converter to data query
The data object to be checked for including in instruction carries out conversion process;
Data query unit 730 is configured to whether there is and the data to be checked after conversion in inquiry sensitive database
The sensitive data that object matches;Wherein, sensitive data is to obtain after being converted using data converter to original sensitive data
Data;
Result feedback unit is configured to feedback query result.This specification embodiment is able to use family utilization and is stored in
Data converter in equipment and sensitive database other than the server of database provider obtain data pair to be checked
The query result of elephant improves the personal secrets of user accordingly it is possible to prevent the inquiry record of user is monitored by database provider
Property.Meanwhile the sensitive data in this specification embodiment is to obtain after being converted using data converter to original sensitive data
Data, when inquiring data, first with data converter by data object to be checked carry out conversion process, then look into again
It askes in sensitive database and is therefore looked into data with the presence or absence of the sensitive data to match with the data object to be checked after conversion
During inquiry, sensitive data and ciphertext in sensitive database are shown, the sensitivity that can be provided to avoid database provider
Data are learnt by user, improve the personal secrets of database provider.
In the present specification, by Fig. 1 and data query system architecture diagram shown in Fig. 2 it is found that data query shown in Fig. 2
Device can be applied in user equipment or cloud server, as long as the equipment other than database supplier's server.
In order to further increase the personal secrets for the user for carrying out data query, in this specification one embodiment,
Data query device is preferably applied to user and carries out in the user equipment of inquiry operation, i.e. user equipment shown in Fig. 1.This
When, it can satisfy the query service demand of user, in the sensitive number that user is provided by user equipment using database provider
During carrying out data query according to library, user can not need to set with other other than user equipment every time with offline search
It is standby to interact, therefore can be improved the privacy of user.
In the following, will continue to look into the data of this specification embodiment so that data query device is applied to user equipment as an example
Device is ask to be described in detail.
In this specification embodiment, which further includes data capture unit, is configured to obtain data
Conversion program and sensitive database.Specifically, data capture unit can be further configured to by utilizing trusted service pipe
The transmission channel that TSM platform is established is managed, data converter and sensitive database are obtained.
Specifically, data capture unit can be before user carries out data query for the first time by target device, to data
The server of library provider sends data download request, and obtains data converter and sensitive database.Data capture unit
Data can also be sent to the server of database provider while user carries out data query for the first time by target device
Downloading request, and obtain data converter and sensitive database.
In this specification embodiment, the sensitive data in sensitive database may include telephone number data or number of addresses
According to the data of databases provider's need for confidentiality such as equal data relevant to people's privacy and website blacklist data.Due to
In this specification embodiment, the sensitive data in sensitive database is after being converted using data converter to initial data
Data, for example, sensitive data is the character string obtained after being converted using data converter to initial data, and user
The specific data conversion algorithm in track data conversion program is not known, therefore, sensitive data is encryption data for a user, can
The sensitive data provided to avoid database provider is learnt by user, improves the personal secrets of database provider.
In this specification embodiment, data converter can include at least one of following algorithms or a variety of groups
It closes: rivest, shamir, adelman RSA, Advanced Encryption Standardalgorithm (Advanced Encryption Standard, AES), formal
Data encryption standard algorithm (Data Encryption Standard, DES) and secure hash algorithm (Secure Hash
Algorithm, SHA).Wherein, SHA algorithm can be specially SHA256 algorithm, and SHA256 algorithm is that input data length is
The SHA algorithm of 256bits.
In some embodiments of this specification, the algorithm in data converter can be the algorithm pre-set, this
When, the data converter that different user equipmenies is got is identical data converter.In other of this specification
In embodiment, the algorithm in data converter can also be according to the user of request downloading data conversion program and sensitive database
Equipment determines that the data converter that is, different user equipmenies is got is different data converter, further to mention
The safety of high sensitive data.
In this specification embodiment, which further includes installation storage unit, is configured to installation data
Conversion program and storage sensitive database.
In this specification one embodiment, when data converter includes SHA algorithm, due to SHA algorithm have compared with
High safety and Gray code, therefore, installation storage unit can get data converter and sensitivity in user equipment
After database, data converter is directly mounted in the common running environment operating system of user equipment, such as rich behaviour
Make in system (Rich OS).Accordingly, installation storage unit can directly store the sensitive database being made of sensitive data
In the common running environment operating system of user equipment, such as in rich operating system (Rich OS).
After data converter installation, an interface can be generated, which can be used for and other data query groups
Part association, and by other data query components interface, to use data converter.For example, other data query groups
Part may include one or more groups receive with data query instruction, inquiry data and feedback query result
Part.
It is above-mentioned in the case where in the common running environment operating system that data converter is directly mounted at user equipment
Other data query components can also be directly mounted in the common running environment operating system of user equipment, it can realize
To the function of keeping secret of sensitive data.
At this point, whole data query components can form an application in common running environment operating system, use
Family can realize the inquiry to sensitive data by the application.
In another embodiment of this specification, installation storage unit can also get data conversion journey in user equipment
After sequence and sensitive database, data converter is installed in the safe operation system of user equipment.Wherein, it is safely operated
System is one and is used to provide the system of security service, Ke Yiyin for common running environment independently of other than common running environment
Hide data converter and its including algorithm.At this point, may include any simple or complicated calculation in data converter
Method.
In the case where in the safe operation system that data converter is directly mounted at user equipment, data converter
Other corresponding data query components are also installed in the safe operation system of user equipment, so as to utilize safe operation system
System further realizes the function of keeping secret to sensitive data, prevents user's decompiling from going out the algorithm in data converter.
At this point, the data query component for receiving data query instruction and feedback query result can be at least one general
Interface applications in logical running environment operating system, user can realize the inquiry to sensitive data by the application.
In this specification one embodiment, the safe operation system of user equipment is directly mounted in data converter
In in the case where, safe operation system can be safety element (Secure Element, SE), since its safety is higher, because
This can further increase the personal secrets of database provider.If safe operation system is SE, installation storage unit can be with
After user equipment gets data converter and sensitive database, sensitive database is stored in outside safe operation system
In the storage equipment in portion, to guarantee that the processing capacity of SE can efficiently carry out data query.Wherein, storage equipment can be general
Storage equipment in storage equipment in logical running environment operating system, such as rich operating system (Rich OS), or use
The storage equipment of family device external.
In another embodiment of this specification, the safe operation system of user equipment is directly mounted in data converter
In the case where in system, safe operation system can for credible performing environment (Trusted Execution Environment,
TEE), TEE be with the Rich OS on user equipment and the running environment deposited, it has the execution space of its own, compares Rich
The security level of OS is higher, can satisfy the demand for security of most of applications, in the present specification, it is ensured that database provides
The personal secrets of side.If safe operation system is TEE, installation storage unit can get data conversion journey in user equipment
After sequence and sensitive database, sensitive database is stored in outside the storage equipment or safe operation system of safe operation system
Storage equipment in.Specifically, if the data volume in sensitive database is smaller, i.e. the data volume of sensitive database is less than or waits
In preset data amount, the sensitive database that sensitive data is constituted can be directly stored in the storage equipment of safe operation system
In, if the data volume of sensitive data is larger, i.e., the data volume of sensitive database is greater than preset data amount, can be by sensitive data
The sensitive database of composition is stored in the storage equipment of common running environment operating system, such as rich operating system (Rich
OS the storage equipment in), or the storage equipment outside user equipment.
In some embodiments of this specification, if safe operation system is TEE, installation storage unit can use default
Secure storage scheme store sensitive database.Wherein, secure storage scheme can include at least elastic file service
(Scalable File Service, SFS) secure storage scheme and structuralized query language distribution (Structured Query
Language File Steam, SQLFS) secure storage scheme, to realize that sensitive database loads in trusted context, thus
Meet the function that the bigger group in addition to existence is searched is searched.
In this specification embodiment, which further includes inquiry response unit, is configured to judge pre-
Whether the quantity of the data query instruction received in fixing time is less than or equal to preset quantity;If in the given time, receiving
The quantity for the data query instruction arrived is less than or equal to preset quantity, it is determined that response data inquiry instruction, otherwise, it determines not ringing
Data query is answered to instruct.
Thus, it is possible to the inquiry times by setting user within each predetermined time, to prevent user to sensitive data
Library carries out hitting library, to guarantee the safety of sensitive database.Wherein, the predetermined time can for 12 hours, one day, a week or
One month, specifically, it can according to need and preset by database provider.
Fig. 7 shows the structural schematic diagram of the data query device of another embodiment of this specification offer.Such as Fig. 7 institute
Show, which includes:
Data processing unit 810 is configured to carry out conversion process to original sensitive data using data converter, obtain
Sensitive data, and generate sensitive database;
Data transmission unit 820 is configured to send data converter and sensitive database to target device, so that mesh
Marking device is to be checked to include in data query instruction using data converter in the case where receiving data query instruction
It askes data object and carries out conversion process, and inquire in sensitive database and whether there is and the data object phase to be checked after conversion
The sensitive data matched, to obtain the query result of data object to be checked.
This specification embodiment as a result, can be utilized and is stored in the equipment other than the server of database provider
Data converter and sensitive database obtain the query result of data object to be checked, accordingly it is possible to prevent user's looks into
Consultation record is monitored by database provider, improves the personal secrets of user.Meanwhile the sensitive data in this specification embodiment
To be turned when inquiring data first with data using data converter to the data obtained after the conversion of original sensitive data
Change program and data object to be checked be subjected to conversion process, then inquire again in sensitive database with the presence or absence of with after conversion to
The sensitive data that inquiry data object matches, therefore, during data query, the sensitive data in sensitive database is simultaneously
Ciphertext shows that the sensitive data that can be provided to avoid database provider is learnt by user, improves database provider's
Personal secrets.
In specification embodiment, data query device can be applied to Fig. 1 and database provider shown in Fig. 2 clothes
Business device, target device can be Fig. 1 and user equipment shown in Fig. 2 or cloud server.
In this specification one embodiment, data processing unit 810 can generate data according to pre-set algorithm
Conversion program, and conversion process is carried out to original sensitive data using data converter, and generate sensitive database, then exist
After the data download request for receiving target device transmission, data transmission unit 820 is in response to the data download request by data
Conversion program and sensitive data are sent to target device, so that target device is made to obtain data converter and sensitive database,
So that user, which can use acquired data converter and sensitive database, carries out data query by target device, thus
Guarantee the safety of sensitive data.
In another embodiment of this specification, database provider server can be in response to the number of target device transmission
It is requested according to downloading, data processing unit 810 is made to determine the data converter generated by suitable algorithm according to target device, and
Conversion process is carried out to original sensitive data using data converter, and generates sensitive database, is then sent by data
Data converter and sensitive database are sent to target device by unit 820, so that target device be made to obtain data conversion journey
Sequence and sensitive database so that user can use acquired data converter and sensitive database by target device into
Row data query, to further increase the safety of sensitive data using different algorithms.
In this specification embodiment, which further includes inquiry setting unit, is configured to according to target
The access right of equipment determines target device in the given time, responds the preset quantity of the data query instruction received.
It wherein, may include the access right of target device in data download request, inquiry setting unit can be according to this
Access right determines that target device can inquire the number of sensitive data within each predetermined time, and according to the number determined
The preset quantity that the data query received instructs is responded in the given time target device is arranged, to realize that database mentions
Control of the supplier to the query service of target device is effectively prevented user's decompiling by way of hitting library and goes out data conversion journey
Algorithm in sequence further increases the safety of sensitive data.
Fig. 8 shows the hardware structural diagram of the data query equipment of this specification one embodiment offer.Such as Fig. 8 institute
Show, data query equipment 900 connects including input equipment 901, input interface 902, central processing unit 903, memory 904, output
Mouth 905 and output equipment 906.Wherein, input interface 902, central processing unit 903, memory 904 and output interface
905 are connected with each other by bus 910, and input equipment 901 and output equipment 906 pass through input interface 902 and output interface respectively
905 connect with bus 910, and then connect with the other assemblies of video processing equipment 900.
Specifically, input equipment 901 is received from external input information, and will input information by input interface 902
It is transmitted to central processing unit 903;Central processing unit 903 is based on the computer executable instructions stored in memory 904 to input
Information is handled to generate output information, and output information is temporarily or permanently stored in memory 904, is then passed through
Output information is transmitted to output equipment 906 by output interface 905;Output information is output to video processing and set by output equipment 906
Standby 900 outside is for users to use.
That is, data query equipment shown in Fig. 8 also may be implemented as including: to be stored with the executable finger of computer
The memory of order;And processor, the processor may be implemented that Fig. 3 to Fig. 7 is combined to retouch when executing computer executable instructions
The data query method and apparatus stated.
This specification physique embodiment also provides a kind of computer readable storage medium, on the computer readable storage medium
It is stored with computer program instructions;The computer program instructions realize the number that this specification embodiment provides when being executed by processor
According to querying method.
Functional block shown in above structural block diagram can be implemented as hardware, software, firmware or their combination.When
When realizing in hardware, electronic circuit, specific integrated circuit (ASIC), firmware appropriate, plug-in unit, function may, for example, be
Card etc..When being realized with software mode, the element of this specification is used to execute the program or code segment of required task.
Perhaps code segment can store in machine readable media program or the data-signal by carrying in carrier wave is in transmission medium
Or communication links are sent." machine readable media " may include any medium for capableing of storage or transmission information.Machine can
The example for reading medium includes electronic circuit, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disk, CD-
ROM, CD, hard disk, fiber medium, radio frequency (RF) link, etc..Code segment can be via internet, Intranet etc.
Computer network is downloaded.
It should also be noted that, above-mentioned be described this specification specific embodiment.Other embodiments are in appended power
In the range of benefit requires.In some cases, the movement recorded in detail in the claims or step can be according to different embodiments
In sequence execute and still may be implemented desired result.In addition, process depicted in the drawing not necessarily requires and shows
Particular order or consecutive order out is just able to achieve desired result.In some embodiments, multitasking and parallel place
It manages also possible or may be advantageous.
The above, the only specific embodiment of this specification, those skilled in the art can be understood that
It arrives, for convenience of description and succinctly, system, the specific work process of module and unit of foregoing description can refer to aforementioned
Corresponding process in embodiment of the method, details are not described herein.It should be understood that the protection scope of this specification is not limited thereto, appoint
What those familiar with the art can readily occur in various equivalent modifications in the technical scope that this specification discloses
Or replacement, these modifications or substitutions should all cover within the protection scope of this specification.