CN113515538A - Private data query and early warning method among organizations based on multi-party security calculation - Google Patents
Private data query and early warning method among organizations based on multi-party security calculation Download PDFInfo
- Publication number
- CN113515538A CN113515538A CN202110635248.5A CN202110635248A CN113515538A CN 113515538 A CN113515538 A CN 113515538A CN 202110635248 A CN202110635248 A CN 202110635248A CN 113515538 A CN113515538 A CN 113515538A
- Authority
- CN
- China
- Prior art keywords
- data
- network identity
- encryption
- prime number
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention belongs to the technical field of data query, and particularly relates to an inter-organization private data query and early warning method based on multi-party security calculation, which is specifically described as follows: the mechanism A aligns data with the mechanism B through a DH-PSI protocol; in the process, a mechanism A and a mechanism B store a certain amount of intermediate results for subsequent DH-EK; after successful alignment, the mechanism B directly generates a symmetric key and a semi-key by using the intermediate result; the mechanism B utilizes the aligned data to search to obtain result data, encrypts the result data and sends the ciphertext and the semi-secret key to the mechanism A; the mechanism A combines the intermediate result and the half secret key to obtain a symmetric secret key, and decrypts the ciphertext to obtain a result plaintext; the alignment result is used as the seed of DH-EK, and the result is known to both requesting parties without exchange, so that a third party cannot steal data through a monitoring and man-in-the-middle attacking means. For the two requesting parties, the information that the non-matching succeeds cannot be decrypted, so that the semi-honest partners cannot obtain more data.
Description
Technical Field
The invention belongs to the technical field of data query and data cryptography, and particularly relates to an inter-organization private data query and early warning method based on multi-party security calculation.
Background
At present, the following three technical schemes are generally adopted in the field of wind control to ensure the safety of information data.
The first is to acquire data from the pedestrian through the pedestrian individual credit report. The method can ensure the safety of information data, but the reporting period exceeds 12 hours, which is not enough to provide sufficient protection for frequently crediting and lending among a plurality of institutions within a short time (generally, the time interval is less than 1 hour) in the internet financial environment.
The second is to symmetrically encrypt the abstract and the information data by means of symmetric encryption, special line and the like, and to perform intersection after exchange. The method has the risks of man-in-the-middle attack, library collision and the like, can perform certain protection by regularly exchanging certificate signatures and the like, but cannot defend a semi-honest calculation model, and has higher safety risk.
The third method is to use privacy set intersection + RSA to transmit AES key, which allows two parties holding respective sets to jointly compute the intersection operation of two sets, and at the end of protocol interaction, one or both parties should get the correct intersection and not get any information in the other set except the intersection. Malicious behavior of the participants can also be resisted if a PSI scheme based on inadvertent transmission is used. But securing the information data in this manner may be subject to man-in-the-middle attacks.
Disclosure of Invention
The invention provides an inter-organization private data query and early warning method based on multi-party security calculation, which aims to solve the problem that private data query in the prior art is easy to be attacked by a man-in-the-middle.
In order to achieve the purpose, the invention provides the following technical scheme:
a private data query and early warning method between organizations based on multi-party security calculation comprises a requester and a data holder which carry out privacy set intersection on user information based on a DH-PSI protocol, and the requester and the data holder carry out secret key exchange based on a DH-EK protocol; the requester generates a filter based on the network identity of the user information, and the data holder can acquire matching data based on the filter;
the method comprises the following steps:
step 1: the requester constructs and obtains a network identity according to personal information of a user X, generates a filter according to the network identity, performs a first encryption operation on the network identity, packages the encrypted network identity, a random prime number public key and the filter to form initial request data, and sends the initial request data to a data holder;
step 2: the data holder analyzes the initial request data to obtain an encrypted network identity and a filter, local data of the data holder is filtered based on the filter to obtain initial matching data, the initial matching data is encrypted for the first time, and the network identity is encrypted for the second time; packaging the encrypted initial matching data and the network identity after the secondary encryption operation to form matching data; and sending the matching data to the requesting party;
and step 3: the requester analyzes the matched data to obtain a network identity after secondary encryption and initial matched data after primary encryption; performing secondary encryption operation on the primary encrypted matching data; matching the initial matching data after the secondary encryption by the network identity after the secondary encryption to obtain the position information of the network identity after the secondary encryption in the initial matching data after the secondary encryption; sending the position information to a data holder;
and 4, step 4: the data holder retrieves the initial matching data based on the position information to obtain data which is defined in the initial request data by the requester and is required to be inquired, namely the data is corresponding data; the data requesting party constructs a symmetric key and a symmetric half key according to the initial request data in the step 2; symmetric encryption operation is carried out on corresponding data; sending the encrypted corresponding data and the symmetric half secret key to a requesting party; generating and recording corresponding early warning information;
and 5: the requesting party carries out encryption operation on the symmetric semi-secret key to obtain a symmetric secret key; decrypting the corresponding data encrypted by using the symmetric secret key to obtain data information required by the requester; and updates the local data based on the decrypted corresponding data.
The matching data comprises serial numbers, network identity marks after secondary encryption and initial matching data after primary encryption.
The initial request data in step 1 further includes a random prime number public key P and a serial number lid.
The corresponding data in step 4 includes a network identity and user-related data information (hereinafter referred to as user-related data information) corresponding to the network identity;
preferably, the method for encrypting the network identity for the first time in step 1 is as follows: the requesting party generates a random prime number public key P and a random prime number private key a and carries out encryption operation based on the random prime number public key P and the random prime number private key a.
Preferably, the network identity identifier in step 1 is constructed in the following manner: firstly, abstracting personal information of a user by adopting a sha-256 abstraction algorithm to obtain a network identity; and then extracting the first three bits of the network identity to generate a filter.
Preferably, the encryption operation for the initial matching data in step 2 is as follows: a data holder generates a random private key b and carries out encryption operation based on the random private key b and a random prime number public key P in initial request data;
the operation of carrying out secondary encryption on the network identity identifier is as follows: and performing encryption operation based on the random private key b generated by the data holder and the random prime number public key P in the initial request data.
Preferably, the operation of the requester performing secondary encryption on the initial matching data in step 3 is as follows: and the requester carries out secondary encryption operation on the primary encrypted initial matching data based on the random prime number private key a and the random prime number public key P.
The encryption operation on the corresponding data described in step 4 is as follows: a data holder generates a random prime number private key q, encrypts the once-encrypted network identity obtained in the step 2 to obtain an AES (advanced encryption standard) private key, and encrypts user-related data information by an AES encryption method; and extracting the user network identity in the user related data, and encrypting the network identity once based on the generated random prime number private key q and the random prime number public key P obtained in the step 2.
The specific encryption and decryption operations in step 5 are as follows: firstly, carrying out secondary encryption on the network identity identifier subjected to primary encryption in the step 4 based on the random prime number private key a and the random prime number public key P generated in the step 1 to obtain an AES (advanced encryption Standard) secret key; and decrypting the network identity identifier and the user related data after the secondary encryption by adopting the AES secret key.
The name of the invention refers to 'multi-party safety calculation', so that the data holders of the invention are multiple, and therefore, a data request party may request multiple data holders to check whether the related data of a certain user exists or not, and judge the user condition based on the related data so as to provide early warning information.
For example, if there is information that a user transacts a credit card among a plurality of data holders and there are a plurality of non-payment records, the requester can be provided with warning information by data information inquired from the plurality of data holders.
Compared with the prior art, the invention has the beneficial effects that:
1. the invention achieves the effect of immune man-in-the-middle attack for the following reasons: the man-in-the-middle is an indirect intrusion attack mode, and a computer controlled by an intruder is virtually placed between two communication computers connected with a network through various technical means, and the computer is called as a man-in-the-middle; even if the middleman replaces the once-encrypted network identity between the step 1 and the step 2, the replaced network identity cannot be matched with correct data, so that the middleman cannot acquire correct data information by adopting the method; if the network identity after the primary encryption is not replaced by the intermediary, the intermediary cannot decrypt the encrypted network identity and the user-related data information because the intermediary does not know the random prime number private key a, and therefore the intermediary cannot obtain the data information mutually transmitted between the requester and the data holder through the method; therefore, the invention effectively avoids the attack of the man-in-the-middle through the mode.
2. According to the invention, the filter is arranged, and only the first three bits of the network identity are intercepted, so that when the data holder retrieves the corresponding initial request data based on the first three bits of the network identity, the initial request data comprises the network identities of a plurality of users, and therefore, the data holder does not know which user related information the requester specifically needs to query, and the security of the privacy data of specific users is ensured; and by arranging the filter, the calculation scale is reduced, so that the whole system has enough throughput under the gigabit internet.
3. The invention adopts the combination of DH-PSI and DH-EK protocols to inquire data, and because the DH-PSI and the DH-EK protocols have certain similarity, intermediate results can be shared, thereby reducing the data transmission times and the waiting delay.
Drawings
FIG. 1 is a schematic flow diagram of the present invention;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention is explained in detail with reference to the attached figure 1;
the organization A is a requester, and the organization B is a data holder;
query _ info is initial request data; lid is the serial number;
the filter is a filter; eid is the network identity of user X; eid' is the network identity which is encrypted once;
step 1: the mechanism A performs abstract extraction on the personal information of the user X by using a data abstract algorithm to obtain eid; the mechanism A intercepts the eid, and the first three positions are taken to obtain the filter; machine for workingThe structure A generates a lid, a random prime number public key P and a random prime number private key a; and encrypting the eid based on the generated random prime number public key P and the random prime number private key a: eid (old age)amod P, to give eid'; packing the eid', the lid, the filter and the random prime number public key P to obtain query _ info; sending the query _ info to a mechanism B;
step 2: the mechanism B analyzes the query _ info to obtain eid', lid, filter and a random prime number public key P; the mechanism B generates a random prime number private key B; the mechanism B filters local data of the mechanism B through the filter field to obtain an initial matching data set S, and the mechanism B extracts the initial matching data set S to obtain S-(ii) a Mechanism B is based on random prime number public key P and random prime number private key B to S-And (3) carrying out encryption operation: s- bmod P, to give S'; the mechanism B carries out encryption operation on the eid' based on the random prime number public key P and the random prime number private key B: eid'bmod P, get eid "; the mechanism B packages the lid, the eid and the S' to obtain matched data resp; mechanism B sends match data resp to mechanism a.
The mechanism B filters the local data of the mechanism B through the filter field, so as to filter out the data except eid; that is, only the network identification of the user is reserved, and the rest data is filtered by the filter.
And the mechanism B extracts the preliminary matching data set S, wherein the extracted data is the same data as the first three bits of the network identity in the preliminary matching data set S and the data in the filter.
Said S-Representing initial matching data, wherein S' is the initial matching data after primary encryption; resp is matching data; eid "is the initial match data after the second encryption.
And step 3: the mechanism A analyzes the matching data resp to obtain lid, eid and S'; the organization A encrypts S' based on the random prime number public key P and the random prime number private key a generated in the step 1: s'amod P, yielding S "; the mechanism A matches the S through the eid to obtain the position information index of the eid in the S; organization A sends index and lid to organization B.
The location information index is the location of the user data information that the organization A wants to inquire in the initial matching data S;
s' is initial matching data after secondary encryption; eid "is the network identity after the second encryption.
The following description of the mechanism a matching S "by eid" to obtain eid "position information index in S" is as follows:
it can be seen that the first encryption of S is: s- bmod P; the second encryption is: s'amod P;
The first encryption of eid is: eid (old age)amod P; the second encryption is: eid'bmod P;
Herein use eidab=eidbaAccording to the principle of (1), the conclusion that if the ciphertext is equal, the corresponding plaintext is equal is obtained, so that the position information can be directly obtained without decryption.
And 4, step 4: the mechanism B uses the position information index to search in the matched data resp to obtain corresponding data date; the mechanism B records the request of the mechanism A to obtain the final result data of the mechanism Bcur(ii) a The mechanism B passes the position information index and the final result datacurUpdating the local data; the mechanism B generates a random prime number private key q; the mechanism B encrypts the eid' to obtain an AES secret key eidE(ii) a Mechanism B uses eid for dataEPerforming AES encryption to obtain dataB(ii) a The mechanism B extracts the data to obtain eid; and the mechanism B performs encryption operation on the eid: eid (old age)qmod P to get the half-key eidB(ii) a Organization B pair dataBAnd eidBPackaging to obtain dataE(ii) a Organization B will dataESending to the mechanism A;
in step 4, the mechanism B encrypts the eid'; the mechanism B encrypts the eid' analyzed in the step 2;
in step 4, the mechanism B passes through the position information index and the final result datacurUpdating the local data; namely the early warning information;
the dataBCorresponding data after AES encryption; the data is corresponding data;
and 5: mechanism A pair dataEAnalyzing to obtain dataBAnd eidB(ii) a Mechanism A to eidBAnd (3) carrying out encryption operation: eid (old age)B amod P to get the AES key eidE(ii) a Mechanism A uses eidEFor dataBAnd carrying out AES decryption to obtain a final result data. And the mechanism A updates the local data set through the eid and the data.
The following illustrates preferred embodiments of the invention;
all steps corresponding to step 1 above:
and the mechanism A takes the eid value of the user X as follows: (Using the sha-256 digest algorithm)
1D841BC0EE98309CB7916670B7F0FDEF5F4C35150711A41405EF3633B56322CF;
At this time, the value of the filter is as follows: 1D 8;
taking the serial number lid as follows: query 10010001;
taking the public key P as: 88F924EECEEDA7FE92E1F5 AF;
taking the private key a as: 980553F0DB2FD09DE3C 7;
then: eid' ═ 5CB08B556564AF4896E6C8F 3;
the mechanism A sends the query _ info to the mechanism B;
corresponding to the step 2:
the mechanism B takes the private key B as: 1C80FFBD2918F71D9AB 59;
if the local data set of organization B is:
the mechanism B sends the matching data resp to the mechanism A;
corresponding to the step 3:
the index takes the values as follows: [0]
the mechanism A sends the lid in the step 1 and the position information index in the step 5 to the mechanism B;
corresponding to the step 4: the data takes the value of [ D1 ];
datacurthe values are as follows: [ D1] recording information about the request according to the specific requirements of the service]
The updated data set for organization B is:
all steps corresponding to step 10 above:
organization B will dataESending to the mechanism A;
corresponding to the step 5: eid calculated by mechanism AEThe values are as follows: 2B8EEC8FC74AE55E17B2B876, the same as mechanism B.
The data value obtained by the mechanism A decryption is as follows: [D1]
and the mechanism A updates the local data set through the eid and the data.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
Claims (7)
1. A private data query and early warning method between organizations based on multi-party security calculation is characterized in that: the system comprises a requester and a data holder which carry out privacy set intersection on user information based on a DH-PSI protocol, wherein the requester and the data holder carry out secret key exchange based on a DH-EK protocol; the requester generates a filter based on the network identity of the user information, and the data holder can acquire matching data based on the filter;
the method comprises the following steps:
step 1: the requester constructs and obtains a network identity according to personal information of a user X, generates a filter according to the network identity, performs a first encryption operation on the network identity, packages the encrypted network identity, a random prime number public key and the filter to form initial request data, and sends the initial request data to a data holder;
step 2: the data holder analyzes the initial request data to obtain an encrypted network identity and a filter, local data of the data holder is filtered based on the filter to obtain initial matching data, the initial matching data is encrypted for the first time, and the network identity is encrypted for the second time; packaging the encrypted initial matching data and the network identity after the secondary encryption operation to form matching data; and sending the matching data to the requesting party;
and step 3: the requester analyzes the matched data to obtain a network identity after secondary encryption and initial matched data after primary encryption; performing secondary encryption operation on the primary encrypted matching data; matching the initial matching data after the secondary encryption by the network identity after the secondary encryption to obtain the position information of the network identity after the secondary encryption in the initial matching data after the secondary encryption; sending the position information to a data holder;
and 4, step 4: the data holder retrieves the initial matching data based on the position information to obtain data which is defined in the initial request data by the requester and is required to be inquired, namely the data is corresponding data; the data requesting party constructs a symmetric key and a symmetric half key according to the initial request data in the step 2; symmetric encryption operation is carried out on corresponding data; sending the encrypted corresponding data and the symmetric half secret key to a requesting party; generating and recording corresponding early warning information;
and 5: the requesting party carries out encryption operation on the symmetric semi-secret key to obtain a symmetric secret key; decrypting the corresponding data encrypted by using the symmetric secret key to obtain data information required by the requester; updating local data based on the decrypted corresponding data;
the initial request data in the step 1 further comprises a random prime number public key P and a serial number lid;
the matching data comprises serial numbers, network identity marks after secondary encryption and initial matching data after primary encryption;
the corresponding data in step 4 includes the network identification and the user related data information corresponding to the network identification.
2. The method for private data query and early warning among organizations based on multi-party security computing as claimed in claim 1, wherein: the method for encrypting the network identity for the first time in the step 1 is as follows: the requesting party generates a random prime number public key P and a random prime number private key a and carries out encryption operation based on the random prime number public key P and the random prime number private key a.
3. The method for private data query and early warning among organizations based on multi-party security computing as claimed in claim 2, wherein: the primary encryption operation on the initial matching data in the step 2 is as follows: a data holder generates a random private key b and carries out encryption operation based on the random private key b and a random prime number public key P in initial request data;
the operation of carrying out secondary encryption on the network identity identifier is as follows: and performing encryption operation based on the random private key b generated by the data holder and the random prime number public key P in the initial request data.
4. The method for private data query and early warning among organizations based on multi-party security computing as claimed in claim 3, wherein: the operation of the requester for performing secondary encryption on the initial matching data in step 3 is as follows: and the requester carries out secondary encryption operation on the primary encrypted initial matching data based on the random prime number private key a and the random prime number public key P.
5. The method for private data query and early warning among organizations based on multi-party security computing as claimed in claim 4, wherein: the encryption operation on the corresponding data described in step 4 is as follows: a data holder generates a random prime number private key q, encrypts the once-encrypted network identity obtained in the step 2 to obtain an AES (advanced encryption standard) private key, and encrypts user-related data information by an AES encryption method; and extracting the user network identity in the user related data, and encrypting the network identity once based on the generated random prime number private key q and the random prime number public key P obtained in the step 2.
6. The method for private data query and early warning among organizations based on multi-party security computing as claimed in claim 5, wherein: the specific encryption and decryption operations in step 5 are as follows: firstly, carrying out secondary encryption on the network identity identifier subjected to primary encryption in the step 4 based on the random prime number private key a and the random prime number public key P generated in the step 1 to obtain an AES (advanced encryption Standard) secret key; and decrypting the network identity identifier and the user related data after the secondary encryption by adopting the AES secret key.
7. The method for querying and early warning private data among organizations based on multi-party security computing as claimed in any one of claims 1 to 6, wherein: the network identity identifier in step 1 is constructed in the following manner: firstly, abstracting personal information of a user by adopting a sha-256 abstraction algorithm to obtain a network identity; and then extracting the first three bits of the network identity to generate a filter.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110635248.5A CN113515538B (en) | 2021-06-08 | 2021-06-08 | Inter-institution privacy data query and early warning method based on multiparty security calculation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110635248.5A CN113515538B (en) | 2021-06-08 | 2021-06-08 | Inter-institution privacy data query and early warning method based on multiparty security calculation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113515538A true CN113515538A (en) | 2021-10-19 |
CN113515538B CN113515538B (en) | 2023-07-07 |
Family
ID=78065555
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110635248.5A Active CN113515538B (en) | 2021-06-08 | 2021-06-08 | Inter-institution privacy data query and early warning method based on multiparty security calculation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113515538B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115062347A (en) * | 2022-08-17 | 2022-09-16 | 四川新网银行股份有限公司 | Data privacy safety sharing method and system for guaranteeing data value accuracy |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130010950A1 (en) * | 2011-07-08 | 2013-01-10 | Sap Ag | Public-Key Encrypted Bloom Filters With Applications To Private Set Intersection |
US20140211943A1 (en) * | 2012-12-05 | 2014-07-31 | Inha-Industry Partnership Institute | Proxy signature scheme |
CN107689947A (en) * | 2016-08-05 | 2018-02-13 | 华为国际有限公司 | A kind of method and apparatus of data processing |
US20190089546A1 (en) * | 2016-03-29 | 2019-03-21 | Koninklijke Philips N.V. | System and method for distribution of identity based key material and certificate |
CN109951443A (en) * | 2019-01-28 | 2019-06-28 | 湖北工业大学 | The set intersection calculation method and system of secret protection under a kind of cloud environment |
CN110622165A (en) * | 2018-04-19 | 2019-12-27 | 谷歌有限责任公司 | Security measures for determining privacy set intersections |
CN112613077A (en) * | 2021-01-22 | 2021-04-06 | 支付宝(杭州)信息技术有限公司 | Privacy-protecting multi-party data processing method, device and system |
-
2021
- 2021-06-08 CN CN202110635248.5A patent/CN113515538B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130010950A1 (en) * | 2011-07-08 | 2013-01-10 | Sap Ag | Public-Key Encrypted Bloom Filters With Applications To Private Set Intersection |
US20140211943A1 (en) * | 2012-12-05 | 2014-07-31 | Inha-Industry Partnership Institute | Proxy signature scheme |
US20190089546A1 (en) * | 2016-03-29 | 2019-03-21 | Koninklijke Philips N.V. | System and method for distribution of identity based key material and certificate |
CN107689947A (en) * | 2016-08-05 | 2018-02-13 | 华为国际有限公司 | A kind of method and apparatus of data processing |
CN110622165A (en) * | 2018-04-19 | 2019-12-27 | 谷歌有限责任公司 | Security measures for determining privacy set intersections |
CN109951443A (en) * | 2019-01-28 | 2019-06-28 | 湖北工业大学 | The set intersection calculation method and system of secret protection under a kind of cloud environment |
CN112613077A (en) * | 2021-01-22 | 2021-04-06 | 支付宝(杭州)信息技术有限公司 | Privacy-protecting multi-party data processing method, device and system |
Non-Patent Citations (3)
Title |
---|
张恩;金刚刚;: "基于同态加密和Bloom过滤器的云外包多方隐私集合比较协议", 计算机应用, no. 08, pages 122 - 126 * |
李聪;杨晓元;王绪安;: "隐私保护的可验证外包属性基解密方案", 小型微型计算机系统, no. 09, pages 107 - 111 * |
薛锦: "整数环上同态加密算法及其应用研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》, no. 07, pages 138 - 40 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115062347A (en) * | 2022-08-17 | 2022-09-16 | 四川新网银行股份有限公司 | Data privacy safety sharing method and system for guaranteeing data value accuracy |
CN115062347B (en) * | 2022-08-17 | 2022-11-04 | 四川新网银行股份有限公司 | Data privacy security sharing method and system for guaranteeing data value accuracy |
Also Published As
Publication number | Publication date |
---|---|
CN113515538B (en) | 2023-07-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103281377B (en) | A kind of encrypt data storage and querying method of facing cloud | |
US9704159B2 (en) | Purchase transaction system with encrypted transaction information | |
US10142339B2 (en) | Identity authentication system, apparatus, and method, and identity authentication request apparatus | |
US7860243B2 (en) | Public key encryption for groups | |
CN112313683A (en) | Offline storage system and using method | |
CN109951453A (en) | A kind of safe encryption method based on block chain | |
CN102082790B (en) | Method and device for encryption/decryption of digital signature | |
JPH10274926A (en) | Cipher data restoration method, key registration system and data restoration system | |
Hoover et al. | Software smart cards via cryptographic camouflage | |
CN110969431A (en) | Safe trusteeship method, equipment and system of block chain digital currency private key | |
CN112740615A (en) | Multi-party computed key management | |
CN103378971A (en) | Data encryption system and method | |
CN101808089A (en) | Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm | |
CN103607273B (en) | A kind of data file encipher-decipher method controlled based on time limit | |
CN106657002A (en) | Novel crash-proof base correlation time multi-password identity authentication method | |
CN112738133A (en) | RSA authentication method | |
CN110008753A (en) | A kind of data processing method and system in business datum Sensitive Domain | |
CN113515538B (en) | Inter-institution privacy data query and early warning method based on multiparty security calculation | |
CN109787747A (en) | Anti- quantum calculation multi-enciphering cloud storage method and system based on multiple unsymmetrical key ponds | |
Wu et al. | Security Architecture for sensitive information systems | |
CN107733936A (en) | A kind of encryption method of mobile data | |
CN100566239C (en) | The key transmission method of multi-stage intelligent key apparatus and system | |
CN112035820A (en) | Data analysis method used in Kerberos encryption environment | |
CN111447060A (en) | Electronic document distribution method based on proxy re-encryption | |
CN112149166A (en) | Unconventional password protection method and intelligent bank machine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |