CN113127900A - Privacy computing software and hardware service mode based on homomorphic configuration encryption - Google Patents
Privacy computing software and hardware service mode based on homomorphic configuration encryption Download PDFInfo
- Publication number
- CN113127900A CN113127900A CN202110417379.6A CN202110417379A CN113127900A CN 113127900 A CN113127900 A CN 113127900A CN 202110417379 A CN202110417379 A CN 202110417379A CN 113127900 A CN113127900 A CN 113127900A
- Authority
- CN
- China
- Prior art keywords
- unit
- data
- software service
- hardware
- software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004364 calculation method Methods 0.000 claims description 19
- 230000005540 biological transmission Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000003068 static effect Effects 0.000 description 4
- 238000000034 method Methods 0.000 description 3
- 230000008520 organization Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention belongs to the field of encryption software and hardware, in particular to a privacy computation software and hardware service mode based on homomorphic configuration encryption, which aims at the problem that the existing data demand side unit can not compute the required data under the condition of receiving the ciphertext data provided by the data provider side unit without decryption, and provides the following scheme, wherein the data provider side unit comprises a plaintext data unit, a first software service unit and a first hardware equipment unit, the plaintext data unit is connected with the first software service unit, the first software service unit is connected with the first hardware equipment unit, the data demand side unit comprises a second software service unit, a second hardware equipment unit and a plaintext computation result, the second software service unit is respectively connected with the second hardware equipment unit and the plaintext computation result, according to the invention, after the data demand side unit receives the ciphertext data provided by the data provider side unit, the data demand side unit can calculate the required data under the condition that the data provider side unit does not decrypt the ciphertext data.
Description
Technical Field
The invention relates to the technical field of encryption software and hardware, in particular to a privacy computing software and hardware service mode based on homomorphic configuration encryption.
Background
Definition of privacy preserving computation: Privacy-Preserving Computing (Privacy-Preserving Computing) refers to the analysis and mining of data value under the premise of protecting Privacy information, namely the Computing of data in an encrypted and non-transparent state is realized to protect the security of the Privacy information of each participant, the Privacy-Preserving Computing is not a single-point technology but a set of technical system, and relates to numerous fields of cryptography, distributed Computing, artificial intelligence, data science and the like. Basic architecture of privacy preserving computing: in a privacy-preserving computing architecture system, three logical roles are divided: a data side, a calculation side and a result side. The data party is an organization or an individual providing data, the computing party is an organization or an individual providing computing power, the result party is an organization or an individual receiving results, and in the actual deployment of the privacy protection computing, at least two entities are required, and each entity can participate in one or more of the data party, the computing party or the result party. The risk of each link of a target privacy protection computing system of privacy protection computing is as follows: data side data static storage risk; data party data use risk of divulgence; risk of transmission of data from a data party to a computational party; the data is at risk of divulgence before calculation by a calculator; the risk of divulgence of the data after calculation by a calculator; calculating the risk of static storage of the data of the party; calculating the data use leakage risk of the party; risk of transmission of data from a computing party to a receiving party; the risk of static storage of data of the receiver; the data of the receiving party is used for disclosing the risk, the security protection technologies of data static storage and data transmission are mature in the whole life cycle protection process of the private data, such as access control, storage encryption, transmission encryption, content audit and the like, and the privacy calculation protection is focused on the privacy protection of the data calculation process and the calculation result and fills up the short boards of the privacy data protection technology stack. Value of privacy protection computation: breaking a data island, enabling original data not to be exported, enabling knowledge and value to be exported, constructing a new mode of 'data available and invisible', promoting efficient data transfer and sharing exchange, and safely meeting compliance and avoiding risks, and proving the compliance of Eisania secure multiparty calculation (correlation statistical analysis of 1000 million tax records and 60 million academic records) according to GDPR (general packet radio protocol) in the PRACTICE project of European Union, establishing a model for efficient data circulation in Europe and closing a trust gap. The privacy protection computing technology stack relies on a solid theoretical foundation and safety line certification, the balance between the rights of a data owner and the obligations of a data user is really realized from the technical perspective, and a trust foundation is constructed;
however, generally, after the demander receives the ciphertext data provided by the data provider unit, if the data provider unit does not decrypt the ciphertext data in time, the demander cannot calculate the required data in time, thereby causing influences such as slowing down the engineering progress.
Disclosure of Invention
The invention aims to solve the problem that a data demand side unit cannot calculate required data under the condition that ciphertext data provided by a data receiving and providing side unit is not decrypted in the prior art, and provides a privacy calculation software and hardware service mode based on homomorphic configuration encryption.
In order to achieve the purpose, the invention adopts the following technical scheme:
a privacy computation software and hardware service mode based on homomorphic configuration encryption comprises a data provider unit and a data demand side unit, wherein the data provider unit comprises a plaintext data unit, a first software service unit and a first hardware equipment unit, the plaintext data unit is connected with the first software service unit, the first software service unit is connected with the first hardware equipment unit, the data demand side unit comprises a second software service unit, a second hardware equipment unit and a plaintext computation result, the second software service unit is respectively connected with the second hardware equipment unit and the plaintext computation result, and the data provider unit is connected with the data demand side unit.
Preferably, the first software service unit is connected with the second software service unit.
Preferably, the first hardware device unit is connected to the second hardware device unit.
Compared with the prior art, the invention has the beneficial effects that:
according to the invention, after the data demand side unit receives the ciphertext data provided by the data provider side unit, the data demand side unit can calculate the required data under the condition that the data provider side unit does not decrypt the ciphertext data.
Drawings
FIG. 1 is a schematic flow chart of a privacy computing software and hardware service mode based on homomorphic configuration encryption according to the present invention;
fig. 2 is a schematic flowchart of a first hardware device unit and a second hardware device unit of a privacy computing software and hardware service mode based on homomorphic encryption according to the present invention.
In the figure: the system comprises a data provider unit 1, a data demander unit 2, a plaintext data unit 3, a first software service unit 4, a first hardware equipment unit 5, a second software service unit 6, a second hardware equipment unit 7, a plaintext calculation result 8, a ciphertext calculation function module 9, a ciphertext calculation result 10 and a trustable hardware equipment unit 11.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1-2, a privacy computation software and hardware service mode based on homomorphic configuration encryption includes a data provider unit 1 and a data demander unit 2, the data provider unit 1 includes a plaintext data unit 3, a first software service unit 4 and a first hardware device unit 5, the plaintext data unit 3 is connected to the first software service unit 4, the first software service unit 4 is connected to the first hardware device unit 5, the data demander unit 2 includes a second software service unit 6, a second hardware device unit 7 and a plaintext computation result 8, the second software service unit 6 is respectively connected to the second hardware device unit 7 and the plaintext computation result 8, and the data provider unit 1 is connected to the data demander unit 2.
In this embodiment, the first software service unit 4 is connected to the second software service unit 7, and the first software service unit 4 may transmit the ciphertext data to the second software service unit 7.
In this embodiment, the first hardware device unit 5 is connected to the second hardware device unit 7, and the first hardware device unit 5 may synchronize the generated key to the second hardware device unit 7.
In the invention, the data provider unit 1 and the data demander unit 2 are the starting point and the ending point in the data circulation process, the data provider unit 1 has a plaintext data unit which the data demander unit 2 wants to have, the mode solves the problem that the data demander unit 2 can calculate the required data under the condition of receiving the ciphertext data provided by the data provider unit 1 without decryption, the first hardware equipment unit 5 and the second hardware equipment unit 7 respectively expose key generation, key logout, homomorphic encryption, homomorphic decryption and key encryption derivation (namely, the homomorphic configuration key is encrypted by using the key encryption key in the hardware equipment unit and then derived), and the first software service unit 4 and the second software service unit 6 expose the self-defined function of the homomorphic configuration encryption and the ciphertext to the service systems of the data provider unit 1 and the data demander unit 2 Calculating, when the data provider unit 1 transmits data to the data provider unit 2, firstly, the plaintext data unit 3 is transmitted to the first software service unit 4, the first software service unit 4 cooperates with the first hardware device unit 5, so that the plaintext data unit 3 generates ciphertext data and generates a key, the ciphertext data is transmitted to the second software service unit 6, meanwhile, the first hardware device unit 5 synchronizes the key to the second hardware device unit 7, the second hardware device unit 7 obtains the key and cooperates with the second software service unit 6, so as to obtain a plaintext calculation result 8, and the work flow of the first hardware device unit 5 is as follows: the ciphertext calculation function module 9 receives the data, and enables the data to generate a ciphertext calculation result 10, and at the same time, dynamically generates a secret key by generating a calculation certificate, and the work flow of the second hardware device unit 7 is as follows: the ciphertext calculation function module 9 dynamically performs credential verification in the hardware device unit trusted execution environment 11 by using the synchronized key through generating a calculation credential, and finally obtains a plaintext calculation result 8.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (3)
1. A privacy computation software and hardware service mode based on homomorphic configuration encryption comprises a data provider unit (1) and a data demand side unit (2), the data providing unit (1) is characterized by comprising a plaintext data unit (3), a first software service unit (4) and a first hardware device unit (5), wherein the plaintext data unit (3) is connected with the first software service unit (4), the first software service unit (4) is connected with the first hardware device unit (5), the data demand side unit (2) comprises a second software service unit (6), a second hardware equipment unit (7) and a plaintext calculation result (8), the second software service unit (6) is respectively connected with the second hardware equipment unit (7) and the plaintext calculation result (8), and the data provider side unit (1) is connected with the data demand side unit (2).
2. The homomorphic encryption based private computing hardware and software service model according to claim 1, wherein the first software service unit (4) is connected to the second software service unit (7).
3. The private computing hardware and software service model based on homomorphic cryptography according to claim 1, wherein the first hardware device unit (5) is connected to a second hardware device unit (7).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110417379.6A CN113127900A (en) | 2021-04-19 | 2021-04-19 | Privacy computing software and hardware service mode based on homomorphic configuration encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110417379.6A CN113127900A (en) | 2021-04-19 | 2021-04-19 | Privacy computing software and hardware service mode based on homomorphic configuration encryption |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113127900A true CN113127900A (en) | 2021-07-16 |
Family
ID=76777598
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110417379.6A Pending CN113127900A (en) | 2021-04-19 | 2021-04-19 | Privacy computing software and hardware service mode based on homomorphic configuration encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113127900A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102118746A (en) * | 2009-12-31 | 2011-07-06 | 徐克林 | Mobile phone information encryption method |
| CN102238002A (en) * | 2010-04-30 | 2011-11-09 | 国际商业机器公司 | Dynamic encryption and decryption methods and equipment for network communication |
| CN109951501A (en) * | 2019-05-07 | 2019-06-28 | 山东渔翁信息技术股份有限公司 | A kind of network packet encryption method, decryption method and relevant apparatus |
| CN110708159A (en) * | 2019-08-27 | 2020-01-17 | 杭州闪捷信息科技有限公司 | Multi-data center safety data transmission method based on quantum QKD technology |
| CN111447053A (en) * | 2020-03-24 | 2020-07-24 | 重庆邮电大学 | Data secure transmission method and system based on chaotic logic mapping and RC4 stream cipher |
| CN112149166A (en) * | 2020-09-29 | 2020-12-29 | 中国银行股份有限公司 | Unconventional password protection method and intelligent bank machine |
| CN112671733A (en) * | 2020-12-16 | 2021-04-16 | 平安科技(深圳)有限公司 | Data communication method, key management system, device, and storage medium |
-
2021
- 2021-04-19 CN CN202110417379.6A patent/CN113127900A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102118746A (en) * | 2009-12-31 | 2011-07-06 | 徐克林 | Mobile phone information encryption method |
| CN102238002A (en) * | 2010-04-30 | 2011-11-09 | 国际商业机器公司 | Dynamic encryption and decryption methods and equipment for network communication |
| CN109951501A (en) * | 2019-05-07 | 2019-06-28 | 山东渔翁信息技术股份有限公司 | A kind of network packet encryption method, decryption method and relevant apparatus |
| CN110708159A (en) * | 2019-08-27 | 2020-01-17 | 杭州闪捷信息科技有限公司 | Multi-data center safety data transmission method based on quantum QKD technology |
| CN111447053A (en) * | 2020-03-24 | 2020-07-24 | 重庆邮电大学 | Data secure transmission method and system based on chaotic logic mapping and RC4 stream cipher |
| CN112149166A (en) * | 2020-09-29 | 2020-12-29 | 中国银行股份有限公司 | Unconventional password protection method and intelligent bank machine |
| CN112671733A (en) * | 2020-12-16 | 2021-04-16 | 平安科技(深圳)有限公司 | Data communication method, key management system, device, and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111475796B (en) | Anti-quantum computation identity authentication method and system based on secret sharing and quantum communication service station | |
| Tsai et al. | Secure anonymous key distribution scheme for smart grid | |
| Carlsen | Optimal privacy and authentication on a portable communications system | |
| Islam et al. | An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments | |
| CN109150517A (en) | Key security management system and method based on SGX | |
| CN105245326A (en) | Intelligent power grid safety communication method based on combination cipher | |
| Chen et al. | An authentication scheme with identity‐based cryptography for M2M security in cyber‐physical systems | |
| CA2320221A1 (en) | Secure one-way authentication communication system | |
| Seo et al. | Encryption key management for secure communication in smart advanced metering infrastructures | |
| Qian et al. | The secure lattice-based data aggregation scheme in residential networks for smart grid | |
| Sani et al. | A universally composable key exchange protocol for advanced metering infrastructure in the energy Internet | |
| CN103414559A (en) | Identity authentication method based on IBE-like system in cloud computing environment | |
| Aghapour et al. | An ultra-lightweight mutual authentication scheme for smart grid two-way communications | |
| Wu et al. | A lightweight SM2-based security authentication scheme for smart grids | |
| CN113312608A (en) | Electric power metering terminal identity authentication method and system based on timestamp | |
| CN114547677A (en) | Multi-party electric power department collaborative user privacy protection and tracing method and system | |
| CN112887095B (en) | Block chain-based data privacy protection aggregation method for smart grid secondary network | |
| Yu et al. | PUF-Based Robust and Anonymous Authentication and Key Establishment Scheme for V2G Networks | |
| CN104320249B (en) | A kind of elastoresistance leakage encryption method of identity-based | |
| Yahya et al. | On the security of an authentication scheme for smart metering infrastructure | |
| CN110048852A (en) | Quantum communications service station Signcryption method and system based on unsymmetrical key pond | |
| CN113127900A (en) | Privacy computing software and hardware service mode based on homomorphic configuration encryption | |
| CN115694922A (en) | File transmission encryption method and equipment under domestic CPU and OS | |
| Shamshad et al. | A Provably Secure and Lightweight Access Control Protocol for EI-based Vehicle to Grid Environment | |
| CN115065492A (en) | Safety aggregation method and system for power time sequence data communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210716 |