CN113420049B - Data circulation method, device, electronic equipment and storage medium - Google Patents
Data circulation method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113420049B CN113420049B CN202110687615.6A CN202110687615A CN113420049B CN 113420049 B CN113420049 B CN 113420049B CN 202110687615 A CN202110687615 A CN 202110687615A CN 113420049 B CN113420049 B CN 113420049B
- Authority
- CN
- China
- Prior art keywords
- data
- source data
- encrypted
- demand
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
- G06F16/24568—Data stream processing; Continuous queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Abstract
The invention relates to the field of data processing, and discloses a data circulation method, which comprises the following steps: collecting source data of a data supplier, packaging and encrypting the source data to obtain encrypted source data, and storing the encrypted source data into a data analysis environment; receiving a demand identifier sent by a data demand party, de-identifying the demand identifier to obtain an initial demand identifier, and re-encrypting the initial demand identifier to obtain a target demand identifier; searching the encrypted source data corresponding to the target demand identifier in the data analysis environment, decrypting the searched encrypted source data and transmitting the decrypted encrypted source data to the data demand party. Furthermore, the present invention relates to blockchain techniques in which the source data may be stored. In addition, the invention also provides a data circulation device, electronic equipment and a storage medium. The invention can improve the data security during data circulation.
Description
Technical Field
The present invention relates to the field of data processing, and in particular, to a data circulation method, apparatus, electronic device, and computer readable storage medium.
Background
Data circulation refers to the action of taking data as an object between a data provider and a acquirer according to a certain circulation rule, and is commonly used in the fields of digital finance, supply chain management, digital asset transaction, and the like, such as promoting data sharing, optimizing business processes, building a trusted system, and the like.
The traditional data circulation behavior is usually realized by adopting a point-to-point (data provider to data acquirer) transmission mode, so that data ownership and data use right cannot be separated, the data is easy to leak, and the data security in the data circulation process cannot be ensured.
Disclosure of Invention
The invention provides a data circulation method, a data circulation device, an electronic device and a computer readable storage medium, and the main purpose of the invention is to improve data security during data circulation.
In order to achieve the above object, the present invention provides a data circulation method, including:
collecting source data of a data supplier, packaging and encrypting the source data to obtain encrypted source data, and storing the encrypted source data into a data analysis environment;
receiving a demand identifier sent by a data demand party, de-identifying the demand identifier to obtain an initial demand identifier, and re-encrypting the initial demand identifier to obtain a target demand identifier;
searching the encrypted source data corresponding to the target demand identifier in the data analysis environment, decrypting the searched encrypted source data and transmitting the decrypted encrypted source data to the data demand party.
Optionally, the encapsulating and encrypting the source data to obtain encrypted source data includes:
configuring an initial key of the source data, and homomorphic encrypting the initial key to obtain an encryption key;
and packaging the source data according to the encryption key to obtain encrypted source data.
Optionally, the homomorphic encryption of the initial key is performed to obtain an encryption key, which includes:
encrypting any plaintext in the initial key to obtain any encrypted plaintext of the initial key;
homomorphic encryption is carried out on any two plaintext in the initial key according to any one encrypted plaintext of the initial key, so that any two encrypted plaintext of the initial key is obtained;
and carrying out homomorphic encryption on all the plaintext in the initial key according to any two encrypted plaintext of the initial key to obtain an encrypted key of the initial key.
Optionally, storing the encrypted source data in a data analysis environment includes:
identifying whether the data supply and demand party corresponding to the encrypted source data is communicated with the network of the data analysis environment;
if the network is communicated, directly storing the encrypted source data into a data analysis environment;
if the network is not communicated, the encrypted source data is backed up to a data synchronization tool, and the encrypted source data is stored in a data analysis environment according to the data synchronization tool.
Optionally, the de-identifying the requirement identifier to obtain an initial requirement identifier includes:
and acquiring an identification field of the requirement identification, performing character string filling on the identification field to generate a filling identification field, and generating an initial requirement identification according to the filling identification field.
Optionally, the searching the encrypted source data corresponding to the target requirement identifier in the data analysis environment includes:
inquiring an encrypted source data identifier of the encrypted source data in the data analysis environment;
and matching the target demand identifier with the encrypted source data identifier, and taking the encrypted source data corresponding to the successfully matched encrypted source data identifier as the searched encrypted source data.
Optionally, the decrypting the searched encrypted source data includes:
inquiring the decryption key of the searched encrypted source data;
homomorphic decryption is carried out on the searched encrypted source data according to the decryption key, and a private key of the searched encrypted source data is obtained;
and executing decryption of the searched encrypted source data after homomorphic decryption according to the private key.
In order to solve the above-mentioned problem, the present invention also provides a data circulation device, the device comprising:
the data encryption module is used for collecting source data of a data supplier, carrying out encapsulation encryption on the source data to obtain encrypted source data, and storing the encrypted source data into a data analysis environment;
the identification re-encryption module is used for receiving a demand identification sent by a data demand party, de-identifying the demand identification to obtain an initial demand identification, and re-encrypting the initial demand identification to obtain a target demand identification;
and the data searching module is used for searching the encrypted source data corresponding to the target demand identifier from the data analysis environment, decrypting the searched encrypted source data and transmitting the decrypted encrypted source data to the data demand party.
In order to solve the above-mentioned problems, the present invention also provides an electronic apparatus including:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores a computer program executable by the at least one processor to implement the data flow method described above.
In order to solve the above-mentioned problems, the present invention also provides a computer-readable storage medium having stored therein at least one computer program that is executed by a processor in an electronic device to implement the above-mentioned data circulation method.
The embodiment of the invention firstly encrypts the source data of the data supplier and the data consumer, can ensure that the source data is not leaked in the data transmission process, improves the safety of the source data, stores the encrypted source data through a data analysis environment, can avoid the data from being directly searched by the data consumer to the data supplier and the data consumer, realizes data separation during data circulation, and improves the data safety during data circulation; secondly, the embodiment of the invention obtains the target demand identifier by de-identifying and re-encrypting the demand identifier sent by the data demand party, can avoid the data source inquiry of the demand identifier, ensure the privacy of the demand identifier, simultaneously can avoid the same data collision of different data demand parties, accords with the data compliance supervision requirement, and can generate the data identifier in the data analysis environment by combining with re-encryption, thereby realizing the data inquiry of the data demand party, and further improving the data security when the data demand party and the data supply and demand party perform data circulation.
Drawings
FIG. 1 is a flow chart of a data flow method according to an embodiment of the invention;
FIG. 2 is a schematic block diagram of a data flow device according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an internal structure of an electronic device for implementing a data circulation method according to an embodiment of the present invention;
the achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The embodiment of the application provides a data circulation method. The execution subject of the data circulation method includes, but is not limited to, at least one of a server, a terminal, and the like, which can be configured to execute the method provided in the embodiments of the present application. In other words, the data circulation method may be performed by software or hardware installed in a terminal device or a server device, and the software may be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
Referring to fig. 1, a flow chart of a data circulation method according to an embodiment of the invention is shown. In an embodiment of the present invention, the data circulation method includes:
s1, collecting source data of a data supplier, packaging and encrypting the source data to obtain encrypted source data, and storing the encrypted source data into a data analysis environment.
In the embodiment of the present invention, the data provider and the data consumer are generated based on different business scenarios, for example, for a bank personal service scenario, the data provider and the data consumer include institutions such as banks, securities, risk, life insurance, etc., and the source data includes: financial data, insurance data, and the like. Optionally, the source data is collected by accessing a background database of the data supplier.
It should be appreciated that, in the acquired source data, some missing data and repeated data exist, for example, the identity card or the mobile phone number of the user is input one or more less, so that the user information is not complete, thereby affecting the integrity of the whole data, and in order to improve the processing speed of the subsequent source data, before the embodiment of the invention encapsulates and encrypts the source data, the method further includes: and performing data cleaning on the source data to reduce the data volume of subsequent data processing.
In an alternative embodiment of the present invention, the cleaning the source data includes: performing deduplication operation on the source data, and detecting whether the deduplicated source data has a data missing value or not; if the data missing value does not exist, the source data after the duplication removal is used as the source data after the cleaning; and if the data missing value exists, filling the data missing value with data to obtain the cleaned source data.
Further, as one embodiment of the present invention, the performing a deduplication operation on the source data includes: calculating the similarity of any two data in the source data; if the similarity is not greater than the preset similarity, simultaneously reserving the two data; and if the similarity is greater than the preset similarity, deleting any one of the two data.
It should be noted that, before calculating the similarity of the source data, the embodiment of the present invention further includes: and converting the source data into corresponding hash values by utilizing a hash algorithm so as to realize the calculation of the similarity of the subsequent source data.
In an alternative embodiment, the similarity of any two data in the source data is calculated by using the following method:
wherein d represents the similarity of any two data, and w 1j And w 2j Representing the hash value corresponding to any two data.
Further, as one embodiment of the present invention, the detection of the data missing value may be implemented by a detection function in a currently known data missing value detection tool, such as a missmap function detection function in an Amelia package tool.
In an alternative embodiment, said populating said data deficiency value includes: acquiring a missing position of the data missing value, presetting a filling parameter at the missing position, calculating the missing value probability of the filling parameter, and executing filling of the data missing value according to the missing position, the filling parameter and the missing value probability. Optionally, the filling of the data missing values is performed using the following formula:
wherein L (θ) represents a filled data missing value, x i Represents the missing position, θ represents the padding parameter, n represents the number of source data, p (x) i I θ) represents the missing value probability.
Further, the embodiment of the invention obtains the encrypted source data by packaging and encrypting the source data, so as to ensure that the source data is not leaked in the data transmission process and improve the safety of the source data. As an embodiment of the present invention, the performing encapsulation encryption on the source data to obtain encrypted source data includes: configuring an initial key of the source data, homomorphic encrypting the initial key to obtain an encryption key, and packaging the source data according to the encryption key to obtain encrypted source data.
The configuration of the initial key can be realized through a custom function of the source data corresponding to the data for the acquirer, for example, the initial key can be "ABC", the initial key can be understood as a numerical password set for the source data, the numerical password is used for guaranteeing that the source data is not leaked, and the encapsulation of the source data can be realized through a Software Development Kit (SDK) so as to realize that the source data is only allowed to be decrypted and checked by the corresponding data supplier.
Further, in another optional embodiment of the present invention, the homomorphic encrypting the initial key to obtain an encryption key includes: encrypting any plaintext in the initial key to obtain any encrypted plaintext of the initial key, homomorphic encrypting any two plaintext in the initial key according to any encrypted plaintext of the initial key to obtain any two encrypted plaintext of the initial key, homomorphic encrypting all plaintext in the initial key according to any two encrypted plaintext of the initial key to obtain the encrypted key of the initial key.
In an alternative embodiment, any one plaintext of the initial key is encrypted using the following formula:
C=E(M)=M e mod N;
in an alternative embodiment, any two plaintext in the initial key are homomorphic encrypted using the following formula:
in an alternative embodiment, all plaintext in the initial key is homomorphic encrypted using the following formula:
E(M 1 )*E(M 2 )*…E(M n )=E(M 1 *M 2 *…M n )
in the encryption formula, M represents any plaintext in the initial key, N represents the encrypted plaintext, mod represents the encryption function, and e represents the infinite non-round fraction.
Illustratively, the source data is a mobile phone number of a user in a bank: 15600000000, the initial key for configuring the mobile phone number is: ABC, homomorphic encryption is carried out on the ABC to generate an encryption key as follows: the encryption source data generated by the AABBCC for encapsulating the mobile phone number according to the encryption key can be AA156BB0000CC0000, wherein the encryption source data only allows decryption and viewing by banks, and other data suppliers and requesters cannot view the encryption source data.
Further, the embodiment of the invention stores the encrypted source data into the data analysis environment so as to realize the data searching of the subsequent data demand party, avoid the data searching of the data demand party directly to the data supply and demand party, realize the data separation during the data circulation and improve the data security during the data circulation. Wherein the data analysis environment is built by a data analysis tool, such as a Jupyter Notebook tool.
Further, in an alternative embodiment of the present invention, said storing said encrypted source data in a data analysis environment includes: and identifying whether a data supply and demand party corresponding to the encrypted source data is communicated with a network of the data analysis environment, if the network is communicated with the data supply and demand party, directly storing the encrypted source data into the data analysis environment, and if the network is not communicated with the data analysis environment, backing up the encrypted source data into a data synchronization tool by adopting a file encryption converter, and storing the encrypted source data into the data analysis environment according to the data synchronization tool. Wherein the data synchronization tool comprises a filesync tool.
Further, when the encrypted source data is stored in the data analysis environment, an encrypted source data identifier is generated in the data analysis environment to determine the position information of the encrypted source data in the data analysis environment, wherein the encrypted source data identifier is generated by a public key provided by a data provider corresponding to the encrypted source data, and is used for representing identity information of the encrypted source data, for example, the encrypted source data is: the AA156BB0000CC0000, which corresponds to the data supplier and the data consumer is the risk-generating mechanism, the source data identifier generated according to the public key provided by the corresponding risk-generating mechanism may be numberX, so as to indicate that the xth mobile phone number in the data analysis environment is: AA156BB0000CC0000.
Further, to ensure privacy and security of the source data, the source data may also be stored in a blockchain node.
S2, receiving a demand identifier sent by a data demand party, de-identifying the demand identifier to obtain an initial demand identifier, and re-encrypting the initial demand identifier to obtain a target demand identifier.
In the embodiment of the invention, the data demand party refers to a data user who needs to perform data query from data supply and demand parties, if the data supply and demand party is an insurance producing organization, the data demand party can be a banking organization, the demand identification is generated based on data demands of different data demand parties, if the banking organization is referred to the data demand can be a insurance purchasing situation of querying an insurance producing organization by using a mobile phone number "XXX", the corresponding demand identification can be an ID (number) of the mobile phone number. Wherein, the demand identification includes: a user ID identification and a user privacy identification, the user ID identification comprising: group client number and specialty formula client number, etc., said user privacy identification comprising: a license number (identity card, passport number, port australia certificate, military certificate), a cell phone number, an account number, a card number, a member number, UM number, an accumulation fund account number, a license plate number, a frame number, an engine number, a mailbox, a WeChat, a policy number, and the like.
Further, the embodiment of the invention obtains the initial demand identifier by de-identifying the demand identifier so as to convert the demand identifier sent by the data demand party, avoids source inquiry of the demand identifier, ensures privacy of the demand identifier, and can avoid the same data collision of different data demand parties so as to meet the data compliance supervision requirement.
As an embodiment of the present invention, the de-labeling the requirement identifier to obtain an initial requirement identifier includes: and acquiring an identification field of the requirement identification, performing character string filling on the identification field to generate a filling identification field, and generating an initial requirement identification according to the filling identification field.
In an alternative embodiment, the string population may be implemented by an MD5 algorithm, and illustratively, the requirements identify: number, obtain the filling character string of the said demand label as: * The number's padding identification field may be: number.
Further, the data source of the requirement identifier cannot be directly known after the requirement identifier is identified, so that corresponding encrypted source data cannot be directly searched in the data analysis environment according to the data source of the requirement identifier.
In an alternative embodiment, the re-encryption of the initial requirement identifier is implemented according to a public key provided by a corresponding data supplier, and the fields of the initial requirement identifier are: number, the data supplier and requester is an insurance agency, and the number is re-encrypted into number according to a public key provided by the insurance agency.
S3, searching the encrypted source data corresponding to the target demand identifier from the data analysis environment, decrypting the searched encrypted source data and transmitting the decrypted encrypted source data to the data demand party.
In an optional embodiment of the present invention, the searching the encrypted source data corresponding to the target requirement identifier in the data analysis environment includes: inquiring an encryption source data identifier of the encryption source data in the data analysis environment, matching the target demand identifier with the encryption source data identifier, and taking the encryption source data corresponding to the successfully matched encryption source data identifier as the searched encryption source data.
In an alternative embodiment, the encrypted source data identification may be queried by a query statement, such as a select query statement.
In an alternative embodiment, the target requirement identifier is matched with the encrypted source data identifier using the following formula:
wherein T (x, y) represents the matching degree of the target demand identifier and the encrypted source data identifier, and x i Representing the ith field, y in the target demand identification of the garment i Representing the i-th field in the encrypted source data identification.
It should be noted that, in the embodiment of the present invention, when the calculated matching degree is 1, it indicates that the matching between the target requirement identifier and the encrypted source data identifier is successful, and when the calculated matching degree is not 1, it indicates that the matching between the target requirement identifier and the encrypted source data identifier fails
Further, the encryption source data is encrypted through the key corresponding to the data supplier and the data consumer when stored in the data analysis environment, so that the embodiment of the invention ensures normal viewing of the data by decrypting the searched encryption source data and then transmitting the decryption source data to the data consumer.
As one embodiment of the present invention, the decrypting the searched encrypted source data includes: inquiring a decryption key of the searched encrypted source data, homomorphic decrypting the searched encrypted source data according to the decryption key to obtain a private key of the searched encrypted source data, and executing decryption of the searched encrypted source data after homomorphic decrypting according to the private key. And inquiring the data supply and demand party corresponding to the searched encrypted source data by the decryption key.
The embodiment of the invention firstly encrypts the source data of the data supplier and the data consumer, can ensure that the source data is not leaked in the data transmission process, improves the safety of the source data, stores the encrypted source data through a data analysis environment, can avoid the data from being directly searched by the data consumer to the data supplier and the data consumer, realizes data separation during data circulation, and improves the data safety during data circulation; secondly, the embodiment of the invention obtains the target demand identifier by de-identifying and re-encrypting the demand identifier sent by the data demand party, can avoid the data source inquiry of the demand identifier, ensure the privacy of the demand identifier, simultaneously can avoid the same data collision of different data demand parties, accords with the data compliance supervision requirement, and can generate the data identifier in the data analysis environment by combining with re-encryption, thereby realizing the data inquiry of the data demand party, and further improving the data security when the data demand party and the data supply and demand party perform data circulation.
As shown in fig. 2, a functional block diagram of the data flow device of the present invention is shown.
The data flow device 100 of the present invention may be installed in an electronic apparatus. Depending on the functions implemented, the data flow means may comprise a data encryption module 101, an identification re-encryption module 102 and a data lookup module 103. The module of the present invention may also be referred to as a unit, meaning a series of computer program segments capable of being executed by the processor of the electronic device and of performing fixed functions, stored in the memory of the electronic device.
In the present embodiment, the functions concerning the respective modules/units are as follows:
the data encryption module 101 is configured to collect source data of a data supplier, encapsulate and encrypt the source data to obtain encrypted source data, and store the encrypted source data in a data analysis environment;
the identifier re-encryption module 102 is configured to receive a requirement identifier sent by a data requiring party, de-identify the requirement identifier to obtain an initial requirement identifier, and re-encrypt the initial requirement identifier to obtain a target requirement identifier;
the data searching module 103 is configured to search the encrypted source data corresponding to the target requirement identifier in the data analysis environment, decrypt the searched encrypted source data, and transmit the decrypted encrypted source data to the data demander.
In detail, the modules in the data circulation device 100 in the embodiment of the present invention use the same technical means as the data circulation method described in fig. 1 and can produce the same technical effects, which are not described herein.
Fig. 3 is a schematic structural diagram of an electronic device for implementing a data circulation method according to the present invention.
The electronic device may comprise a processor 10, a memory 11, a communication bus 12 and a communication interface 13, and may further comprise a computer program, such as a data flow program, stored in the memory 11 and executable on the processor 10.
The processor 10 may be formed by an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be formed by a plurality of integrated circuits packaged with the same function or different functions, including one or more central processing units (Central Processing unit, CPU), a microprocessor, a digital processing chip, a graphics processor, a combination of various control chips, and so on. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the entire electronic device using various interfaces and lines, and executes various functions of the electronic device and processes data by running or executing programs or modules (e.g., executing a data flow program, etc.) stored in the memory 11, and calling data stored in the memory 11.
The memory 11 includes at least one type of readable storage medium including flash memory, a removable hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device, such as a mobile hard disk of the electronic device. The memory 11 may in other embodiments also be an external storage device of the electronic device, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device. The memory 11 may be used not only for storing application software installed in an electronic device and various data such as codes of a data flow program, but also for temporarily storing data that has been output or is to be output.
The communication bus 12 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable a connection communication between the memory 11 and at least one processor 10 etc.
The communication interface 13 is used for communication between the electronic device and other devices, including a network interface and a user interface. Optionally, the network interface may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), typically used to establish a communication connection between the electronic device and other electronic devices. The user interface may be a Display (Display), an input unit such as a Keyboard (Keyboard), or alternatively a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device and for displaying a visual user interface.
Fig. 3 shows only an electronic device with components, and it will be understood by those skilled in the art that the structure shown in fig. 3 is not limiting of the electronic device and may include fewer or more components than shown, or may combine certain components, or a different arrangement of components.
For example, although not shown, the electronic device may further include a power source (such as a battery) for supplying power to the respective components, and preferably, the power source may be logically connected to the at least one processor 10 through a power management device, so that functions of charge management, discharge management, power consumption management, and the like are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device may further include various sensors, bluetooth modules, wi-Fi modules, etc., which are not described herein.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The data flow program stored in the memory 11 in the electronic device is a combination of a plurality of computer programs, which when run in the processor 10, can realize:
collecting source data of a data supplier, packaging and encrypting the source data to obtain encrypted source data, and storing the encrypted source data into a data analysis environment;
receiving a demand identifier sent by a data demand party, de-identifying the demand identifier to obtain an initial demand identifier, and re-encrypting the initial demand identifier to obtain a target demand identifier;
searching the encrypted source data corresponding to the target demand identifier in the data analysis environment, decrypting the searched encrypted source data and transmitting the decrypted encrypted source data to the data demand party.
In particular, the specific implementation method of the processor 10 on the computer program may refer to the description of the relevant steps in the corresponding embodiment of fig. 1, which is not repeated herein.
Further, the electronic device integrated modules/units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a non-volatile computer readable storage medium. The computer readable storage medium may be volatile or nonvolatile. For example, the computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
The present invention also provides a computer readable storage medium storing a computer program which, when executed by a processor of an electronic device, can implement:
collecting source data of a data supplier, packaging and encrypting the source data to obtain encrypted source data, and storing the encrypted source data into a data analysis environment;
receiving a demand identifier sent by a data demand party, de-identifying the demand identifier to obtain an initial demand identifier, and re-encrypting the initial demand identifier to obtain a target demand identifier;
searching the encrypted source data corresponding to the target demand identifier in the data analysis environment, decrypting the searched encrypted source data and transmitting the decrypted encrypted source data to the data demand party.
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The Blockchain (Blockchain), which is essentially a decentralised database, is a string of data blocks that are generated by cryptographic means in association, each data block containing a batch of information of network transactions for verifying the validity of the information (anti-counterfeiting) and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the system claims can also be implemented by means of software or hardware by means of one unit or means. The terms second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.
Claims (7)
1. A method of data circulation, the method comprising:
collecting source data of a data supplier, packaging and encrypting the source data to obtain encrypted source data, and storing the encrypted source data into a data analysis environment;
receiving a demand identifier sent by a data demand party, de-identifying the demand identifier to obtain an initial demand identifier, and re-encrypting the initial demand identifier to obtain a target demand identifier, wherein the loading of encrypted source data is realized by re-encrypting the initial demand identifier to generate the same data identifier as in a data analysis environment;
searching the encryption source data corresponding to the target demand identifier from the data analysis environment, decrypting the searched encryption source data and transmitting the decryption source data to the data demand party;
the step of performing encapsulation encryption on the source data to obtain encrypted source data includes: configuring an initial key of the source data, and homomorphic encrypting the initial key to obtain an encryption key; according to the encryption key, the source data is packaged to obtain encrypted source data;
the homomorphic encryption is carried out on the initial key to obtain an encryption key, which comprises the following steps: encrypting any plaintext in the initial key to obtain any encrypted plaintext of the initial key; homomorphic encryption is carried out on any two plaintext in the initial key according to any one encrypted plaintext of the initial key, so that any two encrypted plaintext of the initial key is obtained; homomorphic encryption is carried out on all plaintext in the initial key according to any two encrypted plaintext of the initial key, so as to obtain an encrypted key of the initial key;
the de-labeling the requirement identifier to obtain an initial requirement identifier includes: and acquiring an identification field of the requirement identification, performing character string filling on the identification field to generate a filling identification field, and generating an initial requirement identification according to the filling identification field.
2. The data flow method of claim 1, wherein storing the encrypted source data in a data analysis environment comprises:
identifying whether the data supply and demand party corresponding to the encrypted source data is communicated with the network of the data analysis environment;
if the network is communicated, directly storing the encrypted source data into a data analysis environment;
if the network is not communicated, the encrypted source data is backed up to a data synchronization tool, and the encrypted source data is stored in a data analysis environment according to the data synchronization tool.
3. The data circulation method according to any one of claims 1 to 2, wherein the searching the data analysis environment for the encrypted source data corresponding to the target requirement identifier includes:
inquiring an encrypted source data identifier of the encrypted source data in the data analysis environment;
and matching the target demand identifier with the encrypted source data identifier, and taking the encrypted source data corresponding to the successfully matched encrypted source data identifier as the searched encrypted source data.
4. The data streaming method according to claim 1, wherein decrypting the searched encrypted source data comprises:
inquiring the decryption key of the searched encrypted source data;
homomorphic decryption is carried out on the searched encrypted source data according to the decryption key, and a private key of the searched encrypted source data is obtained;
and executing decryption of the searched encrypted source data after homomorphic decryption according to the private key.
5. A data flow device for implementing a data flow method according to any of claims 1 to 4, characterized in that the device comprises:
the data encryption module is used for collecting source data of a data supplier, carrying out encapsulation encryption on the source data to obtain encrypted source data, and storing the encrypted source data into a data analysis environment;
the identification re-encryption module is used for receiving a demand identification sent by a data demand party, de-identifying the demand identification to obtain an initial demand identification, and re-encrypting the initial demand identification to obtain a target demand identification;
and the data searching module is used for searching the encrypted source data corresponding to the target demand identifier from the data analysis environment, decrypting the searched encrypted source data and transmitting the decrypted encrypted source data to the data demand party.
6. An electronic device, the electronic device comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the data flow method of any one of claims 1 to 4.
7. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements a data flow method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110687615.6A CN113420049B (en) | 2021-06-21 | 2021-06-21 | Data circulation method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110687615.6A CN113420049B (en) | 2021-06-21 | 2021-06-21 | Data circulation method, device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113420049A CN113420049A (en) | 2021-09-21 |
| CN113420049B true CN113420049B (en) | 2023-06-27 |
Family
ID=77789670
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110687615.6A Active CN113420049B (en) | 2021-06-21 | 2021-06-21 | Data circulation method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113420049B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113965310B (en) * | 2021-10-18 | 2024-04-19 | 公安部第三研究所 | Method for realizing mixed privacy calculation processing based on label capable of being controlled to be de-identified |
| CN114926154B (en) * | 2022-07-20 | 2022-11-18 | 江苏华存电子科技有限公司 | Protection switching method and system for multi-scene data identification |
| CN115713334B (en) * | 2022-11-28 | 2023-06-16 | 武汉利楚商务服务有限公司 | Transaction data monitoring method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106529327A (en) * | 2016-10-08 | 2017-03-22 | 西安电子科技大学 | Data access system and method oriented to encryption database under hybrid cloud environment |
| US9729525B1 (en) * | 2015-06-29 | 2017-08-08 | EMC IP Holding Company LLC | Secure data analytics |
| CN111523139A (en) * | 2020-04-21 | 2020-08-11 | 苏州六莲科技有限公司 | Data transmission method, system and business mode thereof |
| CN111523132A (en) * | 2020-04-21 | 2020-08-11 | 国网电子商务有限公司 | Data storage and transmission method and device based on identification technology |
| CN112749412A (en) * | 2021-01-18 | 2021-05-04 | 中国民航信息网络股份有限公司 | Method, system, equipment and storage medium for processing passenger identity information |
-
2021
- 2021-06-21 CN CN202110687615.6A patent/CN113420049B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9729525B1 (en) * | 2015-06-29 | 2017-08-08 | EMC IP Holding Company LLC | Secure data analytics |
| CN106529327A (en) * | 2016-10-08 | 2017-03-22 | 西安电子科技大学 | Data access system and method oriented to encryption database under hybrid cloud environment |
| CN111523139A (en) * | 2020-04-21 | 2020-08-11 | 苏州六莲科技有限公司 | Data transmission method, system and business mode thereof |
| CN111523132A (en) * | 2020-04-21 | 2020-08-11 | 国网电子商务有限公司 | Data storage and transmission method and device based on identification technology |
| CN112749412A (en) * | 2021-01-18 | 2021-05-04 | 中国民航信息网络股份有限公司 | Method, system, equipment and storage medium for processing passenger identity information |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113420049A (en) | 2021-09-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113420049B (en) | Data circulation method, device, electronic equipment and storage medium | |
| CN110383757B (en) | System and method for secure processing of electronic identities | |
| CN108900464B (en) | Electronic device, block chain-based data processing method, and computer storage medium | |
| US10318932B2 (en) | Payment card processing system with structure preserving encryption | |
| AU2012315382B2 (en) | Differential client-side encryption of information originating from a client | |
| CN110457945B (en) | List query method, query party device, service party device and storage medium | |
| CN112804218B (en) | Block chain-based data processing method, device, equipment and storage medium | |
| WO2021003977A1 (en) | Default information query method and apparatus, and computer device and storage medium | |
| US9230133B2 (en) | Secure access for sensitive digital information | |
| CN114389889B (en) | File full life cycle management method and device based on block chain technology | |
| CN111818186B (en) | Information sharing method and system | |
| CN114826553A (en) | Cloud storage data security protection method and device based on group signature and homomorphic encryption | |
| CN113127915A (en) | Data encryption desensitization method and device, electronic equipment and storage medium | |
| CN114884697B (en) | Data encryption and decryption method and related equipment based on cryptographic algorithm | |
| CN112131593A (en) | Information-based feature encryption method, device, equipment and storage medium | |
| CN114386058A (en) | Model file encryption and decryption method and device | |
| CN113806776A (en) | Block chain-based medical archive query method and device, electronic equipment and medium | |
| CA3179201A1 (en) | Systems and methods for use in segregating data blocks to distributed storage | |
| CN107911220B (en) | Signature method, signature device and terminal equipment | |
| US20220191034A1 (en) | Technologies for trust protocol with immutable chain storage and invocation tracking | |
| CN112988888B (en) | Key management method, device, electronic equipment and storage medium | |
| CN115643090A (en) | Longitudinal federal analysis method, device, equipment and medium based on privacy retrieval | |
| CN114896611A (en) | Data processing method, processor and machine readable storage medium | |
| CN114826736A (en) | Information sharing method, device, equipment and storage medium | |
| CN110798321B (en) | Article information service method based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |