CN111935163B - Data joint processing method and device for protecting privacy - Google Patents

Data joint processing method and device for protecting privacy Download PDF

Info

Publication number
CN111935163B
CN111935163B CN202010820713.8A CN202010820713A CN111935163B CN 111935163 B CN111935163 B CN 111935163B CN 202010820713 A CN202010820713 A CN 202010820713A CN 111935163 B CN111935163 B CN 111935163B
Authority
CN
China
Prior art keywords
data
public key
result
hash
platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010820713.8A
Other languages
Chinese (zh)
Other versions
CN111935163A (en
Inventor
张君涛
陈树鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202010820713.8A priority Critical patent/CN111935163B/en
Publication of CN111935163A publication Critical patent/CN111935163A/en
Application granted granted Critical
Publication of CN111935163B publication Critical patent/CN111935163B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the specification provides a data joint processing method and device for protecting privacy, in the data joint processing method, respective encrypted data of N data platforms are obtained, the encrypted data of any first data platform in the N data platforms is obtained, hash operation is performed after a second public key is added to each piece of original data of the first data platform, and then each hash result is encrypted by using a first public key corresponding to the first data platform. And loading the respective encrypted data of the N data platforms into the TEE, and decrypting the respective encrypted data of the N data platforms respectively by using N first private keys corresponding to N first public keys in the TEE to obtain respective hash results of the N data platforms. And determining the indication result of the coincident data of the N data platforms based on the respective hash results of the N data platforms.

Description

Data joint processing method and device for protecting privacy
Technical Field
One or more embodiments of the present disclosure relate to the field of computer technologies, and in particular, to a data joint processing method and apparatus for protecting privacy.
Background
In order to create value better, promote business development and break data islands, data joint processing is generally performed among multiple data platforms. For example, data intersection is performed between multiple data platforms, that is, coincident data of multiple data platforms is acquired. However, since the data of each data platform has confidentiality, in the process of determining the coincidence data, the data platform is generally required to obtain the coincidence data of itself and other data platforms on the premise of not leaking the data of itself. That is, the coincidence data of each data platform needs to be determined on the premise of privacy protection of the data of each data platform.
Conventionally, the coincidence data of each data platform is determined by means of an encrypted communication channel or a cryptographic method.
Disclosure of Invention
One or more embodiments of the present specification describe a data joint processing method and apparatus for protecting privacy, which can implement privacy protection of data of each data platform.
In a first aspect, a data joint processing method for protecting privacy is provided, including:
acquiring respective encrypted data of the N data platforms, wherein the encrypted data of any first data platform in the N data platforms is obtained by adding the second public key to each piece of original data of the first data platform, then performing hash operation, and then encrypting each hash result by using the first public key corresponding to the first data platform;
loading the respective encrypted data of the N data platforms into the TEE, and respectively decrypting the respective encrypted data of the N data platforms by using N first private keys corresponding to the N first public keys in the TEE to obtain respective hash results of the N data platforms;
and determining the indication result of the coincident data of the N data platforms based on the respective hash results of the N data platforms.
In a second aspect, a data joint processing method for protecting privacy is provided, including:
adding a second public key stored in the first data platform in each piece of original data of the first data platform; the second public key is a public key in 1 public and private key pair except N public and private key pairs corresponding to the N data platforms in N +1 public and private key pairs maintained by the first server;
performing hash operation on each piece of original data added with the second public key to obtain each hash result;
encrypting each hash result by using a first public key stored in the first data platform to obtain encrypted data of the first data platform, wherein the encrypted data is used for being provided for the first server to ensure that the first server determines an indication result of the overlapped data of the N data platforms; the first public key is a first public key corresponding to the first data platform in N first public keys in the N public and private key pairs.
In a third aspect, a data joint processing apparatus for protecting privacy is provided, including:
an obtaining unit, configured to obtain respective encrypted data of the N data platforms, where the encrypted data of any first data platform of the N data platforms is obtained by adding the second public key to each piece of original data of the first data platform, performing hash operation, and then encrypting each hash result by using the first public key corresponding to the first data platform;
a decryption unit, configured to load the encrypted data of each of the N data platforms into the TEE, and in the TEE, decrypt the encrypted data of each of the N data platforms respectively by using N first private keys corresponding to the N first public keys to obtain each hash result of each of the N data platforms;
and the determining unit is used for determining the indication result of the coincident data of the N data platforms based on the respective hash results of the N data platforms.
In a fourth aspect, a data joint processing apparatus for protecting privacy is provided, including:
an adding unit, configured to add a second public key stored in the first data platform to each piece of original data of the first data platform; the second public key is a public key in 1 public and private key pair except N public and private key pairs corresponding to the N data platforms in N +1 public and private key pairs maintained by the first server;
the operation unit is used for carrying out hash operation on each piece of original data added with the second public key to obtain each hash result;
an encryption unit, configured to encrypt each hash result by using a first public key stored in the first data platform to obtain encrypted data of the first data platform, and provide the encrypted data to the first server, so that the first server determines an indication result of the overlapped data of the N data platforms; the first public key is a first public key corresponding to the first data platform in N first public keys in the N public and private key pairs.
In a fifth aspect, there is provided a storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of the first aspect or the method of the second aspect.
In a sixth aspect, there is provided a computing device comprising a memory having stored therein executable code, and a processor which, when executing the executable code, implements the method of the first aspect or the method of the second aspect.
In the data joint processing method and device for protecting privacy provided by one or more embodiments of the present specification, the same public key is added to respective data by each data platform, hash operation is performed after the public key is added, and the hash result is encrypted, so that encrypted data of each data platform can be obtained. And then, in a trusted execution environment of the first server, decrypting the respective encrypted data of each data platform to obtain the respective hash result of each data platform. And determining the indication result of the overlapped data of the N data platforms based on the respective hash result of each data platform. It should be noted that, in this scheme, when each data platform acquires its own encrypted data, the second public key is added to its own original data, so that the problem of data leakage of each data platform can be effectively solved, and the security of data joint processing can be ensured. In addition, the first server decrypts the encrypted data of each data platform in the process of the trusted execution environment of the first server, and further determines the indication result of the coincident data of each data platform, so that privacy protection of the data of each data platform can be achieved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic view of an application scenario of a data joint processing method for protecting privacy provided in the present specification;
FIG. 2 is a flowchart of a data federation handling method for protecting privacy according to one embodiment of the present specification;
FIG. 3 is a flowchart of a data federation handling method for protecting privacy according to another embodiment of the present specification;
FIG. 4 is a schematic diagram of a data federation handling method for protecting privacy provided herein;
FIG. 5 is a schematic diagram of a data federation handling apparatus for protecting privacy provided by an embodiment of the present specification;
fig. 6 is a schematic diagram of a data federation processing apparatus for protecting privacy according to another embodiment of the present disclosure.
Detailed Description
The scheme provided by the specification is described below with reference to the accompanying drawings.
Before describing the solution provided in the present specification, the inventive concept of the present solution will be explained below.
As mentioned above, in the conventional technology, the overlapped data of each data platform is usually determined by means of an encrypted communication channel or a cryptographic method, and these methods are all implemented based on network transmission, that is, implemented in an environment with network connection. In order to further ensure the security of the data of each data platform, the inventor of the present application proposes to determine the coincidence data of each data platform in an environment without network connection, that is, in a network isolation environment.
Specifically, the respective encrypted data of the N data platforms are obtained, the encrypted data of any first data platform of the N data platforms is obtained by adding a second public key to each piece of original data of the first data platform and then performing hash operation, and the hash result of each piece of original data is encrypted by using the first public key corresponding to the first data platform. Loading the respective encrypted data of the N data platforms into a Trusted Execution Environment (TEE), and respectively decrypting the respective encrypted data of the N data platforms by using N first private keys corresponding to the N first public keys in the TEE to obtain hash results of the respective original data of the N data platforms. And determining the indication result of the coincident data of the N data platforms based on the respective hash results of the N data platforms.
It should be noted that, in the present scheme, when each data platform acquires its own encrypted data, the second public key is added to its own original data, so that the problem of data leakage in the process of transferring the data of each data platform through the mobile storage medium can be avoided, that is, the problem of man-in-the-middle attack can be effectively solved, and the security of data joint processing can be ensured. In addition, the first server decrypts the encrypted data of each data platform in the process of the trusted execution environment of the first server, and further determines the indication result of the coincident data of each data platform, so that privacy protection of the data of each data platform can be achieved.
In addition, the first public key of the first data platform is also generated by the first server and then transferred to the first data platform through the mobile storage medium, so that the first public key of the first data platform also has the problem of being attacked by a man-in-the-middle. The attack procedure of the man-in-the-middle on the first public key here can be as follows: after the first public key generated by the first server is obtained, the intermediate person provides the private generated public key for the data platform, and the encrypted data returned by the data platform can be decrypted by using the private key of the intermediate person to obtain the data after the hash. And finally, encrypting the decrypted data again by using the acquired first public key (namely, the public key generated by the first server).
For this purpose, the inventor of the present application proposes that the first server generates N +1 public and private key pairs in advance, where N is the number of the participating parties, and a private key of the redundant 1 public and private key pairs (hereinafter referred to as root key pairs) is used for signing the first public key transmitted to each participating party. Here, the generation of the root key pair is based on the idea of digital signature in view of a certificate. I.e. here signing the first public key is similar to signing the secondary certificate with the root certificate. It should be appreciated that in order to enable each participant to verify the corresponding first public key. The first server needs to transmit the second public key of the root key pair to each participant in advance. However, since there is a possibility that the second public key of the root key pair is attacked, the inventors of the present application propose to add the second public key to the respective data of each data platform. It should be understood that the judgment of the overlapped data is not affected because the same public key is added to each data platform.
It should be noted that, after the second public key is added to the respective data of each data platform, if the second public key stored in any data platform is tampered by a man-in-the-middle, the result of intersection between the hash result of the data platform and the hash result of the data of other data platforms is generally null (that is, the overlapped data is null), and after multiple times of intersection, the abnormal data can be identified, and then the data platform with the tampered second public key can be identified.
In short, the scheme provided by the application can effectively prevent the first public key, the second public key and the data of each data platform from being tampered, and further can determine the overlapped data of the N data platforms on the premise of protecting the privacy of the data of each data platform.
The present invention has been made in view of the above-mentioned problems, and it is an object of the present invention to provide a novel and improved method for manufacturing a display device.
Fig. 1 is a schematic view of an application scenario of a data joint processing method for protecting privacy provided in this specification. In fig. 1, the first server is in a network isolated environment, or the first server has no network connection. The method can comprise a TEE, wherein N +1 public and private key pairs are maintained in the TEE, N first public keys in the N public and private key pairs are respectively used by N data platforms, and second public keys in the remaining 1 public and private key pairs are jointly used by the N data platforms. In addition, the first server may further include N file directories corresponding to the N data platforms, where each file directory is used to store encrypted data of the corresponding data platform. Each of the N data platforms in fig. 1 maintains a corresponding first public key and a corresponding second public key, and each data platform may encrypt each corresponding piece of data based on the maintained first public key and the maintained second public key to obtain corresponding encrypted data.
It should be noted that, because the first server is in a network isolation environment, after the first server generates the first public key and the second public key, the first public key and the second public key may be transferred to each data platform through the removable storage medium. Similarly, the encrypted data of each data platform is also provided to the first server through the mobile storage medium. The removable storage medium may include, but is not limited to, a usb disk, a removable hard disk, a floppy disk, an optical disk, a memory card, and the like.
The scheme provided by the present specification is explained in detail below with reference to fig. 1.
Fig. 2 is a flowchart of a data join processing method for protecting privacy according to an embodiment of the present disclosure. The execution subject of the method may be a device with processing capabilities: the server or system or apparatus, for example, may be the first server in fig. 1. As shown in fig. 2, the method may specifically include:
step 202, obtaining respective encrypted data of the N data platforms.
For example, the encrypted data of each of the N data platforms may be acquired by a mobile storage medium.
In one example, after the encrypted data of each of the N data platforms is obtained, the encrypted data may be correspondingly stored in the N file directory files. Each of which may be used to store encrypted data for a corresponding one of the data platforms.
Taking an arbitrary first data platform of the N data platforms as an example, the encrypted data of the first data platform may be obtained through the following steps: and a, adding a second public key in each piece of original data of the first data platform, and then performing hash operation to obtain each hash result of the first data platform. And b, encrypting each hash result by using the first public key stored in the first data platform to obtain the encrypted data of the first data platform.
With respect to step a above, each piece of raw data in step a may include private data of the user. The privacy data of the user can comprise any one of the following: risk labels, privacy attributes, identification information, biometric information, and the like. Further, each piece of the raw data may be a data record of each line recorded in the data table. Therefore, the adding of the second public key to each piece of original data of the first data platform is to add the second public key to each row of data record of the data table.
The second public key is a public key (i.e. a public key in a root key pair) in 1 public-private key pair except N public-private key pairs corresponding to N data platforms, among N +1 public-private key pairs maintained by the first server. In one example, the second public key may be stored in the removable storage medium after the first server generates the second public key, and then the second public key may be transferred to the first data platform through the removable storage medium. In another example, the second public key may be generated and published by the first server and then recorded in the first data platform by the intermediary.
The addition of the second public key to each piece of original data may be understood as adding salt to each piece of original data or adding a random character string to each piece of original data. For example, the second public key may be added in front of, behind, or in the middle of each piece of original data. And then, carrying out hash operation on each piece of original data added with the second public key to obtain a corresponding hash result. That is, the above-described addition of the second public key and the hash operation are performed separately for each piece of raw data.
In addition, the hash algorithm used in step a may adopt a SHA family algorithm, for example, an SHA256 algorithm, an SHA384 algorithm, an SHA512 algorithm, and the like may be used.
Optionally, after obtaining the hash results of the first data platform, the hash results may be sorted. And outputting each sorted hash result to an intermediate table.
It should be understood that when the hash results are also sorted, step b may be replaced by: and encrypting the sorted hash results by using the first public key stored in the first data platform to obtain the encrypted data of the first data platform.
In step b or step b after replacement, the first public key refers to a first public key corresponding to the first data platform among N first public keys in the N public-private key pairs maintained by the first server. In one example, the first public key may be transferred to the first data platform through the removable storage medium after the first server generates the N first public keys.
In order to avoid tampering with the first public key when the first public key is transferred through the mobile storage medium, that is, to avoid a man-in-the-middle attack on the first public key, the step of transferring the first public key through the mobile storage medium may specifically include: the first server generates a first public key, and signs a signature on the first public key by using a second private key (i.e., a private key in the root key pair) corresponding to the second public key. And storing the signed first public key into the mobile storage medium. And then, the signed first public key is transmitted to the first data platform through the mobile storage medium. And after the first data platform acquires the signed first public key, the first data platform verifies the signed first public key by using the second public key, and stores the first public key after the verification is passed.
It should be noted that, in order to avoid man-in-the-middle attacking the first public key, the above concept of signing the first public key by the second public key is proposed in this specification. However, in order to verify the signed first public key, each data platform needs to store the second public key in advance. Since the second public key is also possible to be attacked by a man-in-the-middle, the application proposes to add the second public key to the respective data of each data platform.
It should be understood that when the second public key is added to the respective data of each data platform, if the second public key stored in any data platform is tampered by a man-in-the-middle, the intersection result of the hash result of the data platform and the hash results of the data of other data platforms is generally null, and after multiple intersections, abnormal data can be identified, and then the data platform with the tampered second public key can be identified.
In addition, the encryption Algorithm used in step b or step b after replacement may be any asymmetric encryption Algorithm, for example, RSA2048 Algorithm, Digital Signature Algorithm (DSA), Elliptic Curve Cryptography (ECC), DH Algorithm, and the like may be used. The RSA2048 algorithm uses block encryption, where each block may be 198 bytes of data. That is, when the RSA2048 algorithm is used for encryption, each block may correspond to several hash results.
And 204, loading the encrypted data of the N data platforms into the TEE, and decrypting the encrypted data of the N data platforms respectively by using N first private keys corresponding to the N first public keys in the TEE to obtain hash results of the N data platforms respectively.
For example, the encrypted data of each of the N data platforms may be read from the N directory files, and loaded into the TEE.
Taking a first data platform of the N data platforms as an example, the first private key corresponding to the first public key of the first data platform may be used to decrypt the encrypted data of the first data platform, so as to obtain each hash result of the first data platform. It should be understood that the hash result is obtained by performing a hash operation on each piece of original data after the second public key is added.
And step 206, determining the indication result of the coincident data of the N data platforms based on the respective hash results of the N data platforms.
The step of determining the indication result may specifically include: and taking the data platform with the least number of hash results in the N data platforms as a target platform. And for each hash result of the target platform, searching a matched hash result in each hash result of the other N-1 data platforms. If the hash result is found in each hash result of each data platform, the matched hash result can be found. The lookup result for the piece of raw hash result is set to the first value. Otherwise, setting the search result of the hash result as a second value. And forming an indication result of the overlapped data of the N data platforms based on the search result of each hash result.
In an example, if the hash results of the N data platforms are arranged in sequence, the step of finding a matching hash result in the hash results of the other N-1 data platforms for each hash result of the target platform may specifically include: and for each hash result of the target platform, searching a matched hash result in each hash result of each data platform in the other N-1 data platforms by a binary search method.
It should be noted that, in this specification, a binary search method is used to search for a matching hash result in each hash result of each data platform, so that the search efficiency can be greatly improved.
Furthermore, it should be understood that, in the case where the first value is 1 and the second value is 0, the formed indication result is a boolean vector. It should be noted that, in the present specification, a manner of determining an indication result of the coincidence data of the N data platforms may avoid a risk of data leakage.
It should be further noted that the number of the indication results obtained in the present specification may be N, where one indication result corresponds to one data platform. It should be understood that, when the number of the indication results is N, in the above specific step of determining the indication results, the data platform with the least number of hash results is no longer used as the target platform, but each data platform of the N data platforms is used as the target platform in turn, and then the corresponding indication result is determined. The specific determination process is not repeated herein.
The following describes a case where the instruction result is N in number with reference to an example.
Assume that there are two data platforms: platform 1 and platform 2, and the hash results of platform 1 are shown in table 1, and the hash results of platform 2 are shown in table 2.
TABLE 1
Figure BDA0002634325390000101
Figure BDA0002634325390000111
TABLE 2
Figure BDA0002634325390000112
When the hash results of platform 1 and platform 2 are shown in table 1 and table 2, respectively, the obtained indication results may be shown in table 3 and table 4, respectively. Wherein the indication results of table 3 correspond to platform 1 and the indication results of table 4 correspond to platform 2.
TABLE 3
Indicating the result
0
1
1
0
TABLE 4
Indicating the result
0
1
1
From the above, it can be seen that the number of the Hash results in Table 1 is equal to the total number of "0" s and "1" s in Table 3. And each hash result in table 1 corresponds to one "0" or "1" in table 3. The number of the Hash results in Table 2 is equal to the total number of "0" s and "1" s in Table 4. And each hash result in table 2 corresponds to one "0" or "1" in table 4. Taking table 3 as an example, the 1 st "0" is used to indicate that hash result "123" is not stored in table 2. Or, the hash result "123" is not found in the hash results of the platform 2.
It should be noted that, since the indication result generally has no practical meaning, the first server may store each indication result in the removable storage medium after determining N indication results corresponding to N data platforms. Each indication result may then be communicated to a corresponding data platform via the removable storage medium. After acquiring the corresponding indication results, each data platform may determine final superposition results corresponding to the respective indication results.
Taking the first data stage of any of the N data stages as an example, in the case that the indication result is a boolean vector, the step of determining a final coincidence result corresponding to the indication result may include:
and carrying out element value judgment on each element in the Boolean vector, wherein the element value judgment comprises the following steps: and if the element value of the current element is 1, selecting the hash result positioned at the position of the current element in the sorted hash results as a target result. Otherwise, discarding the hash result at the position of the current element. And after element value judgment is carried out on each element in the Boolean vector, a final coincidence result is formed based on each selected target result.
Taking the indication result shown in table 3 as an example, the indication result can be expressed as a boolean vector as follows: 0110. each element in the boolean vector corresponds to one hash result in table 1. For example, assuming that the respective hash results in table 1 are in order, the 1 st element "0" corresponds to the 1 st hash result "123" in table 1. The 2 nd element "1" corresponds to the 2 nd hash result "456" in table 1. And so on. It should be noted that, if the respective hash results in table 1 are not sorted, the sorted respective hash results may be read from the intermediate table.
It will be appreciated that, according to the above-described determination step of the final coincidence result, in the case of a boolean vector: 0110, after the element value judgment is performed on each element, the selected target results include: "456" and "abc". The resulting final coincidence results thus formed can be shown in table 5.
TABLE 5
Final coincidence result
456
abc
That is, there are two pieces of coincidence data between the platform 1 and the platform 2, and the two pieces of coincidence data are respectively: "456" and "abc".
In summary, the data joint processing method for protecting privacy provided in the embodiments of the present specification can determine the overlapped data of each data platform in a network isolation environment, so that privacy protection of data of each data platform can be achieved. In addition, the scheme additionally generates a pair of public and private keys as a root key pair, signs the first public keys of the data platforms by using the private keys of the root key pair, and adds the public keys of the root key pair to each piece of original data of the data platforms, so that the problem of man-in-the-middle attack can be effectively solved.
Fig. 3 is a flowchart of a data join processing method for protecting privacy according to another embodiment of the present disclosure. The execution subject of the method may be a device with processing capabilities: the server or system or apparatus, for example, may be the first data platform of any of the N data platforms in fig. 1. As shown in fig. 3, the method may specifically include:
step 302, adding a second public key stored in the first data platform to each piece of original data of the first data platform.
The pieces of raw data herein may include private data of the user. The privacy data of the user can comprise any one of the following: risk labels, privacy attributes, identification information, biometric information, and the like. Further, each piece of the raw data may be a data record of each line recorded in the data table. Therefore, the adding of the second public key to each piece of original data of the first data platform is to add the second public key to each row of data record of the data table.
The second public key refers to a public key (i.e., a public key in a root key pair) in 1 public and private key pair except N public and private key pairs corresponding to N data platforms, among N +1 public and private key pairs maintained by the first server. In one example, the second public key may be stored in the removable storage medium after the first server generates the second public key, and then the second public key may be transferred to the first data platform through the removable storage medium. In another example, the second public key may be generated and published by the first server and then recorded in the first data platform by the intermediary.
The addition of the second public key to each piece of original data may be understood as adding salt to each piece of original data or adding a random character string to each piece of original data. For example, the second public key may be added in front of, behind, or in the middle of each piece of original data. And then, carrying out hash operation on each piece of original data added with the second public key to obtain a corresponding hash result. That is, the above-described step of adding the second public key is performed separately for each piece of original data.
And step 304, performing hash operation on each piece of original data added with the second public key to obtain each hash result.
It should be noted that, the hash operation herein is also performed separately for each piece of raw data. That is, for a piece of raw data, a hash result can be obtained. The hash algorithm may be an SHA family algorithm, and may be, for example, an SHA256 algorithm, an SHA384 algorithm, an SHA512 algorithm, or the like.
And step 306, encrypting each hash result by using the first public key stored in the first data platform to obtain the encrypted data of the first data platform.
Optionally, the pieces of hash results may be sorted before being encrypted. And outputting each sorted hash result to an intermediate table.
It should be appreciated that when the hash results are also sorted, step 306 may be replaced with: and encrypting the sorted hash results by using the first public key stored in the first data platform to obtain the encrypted data of the first data platform.
The first public key refers to a first public key corresponding to the first data platform in N first public keys in N public and private key pairs maintained by the first server. In one example, the first public key corresponding to the first data platform may be transferred to the first data platform through the removable storage medium after the first server generates the N first public keys.
In order to avoid tampering with the first public key when the first public key is transferred through the mobile storage medium, that is, to avoid a man-in-the-middle attacking the first public key, the step of transferring the first public key through the mobile storage medium may specifically include: the first server generates a first public key, and signs a signature on the first public key by using a second private key (i.e., a private key in the root key pair) corresponding to the second public key. And storing the signed first public key into the mobile storage medium. And then, the signed first public key is transmitted to the first data platform through the mobile storage medium. And after the first data platform acquires the signed first public key, the first data platform verifies the signed first public key by using the second public key, and stores the first public key after the verification is passed.
It should be noted that, in order to avoid man-in-the-middle attacking the first public key, the above concept of signing the first public key by the second public key is proposed in this specification. However, in order to verify the signed first public key, each data platform needs to store the second public key in advance. Since the second public key is also possible to be attacked by a man-in-the-middle, the second public key is added to the data of each data platform.
It should be understood that when the second public key is added to the respective data of each data platform, if the second public key stored in any data platform is tampered by a man-in-the-middle, the intersection result of the hash result of the data platform and the hash results of the data of other data platforms is generally null, and after multiple intersections, abnormal data can be identified, and then the data platform with the tampered second public key can be identified.
In addition, the encryption Algorithm used in step 306 may be any asymmetric encryption Algorithm, such as RSA2048 Algorithm, Digital Signature Algorithm (DSA), Elliptic Curve Cryptography (ECC), DH Algorithm, and so on. The RSA2048 algorithm uses block encryption, where each block may be 198 bytes of data. That is, when the RSA2048 algorithm is used for encryption, each block may correspond to several hash results.
It should be further noted that, after the first data platform obtains the corresponding encrypted data, the first data platform may provide the encrypted data to the first server through the removable storage medium. Therefore, the first server can load the encrypted data of the first data platform into the TEE and decrypt the encrypted data to obtain each hash result of the first data platform. It is to be understood that, after the first server may decrypt the hash results of the N data platforms, the indication result of the overlapped data of the N data platforms may be determined based on the hash results of the N data platforms. And each data platform can determine the final superposition result of each data platform based on the obtained indication result and the intermediate table. The determination of the indication result and the determination of the final coincidence result may be referred to above, and are not repeated herein.
In summary, the data joint processing method for protecting privacy provided in the embodiments of the present specification can determine the overlapped data of each data platform in a network isolation environment, so that privacy protection of data of each data platform can be achieved.
Fig. 4 is a schematic diagram of a data join processing method for protecting privacy provided in this specification. In fig. 4, the data joint processing method may include four steps. First, key distribution. The first server can generate N +1 public and private key pairs in advance in the TEE, wherein N first public keys in the N public and private key pairs are respectively distributed to the N data platforms according to convention. And second public keys in the remaining 1 public and private key pairs are simultaneously distributed to the N data platforms. Second, the data is encrypted. Each data platform can perform hash operation after adding the second public key to each row of data records in the corresponding original table to obtain each hash result. And then sorting the hash results to obtain an intermediate table. And finally, encrypting each piece of the ordered hash result in the intermediate table to obtain corresponding encrypted data. Third, an indication of coincidence data is determined. And the first server acquires the encrypted data of the N data platforms respectively, and loads the encrypted data into the TEE for decryption to obtain the hash results of the N data platforms respectively. And then determining respective Boolean vectors of the N data platforms based on respective hash results of the N data platforms. Fourth, a final coincidence result is determined. Each data platform determines a final coincidence result based on the respective boolean vector and the intermediate table.
Correspondingly to the above data joint processing method for protecting privacy, an embodiment of the present specification further provides a data joint processing apparatus for protecting privacy, which is disposed in a first server, where the first server includes a trusted execution environment TEE. N +1 public and private key pairs are maintained in the TEE, wherein N first public keys in the N public and private key pairs are respectively used by N data platforms, second public keys in the remaining 1 public and private key pairs are commonly used by the N data platforms, and N is a positive integer. As shown in fig. 5, the apparatus may include:
the obtaining unit 502 is configured to obtain respective encrypted data of N data platforms, where the encrypted data of any first data platform in the N data platforms is obtained by adding a second public key to each piece of original data of the first data platform and then performing hash operation, and then encrypting each hash result using a first public key corresponding to the first data platform.
The pieces of raw data herein may include private data of the user. The private data of the user includes any one of: risk labels, privacy attributes, identification information, biometric information, and the like.
The obtaining unit 502 may specifically be configured to:
and respectively acquiring the encrypted data of the N data platforms through the mobile storage medium.
A decryption unit 504, configured to load the encrypted data of each of the N data platforms into the TEE, and in the TEE, decrypt the encrypted data of each of the N data platforms respectively by using N first private keys corresponding to the N first public keys, so as to obtain each hash result of each of the N data platforms.
A determining unit 506, configured to determine, based on each hash result of each of the N data platforms, an indication result of the overlapped data of the N data platforms.
The determining unit 506 may specifically be configured to:
and taking the data platform with the least number of hash results in the N data platforms as a target platform.
And for each hash result of the target platform, searching a matched hash result in each hash result of the other N-1 data platforms.
If the hash result is found in each hash result of each data platform, the matched hash result can be found. Setting the search result of the hash result to be a first value, otherwise setting the search result of the hash result to be a second value.
And forming an indication result of the overlapped data based on the search result of each hash result.
When the first value is 1 and the second value is 0, the indication result may be a boolean vector.
Optionally, the respective hash results of the N data platforms are ordered.
The determining unit 506 may further specifically be configured to:
and for each hash result of the target platform, searching a matched hash result in each hash result of each data platform in the other N-1 data platforms by a binary search method.
Optionally, the apparatus may further include:
a signature unit 508, configured to sign the first public key of the first data platform using a second private key corresponding to the second public key.
The storing unit 510 is configured to store the signed first public key in a removable storage medium, and transmit the signed first public key to the first data platform through the removable storage medium, so that the first public key is stored after verification.
The functions of each functional module of the device in the above embodiments of the present description may be implemented through each step of the above method embodiments, and therefore, a specific working process of the device provided in one embodiment of the present description is not repeated herein.
According to the data joint processing device for protecting privacy, provided by one embodiment of the specification, the overlapped data of each data platform can be determined in a network isolation environment, so that the privacy protection of the data of each data platform can be realized.
Corresponding to the above data joint processing method for protecting privacy, an embodiment of the present specification further provides a data joint processing apparatus for protecting privacy, which is disposed on any first data platform of the N data platforms. As shown in fig. 6, the apparatus may include:
an adding unit 602, configured to add the second public key stored in the first data platform to each piece of original data of the first data platform. The second public key is a public key in 1 public and private key pair except N public and private key pairs corresponding to N data platforms in N +1 public and private key pairs maintained by the first server.
The operation unit 604 is configured to perform a hash operation on each piece of original data to which the second public key is added, so as to obtain each hash result.
An encrypting unit 606, configured to encrypt each hash result by using the first public key stored in the first data platform to obtain encrypted data of the first data platform, and provide the encrypted data to the first server, so that the first server determines an indication result of the overlapped data of the N data platforms. The first public key is a first public key corresponding to the first data platform in N first public keys in N public and private key pairs.
The encryption unit 606 may specifically be configured to:
and sequencing the hash results.
And encrypting the sorted hash results by using the first public key stored in the first data platform to obtain the encrypted data of the first data platform.
Optionally, the apparatus may further include:
an obtaining unit 608, configured to obtain the signed first public key through the removable storage medium. And verifying the signed first public key by using the second public key. And after the verification is passed, saving the first public key.
Alternatively, the indication result may be a boolean vector. The apparatus may further include:
a determining unit 610, configured to perform element value judgment on each element in the boolean vector, where the element value judgment includes: and if the element value of the current element is 1, selecting the hash result positioned at the position of the current element in the sorted hash results as a target result. Otherwise, discarding the hash result at the position of the current element. And after element value judgment is carried out on each element in the Boolean vector, a final coincidence result is formed based on each selected target result.
The functions of each functional module of the device in the above embodiments of the present description may be implemented through each step of the above method embodiments, and therefore, a specific working process of the device provided in one embodiment of the present description is not repeated herein.
According to the data joint processing device for protecting privacy, provided by one embodiment of the specification, the overlapped data of each data platform can be determined in a network isolation environment, so that the privacy protection of the data of each data platform can be realized.
In another aspect, embodiments of the present specification provide a computer-readable storage medium having stored thereon a computer program, which, when executed in a computer, causes the computer to perform the method shown in fig. 2 or fig. 3.
In another aspect, embodiments of the present description provide a computing device comprising a memory having stored therein executable code, and a processor that, when executing the executable code, implements the method shown in fig. 2 or fig. 3.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
The steps of a method or algorithm described in connection with the disclosure herein may be embodied in hardware or may be embodied in software instructions executed by a processor. The software instructions may consist of corresponding software modules that may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, a hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an ASIC. Additionally, the ASIC may reside in a server. Of course, the processor and the storage medium may reside as discrete components in a server.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The above-mentioned embodiments, objects, technical solutions and advantages of the present specification are further described in detail, it should be understood that the above-mentioned embodiments are only specific embodiments of the present specification, and are not intended to limit the scope of the present specification, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present specification should be included in the scope of the present specification.

Claims (24)

1. A privacy-preserving data joint processing method is executed by a first server, wherein the first server comprises a Trusted Execution Environment (TEE); n +1 public and private key pairs are maintained in the TEE, wherein N first public keys in the N public and private key pairs are respectively used by N data platforms, and second public keys in the remaining 1 public and private key pairs are commonly used by the N data platforms; n is a positive integer; the method comprises the following steps:
acquiring respective encrypted data of the N data platforms, wherein the encrypted data of any first data platform in the N data platforms is obtained by adding the second public key to each piece of original data of the first data platform, then performing hash operation, and then encrypting each hash result by using the first public key corresponding to the first data platform;
loading the respective encrypted data of the N data platforms into the TEE, and respectively decrypting the respective encrypted data of the N data platforms by using N first private keys corresponding to the N first public keys in the TEE to obtain respective hash results of the N data platforms;
and determining the indication result of the coincident data of the N data platforms based on the respective hash results of the N data platforms.
2. The method of claim 1, wherein the obtaining encrypted data for each of the N data platforms comprises:
and respectively acquiring the encrypted data of the N data platforms through a mobile storage medium.
3. The method of claim 1, the pieces of raw data comprising private data of a user; the private data of the user includes any one of: risk tags, privacy attributes, identification information, and biometric information.
4. The method of claim 1, further comprising, prior to said obtaining encrypted data for each of said N data platforms:
signing the first public key of the first data platform by using a second private key corresponding to the second public key;
and storing the signed first public key into a mobile storage medium, and transmitting the signed first public key to the first data platform through the mobile storage medium so as to store the first public key after verification.
5. The method of claim 1, wherein determining the indication of the coincident data for the N data platforms based on the respective hash results for the N data platforms comprises:
taking the data platform with the least number of hash results in the N data platforms as a target platform;
for each hash result of the target platform, searching a matched hash result in each hash result of other N-1 data platforms;
if the matched hash result can be found in each hash result of each data platform; setting the search result of the hash result as a first numerical value; otherwise, setting the search result of the hash result as a second numerical value;
and forming an indication result of the coincident data based on the search result of each hash result.
6. The method of claim 5, the first value being 1, the second value being 0, the indication being a Boolean vector.
7. The method of claim 5, wherein the hash results for each of the N data platforms are in-order;
for each hash result of the target platform, searching for a matched hash result in each hash result of the other N-1 data platforms, including:
and searching each hash result of each data platform in the other N-1 data platforms for a matched hash result by a binary search method for each hash result of the target platform.
8. A data joint processing method for protecting privacy is executed by any first data platform in N data platforms, and comprises the following steps:
adding a second public key stored in the first data platform in each piece of original data of the first data platform; the second public key is a public key in 1 public and private key pair except N public and private key pairs corresponding to the N data platforms in N +1 public and private key pairs maintained by the first server;
performing hash operation on each piece of original data added with the second public key to obtain each hash result;
encrypting each hash result by using a first public key stored in the first data platform to obtain encrypted data of the first data platform, and providing the encrypted data of the first data platform to the first server to ensure that the first server determines an indication result of the overlapped data of the N data platforms; the first public key is a first public key corresponding to the first data platform in N first public keys in the N public and private key pairs.
9. The method of claim 8, the first public key of the first data platform obtained by:
acquiring a first public key after signature through a mobile storage medium;
verifying the signed first public key by using the second public key;
and after the verification is passed, saving the first public key.
10. The method of claim 8, wherein encrypting the hash results using a first public key stored on the first data platform comprises:
sequencing the hash results;
and encrypting the sorted hash results by using the first public key stored in the first data platform to obtain the encrypted data of the first data platform.
11. The method of claim 10, the indication being a boolean vector; the method further comprises the step of determining a final coincidence result corresponding to the boolean vector, comprising:
performing element value judgment on each element in the Boolean vector, wherein the element value judgment comprises: if the element value of the current element is 1, selecting the hash result at the position of the current element from the sorted hash results as a target result; otherwise, discarding the hash result at the position of the current element;
and after element value judgment is carried out on each element in the Boolean vector, the final coincidence result is formed based on each selected target result.
12. A data joint processing device for protecting privacy is arranged on a first server, and the first server comprises a Trusted Execution Environment (TEE); n +1 public and private key pairs are maintained in the TEE, wherein N first public keys in the N public and private key pairs are respectively used by N data platforms, and second public keys in the remaining 1 public and private key pairs are commonly used by the N data platforms; n is a positive integer; the device comprises:
an obtaining unit, configured to obtain respective encrypted data of the N data platforms, where the encrypted data of any first data platform of the N data platforms is obtained by adding the second public key to each piece of original data of the first data platform, performing hash operation, and then encrypting each hash result by using the first public key corresponding to the first data platform;
a decryption unit, configured to load the encrypted data of each of the N data platforms into the TEE, and in the TEE, decrypt the encrypted data of each of the N data platforms respectively by using N first private keys corresponding to the N first public keys to obtain each hash result of each of the N data platforms;
and the determining unit is used for determining the indication result of the coincident data of the N data platforms based on the respective hash results of the N data platforms.
13. The apparatus according to claim 12, wherein the obtaining unit is specifically configured to:
and respectively acquiring the encrypted data of the N data platforms through a mobile storage medium.
14. The apparatus of claim 12, the pieces of raw data comprising private data of a user; the private data of the user includes any one of: risk tags, privacy attributes, identification information, and biometric information.
15. The apparatus of claim 12, further comprising:
the signature unit is used for signing the first public key of the first data platform by using a second private key corresponding to the second public key;
the storage unit is configured to store the signed first public key in a mobile storage medium, and to transmit the signed first public key to the first data platform through the mobile storage medium, so that the first public key is stored after verification.
16. The apparatus according to claim 12, wherein the determining unit is specifically configured to:
taking the data platform with the least number of hash results in the N data platforms as a target platform;
for each hash result of the target platform, searching a matched hash result in each hash result of the other N-1 data platforms;
if the matched hash result can be found in each hash result of each data platform; setting the search result of the hash result as a first numerical value; otherwise, setting the search result of the hash result as a second numerical value;
and forming an indication result of the coincident data based on the search result of each hash result.
17. The apparatus of claim 16, the first value being 1, the second value being 0, the indication being a boolean vector.
18. The apparatus of claim 16, wherein the hash results for each of the N data platforms are in-order;
the determining unit is further specifically configured to:
and searching each hash result of each data platform in the other N-1 data platforms for a matched hash result by a binary search method for each hash result of the target platform.
19. A data joint processing device for protecting privacy is arranged on any first data platform in N data platforms, and comprises:
an adding unit, configured to add a second public key stored in the first data platform to each piece of original data of the first data platform; the second public key is a public key in 1 public and private key pair except N public and private key pairs corresponding to the N data platforms in N +1 public and private key pairs maintained by the first server;
the operation unit is used for carrying out hash operation on each piece of original data added with the second public key to obtain each hash result;
an encryption unit, configured to encrypt each hash result by using a first public key stored in the first data platform to obtain encrypted data of the first data platform, and provide the encrypted data to the first server, so that the first server determines an indication result of overlapping data of the N data platforms; the first public key is a first public key corresponding to the first data platform in N first public keys in the N public and private key pairs.
20. The apparatus of claim 19, further comprising:
the acquisition unit is used for acquiring the signed first public key through the mobile storage medium;
verifying the signed first public key by using the second public key;
and after the verification is passed, saving the first public key.
21. The apparatus according to claim 19, the encryption unit being specifically configured to:
sequencing the hash results;
and encrypting the sorted hash results by using the first public key stored in the first data platform to obtain the encrypted data of the first data platform.
22. The device of claim 21, the indication result being a boolean vector; the device further comprises:
a determining unit, configured to perform element value judgment on each element in the boolean vector, where the element value judgment includes: if the element value of the current element is 1, selecting the hash result at the position of the current element from the sorted hash results as a target result; otherwise, discarding the hash result at the position of the current element;
and after element value judgment is carried out on each element in the Boolean vector, a final coincidence result is formed based on each selected target result.
23. A computer-readable storage medium, having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of claims 1-7 or the method of any of claims 8-11.
24. A computing device comprising a memory having stored therein executable code and a processor that, when executing the executable code, implements the method of any of claims 1-7 or the method of any of claims 8-11.
CN202010820713.8A 2020-08-14 2020-08-14 Data joint processing method and device for protecting privacy Active CN111935163B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010820713.8A CN111935163B (en) 2020-08-14 2020-08-14 Data joint processing method and device for protecting privacy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010820713.8A CN111935163B (en) 2020-08-14 2020-08-14 Data joint processing method and device for protecting privacy

Publications (2)

Publication Number Publication Date
CN111935163A CN111935163A (en) 2020-11-13
CN111935163B true CN111935163B (en) 2022-08-09

Family

ID=73311366

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010820713.8A Active CN111935163B (en) 2020-08-14 2020-08-14 Data joint processing method and device for protecting privacy

Country Status (1)

Country Link
CN (1) CN111935163B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112966168B (en) * 2021-03-11 2022-05-17 支付宝(杭州)信息技术有限公司 Business label query method and device for realizing privacy protection

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106127079A (en) * 2016-07-15 2016-11-16 中电长城网际系统应用有限公司 A kind of data sharing method and device
CN106780007A (en) * 2016-11-28 2017-05-31 树读(上海)信息科技有限公司 A kind of collage-credit data is shared and transaction system
EP3367608A1 (en) * 2017-02-28 2018-08-29 Koninklijke Philips N.V. Elliptic curve isogeny based key agreement protocol
CN109831312A (en) * 2019-03-28 2019-05-31 深圳大学 It can connection ring endorsement method, device, equipment and storage medium
CN109951453A (en) * 2019-02-26 2019-06-28 符安文 A kind of safe encryption method based on block chain
CN111125781A (en) * 2019-12-24 2020-05-08 腾讯科技(深圳)有限公司 File signature method and device and file signature verification method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130133243A (en) * 2011-01-07 2013-12-06 톰슨 라이센싱 Device and method for online storage, transmission device and method, and receiving device and method
CN108199835B (en) * 2018-01-19 2021-11-30 北京江南天安科技有限公司 Multi-party combined private key decryption method
CN109560931B (en) * 2018-11-30 2020-11-24 江苏恒宝智能系统技术有限公司 Equipment remote upgrading method based on certificate-free system
CN109818743B (en) * 2019-01-24 2020-08-28 中国科学院信息工程研究所 Method and system for text transmission of elliptic curve public key
CN111046047B (en) * 2019-12-17 2023-05-09 支付宝(杭州)信息技术有限公司 Privacy-protecting data query method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106127079A (en) * 2016-07-15 2016-11-16 中电长城网际系统应用有限公司 A kind of data sharing method and device
CN106780007A (en) * 2016-11-28 2017-05-31 树读(上海)信息科技有限公司 A kind of collage-credit data is shared and transaction system
EP3367608A1 (en) * 2017-02-28 2018-08-29 Koninklijke Philips N.V. Elliptic curve isogeny based key agreement protocol
CN109951453A (en) * 2019-02-26 2019-06-28 符安文 A kind of safe encryption method based on block chain
CN109831312A (en) * 2019-03-28 2019-05-31 深圳大学 It can connection ring endorsement method, device, equipment and storage medium
CN111125781A (en) * 2019-12-24 2020-05-08 腾讯科技(深圳)有限公司 File signature method and device and file signature verification method and device

Also Published As

Publication number Publication date
CN111935163A (en) 2020-11-13

Similar Documents

Publication Publication Date Title
CN111628868B (en) Digital signature generation method and device, computer equipment and storage medium
EP3685334B1 (en) Improving integrity of communications between blockchain networks and external data sources
CN110519260B (en) Information processing method and information processing device
EP3673640B1 (en) Processing data elements stored in blockchain networks
CN109034796A (en) Transaction monitoring and managing method, electronic device and readable storage medium storing program for executing based on alliance's chain
CN112347508A (en) Block chain data sharing encryption and decryption method and system
CN113285802B (en) Key agreement method and device based on FPGA
CN111125781B (en) File signature method and device and file signature verification method and device
US11575501B2 (en) Preserving aggregation using homomorphic encryption and trusted execution environment, secure against malicious aggregator
CN111327419B (en) Method and system for resisting quantum computation block chain based on secret sharing
CN109214146A (en) The endorsement method of application software, sign test method and apparatus
CN113420049B (en) Data circulation method, device, electronic equipment and storage medium
CN113836559A (en) Sample alignment method, device, equipment and storage medium in federated learning
CN111476573A (en) Account data processing method, device, equipment and storage medium
CN110737915A (en) Anti-quantum-computation anonymous identity recognition method and system based on alliance chain and implicit certificate
CN109978543B (en) Contract signing method and device, electronic equipment and storage medium
CN111935163B (en) Data joint processing method and device for protecting privacy
CN111008400A (en) Data processing method, device and system
CN113489710A (en) File sharing method, device, equipment and storage medium
CN111475690A (en) Character string matching method and device, data detection method and server
CN117155549A (en) Key distribution method, key distribution device, computer equipment and storage medium
US20220216999A1 (en) Blockchain system for supporting change of plain text data included in transaction
CN114091072A (en) Data processing method and device
CN110912688B (en) Anti-quantum-computation private key backup, loss reporting and recovery method and system based on alliance chain
Shbair et al. HSM-based Key Management Solution for Ethereum Blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40041069

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant