CN110457945A - Method, inquiry method, apparatus, service method, apparatus and the storage medium of list inquiry - Google Patents
Method, inquiry method, apparatus, service method, apparatus and the storage medium of list inquiry Download PDFInfo
- Publication number
- CN110457945A CN110457945A CN201910720387.0A CN201910720387A CN110457945A CN 110457945 A CN110457945 A CN 110457945A CN 201910720387 A CN201910720387 A CN 201910720387A CN 110457945 A CN110457945 A CN 110457945A
- Authority
- CN
- China
- Prior art keywords
- encryption
- information
- list
- subset
- inquiry
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of method of list inquiry, inquiry method, apparatus, service method, apparatus and storage mediums, this method comprises: inquiry method, apparatus encrypts personal information to be checked to obtain the first encryption information based on the first private key and scheduled commutative encryption algorithm, carries out desensitization process and obtain desensitization information;It services method, apparatus and list is inquired based on the clear portion of desensitization information, obtain list subset;Service method, apparatus encrypts every data in list subset to obtain the first encryption subset based on the second private key and commutative encryption algorithm, and encrypts to obtain the second encryption information to the first encryption information based on the second private key and commutative encryption algorithm;Inquiry method, apparatus is encrypted to obtain the second encryption subset based on the first private key and commutative encryption algorithm to every data in the first encryption subset, determines personal information with the presence or absence of in list based on the second encryption subset and the second encryption information.The present invention can be improved the efficiency of list inquiry.
Description
Technical field
The present invention relates to field of information security technology more particularly to a kind of methods of list inquiry, inquiry method, apparatus, service
Method, apparatus and storage medium.
Background technique
With the development of mobile internet, more and more individual privacy informations are collected, transmit, calculate, exchange, and are used for
Promote service quality.However, this also causes the problem of being largely compromised about individual privacy.For example, a mechanism is in addition
Mechanism provide query interface, to inquire the person of being queried whether in list, such list be by one kind have identical spy
The personal Canopy structure, such as member, blacklist etc. of property.Conventional query interface needs to provide the person identifier letter for the person of being queried
It ceases PII (Personally Identifiable Information), by taking blacklist as an example, the identification information provided can
To be ID card No., phone number or cell phone apparatus unique identifier etc..In query process, even if the person of being queried is not in name
Among list, service side can also obtain the personally identifiable information for the person of being queried, meanwhile, also have leaked the business information of issuer.This
In due to privacy information exchange information leakage problem i.e. " intersection (the private set of private data collection that generates
Interaction) " problem.
It solves the above problems currently, can use multiple encryption algorithms, but common issue existing for these algorithms is: by
It is intercoursed after being usually to be encrypted the data set for all participating in calculating, completes inquiry, therefore usually required both sides and hand over
Mass data is changed, the data volume of processing is big;And to calculate the time long for existing Encryption Algorithm, results in search efficiency low in this way, no
Suitable for common operation system, use cost is high.
Summary of the invention
The purpose of the present invention is to provide a kind of method of list inquiry, inquiry method, apparatus, service method, apparatus and storages to be situated between
Matter, it is intended to improve the efficiency of list inquiry, simultaneously effective protect the privacy information of other side.
To achieve the above object, the present invention provides a kind of method of list inquiry, and the method for the list inquiry includes:
It inquires method, apparatus and generates the first private key, based on first private key and scheduled commutative encryption algorithm to be checked
Personal information encrypt to obtain the first encryption information, desensitization process is carried out to the personal information and obtains desensitization information, and by the
One encryption information and desensitization information are sent to service method, apparatus;
The service method, apparatus receives first encryption information and desensitization information that inquiry method, apparatus is sent, based on desensitization
The clear portion of information inquires scheduled list, obtains list subset;
The service method, apparatus generates the second private key, based on second private key and the commutative encryption algorithm to described
Every data in list subset is encrypted to obtain the first encryption subset, and based on second private key and it is described commutative plus
Close algorithm encrypts to obtain the second encryption information to first encryption information, by the first encryption subset and the second encryption information
It is sent to the inquiry method, apparatus;
The inquiry method, apparatus receives the first encryption subset and the second encryption information that service method, apparatus returns, and is based on
First private key and the commutative encryption algorithm are encrypted to obtain the to every data in the first encryption subset
Two encryption subsets determine the personal information with the presence or absence of described based on the second encryption subset and second encryption information
In list.
Preferably, described that the step of desensitization process obtains desensitization information is carried out to the personal information, it specifically includes:
The characteristic information of the personal information and the data volume of the list are obtained, the feature letter based on the personal information
The data volume of breath and the list determines the data bit and data volume that desensitization process is carried out to the personal information.
Preferably, the service method, apparatus receives first encryption information and desensitization information that inquiry method, apparatus is sent,
After the step of clear portion based on desensitization information inquires scheduled list, obtains list subset, further includes:
Whether the quantity for analyzing the sub- intensive data of the list is less than scheduled quantity;
If so, carry out expansion processing to the list subset, so that the quantity of the sub- intensive data of the list is greater than etc.
In scheduled quantity;
If it is not, then being handled without expansion.
Preferably, described that whether the personal information is determined based on the second encryption subset and second encryption information
There are the steps in the list, specifically include:
Whether inquire in the second encryption subset has data identical with second encryption information;
If so, determining the personal information, there are in the list;
If not, it is determined that there is no in the list for the personal information.
To achieve the above object, the present invention also provides a kind of inquiry method, apparatus, the inquiry method, apparatus include memory and
The processor connecting with the memory is stored with the processing system that can be run on the processor, institute in the memory
It states when processing system is executed by the processor and realizes following steps:
The first private key is generated, based on first private key and scheduled commutative encryption algorithm to personal information to be checked
Encryption obtains the first encryption information, carries out desensitization process to the personal information and obtains desensitization information, and by the first encryption information
And desensitization information is sent to service method, apparatus;
The the first encryption subset and the second encryption information that the service method, apparatus returns are received, first private key is based on
And the commutative encryption algorithm is encrypted to obtain the second encryption subset, base to every data in the first encryption subset
In the second encryption subset and second encryption information determine the personal information with the presence or absence of in the list, described the
One encryption subset is that the service method, apparatus is obtained based on the scheduled list of desensitization information inquiry, second encryption information
It is obtained for the service method, apparatus based on the commutative encryption algorithm and the second private key encryption itself generated.
Preferably, described that the step of desensitization process obtains desensitization information is carried out to the personal information, it specifically includes:
The characteristic information of the personal information and the data volume of the list are obtained, the feature letter based on the personal information
The data volume of breath and the list determines the data bit and data volume that desensitization process is carried out to the personal information.
To achieve the above object, the present invention also provides a kind of service method, apparatus, the service method, apparatus include memory and
The processor connecting with the memory is stored with the processing system that can be run on the processor, institute in the memory
It states when processing system is executed by the processor and realizes following steps:
Receive the first encryption information and desensitization information that inquiry method, apparatus is sent, the clear portion inquiry based on desensitization information
Scheduled list, obtains list subset, and first encryption information is that the inquiry method, apparatus is based on scheduled commutative encryption
Algorithm and the first private key encryption itself generated obtain, and the desensitization information is the personal letter that the inquiry method, apparatus treats inquiry
Breath carries out desensitization process and obtains;
The service method, apparatus generates the second private key, based on second private key and the commutative encryption algorithm to described
Every data in list subset is encrypted to obtain the first encryption subset, and based on second private key and it is described commutative plus
Close algorithm encrypts to obtain the second encryption information to first encryption information, by the first encryption subset and the second encryption information
It is sent to the inquiry method, apparatus.
Preferably, when the processing system is executed by the processor, following steps are also realized:
Whether the quantity for analyzing the sub- intensive data of the list is less than scheduled quantity;
If so, carry out expansion processing to the list subset, so that the quantity of the sub- intensive data of the list is greater than etc.
In scheduled quantity;
If it is not, then being handled without expansion.
The present invention also provides a kind of computer readable storage medium, processing is stored on the computer readable storage medium
The step of system, the processing system realizes the method that above-mentioned inquiry method, apparatus executes when being executed by processor.
The present invention also provides a kind of computer readable storage medium, processing is stored on the computer readable storage medium
The step of system, the processing system realizes the method that above-mentioned service method, apparatus executes when being executed by processor.
The beneficial effects of the present invention are: a kind of method of list inquiry proposed by the present invention, inquiry method, apparatus, service side are set
Standby and storage medium, inquiry method, apparatus issue service side after carrying out desensitization process and encryption to personal information, and service side passes through de-
The clear portion of quick information is searched to obtain list subset, encrypts to obtain the first encryption subset to the pieces of data of list subset, and
After carrying out secondary encryption to the encrypted personal information of issuer, both data are returned into issuer, issuer is to first
Encryption subset carries out secondary encryption and obtains the second encryption subset, since above-mentioned Encryption Algorithm is all made of identical commutative encryption
Therefore algorithm can be encrypted in subset with the presence or absence of second by inquiring the personal information of secondary encryption, that is, can determine the individual
Whether information is in the list of other side.When inquiring someone between mechanism whether in the list of other side, using of the invention
The data volume handled needed for querying method is smaller, can be improved search efficiency, simultaneously effective protects the privacy between mechanism
Information.
Detailed description of the invention
Fig. 1 is the schematic diagram of the hardware structure of present invention inquiry one embodiment of method, apparatus;
Fig. 2 is the Program modual graph that processing system unifies embodiment in Fig. 1;
Fig. 3 is the schematic diagram of the hardware structure of present invention service one embodiment of method, apparatus;
Fig. 4 is the Program modual graph that processing system unifies embodiment in Fig. 3;
Fig. 5 is the flow diagram of one embodiment of method of list of the present invention inquiry.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not
For limiting the present invention.Based on the embodiments of the present invention, those of ordinary skill in the art are not before making creative work
Every other embodiment obtained is put, shall fall within the protection scope of the present invention.
It should be noted that the description for being related to " first ", " second " etc. in the present invention is used for description purposes only, and cannot
It is interpreted as its relative importance of indication or suggestion or implicitly indicates the quantity of indicated technical characteristic.Define as a result, " the
One ", the feature of " second " can explicitly or implicitly include at least one of the features.In addition, the skill between each embodiment
Art scheme can be combined with each other, but must be based on can be realized by those of ordinary skill in the art, when technical solution
Will be understood that the combination of this technical solution is not present in conjunction with there is conflicting or cannot achieve when, also not the present invention claims
Protection scope within.
As shown in fig.1, being the schematic diagram of the hardware structure of present invention inquiry one embodiment of method, apparatus.Inquire method, apparatus 1
It is that one kind can be according to the instruction for being previously set or storing, the automatic equipment for carrying out numerical value calculating and/or information processing.It is described
Inquiry method, apparatus 1 can be computer, be also possible to single network server, multiple network servers composition server group or
The cloud that a large amount of hosts or network server is made of of the person based on cloud computing, wherein cloud computing is one kind of distributed computing,
A super virtual computer consisting of a loosely coupled set of computers.
In the present embodiment, inquiry method, apparatus 1 may include, but be not limited only to, and connection can be in communication with each other by system bus
Memory 11, processor 12, network interface 13, memory 11 is stored with the processing system 10 that can be run on the processor 12.
It should be pointed out that Fig. 1 illustrates only the inquiry method, apparatus 1 with component 11-13, it should be understood that being not required for reality
Apply all components shown, the implementation that can be substituted is more or less component.
Wherein, memory 11 includes the readable storage medium storing program for executing of memory and at least one type.Inside save as issuer's equipment 1
Operation provides caching;Readable storage medium storing program for executing can be for if flash memory, hard disk, multimedia card, card-type memory are (for example, SD or DX storage
Device etc.), random access storage device (RAM), static random-access memory (SRAM), read-only memory (ROM), electric erasable can
Program read-only memory (EEPROM), programmable read only memory (PROM), magnetic storage, disk, CD etc. it is non-volatile
Property storage medium.In some embodiments, readable storage medium storing program for executing can be the internal storage unit of inquiry method, apparatus 1, such as should
Inquire the hard disk of method, apparatus 1;In further embodiments, which is also possible to inquire the outer of method, apparatus 1
Portion stores equipment, such as inquires the plug-in type hard disk being equipped on method, apparatus 1, intelligent memory card (Smart Media Card,
SMC), secure digital (Secure Digital, SD) blocks, flash card (Flash Card) etc..In the present embodiment, memory 11
Readable storage medium storing program for executing is installed on the operating system and types of applications software of inquiry method, apparatus 1 commonly used in storage, such as storage is originally
Invent the program code etc. of the processing system 10 in an embodiment.In addition, memory 11 can be also used for temporarily storing
Output or the Various types of data that will be exported.
The processor 12 can be in some embodiments central processing unit (Central Processing Unit,
CPU), controller, microcontroller, microprocessor or other data processing chips store in the memory 11 for running
Program code or processing data, such as operation processing system 10 etc..
The network interface 13 may include the radio network interface of standard, wired network interface, and the network interface 13 is usual
For establishing communication connection between the inquiry method, apparatus 1 and other electronic equipments.
The processing system 10 is stored in memory 11, can including at least one computer being stored in memory 11
Reading instruction, at least one computer-readable instruction can be executed by processor device 12, the method to realize each embodiment of the application;
And the function that at least one computer-readable instruction is realized according to its each section is different, can be divided into different logics
Module.
In one embodiment, following steps are realized when above-mentioned processing system 10 is executed by the processor 12:
The first private key is generated, based on first private key and scheduled commutative encryption algorithm to personal information to be checked
Encryption obtains the first encryption information, carries out desensitization process to the personal information and obtains desensitization information, and by the first encryption information
And desensitization information is sent to service method, apparatus;
The the first encryption subset and the second encryption information that the service method, apparatus returns are received, first private key is based on
And the commutative encryption algorithm is encrypted to obtain the second encryption subset, base to every data in the first encryption subset
In the second encryption subset and second encryption information determine the personal information with the presence or absence of in the list, described the
One encryption subset is that the service method, apparatus is obtained based on the scheduled list of desensitization information inquiry, second encryption information
It is obtained for the service method, apparatus based on the commutative encryption algorithm and the second private key encryption itself generated.
Further, described that the step of desensitization process obtains desensitization information is carried out to the personal information, it specifically includes: obtaining
Take the characteristic information of the personal information and the data volume of the list, characteristic information and the name based on the personal information
Single data volume determines the data bit and data volume that desensitization process is carried out to the personal information.
It is the Program modual graph of processing system 10 in Fig. 1 referring to shown in Fig. 2.The processing system 10 is divided into multiple
Module, multiple module are stored in memory 12, and are executed by processor 13, to complete the present invention.The present invention is so-called
Module is the series of computation machine program instruction section for referring to complete specific function.
The processing system 10 can be divided into: processing module 101 and determining module 102.
The processing module 101 is calculated for generating the first private key based on first private key and scheduled commutative encryption
Method encrypts personal information to be checked to obtain the first encryption information, carries out desensitization process to the personal information and obtains desensitization letter
Breath, and the first encryption information and desensitization information are sent to service method, apparatus;
The determining module 102, for receiving the first encryption subset and the second encryption that the service method, apparatus returns
Information adds every data in the first encryption subset based on first private key and the commutative encryption algorithm
It is close to obtain the second encryption subset, whether the personal information is determined based on the second encryption subset and second encryption information
There are in the list, the first encryption subset is that the service method, apparatus is based on the scheduled list of desensitization information inquiry
It obtains, second encryption information is the service method, apparatus based on the commutative encryption algorithm and the second private itself generated
Key encrypts to obtain.
As shown in fig.3, being the schematic diagram of the hardware structure of present invention service one embodiment of method, apparatus.Service method, apparatus 2
It is that one kind can be according to the instruction for being previously set or storing, the automatic equipment for carrying out numerical value calculating and/or information processing.It is described
Service method, apparatus 2 can be computer, be also possible to single network server, multiple network servers composition server group or
The cloud that a large amount of hosts or network server is made of of the person based on cloud computing, wherein cloud computing is one kind of distributed computing,
A super virtual computer consisting of a loosely coupled set of computers.
In the present embodiment, service method, apparatus 2 may include, but be not limited only to, and connection can be in communication with each other by system bus
Memory 21, processor 22, network interface 23, memory 21 is stored with the processing system 20 that can be run on processor 22.
It should be pointed out that Fig. 3 illustrates only the service method, apparatus 2 with component 21-23, it should be understood that being not required for reality
Apply all components shown, the implementation that can be substituted is more or less component.
Wherein, memory 21, processor 22, network interface 23 connect with above-mentioned memory 11, processor 12, network substantially
Mouthfuls 13 respectively correspond it is similar, can respectively refering to above-mentioned memory 11, processor 12, network interface 13 function and other retouch
Part is stated, details are not described herein again.
The processing system 20 is stored in memory 21, can including at least one computer being stored in memory 21
Reading instruction, at least one computer-readable instruction can be executed by processor device 22, the method to realize each embodiment of the application;
And the function that at least one computer-readable instruction is realized according to its each section is different, can be divided into different logics
Module.
In one embodiment, following steps are realized when above-mentioned processing system 20 is executed by the processor 22:
Receive the first encryption information and desensitization information that inquiry method, apparatus is sent, the clear portion inquiry based on desensitization information
Scheduled list, obtains list subset, and first encryption information is that the inquiry method, apparatus is based on scheduled commutative encryption
Algorithm and the first private key encryption itself generated obtain, and the desensitization information is the personal letter that the inquiry method, apparatus treats inquiry
Breath carries out desensitization process and obtains;
The second private key is generated, based on second private key and the commutative encryption algorithm to every in the list subset
Data is encrypted to obtain the first encryption subset, and based on second private key and the commutative encryption algorithm to described the
One encryption information encrypts to obtain the second encryption information, and the first encryption subset and the second encryption information are sent to the inquiry
Method, apparatus.
Further, when the processing system is executed by the processor, following steps are also realized:
Whether the quantity for analyzing the sub- intensive data of the list is less than scheduled quantity;
If so, carry out expansion processing to the list subset, so that the quantity of the sub- intensive data of the list is greater than etc.
In scheduled quantity;
If it is not, then being handled without expansion.
It is the Program modual graph of processing system 20 in Fig. 3 referring to shown in Fig. 4.The processing system 20 is divided into multiple
Module, multiple module are stored in memory 22, and are executed by processor 23, to complete the present invention.The present invention is so-called
Module is the series of computation machine program instruction section for referring to complete specific function.
The processing system 20 can be divided into: enquiry module 201 and encrypting module 202.
The enquiry module 201, for receiving the first encryption information and desensitization information that inquiry method, apparatus is sent, based on de-
The clear portion of quick information inquires scheduled list, obtains list subset, and first encryption information is the inquiry method, apparatus
It is obtained based on scheduled commutative encryption algorithm and the first private key encryption itself generated, the desensitization information is the issuer
Equipment carries out desensitization process to personal information to be checked and obtains;
The encrypting module 202 is based on second private key and the commutative encryption algorithm for generating the second private key
Encrypted to obtain the first encryption subset to every data in the list subset, and based on second private key and it is described can
Exchange Encryption Algorithm encrypts to obtain the second encryption information to first encryption information, and the first encryption subset and second are added
Confidential information is sent to the inquiry method, apparatus.
Above-mentioned inquiry method, apparatus 1 and the concrete principle for servicing method, apparatus 2 please refer to the method that following Fig. 5 are inquired about list
Flow chart introduction.
As shown in figure 5, Fig. 5 is the flow diagram of one embodiment of method of list of the present invention inquiry, this method includes such as
Lower step:
Step S1, inquiry method, apparatus generate the first private key, are based on first private key and scheduled commutative encryption algorithm
Personal information to be checked is encrypted to obtain the first encryption information, desensitization process is carried out to the personal information and obtains desensitization letter
Breath, and the first encryption information and desensitization information are sent to service method, apparatus;
Preferably, scheduled commutative encryption algorithm can use Diffie-Hellman (diffie-hellman is graceful) key
The characteristics of exchange agreement, commutative encryption algorithm is successively to encrypt the same data with different keys, obtained result and encryption
Order is unrelated, and note Encryption Algorithm is F, if having F with key K1 and K2 encryption message M respectivelyK1(FK2(M))=FK2(FK1
(M))。
In the present embodiment, desensitization process is not stringent data encryption technology, but desensitization process, specifically includes: obtaining
Take the characteristic information of the personal information and the data volume of the list, characteristic information and the name based on the personal information
Single data volume determines the data bit and data volume that desensitization process is carried out to the personal information.
Wherein, personal information desensitize which data bit and desensitization how many position, need according to the characteristic information of personal information with
And the data volume of list determines, to guarantee that the list subset obtained every time is not too large, reduces computation degree and exchange
Data volume.
For the characteristic information of personal information comprising sensitive information and/or random information, can preferentially to characteristic information into
Row desensitization process.If personal information is ID card No., sensitive information is birthdate, and random information is latter 4;Such as
Fruit personal information is phone number, then first 3 are Network ID, and intermediate 4 are area code, and latter 4 are random code, then
First 3 and intermediate 4 desensitization process have little significance, and latter 4 have randomness, and latter 4 of general desensitization process phone number.
Certainly, in the case where characteristic information is less, other information can also carry out desensitization process simultaneously, and desensitization process can be hiding
Characteristic information.
For the size of data volume in list, issuer can request to service side, obtain the size of data volume in list;
If issuer is unable to get the size of data volume in list, the size of data volume in list can be evaluated whether, for example, certain
The membership list in the shop a * * can be evaluated whether that the quantity of member is hundreds of people or thousands of people.
The size of data volume in characteristic information and list based on above-mentioned personal information, determine to the personal information into
The data bit and data volume of row desensitization process, can be pre-configured with the pass of the characteristic information of personal information and the data bit of desensitization process
The data magnitude relation of data volume and desensitization process, can determine carry out desensitization process based on both relationships in system and list
Data bit and data volume.For example, being less than scheduled data volume if data volume is smaller in list, then confidentiality is especially heavy
It wants, in order to improve confidentiality, the characteristic information in personal information can be desensitized compared with multidigit;If data volume is larger in list,
So search efficiency is more important, and in order to improve search efficiency, the characteristic information in personal information can be desensitized less bits.
For example, one 18 110101199003076974 desensitization process of ID card No. are hidden last 8 and are obtained
1101011990xxxxxxxx, or to 11 phone numbers 13812341234 hide last 4 obtain P '=
1381234xxxx。
Step S2, the service method, apparatus receive first encryption information and desensitization information that inquiry method, apparatus is sent,
Clear portion based on desensitization information inquires scheduled list, obtains list subset;
In the present embodiment, after service method, apparatus receives the first encryption information that inquiry method, apparatus is sent and desensitization information, by
In the first private key that can not obtain issuer, also the first encryption information can not just be decrypted, and also can not be quasi- by desensitization information
Determine corresponding personal information, therefore, service side can not know the personal information to be inquired of issuer, can guarantee to inquire
The safety of the personal information to be inquired of side.
The scheduled list of clear portion inquiry that method, apparatus passes through desensitization information is serviced, for example, service method, apparatus is by taking off
Quick information " phone number 1381234xxxx " inquires phone number all in list, inquires in list and open with 1381234
All phone numbers of head, obtain a list subset.If personal information in list, is bound in list subset
In;If personal information, centainly will not be in list subset not in list.
Further, service method, apparatus is after inquiry obtains list subset, in order to further increase the peace of personal information
Quan Xing services method, apparatus after inquiry obtains list subset, further comprising the steps of:
Whether the quantity for analyzing the sub- intensive data of the list is less than scheduled quantity;
If so, carry out expansion processing to the list subset, so that the quantity of the sub- intensive data of the list is greater than etc.
In scheduled quantity;
If it is not, then being handled without expansion.
Wherein, if the quantity of the sub- intensive data of list is less than scheduled quantity (for example, less than 10), either for 0
Units, be easy to reveal some Partial Features about list subset: the quantity of the data of list subset is 0, then explanation should
For personal information not in list, this also just reveals personal information;The quantity of the data of list subset is units, then due to number
Amount is smaller, reduces range, it is likely that service side can guess out the personal information.Therefore, it is necessary to expand list subset
Processing, it is preferable that select illegal data extending into list subset, so that the quantity of the sub- intensive data of list is more than or equal to
Scheduled quantity.By taking phone number as an example, some similar 99912345678 can be supplemented as data into list subset,
These illegal data of supplement will not reveal any information, and will not have any influence to final query result.
Step S3, the service method, apparatus generate the second private key, are calculated based on second private key and the commutative encryption
Method is encrypted to obtain the first encryption subset to every data in the list subset, and based on second private key and described
Commutative encryption algorithm encrypts to obtain the second encryption information to first encryption information, by the first encryption subset and second
Encryption information is sent to the inquiry method, apparatus;
In the present embodiment, the second private key of service side's equipment utilization and commutative encryption algorithm are to every number in list subset
According to progress first time encryption, and second is carried out to the first encryption information using the second private key and commutative encryption algorithm and is encrypted.
Step S4, the inquiry method, apparatus receive the first encryption subset and the second encryption letter that service method, apparatus returns
Breath encrypts every data in the first encryption subset based on first private key and the commutative encryption algorithm
The second encryption subset is obtained, determines whether the personal information deposits based on the second encryption subset and second encryption information
In the list.
Wherein, after inquiry method, apparatus receives the first encryption subset and the second encryption information that service method, apparatus returns, due to
The second private key of service side can not be obtained, also just can not be to the first encryption subset decryption, therefore issuer can not aware service side
List, can guarantee the safety of the list information of service side.
Wherein, it after inquiry method, apparatus receives the first encryption subset and the second encryption information that service method, apparatus returns, utilizes
First private key and commutative encryption algorithm carry out second to every data in the first encryption subset and encrypt.
Wherein, determine the personal information with the presence or absence of institute based on the second encryption subset and second encryption information
The step in list is stated, is specifically included:
Whether inquire in the second encryption subset has data identical with second encryption information;
If so, determining the personal information, there are in the list;
If not, it is determined that there is no in the list for the personal information.
These characteristics of the present embodiment based on commutative encryption algorithm, inquiry method, apparatus pass through in inquiry the second encryption subset
Whether with second encryption information identical data are had, if the second encryption is concentrated with data identical with the second encryption information,
Then determine issuer personal information presence service side list in, if second encryption subset in not with the second encryption information
Identical data, it is determined that there is no in the list of service side for the personal information of issuer.
Wherein, inquiry method, apparatus is locally carrying out search operation, and final query result will not be known by servicing method, apparatus
(i.e. whether personal information is in list), can guarantee the safety of information.
It is illustrated by taking inquiry mobile phone number blacklist as an example below:
1, whether issuer A thinks inquiry mobile phone number P=13812340004 in the blacklist library of service side B.Service side
The blacklist library of B includes these numbers { 13812340001,13812340002,13812340004 };
2, issuer A utilizes private key KA and scheduled commutative encryption algorithm for encryption phone number P, obtains FKA
(13812340004), and desensitization process phone number P, 1381234xxxx is obtained, FKA(13812340004) and
1381234xxxx is sent to service side B;
3, service side B inquires oneself blacklist library using 1381234xxxx, find 3 records 13812340001,
13812340002,13812340004 } meet condition, but quantity is less than 10, this list subset is done random expansion by service side B
Exhibition, is filled into 10 datas: 13812340001,13812340002,13812340004,99912340001,
99912340002,99912340003,99912340004,99912340005,99912340006,99912340007 };
Using private key KB and the every data of commutative encryption algorithm for encryption, the first encryption subset { F is obtainedKB
(13812340001), FKB(13812340002), FKB(13812340004), FKB(99912340001), FKB
(99912340002), FKB(99912340003), FKB(99912340004), FKB(99912340005), FKB
(99912340006), FKB(99912340007)};
Meanwhile service side B is to FKA(13812340004) it is encrypted again, obtains calculating FKB(FKA
(13812340004)) the two results after encryption finally, are passed back issuer A.
4, issuer A encrypts every data { F in subset using private key KA and commutative encryption algorithm for encryption firstKA
(FKB(13812340001)), FKA(FKB(13812340002)), FKA(FKB(13812340004)), FKA(FKB
(99912340001)), FKA(FKB(99912340002)), FKA(FKB(99912340003)), FKA(FKB(99912340004)),
FKA(FKB(99912340005)), FKA(FKB(99912340006)), FKA(FKB(99912340007)) the second encryption }, is obtained
Collection;
Due to FKB(FKAAnd F (13812340004))KA(FKB(13812340004)) equal, issuer A this second plus
This item data can be found in close subset, this turns out 13812340004 in the blacklist library of service B.During being somebody's turn to do,
What service side B was not aware that issuer A inquiry is 13812340004 this number, and issuer A does not know that service side B's is black yet
It specifically include any number in list library.
In addition, the embodiment of the present invention also proposes a kind of computer readable storage medium, the computer readable storage medium
It can be hard disk, multimedia card, SD card, flash card, SMC, read-only memory (ROM), Erasable Programmable Read Only Memory EPROM
(EPROM), any one in portable compact disc read-only memory (CD-ROM), USB storage etc. or several timess
Meaning combination.It include processing system, the function which realizes when being executed by processor in the computer readable storage medium
Can, the above-mentioned introduction about inquiry method, apparatus in Fig. 5 or service method, apparatus is please referred to, details are not described herein.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, device, article or the method that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, device, article or method institute it is intrinsic
Element.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in a storage medium
In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, computer, clothes
Business device, air conditioner or the network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of method of list inquiry, which is characterized in that the method for the list inquiry includes:
It inquires method, apparatus and generates the first private key, based on first private key and scheduled commutative encryption algorithm to be checked
People's information encrypts to obtain the first encryption information, carries out desensitization process to the personal information and obtains desensitization information, and first is added
Confidential information and desensitization information are sent to service method, apparatus;
The service method, apparatus receives first encryption information and desensitization information that inquiry method, apparatus is sent, based on desensitization information
Clear portion inquire scheduled list, obtain list subset;
The service method, apparatus generates the second private key, based on second private key and the commutative encryption algorithm to the list
Every data in subset is encrypted to obtain the first encryption subset, and is calculated based on second private key and the commutative encryption
Method encrypts to obtain the second encryption information to first encryption information, and the first encryption subset and the second encryption information are sent
To the inquiry method, apparatus;
The inquiry method, apparatus receives the first encryption subset and the second encryption information that service method, apparatus returns, based on described
First private key and the commutative encryption algorithm to every data in the first encryption subset encrypted to obtain second plus
Close subset determines the personal information with the presence or absence of the list based on the second encryption subset and second encryption information
In.
2. the method for list inquiry according to claim 1, which is characterized in that described to desensitize to the personal information
Processing obtains the step of desensitization information, specifically includes:
Obtain the characteristic information of the personal information and the data volume of the list, characteristic information based on the personal information and
The data volume of the list determines the data bit and data volume that desensitization process is carried out to the personal information.
3. the method for list inquiry according to claim 1, which is characterized in that the service method, apparatus receives issuer and sets
First encryption information and desensitization information that preparation is sent, the clear portion based on desensitization information are inquired scheduled list, are obtained
After the step of list subset, further includes:
Whether the quantity for analyzing the sub- intensive data of the list is less than scheduled quantity;
If so, expansion processing is carried out to the list subset, so that the quantity of the sub- intensive data of the list is more than or equal in advance
Fixed quantity;
If it is not, then being handled without expansion.
4. the method for list inquiry according to any one of claims 1 to 3, which is characterized in that described to be based on described second
Encryption subset and second encryption information determine that the personal information with the presence or absence of the step in the list, specifically includes:
Whether inquire in the second encryption subset has data identical with second encryption information;
If so, determining the personal information, there are in the list;
If not, it is determined that there is no in the list for the personal information.
5. a kind of inquiry method, apparatus, which is characterized in that the inquiry method, apparatus includes memory and connect with the memory
Processor is stored with the processing system that can be run on the processor in the memory, and the processing system is by the place
Reason device realizes following steps when executing:
The first private key is generated, personal information to be checked is encrypted based on first private key and scheduled commutative encryption algorithm
The first encryption information is obtained, desensitization process is carried out to the personal information and obtains desensitization information, and by the first encryption information and is taken off
Quick information is sent to service method, apparatus;
The the first encryption subset and the second encryption information that the service method, apparatus returns are received, first private key and institute are based on
It states commutative encryption algorithm every data in the first encryption subset is encrypted to obtain the second encryption subset, is based on institute
It states the second encryption subset and second encryption information determines the personal information with the presence or absence of in the list, described first adds
Close subset is that the service method, apparatus is obtained based on the scheduled list of desensitization information inquiry, and second encryption information is institute
Service method, apparatus is stated to obtain based on the commutative encryption algorithm and the second private key encryption itself generated.
6. inquiry method, apparatus according to claim 5, which is characterized in that described to carry out desensitization process to the personal information
The step of obtaining desensitization information, specifically includes:
Obtain the characteristic information of the personal information and the data volume of the list, characteristic information based on the personal information and
The data volume of the list determines the data bit and data volume that desensitization process is carried out to the personal information.
7. a kind of service method, apparatus, which is characterized in that the service method, apparatus includes memory and connect with the memory
Processor is stored with the processing system that can be run on the processor in the memory, and the processing system is by the place
Reason device realizes following steps when executing:
The first encryption information and desensitization information that inquiry method, apparatus is sent are received, the clear portion inquiry based on desensitization information is predetermined
List, obtain list subset, first encryption information is the inquiry method, apparatus based on scheduled commutative encryption algorithm
And the first private key encryption that itself is generated obtains, the desensitization information be the inquiry method, apparatus treat the personal information of inquiry into
Row desensitization process obtains;
The service method, apparatus generates the second private key, based on second private key and the commutative encryption algorithm to the list
Every data in subset is encrypted to obtain the first encryption subset, and is calculated based on second private key and the commutative encryption
Method encrypts to obtain the second encryption information to first encryption information, and the first encryption subset and the second encryption information are sent
To the inquiry method, apparatus.
8. service method, apparatus according to claim 7, which is characterized in that the processing system is executed by the processor
When, also realize following steps:
Whether the quantity for analyzing the sub- intensive data of the list is less than scheduled quantity;
If so, expansion processing is carried out to the list subset, so that the quantity of the sub- intensive data of the list is more than or equal in advance
Fixed quantity;
If it is not, then being handled without expansion.
9. a kind of computer readable storage medium, which is characterized in that be stored with processing system on the computer readable storage medium
System realizes inquiry method, apparatus execution according to any one of claims 1 to 4 when the processing system is executed by processor
The step of method.
10. a kind of computer readable storage medium, which is characterized in that be stored with processing system on the computer readable storage medium
System realizes service method, apparatus execution according to any one of claims 1 to 4 when the processing system is executed by processor
The step of method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910720387.0A CN110457945B (en) | 2019-08-01 | 2019-08-01 | List query method, query party device, service party device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910720387.0A CN110457945B (en) | 2019-08-01 | 2019-08-01 | List query method, query party device, service party device and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110457945A true CN110457945A (en) | 2019-11-15 |
CN110457945B CN110457945B (en) | 2021-03-02 |
Family
ID=68485003
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910720387.0A Active CN110457945B (en) | 2019-08-01 | 2019-08-01 | List query method, query party device, service party device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110457945B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111177769A (en) * | 2020-04-10 | 2020-05-19 | 支付宝(杭州)信息技术有限公司 | Private data protection list query method and related list query system |
CN111461728A (en) * | 2020-03-31 | 2020-07-28 | 支付宝(杭州)信息技术有限公司 | Risk identification method, device and system |
CN112182107A (en) * | 2020-09-29 | 2021-01-05 | 中国平安财产保险股份有限公司 | Method and device for acquiring list data, computer equipment and storage medium |
CN112836239A (en) * | 2021-02-19 | 2021-05-25 | 支付宝(杭州)信息技术有限公司 | Method and device for cooperatively determining target object data by two parties for protecting privacy |
CN112989027A (en) * | 2021-02-01 | 2021-06-18 | 中金金融认证中心有限公司 | Method for querying lists and for providing list query service and related products |
CN113254957A (en) * | 2019-11-26 | 2021-08-13 | 支付宝(杭州)信息技术有限公司 | Data query method, device, equipment and system based on privacy information protection |
CN113434890A (en) * | 2021-07-07 | 2021-09-24 | 海通证券股份有限公司 | Data query method and system and readable storage medium |
CN113434906A (en) * | 2021-07-05 | 2021-09-24 | 平安科技(深圳)有限公司 | Data query method and device, computer equipment and storage medium |
CN114840867A (en) * | 2022-07-01 | 2022-08-02 | 北京融数联智科技有限公司 | Data query method, device and system based on exchangeable encrypted data confusion |
CN115544579A (en) * | 2022-11-24 | 2022-12-30 | 北京融数联智科技有限公司 | Double-random data confusion query method, device and system |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004081816A1 (en) * | 2003-03-13 | 2004-09-23 | International Business Machines Corporation | Secure database access through partial encryption |
WO2004111873A3 (en) * | 2003-06-09 | 2005-04-07 | Ibm | Database query processing across two private databases |
CN103345526A (en) * | 2013-07-22 | 2013-10-09 | 武汉大学 | Efficient privacy protection encrypted message querying method in cloud environment |
CN106033461A (en) * | 2015-03-19 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Sensitive information query method and apparatus |
CN106844599A (en) * | 2017-01-13 | 2017-06-13 | 华东师范大学 | A kind of personalized privacy information search method based on data mapping |
CN106909617A (en) * | 2017-01-13 | 2017-06-30 | 华东师范大学 | A kind of personalized privacy information search method based on data fitting |
CN107682303A (en) * | 2016-08-02 | 2018-02-09 | 北京宸信征信有限公司 | Personal sensitive information encrypted query system and method |
CN109165526A (en) * | 2018-08-24 | 2019-01-08 | 武汉丰普科技股份有限公司 | A kind of big data security and privacy guard method, device and storage medium |
-
2019
- 2019-08-01 CN CN201910720387.0A patent/CN110457945B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004081816A1 (en) * | 2003-03-13 | 2004-09-23 | International Business Machines Corporation | Secure database access through partial encryption |
WO2004111873A3 (en) * | 2003-06-09 | 2005-04-07 | Ibm | Database query processing across two private databases |
CN103345526A (en) * | 2013-07-22 | 2013-10-09 | 武汉大学 | Efficient privacy protection encrypted message querying method in cloud environment |
CN106033461A (en) * | 2015-03-19 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Sensitive information query method and apparatus |
CN107682303A (en) * | 2016-08-02 | 2018-02-09 | 北京宸信征信有限公司 | Personal sensitive information encrypted query system and method |
CN106844599A (en) * | 2017-01-13 | 2017-06-13 | 华东师范大学 | A kind of personalized privacy information search method based on data mapping |
CN106909617A (en) * | 2017-01-13 | 2017-06-30 | 华东师范大学 | A kind of personalized privacy information search method based on data fitting |
CN109165526A (en) * | 2018-08-24 | 2019-01-08 | 武汉丰普科技股份有限公司 | A kind of big data security and privacy guard method, device and storage medium |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113254957A (en) * | 2019-11-26 | 2021-08-13 | 支付宝(杭州)信息技术有限公司 | Data query method, device, equipment and system based on privacy information protection |
CN113254957B (en) * | 2019-11-26 | 2022-04-08 | 支付宝(杭州)信息技术有限公司 | Data query method, device, equipment and system based on privacy information protection |
CN111461728A (en) * | 2020-03-31 | 2020-07-28 | 支付宝(杭州)信息技术有限公司 | Risk identification method, device and system |
CN111461728B (en) * | 2020-03-31 | 2023-03-10 | 支付宝(杭州)信息技术有限公司 | Risk identification method, device and system |
CN111177769A (en) * | 2020-04-10 | 2020-05-19 | 支付宝(杭州)信息技术有限公司 | Private data protection list query method and related list query system |
CN112182107B (en) * | 2020-09-29 | 2023-11-03 | 中国平安财产保险股份有限公司 | List data acquisition method, device, computer equipment and storage medium |
CN112182107A (en) * | 2020-09-29 | 2021-01-05 | 中国平安财产保险股份有限公司 | Method and device for acquiring list data, computer equipment and storage medium |
CN112989027A (en) * | 2021-02-01 | 2021-06-18 | 中金金融认证中心有限公司 | Method for querying lists and for providing list query service and related products |
CN112989027B (en) * | 2021-02-01 | 2024-04-12 | 中金金融认证中心有限公司 | Method for querying lists and for providing list querying services and related products |
CN112836239A (en) * | 2021-02-19 | 2021-05-25 | 支付宝(杭州)信息技术有限公司 | Method and device for cooperatively determining target object data by two parties for protecting privacy |
CN113434906A (en) * | 2021-07-05 | 2021-09-24 | 平安科技(深圳)有限公司 | Data query method and device, computer equipment and storage medium |
CN113434906B (en) * | 2021-07-05 | 2024-01-16 | 平安科技(深圳)有限公司 | Data query method, device, computer equipment and storage medium |
CN113434890A (en) * | 2021-07-07 | 2021-09-24 | 海通证券股份有限公司 | Data query method and system and readable storage medium |
CN114840867A (en) * | 2022-07-01 | 2022-08-02 | 北京融数联智科技有限公司 | Data query method, device and system based on exchangeable encrypted data confusion |
CN115544579A (en) * | 2022-11-24 | 2022-12-30 | 北京融数联智科技有限公司 | Double-random data confusion query method, device and system |
Also Published As
Publication number | Publication date |
---|---|
CN110457945B (en) | 2021-03-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110457945A (en) | Method, inquiry method, apparatus, service method, apparatus and the storage medium of list inquiry | |
US11531732B2 (en) | Systems and methods for providing identity assurance for decentralized applications | |
EP2731044B1 (en) | Client computer for querying a database stored on a server via a network | |
US8850593B2 (en) | Data management using a virtual machine-data image | |
CN106022155B (en) | Method and server for database security management | |
US6839437B1 (en) | Method and apparatus for managing keys for cryptographic operations | |
US9628274B1 (en) | Hardening tokenization security and key rotation | |
US8954753B2 (en) | Encrypting data in volatile memory | |
US20150026462A1 (en) | Method and system for access-controlled decryption in big data stores | |
WO2021012548A1 (en) | Blockchain-based data processing method and system, and electronic apparatus and storage medium | |
CN113420049B (en) | Data circulation method, device, electronic equipment and storage medium | |
CN113743955A (en) | Food material traceability data security access control method based on intelligent contract | |
CN114398623A (en) | Method for determining security policy | |
CN115694921B (en) | Data storage method, device and medium | |
US12032707B2 (en) | Secure digital record with improved data update and sharing | |
JP6965885B2 (en) | Information processing equipment, information processing methods, and programs | |
JP2009064126A (en) | Ic card system, terminal device therefor and program | |
CN110134339A (en) | A kind of data guard method and system based on file virtual disk | |
CN116910788B (en) | Searchable encryption management method and device for service data and storage medium | |
CN115470525B (en) | File protection method, system, computing device and storage medium | |
CN118133326B (en) | Data encryption transmission system based on chip | |
US20130036474A1 (en) | Method and Apparatus for Secure Data Representation Allowing Efficient Collection, Search and Retrieval | |
Astudillo et al. | Multi-user Searchable Attribute Based Encryption for Outsourced Big Data | |
CN117493335A (en) | Report processing method, report processing device, report processing equipment, storage medium and computer program product | |
CN116842541A (en) | Data encryption and decryption processing method and device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |