CN111385266A - Data sharing method and device, computer equipment and storage medium - Google Patents

Data sharing method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN111385266A
CN111385266A CN201811639763.5A CN201811639763A CN111385266A CN 111385266 A CN111385266 A CN 111385266A CN 201811639763 A CN201811639763 A CN 201811639763A CN 111385266 A CN111385266 A CN 111385266A
Authority
CN
China
Prior art keywords
data
shared
party platform
key
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811639763.5A
Other languages
Chinese (zh)
Other versions
CN111385266B (en
Inventor
刘睿
梅珂夫
叶良顺
李鹏
尚涛
薛高飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Asiainfo Software Co ltd
Original Assignee
Hunan Asiainfo Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Asiainfo Software Co ltd filed Critical Hunan Asiainfo Software Co ltd
Priority to CN201811639763.5A priority Critical patent/CN111385266B/en
Publication of CN111385266A publication Critical patent/CN111385266A/en
Application granted granted Critical
Publication of CN111385266B publication Critical patent/CN111385266B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/563Data redirection of data network streams

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a data sharing method, a data sharing device, computer equipment and a storage medium. The method comprises the following steps: the method comprises the following steps: the third-party platform acquires data to be shared and a dynamic key of a data contributor; the third-party platform acquires an authorization key of a data sharing requester; and the third-party platform verifies whether the authorization key is matched with the dynamic key or not, and if the third-party platform verifies that the authorization key is matched with the dynamic key, the data to be shared are sent to a data sharing requester. By adopting the method, large-scale calculation depending on data sharing can be realized.

Description

Data sharing method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of big data technologies, and in particular, to a data sharing method and apparatus, a computer device, and a storage medium.
Background
With the development of big data technology, more and more databases are generated, and when different databases belong to different organizations and data interaction is required to be carried out on the databases among the different organizations, one or more databases are required to share one part of data of the databases.
However, data interaction between databases poses a great security risk to the databases, and thus data sharing and data interaction are hindered.
At present, the data interaction of different databases is mainly performed in a third-party supervision mode to solve the problems, but the third-party supervision mode cannot realize large-scale calculation.
Disclosure of Invention
In view of the above, it is necessary to provide a data sharing method, apparatus, computer device and storage medium for solving the above technical problems.
A method of data sharing, the method comprising:
the third-party platform acquires data to be shared and a dynamic key of a data contributor;
the third-party platform acquires an authorization key of a data sharing requester;
the third party platform verifying that the third party platform verifies that the authorization key matches the dynamic key,
and if the third-party platform verifies that the authorization key is matched with the dynamic key, sending the data to be shared to a data sharing requester.
In one embodiment, the data interaction interfaces of the third-party platform, the data contributor and the data sharing requester include: a representational state transfer interface of hypertext transfer security protocol.
In one embodiment, the third-party platform obtaining the data to be shared and the dynamic key of the data contributor includes:
and the third-party platform acquires the request of the data sharing requester, and acquires the data to be shared of the data contributor and the dynamic key according to the request.
In one embodiment, the third-party platform obtaining the data to be shared and the dynamic key of the data contributor further includes:
the third-party platform acquires an encryption and decryption function;
and obtaining an encryption and decryption strategy according to the encryption and decryption function and the dynamic key.
In one embodiment, the third party platform verifying that the authorization key matches the dynamic key comprises: and verifying whether the encryption and decryption policies of the authorization key and the dynamic key are the same.
In one embodiment, the method further comprises:
acquiring a data sharing request descriptor;
verifying whether the data sharing descriptor is matched with the data to be shared;
and if the authorization key is matched with the dynamic key and the data sharing request descriptor is matched with the data to be shared, sending the data to be shared to a data sharing requester.
In one embodiment, the verifying whether the data sharing request descriptor matches the data to be shared includes:
obtaining the descriptor of the data to be shared according to the data to be shared;
comparing whether the data sharing request descriptor is consistent with the descriptor of the data to be shared;
if the data sharing request descriptor is consistent with the data descriptor to be shared, judging that the data sharing request descriptor is matched with the data to be shared.
A method of data contribution, the method comprising:
the data contributors generate encryption and decryption strategies;
the data contributors acquire target data;
the data contributors encrypt the target data according to the encryption and decryption strategies to obtain data to be shared and a dynamic key;
the data contributors generate authorization keys according to the dynamic keys;
the data contributor sends the authorization key to a data sharing requester;
and the data contributor outputs the data to be shared and the encryption and decryption strategies.
In one embodiment, the data contributor outputting the data to be shared includes:
the data contributors generate descriptors of the data to be shared according to the data to be shared;
and the data contributors send the data to be shared and the descriptors of the data to be shared to the third-party platform.
In one embodiment, the data contributor obtaining target data comprises:
the data contributors acquire data sharing requests;
and the data contributors obtain target data according to the data sharing request.
In one embodiment, the method further comprises:
judging whether the target data is sensitive data;
and if the target data are sensitive data, the data contributors encrypt the target data according to the encryption and decryption strategies to obtain the data to be shared and the dynamic key.
In one embodiment, the encrypting the target data by the data contributor according to the encryption and decryption policy to obtain the data to be shared and the dynamic key includes:
and generating the dynamic key, the validity period of the dynamic key matched with the dynamic key and an applicable object of the dynamic key according to the encryption and decryption strategy.
In one embodiment, the method further comprises: acquiring the generation duration of a dynamic key or an authorization key; and if the generation duration is within the validity period of the dynamic key, the third-party platform verifies whether the authorization key is matched with the dynamic key.
A method of data request, the method comprising:
the data sharing request is sent to the data contributor;
the data sharing request party receives an authorization key transmitted by the data contributor party;
the data sharing requester sends the authorization key to a third-party platform for verification;
and if the authorization key passes the verification of the third-party platform, the data sharing requester acquires the data to be shared from the third-party platform.
In one embodiment, the data sharing request includes:
the data sharing method comprises the steps that a data sharing request party obtains a source address, a data entity, a data mode and an application motivation of data to be shared.
In one embodiment, the method comprises the steps of the method of claim 1, further comprising:
if the data contributor and the data sharing requester mutually contribute to each other and request each other, then
The data contributor generates first data to be shared and a first dynamic key, and the data sharing requester generates second data to be shared and a second dynamic key;
the third-party platform acquires the first to-be-shared data and the first dynamic key;
the third-party platform acquires the second data to be shared and the second dynamic key;
the third-party platform acquires an encryption and decryption strategy and a calculation instruction;
the third party platform obtains first shared data according to the encryption and decryption strategy and the first dynamic secret key, and the third party platform obtains second shared data according to the encryption and decryption strategy and the second dynamic secret key;
and the third-party platform calculates the first shared data and the second shared data according to the calculation instruction to obtain a joint calculation result.
In one embodiment, the third party platform obtaining the encryption and decryption policy and the calculation instruction includes:
and the third-party platform acquires a first encryption and decryption strategy matched with the first dynamic key and a second encryption and decryption strategy matched with the second dynamic key.
In one embodiment, the third party platform obtaining the encryption and decryption policy and the calculation instruction includes:
a data sharing requester generates a calculation distribution strategy;
the data sharing requester verifies whether the calculation instruction is matched with the calculation allocation strategy;
if the data sharing requester verifies that the calculation instruction is matched with the calculation allocation strategy;
the third party platform executes the computing instructions.
A data sharing apparatus, the apparatus comprising:
the data acquisition module of the data contributor is used for acquiring the data to be shared and the dynamic key of the data contributor by a third-party platform;
the data sharing requester comprises a data acquisition module, a data sharing request descriptor module and a data sharing module, wherein the data acquisition module is used for acquiring an authorization key and a data sharing request descriptor of a data sharing requester by the third-party platform;
the verification module is used for verifying whether the authorization key is matched with the dynamic key or not by the third-party platform;
and the data to be shared sending module is used for sending the data to be shared to a data sharing requester when the third-party platform verifies that the authorization key is matched with the dynamic key.
A data contribution apparatus, the apparatus comprising:
the encryption and decryption function acquisition module is used for acquiring an encryption and decryption function by a data contributor;
the encryption and decryption strategy generating module is used for generating an encryption and decryption strategy by the data contributor according to the encryption and decryption function;
the target data acquisition module is used for acquiring target data by the data contributors;
the target data encryption module is used for encrypting the target data by the data contributor according to the encryption and decryption strategy to obtain data to be shared and a dynamic key;
the authorization key generation module is used for generating an authorization key by the data contributor according to the dynamic key;
the authorization key sending module is used for sending the authorization key to the data sharing requester by the data contributor;
and the data sending module is used for sending the data to be shared and the encryption and decryption strategies to a third-party platform by the data contributors.
A data requesting device, the device comprising:
the data sharing request sending module is used for sending a data sharing request to a data contributor by a data sharing request direction;
the authorization key receiver is used for the data sharing requester to receive the authorization key transmitted by the data contributor;
the authorization key verification module is used for sending the authorization key to a third-party platform for verification by the data sharing requester;
and the data to be shared acquiring module is used for acquiring the data to be shared from the third-party platform by the data sharing requester if the authorization key passes the verification of the third-party platform.
A shared data federated computing apparatus, the apparatus comprising:
a data generation module, configured to, if the data contributor and the data sharing requester mutually contribute and request, determine whether the data contributor and the data sharing requester mutually contribute and request
The data contributor generates first data to be shared and a matched first dynamic key, and the data sharing requester generates second data to be shared and a second dynamic key;
the first data acquisition module is used for the third-party platform to acquire the first to-be-shared data and the first dynamic key;
the second data acquisition module is used for the third-party platform to acquire the second data to be shared and the second dynamic key;
the instruction acquisition module is used for acquiring an encryption and decryption strategy and a calculation instruction by the third-party platform;
the shared data generation module is used for obtaining first shared data by the third-party platform according to the encryption and decryption strategy and the first dynamic key, and obtaining second shared data by the third-party platform according to the encryption and decryption strategy and the second dynamic key;
and the joint calculation result generation module is used for calculating the first shared data and the second shared data by the third-party platform according to the calculation instruction to obtain a joint calculation result.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the method of any of the above embodiments when the processor executes the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any of the above embodiments.
According to the data sharing method, the data sharing device, the computer equipment and the storage medium, the data to be shared and the dynamic key are obtained through the third-party platform, and the data to be shared, the dynamic key and the data sharing request information are verified, so that the contents of the databases are not directly shared by all databases, the safety and operability of the data sharing process are improved, and the large-scale calculation depending on the data sharing is realized.
Drawings
FIG. 1 is a diagram of an exemplary application environment in which a data sharing method, a data contribution method, a data request method, and a shared data join computation method may be implemented;
FIG. 2 is a flow diagram that illustrates a method for data sharing, according to one embodiment;
FIG. 3 is a flow diagram illustrating a data contribution method in one embodiment;
FIG. 4 is a flow diagram illustrating a method for requesting data in one embodiment;
FIG. 5 is a flowchart illustrating a method for joint computation of shared data according to an embodiment;
FIG. 6 is a block diagram of a data contribution apparatus in one embodiment;
FIG. 7 is a block diagram showing the structure of a data requesting apparatus according to one embodiment;
FIG. 8 is a block diagram of a shared data federated computing device in one embodiment;
FIG. 9 is a block diagram showing the structure of a data sharing apparatus according to an embodiment;
FIG. 10 is a diagram showing an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The data sharing method provided by the application can be applied to the application environment shown in fig. 1. The data contributor 110 and the data sharing requester 120 respectively contain respective data, and when the data contributor 110 finishes a sharing request of the data sharing requester 120, the data contributor encrypts the target data to obtain data to be sent. The data to be transmitted is sent to the third party platform 130 and an authorization key corresponding to the encryption key is sent to the data sharing requestor 120 and the third party platform 130. Also included in the third party platform are a computing platform 131, and a data gateway 132. And the data network manager 132 is used for verifying the data and the data blocks entering the third-party platform. The third party platform 130 may be, but is not limited to, various personal computers, laptops, smartphones, tablets, and portable wearable devices, among others.
In one embodiment, as shown in fig. 2, a data sharing method is provided, which is described by taking the application environment in fig. 1 as an example, and includes the following steps:
in step S210, the third party platform 130 obtains the data to be shared and the dynamic key of the data contributor 110. Wherein the third party platform 130 refers to an intermediate platform that enables data exchange between different databases. Optionally, the third party platform 130 may be a server, a server cluster, or a software module. The data to be shared refers to the data contributor 110 fetching the data shared with the data sharing requester 120 from its own database. Specifically, the data to be shared is encrypted target data. The dynamic key is a key capable of being changed and decrypting the data to be shared.
In step S220, the third party platform 130 obtains the authorization key and the data sharing request descriptor of the data sharing requester 120. Specifically, after the data contributor 110 encrypts the target data, the data to be transmitted is generated, and a dynamic key is also generated at the same time; the dynamic key can decrypt the data to be transmitted through an encryption and decryption strategy. The authorization key is a key authorized to the data requesting party by the dynamic key, and the key can decrypt the data to be transmitted through a corresponding encryption and decryption strategy.
Step S230, the third party platform verifies whether the authorization key is matched with the dynamic key,
step S240, if the authorization key is matched with the dynamic key, sending the data to be shared to a data sharing requester. And judging that the data sharing requester is correct by determining that the authorization key is matched with the dynamic key.
In one embodiment, the method further comprises: in step S240, a data sharing request descriptor is obtained. The data sharing request descriptor refers to description information of data to be shared, which is included in an instruction of the data sharing requester 120 for sending the data sharing request.
Step S250, verifying whether the data sharing descriptor is matched with the data to be shared.
Step S260, if the data sharing request descriptor is matched with the data to be shared, and the data sharing request descriptor is matched with the data to be shared, sending the data to be shared to a data sharing requester. And when the data sharing request descriptor is matched with the data to be shared, judging that the data shared by the data is correct. And meanwhile, when the matching of an authorization key and the dynamic key is met and the data sharing request descriptor is matched with the data to be shared, the sharing process is judged to be correct.
In one embodiment, the step S250 of verifying whether the data sharing request descriptor matches the data to be shared includes:
step S251, obtaining the descriptor of the data to be shared according to the data to be shared; step S252, comparing whether the data sharing request descriptor is consistent with the to-be-shared data descriptor; in step S253, if the data sharing request descriptor is consistent with the to-be-shared data descriptor, it is determined that the data sharing request descriptor is matched with the to-be-shared data.
According to the data sharing method, the data to be shared and the dynamic key are obtained through the third-party platform, and the data to be shared, the dynamic key and the data sharing request information are verified, so that the condition that the contents of the databases are not directly shared by all the databases is guaranteed, the safety and operability of the data sharing process are improved, and the large-scale calculation depending on the data sharing is realized.
In one embodiment, the data interaction interfaces of the third party platform 130, the data contributor 110, and the data sharing requestor 120 include: a representational state transfer interface of hypertext transfer security protocol.
In one embodiment, in step S210, the step of obtaining the to-be-shared data and the dynamic key of the data contributor 110 by the third party platform 130 includes: the third-party platform 130 obtains the request of the data sharing requester 120, and obtains the data to be shared and the dynamic key of the data contributor 110 according to the request. As an alternative, the data contributor 110 may directly obtain the request of the data sharing requester 120.
In one embodiment, in step S210, the step of obtaining the to-be-shared data and the dynamic key of the data contributor by the third party platform 130 further includes:
in step S211, the third party platform 130 obtains an encryption/decryption function. Specifically, the encryption and decryption functions include an encryption function and a decryption function. Optionally, the encryption and decryption functions may be transmitted to the third party platform from the outside, or may be generated by the third party platform itself.
And step S212, obtaining an encryption and decryption strategy according to the encryption and decryption function and the dynamic key. The encryption and decryption strategy comprises steps specifically executed in the data encryption or data decryption process and rules complied with in the execution process. In one embodiment, the encryption and decryption policy includes the aging of the key, the third party platform authentication, the encryption process and the decryption process.
In one embodiment, the key aging is obtained according to an encryption and decryption strategy;
acquiring the generation duration of a dynamic key or an authorization key; and if the generation duration is within the key aging, continuously verifying whether the authorization key is matched with the dynamic key.
In another embodiment, the data contributor or the data sharing requester authenticates the third-party platform according to the encryption and decryption policy, and if the third-party platform passes the authentication, the steps of the methods in the application are continuously executed.
In one embodiment, the third party platform verifying that the authorization key matches the dynamic key comprises: and verifying whether the encryption and decryption policies of the authorization key and the dynamic key are the same.
In one embodiment, referring to fig. 3, a data contribution method is provided, the method comprising:
in step S310, the data contributors obtain target data. The target data may be internal data of the data contributor, output data of the data contributor, or data in an internal database of the data contributor.
And step S320, the data contributors encrypt the target data according to the encryption and decryption strategies to obtain the data to be shared and the dynamic key. Optionally, when there are multiple pieces of target data, one encryption policy may be selected to encrypt the multiple pieces of target data, or different encryption policies may be generated respectively to encrypt each piece of target data.
And step S330, the data contributor generates an authorization key according to the dynamic key. Optionally, the authorization key may be consistent with the dynamic key, and may also be added to the identity information and other information of the data sharing requester.
Step S340, the data contributor sends the authorization key to the data sharing requester. Optionally, the data contributor may also send the authorization key to the third party platform.
Step S350, the data contributor outputs the data to be shared and the encryption and decryption policy. Optionally, the third party platform may also generate an encryption and decryption function, thereby obtaining an encryption and decryption policy. In one embodiment, the data contributors send the data to be shared and the encryption and decryption policies to a third-party platform. In another embodiment, the data contributor sends the data to be shared and the encryption and decryption policy to a data sharing requester.
In one embodiment, in step S370, the data contributor outputting the data to be shared includes:
in step S371, the data contributors generate descriptors of the data to be shared according to the data to be shared. Specifically, a descriptor of the data to be shared. Step S372, the data contributor sends the data to be shared and the descriptor of the data to be shared to the third party platform. The descriptor of the data to be shared refers to description information generated for the data to be shared. In one embodiment, the descriptor of the data to be shared includes identification information of the data to be shared. And judging the accuracy of the data to be shared by identifying the descriptor of the data to be shared.
In one embodiment, the step S320 of the data contributor acquiring the target data includes:
in step S321, the data contributors obtain a data sharing request. Optionally, the data contributor may obtain the data sharing request from the data sharing requester, and may also obtain the data sharing request from the third-party platform.
Step S322, obtaining target data according to the data sharing request. It can be understood that the data sharing request includes source address information of the target data and identification information of the target data.
In one embodiment, the data contribution method further comprises:
step S370, determining whether the target data is sensitive data. The sensitive data refers to data that needs to be kept secret. Specifically, the data contributor determines whether the target data is sensitive data. In one embodiment, the sensitive data includes a sensitive identifier, and whether the target data is sensitive data is determined by identifying whether the target data includes the sensitive identifier.
And step S380, if the target data are sensitive data, the data contributors encrypt the target data according to the encryption and decryption strategies to obtain data to be shared and a dynamic key.
In an embodiment, in step S340, the encrypting, by the data contributor, the target data according to the encryption and decryption policy to obtain the data to be shared and the dynamic key includes:
and generating the dynamic key, the validity period of the dynamic key correspondingly matched with the dynamic key and an applicable object of the dynamic key according to the encryption and decryption strategy. The validity period of the dynamic key means that the dynamic key is valid within a preset time period, and if the validity period exceeds the preset time period, the dynamic key is invalid. In one embodiment, the cryptographic token of the dynamic key is changed every preset time period. Through the embodiment, the access time limit is ensured when other parties are authorized to access the data of the data contributor, and the data security of the data contributor is further protected. Here, the applicable object of the dynamic key means that the dynamic key can function on specific data.
In one embodiment, the method further comprises: acquiring the generation duration of a dynamic key or an authorization key; and if the generation duration is within the validity period of the dynamic key, the third-party platform verifies whether the authorization key is matched with the dynamic key. It is understood that when the generation duration of the dynamic key or the authorization key is within the validity period of the dynamic key, the dynamic key or the authorization key is valid.
In one embodiment, referring to fig. 4, a data request method is provided, the method comprising:
step S410, the data sharing request sends a data sharing request to the data contributor. Step S420, the data sharing requester receives the authorization key transmitted by the data contributor; step S430, the data sharing requester sends the authorization key to a third party platform for verification; step S440, if the authorization key passes verification on the third party platform, the data sharing requester obtains the data to be shared from the third party platform.
In one embodiment, the data sharing requester includes a source address, a data entity, a data mode, and an application motivation of the data to be shared. The application motivation refers to the purpose of the obtained data to be shared.
In one embodiment, referring to fig. 5, a method for joint calculation of shared data includes:
step S510, if the data contributor and the data sharing requestor are contributors and requestors, the data contributor generates first to-be-shared data and a first dynamic key, and the data sharing requestor generates second to-be-shared data and a second dynamic key. Specifically, when the data contributor and the data sharing requester contribute to each other and the requester, it means that the two parties respectively take out part of the data to share. For example, organization a includes data a, organization B includes data B, and now both organization a and organization B need to obtain the result of a + B, at this time, organization a and organization B are mutually contributing and requesting parties. When the organization a is a data contributor, a is first data to be shared, and the dynamic key corresponding to the first data to be shared is the first dynamic key. Similarly, when the organization B is a data sharing requester, B is the second data to be shared, and the dynamic key corresponding to the second data to be shared is the second dynamic key.
Step S520, the third party platform obtains the first to-be-shared data and the first dynamic key. Step S530, the third party platform obtains the second data to be shared and the second dynamic key.
In step S540, the third party platform obtains an encryption and decryption policy and a calculation instruction. In one embodiment, the data sharing requester stores a matching relationship between the calculation instruction and the second dynamic key. Specifically, the data gateway 132 of the third-party platform matches the calculation instruction according to the second dynamic key, and if the second dynamic key and the calculation instruction conform to the matching relationship, the third-party platform continues to execute the calculation instruction.
Step S550, the third party platform obtains first shared data according to the encryption and decryption strategy and the first dynamic secret key, and the third party platform obtains second shared data according to the encryption and decryption strategy and the second dynamic secret key. Specifically, the first to-be-shared data is decrypted according to the encryption and decryption strategy and the first dynamic key, so that first shared data is obtained. And similarly, decrypting the second shared data according to the encryption and decryption strategy and the second dynamic key to obtain the second shared data.
And step S560, the third-party platform calculates the first shared data and the second shared data according to the calculation instruction to obtain a joint calculation result. As a specific embodiment, as described in step S510, the organization a includes data a, and the organization B includes data B, and now both the organization a and the organization B need to obtain the result of a + B, at this time, the organization a and the organization B mutually contribute and are requesting. When the organization a is a data contributor, a is first data to be shared, and the dynamic key corresponding to the first data to be shared is the first dynamic key. Similarly, when the organization B is a data sharing requester, B is the second data to be shared, and the dynamic key corresponding to the second data to be shared is the second dynamic key. And c is obtained through joint calculation, and the joint calculation result of the calculation instruction is c.
The data sharing requesting party, the data contributor and the third party platform in the above embodiments may be hardware devices, electronic terminals or software modules. The verification process described in the above embodiments may be performed in whole or in part by a data gateway in a third party platform.
It should be understood that although the various steps in the flow charts of fig. 2-5 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-5 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 6, there is provided a data contribution apparatus, the apparatus comprising:
the encryption and decryption function acquisition module 610 is used for acquiring an encryption and decryption function by a data contributor;
the 620 encryption and decryption strategy generation module is used for generating an encryption and decryption strategy by the data contributor according to the encryption and decryption function;
a 630 target data acquisition module, configured to acquire target data by a data contributor;
the 640 target data encryption module is used for encrypting the target data by the data contributor according to the encryption and decryption strategy to obtain data to be shared and a dynamic key;
650 an authorization key generation module, configured to generate an authorization key by the data contributor according to the dynamic key;
the 660 authorization key sending module is used for sending the authorization key to the data sharing requester by the data contributor;
and 670 a data sending module, configured to send the data to be shared and the encryption and decryption policy to a third-party platform by a data contributor.
In one embodiment, as shown in fig. 7, there is provided a data requesting apparatus, the apparatus comprising:
710 a data sharing request sending module, configured to send a data sharing request to a data contributor;
720, an authorization key receiver, configured to receive, by the data sharing requestor, an authorization key transmitted by the data contributor;
730 an authorization key verification module, configured to send the authorization key to a third-party platform for verification by a data sharing requester;
740 a to-be-shared data obtaining module, configured to, if the authorization key is verified by the third-party platform, obtain, by the data sharing requestor, the to-be-shared data from the third-party platform.
In one embodiment, as shown in FIG. 8, a shared data federated computing device, the device comprises:
the data generation module 810 is configured to, if the data contributor and the data sharing requestor are contributors and requestors to each other, generate first to-be-shared data and a corresponding matched first dynamic key by the data contributor, and generate second to-be-shared data and a second dynamic key by the data sharing requestor;
820 a first data obtaining module, configured to obtain, by the third-party platform, the first to-be-shared data and the first dynamic key;
830 a second data obtaining module, configured to obtain, by the third-party platform, the second data to be shared and the second dynamic key;
840 instruction obtaining module, for the third party platform to obtain encryption and decryption strategy and calculation instruction;
a 850 shared data generating module, configured to obtain, by the third-party platform, first shared data according to the encryption and decryption policy and the first dynamic key, and obtain, by the third-party platform, second shared data according to the encryption and decryption policy and the second dynamic key;
860 a joint calculation result generation module, configured to calculate, by the third party platform according to the calculation instruction, the first shared data and the second shared data to obtain a joint calculation result.
In one embodiment, referring to fig. 9, there is provided a data sharing apparatus, including:
a data contributor data obtaining module 910, configured to obtain, by a third-party platform, data to be shared and the dynamic key of a data contributor;
a data obtaining module 920 of the data sharing requester, configured to obtain an authorization key and a descriptor of the data sharing request of the data sharing requester by the third-party platform;
a verification module 930 configured to verify, by the third party platform, whether the authorization key matches the dynamic key;
a to-be-shared data sending module 940, configured to send the to-be-shared data to a data sharing requester if the third party platform verifies that the authorization key matches the dynamic key.
For specific limitations of the data contribution device, the data request device, the shared data joint calculation device, and the data sharing device, reference may be made to the above limitations of the data contribution method, the data request method, the shared data joint calculation method, and the data sharing method, and no further description is given here. The modules in the data contribution device, the data request device, the shared data joint calculation device and the data sharing device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 10. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer equipment is used for storing target data and data to be sent. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a data sharing method.
Those skilled in the art will appreciate that the architecture shown in fig. 9 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method of any of the above embodiments when executing the computer program.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any of the above embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (24)

1. A method for data sharing, the method comprising:
the third-party platform acquires data to be shared and a dynamic key of a data contributor;
the third-party platform acquires an authorization key of a data sharing requester
The third party platform verifying that the third party platform verifies that the authorization key matches the dynamic key,
and if the third-party platform verifies that the authorization key is matched with the dynamic key, sending the data to be shared to a data sharing requester.
2. The method of claim 1, wherein the data interaction interfaces of the third-party platform, the data contributors, and the data sharing requestors comprise: a representational state transfer interface of hypertext transfer security protocol.
3. The method of claim 1, wherein the third party platform obtaining the data to be shared and the dynamic key of the data contributor comprises:
and the third-party platform acquires the request of the data sharing requester, and acquires the data to be shared of the data contributor and the dynamic key according to the request.
4. The method of claim 1, wherein the third party platform obtaining the data to be shared and the dynamic key of the data contributor further comprises:
the third-party platform acquires an encryption and decryption function;
and obtaining an encryption and decryption strategy according to the encryption and decryption function and the dynamic key.
5. The method of claim 4, wherein the third party platform verifying that the authorization key matches the dynamic key comprises: and verifying whether the encryption and decryption policies of the authorization key and the dynamic key are the same.
6. The method of claim 1, further comprising:
acquiring a data sharing request descriptor;
verifying whether the data sharing descriptor is matched with the data to be shared;
and if the authorization key is matched with the dynamic key and the data sharing request descriptor is matched with the data to be shared, sending the data to be shared to a data sharing requester.
7. The method of claim 6, wherein the verifying whether the data sharing request descriptor matches the data to be shared comprises:
obtaining the descriptor of the data to be shared according to the data to be shared;
comparing whether the data sharing request descriptor is consistent with the descriptor of the data to be shared;
if the data sharing request descriptor is consistent with the data descriptor to be shared, judging that the data sharing request descriptor is matched with the data to be shared.
8. A method for data contribution, the method comprising:
the data contributors generate encryption and decryption strategies;
the data contributors acquire target data;
the data contributors encrypt the target data according to the encryption and decryption strategies to obtain data to be shared and a dynamic key;
the data contributors generate authorization keys according to the dynamic keys;
the data contributor sends the authorization key to a data sharing requester;
and the data contributor outputs the data to be shared and the encryption and decryption strategies.
9. The method of claim 8, wherein the data contributor outputting the data to be shared comprises:
the data contributors generate descriptors of the data to be shared according to the data to be shared;
and the data contributors send the data to be shared and the descriptors of the data to be shared to the third-party platform.
10. The method of claim 8, wherein the data contributor obtaining target data comprises:
the data contributors acquire data sharing requests;
and the data contributors obtain target data according to the data sharing request.
11. The method of claim 8, further comprising:
judging whether the target data is sensitive data;
and if the target data are sensitive data, the data contributors encrypt the target data according to the encryption and decryption strategies to obtain the data to be shared and the dynamic key.
12. The method according to claim 8, wherein the data contributor encrypts the target data according to the encryption and decryption policy, and obtains data to be shared and a dynamic key comprises:
and generating the dynamic key, the validity period of the dynamic key matched with the dynamic key and an applicable object of the dynamic key according to the encryption and decryption strategy.
13. The method of claim 12, further comprising: acquiring the generation duration of a dynamic key or an authorization key; and if the generation duration is within the validity period of the dynamic key, the third-party platform verifies whether the authorization key is matched with the dynamic key.
14. A method of data request, the method comprising:
the data sharing request is sent to the data contributor;
the data sharing request party receives an authorization key transmitted by the data contributor party;
the data sharing requester sends the authorization key to a third-party platform for verification;
and if the authorization key passes the verification of the third-party platform, the data sharing requester acquires the data to be shared from the third-party platform.
15. The method of claim 14, wherein the data sharing request comprises:
the data sharing method comprises the steps that a data sharing request party obtains a source address, a data entity, a data mode and an application motivation of data to be shared.
16. A method of shared data joint computation, the method comprising the steps of the method of claim 1, further comprising:
if the data contributor and the data sharing requester mutually contribute to each other and request each other, then
The data contributor generates first data to be shared and a first dynamic key, and the data sharing requester generates second data to be shared and a second dynamic key;
the third-party platform acquires the first to-be-shared data and the first dynamic key;
the third-party platform acquires the second data to be shared and the second dynamic key;
the third-party platform acquires an encryption and decryption strategy and a calculation instruction;
the third party platform obtains first shared data according to the encryption and decryption strategy and the first dynamic secret key, and the third party platform obtains second shared data according to the encryption and decryption strategy and the second dynamic secret key;
and the third-party platform calculates the first shared data and the second shared data according to the calculation instruction to obtain a joint calculation result.
17. The method of claim 16, wherein the third party platform obtaining encryption and decryption policies and computing instructions comprises:
and the third-party platform acquires a first encryption and decryption strategy matched with the first dynamic key and a second encryption and decryption strategy matched with the second dynamic key.
18. The method of claim 16, wherein the third party platform obtaining encryption and decryption policies and computing instructions comprises:
a data sharing requester generates a calculation distribution strategy;
the data sharing requester verifies whether the calculation instruction is matched with the calculation allocation strategy;
if the data sharing requester verifies that the calculation instruction is matched with the calculation allocation strategy;
the third party platform executes the computing instructions.
19. A data sharing apparatus, the apparatus comprising:
the data acquisition module of the data contributor is used for acquiring the data to be shared and the dynamic key of the data contributor by a third-party platform;
the data sharing requester comprises a data acquisition module, a data sharing request descriptor module and a data sharing module, wherein the data acquisition module is used for acquiring an authorization key and a data sharing request descriptor of a data sharing requester by the third-party platform;
the verification module is used for verifying whether the authorization key is matched with the dynamic key or not by the third-party platform;
and the data to be shared sending module is used for sending the data to be shared to a data sharing requester when the third-party platform verifies that the authorization key is matched with the dynamic key.
20. A data contribution apparatus, characterized in that the apparatus comprises:
the encryption and decryption function acquisition module is used for acquiring an encryption and decryption function by a data contributor;
the encryption and decryption strategy generating module is used for generating an encryption and decryption strategy by the data contributor according to the encryption and decryption function;
the target data acquisition module is used for acquiring target data by the data contributors;
the target data encryption module is used for encrypting the target data by the data contributor according to the encryption and decryption strategy to obtain data to be shared and a dynamic key;
the authorization key generation module is used for generating an authorization key by the data contributor according to the dynamic key;
the authorization key sending module is used for sending the authorization key to the data sharing requester by the data contributor;
and the data sending module is used for sending the data to be shared and the encryption and decryption strategies to a third-party platform by the data contributors.
21. A data requesting device, the device comprising:
the data sharing request sending module is used for sending a data sharing request to a data contributor by a data sharing request direction;
the authorization key receiver is used for the data sharing requester to receive the authorization key transmitted by the data contributor;
the authorization key verification module is used for sending the authorization key to a third-party platform for verification by the data sharing requester;
and the data to be shared acquiring module is used for acquiring the data to be shared from the third-party platform by the data sharing requester if the authorization key passes the verification of the third-party platform.
22. A shared data federated computing apparatus, the apparatus comprising:
a data generation module, configured to, if the data contributor and the data sharing requester mutually contribute and request, determine whether the data contributor and the data sharing requester mutually contribute and request
The data contributor generates first data to be shared and a matched first dynamic key, and the data sharing requester generates second data to be shared and a second dynamic key;
the first data acquisition module is used for the third-party platform to acquire the first to-be-shared data and the first dynamic key;
the second data acquisition module is used for the third-party platform to acquire the second data to be shared and the second dynamic key;
the instruction acquisition module is used for acquiring an encryption and decryption strategy and a calculation instruction by the third-party platform;
the shared data generation module is used for obtaining first shared data by the third-party platform according to the encryption and decryption strategy and the first dynamic key, and obtaining second shared data by the third-party platform according to the encryption and decryption strategy and the second dynamic key;
and the joint calculation result generation module is used for calculating the first shared data and the second shared data by the third-party platform according to the calculation instruction to obtain a joint calculation result.
23. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 15 when executing the computer program.
24. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 18.
CN201811639763.5A 2018-12-29 2018-12-29 Data sharing method and device, computer equipment and storage medium Active CN111385266B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811639763.5A CN111385266B (en) 2018-12-29 2018-12-29 Data sharing method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811639763.5A CN111385266B (en) 2018-12-29 2018-12-29 Data sharing method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111385266A true CN111385266A (en) 2020-07-07
CN111385266B CN111385266B (en) 2022-06-17

Family

ID=71220927

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811639763.5A Active CN111385266B (en) 2018-12-29 2018-12-29 Data sharing method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111385266B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112416893A (en) * 2020-11-10 2021-02-26 金蝶软件(中国)有限公司 Data sharing method, system, device, computer equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104158827A (en) * 2014-09-04 2014-11-19 中电长城网际系统应用有限公司 Cryptograph data sharing method and device, inquiring server and data uploading client terminal
EP2988291A1 (en) * 2014-08-22 2016-02-24 IDscan Biometrics Limited Method, system and computer program for personal data sharing
CN106295393A (en) * 2015-06-26 2017-01-04 阿里巴巴集团控股有限公司 Electronic prescription operational approach, Apparatus and system
US20170093826A1 (en) * 2015-09-21 2017-03-30 Swiss Reinsurance Company Ltd. System and method for secure digital sharing based on an inter-system exchange of a two-tier double encrypted digital information key
CN107979590A (en) * 2017-11-02 2018-05-01 财付通支付科技有限公司 Data sharing method, client, server, computing device and storage medium
CN108768633A (en) * 2018-05-30 2018-11-06 腾讯科技(深圳)有限公司 Realize the method and device of information sharing in block chain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2988291A1 (en) * 2014-08-22 2016-02-24 IDscan Biometrics Limited Method, system and computer program for personal data sharing
CN104158827A (en) * 2014-09-04 2014-11-19 中电长城网际系统应用有限公司 Cryptograph data sharing method and device, inquiring server and data uploading client terminal
CN106295393A (en) * 2015-06-26 2017-01-04 阿里巴巴集团控股有限公司 Electronic prescription operational approach, Apparatus and system
US20170093826A1 (en) * 2015-09-21 2017-03-30 Swiss Reinsurance Company Ltd. System and method for secure digital sharing based on an inter-system exchange of a two-tier double encrypted digital information key
CN107979590A (en) * 2017-11-02 2018-05-01 财付通支付科技有限公司 Data sharing method, client, server, computing device and storage medium
CN108768633A (en) * 2018-05-30 2018-11-06 腾讯科技(深圳)有限公司 Realize the method and device of information sharing in block chain

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112416893A (en) * 2020-11-10 2021-02-26 金蝶软件(中国)有限公司 Data sharing method, system, device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN111385266B (en) 2022-06-17

Similar Documents

Publication Publication Date Title
CN108768664B (en) Key management method, device, system, storage medium and computer equipment
CN110855671B (en) Trusted computing method and system
CN111327643B (en) Multi-party data sharing method and device
US20210143986A1 (en) Method for securely sharing data under certain conditions on a distributed ledger
WO2021120871A1 (en) Authentication key negotiation method and apparatus, storage medium and device
WO2023109056A1 (en) Attribute-based encryption method and system
CN109347813B (en) Internet of things equipment login method and system, computer equipment and storage medium
KR102050887B1 (en) METHOD AND SYSTEM FOR DATA SHARING FOR INTERNET OF THINGS(IoT) MANAGEMENT IN CLOUD COMPUTING
CN112632581A (en) User data processing method and device, computer equipment and storage medium
EP3462365A1 (en) Method, apparatus, and cloud system for executing an application in a cloud system
CN113407627A (en) Intelligent medical network system based on block chain and medical data sharing method
CN114239046A (en) Data sharing method
CN111510426A (en) Internet of things distribution network encryption method, device and system, electronic equipment and storage medium
CN111917711B (en) Data access method and device, computer equipment and storage medium
CN114500069A (en) Method and system for storing and sharing electronic contract
CN113438205A (en) Block chain data access control method, node and system
CN111479265A (en) Information dissemination method and device, computer equipment and storage medium
CN112087417B (en) Terminal authority control method and device, computer equipment and storage medium
CN111385266B (en) Data sharing method and device, computer equipment and storage medium
US11101975B2 (en) Ciphertext matching system and ciphertext matching method
US20220263650A1 (en) Method for establishing a secure data communication for a processing device and a trust module for generating a cryptographic key and a field device
CN113127818A (en) Block chain-based data authorization method and device and readable storage medium
CN108390758B (en) User password processing method and device and internal control security monitoring system
CN108521419B (en) Access processing method and device for monitoring system file and computer equipment
CN113810178B (en) Key management method, device, system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant