CN110895611B - Data query method, device, equipment and system based on privacy information protection - Google Patents
Data query method, device, equipment and system based on privacy information protection Download PDFInfo
- Publication number
- CN110895611B CN110895611B CN201911172287.5A CN201911172287A CN110895611B CN 110895611 B CN110895611 B CN 110895611B CN 201911172287 A CN201911172287 A CN 201911172287A CN 110895611 B CN110895611 B CN 110895611B
- Authority
- CN
- China
- Prior art keywords
- party
- personal information
- data
- information
- terminal device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/03—Credit; Loans; Processing thereof
Abstract
The embodiment of the specification discloses a data query method, a device, equipment and a system based on privacy information protection, wherein the method comprises the following steps: receiving a data query request sent by a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, the ciphertext is obtained by encrypting the predetermined information by the terminal device of the querying party based on an encryption key of the queried party, obtaining preselected query result data matched with the plaintext according to the plaintext of the personal information in the data query request, decrypting the ciphertext of the personal information based on a predetermined decryption key in a predetermined trusted environment, obtaining preselected query result data corresponding to the decrypted personal information based on the decrypted personal information, and sending the obtained preselected query result data to the terminal device of the third party as query result data.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a data query method, apparatus, device, and system based on privacy information protection.
Background
With the gradual combination of internet technology and financial industry, more and more banking institutions, financial companies and internet companies start to develop network loan transaction. Meanwhile, white households which cannot be covered by the traditional credit investigation are gradually the dominant population of network lending. Because the loan data of different financial companies or financial institutions are isolated from each other and not shared with each other, the "multi-head loan" has gradually become a serious disaster area for credit wind control. Based on this, third party institutions are currently emerging that integrate loan data from different financial companies or financial institutions to enable joint defense joint control of loan data.
Generally, joint defense joint control of data can be realized by the following ways: a plurality of financial institutions and third-party institutions form a union, and the financial institutions encrypt loan data by using a certain hash algorithm and agree with the third party to perform an encryption algorithm used when data query is performed. However, in the above manner, there is a problem that multiple parties may leak data, and first, although the information used in the query is encrypted, the inquired party possesses a mapping relationship between the information used in the query and the encryption key, and can reversely deduce the information used in the query through the mapping relationship, and in addition, the inquirer and the inquired party belong to a competition relationship in the same industry, in essence, the loan data of the user may be leaked from the inquirer to the inquired party, and meanwhile, a third party as an intermediary may also miss the loan data of the inquirer and the inquired party, and therefore, a technical scheme is needed in which data query is more accurate and data is more secure in the data query process.
Disclosure of Invention
An embodiment of the present specification aims to provide a data query method, device, equipment and system based on privacy information protection, so as to provide a technical scheme that data query is more accurate, and data is safer in a data query process.
In order to implement the above technical solution, the embodiments of the present specification are implemented as follows:
an embodiment of the present specification provides a data query method based on privacy information protection, where the method includes: receiving a data query request sent by a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information by the terminal device of the querying party based on an encryption key of a queried party. And acquiring pre-selected query result data matched with the plaintext according to the plaintext of the personal information in the data query request. And in a preset trusted environment, decrypting the ciphertext of the personal information based on a preset decryption key, acquiring preselection query result data corresponding to the decrypted personal information from the preselection query result data based on the decrypted personal information, and sending the acquired preselection query result data to the terminal equipment of the third party as query result data corresponding to the data query request.
An embodiment of the present specification provides a data query method based on privacy information protection, where the method includes: sending a data query request to a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of a queried party. And receiving query result data corresponding to the data query request sent by the terminal equipment of the third party.
An embodiment of this specification provides a data inquiry device based on privacy information protection, the device includes: the query request receiving module is used for receiving a data query request sent by a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information by the terminal device of the querying party based on an encryption key of the queried party. And the preselection result acquisition module is used for acquiring preselection query result data matched with the plaintext according to the plaintext of the personal information in the data query request. And the query result determining module is used for decrypting the ciphertext of the personal information based on a preset decryption key in a preset trusted environment, acquiring preselected query result data corresponding to the decrypted personal information from the preselected query result data based on the decrypted personal information, and sending the acquired preselected query result data to the terminal equipment of the third party as the query result data corresponding to the data query request.
An embodiment of this specification provides a data inquiry device based on privacy information protection, the device includes: the query request sending module is used for sending a data query request to a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of a queried party. And the query result receiving module is used for receiving query result data corresponding to the data query request sent by the terminal equipment of the third party.
An embodiment of the present specification provides a data query device based on privacy information protection, where the data query device includes: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to: receiving a data query request sent by a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information by the terminal device of the querying party based on an encryption key of a queried party. And acquiring pre-selected query result data matched with the plaintext according to the plaintext of the personal information in the data query request. And in a preset trusted environment, decrypting the ciphertext of the personal information based on a preset decryption key, acquiring preselection query result data corresponding to the decrypted personal information from the preselection query result data based on the decrypted personal information, and sending the acquired preselection query result data to the terminal equipment of the third party as query result data corresponding to the data query request.
An embodiment of the present specification provides a data query device based on privacy information protection, where the data query device includes: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to: sending a data query request to a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of a queried party. And receiving query result data corresponding to the data query request sent by the terminal equipment of the third party.
An embodiment of the present specification provides a data query system based on privacy information protection, where the data query system includes a terminal device of a querying party, a terminal device of a queried party, and a terminal device of a third party, where: the method comprises the steps that a terminal device of an inquirer sends a data inquiry request to a terminal device of a third party, the data inquiry request comprises personal information of a target user to be inquired, the preset information in the personal information is a ciphertext, the information except the preset information is a plaintext, and the ciphertext is obtained by encrypting the preset information based on an encryption key of the inquired party. And the terminal equipment of the third party sends the data query request to the terminal equipment of the inquired party. And the terminal equipment of the inquired party acquires the preselected inquiry result data matched with the plaintext according to the plaintext of the personal information in the data inquiry request. And the terminal equipment of the inquired party decrypts the ciphertext of the personal information based on a preset decryption key in a preset trusted environment, acquires preselected query result data corresponding to the decrypted personal information from the preselected query result data based on the decrypted personal information, and sends the acquired preselected query result data to the terminal equipment of the third party as query result data corresponding to the data query request. And the terminal equipment of the third party sends the query result data to the terminal equipment of the querying party.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
FIG. 1 is a diagram illustrating an embodiment of a data query method based on privacy information protection according to the present disclosure;
FIG. 2 is a diagram illustrating another embodiment of a data query method based on privacy information protection according to the present disclosure;
FIG. 3 is a diagram illustrating another embodiment of a data query method based on privacy information protection;
FIG. 4(a) is a diagram illustrating another embodiment of a data query method based on privacy information protection according to the present disclosure;
FIG. 4(b) is a schematic diagram of a process for querying a user for loan based on an identification document number according to the present specification;
FIG. 5 is a diagram illustrating an embodiment of a data query device based on privacy information protection according to the present disclosure;
FIG. 6 is another embodiment of a data query device based on privacy information protection according to the present disclosure;
FIG. 7 is a block diagram illustrating an embodiment of a data query device based on privacy information protection according to the present disclosure;
FIG. 8 is a block diagram of another embodiment of a data query device based on privacy information protection according to the present disclosure
Fig. 9 is a diagram illustrating an embodiment of a data query system based on privacy information protection according to the present disclosure.
Detailed Description
The embodiment of the specification provides a data query method, device, equipment and system based on privacy information protection.
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art without making any inventive step based on the embodiments in this description shall fall within the scope of protection of this document.
Example one
As shown in fig. 1, an execution subject of the method for data query based on privacy information protection may be a terminal device or a server, where the terminal device may be a mobile terminal device such as a mobile phone and a tablet computer, or may be a device such as a personal computer, and the server may be an independent server, or may be a server cluster formed by multiple servers. The server may be a background server of a certain service (e.g., financial services such as loan, etc.), or may be a background server of a certain application (e.g., financial applications), etc. The terminal device or server may be a terminal device or server of the inquiring party. The method can be applied to the inquiry of personal information or personal data. The method may specifically comprise the steps of:
in step S102, a data query request is sent to a terminal device of a third party, where the data query request includes personal information of a target user to be queried, predetermined information in the personal information is a ciphertext, information other than the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of a queried party.
The third party can be a party capable of integrating relevant data of the inquiring party and the inquired party to realize joint defense joint control. The target user can be the object which the inquirer needs to inquire, and can be any user. The personal information may be various information recorded electronically or otherwise, which can identify the identity of a specific user or reflect the activity of the specific user alone or in combination with other information, and may include, for example, a name, an identification number, a communication contact, an address, an account number, a password, a property status, a birth date, a track, etc. The predetermined information in the personal information may be partial information in the personal information, may be information having significance to the target user, such as a birth date, a communication contact way, and the like, or may be partial information in the information, such as a mobile phone number, which is a communication contact way, and the predetermined information may be 4 digits from 4 th digit to 7 th digit in the mobile phone number. The inquiring party may inquire one party of certain data. The inquired party can be a party providing data inquiry service for the inquiring party and providing the data which the inquiring party needs to inquire to the inquiring party, such as different bank structures and the like. The inquired party can comprise one or more inquired parties, and in the case that the inquired party comprises a plurality of inquired parties, each inquired party can be provided with one or more databases for inquiry. The encryption key may be a key for encrypting certain data, and in practical applications, the encryption key may be a public key or a private key.
In practice, as internet technology and financial industry are gradually combined, more and more banking institutions, financial companies and internet companies start to develop network loan transaction. Meanwhile, white households which cannot be covered by the traditional credit investigation are gradually the dominant population of network lending. Emerging network loan companies have the characteristics of large quantity, small volume and the like, and borrowing data of different financial companies or financial institutions are isolated from each other and are not shared with each other, so that the network loan companies become information islands gradually, and the 'multi-head loan' also becomes a disaster area for credit wind control gradually. In view of this, some third-party institutions have been developed that integrate loan data from different financial companies or financial institutions to achieve joint defense and joint control of loan data.
Generally, joint defense joint control of data can be realized by the following ways: a plurality of financial institutions and third-party institutions form a union, and the financial institutions encrypt loan data by using a certain hash algorithm and agree with the third party to perform an encryption algorithm used when data query is performed. The method comprises the following specific steps: the terminal equipment of the inquiring party encrypts the information used in the inquiry by using an agreed hash algorithm, then, a preset interface of a terminal equipment mechanism of the third party is called, the terminal equipment of the third party forwards the data inquiry request to the terminal equipment of other financial institutions, the other financial institutions carry out matching according to the encrypted information and return the inquiry result to the terminal equipment of the third party, and the terminal equipment of the third party returns the inquiry result to the terminal equipment of the inquiring party.
However, in the above manner, there is a problem that many parties of data leak, first, although the information used in the query is processed by encryption, the inquired party possesses the mapping relationship between the information used in the query and the encryption key, and can reversely deduce the information used in the query through the mapping relationship, and in addition, the inquirer and the inquired party belong to a competition relationship of the same industry, and in essence, the loan data of the user is leaked from the inquirer to the inquired party. In addition, because the loan data is the core data of the financial institutions, the financial institutions are not willing to share the respective loan data with other institutions. Meanwhile, the third party serving as an intermediary may drop loan data of the inquiring party and the inquired party, and therefore a technical scheme that data inquiry is more accurate and data is safer in the data inquiry process is required. The embodiment of the present specification provides a feasible processing scheme, which may specifically include the following:
in order to facilitate the inquiring party to inquire some data, the terminal device of the third party can set a corresponding inquiring mechanism and can develop a corresponding application program for the inquiring mechanism. The application program can be provided to the terminal device of the inquiring party and the terminal device of the inquired party respectively. When an inquiring party needs to inquire certain data, the terminal device of the inquiring party can start the application program installed in the terminal device of the inquiring party, the terminal device of the inquiring party can trigger the inquiry mechanism in the application program to execute, at the moment, the terminal device of the inquiring party can obtain the personal information of a target user to be inquired, and in order to ensure that the personal information of the target user is not leaked in the data inquiry process, the terminal device can encrypt the personal information. Further, considering that if the entire content of the personal information is encrypted, the terminal device of the inquired party will not be able to retrieve the data, for this reason, encryption processing may be performed on part of the information (i.e., predetermined information) in the personal information, so that the terminal device of the inquired party can retrieve the data based on the remaining part of the information (information other than the predetermined information). However, in the above method, the data retrieved by the terminal device of the inquired party contains more redundant data, and in order to return the accurate data searched by the terminal device of the inquirer, the terminal device of the inquired party needs to decrypt part of the encrypted information, so the terminal device of the inquirer can also obtain the encryption key of the terminal device of the inquired party in advance, and can encrypt part of the information in the personal information of the target user based on the encryption key of the terminal device of the inquired party to obtain the personal information containing the ciphertext and the plaintext. A data query request may be generated based on the personal information, and the terminal device of the querying party may transmit the data query request to the terminal device of the third party.
In step S104, query result data corresponding to the data query request sent by the terminal device of the third party is received.
The query result data may be data requested by the data query request, for example, the number of loans of the target user needs to be queried by the querying party, and the query result data may be a value of the number of loans of the target user, such as 3 times or 5 times.
In implementation, the terminal device of the inquiring party can send a data query request to the terminal device of the inquired party through the terminal device of the third party, after the terminal device of the inquired party receives the data query request, the terminal device of the inquired party can extract the personal information of the target user from the data query request, because the personal information contains the plaintext and the ciphertext, the fuzzy query can be performed only by using the plaintext in the personal information, the queried result contains the query result data corresponding to the personal information, and the terminal device of the inquired party can send the queried query result data to the terminal device of the third party. The terminal device of the third party can integrate the query result returned by the terminal device of the inquired party to obtain the final query result data, and then the query result data can be sent to the terminal device of the inquirer. And the terminal equipment of the inquiring party can receive the inquiry result data corresponding to the data inquiry request sent by the terminal equipment of the third party through the terminal equipment.
The embodiment of the specification provides a data query method based on privacy information protection, which includes sending a data query request to a third-party terminal device, where the data query request includes personal information of a target user to be queried, where predetermined information in the personal information is a ciphertext, information other than the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of a queried party, and then receiving query result data corresponding to the data query request sent by the third-party terminal device.
Example two
As shown in fig. 2, an execution subject of the method for data query based on privacy information protection may be a terminal device or a server, where the terminal device may be a mobile terminal device such as a mobile phone and a tablet computer, or may be a device such as a personal computer, and the server may be an independent server, or may be a server cluster formed by multiple servers. The server may be a background server of a certain service (e.g., financial services such as loan, etc.), or may be a background server of a certain application (e.g., financial applications), etc. The terminal device or server may be a terminal device or server of the inquired party. The method can be applied to the inquiry of personal information or personal data. The method may specifically comprise the steps of:
in step S202, a data query request sent by a terminal device of a third party is received, where the data query request includes personal information of a target user to be queried, where predetermined information in the personal information is a ciphertext, and information other than the predetermined information is a plaintext, and the ciphertext is obtained by the terminal device of a querying party performing encryption processing on the predetermined information based on an encryption key of the queried party.
In implementation, the terminal device of the querying party may send the data query request to the terminal device of the queried party through the terminal device of the third party, and the specific processing procedure may refer to the relevant content of step S102 in the first embodiment, which is not described herein again. The terminal device of the inquired party can receive the data inquiry request sent by the terminal device of the inquirer through the terminal device of the third party.
In step S204, according to the plaintext of the personal information in the data query request, the preselected query result data matched with the plaintext is obtained.
In implementation, after receiving a data query request, a terminal device of a queried party can extract personal information from the data query request, and since predetermined information in the personal information is ciphertext and subsequent data query cannot be performed, fuzzy query can be performed only by using plaintext in the personal information, and data obtained by fuzzy query can be used as preselected query result data matched with the plaintext. Here, since the preselected query result data is data queried through a part of the personal information, the preselected query result data may include not only data matching the personal information but also many other data.
For example, the personal information in the data query request is an identification document number (18-digit character number), since the identification document number includes the birth date of the target user, and the birth date is information that is important for the target user, the birth date in the identification document number may be encrypted based on the encryption key of the inquired party, and the rest of the information is plaintext, that is, the identification document number of 18-digit characters, characters located at 7 th to 14 th digits may be encrypted, and characters located at 1 st to 6 th digits and 15 th to 18 th digits may be kept in plaintext. Then, the characters of the plaintext located at 1 st bit to 6 th bit and 15 th bit to 18 th bit can be used to query the corresponding data, namely, the related data corresponding to the identity document numbers with the 1 st to 6 th and 15 th to 18 th characters in the identity document numbers which are completely the same as the 1 st to 6 th and 15 th to 18 th characters in the personal information are searched, for example, the user's credit number 100000198011110000 is queried, the birth date in the above-mentioned identification document number may be encrypted, for example, the encrypted identification document number may be 100000 aaaaaaaaaa 0000, then, the user can search for the ID card number with the first 6 bits being 100000, the last 4 bits being 0000, and the remaining 8 bits being any character, and obtain the loan times of the user of the searched ID card number, the loan times of the user of the searched identity document number are the data of the preselected query result.
It should be noted that the number of loans made by the user with the found identification document number includes the number of loans made by the user with the identification document number 100000198011110000.
In step S206, in a predetermined trusted environment, the ciphertext of the personal information is decrypted based on a predetermined decryption key, and based on the decrypted personal information, the preselection query result data corresponding to the decrypted personal information is obtained from the preselection query result data, and the obtained preselection query result data is sent to the terminal device of the third party as the query result data corresponding to the data query request.
The trusted environment may be a data processing environment that is secure and isolated from other environments, and processes executed in the trusted environment, data generated during data processing, and the like cannot be known by a third party, the inquiring party, and the inquired party. The decryption key may be a key for decrypting data obtained by encrypting data using a corresponding encryption key, and the decryption key and the corresponding encryption key may be pair keys such as a public key and a private key, and if the encryption key is the public key, the decryption key may be the private key, and if the encryption key is the private key, the decryption key may be the public key.
In implementation, in order to ensure that the personal information of the target user is not leaked, the personal information may be placed in a trusted environment, and then the following operations or processes may be performed in the trusted environment: since the preselected query result data includes a lot of data other than the query result data corresponding to the data query request, and in order to return accurate query result data to the terminal device of the querying party, complete personal information can be determined, and for this reason, the ciphertext in the personal information needs to be decrypted, specifically, since the ciphertext in the personal information is obtained by performing encryption processing on the encryption key of the terminal device of the queried party, the ciphertext in the personal information can be decrypted by using the decryption key of the terminal device of the queried party, and the decrypted complete personal information can be obtained. The decryption process and the decrypted personal information are both in a trusted environment, and other application programs or execution environments and the like cannot acquire the decrypted personal information and the related data of the decryption process, so that the data security is ensured.
In addition, after the decrypted personal information is obtained, accurate query result data can be obtained based on the decrypted personal information, specifically, after the preselected query result data is queried by the terminal device of the querying party in the above manner, the query result data corresponding to the personal information can be determined in a trusted environment, that is, the decrypted personal information can be searched in the preselected query result data, if the decrypted personal information is not searched, no processing can be performed or prompt information that the relevant data is not searched can be sent to the terminal device of the querying party, if the decrypted personal information is searched, the preselected query result data corresponding to the decrypted personal information can be obtained, and the preselected query result data can be used as the query result data corresponding to the data query request. The terminal device of the inquired party can send the inquiry result data to the terminal device of the third party, and the terminal device of the third party can forward the inquiry result data to the terminal device of the inquirer.
Through the above processing, the third party can only obtain the personal information including the plaintext and the ciphertext and the query result data, and cannot determine the decrypted personal information or the ciphertext in the personal information through a reverse query or the like. Since the decryption of the ciphertext and the return of the query result data are both performed in a trusted environment, the inquired party can only obtain the personal information containing the plaintext and the ciphertext and preselection query result data, and cannot deduce the decrypted personal information or the ciphertext in the personal information through the preselection query result data. Therefore, in the data query process, the data security is improved.
The embodiment of the specification provides a data query method based on privacy information protection, after a data query request sent by a terminal device of a third party is received, the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is ciphertext, the information except the predetermined information is plaintext, the ciphertext is obtained by encrypting the predetermined information by the terminal device of a querying party based on an encryption key of the queried party, then, according to the plaintext in the personal information, preselected query result data matched with the plaintext is obtained, so that the queried party cannot know result data really queried by the querying party, in addition, in a predetermined trusted environment, the ciphertext in the personal information is decrypted, and based on the decrypted personal information, query result data corresponding to the data query request is obtained from the preselected query result data, and the information is sent to the terminal equipment of the third party, so that the inquired party cannot acquire the decrypted related information and the inquiry result data, but only can acquire the personal information containing the plaintext and the ciphertext and the pre-selection inquiry result data, and cannot deduce the decrypted personal information or the ciphertext in the personal information through the pre-selection inquiry result data, thereby improving the safety of the data.
EXAMPLE III
As shown in fig. 3, an execution subject of the method for data query based on privacy information protection may be a terminal device or a server, where the terminal device may be a mobile terminal device such as a mobile phone and a tablet computer, or may be a device such as a personal computer, and the server may be an independent server, or may be a server cluster formed by multiple servers. The server may be a background server of a certain service (e.g., financial services such as loan, etc.), or may be a background server of a certain application (e.g., financial applications), etc. The terminal device or the server can be a terminal device or a server of a third party capable of integrating relevant data of the inquiring party and the inquired party to realize joint defense joint control. The method can be applied to the inquiry of personal information or personal data. The method may specifically comprise the steps of:
in step S302, a data query request sent by a terminal device of an inquirer is received, where the data query request includes personal information of a target user to be queried, predetermined information in the personal information is a ciphertext, information other than the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of the inquired party.
For a specific processing procedure of sending the data query request to the terminal device of the third party by the terminal device of the querying party, reference may be made to relevant contents in step S102 in the first embodiment, which is not described herein again. The terminal device of the third party may receive the data query request sent by the terminal device of the querying party.
In step S304, the data query request is transmitted to the terminal device of the inquired party.
In step S306, query result data returned by the terminal device of the inquired party for the data query request is received, and the query result data is sent to the terminal device of the inquirer.
For a specific processing procedure of determining the data query result corresponding to the data query request by the terminal device of the queried party, reference may be made to relevant contents of step S204 and step S206 in the second embodiment, which is not described herein again. After the terminal device of the inquired party determines the data query result corresponding to the data query request, the query result data can be sent to the terminal device of the third party, the terminal device of the third party can receive the query result data returned by the terminal device of the inquired party aiming at the data query request, and then the query result data can be sent to the terminal device of the inquirer.
Through the above processing, the third party can only obtain the personal information including the plaintext and the ciphertext and the query result data, and cannot determine the decrypted personal information or the ciphertext in the personal information through a reverse query or the like.
The embodiment of the specification provides a data query method based on privacy information protection, which includes receiving a data query request sent by a terminal device of a query party, where the data query request includes personal information of a target user to be queried, where predetermined information in the personal information is a ciphertext, information other than the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of the queried party, sending the data query request to the terminal device of the queried party, and obtaining returned query result data from the terminal device of the queried party.
Example four
As shown in fig. 4(a), an embodiment of the present disclosure provides a data query method based on privacy information protection, where the method may be performed by a terminal device of a querying party, a terminal device of a third party, and a terminal device of a queried party together, where the terminal device of each party may be a mobile terminal device such as a mobile phone and a tablet computer, or may be a device such as a personal computer or a server, and the server may be an independent server, or a server cluster formed by multiple servers. The server may be a background server of a certain service (e.g., financial services such as loan, etc.), or may be a background server of a certain application (e.g., financial applications), etc. The third party can be a party capable of integrating relevant data of the inquiring party and the inquired party to realize joint defense joint control. The method can be applied to the inquiry of personal information or personal data. The method specifically comprises the following steps:
in step S402, the terminal device of the inquiring party constructs a first encryption key and a corresponding first decryption key.
In implementation, as shown in fig. 4(b), in order to ensure the security of data in the data query process, a third party may establish a Software Development Kit (SDK) according to actual situations (such as business requirements, user requirements, and the like), and may deploy the SDK into application environments of a terminal device of an inquiring party and a terminal device of an inquired party respectively, and furthermore, a source code of the SDK may be disclosed to the inquiring party and the inquired party. The trusted environment can be provided for the processing of the data by the predetermined SDKs deployed at the terminal device of the inquiring party and the terminal device of the inquired party. In this way, the terminal device of the inquiring party and the terminal device of the inquired party can generate the key through the trusted environment, and perform decryption processing and the like on the ciphertext through the key. As shown in fig. 4(b), in order to ensure the security of data in the data query process, the terminal device of the querying party and the terminal device of the queried party may perform key exchange through the terminal device of the third party, and may specifically be implemented through a corresponding key exchange algorithm, where the key exchange algorithm may include multiple algorithms, such as Diffie-Hellman algorithm or Oakley algorithm, and the corresponding algorithm may be specifically selected according to actual situations, which is not limited in this embodiment of the specification. In this embodiment, the terminal device of the inquiring party is taken as an example, when the inquiring party needs to inquire certain data, the terminal device of the inquiring party can construct a key pair for the data inquiry processing that needs to be performed, that is, the SDK of the terminal device of the inquiring party can construct a first encryption key and a corresponding first decryption key based on a predetermined key exchange algorithm by using, for example, OpenSSL for the data inquiry processing that needs to be performed, for example, the first encryption key can be a public key of the inquiring party, and the first decryption key can be a private key of the inquiring party.
In step S404, the terminal device of the inquiring party transmits the first encryption key to the terminal device of the inquired party through the terminal device of the third party.
In implementation, as shown in fig. 4(b), the SDK of the terminal device of the inquiring party may send the first encryption key to the terminal device of the third party, and the terminal device of the third party may send the first encryption key to the SDK of the terminal device of the inquired party.
In step S406, the terminal device of the inquired party generates a second encryption key and a corresponding second decryption key based on the first encryption key, and sends the second encryption key to the terminal device of the inquirer through the terminal device of the third party.
In an implementation, as shown in fig. 4(b), after receiving a first encryption key sent by the SDK of the terminal device of the inquirer through the terminal device of the third party, the SDK of the inquired party may construct a second encryption key and a corresponding second decryption key using, for example, OpenSSL based on the first encryption key, where the second encryption key may be a public key of the inquired party, and the second decryption key may be a private key of the inquired party, and the like. Then, the SDK of the terminal device of the inquired party may send the second encryption key to the terminal device of the third party, and the terminal device of the third party may send the second encryption key to the terminal device of the inquirer.
In step S408, the terminal device of the inquired party takes the first encryption key and the second decryption key as a key pair of the inquired party.
In step S410, the terminal device of the inquiring party takes the second encryption key and the first decryption key as a key pair of the inquiring party.
It should be noted that the execution sequence of the processing of step S408 and step S410 is not limited to the above-mentioned method, and in practical applications, the processing of step S410 may be executed first, and then the processing of step S408 may be executed, or the processing of step S408 and step S410 may be executed at the same time, and the like, and the embodiment of the present specification does not limit this.
Through the processing, the generation of the key pair of the terminal device of the inquiring party and the inquired party and the exchange process of the key are all realized in the SDK provided by the third party, so that the third party, the inquiring party and the inquired party cannot perceive the processing process and cannot acquire related data generated in the process, and the safety of the data is ensured.
In step S412, the terminal device of the inquiring party acquires the encryption key of the terminal device of the inquired party and the personal information of the target user to be inquired.
In implementation, when the inquiring party needs to inquire some item of information related to the target user, personal information (such as an identity document number, a communication number (such as a mobile phone number, an email address, and the like)) of the target user may be acquired, and in addition, in order to ensure that the personal information of the target user is not leaked and that the SDK of the terminal device of the inquired party can obtain complete personal information, the personal information of the target user may be encrypted by using the encryption key of the inquired party, and for this reason, the encryption key of the inquired party, that is, the second encryption key, may be acquired from the key pair of the inquiring party.
It should be noted that, the above-mentioned process of acquiring the encryption key of the inquired party by the terminal device of the inquirer may be that the terminal device of the inquirer acquires the encryption key of the inquired party from a locally stored key pair, and the locally stored key pair is generated between the terminal device of the inquirer and the terminal device of the inquired party based on a predetermined key exchange algorithm. For a specific processing procedure, reference may be made to relevant contents of the above step S402 to step S410, which are not described herein again.
In step S414, the terminal device of the inquiring party performs homomorphic encryption processing on the predetermined information in the personal information based on the encryption key of the inquired party, and obtains the ciphertext in the personal information.
The homomorphic encryption processing may be encryption processing based on a computational complexity theory of a mathematical problem, data that is subjected to homomorphic encryption is processed to obtain an output, a result obtained by decrypting the output is the same as a result obtained by processing raw data that is not subjected to encryption processing by using the same method, homomorphic encryption may include partial homomorphic encryption, fully homomorphic encryption and the like, and correspondingly, encryption algorithms corresponding to different homomorphic encryptions may be different, for example, encryption algorithms corresponding to partial homomorphic encryptions may include, for example, an RSA algorithm, a Paillier algorithm and the like, encryption algorithms corresponding to fully homomorphic encryptions may include, for example, a Gentry algorithm and the like, which encryption algorithm to use specifically may be set according to an actual situation, which is not limited in the embodiment of the present specification. Further, homomorphic encryption can also have properties such as additive homomorphism, subtractive homomorphism, multiplicative homomorphism, division homomorphism, mixed multiplicative homomorphism, and the like.
In implementation, in order to perform processing such as calculation on the encrypted personal information without affecting other people or other structures, a homomorphic encryption mode may be used to perform encryption processing on the personal information of the target user, and specifically, the terminal device of the inquiring party may select a homomorphic encryption algorithm in advance according to an actual situation, such as an RSA algorithm, a Paillier algorithm, or a Gentry algorithm. After the terminal device of the inquiring party obtains the encryption key of the inquired party through the processing of step S412, the terminal device of the inquiring party can analyze the personal information of the target user to determine the predetermined information which needs to be encrypted, wherein the predetermined information can be preset according to the actual situation (such as the requirement of the currently processed service or the requirement of the user), for example, the birth date, the number in the specified position in the mobile phone number or the character in the specified position in the email address, etc. Then, the terminal device of the inquiring party may perform homomorphic encryption processing on the predetermined information in the personal information by using the pre-selected encryption algorithm based on the encryption key of the inquired party, so as to obtain the ciphertext in the personal information.
For example, as shown in fig. 4(b), the inquiring party needs to inquire the loan status of the user a (the identity document number of the user a is 100000198011110000), at this time, the terminal device of the inquiring party can acquire the ID card number of the user A and the encryption key of the inquired party, since the birth date of the user A is included in the identification document number of the user A, partial information of the birth date in the identification document number of the user A can be used as predetermined information, then, the inquiring party's terminal device can perform homomorphic encryption processing on the birth date in the user A's identity document number by using a pre-selected encryption algorithm based on the inquired party's encryption key (i.e. the second encryption key mentioned above), meanwhile, the information except the birth date in the ID card number can keep the plaintext, finally the ID card number with the birth date being the ciphertext is obtained, that is, the encrypted identification document number may be 100000 aaaaaaaaaa 0000.
In step S416, the terminal device of the inquiring party sends a data query request to the terminal device of the third party, where the data query request includes personal information of a target user to be queried, where predetermined information in the personal information is a ciphertext, and information other than the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of the inquired party.
In step S418, the terminal device of the third party transmits the data query request to the terminal device of the inquired party.
In step S420, the terminal device of the inquired party acquires the pre-selected inquiry result data matching the plaintext of the personal information in the data inquiry request according to the plaintext.
In implementation, as shown in fig. 4(b), the identity document number satisfying that the first 6 bits are 100000, the last 4 bits are 0000, and the remaining 8 bits are any characters may be searched, and the loan condition of the user of the searched identity document number is obtained, and then the loan condition of the user of the searched identity document number is the pre-selected query result data.
In step S422, the terminal device of the inquired party decrypts the ciphertext of the personal information by using the predetermined decryption key based on the predetermined SDK provided by the third party, acquires the preselected query result data corresponding to the decrypted personal information from the preselected query result data based on the decrypted personal information, and sends the acquired preselected query result data to the terminal device of the third party as the query result data corresponding to the data query request.
In step S424, the terminal device of the third party transmits the query result data to the terminal device of the querying party.
Through the processing, the generation of the key pair and the exchange process of the key of the terminal device of the inquiring party and the inquired party, the decryption of the cipher text and the return of the inquiry result data are all realized in the SDK provided by the third party, so that the inquired party can only obtain the personal information containing the plain text and the cipher text and preselection inquiry result data, and cannot deduce the decrypted personal information or the cipher text in the personal information through the preselection inquiry result data, while the third party can only obtain the personal information containing the plain text and the cipher text and the inquiry result data, and cannot determine the decrypted personal information or the cipher text in the personal information through a reverse inquiry mode and the like, and therefore, the safety of the data is improved in the data inquiry process.
The embodiment of the specification provides a data query method based on privacy information protection, after a data query request sent by a terminal device of a third party is received, the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is ciphertext, the information except the predetermined information is plaintext, the ciphertext is obtained by encrypting the predetermined information by the terminal device of a querying party based on an encryption key of the queried party, then, according to the plaintext in the personal information, preselected query result data matched with the plaintext is obtained, so that the queried party cannot know result data really queried by the querying party, in addition, in a predetermined trusted environment, the ciphertext in the personal information is decrypted, and based on the decrypted personal information, query result data corresponding to the data query request is obtained from the preselected query result data, and the information is sent to the terminal equipment of the third party, so that the inquired party cannot acquire the decrypted related information and the inquiry result data, but only can acquire the personal information containing the plaintext and the ciphertext and the pre-selection inquiry result data, and cannot deduce the decrypted personal information or the ciphertext in the personal information through the pre-selection inquiry result data, thereby improving the safety of the data.
EXAMPLE five
Based on the same idea, the data query method based on privacy information protection provided by the embodiment of the present specification further provides a data query device based on privacy information protection, as shown in fig. 5.
The data inquiry device based on privacy information protection comprises: a query request receiving module 501, a preselected result obtaining module 502 and a query result determining module 503, wherein:
the query request receiving module 501 is configured to receive a data query request sent by a terminal device of a third party, where the data query request includes personal information of a target user to be queried, predetermined information in the personal information is a ciphertext, information other than the predetermined information is a plaintext, and the ciphertext is obtained by encrypting, by the terminal device of a querying party, the predetermined information based on an encryption key of the queried party;
a preselected result obtaining module 502, configured to obtain preselected query result data matched with the plaintext of the personal information in the data query request;
the query result determining module 503 decrypts, in a predetermined trusted environment, the ciphertext of the personal information based on a predetermined decryption key, acquires, from the preselected query result data, preselected query result data corresponding to the decrypted personal information based on the decrypted personal information, and sends the acquired preselected query result data to the terminal device of the third party as query result data corresponding to the data query request.
In this embodiment of the present specification, the query result determining module 503 decrypts, based on a predetermined SDK provided by the third party, the ciphertext of the personal information by using a predetermined decryption key, acquires, based on the decrypted personal information, preselected query result data corresponding to the decrypted personal information from the preselected query result data, and sends the acquired preselected query result data to the terminal device of the third party as query result data corresponding to the data query request.
In this embodiment of the present specification, the ciphertext is obtained by performing, by the terminal device of the querying party, a homomorphic encryption process on the predetermined information based on the encryption key of the queried party.
In this embodiment of the present specification, the terminal device of the querying party and the terminal device of the queried party are deployed with a predetermined SDK provided by the third party, and the apparatus further includes:
the first key receiving module is used for receiving a first encryption key sent by the terminal equipment of the inquiring party through the terminal equipment of the third party;
the second key sending module is used for generating a second encryption key and a corresponding second decryption key based on the first encryption key and sending the second encryption key to the terminal equipment of the inquiring party through the terminal equipment of the third party;
a key pair determination module, which takes the first encryption key and the second decryption key as the key pair of the inquired party;
and the query result determining module is used for decrypting a ciphertext in the personal information based on the second decryption key, wherein the ciphertext is obtained by encrypting the preset information based on the second encryption key by the terminal equipment of the query party.
In an embodiment of this specification, the second key sending module generates a second encryption key and a corresponding second decryption key based on the first encryption key by using a predetermined key exchange algorithm.
In the embodiment of the present specification, the key exchange algorithm is a Diffie-Hellman algorithm or an Oakley algorithm.
The embodiment of the specification provides a data query device based on privacy information protection, after a data query request sent by a terminal device of a third party is received, the data query request includes personal information of a target user to be queried, predetermined information in the personal information is ciphertext, information except the predetermined information is plaintext, the ciphertext is obtained by encrypting the predetermined information by the terminal device of a querying party based on an encryption key of the queried party, then, according to the plaintext in the personal information, preselected query result data matched with the plaintext is obtained, so that the queried party cannot know result data really queried by the querying party, in addition, in a predetermined trusted environment, the ciphertext in the personal information is decrypted, and query result data corresponding to the data query request is obtained from the preselected query result data based on the decrypted personal information, and the information is sent to the terminal equipment of the third party, so that the inquired party cannot acquire the decrypted related information and the inquiry result data, but only can acquire the personal information containing the plaintext and the ciphertext and the pre-selection inquiry result data, and cannot deduce the decrypted personal information or the ciphertext in the personal information through the pre-selection inquiry result data, thereby improving the safety of the data.
EXAMPLE six
Based on the same idea, the data query method based on privacy information protection provided by the embodiment of the present specification further provides a data query device based on privacy information protection, as shown in fig. 6.
The data inquiry device based on privacy information protection comprises: a query request sending module 601 and a query result receiving module 602, wherein:
the query request sending module 601 is configured to send a data query request to a third-party terminal device, where the data query request includes personal information of a target user to be queried, predetermined information in the personal information is a ciphertext, information other than the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of a queried party;
the query result receiving module 602 receives query result data corresponding to the data query request sent by the terminal device of the third party.
In an embodiment of this specification, the apparatus further includes:
the information acquisition module is used for acquiring the encryption key of the inquired party and the personal information of the target user;
and the encryption module is used for carrying out homomorphic encryption processing on the preset information in the personal information based on the encryption key of the inquired party to obtain the ciphertext in the personal information.
In this embodiment of the present specification, the information obtaining module obtains an encryption key of the inquired party from a locally stored key pair, where the locally stored key pair is generated based on a predetermined key exchange algorithm with the terminal device of the inquired party.
In an embodiment of this specification, the apparatus further includes:
the key construction module is used for constructing a first encryption key and a corresponding first decryption key;
the first key sending module is used for sending the first encryption key to the terminal equipment of the inquired party through the terminal equipment of the third party so that the terminal equipment of the inquired party generates a second encryption key and a corresponding second decryption key based on the first encryption key, the first encryption key and the second decryption key are used as a key pair of the inquired party, and the second encryption key is sent to the terminal equipment of the inquired party through the terminal equipment of the third party;
the key pair determining module is used for receiving the second encryption key and taking the second encryption key and the first decryption key as the key pair of the inquiring party;
the information acquisition module acquires the second encryption key from the key pair of the inquirer so as to acquire the encryption key of the inquired party.
In an embodiment of this specification, the key construction module constructs a first encryption key and a corresponding first decryption key based on a predetermined key exchange algorithm.
The embodiment of the specification provides a data query device based on privacy information protection, which sends a data query request to a terminal device of a third party, where the data query request includes personal information of a target user to be queried, where predetermined information in the personal information is a ciphertext, information other than the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of a queried party, and then receives query result data corresponding to the data query request sent by the terminal device of the third party.
EXAMPLE seven
Based on the same idea, the data query apparatus based on privacy information protection provided by the embodiment of the present specification further provides a data query device based on privacy information protection, as shown in fig. 7.
The data query device based on privacy information protection may be a terminal device or a server of the queried party provided in the above embodiments.
The data query device based on privacy information protection can generate larger difference due to different configurations or performances, and can comprise one or more processors 701 and a memory 702, wherein one or more stored applications or data can be stored in the memory 702. Memory 702 may be, among other things, transient storage or persistent storage. The application program stored in memory 702 may include one or more modules (not shown), each of which may include a series of computer-executable instructions for the data query device. Still further, processor 701 may be configured to communicate with memory 702 to execute a series of computer-executable instructions in memory 702 on the data querying device. The data query apparatus may also include one or more power supplies 703, one or more wired or wireless network interfaces 704, one or more input-output interfaces 705, and one or more keyboards 706.
In particular, in this embodiment, the data query device includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the data query device, and the one or more programs configured to be executed by the one or more processors include computer-executable instructions for:
receiving a data query request sent by a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information by the terminal device of the querying party based on an encryption key of a queried party;
according to the plaintext of the personal information in the data query request, acquiring preselected query result data matched with the plaintext;
and in a preset trusted environment, decrypting the ciphertext of the personal information based on a preset decryption key, acquiring preselection query result data corresponding to the decrypted personal information from the preselection query result data based on the decrypted personal information, and sending the acquired preselection query result data to the terminal equipment of the third party as query result data corresponding to the data query request.
In this embodiment of the present specification, in a predetermined trusted environment, the decrypting, based on a predetermined decryption key, a ciphertext of the personal information, and based on the decrypted personal information, acquiring preselected query result data corresponding to the decrypted personal information from the preselected query result data, and sending the acquired preselected query result data to the terminal device of the third party as query result data corresponding to the data query request includes:
and based on the preset SDK provided by the third party, decrypting the ciphertext of the personal information by using a preset decryption key, acquiring preselection query result data corresponding to the decrypted personal information from the preselection query result data based on the decrypted personal information, and sending the acquired preselection query result data serving as query result data corresponding to the data query request to the terminal equipment of the third party.
In this embodiment of the present specification, the ciphertext is obtained by performing, by the terminal device of the querying party, a homomorphic encryption process on the predetermined information based on the encryption key of the queried party.
In this embodiment of the present specification, the terminal device of the querying party and the terminal device of the queried party are deployed with a predetermined SDK provided by the third party, and the method further includes:
receiving a first encryption key sent by the terminal equipment of the inquiring party through the terminal equipment of the third party;
generating a second encryption key and a corresponding second decryption key based on the first encryption key, and sending the second encryption key to the terminal equipment of the inquiring party through the terminal equipment of the third party;
using the first encryption key and the second decryption key as a key pair of the inquired party;
the decrypting process of the ciphertext of the personal information based on the predetermined decryption key comprises the following steps:
and decrypting a ciphertext in the personal information based on the second decryption key, wherein the ciphertext is obtained by encrypting the preset information by the terminal equipment of the inquiring party based on the second encryption key.
In an embodiment of this specification, the generating a second encryption key and a corresponding second decryption key based on the first encryption key includes:
a second encryption key and a corresponding second decryption key are generated based on the first encryption key using a predetermined key exchange algorithm.
In the embodiment of the present specification, the key exchange algorithm is a Diffie-Hellman algorithm or an Oakley algorithm.
The embodiment of the specification provides a data query device based on privacy information protection, after a data query request sent by a terminal device of a third party is received, the data query request includes personal information of a target user to be queried, predetermined information in the personal information is ciphertext, information except the predetermined information is plaintext, the ciphertext is obtained by encrypting the predetermined information by the terminal device of a querying party based on an encryption key of the queried party, then, according to the plaintext in the personal information, preselected query result data matched with the plaintext is obtained, so that the queried party cannot know result data really queried by the querying party, in addition, in a predetermined trusted environment, the ciphertext in the personal information is decrypted, and query result data corresponding to the data query request is obtained from the preselected query result data based on the decrypted personal information, and the information is sent to the terminal equipment of the third party, so that the inquired party cannot acquire the decrypted related information and the inquiry result data, but only can acquire the personal information containing the plaintext and the ciphertext and the pre-selection inquiry result data, and cannot deduce the decrypted personal information or the ciphertext in the personal information through the pre-selection inquiry result data, thereby improving the safety of the data.
Example eight
Based on the same idea, embodiments of the present specification further provide a data query device based on privacy information protection, as shown in fig. 8.
The data query device based on privacy information protection may be a terminal device or a server of the querying party provided in the above embodiments.
The data query device based on privacy information protection can generate larger difference due to different configurations or performances, and can comprise one or more than one processor 801 and a memory 802, wherein one or more than one stored application program or data can be stored in the memory 802. Wherein the memory 802 may be a transient storage or a persistent storage. The application program stored in memory 802 may include one or more modules (not shown), each of which may include a series of computer-executable instructions for the data query device. Still further, the processor 801 may be configured to communicate with the memory 802 such that a series of computer-executable instructions in the memory 802 are executed on the data query device. The data query apparatus may also include one or more power supplies 803, one or more wired or wireless network interfaces 804, one or more input-output interfaces 805, one or more keyboards 806.
In particular, in this embodiment, the data query device includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the data query device, and the one or more programs configured to be executed by the one or more processors include computer-executable instructions for:
sending a data query request to a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of a queried party;
and receiving query result data corresponding to the data query request sent by the terminal equipment of the third party.
In an embodiment of this specification, the method further includes:
acquiring an encryption key of the inquired party and personal information of the target user;
and performing homomorphic encryption processing on the preset information in the personal information based on the encryption key of the inquired party to obtain a ciphertext in the personal information.
In this embodiment of this specification, the obtaining an encryption key of the inquired party includes:
and acquiring the encryption key of the inquired party from a locally stored key pair, wherein the locally stored key pair is generated based on a predetermined key exchange algorithm with the terminal equipment of the inquired party.
In an embodiment of this specification, the method further includes:
constructing a first encryption key and a corresponding first decryption key;
sending the first encryption key to the terminal device of the inquired party through the terminal device of the third party, so that the terminal device of the inquired party generates a second encryption key and a corresponding second decryption key based on the first encryption key, the first encryption key and the second decryption key are used as a key pair of the inquired party, and the second encryption key is sent to the terminal device of the inquired party through the terminal device of the third party;
receiving the second encryption key, and using the second encryption key and the first decryption key as a key pair of the inquirer;
the obtaining the encryption key of the inquired party from the locally stored key pair comprises:
and acquiring the second encryption key from the key pair of the inquirer to acquire the encryption key of the inquired party.
In an embodiment of this specification, the constructing a first encryption key and a corresponding first decryption key includes:
a first encryption key and a corresponding first decryption key are constructed based on a predetermined key exchange algorithm.
The embodiment of the specification provides data query equipment based on privacy information protection, a data query request is sent to terminal equipment of a third party, the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, the ciphertext is obtained by encrypting the predetermined information based on an encryption key of a queried party, and then query result data corresponding to the data query request sent by the terminal equipment of the third party is received.
Example nine
Based on the same idea, embodiments of the present specification further provide a data query system based on privacy information protection, where the data query system based on privacy information protection may include a terminal device 901 of an inquiring party, a terminal device 902 of an inquired party, and a terminal device 903 of a third party, as shown in fig. 9.
The method comprises the steps that a terminal device 901 of an inquirer sends a data inquiry request to a terminal device 903 of a third party, wherein the data inquiry request comprises personal information of a target user to be inquired, predetermined information in the personal information is ciphertext, information except the predetermined information is plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of a terminal device 902 of an inquired party;
the terminal equipment 903 of the third party sends the data query request to the terminal equipment 902 of the inquired party;
the terminal device 902 of the inquired party acquires the pre-selected inquiry result data matched with the plaintext according to the plaintext of the personal information in the data inquiry request;
the inquired party's terminal device 902 decrypts the ciphertext of the personal information based on a predetermined decryption key in a predetermined trusted environment, and based on the decrypted personal information, obtains preselected inquiry result data corresponding to the decrypted personal information from the preselected inquiry result data, and sends the obtained preselected inquiry result data as inquiry result data corresponding to the data inquiry request to the third party's terminal device 903;
and the terminal equipment of the third party sends the query result data to the terminal equipment of the querying party.
In this embodiment of the present specification, the terminal device 902 of the inquired party decrypts the ciphertext of the personal information by using a predetermined decryption key based on the predetermined SDK provided by the third party, acquires, from the preselected query result data, preselected query result data corresponding to the decrypted personal information based on the decrypted personal information, and sends the acquired preselected query result data to the terminal device 903 of the third party as query result data corresponding to the data query request.
In this embodiment of the present specification, the ciphertext is obtained by performing, by the terminal device of the querying party, a homomorphic encryption process on the predetermined information based on the encryption key of the queried party.
In this embodiment of the present specification, the terminal device 901 of the querying party and the terminal device 902 of the queried party are deployed with a predetermined SDK provided by the third party, and the terminal device 902 of the queried party receives a first encryption key sent by the terminal device 901 of the querying party through the terminal device 903 of the third party; generating a second encryption key and a corresponding second decryption key based on the first encryption key, and sending the second encryption key to the terminal device 901 of the inquiring party through the terminal device of the third party; using the first encryption key and the second decryption key as a key pair of the inquired party; the decrypting process of the ciphertext of the personal information based on the predetermined decryption key comprises the following steps: and decrypting a ciphertext in the personal information based on the second decryption key, where the ciphertext is obtained by encrypting the predetermined information based on the second encryption key by the terminal device 901 of the querying party.
In the embodiment of the present specification, the terminal device 902 of the inquired party generates a second encryption key and a corresponding second decryption key using a predetermined key exchange algorithm based on the first encryption key.
In the embodiment of the present specification, the key exchange algorithm is a Diffie-Hellman algorithm or an Oakley algorithm.
In this embodiment of the present specification, the terminal device 901 of the querying party obtains the encryption key of the queried party and the personal information of the target user; and performing homomorphic encryption processing on the preset information in the personal information based on the encryption key of the inquired party to obtain a ciphertext in the personal information.
In this embodiment of the present specification, the terminal device 901 of the querying party obtains the encryption key of the queried party from a locally stored key pair, where the locally stored key pair is generated based on a predetermined key exchange algorithm with the terminal device of the queried party.
In this embodiment of the present specification, the terminal device 901 of the querying party constructs a first encryption key and a corresponding first decryption key; sending the first encryption key to the terminal device of the inquired party through the terminal device of the third party, so that the terminal device of the inquired party generates a second encryption key and a corresponding second decryption key based on the first encryption key, the first encryption key and the second decryption key are used as a key pair of the inquired party, and the second encryption key is sent to the terminal device of the inquired party through the terminal device of the third party; receiving the second encryption key, and using the second encryption key and the first decryption key as a key pair of the inquirer; the obtaining the encryption key of the inquired party from the locally stored key pair comprises: and acquiring the second encryption key from the key pair of the inquirer to acquire the encryption key of the inquired party.
In the embodiment of the present specification, the terminal device 901 of the inquiring party constructs a first encryption key and a corresponding first decryption key based on a predetermined key exchange algorithm.
The embodiment of the specification provides a data query system based on privacy information protection, after a data query request sent by a terminal device of a third party is received, the data query request includes personal information of a target user to be queried, predetermined information in the personal information is ciphertext, information except the predetermined information is plaintext, the ciphertext is obtained by encrypting the predetermined information by the terminal device of a querying party based on an encryption key of the queried party, then, according to the plaintext in the personal information, preselected query result data matched with the plaintext is obtained, so that the queried party cannot know result data really queried by the querying party, in addition, in a predetermined trusted environment, the ciphertext in the personal information is decrypted, and query result data corresponding to the data query request is obtained from the preselected query result data based on the decrypted personal information, and the information is sent to the terminal equipment of the third party, so that the inquired party cannot acquire the decrypted related information and the inquiry result data, but only can acquire the personal information containing the plaintext and the ciphertext and the pre-selection inquiry result data, and cannot deduce the decrypted personal information or the ciphertext in the personal information through the pre-selection inquiry result data, thereby improving the safety of the data.
The third party can only obtain the personal information containing the plaintext and the ciphertext and the query result data, and cannot determine the decrypted personal information or the ciphertext in the personal information in a reverse query mode and the like, so that the data security is improved in the data query process.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations in implementing one or more embodiments of the present description.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present description are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data query device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data query device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data query apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data querying device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer implemented process such that the instructions which execute on the computer or other programmable device provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.
Claims (19)
1. A data query method based on privacy information protection is applied to terminal equipment of a queried party, and the method comprises the following steps:
receiving a data query request sent by a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information by the terminal device of the querying party based on an encryption key of a queried party;
according to the plaintext of the personal information in the data query request, acquiring preselected query result data matched with the plaintext;
and in a preset trusted environment, decrypting the ciphertext of the personal information based on a preset decryption key, acquiring preselection query result data corresponding to the decrypted personal information from the preselection query result data based on the decrypted personal information, and sending the acquired preselection query result data to the terminal equipment of the third party as query result data corresponding to the data query request.
2. The method according to claim 1, wherein in a predetermined trusted environment, decrypting a ciphertext of the personal information based on a predetermined decryption key, acquiring preselected query result data corresponding to the decrypted personal information from the preselected query result data based on the decrypted personal information, and sending the acquired preselected query result data to the terminal device of the third party as query result data corresponding to the data query request, includes:
and based on the preset SDK provided by the third party, decrypting the ciphertext of the personal information by using a preset decryption key, acquiring preselection query result data corresponding to the decrypted personal information from the preselection query result data based on the decrypted personal information, and sending the acquired preselection query result data serving as query result data corresponding to the data query request to the terminal equipment of the third party.
3. The method according to claim 1, wherein the ciphertext is obtained by performing homomorphic encryption processing on the predetermined information by the terminal device of the inquiring party based on the encryption key of the inquired party.
4. The method according to any one of claims 1-3, wherein the terminal device of the inquiring party and the terminal device of the inquired party are deployed with a predetermined SDK provided by the third party, the method further comprising:
receiving a first encryption key sent by the terminal equipment of the inquiring party through the terminal equipment of the third party;
generating a second encryption key and a corresponding second decryption key based on the first encryption key, and sending the second encryption key to the terminal equipment of the inquiring party through the terminal equipment of the third party;
using the first encryption key and the second decryption key as a key pair of the terminal equipment of the inquired party;
the decrypting process of the ciphertext of the personal information based on the predetermined decryption key comprises the following steps:
and decrypting a ciphertext in the personal information based on the second decryption key, wherein the ciphertext is obtained by encrypting the preset information by the terminal equipment of the inquiring party based on the second encryption key.
5. The method of claim 4, the generating a second encryption key and a corresponding second decryption key based on the first encryption key, comprising:
a second encryption key and a corresponding second decryption key are generated based on the first encryption key using a predetermined key exchange algorithm.
6. The method of claim 5, the key exchange algorithm being a Diffie-Hellman algorithm or an Oakley algorithm.
7. A data query method based on privacy information protection is applied to terminal equipment of a query party, and the method comprises the following steps:
sending a data query request to a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of a queried party;
receiving query result data corresponding to the data query request sent by the terminal device of the third party, wherein the query result data is data obtained by the terminal device of the inquired party according to the plaintext of the personal information in the data query request, obtaining preselected query result data matched with the plaintext, decrypting the ciphertext of the personal information based on a predetermined decryption key in a predetermined trusted environment, obtaining preselected query result data corresponding to the decrypted personal information from the preselected query result data based on the decrypted personal information, and sending the obtained preselected query result data to the terminal device of the third party as the query result data corresponding to the data query request.
8. The method of claim 7, further comprising:
acquiring an encryption key of the inquired party and personal information of the target user;
and performing homomorphic encryption processing on the preset information in the personal information based on the encryption key of the inquired party to obtain a ciphertext in the personal information.
9. The method of claim 8, the obtaining an encryption key of the inquired party, comprising:
and acquiring the encryption key of the inquired party from a locally stored key pair, wherein the locally stored key pair is generated based on a predetermined key exchange algorithm with the terminal equipment of the inquired party.
10. The method of claim 9, further comprising:
constructing a first encryption key and a corresponding first decryption key;
sending the first encryption key to the terminal device of the inquired party through the terminal device of the third party, so that the terminal device of the inquired party generates a second encryption key and a corresponding second decryption key based on the first encryption key, the first encryption key and the second decryption key are used as a key pair of the inquired party, and the second encryption key is sent to the terminal device of the inquired party through the terminal device of the third party;
receiving the second encryption key, and using the second encryption key and the first decryption key as a key pair of the inquirer;
the obtaining the encryption key of the inquired party from the locally stored key pair comprises:
and acquiring the second encryption key from the key pair of the inquirer to acquire the encryption key of the inquired party.
11. The method of claim 10, the constructing a first encryption key and a corresponding first decryption key, comprising:
a first encryption key and a corresponding first decryption key are constructed based on a predetermined key exchange algorithm.
12. A data query apparatus based on privacy information protection, the apparatus comprising:
the query request receiving module is used for receiving a data query request sent by a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information by the terminal device of the querying party based on an encryption key of the queried party;
the preselection result acquisition module is used for acquiring preselection query result data matched with the plaintext according to the plaintext of the personal information in the data query request;
and the query result determining module is used for decrypting the ciphertext of the personal information based on a preset decryption key in a preset trusted environment, acquiring preselected query result data corresponding to the decrypted personal information from the preselected query result data based on the decrypted personal information, and sending the acquired preselected query result data to the terminal equipment of the third party as the query result data corresponding to the data query request.
13. The apparatus according to claim 12, wherein the query result determining module decrypts a ciphertext of the personal information by using a predetermined decryption key based on a predetermined SDK provided by the third party, obtains preselected query result data corresponding to the decrypted personal information from the preselected query result data based on the decrypted personal information, and sends the obtained preselected query result data to the terminal device of the third party as the query result data corresponding to the data query request.
14. The apparatus according to claim 12, wherein the ciphertext is obtained by the terminal device of the inquiring party performing homomorphic encryption processing on the predetermined information based on the encryption key of the inquired party.
15. A data query apparatus based on privacy information protection, the apparatus comprising:
the query request sending module is used for sending a data query request to terminal equipment of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of a queried party;
the query result receiving module is used for receiving query result data corresponding to the data query request sent by the terminal device of the third party, the query result data is data obtained by the terminal device of the inquired party according to the plaintext of the personal information in the data query request, preselection query result data matched with the plaintext is obtained, in a preset trusted environment, the ciphertext of the personal information is decrypted based on a preset decryption key, preselection query result data corresponding to the decrypted personal information is obtained from the preselection query result data based on the decrypted personal information, and the obtained preselection query result data is sent to the terminal device of the third party as the query result data corresponding to the data query request.
16. The apparatus of claim 15, the apparatus further comprising:
the information acquisition module is used for acquiring the encryption key of the inquired party and the personal information of the target user;
and the encryption module is used for carrying out homomorphic encryption processing on the preset information in the personal information based on the encryption key of the inquired party to obtain the ciphertext in the personal information.
17. A data query device based on privacy information protection, the data query device comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
receiving a data query request sent by a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information by the terminal device of the querying party based on an encryption key of a queried party;
according to the plaintext of the personal information in the data query request, acquiring preselected query result data matched with the plaintext;
and in a preset trusted environment, decrypting the ciphertext of the personal information based on a preset decryption key, acquiring preselection query result data corresponding to the decrypted personal information from the preselection query result data based on the decrypted personal information, and sending the acquired preselection query result data to the terminal equipment of the third party as query result data corresponding to the data query request.
18. A data query device based on privacy information protection, the data query device comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
sending a data query request to a terminal device of a third party, wherein the data query request comprises personal information of a target user to be queried, the predetermined information in the personal information is a ciphertext, the information except the predetermined information is a plaintext, and the ciphertext is obtained by encrypting the predetermined information based on an encryption key of a queried party;
receiving query result data corresponding to the data query request sent by the terminal device of the third party, wherein the query result data is data obtained by the terminal device of the inquired party according to the plaintext of the personal information in the data query request, obtaining preselected query result data matched with the plaintext, decrypting the ciphertext of the personal information based on a predetermined decryption key in a predetermined trusted environment, obtaining preselected query result data corresponding to the decrypted personal information from the preselected query result data based on the decrypted personal information, and sending the obtained preselected query result data to the terminal device of the third party as the query result data corresponding to the data query request.
19. A data query system based on privacy information protection, the data query system comprising a terminal device of a querying party, a terminal device of a queried party and a terminal device of a third party, wherein:
the terminal equipment of the inquirer sends a data inquiry request to the terminal equipment of the third party, wherein the data inquiry request comprises personal information of a target user to be inquired, the preset information in the personal information is a ciphertext, the information except the preset information is a plaintext, and the ciphertext is obtained by encrypting the preset information based on an encryption key of the inquired party;
the terminal equipment of the third party sends the data query request to the terminal equipment of the inquired party;
the terminal equipment of the inquired party acquires pre-selected inquiry result data matched with the plaintext according to the plaintext of the personal information in the data inquiry request;
the terminal equipment of the inquired party decrypts the ciphertext of the personal information based on a preset decryption key in a preset trusted environment, acquires preselected query result data corresponding to the decrypted personal information from the preselected query result data based on the decrypted personal information, and sends the acquired preselected query result data to the terminal equipment of the third party as query result data corresponding to the data query request;
and the terminal equipment of the third party sends the query result data to the terminal equipment of the querying party.
Priority Applications (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911172287.5A CN110895611B (en) | 2019-11-26 | 2019-11-26 | Data query method, device, equipment and system based on privacy information protection |
| CN202110507555.5A CN113254957B (en) | 2019-11-26 | 2019-11-26 | Data query method, device, equipment and system based on privacy information protection |
| TW109115324A TWI747274B (en) | 2019-11-26 | 2020-05-08 | Data query method, device, equipment and system based on privacy information protection |
| PCT/CN2020/111859 WO2021103708A1 (en) | 2019-11-26 | 2020-08-27 | Data query method, apparatus, device and system based on privacy information protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911172287.5A CN110895611B (en) | 2019-11-26 | 2019-11-26 | Data query method, device, equipment and system based on privacy information protection |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110507555.5A Division CN113254957B (en) | 2019-11-26 | 2019-11-26 | Data query method, device, equipment and system based on privacy information protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110895611A CN110895611A (en) | 2020-03-20 |
| CN110895611B true CN110895611B (en) | 2021-04-02 |
Family
ID=69786716
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911172287.5A Active CN110895611B (en) | 2019-11-26 | 2019-11-26 | Data query method, device, equipment and system based on privacy information protection |
| CN202110507555.5A Active CN113254957B (en) | 2019-11-26 | 2019-11-26 | Data query method, device, equipment and system based on privacy information protection |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110507555.5A Active CN113254957B (en) | 2019-11-26 | 2019-11-26 | Data query method, device, equipment and system based on privacy information protection |
Country Status (3)
| Country | Link |
|---|---|
| CN (2) | CN110895611B (en) |
| TW (1) | TWI747274B (en) |
| WO (1) | WO2021103708A1 (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110895611B (en) * | 2019-11-26 | 2021-04-02 | 支付宝(杭州)信息技术有限公司 | Data query method, device, equipment and system based on privacy information protection |
| CN111767560A (en) * | 2020-06-24 | 2020-10-13 | 中国工商银行股份有限公司 | Aggregation query method and device for multiple data sources |
| CN112016120B (en) * | 2020-08-26 | 2024-03-26 | 支付宝(杭州)信息技术有限公司 | Event prediction method and device based on user privacy protection |
| CN112232639B (en) * | 2020-09-22 | 2023-06-30 | 支付宝(杭州)信息技术有限公司 | Statistical method, statistical device and electronic equipment |
| CN112367612B (en) * | 2020-11-06 | 2023-03-24 | 歌尔科技有限公司 | UWB-based positioning method, UWB device and positioning system |
| CN112115516B (en) * | 2020-11-13 | 2021-03-02 | 支付宝(杭州)信息技术有限公司 | Data query method and device for protecting privacy |
| CN112100206A (en) * | 2020-11-13 | 2020-12-18 | 支付宝(杭州)信息技术有限公司 | Digital label generation method, device, equipment and readable medium |
| CN112487505A (en) * | 2020-11-23 | 2021-03-12 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
| CN112667689A (en) * | 2021-01-04 | 2021-04-16 | 拉卡拉支付股份有限公司 | Data query method, data query device, electronic equipment, storage medium and program product |
| CN112613077B (en) * | 2021-01-22 | 2021-07-23 | 支付宝(杭州)信息技术有限公司 | Privacy-protecting multi-party data processing method, device and system |
| CN113111365B (en) * | 2021-04-22 | 2024-04-09 | 广州市人心网络科技有限公司 | Online psychological consultation privacy data protection method, storage medium and system based on envelope encryption |
| CN113779598A (en) * | 2021-08-27 | 2021-12-10 | 北京达佳互联信息技术有限公司 | Data processing method, device, server and storage medium |
| CN114021172B (en) * | 2021-11-10 | 2022-10-21 | 苏州同济区块链研究院有限公司 | Multi-party joint security calculation method and device based on alliance chain |
| CN114338091A (en) * | 2021-12-08 | 2022-04-12 | 杭州逗酷软件科技有限公司 | Data transmission method and device, electronic equipment and storage medium |
| CN114500006B (en) * | 2022-01-05 | 2023-08-04 | 支付宝(杭州)信息技术有限公司 | Query request processing method and device |
| CN115086037B (en) * | 2022-06-16 | 2024-04-05 | 京东城市(北京)数字科技有限公司 | Data processing method and device, storage medium and electronic equipment |
| CN116522404B (en) * | 2023-07-05 | 2023-09-22 | 北京数牍科技有限公司 | Data processing method, device, equipment and computer storage medium |
| CN117235802B (en) * | 2023-11-13 | 2024-01-26 | 翼方健数(北京)信息科技有限公司 | Condition trace query method, system and medium based on privacy calculation |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101404576A (en) * | 2008-09-27 | 2009-04-08 | 深圳市迅雷网络技术有限公司 | Network resource query method and system |
| CN106776904A (en) * | 2016-11-30 | 2017-05-31 | 中南大学 | The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment |
| CN106850187A (en) * | 2017-01-13 | 2017-06-13 | 温州大学瓯江学院 | A kind of privacy character information encrypted query method and system |
| CN106874401A (en) * | 2016-12-30 | 2017-06-20 | 中安威士(北京)科技有限公司 | A kind of ciphertext index method of data base-oriented encrypted fields fuzzy search |
| CN107820614A (en) * | 2015-06-29 | 2018-03-20 | 微软技术许可有限责任公司 | The personal search index of privacy enhancing |
| CN108132977A (en) * | 2017-12-12 | 2018-06-08 | 华南农业大学 | Ciphertext database querying method and system based on vertical division |
| CN109359480A (en) * | 2018-10-08 | 2019-02-19 | 温州大学瓯江学院 | A kind of the privacy of user guard method and system of Digital Library-Oriented |
Family Cites Families (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8468244B2 (en) * | 2007-01-05 | 2013-06-18 | Digital Doors, Inc. | Digital information infrastructure and method for security designated data and with granular data stores |
| TWI453621B (en) * | 2011-10-31 | 2014-09-21 | Chunghwa Telecom Co Ltd | A decentralized environmental information inquiry system based on user privacy |
| CN103973668B (en) * | 2014-03-27 | 2017-02-01 | 温州大学 | Server-side personal privacy data protecting method in network information system |
| CN104572827B (en) * | 2014-12-08 | 2017-12-15 | 北京工业大学 | It is a kind of based on across plaintext and the Hybrid Search system of ciphertext |
| US10833841B2 (en) * | 2016-07-13 | 2020-11-10 | Sap Se | Leakage-free order-preserving encryption |
| WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| CN113139009A (en) * | 2017-10-23 | 2021-07-20 | 创新先进技术有限公司 | Data auditing method and device |
| CN107749865B (en) * | 2017-12-07 | 2019-11-15 | 安徽大学 | A kind of location privacy querying method based on homomorphic cryptography |
| CN108364223B (en) * | 2017-12-29 | 2021-01-26 | 创新先进技术有限公司 | Data auditing method and device |
| CN108363689B (en) * | 2018-02-07 | 2021-03-19 | 南京邮电大学 | Privacy protection multi-keyword Top-k ciphertext retrieval method and system facing hybrid cloud |
| CN109299619B (en) * | 2018-10-09 | 2020-12-25 | 北京腾云天下科技有限公司 | Data query method, computing device and system |
| CN110033267B (en) * | 2019-02-19 | 2020-05-29 | 阿里巴巴集团控股有限公司 | Method, node, system and storage medium for implementing privacy protection in block chain |
| CN110046511A (en) * | 2019-03-16 | 2019-07-23 | 深圳壹账通智能科技有限公司 | Leaking data method, apparatus, equipment and storage medium are prevented based on alliance's chain |
| CN110457945B (en) * | 2019-08-01 | 2021-03-02 | 卫盈联信息技术(深圳)有限公司 | List query method, query party device, service party device and storage medium |
| CN110895611B (en) * | 2019-11-26 | 2021-04-02 | 支付宝(杭州)信息技术有限公司 | Data query method, device, equipment and system based on privacy information protection |
-
2019
- 2019-11-26 CN CN201911172287.5A patent/CN110895611B/en active Active
- 2019-11-26 CN CN202110507555.5A patent/CN113254957B/en active Active
-
2020
- 2020-05-08 TW TW109115324A patent/TWI747274B/en active
- 2020-08-27 WO PCT/CN2020/111859 patent/WO2021103708A1/en active Application Filing
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101404576A (en) * | 2008-09-27 | 2009-04-08 | 深圳市迅雷网络技术有限公司 | Network resource query method and system |
| CN107820614A (en) * | 2015-06-29 | 2018-03-20 | 微软技术许可有限责任公司 | The personal search index of privacy enhancing |
| CN106776904A (en) * | 2016-11-30 | 2017-05-31 | 中南大学 | The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment |
| CN106874401A (en) * | 2016-12-30 | 2017-06-20 | 中安威士(北京)科技有限公司 | A kind of ciphertext index method of data base-oriented encrypted fields fuzzy search |
| CN106850187A (en) * | 2017-01-13 | 2017-06-13 | 温州大学瓯江学院 | A kind of privacy character information encrypted query method and system |
| CN108132977A (en) * | 2017-12-12 | 2018-06-08 | 华南农业大学 | Ciphertext database querying method and system based on vertical division |
| CN109359480A (en) * | 2018-10-08 | 2019-02-19 | 温州大学瓯江学院 | A kind of the privacy of user guard method and system of Digital Library-Oriented |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021103708A1 (en) | 2021-06-03 |
| TW202121197A (en) | 2021-06-01 |
| CN110895611A (en) | 2020-03-20 |
| CN113254957B (en) | 2022-04-08 |
| CN113254957A (en) | 2021-08-13 |
| TWI747274B (en) | 2021-11-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110895611B (en) | Data query method, device, equipment and system based on privacy information protection | |
| CN108932297B (en) | Data query method, data sharing method, device and equipment | |
| CN108055125B (en) | Method and device for encrypting and decrypting product information | |
| CN108364223B (en) | Data auditing method and device | |
| CN112016120B (en) | Event prediction method and device based on user privacy protection | |
| CN109784931B (en) | Query method of data query platform based on blockchain | |
| CN112818380A (en) | Method, device, equipment and system for backtracking processing of business behaviors | |
| CN115688167B (en) | Method, device and system for inquiring trace and storage medium | |
| CN110505054B (en) | Data processing method, device and equipment based on dynamic white box | |
| CN113672971A (en) | Business service providing method, device, equipment and system based on block chain | |
| CN111639367A (en) | Tree model-based two-party combined classification method, device, equipment and medium | |
| US7657034B2 (en) | Data encryption in a symmetric multiprocessor electronic apparatus | |
| CN111740815A (en) | Ciphertext-based two-party secret sharing method, device, equipment and storage medium | |
| CN114091062A (en) | Occupational data processing method and device | |
| CN112887297B (en) | Privacy-protecting differential data determining method, device, equipment and system | |
| CN117150557A (en) | Compression-supporting private information retrieval method and system based on secure multiparty computing | |
| CN115982768A (en) | Privacy intersection method and device | |
| CN116361849A (en) | Backup data encryption and decryption method and device for encrypted database | |
| CN113965310B (en) | Method for realizing mixed privacy calculation processing based on label capable of being controlled to be de-identified | |
| CN112822201B (en) | Privacy-protecting difference data determination method, device, equipment and system | |
| JP2002290395A (en) | Information terminal | |
| WO2019142265A1 (en) | Data management device, search device, registration device, data management method, and data management program | |
| CN114691759B (en) | Data query statistical method, device, computer equipment and storage medium | |
| CN114500006B (en) | Query request processing method and device | |
| CN115062063B (en) | Data query method and device based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |