CN110636070B - Data sending method, data query method, device, electronic equipment and system - Google Patents

Data sending method, data query method, device, electronic equipment and system Download PDF

Info

Publication number
CN110636070B
CN110636070B CN201910917092.2A CN201910917092A CN110636070B CN 110636070 B CN110636070 B CN 110636070B CN 201910917092 A CN201910917092 A CN 201910917092A CN 110636070 B CN110636070 B CN 110636070B
Authority
CN
China
Prior art keywords
ciphertext
data
blinding
target data
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910917092.2A
Other languages
Chinese (zh)
Other versions
CN110636070A (en
Inventor
尹栋
李漓春
王华忠
殷山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN201910917092.2A priority Critical patent/CN110636070B/en
Publication of CN110636070A publication Critical patent/CN110636070A/en
Application granted granted Critical
Publication of CN110636070B publication Critical patent/CN110636070B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The specification provides embodiments of a data transmission method, a data query method, a device, an electronic device and a system. The method comprises the following steps: blinding the target data identification according to the first blinding factor to obtain a first blinding result; sending a first blinding result to a data side; receiving a first blinding result ciphertext sent by a data side; blinding the first blinding result ciphertext according to the first blinding factor to obtain a first ciphertext of the target data identifier; inquiring a target data ciphertext locally according to the first ciphertext of the target data identifier; blinding the target data identification according to a second blinding factor to obtain a second blinding result; sending a second blinding result to the data side; receiving a second blinding result ciphertext sent by the data side; blinding the second blinding result ciphertext according to the second blinding factor to obtain a second ciphertext of the target data identifier; and decrypting the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data.

Description

Data sending method, data query method, device, electronic equipment and system
Technical Field
The embodiment of the specification relates to the technical field of computers, in particular to a data sending method, a data query method, a data sending device, electronic equipment and a data query system.
Background
With the development of internet technology, the privacy protection of data is more and more emphasized.
In some cases, the querying party needs to query the data party for the data needed by itself. For this, the inquiring party needs to send a data identification to the data party. The data party can receive the data identification; data matching the data identification may be queried; the data may be sent to the inquiring party. The querier may receive the data.
In the query process, the data side can know which data the query side wants to query, and privacy protection cannot be realized.
Disclosure of Invention
The embodiment of the specification provides a data sending method, a data query device, electronic equipment and a data sending system, so as to realize anonymous query.
In order to achieve the above purpose, one or more embodiments in the present specification provide the following technical solutions.
According to a first aspect of one or more embodiments of the present specification, there is provided a data transmission method, applied to a data side, including: encrypting the data identifier according to the first key to obtain a first ciphertext of the data identifier; encrypting the data identifier according to the second key to obtain a second ciphertext of the data identifier; encrypting the data according to the second ciphertext of the data identifier to obtain a data ciphertext; and sending the first ciphertext of the data identifier and the data ciphertext to the inquiring party, or sending the code of the first ciphertext of the data identifier and the data ciphertext to the inquiring party.
According to a second aspect of one or more embodiments of the present specification, there is provided a data transmission method, applied to a data side, including: receiving a first blinded result sent by an inquiring party, wherein the first blinded result is obtained by blinding a target data identifier according to a first blinding factor, and the target data identifier is used for identifying target data to be inquired by the inquiring party; encrypting the first blinded result according to the first key; sending a first blinded result ciphertext to the inquiring party; receiving a second blinding result sent by the inquiring party, wherein the second blinding result is obtained by blinding the target data identifier according to a second blinding factor; encrypting the second blinded result according to the second key; and sending the second blinded result ciphertext to the inquiring party.
According to a third aspect of one or more embodiments of the present specification, there is provided a data query method, applied to a querying party, including: blinding a target data identifier according to a first blinding factor to obtain a first blinding result, wherein the target data identifier is used for identifying target data to be inquired; sending a first blinding result to a data side; receiving a first blinding result ciphertext sent by a data side; blinding the first blinding result ciphertext according to the first blinding factor to obtain a first ciphertext of the target data identifier; inquiring a target data ciphertext locally according to the first ciphertext of the target data identifier; blinding the target data identification according to a second blinding factor to obtain a second blinding result; sending a second blinding result to the data side; receiving a second blinding result ciphertext sent by the data side; blinding the second blinding result ciphertext according to the second blinding factor to obtain a second ciphertext of the target data identifier; and decrypting the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data.
According to a fourth aspect of one or more embodiments of the present specification, there is provided a data transmission apparatus, applied to a data side, including: the first encryption unit is used for encrypting the data identifier according to the first key to obtain a first ciphertext of the data identifier; the second encryption unit is used for encrypting the data identifier according to a second key to obtain a second ciphertext of the data identifier; the third encryption unit is used for encrypting the data according to the second ciphertext of the data identifier to obtain a data ciphertext; and the sending unit is used for sending the first ciphertext of the data identifier and the data ciphertext to the inquiring party, or sending the code of the first ciphertext of the data identifier and the data ciphertext to the inquiring party.
According to a fifth aspect of one or more embodiments of the present specification, there is provided a data transmission apparatus applied to a data side, including: the first receiving unit is used for receiving a first blinding result sent by an inquiring party, wherein the first blinding result is obtained by blinding a target data identifier according to a first blinding factor, and the target data identifier is used for identifying target data to be inquired by the inquiring party; the first encryption unit is used for encrypting the first blinding result according to the first key; the first sending unit is used for sending a first blinding result ciphertext to the inquiring party; the second receiving unit is used for receiving a second blinding result sent by the inquiring party, and the second blinding result is obtained by blinding the target data identifier according to a second blinding factor; the second encryption unit is used for encrypting the second blinding result according to the second key; and the second sending unit is used for sending a second blinding result ciphertext to the inquiring party.
According to a sixth aspect of one or more embodiments of the present specification, there is provided a data query apparatus, applied to a querying party, including: the first blinding unit is used for blinding the target data identifier according to a first blinding factor to obtain a first blinding result, wherein the target data identifier is used for identifying target data to be queried; a first sending unit, configured to send a first blinding result to a data side; the first receiving unit is used for receiving a first blinding result ciphertext sent by a data side; the first blinding removing unit is used for removing blindness from the first blinding result ciphertext according to the first blinding factor to obtain a first ciphertext of the target data identifier; the query unit is used for locally querying the target data ciphertext according to the first ciphertext identified by the target data; the second blinding unit is used for blinding the target data identifier according to a second blinding factor to obtain a second blinding result; a second sending unit, configured to send a second blinding result to the data side; the second receiving unit is used for receiving a second blinding result ciphertext sent by the data side; the second blinding removing unit is used for removing blindness from the second blinding result ciphertext according to a second blinding factor to obtain a second ciphertext of the target data identifier; and the decryption unit is used for decrypting the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data.
According to a seventh aspect of one or more embodiments of the present specification, there is provided an electronic device comprising: a memory for storing computer instructions; a processor for executing the computer instructions to perform the method steps as described in the first aspect.
According to an eighth aspect of one or more embodiments of the present specification, there is provided an electronic apparatus comprising: a memory for storing computer instructions; a processor for executing the computer instructions to carry out the method steps according to the second aspect.
According to a ninth aspect of one or more embodiments of the present specification, there is provided an electronic device comprising: a memory for storing computer instructions; a processor for executing the computer instructions to perform the method steps according to the third aspect.
According to a tenth aspect of one or more embodiments of the present specification, there is provided a data query system comprising a data party and a query party; the data side is provided with the apparatus of the fifth aspect and the inquiring side is provided with the apparatus of the sixth aspect.
As can be seen from the technical solutions provided by the embodiments of the present specification, in the embodiments of the present specification, the querying party cannot know any data other than the target data, and the data party cannot know which data the querying party queries, so that anonymous query is implemented.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of a data query method according to an embodiment of the present disclosure;
FIG. 2 is a flow chart of a data query method according to an embodiment of the present disclosure;
FIG. 3 is a flow chart of a data query method according to an embodiment of the present disclosure;
FIG. 4 is a flow chart of a data query method according to an embodiment of the present disclosure;
fig. 5 is a functional structure diagram of a data query device according to an embodiment of the present disclosure;
FIG. 6 is a functional block diagram of a data query device according to an embodiment of the present disclosure;
FIG. 7 is a functional block diagram of a data query device according to an embodiment of the present disclosure;
fig. 8 is a functional structure diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
This specification provides one embodiment of a data query system.
In some embodiments, the data querying system may include a data party and a querying party.
The data side can be equipment such as a server, a mobile phone, a tablet computer or a personal computer; alternatively, the system may be a system including a plurality of devices, for example, a server cluster including a plurality of servers. The inquiring party can be equipment such as a server, a mobile phone, a tablet computer or a personal computer; alternatively, the system may be a system including a plurality of devices, for example, a server cluster including a plurality of servers.
In some embodiments, the data party may hold a data set. The data set may be implemented in a data table, a linear table, a queue, a stack, or a graph. The data set may include at least one data and at least one data identification, which may be used to identify one or more data. The data can be transaction data, user behavior data, account data or the like, and the data identification can be an account, or the generation time of the data or the like. In some embodiments, the data set may further include at least one version number, which may be used to distinguish between different versions of data. One data can be uniquely determined according to the data identification and the version number.
For example, the data set may be as shown in table 1 below.
TABLE 1
Figure BDA0002216426500000041
The data side can calculate a ciphertext set from the data set; may be used to provide the ciphertext set to a querier so that the querier can query locally. The specific calculation process can be seen in the following data query method embodiments.
In some embodiments, the querying party is configured to query the target data anonymously. In the process of anonymous query, the data side does not know which data the query side queries, nor does the query side know any other data except the target data. The inquiring party can inquire the target data according to the target data identification; alternatively, the target data may be queried according to the target data identifier and the version number of the target data. The target data identification is used for identifying the target data. The specific query process can be seen in the following data query method embodiments.
The present specification provides one embodiment of a data query method. This embodiment may include a preprocessing phase and a query phase. The preprocessing stage may include steps S101-S105, and the query stage may include steps S107-S129. When multiple queries are needed, the method steps of the preprocessing stage and the method steps of the query stage can be executed for multiple times; alternatively, the method steps of the preprocessing phase may be performed only once, while the method steps of the query phase may be performed multiple times.
Referring to fig. 1, the embodiment may include the following steps.
Step S101: the data side encrypts the data identifier according to the first secret key to obtain a first ciphertext of the data identifier; and encrypting the data identification according to the second key to obtain a second ciphertext of the data identification, and encrypting the data according to the second ciphertext of the data identification to obtain a data ciphertext.
In some embodiments, the first key and the second key are different. The first key may be a key of a symmetric encryption algorithm; or, the public key of the asymmetric encryption algorithm can be used; alternatively, it may be a private key of an asymmetric encryption algorithm. The second key may be a key of a symmetric encryption algorithm; or, the public key of the asymmetric encryption algorithm can be used; alternatively, it may be a private key of an asymmetric encryption algorithm. The symmetric encryption algorithm includes, but is not limited to, DES algorithm, AES algorithm, IDEA algorithm, etc., and the asymmetric encryption algorithm includes, but is not limited to, RSA algorithm, ECC (Elliptic Curve encryption algorithm), etc.
It should be noted that, when the first key is a private key of an asymmetric encryption algorithm, the encrypting the data identifier by the data party according to the first key may further be understood as: and the data party signs the data identification according to the first private key. Accordingly, the first ciphertext of the data identifier may also be understood as the first signature of the data identifier. When the second key is a private key of an asymmetric encryption algorithm, the data party encrypting the data identifier according to the second key can further understand that: and the data party signs the data identification according to the second private key. Accordingly, the second ciphertext of the data identifier may also be understood as a second signature of the data identifier.
In some embodiments, the data party may hold a data set, as previously described. The data side can thus encrypt the data identification in the data set according to the first key.
The data side can directly encrypt the data identification according to the first secret key.
Alternatively, the data side may also calculate the code of the data identifier, and may encrypt the code of the data identifier according to the first key. The encoding has irreversibility. Specifically, the encoding may be calculated from the data object (e.g., data identification, data, etc.), but the encoding may not be calculated from the data object. By encrypting the code of the data identification, the safety of the data identification can be improved. The encoding may be a hash value including, but not limited to, MD5, SHA1, SHA256, SHA384, SHA512, CRC32, and the like. Of course, the encoding may also be other forms of encoding.
In some embodiments, the data party may hold a data set, as previously described. The data side can thus encrypt the data identification in the data set according to the second key.
The data side can directly encrypt the data identification according to the second key.
Alternatively, the data side may also calculate the code of the data identifier, and may encrypt the code of the data identifier according to the second key. By encrypting the code of the data identification, the safety of the data identification can be improved.
Or, the data side may further generate a data identifier with a version number according to the data identifier and the version number of the data, and may encrypt the data identifier with the version number according to the second key. Therefore, by encrypting the data identifier with the version number, the inquiring party can uniquely inquire to obtain one target data according to the target data identifier and the version number of the target data. Specifically, the data party may splice the data identifier and the version number of the data to obtain the data identifier with the version number. For example, the data side may splice the version number of the data to the tail of the data identifier; alternatively, the version number of the data may be concatenated to the header of the data identifier. Of course, the data party may also generate the data identifier with the version number in other manners, for example, add the data identifier and the version number of the data.
In some embodiments, the data party may hold a data set, as previously described. In this way, the data side may encrypt the data in the data set according to the second ciphertext of the data identifier, where the data identifier may be used to identify the data. The data side may encrypt the data using a logical operation (e.g., an exclusive-or logical operation), a symmetric encryption algorithm (e.g., DES algorithm, AES algorithm, IDEA algorithm), an asymmetric encryption algorithm (e.g., RSA algorithm, ECC algorithm), and so on.
And the data side can directly encrypt the data according to the second ciphertext identified by the data.
Or, the data side may also calculate the code of the second ciphertext of the data identifier, and may encrypt the data according to the code of the second ciphertext of the data identifier. The length of the code of the second ciphertext of the data identifier may be smaller than the length of the second ciphertext of the data identifier. Therefore, the length of the obtained data ciphertext can be reduced, the communication traffic between the data side and the inquiring side (for example, the communication traffic between the data side and the inquiring side in the steps S103 to S105) can be reduced, and the storage space of the inquiring side can be saved.
Or, the data side may also generate data with a version number according to the data and the version number thereof, and may encrypt the data with the version number according to the second ciphertext identified by the data. By encrypting the data with the version number, the inquiring party can obtain one or more target data with the version number according to the target data identification inquiry. Specifically, the data side may splice the data and the version number thereof to obtain the data with the version number. For example, the data side may splice the version number of the data to the tail of the data; alternatively, the version number of the data may be concatenated to the header of the data. Of course, the data side may also generate the data with the version number in other manners, such as adding the version numbers of the data and the data.
In some scenario examples, the data party may calculate a data identification IDiHash value h (ID) ofi) (ii) a May be based on the first key a0For the hash value h (ID)i) Encrypting to obtain a first ciphertext of the data identifier
Figure BDA0002216426500000061
ID can be identified according to dataiAnd version number ciGenerating a data identity ID with a version numberi||ci(ii) a The data identification ID with version number can be calculatedi||ciHash value h (ID) ofi||ci) (ii) a Can be based on the second key a1For the hash value h (ID)i||ci) Encrypting to obtain a second ciphertext of the data identifier
Figure BDA0002216426500000062
The hash value of the second ciphertext of the data identifier may be calculated
Figure BDA0002216426500000063
Can be based on hash values
Figure BDA0002216426500000064
For dataiEncrypting to obtain data ciphertext
Figure BDA0002216426500000065
Wherein i is a positive integer, i is greater than or equal to 1 and less than or equal to n, n represents the number of data identifications (or data) in the data set, and | | represents the splicing processing.
Step S103: and the data side sends the first ciphertext of the data identifier and the data ciphertext to the inquiring side, or sends the code of the first ciphertext of the data identifier and the data ciphertext to the inquiring side.
In some embodiments, the data side may send the first ciphertext identified by the data and the data ciphertext to the querying side.
Or, the data side may further calculate the code of the first ciphertext of the data identifier, and may send the code of the first ciphertext of the data identifier and the data ciphertext to the querying side. On one hand, compared with the first ciphertext of the data identifier, the length of the code of the first ciphertext of the data identifier can be smaller, so that the communication traffic between the data side and the inquiring side can be reduced, the inquiring efficiency of the inquiring side can be improved, and the storage space of the inquiring side can be saved; on the other hand, when the first secret key is a private key of an asymmetric encryption algorithm, the code of the first ciphertext of the data identifier is sent to the inquiring party instead of the first ciphertext of the data identifier, so that the inquiring party can be prevented from decrypting the first ciphertext of the data identifier according to a public key corresponding to the private key, and the security of the data identifier can be improved.
In some embodiments, by sending the first ciphertext of the data identifier and the data ciphertext to the inquiring party in the preprocessing stage, or sending the code of the first ciphertext of the data identifier and the data ciphertext to the inquiring party, the data party may not need to send other data ciphertexts except the target data ciphertext to the inquiring party in the inquiring stage, and thus, the communication traffic between the inquiring party and the data party in the inquiring stage may be reduced.
Step S105: and the inquiring party receives the first ciphertext of the data identifier and the data ciphertext, or receives the coding of the first ciphertext of the data identifier and the data ciphertext.
In some embodiments, the data side may send the first ciphertext identified by the data and the data ciphertext to the querying side. The inquiring party can receive a first ciphertext of the data identifier and a data ciphertext; the first ciphertext of the data identifier and the data ciphertext may be used as the first ciphertext of the data identifier and the data ciphertext of the first set of ciphertexts, respectively. The first ciphertext set may include at least one data identifier first ciphertext and at least one data ciphertext, and each data identifier first ciphertext may correspond to one or more data ciphertexts. The first ciphertext set may be implemented by a data table, a linear table, a queue, a stack, or a graph.
In some embodiments, the data side may send to the querier an encoding of the first ciphertext identified by the data and the data ciphertext. The inquiring party can receive the code of the first ciphertext of the data identifier and the data ciphertext; the code of the first ciphertext identified by the data and the data ciphertext may be used as the code of the first ciphertext identified by the data in the second set of ciphertexts, respectively. The second ciphertext set may include at least one code of the first ciphertext of the data identifier and at least one data ciphertext, and each code of the first ciphertext of the data identifier may correspond to one or more data ciphertexts. The second ciphertext set may be implemented by using a data table, a linear table, a queue, a stack, or a graph.
Step S107: and the inquiring party blinds the target data identification according to the first blinding factor to obtain a first blinding result.
In some embodiments, when the target data needs to be queried, the querying party may perform blinding on the target data identifier according to a first blinding factor to obtain a first blinding result, where the target data identifier may be used to identify the target data. The first blind factor may be a random number. Therefore, the target data identification is blinded, so that a data party can be prevented from obtaining the real target data identification.
The inquirer can blindly identify the target data by any method. For example, the querying party may perform an exponential operation with the first blinding factor as an index and the target data identifier as a base number, and may use the operation result as a first blinding result.
In some embodiments, as described above, the data party may directly encrypt the data identification according to the first key at step S101. Therefore, the inquiring party can directly perform blinding on the target data identification according to the first blinding factor.
Alternatively, as mentioned above, the data side may also calculate the encoding of the data identifier in step S101, and the encoding of the data identifier may be encrypted according to the first key. In this way, the inquiring party can also calculate the code of the target data identifier, and can perform blinding on the code of the target data identifier according to the first blind factor.
In some scenario examples, the first key a0May be the private key of the ECC algorithm. The inquiring party can calculate the target data identification IDjHash value h (ID) ofj) Can be based on a first blind factor r0For the hash value h (ID)j) Blinding to obtain a first blinded result
Figure BDA0002216426500000081
j is a positive integer, and j is more than or equal to 1 and less than or equal to n.
In some scenario examples, the first key a0Private key, which may be the RSA algorithm, and private key a0The corresponding public key may be d0. The inquiring party can calculate the target data identification IDjHash value h (ID) ofj) Can be based on a first blind factor r0For the hash value h (ID)j) Blinding to obtain a first blinded result
Figure BDA0002216426500000082
j is a positive integer, and j is more than or equal to 1 and less than or equal to n.
Step S109: and the inquiry party sends a first blinded result to the data party.
Step S111: the data side receives a first blinding result; and encrypting the first blinding result according to the first key to obtain a first blinding result ciphertext.
In some embodiments, the data party may encrypt the first blinded result. Since the first blinding result is a result of blinding the target data identifier, the data side does not know the specific content of the encrypted object. It should be noted that, when the first key is a private key of an asymmetric encryption algorithm, the encrypting, by the data side, the first blinding result according to the first key may further be understood as: and the data party signs the first blinding result according to a private key. The data thus facilitates blind signature.
In some scenario examples, the first key a0May be the private key of the ECC algorithm. The data side can be based on the private key a0For the first blinded result
Figure BDA0002216426500000083
Encrypting to obtain a first blinded result ciphertext
Figure BDA0002216426500000084
In some scenario examples, the first key a0May be the private key of the RSA algorithm. The data side can be based on the private key a0For the first blinded result
Figure BDA0002216426500000085
Encrypting to obtain a first blinded result ciphertext
Figure BDA0002216426500000086
Step S113: and the data direction sends a first blinded result ciphertext to the inquiring party.
Step S115: the inquiring party receives the first blinded result ciphertext; and de-blinding the first blinding result ciphertext according to the first blinding factor to obtain a first ciphertext of the target data identifier.
In some embodiments, the querying party may perform blinding on the first blinding result ciphertext according to the first blinding factor to obtain an encryption result obtained by encrypting the target data identifier with the first key, that is, obtain the first ciphertext of the target data identifier. The method adopted by the inquiring party for blinding can correspond to the method adopted by the inquiring party for blinding in step S107. For example, in step S107, the querying party may perform an exponential operation with the first blinding factor as an index and the target data identifier as a base number, and may use the operation result as a first blinding result. Then, in step S115, the querying party may perform an exponential operation with the reciprocal of the first blind factor as an exponent and the target data identifier as a base, and may use the operation result as the first ciphertext of the target data identifier.
In some scenario examples, the querier may be based on a first blindness factor r0For the first blinded result ciphertext
Figure BDA0002216426500000091
Blindness is removed to obtain a first ciphertext of the target data identifier
Figure BDA0002216426500000092
In some scenario examples, the querier may be based on a first blindness factor r0For the first blinded result ciphertext
Figure BDA0002216426500000093
Blindness is removed to obtain a first ciphertext of the target data identifier
Figure BDA0002216426500000094
Step S117: and the inquiring party inquires the target data ciphertext locally according to the first ciphertext identified by the target data.
In some embodiments, the querying party may obtain the first ciphertext set through steps S101-S105 of the pre-processing stage. Therefore, the inquiring party can obtain one or more target data ciphertexts in a local first cipher text set according to the first cipher text query of the target data identification.
In some embodiments, the querier may obtain the second ciphertext set through steps S101-S105 of the pre-processing stage. The inquiring party can calculate the code of the first ciphertext of the target data identification; one or more target data ciphertexts can be obtained in the local second cipher text set according to the coding query of the first cipher text identified by the target data.
In some scenario examples, the querier may calculate a target numberFirst ciphertext identified by the data
Figure BDA0002216426500000095
Hash value of
Figure BDA0002216426500000096
Can be based on hash values
Figure BDA0002216426500000097
Local query of target data ciphertext
Figure BDA0002216426500000098
Step S119: and the inquiring party blinds the target data identification according to the second blinding factor to obtain a second blinding result.
In some embodiments, the second blind factor may be a random number. Therefore, the target data identification is blinded, so that a data party can be prevented from obtaining the real target data identification.
The inquirer can blindly identify the target data by any method. For example, the querying party may perform an exponential operation with the second blinding factor as an index and the target data identifier as a base number, and may use the operation result as a second blinding result.
In some embodiments, as described above, the data party may directly encrypt the data identification according to the second key at step S101. Therefore, the inquiring party can directly perform blinding on the target data identification according to the second blinding factor.
Alternatively, as mentioned above, the data side may also calculate the encoding of the data identifier in step S101, and the encoding of the data identifier may be encrypted according to the second key. In this way, the inquiring party can also calculate the code of the target data identifier, and can perform blinding on the code of the target data identifier according to the second blind factor.
Alternatively, as described above, in step S101, the data side may further generate a data identifier with a version number according to the data identifier and the version number of the data, and may encrypt the data identifier with the version number according to the second key. In this way, the inquiring party can also generate the target data identifier with the version number according to the target data identifier and the version number of the target data, and can blindly process the target data identifier with the version number according to the second blind factor.
In some scenario examples, the second key a1May be the private key of the ECC algorithm. The inquirer can identify ID according to target datajAnd its version number cjGenerating a target data identification ID with a version numberj||cj(ii) a The target data identification ID with version number can be calculatedj||cjHash value h (ID) ofj||cj) (ii) a May be based on a second blinding factor r1For the hash value h (ID)j||cj) Blinding to obtain a second blinded result
Figure BDA0002216426500000101
In some scenario examples, the second key a1Private key, which may be the RSA algorithm, and private key a1The corresponding public key may be d1. The inquirer can identify ID according to target datajAnd its version number cjGenerating a target data identification ID with a version numberj||cj(ii) a The target data identification ID with version number can be calculatedj||cjHash value h (ID) ofj||cj) (ii) a May be based on a second blinding factor r1For the hash value h (ID)j||cj) Blinding to obtain a second blinded result
Figure BDA0002216426500000102
Step S121: and the inquiry party sends a second blinded result to the data party.
Step S123: the data side receives a second blinding result; and encrypting the second blinding result according to the second key to obtain a second blinding result ciphertext.
In some embodiments, the data party may encrypt the second blinded result. Since the second blinding result is a result of blinding the target data identifier, the data side does not know the specific content of the encrypted object. It should be noted that, when the second key is a private key of an asymmetric encryption algorithm, the encrypting, by the data side, the second blinding result according to the second key may further be understood as: and the data party signs the second blinded result according to the private key. The data thus facilitates blind signature.
In some scenario examples, the second key a1May be the private key of the ECC algorithm. The data side can be based on the private key a1For the second blinded result
Figure BDA0002216426500000103
Encrypting to obtain a second blinded result ciphertext
Figure BDA0002216426500000104
In some scenario examples, the second key a1May be the private key of the RSA algorithm. The data side can be based on the private key a1For the second blinded result
Figure BDA0002216426500000105
Encrypting to obtain a second blinded result ciphertext
Figure BDA0002216426500000106
Step S125: and the data direction sends a second blinded result ciphertext to the inquiring party.
Step S127: the inquiring party receives the second blinded result ciphertext; and de-blinding the second blinding result ciphertext according to the second blinding factor to obtain a second ciphertext of the target data identifier.
In some embodiments, the querying party may perform blinding removal on the second blinding result ciphertext according to the second blinding factor to obtain an encryption result obtained by encrypting the target data identifier with the second key, that is, obtain the second ciphertext of the target data identifier. The method adopted by the inquiring party for blinding may correspond to the method adopted for blinding in step S119. For example, in step S119, the querying party may perform an exponential operation with the second blinding factor as an index and the target data identifier as a base number, and may use the operation result as a second blinding result. Then, in step S207, the inquiring party may perform an exponential operation with the reciprocal of the second blind factor as an exponent and the target data identifier as a base, and may use the operation result as a second ciphertext of the target data identifier.
In some scenario examples, the querier may be based on a second blindness factor r1For the second blinded result ciphertext
Figure BDA0002216426500000111
Blindness is removed to obtain a second ciphertext of the target data identifier
Figure BDA0002216426500000112
In some scenario examples, the querier may be based on a second blindness factor r1For the second blinded result ciphertext
Figure BDA0002216426500000113
Blindness is removed to obtain a second ciphertext of the target data identifier
Figure BDA0002216426500000114
Step S129: and the inquiring party decrypts the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data.
In some embodiments, as previously described, the data side may encrypt the data directly according to the second ciphertext identified by the data in step S101. Therefore, the inquiring party can decrypt the target data ciphertext directly according to the second ciphertext identified by the target data to obtain the target data.
Alternatively, as described above, the data side may also calculate the encoding of the second ciphertext of the data identifier in step S101, and may encrypt the data according to the encoding of the second ciphertext of the data identifier. Therefore, the inquiring party can also calculate the code of the second ciphertext of the target data identifier, and can decrypt the target data ciphertext according to the code of the second ciphertext of the target data identifier to obtain the target data.
Alternatively, as described above, in step S101, the data side may generate data with a version number according to the data and the version number thereof, and may encrypt the data with the version number according to the second ciphertext identified by the data. Therefore, the inquiring party can decrypt the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data with the version number. Further, the inquiring party can also obtain the target data according to the target data with the version number. The method used by the inquiring party to obtain the target data according to the target data with the version number may correspond to the method used by the data party to generate the data with the version number according to the data and the version number in step S101.
In some example scenarios, the querier may compute a second ciphertext identified by the target data
Figure BDA0002216426500000115
Hash value of
Figure BDA0002216426500000116
Can be based on hash values
Figure BDA0002216426500000117
For target data cipher text
Figure BDA0002216426500000118
Decrypting to obtain target dataj
In some embodiments, the inquirer cannot know any data except the target data, and the data side cannot know which data the inquirer inquires, so that anonymous inquiry is realized.
This specification provides one embodiment of a data transmission method. This embodiment may be applied to the pre-processing stage. Please refer to fig. 2. The embodiment takes a data side as an execution subject and can comprise the following steps.
Step S21: and encrypting the data identifier according to the first key to obtain a first ciphertext of the data identifier.
In some embodiments, the data party may directly encrypt the data identification according to the first key. Alternatively, the data side may also calculate the code of the data identifier, and may encrypt the code of the data identifier according to the first key.
Step S23: and encrypting the data identification according to the second private key to obtain a second ciphertext of the data identification.
In some embodiments, the data party may directly encrypt the data identification according to the second key. Alternatively, the data side may also calculate the code of the data identifier, and may encrypt the code of the data identifier according to the second key. Or, the data side may further generate a data identifier with a version number according to the data identifier and the version number of the data, and may encrypt the data identifier with the version number according to the second key.
Step S25: and encrypting the data according to the second ciphertext of the data identifier to obtain a data ciphertext.
In some embodiments, the data party may encrypt the data directly from the second ciphertext identified by the data. Or, the data side may also calculate the code of the second ciphertext of the data identifier, and may encrypt the data according to the code of the second ciphertext of the data identifier. Or, the data side may also generate data with a version number according to the data and the version number thereof, and may encrypt the data with the version number according to the second ciphertext identified by the data.
Step S27: and sending the first ciphertext of the data identifier and the data ciphertext to the inquiring party, or sending the code of the first ciphertext of the data identifier and the data ciphertext to the inquiring party.
In some embodiments, the data side may send the first ciphertext identified by the data and the data ciphertext to the querying side. Or, the data side may further calculate the code of the first ciphertext of the data identifier, and may send the code of the first ciphertext of the data identifier and the data ciphertext to the querying side.
In some embodiments, by sending the first ciphertext of the data identifier and the data ciphertext to the inquiring party in the preprocessing stage, or sending the code of the first ciphertext of the data identifier and the data ciphertext to the inquiring party, the data party may not need to send other data ciphertexts except the target data ciphertext to the inquiring party in the inquiring stage, and thus, the communication traffic between the inquiring party and the data party in the inquiring stage may be reduced.
This specification provides one embodiment of a data transmission method. This embodiment may be applied to the query phase. Please refer to fig. 3. The embodiment takes a data side as an execution subject and can comprise the following steps.
Step S301: and receiving a first blinded result sent by the inquiring party.
In some embodiments, the first blinding result is obtained by blinding a target data identifier according to a first blinding factor, where the target data identifier may be used to identify target data to be queried by a querying party.
Step S303: and encrypting the first blinded result according to the first key.
Step S305: and sending the first blinded result ciphertext to the inquiring party.
Step S307: and receiving a second blinded result sent by the inquirer.
In some embodiments, the second blinding result is obtained by blinding the target data identifier according to a second blinding factor.
Step S309: and encrypting the second blinding result according to the second key.
Step S311: and sending the second blinded result ciphertext to the inquiring party.
In some embodiments, the inquirer cannot know any data except the target data, and the data side cannot know which data the inquirer inquires, so that anonymous inquiry is realized.
This specification provides one embodiment of a data transmission method. This embodiment may be applied to the query phase. Please refer to fig. 4. The embodiment takes the inquiring party as an execution subject and can comprise the following steps.
Step S401: and blinding the target data identification according to the first blinding factor to obtain a first blinding result.
In some embodiments, when the target data needs to be queried, the querying party may perform blinding on the target data identifier according to a first blinding factor to obtain a first blinding result, where the target data identifier is used to identify the target data. The inquiring party can directly blind the target data identification according to the first blind factor. Or, the inquiring party may further calculate the code of the target data identifier, and may perform blinding on the code of the target data identifier according to the first blinding factor.
Step S403: and sending the first blinding result to the data side.
Step S405: and receiving a first blinding result ciphertext sent by the data side.
Step S407: and de-blinding the first blinding result ciphertext according to the first blinding factor to obtain a first ciphertext of the target data identifier.
In some embodiments, the querying party may perform blinding on the first blinding result ciphertext according to the first blinding factor to obtain an encryption result obtained by encrypting the target data identifier with the first key, that is, obtain the first ciphertext of the target data identifier.
Step S409: and inquiring the target data ciphertext locally according to the first ciphertext identified by the target data.
In some embodiments, the querying party may obtain one or more target data ciphertexts from a first cipher text query identified by the target data in a local first cipher text set. Or, the inquiring party may calculate the code of the first ciphertext identified by the target data; one or more target data ciphertexts can be obtained in the local second cipher text set according to the coding query of the first cipher text identified by the target data.
Step S411: and blinding the target data identification according to the second blinding factor to obtain a second blinding result.
In some embodiments, the querying party may directly blind the target data identification according to a second blinding factor. Or, the inquiring party may also calculate the code of the target data identifier, and may perform blinding on the code of the target data identifier according to the second blinding factor. Or, the inquiring party may further generate the target data identifier with the version number according to the target data identifier and the version number of the target data, and may perform blinding on the target data identifier with the version number according to the second blinding factor.
Step S413: and sending the second blinding result to the data side.
Step S415: and receiving a second blinding result ciphertext sent by the data side.
Step S417: and de-blinding the second blinding result ciphertext according to the second blinding factor to obtain a second ciphertext of the target data identifier.
In some embodiments, the querying party may perform blinding removal on the second blinding result ciphertext according to the second blinding factor to obtain an encryption result obtained by encrypting the target data identifier with the second key, that is, obtain the second ciphertext of the target data identifier.
Step S419: and decrypting the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data.
In some embodiments, the querying party may decrypt the target data ciphertext directly according to the second ciphertext identified by the target data, so as to obtain the target data. Or, the inquiring party may also calculate the code of the second ciphertext of the target data identifier, and may decrypt the target data ciphertext according to the code of the second ciphertext of the target data identifier to obtain the target data. Or, the inquiring party can decrypt the target data ciphertext according to the second ciphertext identified by the target data to obtain the target data with the version number. Further, the inquiring party can also obtain the target data according to the target data with the version number.
In some embodiments, the inquirer cannot know any data except the target data, and the data side cannot know which data the inquirer inquires, so that anonymous inquiry is realized.
This specification provides one embodiment of a data transmission apparatus. Please refer to fig. 5. The data transmission apparatus may be applied to a data side, and may include the following elements.
A first encryption unit 51, configured to encrypt the data identifier according to the first key to obtain a first ciphertext of the data identifier;
the second encryption unit 53 is configured to encrypt the data identifier according to the second key to obtain a second ciphertext of the data identifier;
the third encryption unit 55 is configured to encrypt the data according to the second ciphertext of the data identifier to obtain a data ciphertext;
and the sending unit 57 is configured to send the first ciphertext of the data identifier and the data ciphertext to the querying party, or send the code of the first ciphertext of the data identifier and the data ciphertext to the querying party.
This specification provides one embodiment of a data transmission apparatus. Please refer to fig. 6. The data transmission apparatus may be applied to a data side, and may include the following elements.
A first receiving unit 601, configured to receive a first blinding result sent by a querying party, where the first blinding result is obtained by blinding a target data identifier according to a first blinding factor, where the target data identifier is used to identify target data to be queried by the querying party;
a first encrypting unit 603, configured to encrypt the first blinding result according to the first key;
a first sending unit 605, configured to send a first blinded result ciphertext to the querying party;
a second receiving unit 607, configured to receive a second blinding result sent by the querying party, where the second blinding result is obtained by blinding the target data identifier according to a second blinding factor;
a second encrypting unit 609, configured to encrypt the second blinding result according to the second key;
the second sending unit 611 is configured to send the second blinding result ciphertext to the querying party.
This specification provides one embodiment of a data query device. Please refer to fig. 7. The data query device can be applied to a query party and can comprise the following units.
A first blinding unit 701, configured to blindly perform, according to a first blinding factor, a target data identifier to obtain a first blinding result, where the target data identifier is used to identify target data to be queried;
a first sending unit 703, configured to send a first blinding result to a data side;
a first receiving unit 705, configured to receive a first blinding result ciphertext sent by a data side;
a first blinding removing unit 707, configured to perform blinding removal on the first blinding result ciphertext according to a first blinding factor to obtain a first ciphertext of the target data identifier;
a query unit 709, configured to query a target data ciphertext locally according to the first ciphertext identified by the target data;
the second blinding unit 711 is configured to blindly perform on the target data identifier according to a second blinding factor to obtain a second blinding result;
a second sending unit 713, configured to send a second blinding result to the data side;
a second receiving unit 715, configured to receive a second blinding result ciphertext sent by the data side;
a second blinding removing unit 717, configured to perform blinding removal on the second blinding result ciphertext according to a second blinding factor, to obtain a second ciphertext of the target data identifier;
and the decryption unit 719 is configured to decrypt the target data ciphertext according to the second ciphertext identified by the target data to obtain the target data.
An embodiment of an electronic device of the present description is described below. Fig. 8 is a schematic diagram of a hardware structure of an electronic device in this embodiment. As shown in fig. 8, the electronic device may include one or more processors (only one of which is shown), memory, and a transmission module. Of course, it is understood by those skilled in the art that the hardware structure shown in fig. 8 is only an illustration, and does not limit the hardware structure of the electronic device. In practice the electronic device may also comprise more or fewer component elements than shown in fig. 8; or have a different configuration than that shown in fig. 8.
The memory may comprise high speed random access memory; alternatively, non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory may also be included. Of course, the memory may also comprise a remotely located network memory. The remotely located network storage may be connected to the electronic device through a network such as the internet, an intranet, a local area network, a mobile communications network, or the like. The memory may be used to store program instructions or modules of application software, such as the program instructions or modules of the embodiment corresponding to fig. 2 in this specification; and/or, the program instructions or modules of the embodiments corresponding to fig. 3 of this specification; and/or program instructions or modules of the embodiment corresponding to fig. 4 in this specification.
The processor may be implemented in any suitable way. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, an embedded microcontroller, and so forth. The processor may read and execute the program instructions or modules in the memory.
The transmission module may be used for data transmission via a network, for example via a network such as the internet, an intranet, a local area network, a mobile communication network, etc.
This specification also provides one embodiment of a computer storage medium. The computer storage medium includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard Disk (HDD), a Memory Card (Memory Card), and the like. The computer storage medium stores computer program instructions. The computer program instructions when executed implement: program instructions or modules of the embodiments corresponding to FIG. 3 of the present specification; and/or program instructions or modules of the embodiment corresponding to fig. 4 in this specification.
It should be noted that, in the present specification, each embodiment is described in a progressive manner, and the same or similar parts in each embodiment may be referred to each other, and each embodiment focuses on differences from other embodiments. In particular, apparatus embodiments, electronic device embodiments, and computer storage medium embodiments are substantially similar to method embodiments and therefore are described with relative ease, where reference may be made to some descriptions of method embodiments. In addition, it is understood that one skilled in the art, after reading this specification document, may conceive of any combination of some or all of the embodiments listed in this specification without the need for inventive faculty, which combinations are also within the scope of the disclosure and protection of this specification.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Language Description Language), traffic, pl (core unified Programming Language), HDCal, JHDL (Java Hardware Description Language), langue, Lola, HDL, laspam, hardbyscript Description Language (vhr Description Language), and the like, which are currently used by Hardware compiler-software (Hardware Description Language-software). It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
From the above description of the embodiments, it is clear to those skilled in the art that the present specification can be implemented by software plus a necessary general hardware platform. Based on such understanding, the technical solutions of the present specification may be essentially or partially implemented in the form of software products, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and include instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments of the present specification.
The description is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
While the specification has been described with examples, those skilled in the art will appreciate that there are numerous variations and permutations of the specification that do not depart from the spirit of the specification, and it is intended that the appended claims include such variations and modifications that do not depart from the spirit of the specification.

Claims (21)

1. A data sending method is applied to a data side and comprises the following steps:
encrypting the data identifier according to the first key to obtain a first ciphertext of the data identifier;
encrypting the data identifier according to the second key to obtain a second ciphertext of the data identifier;
encrypting the data according to the second ciphertext of the data identifier to obtain a data ciphertext;
sending the first ciphertext of the data identifier and the data ciphertext to the inquiring party so that the inquiring party can inquire the target data ciphertext according to the first ciphertext of the target data identifier by using the first ciphertext of the data identifier and the data ciphertext and decrypt the target data ciphertext according to the second ciphertext of the target data identifier to obtain target data; or, the code of the first ciphertext of the data identifier and the data ciphertext are sent to the inquiring party, so that the inquiring party can inquire the target data ciphertext according to the code of the first ciphertext of the target data identifier by using the code of the first ciphertext of the data identifier and the data ciphertext, and decrypt the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data;
the first ciphertext of the target data identifier is obtained through the following method:
the inquiring party performs blinding on the target data identification according to the first blinding factor to obtain a first blinding result, wherein the target data identification is used for identifying target data to be inquired; sending a first blinding result to a data side; receiving a first blinding result ciphertext sent by a data side; blinding the first blinding result ciphertext according to the first blinding factor to obtain a first ciphertext of the target data identifier;
the second ciphertext of the target data identifier is obtained through the following method:
the inquiring party blinds the target data identification according to the second blinding factor to obtain a second blinding result; sending a second blinding result to the data side; receiving a second blinding result ciphertext sent by the data side; and de-blinding the second blinding result ciphertext according to the second blinding factor to obtain a second ciphertext of the target data identifier.
2. The method of claim 1, the encrypting the data identification according to the first key comprising:
encrypting the code of the data identification according to the first key;
the encrypting the data identifier according to the second key includes:
and encrypting the code of the data identification according to the second key.
3. The method of claim 1, the encrypting the data according to the second ciphertext of the data identification, comprising:
and encrypting the data according to the code of the second ciphertext of the data identifier.
4. A method as claimed in claim 1, 2 or 3, the encoding comprising a hash value.
5. The method of claim 1, the encrypting the data identification according to the second key comprising:
generating a data identifier with a version number according to the data identifier and the version number of the data;
and encrypting the data identification with the version number according to the second key.
6. The method of claim 1, the encrypting the data according to the second ciphertext of the data identification, comprising:
generating data with a version number according to the data and the version number of the data;
and encrypting the data with the version number according to the second ciphertext of the data identifier.
7. A data sending method is applied to a data side and comprises the following steps:
receiving a first blinded result sent by an inquiring party, wherein the first blinded result is obtained by blinding a target data identifier according to a first blinding factor, and the target data identifier is used for identifying target data to be inquired by the inquiring party;
encrypting the first blinded result according to the first key;
sending a first blinded result ciphertext to the inquiring party; the inquiring party can conveniently perform blinding removal on the first blinding result ciphertext according to the first blinding factor to obtain a first ciphertext of the target data identifier, and locally inquire the target data ciphertext according to the first ciphertext of the target data identifier;
receiving a second blinding result sent by the inquiring party, wherein the second blinding result is obtained by blinding the target data identifier according to a second blinding factor;
encrypting the second blinded result according to the second key;
and sending the second blinding result ciphertext to the inquiring party so that the inquiring party can blindly decode the second blinding result ciphertext according to the second blinding factor to obtain a second ciphertext of the target data identifier, and decrypting the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data.
8. A data query method is applied to a query party and comprises the following steps:
blinding a target data identifier according to a first blinding factor to obtain a first blinding result, wherein the target data identifier is used for identifying target data to be inquired;
sending a first blinding result to a data side;
receiving a first blinding result ciphertext sent by a data side;
blinding the first blinding result ciphertext according to the first blinding factor to obtain a first ciphertext of the target data identifier;
inquiring a target data ciphertext locally according to the first ciphertext of the target data identifier;
blinding the target data identification according to a second blinding factor to obtain a second blinding result;
sending a second blinding result to the data side;
receiving a second blinding result ciphertext sent by the data side;
blinding the second blinding result ciphertext according to the second blinding factor to obtain a second ciphertext of the target data identifier;
and decrypting the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data.
9. The method of claim 8, the blinding target data identification according to a first blinding factor, comprising:
blinding the code of the target data identifier according to the first blind factor;
the blinding the target data identifier according to the second blinding factor includes:
and blinding the code of the target data identification according to the second blinding factor.
10. The method of claim 8, wherein the querying the target data ciphertext locally based on the first ciphertext identified by the target data comprises:
inquiring a target data ciphertext in a local first ciphertext set according to a first ciphertext of a target data identifier, wherein the first ciphertext set comprises the first ciphertext of the data identifier and the data ciphertext, and the first ciphertext of the data identifier and the data ciphertext have a corresponding relation; alternatively, the first and second electrodes may be,
and inquiring the target data ciphertext in a local second ciphertext set according to the code of the first ciphertext of the target data identifier, wherein the second ciphertext set comprises the code of the first ciphertext of the data identifier and the data ciphertext, and the code of the first ciphertext of the data identifier and the data ciphertext have a corresponding relation.
11. The method of claim 8, the decrypting the target data ciphertext according to the second ciphertext identified by the target data, comprising:
and decrypting the target data ciphertext according to the code of the second ciphertext of the target data identifier.
12. The method of any of claims 9-11, the encoding comprising a hash value.
13. The method of claim 8, the blinding target data identification according to a second blinding factor, comprising:
generating a target data identifier with a version number according to the target data identifier and the version number of the target data;
and blinding the target data identification with the version number according to a second blind factor.
14. The method of claim 8, wherein decrypting the target data ciphertext according to the second ciphertext identified by the target data to obtain the target data comprises:
and decrypting the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data with the version number.
15. A data transmission device is applied to a data side and comprises:
the first encryption unit is used for encrypting the data identifier according to the first key to obtain a first ciphertext of the data identifier;
the second encryption unit is used for encrypting the data identifier according to a second key to obtain a second ciphertext of the data identifier;
the third encryption unit is used for encrypting the data according to the second ciphertext of the data identifier to obtain a data ciphertext;
the sending unit is used for sending the first ciphertext of the data identifier and the data ciphertext to the inquiring party so that the inquiring party can inquire the target data ciphertext according to the first ciphertext of the target data identifier by using the first ciphertext of the data identifier and the data ciphertext, and decrypt the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data; or, the code of the first ciphertext of the data identifier and the data ciphertext are sent to the inquiring party, so that the inquiring party can inquire the target data ciphertext according to the code of the first ciphertext of the target data identifier by using the code of the first ciphertext of the data identifier and the data ciphertext, and decrypt the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data;
the first ciphertext of the target data identifier is obtained through the following method:
the inquiring party performs blinding on the target data identification according to the first blinding factor to obtain a first blinding result, wherein the target data identification is used for identifying target data to be inquired; sending a first blinding result to a data side; receiving a first blinding result ciphertext sent by a data side; blinding the first blinding result ciphertext according to the first blinding factor to obtain a first ciphertext of the target data identifier;
the second ciphertext of the target data identifier is obtained through the following method:
the inquiring party blinds the target data identification according to the second blinding factor to obtain a second blinding result; sending a second blinding result to the data side; receiving a second blinding result ciphertext sent by the data side; and de-blinding the second blinding result ciphertext according to the second blinding factor to obtain a second ciphertext of the target data identifier.
16. A data transmission device is applied to a data side and comprises:
the first receiving unit is used for receiving a first blinding result sent by an inquiring party, wherein the first blinding result is obtained by blinding a target data identifier according to a first blinding factor, and the target data identifier is used for identifying target data to be inquired by the inquiring party;
the first encryption unit is used for encrypting the first blinding result according to the first key;
the first sending unit is used for sending a first blinding result ciphertext to the inquiring party; the inquiring party can conveniently perform blinding removal on the first blinding result ciphertext according to the first blinding factor to obtain a first ciphertext of the target data identifier, and locally inquire the target data ciphertext according to the first ciphertext of the target data identifier;
the second receiving unit is used for receiving a second blinding result sent by the inquiring party, and the second blinding result is obtained by blinding the target data identifier according to a second blinding factor;
the second encryption unit is used for encrypting the second blinding result according to the second key;
and the second sending unit is used for sending the second blinding result ciphertext to the inquiring party so that the inquiring party can perform blinding removal on the second blinding result ciphertext according to the second blinding factor to obtain a second ciphertext of the target data identifier, and decrypt the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data.
17. A data query device is applied to a query party and comprises:
the first blinding unit is used for blinding the target data identifier according to a first blinding factor to obtain a first blinding result, wherein the target data identifier is used for identifying target data to be queried;
a first sending unit, configured to send a first blinding result to a data side;
the first receiving unit is used for receiving a first blinding result ciphertext sent by a data side;
the first blinding removing unit is used for removing blindness from the first blinding result ciphertext according to the first blinding factor to obtain a first ciphertext of the target data identifier;
the query unit is used for locally querying the target data ciphertext according to the first ciphertext identified by the target data;
the second blinding unit is used for blinding the target data identifier according to a second blinding factor to obtain a second blinding result;
a second sending unit, configured to send a second blinding result to the data side;
the second receiving unit is used for receiving a second blinding result ciphertext sent by the data side;
the second blinding removing unit is used for removing blindness from the second blinding result ciphertext according to a second blinding factor to obtain a second ciphertext of the target data identifier;
and the decryption unit is used for decrypting the target data ciphertext according to the second ciphertext of the target data identifier to obtain the target data.
18. An electronic device, comprising:
a memory for storing computer instructions;
a processor for executing the computer instructions to carry out the method steps according to any one of claims 1 to 6.
19. An electronic device, comprising:
a memory for storing computer instructions;
a processor for executing the computer instructions to carry out the method steps as claimed in claim 7.
20. An electronic device, comprising:
a memory for storing computer instructions;
a processor for executing the computer instructions to carry out the method steps according to any one of claims 8 to 14.
21. A data query system comprises a data side and a query side;
the data side is configured with the apparatus of claim 16;
the inquiring party is provided with an apparatus as claimed in claim 17.
CN201910917092.2A 2019-09-26 2019-09-26 Data sending method, data query method, device, electronic equipment and system Active CN110636070B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910917092.2A CN110636070B (en) 2019-09-26 2019-09-26 Data sending method, data query method, device, electronic equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910917092.2A CN110636070B (en) 2019-09-26 2019-09-26 Data sending method, data query method, device, electronic equipment and system

Publications (2)

Publication Number Publication Date
CN110636070A CN110636070A (en) 2019-12-31
CN110636070B true CN110636070B (en) 2021-08-13

Family

ID=68974525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910917092.2A Active CN110636070B (en) 2019-09-26 2019-09-26 Data sending method, data query method, device, electronic equipment and system

Country Status (1)

Country Link
CN (1) CN110636070B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111008325B (en) * 2020-03-10 2020-06-23 支付宝(杭州)信息技术有限公司 Data query method, device, electronic equipment and system
CN112953931B (en) * 2021-02-09 2022-11-22 北京字节跳动网络技术有限公司 Data processing method and device, computer equipment and computer storage medium
CN113239046A (en) * 2021-05-20 2021-08-10 平安科技(深圳)有限公司 Data query method, system, computer device and storage medium
CN114329599B (en) * 2021-12-30 2022-09-30 北京瑞莱智慧科技有限公司 Data query method and device and storage medium
CN114978641A (en) * 2022-05-13 2022-08-30 北京紫光展锐通信技术有限公司 Data processing method, device and equipment

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101859306B (en) * 2009-04-07 2013-01-23 日电(中国)有限公司 Method and equipment for generating blind index table, and united keyword search method and equipment
US9560019B2 (en) * 2013-04-10 2017-01-31 International Business Machines Corporation Method and system for managing security in a computing environment
CN105471826B (en) * 2014-09-04 2019-08-20 中电长城网际系统应用有限公司 Ciphertext data query method, apparatus and cryptogram search server
US9547720B2 (en) * 2014-12-24 2017-01-17 Sap Se Access control for encrypted query processing
US10362114B2 (en) * 2015-12-14 2019-07-23 Afero, Inc. Internet of things (IoT) apparatus and method for coin operated devices
CN106067874B (en) * 2016-05-20 2019-07-12 深圳市金立通信设备有限公司 It is a kind of by the method for data record to server end, terminal and server
CN106533650B (en) * 2016-11-17 2019-04-02 浙江工商大学 Interactive method for secret protection and system towards cloud
CN106790259A (en) * 2017-01-25 2017-05-31 国家电网公司 A kind of asymmetric across cryptographic system re-encryption, decryption method and system
CN108632032B (en) * 2018-02-22 2021-11-02 福州大学 Safe multi-keyword sequencing retrieval system without key escrow

Also Published As

Publication number Publication date
CN110636070A (en) 2019-12-31

Similar Documents

Publication Publication Date Title
CN110636070B (en) Data sending method, data query method, device, electronic equipment and system
CN111885024B (en) Login information processing method and equipment
TWI740399B (en) Data processing method, device and electronic equipment
US20170295013A1 (en) Method for fulfilling a cryptographic request requiring a value of a private key
JP6177988B2 (en) Community-based deduplication of encrypted data
US9722974B1 (en) Automated data re-encryption process in multi-tiered encryption system
CN107078904B (en) Hybrid cryptographic key derivation
US20200175178A1 (en) Encrypted data exchange
CN110730167B (en) Data sending method, data query method, device, electronic equipment and system
EP2759943A1 (en) File encryption method and device, file decryption method and device
CN110391895B (en) Data preprocessing method, ciphertext data acquisition method, device and electronic equipment
US9762386B1 (en) Verification of stored encryption keys in multi-tiered encryption system
US11438172B2 (en) Robust state synchronization for stateful hash-based signatures
CN111008325B (en) Data query method, device, electronic equipment and system
US20220078024A1 (en) State synchronization for post-quantum signing facilities
CN114139204A (en) Method, device and medium for inquiring hiding trace
WO2019062015A1 (en) Source code protection method, application server, and computer-readable storage medium
CN105827582A (en) Communication encryption method, device and system
CN111859435B (en) Data security processing method and device
CN111193741A (en) Information sending method, information obtaining method, device and equipment
CN111061720B (en) Data screening method and device and electronic equipment
EP3262481B1 (en) Efficiently storing initialization vectors
US20180309579A1 (en) Secure representation via a format preserving hash function
CN109995534B (en) Method and device for carrying out security authentication on application program
CN111949996A (en) Generation method, encryption method, system, device and medium of security private key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant