CN113726764B - Private data transmission method and device - Google Patents
Private data transmission method and device Download PDFInfo
- Publication number
- CN113726764B CN113726764B CN202110993420.4A CN202110993420A CN113726764B CN 113726764 B CN113726764 B CN 113726764B CN 202110993420 A CN202110993420 A CN 202110993420A CN 113726764 B CN113726764 B CN 113726764B
- Authority
- CN
- China
- Prior art keywords
- hash
- key
- value
- value pair
- salted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
A method and a device for transmitting privacy data are disclosed, wherein the privacy data comprise a first type key value pair needing to be disclosed and a second type key value pair needing not to be disclosed; the method comprises the following steps: for each key value pair in the private data, taking the hash value of the key in each key value pair as a salt value to generate a salt hash value of the value in each key value pair, and obtaining first salt hash information; calculating a first top-level hash value corresponding to the first salting hash information; transmitting the salted hash processing result of the first top-level hash value, the first class key value pair and the second class key value pair; re-executing salt hash processing based on the received data to obtain second salt hash information of the private data; determining that the transmitted first type key-value pair was successfully transmitted if the second top-level hash value matches the first top-level hash value. By applying the scheme, the privacy protection strength can be improved, and the transmission bandwidth can be saved.
Description
Technical Field
The present disclosure relates to the field of privacy protection technologies, and in particular, to a method and an apparatus for transmitting privacy data.
Background
When the business is transacted online, the identity of the business transactor can be verified by using an identity certificate carrying private data; for example, a company may store information such as a company name, a business registration number, a legal representative, and an establishment date in the form of a Key-Value pair (K-V), generate a Verifiable Certificate (VC), and present the generated Verifiable certificate to the other party when necessary. However, since the verifiable credentials may contain privacy information that is actually not needed by the current business, the full presentation of the verifiable credentials described above is likely to result in privacy disclosure.
In the related art, the verifiable certificate may be processed, and the private data that does not need to be disclosed is processed into a hash value form, so that the normal reading of the private data that actually needs to be disclosed is not affected, and the verifiable characteristic of the certificate can be maintained. However, people can still crack the hash value through a rainbow table, collision and other modes, so that the privacy content which is not required to be disclosed is obtained; in other words, the prior art has the technical problem of insufficient safety.
Disclosure of Invention
In view of this, the present specification discloses a private data transmission method and apparatus.
According to a first aspect of embodiments of the present specification, a method of transmitting private data is disclosed, the private data comprising key-value pairs of a first type to be revealed and key-value pairs of a second type to be revealed; the method comprises the following steps:
respectively performing salt hash processing on each key value pair in the private data to obtain first salt hash information; wherein the salted hash process comprises: calculating hash values of the keys in the key value pairs, combining the hash values of the keys in the key value pairs as salt values with the values in the key value pairs, and generating the salt hash values of the values in the key value pairs based on the combined result;
calculating a first top-level hash value corresponding to the first salting hash information;
transmitting the salted hash processing result of the first top-level hash value, the first class key value pair and the second class key value pair;
performing the salting hash processing on the received first-class key value pair, and combining a processed salting hash processing result with a received salting hash processing result of the second-class key value pair to obtain second salting hash information;
and calculating a second top-level hash value corresponding to the second salted hash information, and if the second top-level hash value is matched with the first top-level hash value, determining that the transmitted first key value pair is successfully transmitted.
Optionally, the method further includes:
and before generating the first salted hash information, sequencing each key value pair in the private data based on a pre-negotiated sequencing rule.
Optionally, the transmitting the result of the salted hash processing of the first top-level hash value, the first type key-value pair, and the second type key-value pair includes:
transmitting the salted hash processing results of the first top-level hash value, the first type key value pair and the second type key value pair in an out-of-order mode;
after the combining the processed salted hash result with the received salted hash result of the second-type key value pair, the method further includes:
and based on the pre-negotiated sequencing rule, sequencing a combined result of the processed salted hash processing result and the received salted hash processing result of the second-class key value pair.
Optionally, the transmitting the result of the salted hash processing of the first top-level hash value, the first type key-value pair, and the second type key-value pair includes:
transmitting the first top-level hash value, the first class key-value pair, and the modified first salted hash information; wherein the modified first salted hash information includes the salted hash processing result of the second type of key value pair and the key of the first type of key value pair;
the combining the processed result of the salted hash process with the received result of the salted hash process of the second-type key value pair to obtain second salted hash information includes:
and replacing the key of the first key value pair in the first salting hash information with the corresponding salting hash value in the processed salting hash processing result to obtain second salting hash information.
Optionally, the transmitting the result of the salted hash processing of the first top-level hash value, the first type key-value pair, and the second type key-value pair includes:
transmitting the first top-level hash value, a sequence of intermediate key-value pairs, and a sequence of masks corresponding to the sequence of intermediate key-value pairs; wherein the intermediate key-value pair sequence comprises a salt-added hash processing result of the first class of key-value pairs and the second class of key-value pairs, and the mask sequence indicates a position of the first class of key-value pairs in the intermediate key-value pair sequence;
the combining the processed result of the salted hash process with the received result of the salted hash process of the second-type key value pair to obtain second salted hash information includes:
and replacing the first class key value pairs in the intermediate key value pair sequence with the processed salted hash processing result based on the position indicated by the mask sequence to obtain second salted hash information.
Optionally, the transmitting the first top-level hash value includes:
sending the first top-level hash value to a public storage space;
and acquiring the first top-level hash value from the public storage space.
According to a second aspect of embodiments herein, there is disclosed a private data transmission apparatus, the private data including key-value pairs of a first type that need not be kept secret and key-value pairs of a second type that need to be kept secret; the device comprises:
the first hash processing module is used for respectively carrying out salt hash processing on each key value pair in the private data to obtain first salt hash information; wherein the salted hash process comprises: calculating the hash value of the key in each key value pair, combining the hash value of the key in each key value pair as a salt value with the value in each key value pair, and generating the salt hash value of the value in each key value pair based on the combined result;
the calculation module is used for calculating a first top-layer hash value corresponding to the first salting hash information;
the transmission module is used for transmitting the salt adding hash processing results of the first top-level hash value, the first key value pair and the second key value pair;
the second hash processing module is used for carrying out the salt adding hash processing on the received first type key value pair and combining the processed salt adding hash processing result with the received salt adding hash processing result of the second type key value pair to obtain second salt adding hash information;
and the checking module is used for calculating a second top-level hash value corresponding to the second salted hash information, and if the second top-level hash value is matched with the first top-level hash value, determining that the transmitted first key value pair is successfully transmitted.
According to a third aspect of embodiments herein, a computer device is disclosed, comprising at least a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of the above embodiments when executing the program.
According to a fourth aspect of embodiments herein, a computer-readable storage medium is disclosed, on which a computer program is stored, which when executed by a processor implements the method of any of the above embodiments.
In the above technical solution, on one hand, since the key value has no semantic feature to the hash value of the key pair, the hash value of the key pair inner key is used as a salt value to generate salted hash information, which is more difficult to crack than a scheme using phrases such as a user name, a table name, a key name, etc. as salt values, and moreover, a first top-level hash value for full-text verification is generated in the scheme, so that the private data can be ensured not to be tampered in the transmission process; therefore, the scheme greatly improves the safety of the private data and can ensure that the key value pair content which does not need to be revealed cannot be revealed.
On the other hand, the salt value used in the process of generating the salted hash information is the hash value of the key value pair, and the hash value of the key value pair is originally required to be sent to the receiving end, so compared with a scheme of using phrases such as a user name, a table name and a key name as the salt value, the scheme does not need to additionally send the salt value used for generating the salted hash information, and the network transmission bandwidth can be saved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with this specification and together with the description, serve to explain the principles.
FIG. 1 is a diagram illustrating an example scenario for transmitting private data;
FIG. 2 is a flow chart illustrating a method of private data transmission shown in the present specification;
FIG. 3 is an exemplary diagram of one type of generation of top-level hash values shown in the present specification;
fig. 4 is a diagram showing an example of the structure of a private data transmission apparatus according to the present specification;
fig. 5 is a diagram illustrating an example of a configuration of a computer device for private data transmission according to the present specification.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in one or more embodiments of the present disclosure, the technical solutions in one or more embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in one or more embodiments of the present disclosure. It should be apparent that the described embodiments are only a few embodiments, and not all embodiments. All other embodiments that can be derived by one of ordinary skill in the art from one or more embodiments of the disclosure without making any creative effort shall fall within the scope of the disclosure.
When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of systems and methods consistent with certain aspects of the present description, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if," as used herein, may be interpreted as "at \8230; \8230when" or "when 8230; \823030when" or "in response to a determination," depending on the context.
Referring to fig. 1, fig. 1 is a diagram illustrating an example scenario for transmitting private data; as shown in fig. 1, in this example, when a user a transacts business online, the identity of the business transactor may be verified using an identity certificate carrying private data; data in the identity certificate is stored in a Key-Value pair (K-V) manner, but in practical application, the identity certificate may contain privacy information that is actually not needed by the current service, so that it is likely that privacy disclosure is caused by full display of the verifiable certificate.
For example, the business currently handled by the user a only needs to provide a name, an identification number and a mobile phone number, but if the verifiable certificate is displayed in full, the business handling party also knows unnecessary information of the academic calendar, the working unit and the like of the user a in the currently handled business, so that the privacy rights of the user a are damaged.
In the related art, the above verifiable credential may be masked, and the private data that need not be disclosed therein may be processed in the form of a hash value, for example, the value "certain technology limited" corresponding to the key "work unit" is replaced with its MD5 hash value "B2AB8057E73BDFC43BAEB1E56F31B5CE", so that the receiver cannot directly know the value corresponding to the key "work unit". However, people can still crack the hash value through a rainbow table, collision and other modes, so that the concealed privacy content can be obtained; in other words, the prior art has the technical problem of insufficient safety.
Based on this, the present specification proposes a technical solution of performing a salting hash process on key-value pairs that do not need to be disclosed in the private data, and performing an integrity check in a top-level hash value manner when presenting the private data.
When the method is implemented, the top-level hash value can be generated based on the corresponding salted hash values of all key values of the private data, so as to ensure the integrity of all the private data; specifically, when the salted hash value of the key value pair is generated, the key in the key value pair may be first hashed, and the obtained hash value of the key may be used as the salt of the salted hash value of the median of the key value pair.
For example, assuming that there is a key value pair { "name": zhang three "} in the private data, and the hash value algorithm used is MD5, then the MD5 hash value" B068931CC450442B63F5B3D276EA4297 "of the key" name "of the key value pair may be first calculated, and the result may be used as a salt value to calculate the salted MD5 hash value of zhang three" (i.e., the MD5 hash value of zhang three B068931CC450442B63F5B3D276EA4297 "), resulting in" 2D84E495BFD3220B2C1FC5EA0DD7D412". If the first top-level hash value is regenerated based on the salted hash values of all the key pairs in the private data, as long as the verification confirms that the second top-level hash value regenerated by the received data is the same as the first top-level hash value, the salted hash values of all the key pairs in the private data can be inferred to be not tampered, and the private data is inferred to be credible.
In the above technical solution, on one hand, since the key value has no semantic feature to the hash value of the key pair, the hash value of the key pair inner key is used as a salt value to generate salted hash information, which is more difficult to crack than a scheme using phrases such as a user name, a table name, a key name, etc. as salt values, and moreover, a first top-level hash value for full-text verification is generated in the scheme, so that the private data can be ensured not to be tampered in the transmission process; therefore, the scheme greatly improves the safety of the private data and can ensure that the key value pair content which does not need to be revealed cannot be revealed.
On the other hand, the salt value used in the process of generating the salted hash information is the hash value of the key value pair, and the hash value of the key value pair is originally required to be sent to the receiving end, so compared with a scheme of using phrases such as a user name, a table name and a key name as the salt value, the scheme does not need to additionally send the salt value used for generating the salted hash information, and the network transmission bandwidth can be saved.
The present specification is described below with reference to specific embodiments and specific application scenarios.
Referring to fig. 2, fig. 2 is a flowchart illustrating a private data transmission method according to an embodiment of the present disclosure; the private data can comprise a first type of key-value pairs needing to be disclosed and a second type of key-value pairs needing not to be disclosed; the method may include the following steps S201 to S205:
s201, respectively executing salt hash processing on each key value pair in the private data to obtain first salt hash information; wherein the salted hash process comprises: calculating the hash value of the key in each key value pair, combining the hash value of the key in each key value pair as a salt value with the value in each key value pair, and generating the salt hash value of the value in each key value pair based on the combined result;
s202, calculating a first top-level hash value corresponding to the first salting hash information;
s203, transmitting the salt hash processing results of the first top-level hash value, the first key value pair and the second key value pair;
s204, performing the salt adding hashing processing on the received first-type key value pair, and combining a salt adding hashing processing result obtained by the processing with a salt adding hashing processing result of the received second-type key value pair to obtain second salt adding hashing information;
s205, calculating a second top-level hash value corresponding to the second salted hash information, and if the second top-level hash value is matched with the first top-level hash value, determining that the transmitted first key value pair is successfully transmitted.
The private data refers to any data which is stored in a key-value pair form and needs to be selectively disclosed to a transmission opposite terminal, wherein the key-value pair needing to be disclosed can be marked as a first type key-value pair, and the key-value pair not needing to be disclosed can be marked as a second type key-value pair; it is understood that, in different services, the specific type of the key-value pair in the private data may be changed correspondingly, and those skilled in the art may determine the specific type of the key-value pair in the private data according to the specific service requirement.
In this specification, a data sender may first perform a salting hash process on each key value pair in the private data to generate corresponding first salting hash information; specifically, the hash value of the key in each key value pair may be calculated, the hash value of the key in each key value pair may be combined with the value in each key value pair as a salt, and a salt hash value of the value in each key value pair may be generated based on the result of the combination;
for example, assume that the following key-value pairs are included in the private data:
k1:v1,k2:v2,k3:v3,…,kn:vn;
and (2) using hash () to refer to hash calculation operation, and using + to refer to character string splicing operation, calculating hash value hash (ki) of the key in each key value pair aiming at any positive integer i not greater than n, and then calculating the hash value hash (hash (ki) + vi) of the value added with the salt in each key value pair. That is, the generated first salted hash information may include a salted hash (hash (ki) + vi) of a value of each key-value pair in the above-described private data.
In this specification, the data sending side may further generate a corresponding first top-level hash value according to the generated first salted hash information. Specifically, the hash value hash (hash (ki) + vi) added to the value of each key pair in the private data may be concatenated into a character string, and then the hash value may be obtained for the character string. Referring to FIG. 3, FIG. 3 is an exemplary diagram illustrating one type of generation of top-level hash values shown in this specification; in this example, it is assumed that the first salted hash information includes the following information:
hash(hash(k1)+v1),hash(hash(k2)+v2),…,hash(hash(kn)+vn)
then the following character strings can be obtained by splicing the characters:
“hash(hash(k1)+v1)+hash(hash(k2)+v2)+hash(hash(kn)+vn)”
the first top-level hash value generated in this step is:
hash(hash(hash(k1)+v1)+hash(hash(k2)+v2)+hash(hash(kn)+vn))
it should be understood that, since the technical solutions described in the present specification are based on the general nature that the hash algorithm is irreversible and hard to collide, the specific algorithm of the hash calculation described above need not be specifically limited in the present specification, and for example, existing public algorithms such as MD5, SHA-1, and SM3 may be used, or other non-public customized hash algorithms may also be used. It is also understood that although only one symbol of hash () is used in the above expression to refer to the hash calculation operation, in practical applications, different hash calculation algorithms may be used as needed after the sender and the receiver have negotiated, for example, SHA-1 algorithm may be used when calculating the salted hash value of the values in each key value pair, SM3 algorithm may be used when calculating the first top-level hash value, and so on.
In this specification, after completing the data processing operation, the data sender may send the following to the data receiver: the first top-level hash value, the first type key value pair and the second type key value pair are subjected to salt hash processing; the specific combination of the above-mentioned components is not limited in this specification.
For example, the salted hash result of the first type of key-value pair and the second type of key-value pair may be stored in the same similar array of storage structures, which may be generated by traversing the private data determination based on the following rules: if the traversed current key value pair is a first class key value pair, storing the current key value pair original text in a corresponding position of the storage structure, and if the traversed current key value pair is a second class key value pair, storing a hash value of a key of the current key value pair and a salted hash value of the value in the corresponding position of the storage structure; assuming that k1: v1, k3: v3 are key-value pairs that need not be revealed and k2: v2 are key-value pairs that can be revealed, the resulting storage structure can be as follows:
hash(k1):hash(hash(k1)+v1),k2:v2,hash(k3):hash(hash(k3)+v3);
since the calculation result of the top-level hash value is affected by the order of the key-value pairs, the order of each element in the string to be checked cannot be changed when the top-level hash value is used for integrity check; by adopting the scheme to store the salt hash processing results of the first-class key value pairs and the second-class key value pairs, the sequential relationship among the key value pairs in the private data can be obviously maintained, so that the salt hash processing results of the first-class key value pairs and the second-class key value pairs are sent through the storage structure, resources consumed by a data receiver for the sequential arrangement step of the key value pairs can be saved, and the execution efficiency of the scheme is improved.
It is understood that the first type key-value pairs may also be stored separately from the second type key-value pairs, and the sequential relationship of the key-value pairs is recorded by an additional description file, so that the top-level hash value is regenerated in the original order after the information is received, thereby performing integrity check.
In this specification, after receiving the first top-level hash value, the first type key value pair, and the result of the salt hash processing of the second type key value pair sent by the data sending party, the data receiving party may perform the salt hash processing on the received first type key value pair, and combine the processed result of the salt hash processing with the received result of the salt hash processing of the second type key value pair to obtain second salt hash information; the step is similar to the process of generating the first salted hash information by the data sending party, but specifically, because the data receiving party has directly received the salted hash processing result of the second type of key value pair, the second salted hash information can be generated only by regenerating the salted hash processing result of the first type of key value pair and then combining the salt hash processing results; if the data is not tampered during transmission, the second salted hash information may be consistent with the first salted hash information.
In an illustrated embodiment, the data sender may sort the key-value pairs in the private data based on a pre-negotiated sorting rule before generating the first salted hash information. For example, the strings may be sorted in lexicographic order, or sorted in descending order of ascii codes, and so forth. Since the calculation of the top-level hash value is affected by the order of the key-value pairs, the order of the elements in the string that need to be checked cannot be changed to perform integrity checking using the top-level hash value. And sorting each key value pair in the private data in advance can enable a data receiver to generate second salting hash information which is consistent with the element sequence of the first salting hash information, and the sequence of each key value pair does not need to be readjusted, so that the generation speed of the second salting hash information can be increased.
In another illustrated embodiment, the data may be scrambled during transmission to improve security. Specifically, when the data transmission side transmits the result of the salted hash processing of the first top-level hash value, the first type key value pair, and the second type key value pair, the data transmission side may transmit the result of the salted hash processing of the first top-level hash value, the first type key value pair, and the second type key value pair in an out-of-order manner; correspondingly, after the data receiving side combines the processed result of the salted hash processing with the received result of the salted hash processing of the second-type key value pair, the data receiving side may sort the combined result of the processed result of the salted hash processing and the received result of the salted hash processing of the second-type key value pair based on the pre-negotiated sorting rule. Because the data out of order is reordered at the data receiver according to the pre-negotiated ordering rule, the order of the data out of order is restored to the state before out of order, and therefore the accuracy of checking the top-level hash value is not influenced.
By applying the scheme, if the related data is intercepted in the transmission process, the difficulty of decoding and acquiring the real private information by an attacker can be further improved because the related data is subjected to out-of-order processing, and therefore the security of private data transmission can be improved.
In this specification, after generating the second salted hash information, the data receiving side may calculate a second top-level hash value corresponding to the second salted hash information, and determine that the transmission of the transmitted first type key value pair is successful if the second top-level hash value matches the first top-level hash value. It is to be understood that the second top-level hash value and the first top-level hash value are preferably the same hash algorithm, but whether the second top-level hash value and the first top-level hash value are the same as the hash algorithm used in the salt hashing process is not limited.
In an illustrative embodiment, the first type key-value pairs may be transmitted separately from the storage structure; specifically, the storage structure may be obtained by modifying the first salted hash information, and as described above, the first salted hash information includes the salted hash result of all the key pairs in the privacy information, so that the content (i.e., the salted hash result) corresponding to the first type of key pair in the first salted hash information may be replaced with a key name, so that the modified first salted hash information includes the salted hash result of the second type of key pair and the key of the first type of key pair. Thus, the first top-level hash value, the first type key value pair, and the modified first salted hash information may be transmitted during the transmitting step.
Correspondingly, when the data receiving side combines the processed salted hash processing result with the received salted hash processing result of the second type key value pair to obtain the second salted hash information, the data receiving side may replace the key of the first type key value pair in the first salted hash information with the corresponding salted hash value in the processed salted hash processing result to obtain the second salted hash information. As described above, since the content of the salt hash processing result originally being the first-type key value pair in the modified first salt hash information is replaced by the key of the first-type key value pair, the key of the first-type key value pair is replaced by the corresponding salt hash value in the processed salt hash processing result at the receiving end, and the state of the first salt hash information before modification can be recovered; that is, if the data is not tampered during the transmission process, the second salted hash information generated by the receiving end is consistent with the pre-modification state of the first salted hash information.
By adopting the scheme, the first-type key-value pairs needing to be disclosed are independently sent without being extracted from other complex data structures, so that the first-type key-value pairs can be more conveniently read by a receiver compared with the scheme that the first-type key-value pairs are carried in the storage structure.
In another illustrated embodiment, the salted hash results of the first type of key-value pair and the second type of key-value pair may be transmitted using a sequence of intermediate key-value pairs; in particular, the sequence of intermediate key-value pairs may be used in conjunction with a mask sequence for indicating the position of the first type of key-value pair in the sequence of intermediate key-value pairs. When the scheme is adopted, the specifically transmitted content may include the first top-level hash value, the intermediate key-value pair sequence, and a mask sequence corresponding to the intermediate key-value pair sequence.
Correspondingly, when the data receiving end needs to combine the processed salted hash result with the received salted hash result of the second-type key value pair to obtain second salted hash information, the data receiving end may replace the first-type key value pair in the intermediate key value pair sequence with the processed salted hash result based on the position indicated by the mask sequence to obtain the second salted hash information.
For example, assuming that k1: v1, k3: v3 are key-value pairs that need not be disclosed, and k2: v2 are key-value pairs that can be disclosed, the corresponding mask sequence may be "1,0,1", where 0 represents a first type of key-value pair that can be disclosed, and 1 represents a second type of key-value pair that need not be disclosed; the data receiver may determine the data in the sequence of intermediate key-value pairs that is not the salted hash value (i.e., the first-type key-value pair) by identifying the "0" in the mask sequence, thereby regenerating the salted hash value of the first-type key-value pair for performing the subsequent top-level hash value verification step.
By applying the scheme, the data receiving end can utilize the mask sequence to quickly position when determining that the data which is not the salted hash value in the intermediate key value pair sequence is determined, and does not need to identify keys one by one according to the key value pair, so that the time consumed for positioning the data which is not the salted hash value in the intermediate key value pair sequence can be shortened, and the verification speed is improved.
In an embodiment shown in the present disclosure, when the data sender transmits the first top-level hash value, the data sender may not perform targeted transmission, but transmit the first top-level hash value in a broadcast manner or the like; for example, the first top-level hash value may be sent to a public storage space such as a homepage of a personal website, a public cloud disk, or the like, so that the data receiver may obtain the first top-level hash value from the public storage space.
By adopting the scheme, different services may have different requirements on whether the key-value pairs in the same set of privacy data are disclosed, and the key-value pairs correspond to the same first top-level hash value regardless of whether the key-value pairs are disclosed; therefore, the first top-level hash value is directly sent to public storage spaces such as a personal website homepage and a public cloud disk, so that data multiplexing can be realized when the first top-level hash value needs to be acquired for multiple times, and the network bandwidth consumption is reduced.
The above contents are all embodiments of the private data transmission method in this specification. The present specification also provides embodiments of a corresponding private data transmission apparatus as follows:
the present specification proposes a private data transmission apparatus, wherein the private data includes a first type of key-value pair that does not need to be kept secret and a second type of key-value pair that needs to be kept secret; an example of the structure of the private data transmission device is shown in fig. 4, and includes:
a first hash processing module 401, configured to perform a salt hash process on each key value pair in the private data, to obtain first salt hash information; wherein the salted hash process comprises: calculating the hash value of the key in each key value pair, combining the hash value of the key in each key value pair as a salt value with the value in each key value pair, and generating the salt hash value of the value in each key value pair based on the combined result;
a calculating module 402, configured to calculate a first top-level hash value corresponding to the first salted hash information;
a transmission module 403, configured to transmit a result of the salt hash processing on the first top-level hash value, the first type key value pair, and the second type key value pair;
a second hash processing module 404, configured to perform the salt-adding hash processing on the received first-type key value pair, and combine a salt-adding hash processing result obtained by the processing with a salt-adding hash processing result of the received second-type key value pair to obtain second salt-adding hash information;
the checking module 405 calculates a second top-level hash value corresponding to the second salted hash information, and determines that the transmitted first class key value pair is successfully transmitted if the second top-level hash value matches the first top-level hash value.
In an illustrated embodiment, the apparatus may further include a first sorting module configured to sort key-value pairs in the private data based on a pre-negotiated sorting rule before the first salted hash information is generated.
In an illustrated embodiment, the transmitting module may further transmit the salted hash result of the first top-level hash value, the first type key-value pair, and the second type key-value pair in an out-of-order manner; in this embodiment, the apparatus may further include a second sorting module, and the second sorting module may, after the obtained salted hash result is combined with the received salted hash result of the second type of key value pair, sort a combined result of the obtained salted hash result and the received salted hash result of the second type of key value pair based on the pre-negotiated sorting rule.
In an illustrative embodiment, the transmission module may further transmit the first top-level hash value, the first type key-value pair, and the modified first salted hash information; wherein the modified first salted hash information includes the salted hash result of the second type of key value pair and the key of the first type of key value pair; and the second processing module is further configured to replace the key of the first-type key value pair in the first salted hash information with the corresponding salted hash value in the salted hash result obtained by the processing, so as to obtain second salted hash information.
In another illustrated embodiment, the transmitting module may further transmit the first top-level hash value, a sequence of intermediate key-value pairs, and a sequence of masks corresponding to the sequence of intermediate key-value pairs; wherein the intermediate key-value pair sequence comprises a salt-added hash result of the first type of key-value pair and the second type of key-value pair, and the mask sequence indicates a position of the first type of key-value pair in the intermediate key-value pair sequence; the second processing module may further replace the first-type key value pair in the intermediate key value pair sequence with the processed salted hash result based on the position indicated by the mask sequence, so as to obtain second salted hash information.
In an illustrative embodiment, the transmitting module may be further configured to send the first top-level hash value to a common storage space, and obtain the first top-level hash value from the common storage space.
Embodiments of the present specification also provide a computer device, which at least includes a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the foregoing private data transmission method when executing the program.
Fig. 5 is a schematic diagram illustrating a more specific hardware structure of a computing device according to an embodiment of the present disclosure, where the computing device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static Memory device, a dynamic Memory device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, bluetooth and the like).
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only the components necessary to implement the embodiments of the present disclosure, and need not include all of the components shown in the figures.
Embodiments of the present specification also provide a computer-readable storage medium on which a computer program is stored, which when executed by a processor implements the foregoing private data transmission method.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
From the above description of the embodiments, it is clear to those skilled in the art that the embodiments of the present disclosure can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the embodiments of the present specification may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments of the present specification.
The systems, apparatuses, modules or units described in the above embodiments may be specifically implemented by a computer chip or an entity, or implemented by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to some descriptions of the method embodiment for relevant points. The above-described apparatus embodiments are merely illustrative, and the modules described as separate components may or may not be physically separate, and the functions of the modules may be implemented in one or more software and/or hardware when implementing the embodiments of the present disclosure. And part or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The foregoing is only a specific embodiment of the embodiments of the present disclosure, and it should be noted that, for those skilled in the art, a plurality of modifications and decorations can be made without departing from the principle of the embodiments of the present disclosure, and these modifications and decorations should also be regarded as the protection scope of the embodiments of the present disclosure.
Claims (14)
1. A method of transmitting private data, said private data comprising key-value pairs of a first type to be revealed and key-value pairs of a second type to be revealed; the method comprises the following steps:
respectively performing salt hash processing on each key value pair in the private data to obtain first salt hash information; wherein the salted hash process comprises: calculating the hash value of the key in each key value pair, combining the hash value of the key in each key value pair as a salt value with the value in each key value pair, and generating the salt hash value of the value in each key value pair based on the combined result;
calculating a first top-level hash value corresponding to the first salting hash information;
transmitting the salted hash processing result of the first top-level hash value, the first class key value pair and the second class key value pair;
performing the salting hash processing on the received first-class key value pair, and combining a processed salting hash processing result with a received salting hash processing result of the second-class key value pair to obtain second salting hash information;
and calculating a second top-level hash value corresponding to the second salted hash information, and if the second top-level hash value is matched with the first top-level hash value, determining that the transmitted first key value pair is successfully transmitted.
2. The method of claim 1, further comprising:
and before generating the first salted hash information, sequencing each key value pair in the private data based on a pre-negotiated sequencing rule.
3. The method of claim 2, the transmitting the salted hash processing results of the first top-level hash value, the first type of key-value pair, and the second type of key-value pair, comprising:
transmitting the salted hash processing results of the first top-level hash value, the first type key value pair and the second type key value pair in an out-of-order mode;
after the combining the processed salted hash result with the received salted hash result of the second-type key value pair, the method further includes:
and based on the pre-negotiated sequencing rule, sequencing a combined result of the processed salted hash processing result and the received salted hash processing result of the second-class key value pair.
4. The method of claim 1, the transmitting the salted hash processing results of the first top-level hash value, the first type of key-value pair, and the second type of key-value pair, comprising:
transmitting the first top-level hash value, the first class key-value pair, and the modified first salted hash information; wherein the modified first salted hash information includes the salted hash processing result of the second type of key value pair and the key of the first type of key value pair;
the combining the processed result of the salted hash process with the received result of the salted hash process of the second-type key value pair to obtain second salted hash information includes:
and replacing the key of the first key value pair in the first salting hash information with the corresponding salting hash value in the salting hash processing result to obtain second salting hash information.
5. The method of claim 1, the transmitting the salted hash processing results of the first top-level hash value, the first type of key-value pair, and the second type of key-value pair, comprising:
transmitting the first top-level hash value, a sequence of intermediate key-value pairs, and a sequence of masks corresponding to the sequence of intermediate key-value pairs; wherein the intermediate key-value pair sequence comprises a salt-added hash processing result of the first class of key-value pairs and the second class of key-value pairs, and the mask sequence indicates a position of the first class of key-value pairs in the intermediate key-value pair sequence;
the combining the processed result of the salted hash process with the received result of the salted hash process of the second-type key value pair to obtain second salted hash information includes:
and replacing the first class key value pairs in the intermediate key value pair sequence with the processed salted hash processing result based on the position indicated by the mask sequence to obtain second salted hash information.
6. The method of claim 1, the transmitting the first top-level hash value, comprising:
sending the first top-level hash value to a public storage space;
obtaining the first top-level hash value from the common storage space.
7. A private data transmission apparatus, the private data comprising a first type of key-value pair that does not need to be kept secret and a second type of key-value pair that needs to be kept secret; the device comprises:
the first hash processing module is used for respectively carrying out salt hash processing on each key value pair in the private data to obtain first salt hash information; wherein the salted hash process comprises: calculating the hash value of the key in each key value pair, combining the hash value of the key in each key value pair as a salt value with the value in each key value pair, and generating the salt hash value of the value in each key value pair based on the combined result;
the calculation module is used for calculating a first top-layer hash value corresponding to the first salted hash information;
the transmission module is used for transmitting the salt adding hash processing results of the first top-level hash value, the first key value pair and the second key value pair;
the second hash processing module is used for carrying out the salt adding hash processing on the received first-class key value pair and combining the processed salt adding hash processing result with the received salt adding hash processing result of the second-class key value pair to obtain second salt adding hash information;
and the checking module is used for calculating a second top-level hash value corresponding to the second salted hash information, and if the second top-level hash value is matched with the first top-level hash value, determining that the transmitted first key value pair is successfully transmitted.
8. The apparatus of claim 7, further comprising:
and the first sequencing module is used for sequencing each key value in the private data based on a pre-negotiated sequencing rule before generating the first salted hash information.
9. The apparatus of claim 8, the transmission module further to:
transmitting the salted hash processing results of the first top-level hash value, the first type key value pair and the second type key value pair in an out-of-order mode;
the device further comprises:
and the second sequencing module is used for sequencing the combined result of the processed salted hash processing result and the received salted hash processing result of the second class key value pair based on the pre-negotiated sequencing rule after the processed salted hash processing result is combined with the received salted hash processing result of the second class key value pair.
10. The apparatus of claim 7, the transmission module further to:
transmitting the first top-level hash value, the first class key-value pair, and the modified first salted hash information; wherein the modified first salted hash information includes the salted hash processing result of the second type of key value pair and the key of the first type of key value pair;
the second hash processing module further:
and replacing the key of the first key value pair in the first salting hash information with the corresponding salting hash value in the salting hash processing result to obtain second salting hash information.
11. The apparatus of claim 7, the transmission module further to:
transmitting the first top-level hash value, a sequence of intermediate key-value pairs, and a sequence of masks corresponding to the sequence of intermediate key-value pairs; wherein the intermediate key-value pair sequence comprises a salt-added hash processing result of the first class of key-value pairs and the second class of key-value pairs, and the mask sequence indicates a position of the first class of key-value pairs in the intermediate key-value pair sequence;
the second hash processing module further:
and replacing the first class key value pairs in the intermediate key value pair sequence with the processed salted hash processing result based on the position indicated by the mask sequence to obtain second salted hash information.
12. The apparatus of claim 7, the transmission module further to:
sending the first top-level hash value to a public storage space;
and acquiring the first top-level hash value from the public storage space.
13. A computer device comprising at least a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the program when executed by the processor implements the method of any one of claims 1 to 6.
14. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110993420.4A CN113726764B (en) | 2021-08-27 | 2021-08-27 | Private data transmission method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110993420.4A CN113726764B (en) | 2021-08-27 | 2021-08-27 | Private data transmission method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113726764A CN113726764A (en) | 2021-11-30 |
| CN113726764B true CN113726764B (en) | 2023-03-24 |
Family
ID=78678367
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110993420.4A Active CN113726764B (en) | 2021-08-27 | 2021-08-27 | Private data transmission method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113726764B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109074579A (en) * | 2016-02-23 | 2018-12-21 | 区块链控股有限公司 | Method and system for protecting computer software using distributed hash tables and blockchains |
| CN110032862A (en) * | 2019-04-01 | 2019-07-19 | 中科天御(苏州)科技有限公司 | A kind of data dynamic protection method and device of anticollision library attack |
| CN110443068A (en) * | 2019-08-01 | 2019-11-12 | 中国科学院信息工程研究所 | Method for secret protection and device |
| WO2019217031A1 (en) * | 2018-05-07 | 2019-11-14 | Apple Inc. | Contact discovery service with privacy aspect |
| CN111181714A (en) * | 2019-11-20 | 2020-05-19 | 航天信息股份有限公司 | Password generation and authentication method, device, electronic equipment and medium |
| CN111767364A (en) * | 2019-03-26 | 2020-10-13 | 钉钉控股(开曼)有限公司 | Data processing method, device and equipment |
| CN112383526A (en) * | 2020-11-06 | 2021-02-19 | 扬州大学 | Covert communication method under block chain realized by intelligent contract |
| CN112597524A (en) * | 2021-03-03 | 2021-04-02 | 支付宝(杭州)信息技术有限公司 | Privacy intersection method and device |
-
2021
- 2021-08-27 CN CN202110993420.4A patent/CN113726764B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109074579A (en) * | 2016-02-23 | 2018-12-21 | 区块链控股有限公司 | Method and system for protecting computer software using distributed hash tables and blockchains |
| WO2019217031A1 (en) * | 2018-05-07 | 2019-11-14 | Apple Inc. | Contact discovery service with privacy aspect |
| CN112106337A (en) * | 2018-05-07 | 2020-12-18 | 苹果公司 | Contact discovery service with privacy aspects |
| CN111767364A (en) * | 2019-03-26 | 2020-10-13 | 钉钉控股(开曼)有限公司 | Data processing method, device and equipment |
| CN110032862A (en) * | 2019-04-01 | 2019-07-19 | 中科天御(苏州)科技有限公司 | A kind of data dynamic protection method and device of anticollision library attack |
| CN110443068A (en) * | 2019-08-01 | 2019-11-12 | 中国科学院信息工程研究所 | Method for secret protection and device |
| CN111181714A (en) * | 2019-11-20 | 2020-05-19 | 航天信息股份有限公司 | Password generation and authentication method, device, electronic equipment and medium |
| CN112383526A (en) * | 2020-11-06 | 2021-02-19 | 扬州大学 | Covert communication method under block chain realized by intelligent contract |
| CN112597524A (en) * | 2021-03-03 | 2021-04-02 | 支付宝(杭州)信息技术有限公司 | Privacy intersection method and device |
Non-Patent Citations (1)
| Title |
|---|
| 高校数据隐私保护技术;王玉平等;《中国教育网络》;20160405(第04期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113726764A (en) | 2021-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9954842B2 (en) | Method, client, server and system of login verification | |
| CN110457912B (en) | Data processing method and device and electronic equipment | |
| CN107872772B (en) | Method and device for detecting fraud short messages | |
| KR101712119B1 (en) | Apparatus and method of informing a user of bitcoin trade | |
| US20220103378A1 (en) | System and method for off-chain cryptographic transaction verification | |
| US20180374097A1 (en) | A distributed user profile identity verification system for e-commerce transaction security | |
| US10783277B2 (en) | Blockchain-type data storage | |
| JP6880055B2 (en) | Message anti-counterfeiting implementation method and device | |
| US10200407B1 (en) | Network gateway messaging systems and methods | |
| US9686277B2 (en) | Unique identification for an information handling system | |
| US11270004B2 (en) | Blockchain-based transaction privacy | |
| CN106664308B (en) | Device authentication prior to enrollment | |
| JP2017532707A (en) | User verification based on digital fingerprint signal derived from out-of-band data | |
| CN114329527A (en) | Intersection data acquisition method, equipment and system | |
| CN107995200B (en) | Certificate issuing method, identity authentication method and system based on smart card | |
| US20240187397A1 (en) | Network gateway messaging systems and methods | |
| CN114365134A (en) | Secure identity card using unclonable functions | |
| US10452847B2 (en) | System call vectorization | |
| EP3729314B1 (en) | Spatial and temporal convolution networks for system calls based process monitoring | |
| US10565210B2 (en) | Generating and verifying a reputational profile | |
| CN108228248A (en) | A kind of determining method and apparatus of dependence | |
| CN116055067B (en) | Weak password detection method, device, electronic equipment and medium | |
| CN111027065B (en) | Leucavirus identification method and device, electronic equipment and storage medium | |
| CN113726764B (en) | Private data transmission method and device | |
| CN111277488A (en) | Session processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Room 2339, 2nd Floor, No. 92, Huancheng North Road, Gongshu District, Hangzhou City, Zhejiang Province 310005 Applicant after: Hangzhou Xita Technology Co.,Ltd. Address before: 310007 room 2001 and 2010, 20 / F, tower a, Huaxing Times Square, No. 478, Wensan Road, Xihu District, Hangzhou, Zhejiang Applicant before: Hangzhou Xita Technology Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |