CN110457945A - Method, inquiry method, apparatus, service method, apparatus and the storage medium of list inquiry - Google Patents

Method, inquiry method, apparatus, service method, apparatus and the storage medium of list inquiry Download PDF

Info

Publication number
CN110457945A
CN110457945A CN201910720387.0A CN201910720387A CN110457945A CN 110457945 A CN110457945 A CN 110457945A CN 201910720387 A CN201910720387 A CN 201910720387A CN 110457945 A CN110457945 A CN 110457945A
Authority
CN
China
Prior art keywords
encryption
information
list
subset
inquiry
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910720387.0A
Other languages
Chinese (zh)
Other versions
CN110457945B (en
Inventor
吴焕明
王文超
林俊良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wei Ying Combined Information Technology (shenzhen) Co Ltd
Original Assignee
Wei Ying Combined Information Technology (shenzhen) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wei Ying Combined Information Technology (shenzhen) Co Ltd filed Critical Wei Ying Combined Information Technology (shenzhen) Co Ltd
Priority to CN201910720387.0A priority Critical patent/CN110457945B/en
Publication of CN110457945A publication Critical patent/CN110457945A/en
Application granted granted Critical
Publication of CN110457945B publication Critical patent/CN110457945B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of method of list inquiry, inquiry method, apparatus, service method, apparatus and storage mediums, this method comprises: inquiry method, apparatus encrypts personal information to be checked to obtain the first encryption information based on the first private key and scheduled commutative encryption algorithm, carries out desensitization process and obtain desensitization information;It services method, apparatus and list is inquired based on the clear portion of desensitization information, obtain list subset;Service method, apparatus encrypts every data in list subset to obtain the first encryption subset based on the second private key and commutative encryption algorithm, and encrypts to obtain the second encryption information to the first encryption information based on the second private key and commutative encryption algorithm;Inquiry method, apparatus is encrypted to obtain the second encryption subset based on the first private key and commutative encryption algorithm to every data in the first encryption subset, determines personal information with the presence or absence of in list based on the second encryption subset and the second encryption information.The present invention can be improved the efficiency of list inquiry.

Description

Method, inquiry method, apparatus, service method, apparatus and the storage medium of list inquiry
Technical field
The present invention relates to field of information security technology more particularly to a kind of methods of list inquiry, inquiry method, apparatus, service Method, apparatus and storage medium.
Background technique
With the development of mobile internet, more and more individual privacy informations are collected, transmit, calculate, exchange, and are used for Promote service quality.However, this also causes the problem of being largely compromised about individual privacy.For example, a mechanism is in addition Mechanism provide query interface, to inquire the person of being queried whether in list, such list be by one kind have identical spy The personal Canopy structure, such as member, blacklist etc. of property.Conventional query interface needs to provide the person identifier letter for the person of being queried It ceases PII (Personally Identifiable Information), by taking blacklist as an example, the identification information provided can To be ID card No., phone number or cell phone apparatus unique identifier etc..In query process, even if the person of being queried is not in name Among list, service side can also obtain the personally identifiable information for the person of being queried, meanwhile, also have leaked the business information of issuer.This In due to privacy information exchange information leakage problem i.e. " intersection (the private set of private data collection that generates Interaction) " problem.
It solves the above problems currently, can use multiple encryption algorithms, but common issue existing for these algorithms is: by It is intercoursed after being usually to be encrypted the data set for all participating in calculating, completes inquiry, therefore usually required both sides and hand over Mass data is changed, the data volume of processing is big;And to calculate the time long for existing Encryption Algorithm, results in search efficiency low in this way, no Suitable for common operation system, use cost is high.
Summary of the invention
The purpose of the present invention is to provide a kind of method of list inquiry, inquiry method, apparatus, service method, apparatus and storages to be situated between Matter, it is intended to improve the efficiency of list inquiry, simultaneously effective protect the privacy information of other side.
To achieve the above object, the present invention provides a kind of method of list inquiry, and the method for the list inquiry includes:
It inquires method, apparatus and generates the first private key, based on first private key and scheduled commutative encryption algorithm to be checked Personal information encrypt to obtain the first encryption information, desensitization process is carried out to the personal information and obtains desensitization information, and by the One encryption information and desensitization information are sent to service method, apparatus;
The service method, apparatus receives first encryption information and desensitization information that inquiry method, apparatus is sent, based on desensitization The clear portion of information inquires scheduled list, obtains list subset;
The service method, apparatus generates the second private key, based on second private key and the commutative encryption algorithm to described Every data in list subset is encrypted to obtain the first encryption subset, and based on second private key and it is described commutative plus Close algorithm encrypts to obtain the second encryption information to first encryption information, by the first encryption subset and the second encryption information It is sent to the inquiry method, apparatus;
The inquiry method, apparatus receives the first encryption subset and the second encryption information that service method, apparatus returns, and is based on First private key and the commutative encryption algorithm are encrypted to obtain the to every data in the first encryption subset Two encryption subsets determine the personal information with the presence or absence of described based on the second encryption subset and second encryption information In list.
Preferably, described that the step of desensitization process obtains desensitization information is carried out to the personal information, it specifically includes:
The characteristic information of the personal information and the data volume of the list are obtained, the feature letter based on the personal information The data volume of breath and the list determines the data bit and data volume that desensitization process is carried out to the personal information.
Preferably, the service method, apparatus receives first encryption information and desensitization information that inquiry method, apparatus is sent, After the step of clear portion based on desensitization information inquires scheduled list, obtains list subset, further includes:
Whether the quantity for analyzing the sub- intensive data of the list is less than scheduled quantity;
If so, carry out expansion processing to the list subset, so that the quantity of the sub- intensive data of the list is greater than etc. In scheduled quantity;
If it is not, then being handled without expansion.
Preferably, described that whether the personal information is determined based on the second encryption subset and second encryption information There are the steps in the list, specifically include:
Whether inquire in the second encryption subset has data identical with second encryption information;
If so, determining the personal information, there are in the list;
If not, it is determined that there is no in the list for the personal information.
To achieve the above object, the present invention also provides a kind of inquiry method, apparatus, the inquiry method, apparatus include memory and The processor connecting with the memory is stored with the processing system that can be run on the processor, institute in the memory It states when processing system is executed by the processor and realizes following steps:
The first private key is generated, based on first private key and scheduled commutative encryption algorithm to personal information to be checked Encryption obtains the first encryption information, carries out desensitization process to the personal information and obtains desensitization information, and by the first encryption information And desensitization information is sent to service method, apparatus;
The the first encryption subset and the second encryption information that the service method, apparatus returns are received, first private key is based on And the commutative encryption algorithm is encrypted to obtain the second encryption subset, base to every data in the first encryption subset In the second encryption subset and second encryption information determine the personal information with the presence or absence of in the list, described the One encryption subset is that the service method, apparatus is obtained based on the scheduled list of desensitization information inquiry, second encryption information It is obtained for the service method, apparatus based on the commutative encryption algorithm and the second private key encryption itself generated.
Preferably, described that the step of desensitization process obtains desensitization information is carried out to the personal information, it specifically includes:
The characteristic information of the personal information and the data volume of the list are obtained, the feature letter based on the personal information The data volume of breath and the list determines the data bit and data volume that desensitization process is carried out to the personal information.
To achieve the above object, the present invention also provides a kind of service method, apparatus, the service method, apparatus include memory and The processor connecting with the memory is stored with the processing system that can be run on the processor, institute in the memory It states when processing system is executed by the processor and realizes following steps:
Receive the first encryption information and desensitization information that inquiry method, apparatus is sent, the clear portion inquiry based on desensitization information Scheduled list, obtains list subset, and first encryption information is that the inquiry method, apparatus is based on scheduled commutative encryption Algorithm and the first private key encryption itself generated obtain, and the desensitization information is the personal letter that the inquiry method, apparatus treats inquiry Breath carries out desensitization process and obtains;
The service method, apparatus generates the second private key, based on second private key and the commutative encryption algorithm to described Every data in list subset is encrypted to obtain the first encryption subset, and based on second private key and it is described commutative plus Close algorithm encrypts to obtain the second encryption information to first encryption information, by the first encryption subset and the second encryption information It is sent to the inquiry method, apparatus.
Preferably, when the processing system is executed by the processor, following steps are also realized:
Whether the quantity for analyzing the sub- intensive data of the list is less than scheduled quantity;
If so, carry out expansion processing to the list subset, so that the quantity of the sub- intensive data of the list is greater than etc. In scheduled quantity;
If it is not, then being handled without expansion.
The present invention also provides a kind of computer readable storage medium, processing is stored on the computer readable storage medium The step of system, the processing system realizes the method that above-mentioned inquiry method, apparatus executes when being executed by processor.
The present invention also provides a kind of computer readable storage medium, processing is stored on the computer readable storage medium The step of system, the processing system realizes the method that above-mentioned service method, apparatus executes when being executed by processor.
The beneficial effects of the present invention are: a kind of method of list inquiry proposed by the present invention, inquiry method, apparatus, service side are set Standby and storage medium, inquiry method, apparatus issue service side after carrying out desensitization process and encryption to personal information, and service side passes through de- The clear portion of quick information is searched to obtain list subset, encrypts to obtain the first encryption subset to the pieces of data of list subset, and After carrying out secondary encryption to the encrypted personal information of issuer, both data are returned into issuer, issuer is to first Encryption subset carries out secondary encryption and obtains the second encryption subset, since above-mentioned Encryption Algorithm is all made of identical commutative encryption Therefore algorithm can be encrypted in subset with the presence or absence of second by inquiring the personal information of secondary encryption, that is, can determine the individual Whether information is in the list of other side.When inquiring someone between mechanism whether in the list of other side, using of the invention The data volume handled needed for querying method is smaller, can be improved search efficiency, simultaneously effective protects the privacy between mechanism Information.
Detailed description of the invention
Fig. 1 is the schematic diagram of the hardware structure of present invention inquiry one embodiment of method, apparatus;
Fig. 2 is the Program modual graph that processing system unifies embodiment in Fig. 1;
Fig. 3 is the schematic diagram of the hardware structure of present invention service one embodiment of method, apparatus;
Fig. 4 is the Program modual graph that processing system unifies embodiment in Fig. 3;
Fig. 5 is the flow diagram of one embodiment of method of list of the present invention inquiry.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not For limiting the present invention.Based on the embodiments of the present invention, those of ordinary skill in the art are not before making creative work Every other embodiment obtained is put, shall fall within the protection scope of the present invention.
It should be noted that the description for being related to " first ", " second " etc. in the present invention is used for description purposes only, and cannot It is interpreted as its relative importance of indication or suggestion or implicitly indicates the quantity of indicated technical characteristic.Define as a result, " the One ", the feature of " second " can explicitly or implicitly include at least one of the features.In addition, the skill between each embodiment Art scheme can be combined with each other, but must be based on can be realized by those of ordinary skill in the art, when technical solution Will be understood that the combination of this technical solution is not present in conjunction with there is conflicting or cannot achieve when, also not the present invention claims Protection scope within.
As shown in fig.1, being the schematic diagram of the hardware structure of present invention inquiry one embodiment of method, apparatus.Inquire method, apparatus 1 It is that one kind can be according to the instruction for being previously set or storing, the automatic equipment for carrying out numerical value calculating and/or information processing.It is described Inquiry method, apparatus 1 can be computer, be also possible to single network server, multiple network servers composition server group or The cloud that a large amount of hosts or network server is made of of the person based on cloud computing, wherein cloud computing is one kind of distributed computing, A super virtual computer consisting of a loosely coupled set of computers.
In the present embodiment, inquiry method, apparatus 1 may include, but be not limited only to, and connection can be in communication with each other by system bus Memory 11, processor 12, network interface 13, memory 11 is stored with the processing system 10 that can be run on the processor 12. It should be pointed out that Fig. 1 illustrates only the inquiry method, apparatus 1 with component 11-13, it should be understood that being not required for reality Apply all components shown, the implementation that can be substituted is more or less component.
Wherein, memory 11 includes the readable storage medium storing program for executing of memory and at least one type.Inside save as issuer's equipment 1 Operation provides caching;Readable storage medium storing program for executing can be for if flash memory, hard disk, multimedia card, card-type memory are (for example, SD or DX storage Device etc.), random access storage device (RAM), static random-access memory (SRAM), read-only memory (ROM), electric erasable can Program read-only memory (EEPROM), programmable read only memory (PROM), magnetic storage, disk, CD etc. it is non-volatile Property storage medium.In some embodiments, readable storage medium storing program for executing can be the internal storage unit of inquiry method, apparatus 1, such as should Inquire the hard disk of method, apparatus 1;In further embodiments, which is also possible to inquire the outer of method, apparatus 1 Portion stores equipment, such as inquires the plug-in type hard disk being equipped on method, apparatus 1, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) blocks, flash card (Flash Card) etc..In the present embodiment, memory 11 Readable storage medium storing program for executing is installed on the operating system and types of applications software of inquiry method, apparatus 1 commonly used in storage, such as storage is originally Invent the program code etc. of the processing system 10 in an embodiment.In addition, memory 11 can be also used for temporarily storing Output or the Various types of data that will be exported.
The processor 12 can be in some embodiments central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor or other data processing chips store in the memory 11 for running Program code or processing data, such as operation processing system 10 etc..
The network interface 13 may include the radio network interface of standard, wired network interface, and the network interface 13 is usual For establishing communication connection between the inquiry method, apparatus 1 and other electronic equipments.
The processing system 10 is stored in memory 11, can including at least one computer being stored in memory 11 Reading instruction, at least one computer-readable instruction can be executed by processor device 12, the method to realize each embodiment of the application; And the function that at least one computer-readable instruction is realized according to its each section is different, can be divided into different logics Module.
In one embodiment, following steps are realized when above-mentioned processing system 10 is executed by the processor 12:
The first private key is generated, based on first private key and scheduled commutative encryption algorithm to personal information to be checked Encryption obtains the first encryption information, carries out desensitization process to the personal information and obtains desensitization information, and by the first encryption information And desensitization information is sent to service method, apparatus;
The the first encryption subset and the second encryption information that the service method, apparatus returns are received, first private key is based on And the commutative encryption algorithm is encrypted to obtain the second encryption subset, base to every data in the first encryption subset In the second encryption subset and second encryption information determine the personal information with the presence or absence of in the list, described the One encryption subset is that the service method, apparatus is obtained based on the scheduled list of desensitization information inquiry, second encryption information It is obtained for the service method, apparatus based on the commutative encryption algorithm and the second private key encryption itself generated.
Further, described that the step of desensitization process obtains desensitization information is carried out to the personal information, it specifically includes: obtaining Take the characteristic information of the personal information and the data volume of the list, characteristic information and the name based on the personal information Single data volume determines the data bit and data volume that desensitization process is carried out to the personal information.
It is the Program modual graph of processing system 10 in Fig. 1 referring to shown in Fig. 2.The processing system 10 is divided into multiple Module, multiple module are stored in memory 12, and are executed by processor 13, to complete the present invention.The present invention is so-called Module is the series of computation machine program instruction section for referring to complete specific function.
The processing system 10 can be divided into: processing module 101 and determining module 102.
The processing module 101 is calculated for generating the first private key based on first private key and scheduled commutative encryption Method encrypts personal information to be checked to obtain the first encryption information, carries out desensitization process to the personal information and obtains desensitization letter Breath, and the first encryption information and desensitization information are sent to service method, apparatus;
The determining module 102, for receiving the first encryption subset and the second encryption that the service method, apparatus returns Information adds every data in the first encryption subset based on first private key and the commutative encryption algorithm It is close to obtain the second encryption subset, whether the personal information is determined based on the second encryption subset and second encryption information There are in the list, the first encryption subset is that the service method, apparatus is based on the scheduled list of desensitization information inquiry It obtains, second encryption information is the service method, apparatus based on the commutative encryption algorithm and the second private itself generated Key encrypts to obtain.
As shown in fig.3, being the schematic diagram of the hardware structure of present invention service one embodiment of method, apparatus.Service method, apparatus 2 It is that one kind can be according to the instruction for being previously set or storing, the automatic equipment for carrying out numerical value calculating and/or information processing.It is described Service method, apparatus 2 can be computer, be also possible to single network server, multiple network servers composition server group or The cloud that a large amount of hosts or network server is made of of the person based on cloud computing, wherein cloud computing is one kind of distributed computing, A super virtual computer consisting of a loosely coupled set of computers.
In the present embodiment, service method, apparatus 2 may include, but be not limited only to, and connection can be in communication with each other by system bus Memory 21, processor 22, network interface 23, memory 21 is stored with the processing system 20 that can be run on processor 22. It should be pointed out that Fig. 3 illustrates only the service method, apparatus 2 with component 21-23, it should be understood that being not required for reality Apply all components shown, the implementation that can be substituted is more or less component.
Wherein, memory 21, processor 22, network interface 23 connect with above-mentioned memory 11, processor 12, network substantially Mouthfuls 13 respectively correspond it is similar, can respectively refering to above-mentioned memory 11, processor 12, network interface 13 function and other retouch Part is stated, details are not described herein again.
The processing system 20 is stored in memory 21, can including at least one computer being stored in memory 21 Reading instruction, at least one computer-readable instruction can be executed by processor device 22, the method to realize each embodiment of the application; And the function that at least one computer-readable instruction is realized according to its each section is different, can be divided into different logics Module.
In one embodiment, following steps are realized when above-mentioned processing system 20 is executed by the processor 22:
Receive the first encryption information and desensitization information that inquiry method, apparatus is sent, the clear portion inquiry based on desensitization information Scheduled list, obtains list subset, and first encryption information is that the inquiry method, apparatus is based on scheduled commutative encryption Algorithm and the first private key encryption itself generated obtain, and the desensitization information is the personal letter that the inquiry method, apparatus treats inquiry Breath carries out desensitization process and obtains;
The second private key is generated, based on second private key and the commutative encryption algorithm to every in the list subset Data is encrypted to obtain the first encryption subset, and based on second private key and the commutative encryption algorithm to described the One encryption information encrypts to obtain the second encryption information, and the first encryption subset and the second encryption information are sent to the inquiry Method, apparatus.
Further, when the processing system is executed by the processor, following steps are also realized:
Whether the quantity for analyzing the sub- intensive data of the list is less than scheduled quantity;
If so, carry out expansion processing to the list subset, so that the quantity of the sub- intensive data of the list is greater than etc. In scheduled quantity;
If it is not, then being handled without expansion.
It is the Program modual graph of processing system 20 in Fig. 3 referring to shown in Fig. 4.The processing system 20 is divided into multiple Module, multiple module are stored in memory 22, and are executed by processor 23, to complete the present invention.The present invention is so-called Module is the series of computation machine program instruction section for referring to complete specific function.
The processing system 20 can be divided into: enquiry module 201 and encrypting module 202.
The enquiry module 201, for receiving the first encryption information and desensitization information that inquiry method, apparatus is sent, based on de- The clear portion of quick information inquires scheduled list, obtains list subset, and first encryption information is the inquiry method, apparatus It is obtained based on scheduled commutative encryption algorithm and the first private key encryption itself generated, the desensitization information is the issuer Equipment carries out desensitization process to personal information to be checked and obtains;
The encrypting module 202 is based on second private key and the commutative encryption algorithm for generating the second private key Encrypted to obtain the first encryption subset to every data in the list subset, and based on second private key and it is described can Exchange Encryption Algorithm encrypts to obtain the second encryption information to first encryption information, and the first encryption subset and second are added Confidential information is sent to the inquiry method, apparatus.
Above-mentioned inquiry method, apparatus 1 and the concrete principle for servicing method, apparatus 2 please refer to the method that following Fig. 5 are inquired about list Flow chart introduction.
As shown in figure 5, Fig. 5 is the flow diagram of one embodiment of method of list of the present invention inquiry, this method includes such as Lower step:
Step S1, inquiry method, apparatus generate the first private key, are based on first private key and scheduled commutative encryption algorithm Personal information to be checked is encrypted to obtain the first encryption information, desensitization process is carried out to the personal information and obtains desensitization letter Breath, and the first encryption information and desensitization information are sent to service method, apparatus;
Preferably, scheduled commutative encryption algorithm can use Diffie-Hellman (diffie-hellman is graceful) key The characteristics of exchange agreement, commutative encryption algorithm is successively to encrypt the same data with different keys, obtained result and encryption Order is unrelated, and note Encryption Algorithm is F, if having F with key K1 and K2 encryption message M respectivelyK1(FK2(M))=FK2(FK1 (M))。
In the present embodiment, desensitization process is not stringent data encryption technology, but desensitization process, specifically includes: obtaining Take the characteristic information of the personal information and the data volume of the list, characteristic information and the name based on the personal information Single data volume determines the data bit and data volume that desensitization process is carried out to the personal information.
Wherein, personal information desensitize which data bit and desensitization how many position, need according to the characteristic information of personal information with And the data volume of list determines, to guarantee that the list subset obtained every time is not too large, reduces computation degree and exchange Data volume.
For the characteristic information of personal information comprising sensitive information and/or random information, can preferentially to characteristic information into Row desensitization process.If personal information is ID card No., sensitive information is birthdate, and random information is latter 4;Such as Fruit personal information is phone number, then first 3 are Network ID, and intermediate 4 are area code, and latter 4 are random code, then First 3 and intermediate 4 desensitization process have little significance, and latter 4 have randomness, and latter 4 of general desensitization process phone number. Certainly, in the case where characteristic information is less, other information can also carry out desensitization process simultaneously, and desensitization process can be hiding Characteristic information.
For the size of data volume in list, issuer can request to service side, obtain the size of data volume in list; If issuer is unable to get the size of data volume in list, the size of data volume in list can be evaluated whether, for example, certain The membership list in the shop a * * can be evaluated whether that the quantity of member is hundreds of people or thousands of people.
The size of data volume in characteristic information and list based on above-mentioned personal information, determine to the personal information into The data bit and data volume of row desensitization process, can be pre-configured with the pass of the characteristic information of personal information and the data bit of desensitization process The data magnitude relation of data volume and desensitization process, can determine carry out desensitization process based on both relationships in system and list Data bit and data volume.For example, being less than scheduled data volume if data volume is smaller in list, then confidentiality is especially heavy It wants, in order to improve confidentiality, the characteristic information in personal information can be desensitized compared with multidigit;If data volume is larger in list, So search efficiency is more important, and in order to improve search efficiency, the characteristic information in personal information can be desensitized less bits.
For example, one 18 110101199003076974 desensitization process of ID card No. are hidden last 8 and are obtained 1101011990xxxxxxxx, or to 11 phone numbers 13812341234 hide last 4 obtain P '= 1381234xxxx。
Step S2, the service method, apparatus receive first encryption information and desensitization information that inquiry method, apparatus is sent, Clear portion based on desensitization information inquires scheduled list, obtains list subset;
In the present embodiment, after service method, apparatus receives the first encryption information that inquiry method, apparatus is sent and desensitization information, by In the first private key that can not obtain issuer, also the first encryption information can not just be decrypted, and also can not be quasi- by desensitization information Determine corresponding personal information, therefore, service side can not know the personal information to be inquired of issuer, can guarantee to inquire The safety of the personal information to be inquired of side.
The scheduled list of clear portion inquiry that method, apparatus passes through desensitization information is serviced, for example, service method, apparatus is by taking off Quick information " phone number 1381234xxxx " inquires phone number all in list, inquires in list and open with 1381234 All phone numbers of head, obtain a list subset.If personal information in list, is bound in list subset In;If personal information, centainly will not be in list subset not in list.
Further, service method, apparatus is after inquiry obtains list subset, in order to further increase the peace of personal information Quan Xing services method, apparatus after inquiry obtains list subset, further comprising the steps of:
Whether the quantity for analyzing the sub- intensive data of the list is less than scheduled quantity;
If so, carry out expansion processing to the list subset, so that the quantity of the sub- intensive data of the list is greater than etc. In scheduled quantity;
If it is not, then being handled without expansion.
Wherein, if the quantity of the sub- intensive data of list is less than scheduled quantity (for example, less than 10), either for 0 Units, be easy to reveal some Partial Features about list subset: the quantity of the data of list subset is 0, then explanation should For personal information not in list, this also just reveals personal information;The quantity of the data of list subset is units, then due to number Amount is smaller, reduces range, it is likely that service side can guess out the personal information.Therefore, it is necessary to expand list subset Processing, it is preferable that select illegal data extending into list subset, so that the quantity of the sub- intensive data of list is more than or equal to Scheduled quantity.By taking phone number as an example, some similar 99912345678 can be supplemented as data into list subset, These illegal data of supplement will not reveal any information, and will not have any influence to final query result.
Step S3, the service method, apparatus generate the second private key, are calculated based on second private key and the commutative encryption Method is encrypted to obtain the first encryption subset to every data in the list subset, and based on second private key and described Commutative encryption algorithm encrypts to obtain the second encryption information to first encryption information, by the first encryption subset and second Encryption information is sent to the inquiry method, apparatus;
In the present embodiment, the second private key of service side's equipment utilization and commutative encryption algorithm are to every number in list subset According to progress first time encryption, and second is carried out to the first encryption information using the second private key and commutative encryption algorithm and is encrypted.
Step S4, the inquiry method, apparatus receive the first encryption subset and the second encryption letter that service method, apparatus returns Breath encrypts every data in the first encryption subset based on first private key and the commutative encryption algorithm The second encryption subset is obtained, determines whether the personal information deposits based on the second encryption subset and second encryption information In the list.
Wherein, after inquiry method, apparatus receives the first encryption subset and the second encryption information that service method, apparatus returns, due to The second private key of service side can not be obtained, also just can not be to the first encryption subset decryption, therefore issuer can not aware service side List, can guarantee the safety of the list information of service side.
Wherein, it after inquiry method, apparatus receives the first encryption subset and the second encryption information that service method, apparatus returns, utilizes First private key and commutative encryption algorithm carry out second to every data in the first encryption subset and encrypt.
Wherein, determine the personal information with the presence or absence of institute based on the second encryption subset and second encryption information The step in list is stated, is specifically included:
Whether inquire in the second encryption subset has data identical with second encryption information;
If so, determining the personal information, there are in the list;
If not, it is determined that there is no in the list for the personal information.
These characteristics of the present embodiment based on commutative encryption algorithm, inquiry method, apparatus pass through in inquiry the second encryption subset Whether with second encryption information identical data are had, if the second encryption is concentrated with data identical with the second encryption information, Then determine issuer personal information presence service side list in, if second encryption subset in not with the second encryption information Identical data, it is determined that there is no in the list of service side for the personal information of issuer.
Wherein, inquiry method, apparatus is locally carrying out search operation, and final query result will not be known by servicing method, apparatus (i.e. whether personal information is in list), can guarantee the safety of information.
It is illustrated by taking inquiry mobile phone number blacklist as an example below:
1, whether issuer A thinks inquiry mobile phone number P=13812340004 in the blacklist library of service side B.Service side The blacklist library of B includes these numbers { 13812340001,13812340002,13812340004 };
2, issuer A utilizes private key KA and scheduled commutative encryption algorithm for encryption phone number P, obtains FKA (13812340004), and desensitization process phone number P, 1381234xxxx is obtained, FKA(13812340004) and 1381234xxxx is sent to service side B;
3, service side B inquires oneself blacklist library using 1381234xxxx, find 3 records 13812340001, 13812340002,13812340004 } meet condition, but quantity is less than 10, this list subset is done random expansion by service side B Exhibition, is filled into 10 datas: 13812340001,13812340002,13812340004,99912340001, 99912340002,99912340003,99912340004,99912340005,99912340006,99912340007 };
Using private key KB and the every data of commutative encryption algorithm for encryption, the first encryption subset { F is obtainedKB (13812340001), FKB(13812340002), FKB(13812340004), FKB(99912340001), FKB (99912340002), FKB(99912340003), FKB(99912340004), FKB(99912340005), FKB (99912340006), FKB(99912340007)};
Meanwhile service side B is to FKA(13812340004) it is encrypted again, obtains calculating FKB(FKA (13812340004)) the two results after encryption finally, are passed back issuer A.
4, issuer A encrypts every data { F in subset using private key KA and commutative encryption algorithm for encryption firstKA (FKB(13812340001)), FKA(FKB(13812340002)), FKA(FKB(13812340004)), FKA(FKB (99912340001)), FKA(FKB(99912340002)), FKA(FKB(99912340003)), FKA(FKB(99912340004)), FKA(FKB(99912340005)), FKA(FKB(99912340006)), FKA(FKB(99912340007)) the second encryption }, is obtained Collection;
Due to FKB(FKAAnd F (13812340004))KA(FKB(13812340004)) equal, issuer A this second plus This item data can be found in close subset, this turns out 13812340004 in the blacklist library of service B.During being somebody's turn to do, What service side B was not aware that issuer A inquiry is 13812340004 this number, and issuer A does not know that service side B's is black yet It specifically include any number in list library.
In addition, the embodiment of the present invention also proposes a kind of computer readable storage medium, the computer readable storage medium It can be hard disk, multimedia card, SD card, flash card, SMC, read-only memory (ROM), Erasable Programmable Read Only Memory EPROM (EPROM), any one in portable compact disc read-only memory (CD-ROM), USB storage etc. or several timess Meaning combination.It include processing system, the function which realizes when being executed by processor in the computer readable storage medium Can, the above-mentioned introduction about inquiry method, apparatus in Fig. 5 or service method, apparatus is please referred to, details are not described herein.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, device, article or the method that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, device, article or method institute it is intrinsic Element.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in a storage medium In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, computer, clothes Business device, air conditioner or the network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of method of list inquiry, which is characterized in that the method for the list inquiry includes:
It inquires method, apparatus and generates the first private key, based on first private key and scheduled commutative encryption algorithm to be checked People's information encrypts to obtain the first encryption information, carries out desensitization process to the personal information and obtains desensitization information, and first is added Confidential information and desensitization information are sent to service method, apparatus;
The service method, apparatus receives first encryption information and desensitization information that inquiry method, apparatus is sent, based on desensitization information Clear portion inquire scheduled list, obtain list subset;
The service method, apparatus generates the second private key, based on second private key and the commutative encryption algorithm to the list Every data in subset is encrypted to obtain the first encryption subset, and is calculated based on second private key and the commutative encryption Method encrypts to obtain the second encryption information to first encryption information, and the first encryption subset and the second encryption information are sent To the inquiry method, apparatus;
The inquiry method, apparatus receives the first encryption subset and the second encryption information that service method, apparatus returns, based on described First private key and the commutative encryption algorithm to every data in the first encryption subset encrypted to obtain second plus Close subset determines the personal information with the presence or absence of the list based on the second encryption subset and second encryption information In.
2. the method for list inquiry according to claim 1, which is characterized in that described to desensitize to the personal information Processing obtains the step of desensitization information, specifically includes:
Obtain the characteristic information of the personal information and the data volume of the list, characteristic information based on the personal information and The data volume of the list determines the data bit and data volume that desensitization process is carried out to the personal information.
3. the method for list inquiry according to claim 1, which is characterized in that the service method, apparatus receives issuer and sets First encryption information and desensitization information that preparation is sent, the clear portion based on desensitization information are inquired scheduled list, are obtained After the step of list subset, further includes:
Whether the quantity for analyzing the sub- intensive data of the list is less than scheduled quantity;
If so, expansion processing is carried out to the list subset, so that the quantity of the sub- intensive data of the list is more than or equal in advance Fixed quantity;
If it is not, then being handled without expansion.
4. the method for list inquiry according to any one of claims 1 to 3, which is characterized in that described to be based on described second Encryption subset and second encryption information determine that the personal information with the presence or absence of the step in the list, specifically includes:
Whether inquire in the second encryption subset has data identical with second encryption information;
If so, determining the personal information, there are in the list;
If not, it is determined that there is no in the list for the personal information.
5. a kind of inquiry method, apparatus, which is characterized in that the inquiry method, apparatus includes memory and connect with the memory Processor is stored with the processing system that can be run on the processor in the memory, and the processing system is by the place Reason device realizes following steps when executing:
The first private key is generated, personal information to be checked is encrypted based on first private key and scheduled commutative encryption algorithm The first encryption information is obtained, desensitization process is carried out to the personal information and obtains desensitization information, and by the first encryption information and is taken off Quick information is sent to service method, apparatus;
The the first encryption subset and the second encryption information that the service method, apparatus returns are received, first private key and institute are based on It states commutative encryption algorithm every data in the first encryption subset is encrypted to obtain the second encryption subset, is based on institute It states the second encryption subset and second encryption information determines the personal information with the presence or absence of in the list, described first adds Close subset is that the service method, apparatus is obtained based on the scheduled list of desensitization information inquiry, and second encryption information is institute Service method, apparatus is stated to obtain based on the commutative encryption algorithm and the second private key encryption itself generated.
6. inquiry method, apparatus according to claim 5, which is characterized in that described to carry out desensitization process to the personal information The step of obtaining desensitization information, specifically includes:
Obtain the characteristic information of the personal information and the data volume of the list, characteristic information based on the personal information and The data volume of the list determines the data bit and data volume that desensitization process is carried out to the personal information.
7. a kind of service method, apparatus, which is characterized in that the service method, apparatus includes memory and connect with the memory Processor is stored with the processing system that can be run on the processor in the memory, and the processing system is by the place Reason device realizes following steps when executing:
The first encryption information and desensitization information that inquiry method, apparatus is sent are received, the clear portion inquiry based on desensitization information is predetermined List, obtain list subset, first encryption information is the inquiry method, apparatus based on scheduled commutative encryption algorithm And the first private key encryption that itself is generated obtains, the desensitization information be the inquiry method, apparatus treat the personal information of inquiry into Row desensitization process obtains;
The service method, apparatus generates the second private key, based on second private key and the commutative encryption algorithm to the list Every data in subset is encrypted to obtain the first encryption subset, and is calculated based on second private key and the commutative encryption Method encrypts to obtain the second encryption information to first encryption information, and the first encryption subset and the second encryption information are sent To the inquiry method, apparatus.
8. service method, apparatus according to claim 7, which is characterized in that the processing system is executed by the processor When, also realize following steps:
Whether the quantity for analyzing the sub- intensive data of the list is less than scheduled quantity;
If so, expansion processing is carried out to the list subset, so that the quantity of the sub- intensive data of the list is more than or equal in advance Fixed quantity;
If it is not, then being handled without expansion.
9. a kind of computer readable storage medium, which is characterized in that be stored with processing system on the computer readable storage medium System realizes inquiry method, apparatus execution according to any one of claims 1 to 4 when the processing system is executed by processor The step of method.
10. a kind of computer readable storage medium, which is characterized in that be stored with processing system on the computer readable storage medium System realizes service method, apparatus execution according to any one of claims 1 to 4 when the processing system is executed by processor The step of method.
CN201910720387.0A 2019-08-01 2019-08-01 List query method, query party device, service party device and storage medium Active CN110457945B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910720387.0A CN110457945B (en) 2019-08-01 2019-08-01 List query method, query party device, service party device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910720387.0A CN110457945B (en) 2019-08-01 2019-08-01 List query method, query party device, service party device and storage medium

Publications (2)

Publication Number Publication Date
CN110457945A true CN110457945A (en) 2019-11-15
CN110457945B CN110457945B (en) 2021-03-02

Family

ID=68485003

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910720387.0A Active CN110457945B (en) 2019-08-01 2019-08-01 List query method, query party device, service party device and storage medium

Country Status (1)

Country Link
CN (1) CN110457945B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111177769A (en) * 2020-04-10 2020-05-19 支付宝(杭州)信息技术有限公司 Private data protection list query method and related list query system
CN111461728A (en) * 2020-03-31 2020-07-28 支付宝(杭州)信息技术有限公司 Risk identification method, device and system
CN112182107A (en) * 2020-09-29 2021-01-05 中国平安财产保险股份有限公司 Method and device for acquiring list data, computer equipment and storage medium
CN112836239A (en) * 2021-02-19 2021-05-25 支付宝(杭州)信息技术有限公司 Method and device for cooperatively determining target object data by two parties for protecting privacy
CN112989027A (en) * 2021-02-01 2021-06-18 中金金融认证中心有限公司 Method for querying lists and for providing list query service and related products
CN113254957A (en) * 2019-11-26 2021-08-13 支付宝(杭州)信息技术有限公司 Data query method, device, equipment and system based on privacy information protection
CN113434890A (en) * 2021-07-07 2021-09-24 海通证券股份有限公司 Data query method and system and readable storage medium
CN113434906A (en) * 2021-07-05 2021-09-24 平安科技(深圳)有限公司 Data query method and device, computer equipment and storage medium
CN114840867A (en) * 2022-07-01 2022-08-02 北京融数联智科技有限公司 Data query method, device and system based on exchangeable encrypted data confusion
CN115544579A (en) * 2022-11-24 2022-12-30 北京融数联智科技有限公司 Double-random data confusion query method, device and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004081816A1 (en) * 2003-03-13 2004-09-23 International Business Machines Corporation Secure database access through partial encryption
WO2004111873A3 (en) * 2003-06-09 2005-04-07 Ibm Database query processing across two private databases
CN103345526A (en) * 2013-07-22 2013-10-09 武汉大学 Efficient privacy protection encrypted message querying method in cloud environment
CN106033461A (en) * 2015-03-19 2016-10-19 阿里巴巴集团控股有限公司 Sensitive information query method and apparatus
CN106844599A (en) * 2017-01-13 2017-06-13 华东师范大学 A kind of personalized privacy information search method based on data mapping
CN106909617A (en) * 2017-01-13 2017-06-30 华东师范大学 A kind of personalized privacy information search method based on data fitting
CN107682303A (en) * 2016-08-02 2018-02-09 北京宸信征信有限公司 Personal sensitive information encrypted query system and method
CN109165526A (en) * 2018-08-24 2019-01-08 武汉丰普科技股份有限公司 A kind of big data security and privacy guard method, device and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004081816A1 (en) * 2003-03-13 2004-09-23 International Business Machines Corporation Secure database access through partial encryption
WO2004111873A3 (en) * 2003-06-09 2005-04-07 Ibm Database query processing across two private databases
CN103345526A (en) * 2013-07-22 2013-10-09 武汉大学 Efficient privacy protection encrypted message querying method in cloud environment
CN106033461A (en) * 2015-03-19 2016-10-19 阿里巴巴集团控股有限公司 Sensitive information query method and apparatus
CN107682303A (en) * 2016-08-02 2018-02-09 北京宸信征信有限公司 Personal sensitive information encrypted query system and method
CN106844599A (en) * 2017-01-13 2017-06-13 华东师范大学 A kind of personalized privacy information search method based on data mapping
CN106909617A (en) * 2017-01-13 2017-06-30 华东师范大学 A kind of personalized privacy information search method based on data fitting
CN109165526A (en) * 2018-08-24 2019-01-08 武汉丰普科技股份有限公司 A kind of big data security and privacy guard method, device and storage medium

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113254957A (en) * 2019-11-26 2021-08-13 支付宝(杭州)信息技术有限公司 Data query method, device, equipment and system based on privacy information protection
CN113254957B (en) * 2019-11-26 2022-04-08 支付宝(杭州)信息技术有限公司 Data query method, device, equipment and system based on privacy information protection
CN111461728A (en) * 2020-03-31 2020-07-28 支付宝(杭州)信息技术有限公司 Risk identification method, device and system
CN111461728B (en) * 2020-03-31 2023-03-10 支付宝(杭州)信息技术有限公司 Risk identification method, device and system
CN111177769A (en) * 2020-04-10 2020-05-19 支付宝(杭州)信息技术有限公司 Private data protection list query method and related list query system
CN112182107B (en) * 2020-09-29 2023-11-03 中国平安财产保险股份有限公司 List data acquisition method, device, computer equipment and storage medium
CN112182107A (en) * 2020-09-29 2021-01-05 中国平安财产保险股份有限公司 Method and device for acquiring list data, computer equipment and storage medium
CN112989027A (en) * 2021-02-01 2021-06-18 中金金融认证中心有限公司 Method for querying lists and for providing list query service and related products
CN112989027B (en) * 2021-02-01 2024-04-12 中金金融认证中心有限公司 Method for querying lists and for providing list querying services and related products
CN112836239A (en) * 2021-02-19 2021-05-25 支付宝(杭州)信息技术有限公司 Method and device for cooperatively determining target object data by two parties for protecting privacy
CN113434906A (en) * 2021-07-05 2021-09-24 平安科技(深圳)有限公司 Data query method and device, computer equipment and storage medium
CN113434906B (en) * 2021-07-05 2024-01-16 平安科技(深圳)有限公司 Data query method, device, computer equipment and storage medium
CN113434890A (en) * 2021-07-07 2021-09-24 海通证券股份有限公司 Data query method and system and readable storage medium
CN114840867A (en) * 2022-07-01 2022-08-02 北京融数联智科技有限公司 Data query method, device and system based on exchangeable encrypted data confusion
CN115544579A (en) * 2022-11-24 2022-12-30 北京融数联智科技有限公司 Double-random data confusion query method, device and system

Also Published As

Publication number Publication date
CN110457945B (en) 2021-03-02

Similar Documents

Publication Publication Date Title
CN110457945A (en) Method, inquiry method, apparatus, service method, apparatus and the storage medium of list inquiry
US11531732B2 (en) Systems and methods for providing identity assurance for decentralized applications
EP2731044B1 (en) Client computer for querying a database stored on a server via a network
US8850593B2 (en) Data management using a virtual machine-data image
CN106022155B (en) Method and server for database security management
US6839437B1 (en) Method and apparatus for managing keys for cryptographic operations
US9628274B1 (en) Hardening tokenization security and key rotation
US8954753B2 (en) Encrypting data in volatile memory
US20150026462A1 (en) Method and system for access-controlled decryption in big data stores
WO2021012548A1 (en) Blockchain-based data processing method and system, and electronic apparatus and storage medium
CN113420049B (en) Data circulation method, device, electronic equipment and storage medium
CN113743955A (en) Food material traceability data security access control method based on intelligent contract
CN114398623A (en) Method for determining security policy
CN115694921B (en) Data storage method, device and medium
US12032707B2 (en) Secure digital record with improved data update and sharing
JP6965885B2 (en) Information processing equipment, information processing methods, and programs
JP2009064126A (en) Ic card system, terminal device therefor and program
CN110134339A (en) A kind of data guard method and system based on file virtual disk
CN116910788B (en) Searchable encryption management method and device for service data and storage medium
CN115470525B (en) File protection method, system, computing device and storage medium
CN118133326B (en) Data encryption transmission system based on chip
US20130036474A1 (en) Method and Apparatus for Secure Data Representation Allowing Efficient Collection, Search and Retrieval
Astudillo et al. Multi-user Searchable Attribute Based Encryption for Outsourced Big Data
CN117493335A (en) Report processing method, report processing device, report processing equipment, storage medium and computer program product
CN116842541A (en) Data encryption and decryption processing method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant