CN113515538A - Private data query and early warning method among organizations based on multi-party security calculation - Google Patents

Private data query and early warning method among organizations based on multi-party security calculation Download PDF

Info

Publication number
CN113515538A
CN113515538A CN202110635248.5A CN202110635248A CN113515538A CN 113515538 A CN113515538 A CN 113515538A CN 202110635248 A CN202110635248 A CN 202110635248A CN 113515538 A CN113515538 A CN 113515538A
Authority
CN
China
Prior art keywords
data
network identity
encryption
prime number
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110635248.5A
Other languages
Chinese (zh)
Other versions
CN113515538B (en
Inventor
甘立威
沈星
王萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan XW Bank Co Ltd
Original Assignee
Sichuan XW Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan XW Bank Co Ltd filed Critical Sichuan XW Bank Co Ltd
Priority to CN202110635248.5A priority Critical patent/CN113515538B/en
Publication of CN113515538A publication Critical patent/CN113515538A/en
Application granted granted Critical
Publication of CN113515538B publication Critical patent/CN113515538B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to the technical field of data query, and particularly relates to an inter-organization private data query and early warning method based on multi-party security calculation, which is specifically described as follows: the mechanism A aligns data with the mechanism B through a DH-PSI protocol; in the process, a mechanism A and a mechanism B store a certain amount of intermediate results for subsequent DH-EK; after successful alignment, the mechanism B directly generates a symmetric key and a semi-key by using the intermediate result; the mechanism B utilizes the aligned data to search to obtain result data, encrypts the result data and sends the ciphertext and the semi-secret key to the mechanism A; the mechanism A combines the intermediate result and the half secret key to obtain a symmetric secret key, and decrypts the ciphertext to obtain a result plaintext; the alignment result is used as the seed of DH-EK, and the result is known to both requesting parties without exchange, so that a third party cannot steal data through a monitoring and man-in-the-middle attacking means. For the two requesting parties, the information that the non-matching succeeds cannot be decrypted, so that the semi-honest partners cannot obtain more data.

Description

Private data query and early warning method among organizations based on multi-party security calculation
Technical Field
The invention belongs to the technical field of data query and data cryptography, and particularly relates to an inter-organization private data query and early warning method based on multi-party security calculation.
Background
At present, the following three technical schemes are generally adopted in the field of wind control to ensure the safety of information data.
The first is to acquire data from the pedestrian through the pedestrian individual credit report. The method can ensure the safety of information data, but the reporting period exceeds 12 hours, which is not enough to provide sufficient protection for frequently crediting and lending among a plurality of institutions within a short time (generally, the time interval is less than 1 hour) in the internet financial environment.
The second is to symmetrically encrypt the abstract and the information data by means of symmetric encryption, special line and the like, and to perform intersection after exchange. The method has the risks of man-in-the-middle attack, library collision and the like, can perform certain protection by regularly exchanging certificate signatures and the like, but cannot defend a semi-honest calculation model, and has higher safety risk.
The third method is to use privacy set intersection + RSA to transmit AES key, which allows two parties holding respective sets to jointly compute the intersection operation of two sets, and at the end of protocol interaction, one or both parties should get the correct intersection and not get any information in the other set except the intersection. Malicious behavior of the participants can also be resisted if a PSI scheme based on inadvertent transmission is used. But securing the information data in this manner may be subject to man-in-the-middle attacks.
Disclosure of Invention
The invention provides an inter-organization private data query and early warning method based on multi-party security calculation, which aims to solve the problem that private data query in the prior art is easy to be attacked by a man-in-the-middle.
In order to achieve the purpose, the invention provides the following technical scheme:
a private data query and early warning method between organizations based on multi-party security calculation comprises a requester and a data holder which carry out privacy set intersection on user information based on a DH-PSI protocol, and the requester and the data holder carry out secret key exchange based on a DH-EK protocol; the requester generates a filter based on the network identity of the user information, and the data holder can acquire matching data based on the filter;
the method comprises the following steps:
step 1: the requester constructs and obtains a network identity according to personal information of a user X, generates a filter according to the network identity, performs a first encryption operation on the network identity, packages the encrypted network identity, a random prime number public key and the filter to form initial request data, and sends the initial request data to a data holder;
step 2: the data holder analyzes the initial request data to obtain an encrypted network identity and a filter, local data of the data holder is filtered based on the filter to obtain initial matching data, the initial matching data is encrypted for the first time, and the network identity is encrypted for the second time; packaging the encrypted initial matching data and the network identity after the secondary encryption operation to form matching data; and sending the matching data to the requesting party;
and step 3: the requester analyzes the matched data to obtain a network identity after secondary encryption and initial matched data after primary encryption; performing secondary encryption operation on the primary encrypted matching data; matching the initial matching data after the secondary encryption by the network identity after the secondary encryption to obtain the position information of the network identity after the secondary encryption in the initial matching data after the secondary encryption; sending the position information to a data holder;
and 4, step 4: the data holder retrieves the initial matching data based on the position information to obtain data which is defined in the initial request data by the requester and is required to be inquired, namely the data is corresponding data; the data requesting party constructs a symmetric key and a symmetric half key according to the initial request data in the step 2; symmetric encryption operation is carried out on corresponding data; sending the encrypted corresponding data and the symmetric half secret key to a requesting party; generating and recording corresponding early warning information;
and 5: the requesting party carries out encryption operation on the symmetric semi-secret key to obtain a symmetric secret key; decrypting the corresponding data encrypted by using the symmetric secret key to obtain data information required by the requester; and updates the local data based on the decrypted corresponding data.
The matching data comprises serial numbers, network identity marks after secondary encryption and initial matching data after primary encryption.
The initial request data in step 1 further includes a random prime number public key P and a serial number lid.
The corresponding data in step 4 includes a network identity and user-related data information (hereinafter referred to as user-related data information) corresponding to the network identity;
preferably, the method for encrypting the network identity for the first time in step 1 is as follows: the requesting party generates a random prime number public key P and a random prime number private key a and carries out encryption operation based on the random prime number public key P and the random prime number private key a.
Preferably, the network identity identifier in step 1 is constructed in the following manner: firstly, abstracting personal information of a user by adopting a sha-256 abstraction algorithm to obtain a network identity; and then extracting the first three bits of the network identity to generate a filter.
Preferably, the encryption operation for the initial matching data in step 2 is as follows: a data holder generates a random private key b and carries out encryption operation based on the random private key b and a random prime number public key P in initial request data;
the operation of carrying out secondary encryption on the network identity identifier is as follows: and performing encryption operation based on the random private key b generated by the data holder and the random prime number public key P in the initial request data.
Preferably, the operation of the requester performing secondary encryption on the initial matching data in step 3 is as follows: and the requester carries out secondary encryption operation on the primary encrypted initial matching data based on the random prime number private key a and the random prime number public key P.
The encryption operation on the corresponding data described in step 4 is as follows: a data holder generates a random prime number private key q, encrypts the once-encrypted network identity obtained in the step 2 to obtain an AES (advanced encryption standard) private key, and encrypts user-related data information by an AES encryption method; and extracting the user network identity in the user related data, and encrypting the network identity once based on the generated random prime number private key q and the random prime number public key P obtained in the step 2.
The specific encryption and decryption operations in step 5 are as follows: firstly, carrying out secondary encryption on the network identity identifier subjected to primary encryption in the step 4 based on the random prime number private key a and the random prime number public key P generated in the step 1 to obtain an AES (advanced encryption Standard) secret key; and decrypting the network identity identifier and the user related data after the secondary encryption by adopting the AES secret key.
The name of the invention refers to 'multi-party safety calculation', so that the data holders of the invention are multiple, and therefore, a data request party may request multiple data holders to check whether the related data of a certain user exists or not, and judge the user condition based on the related data so as to provide early warning information.
For example, if there is information that a user transacts a credit card among a plurality of data holders and there are a plurality of non-payment records, the requester can be provided with warning information by data information inquired from the plurality of data holders.
Compared with the prior art, the invention has the beneficial effects that:
1. the invention achieves the effect of immune man-in-the-middle attack for the following reasons: the man-in-the-middle is an indirect intrusion attack mode, and a computer controlled by an intruder is virtually placed between two communication computers connected with a network through various technical means, and the computer is called as a man-in-the-middle; even if the middleman replaces the once-encrypted network identity between the step 1 and the step 2, the replaced network identity cannot be matched with correct data, so that the middleman cannot acquire correct data information by adopting the method; if the network identity after the primary encryption is not replaced by the intermediary, the intermediary cannot decrypt the encrypted network identity and the user-related data information because the intermediary does not know the random prime number private key a, and therefore the intermediary cannot obtain the data information mutually transmitted between the requester and the data holder through the method; therefore, the invention effectively avoids the attack of the man-in-the-middle through the mode.
2. According to the invention, the filter is arranged, and only the first three bits of the network identity are intercepted, so that when the data holder retrieves the corresponding initial request data based on the first three bits of the network identity, the initial request data comprises the network identities of a plurality of users, and therefore, the data holder does not know which user related information the requester specifically needs to query, and the security of the privacy data of specific users is ensured; and by arranging the filter, the calculation scale is reduced, so that the whole system has enough throughput under the gigabit internet.
3. The invention adopts the combination of DH-PSI and DH-EK protocols to inquire data, and because the DH-PSI and the DH-EK protocols have certain similarity, intermediate results can be shared, thereby reducing the data transmission times and the waiting delay.
Drawings
FIG. 1 is a schematic flow diagram of the present invention;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention is explained in detail with reference to the attached figure 1;
the organization A is a requester, and the organization B is a data holder;
query _ info is initial request data; lid is the serial number;
the filter is a filter; eid is the network identity of user X; eid' is the network identity which is encrypted once;
step 1: the mechanism A performs abstract extraction on the personal information of the user X by using a data abstract algorithm to obtain eid; the mechanism A intercepts the eid, and the first three positions are taken to obtain the filter; machine for workingThe structure A generates a lid, a random prime number public key P and a random prime number private key a; and encrypting the eid based on the generated random prime number public key P and the random prime number private key a: eid (old age)amod P, to give eid'; packing the eid', the lid, the filter and the random prime number public key P to obtain query _ info; sending the query _ info to a mechanism B;
step 2: the mechanism B analyzes the query _ info to obtain eid', lid, filter and a random prime number public key P; the mechanism B generates a random prime number private key B; the mechanism B filters local data of the mechanism B through the filter field to obtain an initial matching data set S, and the mechanism B extracts the initial matching data set S to obtain S-(ii) a Mechanism B is based on random prime number public key P and random prime number private key B to S-And (3) carrying out encryption operation: s- bmod P, to give S'; the mechanism B carries out encryption operation on the eid' based on the random prime number public key P and the random prime number private key B: eid'bmod P, get eid "; the mechanism B packages the lid, the eid and the S' to obtain matched data resp; mechanism B sends match data resp to mechanism a.
The mechanism B filters the local data of the mechanism B through the filter field, so as to filter out the data except eid; that is, only the network identification of the user is reserved, and the rest data is filtered by the filter.
And the mechanism B extracts the preliminary matching data set S, wherein the extracted data is the same data as the first three bits of the network identity in the preliminary matching data set S and the data in the filter.
Said S-Representing initial matching data, wherein S' is the initial matching data after primary encryption; resp is matching data; eid "is the initial match data after the second encryption.
And step 3: the mechanism A analyzes the matching data resp to obtain lid, eid and S'; the organization A encrypts S' based on the random prime number public key P and the random prime number private key a generated in the step 1: s'amod P, yielding S "; the mechanism A matches the S through the eid to obtain the position information index of the eid in the S; organization A sends index and lid to organization B.
The location information index is the location of the user data information that the organization A wants to inquire in the initial matching data S;
s' is initial matching data after secondary encryption; eid "is the network identity after the second encryption.
The following description of the mechanism a matching S "by eid" to obtain eid "position information index in S" is as follows:
it can be seen that the first encryption of S is: s- bmod P; the second encryption is: s'amod P;
The first encryption of eid is: eid (old age)amod P; the second encryption is: eid'bmod P;
Herein use eidab=eidbaAccording to the principle of (1), the conclusion that if the ciphertext is equal, the corresponding plaintext is equal is obtained, so that the position information can be directly obtained without decryption.
And 4, step 4: the mechanism B uses the position information index to search in the matched data resp to obtain corresponding data date; the mechanism B records the request of the mechanism A to obtain the final result data of the mechanism Bcur(ii) a The mechanism B passes the position information index and the final result datacurUpdating the local data; the mechanism B generates a random prime number private key q; the mechanism B encrypts the eid' to obtain an AES secret key eidE(ii) a Mechanism B uses eid for dataEPerforming AES encryption to obtain dataB(ii) a The mechanism B extracts the data to obtain eid; and the mechanism B performs encryption operation on the eid: eid (old age)qmod P to get the half-key eidB(ii) a Organization B pair dataBAnd eidBPackaging to obtain dataE(ii) a Organization B will dataESending to the mechanism A;
in step 4, the mechanism B encrypts the eid'; the mechanism B encrypts the eid' analyzed in the step 2;
in step 4, the mechanism B passes through the position information index and the final result datacurUpdating the local data; namely the early warning information;
the dataBCorresponding data after AES encryption; the data is corresponding data;
and 5: mechanism A pair dataEAnalyzing to obtain dataBAnd eidB(ii) a Mechanism A to eidBAnd (3) carrying out encryption operation: eid (old age)B amod P to get the AES key eidE(ii) a Mechanism A uses eidEFor dataBAnd carrying out AES decryption to obtain a final result data. And the mechanism A updates the local data set through the eid and the data.
The following illustrates preferred embodiments of the invention;
all steps corresponding to step 1 above:
and the mechanism A takes the eid value of the user X as follows: (Using the sha-256 digest algorithm)
1D841BC0EE98309CB7916670B7F0FDEF5F4C35150711A41405EF3633B56322CF;
At this time, the value of the filter is as follows: 1D 8;
taking the serial number lid as follows: query 10010001;
taking the public key P as: 88F924EECEEDA7FE92E1F5 AF;
taking the private key a as: 980553F0DB2FD09DE3C 7;
then: eid' ═ 5CB08B556564AF4896E6C8F 3;
Figure BDA0003105411640000051
Figure BDA0003105411640000061
the mechanism A sends the query _ info to the mechanism B;
corresponding to the step 2:
the mechanism B takes the private key B as: 1C80FFBD2918F71D9AB 59;
if the local data set of organization B is:
Figure BDA0003105411640000062
Figure BDA0003105411640000063
Figure BDA0003105411640000071
the mechanism B sends the matching data resp to the mechanism A;
corresponding to the step 3:
Figure BDA0003105411640000072
the index takes the values as follows: [0]
the mechanism A sends the lid in the step 1 and the position information index in the step 5 to the mechanism B;
corresponding to the step 4: the data takes the value of [ D1 ];
datacurthe values are as follows: [ D1] recording information about the request according to the specific requirements of the service]
The updated data set for organization B is:
Figure BDA0003105411640000073
all steps corresponding to step 10 above:
Figure BDA0003105411640000081
organization B will dataESending to the mechanism A;
corresponding to the step 5: eid calculated by mechanism AEThe values are as follows: 2B8EEC8FC74AE55E17B2B876, the same as mechanism B.
The data value obtained by the mechanism A decryption is as follows: [D1]
and the mechanism A updates the local data set through the eid and the data.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.

Claims (7)

1. A private data query and early warning method between organizations based on multi-party security calculation is characterized in that: the system comprises a requester and a data holder which carry out privacy set intersection on user information based on a DH-PSI protocol, wherein the requester and the data holder carry out secret key exchange based on a DH-EK protocol; the requester generates a filter based on the network identity of the user information, and the data holder can acquire matching data based on the filter;
the method comprises the following steps:
step 1: the requester constructs and obtains a network identity according to personal information of a user X, generates a filter according to the network identity, performs a first encryption operation on the network identity, packages the encrypted network identity, a random prime number public key and the filter to form initial request data, and sends the initial request data to a data holder;
step 2: the data holder analyzes the initial request data to obtain an encrypted network identity and a filter, local data of the data holder is filtered based on the filter to obtain initial matching data, the initial matching data is encrypted for the first time, and the network identity is encrypted for the second time; packaging the encrypted initial matching data and the network identity after the secondary encryption operation to form matching data; and sending the matching data to the requesting party;
and step 3: the requester analyzes the matched data to obtain a network identity after secondary encryption and initial matched data after primary encryption; performing secondary encryption operation on the primary encrypted matching data; matching the initial matching data after the secondary encryption by the network identity after the secondary encryption to obtain the position information of the network identity after the secondary encryption in the initial matching data after the secondary encryption; sending the position information to a data holder;
and 4, step 4: the data holder retrieves the initial matching data based on the position information to obtain data which is defined in the initial request data by the requester and is required to be inquired, namely the data is corresponding data; the data requesting party constructs a symmetric key and a symmetric half key according to the initial request data in the step 2; symmetric encryption operation is carried out on corresponding data; sending the encrypted corresponding data and the symmetric half secret key to a requesting party; generating and recording corresponding early warning information;
and 5: the requesting party carries out encryption operation on the symmetric semi-secret key to obtain a symmetric secret key; decrypting the corresponding data encrypted by using the symmetric secret key to obtain data information required by the requester; updating local data based on the decrypted corresponding data;
the initial request data in the step 1 further comprises a random prime number public key P and a serial number lid;
the matching data comprises serial numbers, network identity marks after secondary encryption and initial matching data after primary encryption;
the corresponding data in step 4 includes the network identification and the user related data information corresponding to the network identification.
2. The method for private data query and early warning among organizations based on multi-party security computing as claimed in claim 1, wherein: the method for encrypting the network identity for the first time in the step 1 is as follows: the requesting party generates a random prime number public key P and a random prime number private key a and carries out encryption operation based on the random prime number public key P and the random prime number private key a.
3. The method for private data query and early warning among organizations based on multi-party security computing as claimed in claim 2, wherein: the primary encryption operation on the initial matching data in the step 2 is as follows: a data holder generates a random private key b and carries out encryption operation based on the random private key b and a random prime number public key P in initial request data;
the operation of carrying out secondary encryption on the network identity identifier is as follows: and performing encryption operation based on the random private key b generated by the data holder and the random prime number public key P in the initial request data.
4. The method for private data query and early warning among organizations based on multi-party security computing as claimed in claim 3, wherein: the operation of the requester for performing secondary encryption on the initial matching data in step 3 is as follows: and the requester carries out secondary encryption operation on the primary encrypted initial matching data based on the random prime number private key a and the random prime number public key P.
5. The method for private data query and early warning among organizations based on multi-party security computing as claimed in claim 4, wherein: the encryption operation on the corresponding data described in step 4 is as follows: a data holder generates a random prime number private key q, encrypts the once-encrypted network identity obtained in the step 2 to obtain an AES (advanced encryption standard) private key, and encrypts user-related data information by an AES encryption method; and extracting the user network identity in the user related data, and encrypting the network identity once based on the generated random prime number private key q and the random prime number public key P obtained in the step 2.
6. The method for private data query and early warning among organizations based on multi-party security computing as claimed in claim 5, wherein: the specific encryption and decryption operations in step 5 are as follows: firstly, carrying out secondary encryption on the network identity identifier subjected to primary encryption in the step 4 based on the random prime number private key a and the random prime number public key P generated in the step 1 to obtain an AES (advanced encryption Standard) secret key; and decrypting the network identity identifier and the user related data after the secondary encryption by adopting the AES secret key.
7. The method for querying and early warning private data among organizations based on multi-party security computing as claimed in any one of claims 1 to 6, wherein: the network identity identifier in step 1 is constructed in the following manner: firstly, abstracting personal information of a user by adopting a sha-256 abstraction algorithm to obtain a network identity; and then extracting the first three bits of the network identity to generate a filter.
CN202110635248.5A 2021-06-08 2021-06-08 Inter-institution privacy data query and early warning method based on multiparty security calculation Active CN113515538B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110635248.5A CN113515538B (en) 2021-06-08 2021-06-08 Inter-institution privacy data query and early warning method based on multiparty security calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110635248.5A CN113515538B (en) 2021-06-08 2021-06-08 Inter-institution privacy data query and early warning method based on multiparty security calculation

Publications (2)

Publication Number Publication Date
CN113515538A true CN113515538A (en) 2021-10-19
CN113515538B CN113515538B (en) 2023-07-07

Family

ID=78065555

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110635248.5A Active CN113515538B (en) 2021-06-08 2021-06-08 Inter-institution privacy data query and early warning method based on multiparty security calculation

Country Status (1)

Country Link
CN (1) CN113515538B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115062347A (en) * 2022-08-17 2022-09-16 四川新网银行股份有限公司 Data privacy safety sharing method and system for guaranteeing data value accuracy

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130010950A1 (en) * 2011-07-08 2013-01-10 Sap Ag Public-Key Encrypted Bloom Filters With Applications To Private Set Intersection
US20140211943A1 (en) * 2012-12-05 2014-07-31 Inha-Industry Partnership Institute Proxy signature scheme
CN107689947A (en) * 2016-08-05 2018-02-13 华为国际有限公司 A kind of method and apparatus of data processing
US20190089546A1 (en) * 2016-03-29 2019-03-21 Koninklijke Philips N.V. System and method for distribution of identity based key material and certificate
CN109951443A (en) * 2019-01-28 2019-06-28 湖北工业大学 The set intersection calculation method and system of secret protection under a kind of cloud environment
CN110622165A (en) * 2018-04-19 2019-12-27 谷歌有限责任公司 Security measures for determining privacy set intersections
CN112613077A (en) * 2021-01-22 2021-04-06 支付宝(杭州)信息技术有限公司 Privacy-protecting multi-party data processing method, device and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130010950A1 (en) * 2011-07-08 2013-01-10 Sap Ag Public-Key Encrypted Bloom Filters With Applications To Private Set Intersection
US20140211943A1 (en) * 2012-12-05 2014-07-31 Inha-Industry Partnership Institute Proxy signature scheme
US20190089546A1 (en) * 2016-03-29 2019-03-21 Koninklijke Philips N.V. System and method for distribution of identity based key material and certificate
CN107689947A (en) * 2016-08-05 2018-02-13 华为国际有限公司 A kind of method and apparatus of data processing
CN110622165A (en) * 2018-04-19 2019-12-27 谷歌有限责任公司 Security measures for determining privacy set intersections
CN109951443A (en) * 2019-01-28 2019-06-28 湖北工业大学 The set intersection calculation method and system of secret protection under a kind of cloud environment
CN112613077A (en) * 2021-01-22 2021-04-06 支付宝(杭州)信息技术有限公司 Privacy-protecting multi-party data processing method, device and system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
张恩;金刚刚;: "基于同态加密和Bloom过滤器的云外包多方隐私集合比较协议", 计算机应用, no. 08, pages 122 - 126 *
李聪;杨晓元;王绪安;: "隐私保护的可验证外包属性基解密方案", 小型微型计算机系统, no. 09, pages 107 - 111 *
薛锦: "整数环上同态加密算法及其应用研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》, no. 07, pages 138 - 40 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115062347A (en) * 2022-08-17 2022-09-16 四川新网银行股份有限公司 Data privacy safety sharing method and system for guaranteeing data value accuracy
CN115062347B (en) * 2022-08-17 2022-11-04 四川新网银行股份有限公司 Data privacy security sharing method and system for guaranteeing data value accuracy

Also Published As

Publication number Publication date
CN113515538B (en) 2023-07-07

Similar Documents

Publication Publication Date Title
CN103281377B (en) A kind of encrypt data storage and querying method of facing cloud
US9704159B2 (en) Purchase transaction system with encrypted transaction information
US10142339B2 (en) Identity authentication system, apparatus, and method, and identity authentication request apparatus
US7860243B2 (en) Public key encryption for groups
CN112313683A (en) Offline storage system and using method
CN109951453A (en) A kind of safe encryption method based on block chain
CN102082790B (en) Method and device for encryption/decryption of digital signature
JPH10274926A (en) Cipher data restoration method, key registration system and data restoration system
Hoover et al. Software smart cards via cryptographic camouflage
CN110969431A (en) Safe trusteeship method, equipment and system of block chain digital currency private key
CN112740615A (en) Multi-party computed key management
CN103378971A (en) Data encryption system and method
CN101808089A (en) Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm
CN103607273B (en) A kind of data file encipher-decipher method controlled based on time limit
CN106657002A (en) Novel crash-proof base correlation time multi-password identity authentication method
CN112738133A (en) RSA authentication method
CN110008753A (en) A kind of data processing method and system in business datum Sensitive Domain
CN113515538B (en) Inter-institution privacy data query and early warning method based on multiparty security calculation
CN109787747A (en) Anti- quantum calculation multi-enciphering cloud storage method and system based on multiple unsymmetrical key ponds
Wu et al. Security Architecture for sensitive information systems
CN107733936A (en) A kind of encryption method of mobile data
CN100566239C (en) The key transmission method of multi-stage intelligent key apparatus and system
CN112035820A (en) Data analysis method used in Kerberos encryption environment
CN111447060A (en) Electronic document distribution method based on proxy re-encryption
CN112149166A (en) Unconventional password protection method and intelligent bank machine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant