CN112953974B - Data collision method, device, equipment and computer readable storage medium - Google Patents

Data collision method, device, equipment and computer readable storage medium Download PDF

Info

Publication number
CN112953974B
CN112953974B CN202110414455.8A CN202110414455A CN112953974B CN 112953974 B CN112953974 B CN 112953974B CN 202110414455 A CN202110414455 A CN 202110414455A CN 112953974 B CN112953974 B CN 112953974B
Authority
CN
China
Prior art keywords
data
key
ciphertext data
encryption algorithm
participants
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110414455.8A
Other languages
Chinese (zh)
Other versions
CN112953974A (en
Inventor
李震川
孔维罡
翁志
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN202110414455.8A priority Critical patent/CN112953974B/en
Priority to PCT/CN2021/097417 priority patent/WO2022217714A1/en
Publication of CN112953974A publication Critical patent/CN112953974A/en
Application granted granted Critical
Publication of CN112953974B publication Critical patent/CN112953974B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to the field of safety protection, and provides a data collision method, a device, equipment and a computer readable storage medium, wherein the method comprises the following steps: acquiring second ciphertext data and first keys of a plurality of participants, wherein the first keys of different participants are different; decrypting the second ciphertext data corresponding to each participant according to the second encryption algorithm and the first key corresponding to each participant to obtain first ciphertext data of the multiple participants; and determining the intersection of the first ciphertext data of the plurality of participants, and sending the intersection to each participant. The method and the device solve the problem of collision of the sensitive data on the premise that the sensitive data are not leaked. The present application also relates to the field of blockchain, and the computer-readable storage medium may store data created from use of blockchain nodes.

Description

Data collision method, device, equipment and computer readable storage medium
Technical Field
The present application relates to the field of safety protection, and in particular, to a data collision method, apparatus, device, and computer-readable storage medium.
Background
With the continuous deepening of networking and digitalization degrees, a great amount of data related to personal privacy, property information, behavior tracks and the like are stored and transmitted on the Internet, and the importance of protecting data security is self-evident. For enterprises, sensitive data such as business secrets and user data are mainly encrypted and protected, when the enterprises perform certain business cooperation with other enterprises, great business value can be generated by using the data, but for the purpose of protecting the sensitive data, the data cannot be transmitted to the other party in a clear text, and when some businesses need data collision of the sensitive data of both parties, the business function cannot be realized.
At present, data are encrypted mainly based on a common encryption algorithm and then transmitted by using a ciphertext, but both parties can obtain the ciphertext through selecting the same encryption algorithm to perform data collision, but any party can reversely deduce information transmitted by the other party by establishing a mapping relation between the ciphertext and the plaintext, so that the problem of data leakage is caused. Therefore, how to realize collision of sensitive data on the premise of not revealing the sensitive data is a problem to be solved urgently at present.
Disclosure of Invention
The embodiment of the application provides a data collision method, a data collision device, data collision equipment and a computer readable storage medium, aiming at realizing the collision of sensitive data on the premise of not revealing the sensitive data.
In a first aspect, an embodiment of the present application provides a data collision method, including:
acquiring second ciphertext data and a first key of a plurality of participants, wherein the participants encrypt sensitive data plaintext according to a first encryption algorithm to obtain first ciphertext data, and encrypt the first ciphertext data according to a second encryption algorithm and the first key to obtain second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
decrypting the second ciphertext data corresponding to each participant according to the second encryption algorithm and the first key corresponding to each participant to obtain first ciphertext data of the multiple participants;
determining an intersection of first ciphertext data of the multiple parties, and sending the intersection to each party, wherein the parties encrypt the intersection based on the second encryption algorithm and the first key, decrypt mapping relation ciphertext data according to a third encryption algorithm and a second key to obtain a mapping relation plaintext between the second ciphertext data and sensitive data plaintext, and obtain a corresponding sensitive data plaintext from the mapping relation plaintext according to the encrypted intersection.
In a second aspect, an embodiment of the present application further provides a data collision method, including:
acquiring a sensitive data plaintext, a first key and a second key, wherein the first key is different from the second key;
encrypting the sensitive data plaintext according to a first encryption algorithm to obtain first ciphertext data;
encrypting the first ciphertext data according to a second encryption algorithm and the first key to obtain second ciphertext data, wherein the first encryption algorithm is different from the second encryption algorithm;
encrypting the mapping relation between the sensitive data plaintext and the second ciphertext data according to a third encryption algorithm and the second key to obtain mapping relation ciphertext data;
sending the second ciphertext data and the first key to data collision equipment, so that the data collision equipment decrypts the corresponding second ciphertext data according to the second encryption algorithm and the first key of each participant to obtain first ciphertext data of a plurality of participants, and determines an intersection of the first ciphertext data of the plurality of participants;
acquiring the intersection sent by the data collision equipment, and encrypting the intersection according to the second encryption algorithm and the first key;
decrypting the mapping relation ciphertext data according to the third encryption algorithm and the second key to obtain a mapping relation plaintext between the sensitive data plaintext and the second ciphertext data;
and acquiring corresponding sensitive data plaintext from the mapping relation plaintext according to the encrypted intersection.
In a third aspect, an embodiment of the present application further provides a data collision device, where the data collision device includes:
the acquisition module is used for acquiring second ciphertext data and first keys of a plurality of participants, wherein the participants encrypt sensitive data plaintext according to a first encryption algorithm to obtain first ciphertext data, and encrypt the first ciphertext data according to a second encryption algorithm and the first keys to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
the data collision module is used for decrypting the second ciphertext data corresponding to each participant according to the second encryption algorithm and the first key corresponding to each participant to obtain the first ciphertext data of the multiple participants;
the data collision module is further configured to determine an intersection of first ciphertext data of the multiple parties, and send the intersection to each party, where the party encrypts the intersection based on the second encryption algorithm and the first key, decrypts mapping-relation ciphertext data according to a third encryption algorithm and a second key, to obtain a mapping-relation plaintext between the second ciphertext data and the sensitive-data plaintext, and obtains a corresponding sensitive-data plaintext from the mapping-relation plaintext according to the encrypted intersection.
In a fourth aspect, the present application further provides a computer device, which includes a processor, a memory, and a computer program stored on the memory and executable by the processor, wherein when the computer program is executed by the processor, the steps of the data collision method as described above are implemented.
In a fifth aspect, the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the data collision method as described above.
The embodiment of the application provides a data collision method, a device, equipment and a computer readable storage medium, the method obtains second ciphertext data and a first secret key of a plurality of participants, the first secret key of each participant is different, decrypts the corresponding second ciphertext data according to an encryption algorithm and the first secret key of each participant to obtain the first ciphertext data of the participants, then determines the intersection of the first ciphertext data of the participants and sends the intersection to each participant, because the data collision is carried out aiming at the ciphertext data and the first secret keys of the participants are different, different ciphertext data can be obtained through different first secret keys, the isolation of the ciphertext data between the participants is ensured, the problem of realizing the collision of sensitive data on the premise of not revealing the sensitive data can be solved, the security and sharing circulation of the sensitive data are improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic flow chart of a data collision method provided in an embodiment of the present application;
FIG. 2 is a schematic diagram of a scenario for implementing the data collision method provided in this embodiment;
FIG. 3 is a schematic flow chart diagram illustrating another data collision method provided by an embodiment of the present application;
FIG. 4 is a schematic block diagram of a data collision device provided in an embodiment of the present application;
FIG. 5 is a schematic block diagram of a sub-module of the data collision device of FIG. 4;
fig. 6 is a schematic block diagram of a structure of a computer device according to an embodiment of the present application.
The implementation, functional features and advantages of the objectives of the present application will be further described with reference to the accompanying drawings.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The flow diagrams depicted in the figures are merely illustrative and do not necessarily include all of the elements and operations/steps, nor do they necessarily have to be performed in the order depicted. For example, some operations/steps may be decomposed, combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
The embodiment of the application provides a data collision method, a data collision device, data collision equipment and a computer readable storage medium. The data collision method can be applied to data collision equipment or data encryption equipment, the data collision equipment or the data encryption equipment can be terminal equipment and can also be a server, the terminal equipment can be a mobile phone, a tablet computer, a notebook computer, a desktop computer, a personal digital assistant, wearable equipment and the like, the data collision method can also be applied to the server, and the server can be a single server or a server cluster formed by a plurality of servers.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments and features of the embodiments described below can be combined with each other without conflict.
Referring to fig. 1, fig. 1 is a schematic flow chart of a data collision method according to an embodiment of the present application. The data collision method is applied to data collision equipment, and the data collision equipment can be terminal equipment and can also be a server.
As shown in fig. 1, the data collision method includes steps S101 to S103.
And S101, acquiring second ciphertext data and first keys of a plurality of participants.
The participant is a holder of the sensitive data, and the second ciphertext data is obtained by encrypting the plaintext of the sensitive data twice.
Illustratively, the data encryption device acquires a plaintext of sensitive data input by a participant, a first key and a second key, and generates a random key; encrypting a sensitive data plaintext according to a random key and a first encryption algorithm to obtain first ciphertext data, and encrypting the first ciphertext data according to a second encryption algorithm and the first key to obtain second ciphertext data; and encrypting the mapping relation between the sensitive data plaintext and the second ciphertext data according to a third encryption algorithm and a second key to obtain mapping relation ciphertext data, and storing the second ciphertext data and the mapping relation ciphertext data. For example, the sensitive data plaintext is play _ id, the play _ id is encrypted based on a first encryption algorithm and a random key to obtain first ciphertext data tmp _ secure _ id, the tmp _ secure _ id is encrypted based on a second encryption algorithm and the first key to obtain second ciphertext data app _ secure _ id, and a mapping relation between the play _ id and the app _ secure _ id is encrypted according to a third encryption algorithm and the second key to obtain mapping relation ciphertext _ id _ map.
Wherein, each participant holds a respective data encryption device, the data encryption device may be a terminal device or a server installed with a data encryption program, encryption of sensitive data plaintext can be realized through the data encryption program, and then second ciphertext data and a mapping relation ciphertext are obtained, a first key and a second key of each participant are different, a first encryption algorithm is different from a second encryption algorithm, the first encryption algorithm may be any one of deterministic encryption algorithms, the first encryption algorithm includes but is not limited to MD5 algorithm, SM3 algorithm, SHA256 algorithm, HMAC algorithm, for example, the SM3 algorithm is used to encrypt the sensitive data plaintext, the second encryption algorithm is any one of format preserving encryption algorithms, the second encryption algorithm includes but is not limited to FF1 algorithm, FF3-1 algorithm, for example, the FF3-1 algorithm and the first key are used to encrypt the first ciphertext data, the third encryption algorithm may be any public key or private key encryption algorithm, and includes, but is not limited to, RSA algorithm, SM2 algorithm, ECC algorithm, AES algorithm, SM4 algorithm, and 3DES algorithm, for example, the mapping relationship between the sensitive data plaintext and the second ciphertext data is encrypted using SM2 algorithm and the second key.
Illustratively, a plain text of sensitive data is play _ id, the play _ id is encrypted based on an SHA256 algorithm and a random key to obtain first ciphertext data tmp _ secure _ id, the tmp _ secure _ id is encrypted based on an FF1 algorithm and the first key to obtain second ciphertext data app _ secure _ id, and a mapping relation between the play _ id and the app _ secure _ id is encrypted according to an RSA algorithm and the second key to obtain mapping relation ciphertext _ id _ map.
In one embodiment, the data collision device acquires the second ciphertext data and the first key of the plurality of parties from the external storage device. Or, the data collision device receives second ciphertext data and a first key sent by a plurality of data encryption devices, one data encryption device sends a group of the second ciphertext data and the first key, and each participant holds a respective data encryption device. The external storage device includes a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), a Flash disk, and the like.
And S102, decrypting the corresponding second ciphertext data according to the second encryption algorithm and the corresponding first key of each participant to obtain the first ciphertext data of the multiple participants.
For example, the plurality of participants includes a first participant, a second participant and a third participant, the second ciphertext data and the first key held by the first participant are app _ secure _ id-1 and key _1-1, respectively, the second ciphertext data and the first key held by the second participant are app _ secure _ id-2 and key _1-2, respectively, the second ciphertext data and the first key held by the third participant are app _ secure _ id-3 and key _1-3, respectively, so that decrypting app _ secure _ id-1 according to the second encryption algorithm and key _1-1 may obtain the first ciphertext data tmp _ secure _ id-1, decrypting app _ secure _ id-2 according to the second encryption algorithm and key _1-2 may obtain the first ciphertext data tmp _ secure _ id-2, decrypting app _ secure _ id-3 according to the second encryption algorithm and key _1-3, the first ciphertext data tmp _ secure _ id-3 may be obtained.
In an embodiment, the second ciphertext data and the first keys of the multiple parties are input into the security chip, so that the security chip decrypts the corresponding second ciphertext data according to a second encryption algorithm and the corresponding first key of each party to obtain the first ciphertext data of the multiple parties; and acquiring first ciphertext data of a plurality of participants output by the security chip. The second ciphertext data and the first secret key of the multiple participants are input into the security chip, and the security chip decrypts the second ciphertext data and the first secret key, so that the security of the sensitive data can be further improved.
And step S103, determining the intersection of the first ciphertext data of the multiple participants, and sending the intersection to each participant.
After receiving the intersection of the first ciphertext data of a plurality of participants, the participants encrypt the intersection based on the second encryption algorithm and the first key of the participants, decrypt the ciphertext data of the mapping relation according to the third encryption algorithm and the second key to obtain the plaintext of the mapping relation between the second ciphertext data and the plaintext of the sensitive data, and obtain the plaintext of the corresponding sensitive data from the plaintext of the mapping relation according to the encrypted intersection.
In one embodiment, a data collision program in the safety chip is operated to perform collision comparison on first ciphertext data of a plurality of participants; and acquiring a collision comparison result output by the security chip, and determining the intersection of the first ciphertext data of the multiple participants according to the collision comparison result. The data collision program in the safety chip can be updated according to the requirements of all the participants. The first ciphertext data of the multiple participants are subjected to collision comparison through the security chip, and a collision comparison result is output, so that the security of the sensitive data can be further ensured.
In one embodiment, second ciphertext data and first keys of a plurality of participants are input into a security chip, and the security chip decrypts the corresponding second ciphertext data according to a second encryption algorithm and the corresponding first key of each participant to obtain the first ciphertext data of the plurality of participants; running a data collision program in the safety chip to perform collision comparison on the first ciphertext data of the multiple participants; and acquiring a collision comparison result output by the security chip, and determining the intersection of the first ciphertext data of the multiple participants according to the collision comparison result. The second ciphertext data and the first secret key of the multiple participants are input into the security chip, the decryption process and the data collision process are completed by the security chip, the collision comparison result is output, the intermediate result is not output, and the security of the sensitive data can be further ensured.
In one embodiment, a data collision device obtains a data collision application request sent by a target participant, wherein the data collision application request comprises a plurality of other participants applying for participating in data collision; sending authorization application information to each other participant, and acquiring second ciphertext data and a first key which are sent by each other participant based on the authorization application information; and acquiring second ciphertext data and a first key of the target party from the data collision application request. The data collision equipment acquires a data collision application request sent by data encryption equipment held by a target party, sends authorization application information to data encryption equipment held by each other party, outputs the authorization application information, and sends stored second ciphertext data and a first key to the data collision equipment when the data encryption equipment detects an authorization confirmation instruction of the party.
For example, as shown in fig. 2, the data encryption device 21 is held by a first party, the data encryption device 22 is held by a second party, and the data encryption device 23 is held by a third party, when the first party wants to collide sensitive data, the data collision device 21 sends a data collision request to the data collision device 10, the data collision device 10 obtains the data collision request sent by the data encryption device 21, the data collision request carries the IP address of the data encryption device 22 and the IP address of the data encryption device 23, and the data collision device 10 sends authorization application information to the data encryption device 22 and the data encryption device 23 through the IP address of the data encryption device 22 and the IP address of the data encryption device 23;
the data encryption device 22 outputs authorization application information, the data encryption device 22 sends second ciphertext data and a first key held by a second party to the data collision device 10 when detecting an authorization confirmation instruction triggered by the second party, the data encryption device 23 outputs the authorization application information, the data encryption device 23 sends the second ciphertext data and the first key held by the second party to the data collision device 10 when detecting an authorization confirmation instruction triggered by a third party, the data collision device 10 acquires the second ciphertext data and the first key held by the first party from the data collision application request, acquires the second ciphertext data and the first key held by the second party and sent by the data encryption device 22, and acquires the second ciphertext data and the first key held by the third party and sent by the data encryption device 23.
In an embodiment, the data collision device sends the intersection of the first ciphertext data of the multiple participants to the target participant, and the target participant inputs the intersection of the first ciphertext data of the multiple participants into the security chip for decryption and outputs the sensitive data plaintext corresponding to the intersection. The intersection of the first ciphertext data of the multiple participants is decrypted through the security chip, so that the security of the sensitive data can be further improved. For example, as shown in fig. 2, the data collision device 10 sends the intersection of the first ciphertext data of the multiple parties to the data encryption device 21, the data encryption device 21 inputs the intersection of the first ciphertext data of the multiple parties to the security chip for decryption, and the security chip outputs the sensitive data plaintext corresponding to the intersection.
In the data collision method provided in the above embodiment, the second ciphertext data and the first key of the multiple participants are obtained, the first key of each participant is different, and the corresponding second ciphertext data is decrypted according to the encryption algorithm and the first key of each participant to obtain the first ciphertext data of the multiple participants, then the intersection of the first ciphertext data of the multiple participants is determined, and the intersection is sent to each participant.
Referring to fig. 3, fig. 3 is a schematic flowchart of another data collision method according to an embodiment of the present disclosure. The data collision method is applied to a data encryption device which is in communication connection with the data collision device.
As shown in fig. 3, the data collision method includes steps S201 to S208.
Step S201, sensitive data plaintext, a first key and a second key are obtained.
The sensitive data plaintext can comprise data such as customer information, property information, behavior tracks and the like, the customer information comprises an identification number, a mobile phone number, a bank card password, a home address and the like of a customer, and the first secret key and the second secret key are different.
Step S202, encrypting the sensitive data plaintext according to a first encryption algorithm to obtain first ciphertext data.
Wherein, the first encryption algorithm may be any one of deterministic encryption algorithms, and the first encryption algorithm includes, but is not limited to, MD5 algorithm, SM3 algorithm, SHA256 algorithm, HMAC algorithm. For example, the plaintext of the sensitive data is play _ id, and the play _ id is encrypted based on the SM3 algorithm to obtain the tmp _ secure _ id of the first ciphertext data.
And S203, encrypting the first ciphertext data according to the second encryption algorithm and the first key to obtain second ciphertext data.
Wherein the second encryption algorithm may be any one of format preserving encryption algorithms, the second encryption algorithm including but not limited to FF1 algorithm, FF3-1 algorithm. For example, tmp _ secure _ id is encrypted based on the FF1 algorithm and the first key, resulting in second ciphertext data app _ secure _ id.
And S204, encrypting the mapping relation between the sensitive data plaintext and the second ciphertext data according to a third encryption algorithm and the second key to obtain mapping relation ciphertext data.
The third encryption algorithm may be any public key or private key encryption algorithm, including but not limited to RSA algorithm, SM2 algorithm, ECC algorithm, AES algorithm, SM4 algorithm, and 3DES algorithm. For example, the mapping relationship between play _ id and app _ secure _ id is encrypted according to the AES algorithm and the second key, and then the mapping relationship ciphertext data secure _ cypher _ id _ map is obtained. And storing the second ciphertext data, the first key and the mapping relation ciphertext data.
And step S205, sending the second ciphertext data and the first key to the data collision equipment.
Illustratively, a data collision application instruction triggered by a target participant is acquired, second ciphertext data of the target participant, a first key and IP addresses of other participants participating in data collision are acquired, a data collision application request carrying the second ciphertext data, the first key and the IP addresses of the other participants participating in data collision is generated, then the data collision application request is sent to data collision equipment, the data collision equipment acquires the second ciphertext data and the first key of the target participant from the data collision application request, authorization application information is sent to the other participants based on the IP addresses of the other participants, and the second ciphertext data and the first key sent by the other participants based on the authorization application information are acquired.
In an embodiment, the data collision device inputs the received second ciphertext data and the first key of each participant into the security chip, and the security chip decrypts the respective corresponding second ciphertext data according to the second encryption algorithm and the respective corresponding first key of each participant to obtain the first ciphertext data of the multiple participants; the safety chip runs a data collision program to perform collision comparison on the first ciphertext data of the multiple participants; and acquiring a collision comparison result output by the security chip, determining the intersection of the first ciphertext data of the multiple participants according to the collision comparison result, and then sending the intersection of the first ciphertext data of the multiple participants to the target participant.
And S206, acquiring the intersection sent by the data collision equipment, and encrypting the intersection according to the second encryption algorithm and the first key.
And the data encryption equipment acquires the intersection of the first ciphertext data of the multiple participants sent by the data collision equipment, and encrypts the intersection of the first ciphertext data of the multiple participants according to a second encryption algorithm and a first key of the data encryption equipment.
And step S207, decrypting the mapping relation ciphertext data according to the third encryption algorithm and the second key to obtain a mapping relation plaintext between the sensitive data plaintext and the second ciphertext data.
The third encryption algorithm may be any public key or private key encryption algorithm, including but not limited to RSA algorithm, SM2 algorithm, ECC algorithm, AES algorithm, SM4 algorithm, and 3DES algorithm. And decrypting the mapping relation ciphertext data stored before through a third encryption algorithm and a second key to obtain a mapping relation plaintext between the sensitive data plaintext and the second ciphertext data.
And S208, acquiring corresponding sensitive data plaintext from the mapping relation plaintext according to the encrypted intersection.
After the plain text of the mapping relationship between the sensitive data plain text and the second ciphertext data is obtained, the corresponding sensitive data plain text can be obtained from the plain text of the mapping relationship between the sensitive data plain text and the second ciphertext data according to the encrypted intersection.
Referring to fig. 4, fig. 4 is a schematic block diagram of a data collision device according to an embodiment of the present application.
As shown in fig. 4, the data collision device 300 includes: an acquisition module 310 and a data collision module 320, wherein:
the obtaining module 310 is configured to obtain second ciphertext data and first keys of multiple participants, where the participants encrypt a sensitive data plaintext according to a first encryption algorithm to obtain first ciphertext data, and encrypt the first ciphertext data according to a second encryption algorithm and the first key to obtain second ciphertext data, where the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
the data collision module 320 is configured to decrypt the respective corresponding second ciphertext data according to the second encryption algorithm and the respective corresponding first key of each participant, so as to obtain the first ciphertext data of the multiple participants.
The data collision module 320 is further configured to determine an intersection of first ciphertext data of the multiple parties, and send the intersection to each party, where the party encrypts the intersection based on the second encryption algorithm and the first key, decrypts mapping-relationship ciphertext data according to a third encryption algorithm and a second key, to obtain a mapping-relationship plaintext between the second ciphertext data and a sensitive-data plaintext, and obtains a corresponding sensitive-data plaintext from the mapping-relationship plaintext according to the encrypted intersection.
In one embodiment, as shown in fig. 5, the data collision module 320 includes an input submodule 321, a security chip 322, and an obtaining submodule 323, wherein:
the input submodule 321 is configured to input the second ciphertext data and the first key of the multiple parties into the security chip 322;
the security chip 322 is configured to decrypt the respective corresponding second ciphertext data according to the second encryption algorithm and the respective corresponding first key of each participant to obtain first ciphertext data of the multiple participants;
the obtaining submodule 323 is configured to obtain the first ciphertext data of the multiple parties output by the security chip 322.
In an embodiment, the security chip 322 is further configured to run a data collision program to perform collision comparison on the first ciphertext data of the multiple parties;
the obtaining submodule 323 is further configured to obtain a collision comparison result output by the security chip, and determine an intersection of the first ciphertext data of the multiple parties according to the collision comparison result.
In an embodiment, the obtaining module 310 is further configured to:
acquiring a data collision application request sent by a target participant, wherein the data collision application request comprises a plurality of other participants applying for participating in data collision;
sending authorization application information to each of the other participants, and acquiring second ciphertext data and a first key which are sent by each of the other participants based on the authorization application information;
and acquiring second ciphertext data and a first key of the target party from the data collision application request.
In an embodiment, the data collision device further includes a sending module, and the sending module is configured to:
and sending the intersection to the target party so that the target party inputs the intersection into a security chip for decryption and obtains a sensitive data plaintext corresponding to the intersection.
In one embodiment, the first encryption algorithm is a deterministic encryption algorithm, the first encryption algorithm comprising: MD5 algorithm, SM3 algorithm, SHA256 algorithm, HMAC algorithm;
the second encryption algorithm is a format preserving encryption algorithm, and the second encryption algorithm comprises: FF1 algorithm, FF3-1 algorithm.
It should be noted that, as will be clear to those skilled in the art, for convenience and brevity of description, the specific working processes of the apparatus and each module and unit described above may refer to the corresponding processes in the foregoing data collision method embodiment, and are not described herein again.
The apparatus provided by the above embodiments may be implemented in the form of a computer program, which can be run on a computer device as shown in fig. 6.
Referring to fig. 6, fig. 6 is a schematic block diagram of a computer device according to an embodiment of the present disclosure. The computer device may be a data collision device or a data encryption device.
As shown in fig. 6, the computer device includes a processor, a memory, and a network interface connected by a system bus, wherein the memory may include a storage medium and an internal memory.
The storage medium may store an operating system and a computer program. The computer program includes program instructions that, when executed, cause a processor to perform any of the data collision methods.
The processor is used for providing calculation and control capability and supporting the operation of the whole computer equipment.
The internal memory provides an environment for the execution of a computer program on a storage medium, which when executed by a processor, causes the processor to perform any of the data collision methods.
The network interface is used for network communication, such as sending assigned tasks. Those skilled in the art will appreciate that the architecture shown in fig. 6 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
It should be understood that the Processor may be a Central Processing Unit (CPU), and the Processor may be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, etc. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Wherein, in an embodiment, the processor is configured to run a computer program stored in the memory to implement the steps of:
acquiring second ciphertext data and a first key of a plurality of participants, wherein the participants encrypt sensitive data plaintext according to a first encryption algorithm to obtain first ciphertext data, and encrypt the first ciphertext data according to a second encryption algorithm and the first key to obtain second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
and decrypting the second ciphertext data corresponding to each participant according to the second encryption algorithm and the first key corresponding to each participant to obtain the first ciphertext data of the multiple participants.
Determining an intersection of first ciphertext data of the multiple parties, and sending the intersection to each party, wherein the parties encrypt the intersection based on the second encryption algorithm and the first key, decrypt mapping relation ciphertext data according to a third encryption algorithm and a second key to obtain a mapping relation plaintext between the second ciphertext data and sensitive data plaintext, and obtain a corresponding sensitive data plaintext from the mapping relation plaintext according to the encrypted intersection.
In an embodiment, when the processor decrypts the second ciphertext data corresponding to each of the participants according to the second encryption algorithm and the first key corresponding to each of the participants to obtain the first ciphertext data of the multiple participants, the processor is configured to:
inputting second ciphertext data and a first key of the multiple participants into a security chip;
decrypting the second ciphertext data respectively corresponding to the second encryption algorithm through the security chip according to the second encryption algorithm and the first key respectively corresponding to each participant to obtain first ciphertext data of the multiple participants;
and acquiring first ciphertext data of the multiple participants output by the security chip.
In an embodiment, the processor, in performing determining the intersection of the first ciphertext data of the plurality of participants, is to perform:
running a data collision program in the safety chip to perform collision comparison on the first ciphertext data of the multiple participants;
and acquiring a collision comparison result output by the safety chip, and determining the intersection of the first ciphertext data of the multiple participants according to the collision comparison result.
In an embodiment, the processor, when implementing obtaining the second ciphertext data and the first key of the plurality of participants, is configured to implement:
acquiring a data collision application request sent by a target participant, wherein the data collision application request comprises a plurality of other participants applying for participating in data collision;
sending authorization application information to each of the other participants, and acquiring second ciphertext data and a first key which are sent by each of the other participants based on the authorization application information;
and acquiring second ciphertext data and a first key of the target party from the data collision application request.
In an embodiment, the processor is further configured to implement the following steps:
and sending the intersection to the target party so that the target party inputs the intersection into a security chip for decryption and obtains a sensitive data plaintext corresponding to the intersection.
In one embodiment, the first encryption algorithm is a deterministic encryption algorithm, the first encryption algorithm comprising: MD5 algorithm, SM3 algorithm, SHA256 algorithm, HMAC algorithm;
the second encryption algorithm is a format preserving encryption algorithm, and the second encryption algorithm comprises: FF1 algorithm, FF3-1 algorithm.
In one embodiment, the processor is further configured to implement the steps of:
acquiring a sensitive data plaintext, a first key and a second key, wherein the first key is different from the second key;
encrypting the sensitive data plaintext according to a first encryption algorithm to obtain first ciphertext data;
encrypting the first ciphertext data according to a second encryption algorithm and the first key to obtain second ciphertext data, wherein the first encryption algorithm is different from the second encryption algorithm;
encrypting the mapping relation between the sensitive data plaintext and the second ciphertext data according to a third encryption algorithm and the second key to obtain mapping relation ciphertext data;
sending the second ciphertext data and the first key to data collision equipment, so that the data collision equipment decrypts the respective corresponding second ciphertext data according to the second encryption algorithm and the first key of each participant to obtain first ciphertext data of a plurality of participants, and determines an intersection of the first ciphertext data of the plurality of participants;
acquiring the intersection sent by the data collision equipment, and encrypting the intersection according to the second encryption algorithm and the first key;
decrypting the mapping relation ciphertext data according to the third encryption algorithm and the second key to obtain a mapping relation plaintext between the sensitive data plaintext and the second ciphertext data;
and acquiring corresponding sensitive data plaintext from the mapping relation plaintext according to the encrypted intersection.
It should be noted that, as will be clear to those skilled in the art, for convenience and brevity of description, the specific working process of the computer device described above may refer to the corresponding process in the foregoing data collision method embodiment, and details are not described herein again.
From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present application may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments of the present application.
The embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, where the computer program includes program instructions, and when the program instructions are executed, a method implemented by the program instructions may refer to various embodiments of the data collision method of the present application.
The computer readable storage medium may be volatile or nonvolatile. The computer-readable storage medium may be an internal storage unit of the computer device described in the foregoing embodiment, for example, a hard disk or a memory of the computer device. The computer readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the computer device.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
The block chain referred by the application is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
It is to be understood that the terminology used in the description of the present application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments. While the invention has been described with reference to specific embodiments, the scope of the invention is not limited thereto, and those skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A data collision method, comprising:
acquiring second ciphertext data and a first key of a plurality of participants, wherein the participants encrypt sensitive data plaintext according to a first encryption algorithm to obtain first ciphertext data, and encrypt the first ciphertext data according to a second encryption algorithm and the first key to obtain second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
decrypting the second ciphertext data corresponding to each participant according to the second encryption algorithm and the first key corresponding to each participant to obtain first ciphertext data of the multiple participants;
determining an intersection of the first ciphertext data of the multiple participants, and sending the intersection to each participant, wherein the participants encrypt the intersection based on the second encryption algorithm and the first key, decrypt the ciphertext data of the mapping relationship according to a third encryption algorithm and a second key, so as to obtain a plaintext of the mapping relationship between the second ciphertext data and the plaintext of the sensitive data, and the participants obtain the plaintext of the sensitive data from the plaintext of the mapping relationship according to the encrypted intersection.
2. The data collision method according to claim 1, wherein the decrypting the corresponding second ciphertext data according to the second encryption algorithm and the corresponding first key of each of the participants to obtain the first ciphertext data of the multiple participants comprises:
inputting second ciphertext data and a first key of the multiple participants into a security chip;
and decrypting the second ciphertext data respectively corresponding to the second encryption algorithm and the first key respectively corresponding to each participant through the security chip to obtain the first ciphertext data of the multiple participants.
3. The data collision method of claim 2, wherein the determining an intersection of the first ciphertext data of the plurality of parties comprises:
running a data collision program in the safety chip to perform collision comparison on the first ciphertext data of the multiple participants;
and acquiring a collision comparison result output by the safety chip, and determining the intersection of the first ciphertext data of the multiple participants according to the collision comparison result.
4. The data collision method according to claim 1, wherein the obtaining second ciphertext data and the first key of the plurality of participants comprises:
acquiring a data collision application request sent by a target participant, wherein the data collision application request comprises a plurality of other participants applying for participating in data collision;
sending authorization application information to each of the other participants, and acquiring second ciphertext data and a first key which are sent by each of the other participants based on the authorization application information;
and acquiring second ciphertext data and a first key of the target party from the data collision application request.
5. The data collision method of claim 4, further comprising:
and sending the intersection to the target party so that the target party inputs the intersection into a security chip for decryption and obtains a sensitive data plaintext corresponding to the intersection.
6. The data collision method according to any one of claims 1 to 5, characterized in that the first encryption algorithm is a deterministic encryption algorithm comprising: MD5 algorithm, SM3 algorithm, SHA256 algorithm, or HMAC algorithm;
the second encryption algorithm is a format preserving encryption algorithm, and the second encryption algorithm comprises: the FF1 algorithm or the FF3-1 algorithm.
7. A data collision method, comprising:
acquiring a sensitive data plaintext, a first key and a second key, wherein the first key is different from the second key;
encrypting the sensitive data plaintext according to a first encryption algorithm to obtain first ciphertext data;
encrypting the first ciphertext data according to a second encryption algorithm and the first key to obtain second ciphertext data, wherein the first encryption algorithm is different from the second encryption algorithm;
encrypting the mapping relation between the sensitive data plaintext and the second ciphertext data according to a third encryption algorithm and the second key to obtain mapping relation ciphertext data;
sending the second ciphertext data and the first key to data collision equipment, so that the data collision equipment decrypts the corresponding second ciphertext data according to the second encryption algorithm and the first key of each participant to obtain first ciphertext data of a plurality of participants, and determines an intersection of the first ciphertext data of the plurality of participants;
acquiring the intersection sent by the data collision equipment, and encrypting the intersection according to the second encryption algorithm and the first key;
decrypting the mapping relation ciphertext data according to the third encryption algorithm and the second key to obtain a mapping relation plaintext between the sensitive data plaintext and the second ciphertext data;
and acquiring corresponding sensitive data plaintext from the mapping relation plaintext according to the encrypted intersection.
8. A data collision device, characterized in that the data collision device comprises:
the acquisition module is used for acquiring second ciphertext data and first keys of a plurality of participants, wherein the participants encrypt sensitive data plaintext according to a first encryption algorithm to obtain first ciphertext data, and encrypt the first ciphertext data according to a second encryption algorithm and the first keys to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
the data collision module is used for decrypting the second ciphertext data corresponding to each participant according to the second encryption algorithm and the first key corresponding to each participant to obtain the first ciphertext data of the multiple participants;
the data collision module is further configured to determine an intersection of first ciphertext data of the multiple parties, and send the intersection to each party, where the party encrypts the intersection based on the second encryption algorithm and the first key, decrypts mapping-relation ciphertext data according to a third encryption algorithm and a second key, and obtains a mapping-relation plaintext between the second ciphertext data and a sensitive-data plaintext, and the party obtains a corresponding sensitive-data plaintext from the mapping-relation plaintext according to the encrypted intersection.
9. A computer arrangement, characterized in that the computer arrangement comprises a processor, a memory, and a computer program stored on the memory and executable by the processor, wherein the computer program, when executed by the processor, carries out the steps of the data collision method according to any one of claims 1 to 7.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, wherein the computer program, when being executed by a processor, carries out the steps of the data collision method according to any one of claims 1 to 7.
CN202110414455.8A 2021-04-16 2021-04-16 Data collision method, device, equipment and computer readable storage medium Active CN112953974B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110414455.8A CN112953974B (en) 2021-04-16 2021-04-16 Data collision method, device, equipment and computer readable storage medium
PCT/CN2021/097417 WO2022217714A1 (en) 2021-04-16 2021-05-31 Data collision method, apparatus and device, and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110414455.8A CN112953974B (en) 2021-04-16 2021-04-16 Data collision method, device, equipment and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN112953974A CN112953974A (en) 2021-06-11
CN112953974B true CN112953974B (en) 2022-06-10

Family

ID=76232968

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110414455.8A Active CN112953974B (en) 2021-04-16 2021-04-16 Data collision method, device, equipment and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN112953974B (en)
WO (1) WO2022217714A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113259106B (en) * 2021-06-28 2021-09-24 华控清交信息科技(北京)有限公司 Data processing method and system
CN114095157B (en) * 2021-10-29 2023-10-24 上海浦东发展银行股份有限公司 Key management method, key management device, computer equipment and readable storage medium
CN115860017B (en) * 2023-02-14 2023-07-14 紫光同芯微电子有限公司 Data processing method and related device
CN118094628B (en) * 2024-03-13 2024-08-16 国网河南省电力公司经济技术研究院 Multi-main-body data cross-domain secure interaction system based on encryption algorithm

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110637301B (en) * 2017-05-18 2024-02-02 维萨国际服务协会 Reducing disclosure of sensitive data in virtual machines
EP3883177B1 (en) * 2017-05-30 2022-07-27 BE-Invest International SA General data protection method for multicentric sensitive data storage and sharing
CN109933995B (en) * 2019-01-31 2023-04-07 广州中国科学院软件应用技术研究所 User sensitive data protection and system based on cloud service and block chain
CN111555880B (en) * 2019-02-12 2023-05-30 北京京东尚科信息技术有限公司 Data collision method and device, storage medium and electronic equipment
CN110061845A (en) * 2019-03-14 2019-07-26 深圳壹账通智能科技有限公司 Block chain data ciphering method, device, computer equipment and storage medium
CN111177762B (en) * 2019-12-30 2022-11-08 北京同邦卓益科技有限公司 Data processing method, device, server and federal learning system
CN111416702B (en) * 2020-03-09 2023-09-12 上海数据交易中心有限公司 Data transmission method, data transmission system and computer readable storage medium
CN111552736A (en) * 2020-03-30 2020-08-18 深圳壹账通智能科技有限公司 Method, device and storage medium for comparing peer-to-peer relationship of encrypted data

Also Published As

Publication number Publication date
WO2022217714A1 (en) 2022-10-20
CN112953974A (en) 2021-06-11

Similar Documents

Publication Publication Date Title
CN112953974B (en) Data collision method, device, equipment and computer readable storage medium
US9609024B2 (en) Method and system for policy based authentication
CN110457945B (en) List query method, query party device, service party device and storage medium
CN110100422B (en) Data writing method and device based on block chain intelligent contract and storage medium
CN107078899B (en) Method of obfuscating data
US10887085B2 (en) System and method for controlling usage of cryptographic keys
Louk et al. Homomorphic encryption in mobile multi cloud computing
CN107948152A (en) Information storage means, acquisition methods, device and equipment
CN111294203B (en) Information transmission method
CN114124343B (en) Risk scoring information query method, device, system and equipment for protecting privacy
WO2021218278A1 (en) Method for processing data, and computing device
CN111917711B (en) Data access method and device, computer equipment and storage medium
NL2033981B1 (en) Method for encrypting and decrypting data across domains based on privacy computing
WO2021114885A1 (en) Sensitive information protection method and apparatus, computer device, and storage medium
CN111666558B (en) Key rotation method, device, computer equipment and storage medium
CN111008400A (en) Data processing method, device and system
CN112699390B (en) Data processing method, device, electronic equipment, storage medium and program product
Kaushik et al. Secure cloud data using hybrid cryptographic scheme
Reedy et al. A Secure Framework for Ensuring EHR's Integrity Using Fine-Grained Auditing and CP-ABE
CN114357472B (en) Data tagging method, system, electronic device and readable storage medium
CN115412365A (en) Data privacy protection method based on multilayer encryption
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium
Malik et al. Cloud computing security improvement using Diffie Hellman and AES
CN105515760A (en) Information encryption method, information decryption method and information encryption and decryption system
CN116599647B (en) Information processing method, service node, blockchain network, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant