CN113946855A - Private data intersection method and system for transmitting trace data by one party - Google Patents

Private data intersection method and system for transmitting trace data by one party Download PDF

Info

Publication number
CN113946855A
CN113946855A CN202111274270.8A CN202111274270A CN113946855A CN 113946855 A CN113946855 A CN 113946855A CN 202111274270 A CN202111274270 A CN 202111274270A CN 113946855 A CN113946855 A CN 113946855A
Authority
CN
China
Prior art keywords
data
encrypted
key value
intersection
data set
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111274270.8A
Other languages
Chinese (zh)
Inventor
郭宏刚
陈贺巍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bairong Zhixin Beijing Credit Investigation Co Ltd
Original Assignee
Bairong Zhixin Beijing Credit Investigation Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bairong Zhixin Beijing Credit Investigation Co Ltd filed Critical Bairong Zhixin Beijing Credit Investigation Co Ltd
Priority to CN202111274270.8A priority Critical patent/CN113946855A/en
Publication of CN113946855A publication Critical patent/CN113946855A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a privacy data intersection method and a privacy data intersection system for transmitting trace data by one party, wherein the method comprises the following steps: generating an encryption Key value data set and a first encryption Key item by item according to the second encryption data set and the first data stamp; encrypting additional data of the Key value data set to generate first encrypted additional data; obtaining a Key value intersection according to the first encrypted data group, the first data stamp and the encrypted Key value data set, and obtaining a first decryption Key at the same time; and decrypting the intersection additional data in the first encrypted additional data according to the first decryption Key to obtain a first additional plaintext corresponding to the Key value intersection. The technical problems that in the prior art, communication and encrypted data exchange are required for multiple times in the process of asking for transaction, the requirements of certain application scenes cannot be met, data of asking for transaction operation is limited to one field, and other meaningful application data cannot be attached are solved.

Description

Private data intersection method and system for transmitting trace data by one party
Technical Field
The invention relates to the field of data transmission, in particular to a private data intersection method and system for transmitting trace data by one party.
Background
Private data intersection (PSI) is a particular application problem in the field of secure multiparty computing. Through a series of underlying cryptographic techniques and data exchange protocols, two parties (a requester/Client and a data party/Server) of participants are allowed to use respective data to calculate the intersection of the data of the two parties, and any data outside the intersection cannot be leaked; the information of the intersection can be obtained by a certain participant (Client) or all participants (clients, servers).
However, in the process of implementing the technical solution of the invention in the embodiments of the present application, the inventors of the present application find that the above-mentioned technology has at least the following technical problems:
the prior art needs to communicate and exchange encrypted data for multiple times in the process of commitment, which can not meet the requirements of some application scenarios, and the data of commitment operation is limited to one field and can not be accompanied by other meaningful application data.
Disclosure of Invention
The embodiment of the application solves the problem that the prior art needs to communicate and exchange encrypted data for multiple times in the process of asking for transaction, which can not meet the requirements of certain application scenes, and the data of the intersection operation is limited to one field, and other meaningful application data can not be attached, so that one Client participating in the intersection operation only needs to provide trace data with fixed length after the operation to the other Server, the final intersection can be found, the Server can append other application data to each record of the data set, therefore, the data set of one Client does not flow out of the local mechanism in any way, the intersection of the data sets of the two clients can be obtained, and the additional data corresponding to the intersection, the non-intersection part in the data set of the other party Server can not be leaked to the requesting party, and the Client cannot provide the encrypted data of the Server to any technical effect used by a third party.
In view of the above, the present invention has been developed to provide a method that overcomes, or at least partially solves, the above-mentioned problems.
In a first aspect, an embodiment of the present application provides a private data intersection method for a party to transmit trace data, where the method includes: obtaining a first encrypted data set and a second encrypted data set; the first requester carries out signature calculation according to the first encrypted data group to obtain a first data signature; the first data party generates an encryption Key value data set and a first encryption Key one by one according to the second encryption data set and the first data stamp; the first data party encrypts additional data of the Key value data set according to the first encryption Key to generate first encrypted additional data, wherein the Key value data set and the additional data have a corresponding relation; the first requester obtains a Key value intersection according to the first encrypted data group, the first data stamp and the encrypted Key value data set, and obtains a first decryption Key at the same time, wherein the first decryption Key is a decryption Key of intersection additional data corresponding to the Key value intersection; and the first requester decrypts the intersection additional data in the first encrypted additional data according to the first decryption Key to obtain a first additional plaintext corresponding to the Key value intersection.
On the other hand, the application also provides a private data exchange system for transmitting trace data by one party, and the system comprises: a first obtaining unit configured to obtain a first encrypted data group and a second encrypted data group; a second obtaining unit, configured to perform signature calculation on the first encrypted data set by the first requester to obtain a first data signature; a first generation unit, configured to generate, by the first data party, an encrypted Key value data set and a first encrypted Key item by item according to the second encrypted data group and the first data stamp; a third obtaining unit, configured to encrypt, by the first data party, additional data of the Key value data set according to the first encryption Key to generate first encrypted additional data, where the Key value data set and the additional data have a correspondence relationship; a fourth obtaining unit, configured to obtain, by the first requestor, a Key value intersection according to the first encrypted data group, the first data stamp, and the encrypted Key value data set, and obtain a first decryption Key at the same time, where the first decryption Key is a decryption Key of intersection additional data corresponding to the Key value intersection; a fifth obtaining unit, configured to decrypt, by the first requestor, the intersection additional data in the first encrypted additional data according to the first decryption Key, and obtain a first additional plaintext corresponding to the Key value intersection.
In a third aspect, an embodiment of the present invention provides an electronic device, including a bus, a transceiver, a memory, a processor, and a computer program stored on the memory and executable on the processor, where the transceiver, the memory, and the processor are connected via the bus, and when the computer program is executed by the processor, the method for controlling output data includes any one of the steps described above.
In a fourth aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the method for controlling output data according to any one of the above.
One or more technical solutions provided in the embodiments of the present application have at least the following technical effects or advantages:
because the first requester is adopted to carry out the signature calculation according to the first encrypted data group, the first data signature is obtained; the first data party generates an encryption Key value data set and a first encryption Key one by one according to the second encryption data set and the first data stamp; the first data party encrypts additional data of the Key value data set according to the first encryption Key to generate first encrypted additional data, wherein the Key value data set and the additional data have a corresponding relation; the first requester obtains a Key value intersection according to the first encrypted data group, the first data stamp and the encrypted Key value data set, and obtains a first decryption Key at the same time; the first request party decrypts the intersection additional data in the first encrypted additional data according to the first decryption Key to obtain a first additional plaintext corresponding to the Key value intersection, so that one party Client participating in intersection calculation only needs to provide trace and fixed-length data after calculation to the other party Server to obtain the final intersection, and the Server can add other application data to each record of the data set, so that the data set of the one party Client does not flow out of the mechanism in any way, the intersection of the data sets of the two parties and the additional data corresponding to the intersection can be obtained, the non-intersection part in the data set of the other party Server cannot be leaked to the request party, and the Client cannot provide the encrypted data of the Server to any third party for use.
The foregoing description is only an overview of the technical solutions of the present application, and the present application can be implemented according to the content of the description in order to make the technical means of the present application more clearly understood, and the following detailed description of the present application is given in order to make the above and other objects, features, and advantages of the present application more clearly understandable.
Drawings
FIG. 1 is a schematic flow chart illustrating a method for privacy data exchange for transmitting trace data according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of obtaining a first encrypted data set and a second encrypted data set in a private data intersection method for transmitting trace data according to an embodiment of the present application;
fig. 3 is a schematic flowchart illustrating a process of obtaining first encrypted data in a private data exchange method for transmitting trace data according to an embodiment of the present application;
FIG. 4 is a schematic structural diagram of a private data exchange system for transmitting trace data according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device for executing a method of controlling output data according to an embodiment of the present application.
Description of reference numerals: a first obtaining unit 11, a second obtaining unit 12, a first generating unit 13, a third obtaining unit 14, a fourth obtaining unit 15, a fifth obtaining unit 16, a bus 1110, a processor 1120, a transceiver 1130, a bus interface 1140, a memory 1150 and a user interface 1160.
Detailed Description
In the description of the embodiments of the present invention, it should be apparent to those skilled in the art that the embodiments of the present invention can be embodied as methods, apparatuses, electronic devices, and computer-readable storage media. Thus, embodiments of the invention may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), a combination of hardware and software. Furthermore, in some embodiments, embodiments of the invention may also be embodied in the form of a computer program product in one or more computer-readable storage media having computer program code embodied in the medium.
The computer-readable storage media described above may take any combination of one or more computer-readable storage media. The computer-readable storage medium includes: an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of the computer-readable storage medium include: a portable computer diskette, a hard disk, a random access memory, a read-only memory, an erasable programmable read-only memory, a flash memory, an optical fiber, a compact disc read-only memory, an optical storage device, a magnetic storage device, or any combination thereof. In embodiments of the invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, device, or apparatus.
Summary of the application
The method, the device and the electronic equipment are described through the flow chart and/or the block diagram.
It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions. These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing apparatus to function in a particular manner. Thus, the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
The embodiments of the present invention will be described below with reference to the drawings.
Example one
As shown in fig. 1, an embodiment of the present application provides a private data exchange method for a party to transmit trace data, where the method includes:
step S100: obtaining a first encrypted data set and a second encrypted data set;
as shown in fig. 2, further, in step S100 of the embodiment of the present application, where the obtaining the first encrypted data set and the second encrypted data set further includes:
step S110: obtaining a first random number according to the first request party;
step S120: obtaining a second random number according to the first data party;
step S130: obtaining a first encryption parameter through negotiation between the first requester and the first data side;
step S140: obtaining the Key value field data set according to the first requester information;
step S150: generating the first encrypted data group according to the first random number, the first encryption parameter and the Key value field data set;
step S160: and generating the second encrypted data group according to the second random number, the first encryption parameter and the Key value field data set.
Specifically, the first requester is a Client participating in the private data intersection calculation, and the first data party is a Server participating in the private data intersection calculation. The security of the scheme is based on the underlying principle of cryptography (RSA analysis on safe module, the assumption of difficult big number decomposition), and in the calculation process, random numbers are added into two data parties, namely a requester and a data party respectively to ensure the security. The method for negotiating the encryption parameters by the Client and the Server of both data owners comprises the following steps: the Key value field data sets, such as identity cards, mobile phone numbers, or combinations, can all be regarded as an ID label, i.e., a Key value. The first encrypted data group comprises the first random number, the first encrypted parameter and the Key value field data set, and the second encrypted data group comprises the second random number, the first encrypted parameter and the Key value field data set, so that the data security is ensured, and the technical effect of providing a basis for the submission of subsequent private data is provided.
Step S200: the first requester carries out signature calculation according to the first encrypted data group to obtain a first data signature;
further, the first requester performs a signature calculation according to the first encrypted data set to obtain a first data signature, where a calculation formula of the first data signature is:
Figure BDA0003328885260000081
wherein B is the first digital stamp; rcIs the first random number; a is represented by the formulaPCHCalculating and obtaining the modN; PCH pass through
Figure BDA0003328885260000082
Calculating to obtain; hc isiBy hci=H(xi) And (6) calculating.
Specifically, the first requester Client calculates a stamp (fixed length, for example, 1024 bits) of own data according to the first encrypted data group, that is, the encryption parameter, own random number, and own Key value data set (user ID). The calculation step of the first data stamp is as follows: setting Key value sets corresponding to the Client and the Server as
Figure BDA0003328885260000083
Figure BDA0003328885260000084
And
Figure BDA0003328885260000085
(e.g., user ID) where n1=|X|,n2Is | Y |. For each xiCalculating hci=H(xi) (ii) a Recalculation
Figure BDA0003328885260000086
And PCHi=PCH/hci(ii) a Calculating A ═ dPCHmod N, random selection of Rcr{1,…,N2}, calculating data stamp
Figure BDA0003328885260000087
The Client pre-calculation is completed, and the data signature calculation result is more accurate.
Step S300: the first data party generates an encryption Key value data set and a first encryption Key one by one according to the second encryption data set and the first data stamp;
specifically, the first data side Client transmits a data stamp to the Server in a certain mode, and the Server encrypts the Key value data set of the own side one by one, generates an encryption Key corresponding to the piece of data one by one, and encrypts corresponding additional data by using the Key according to the second encrypted data group, namely, the encryption parameter, the own side random number, the own side Key value data set (user ID) and the data stamp of the Client.
Step S400: the first data party encrypts additional data of the Key value data set according to the first encryption Key to generate first encrypted additional data, wherein the Key value data set and the additional data have a corresponding relation;
specifically, the first additional data is data that is attached to the back of the file and is not mapped to the memory space, and the Server may attach other application data to each record of the data set. The first encryption Key is used for encrypting the additional data corresponding to each Key value in the second encryption data group, and further, the correspondingly generated encryption data is sent to the first requester Client to complete the response operation of the requester.
Step S500: the first requester obtains a Key value intersection according to the first encrypted data group, the first data stamp and the encrypted Key value data set, and obtains a first decryption Key at the same time, wherein the first decryption Key is a decryption Key of intersection additional data corresponding to the Key value intersection;
step S600: and the first requester decrypts the intersection additional data in the first encrypted additional data according to the first decryption Key to obtain a first additional plaintext corresponding to the Key value intersection.
Specifically, the first encrypted Key value data set is obtained by calculation according to a first encrypted parameter, a first data stamp, a second random number, and an encrypted Key value of a second encrypted data set, and the first requestor Client obtains an intersection of Key values and obtains a first decryption Key according to the first encrypted data set, that is, the encrypted parameter, the own random number, and the own Key value data set, and the first data stamp and the encrypted data of the responder, that is, the first encrypted Key value data set. The first decryption Key is a decryption Key of additional data corresponding to the Key value intersection, the decryption Key of additional data of Key values not intersecting cannot be obtained by the first requester, the decryption of the additional data can be performed only after the Key value intersection is obtained and the decryption Key is obtained for the confidential additional data, and the first requester Client obtains the decrypted additional plaintext according to the first decryption Key for the first encrypted additional data.
Further, in a step S130 in this embodiment of the present application, where the first encryption parameter is obtained through negotiation between the first requester and the first data party, the step further includes:
step S131: the first encryption parameter comprises a large integer N, QRNAnd two hash functions H (·), H ' (·), where N ═ pq, p ═ 2p ' +1, q ═ 2q ' +1, and p, q, p ', q ' are all large primes.
Specifically, let the Key value sets corresponding to the Client and the Server respectively be
Figure BDA0003328885260000101
And
Figure BDA0003328885260000102
(e.g., user ID) where n1=|X|,n2Is | Y |. The message that the Server needs to additionally transmit is
Figure BDA0003328885260000103
Obtaining a first encryption parameter through negotiation between the first requester and the first data party, where the first encryption parameter includes N, QR that a common input of the entire protocol is a large integerNAnd two hash functions H (·), H ' (·), where N ═ pq, p ═ 2p ' +1, q ═ 2q ' +1, p, q, p ', q ' are all large prime numbers, so as to ensure the technical effect of data transmission security.
As shown in fig. 3, further, step S500 in the embodiment of the present application further includes:
step S510: obtaining first demand application data;
step S520: acquiring first application data to be appended according to the first requirement application data;
step S530: according to a first additional instruction, the first data direction attaches the first to-be-attached application data to the Key value data set to generate first additional data.
Specifically, the first on-demand application includes credit records such as data personnel, multi-head data, a consumption portrait, and the like, and the first to-be-appended application data is accompanied by other meaningful application data. According to the first additional instruction, the first data Server can add other application data to each record of the data set to generate the first additional data, and the Client can obtain the additional data corresponding to the intersection part but cannot obtain the additional data (additional message) of the non-intersection part, so that the Key value can be attached with other meaningful application data.
Further, step S200 in the embodiment of the present application further includes: the length of the first data stamp is fixed, and the first data stamp is transmitted to the first data party by the first request party according to a first preset mode.
Specifically, the length of the first data stamp is a fixed length, and after the first data stamp calculation is completed, the first data stamp B is transmitted to the first data Server by the first requester Client according to a first preset mode, so that the data stamp calculation is completed accurately, and the data stamp is transmitted to the data Server safely.
Further, in this embodiment, the step S600 of the present application further includes:
step S610: the Key value intersection passes through H' (K)c,j) And H' (K)s,j) Comparing and obtaining intersection, wherein the H' (K)c,j) Middle Kc,jAnd said H' (K)s,j) Middle Ks,jAre respectively calculated as
Figure BDA0003328885260000111
Figure BDA0003328885260000112
Wherein R isCIs the first random number; rSIs the second random number.
Specifically, the H' (K)c,j) And said H' (K)s,j) Is a hash function, and the H' (K)s,j) Obtained by a first data side calculation, the H' (K)c,j) Calculated by the first requester. Further, calculating
Figure BDA0003328885260000113
The first data party obtains a first data signature B and in turn a second data set Key value (y)i) Calculating to obtain a first encryption Key value data set H' (K)s,j) And Z, RSIs to randomly select RsrThe random number of {0,1, …, p 'q' -1}, i.e., the second random number. For each yjCalculating hsj=H(yj),
Figure BDA0003328885260000114
Figure BDA0003328885260000115
By Ks,jDeriving a symmetric encryption key ks,jBased on the message that the first data party needs additional transmission
Figure BDA0003328885260000116
Using said ks,jFor additional message mjEncrypted to obtain a ciphertext cjCalculate H' (K)s,j) Then, Z and H' (K) in a disordered order are addeds,j) And a ciphertext CjAnd sending to the client.
Further, the first requester calculates K for each jc,jAnd H' (K)c,j) Wherein, the
Figure BDA0003328885260000121
And the H' (K) obtained by the first requesterc,j) And H' (K) obtained by the first data sides,j) The comparison is carried out to find the intersection, and k iss,jIs through Ks,jDerived symmetric encryption key, kc,jIs through Kc,jDerived symmetric encryption key by pairing ks,jAnd kc,jObtaining the intersection Key, so that the first requester can simultaneously obtain the decryption Key of the additional data corresponding to the intersection Key value, thereby decrypting the additional message C by using the KeyjObtaining a plaintext mjTherefore, the technical effect of ensuring the data security is achieved.
To sum up, the privacy data intersection method and system for transmitting trace data by one party provided by the embodiment of the application have the following technical effects:
because the first requester is adopted to carry out the signature calculation according to the first encrypted data group, the first data signature is obtained; the first data party generates an encryption Key value data set and a first encryption Key one by one according to the second encryption data set and the first data stamp; the first data party encrypts additional data and the Key value data set according to the first encryption Key to obtain a first encryption Key value data set and first encryption additional data, wherein the Key value data set and the additional data have a corresponding relationship; the first requester obtains a Key value intersection according to the first encrypted data group, the first data stamp and the encrypted Key value data set, and obtains a first decryption Key at the same time; and the first requester decrypts the intersection additional data in the first encrypted additional data according to the first decryption Key to obtain a first additional plaintext corresponding to the Key value intersection. And then one party Client participating in the intersection calculation can obtain the final intersection only by providing a trace amount of data with fixed length after calculation to the other party Server, and the Server can add other application data to each record of the data set, so that the data set of one party Client does not flow out of the mechanism in any way, the intersection of the data sets of the two parties and the additional data corresponding to the intersection can be obtained, the non-intersection part in the data set of the other party Server cannot be leaked to the requesting party, and the Client cannot provide the encrypted data of the Server for any third party for use.
Example two
Based on the same inventive concept as the private data intersection method for transmitting trace data by one party in the foregoing embodiments, the present invention further provides a private data intersection system for transmitting trace data by one party, as shown in fig. 4, where the system includes:
a first obtaining unit 11, the first obtaining unit 11 being configured to obtain a first encrypted data set and a second encrypted data set;
a second obtaining unit 12, where the second obtaining unit 12 is configured to perform a signature calculation on the first requester according to the first encrypted data set, so as to obtain a first data signature;
a first generating unit 13, where the first generating unit 13 is configured to generate, by the first data party, an encrypted Key value data set and a first encrypted Key piece by piece according to the second encrypted data set and the first data stamp;
a third obtaining unit 14, where the third obtaining unit 14 is configured to encrypt, by the first data party, additional data of the Key value data set according to the first encryption Key to generate first encrypted additional data, where the Key value data set and the additional data have a correspondence relationship;
a fourth obtaining unit 15, where the fourth obtaining unit 15 is configured to obtain, by the first requestor, a Key value intersection according to the first encrypted data group, the first data stamp and the encrypted Key value data set, and obtain a first decryption Key at the same time, where the first decryption Key is a decryption Key of intersection additional data corresponding to the Key value intersection;
a fifth obtaining unit 16, where the fifth obtaining unit 16 is configured to decrypt the intersection additional data in the first encrypted additional data according to the first decryption Key by the first requestor, and obtain a first additional plaintext corresponding to the Key value intersection.
Further, the system further comprises:
a sixth obtaining unit, configured to obtain a first random number according to the first requester;
a seventh obtaining unit, configured to obtain a second random number according to the first data party;
an eighth obtaining unit, configured to obtain a first encryption parameter through negotiation between the first requester and the first data party;
a ninth obtaining unit, configured to obtain the Key value field data set according to the first requestor information;
a second generation unit configured to generate the first encrypted data group from the first random number, the first encryption parameter, and the Key value field data set;
a third generating unit configured to generate the second encrypted data group from the second random number, the first encryption parameter, and the Key value field data set.
Further, the system further comprises:
a tenth obtaining unit for obtaining the first demand application data;
an eleventh obtaining unit, configured to obtain first application data to be appended according to the first demand application data;
a fourth generating unit, configured to, according to a first addition instruction, add the first to-be-added application data to the Key value data set by the first data direction, and generate first additional data.
Various changes and specific examples of the private data intersection method for transmitting trace data by one party in the first embodiment of fig. 1 are also applicable to the private data intersection system for transmitting trace data by one party in this embodiment, and through the foregoing detailed description of the private data intersection method for transmitting trace data by one party, those skilled in the art can clearly know the implementation method of the private data intersection system for transmitting trace data by one party in this embodiment, so for the sake of brevity of the description, detailed descriptions are not repeated here.
In addition, an embodiment of the present invention further provides an electronic device, which includes a bus, a transceiver, a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the transceiver, the memory, and the processor are connected via the bus, and when the computer program is executed by the processor, the processes of the method for controlling output data are implemented, and the same technical effects can be achieved, and are not described herein again to avoid repetition.
Exemplary electronic device
Specifically, referring to fig. 5, an embodiment of the present invention further provides an electronic device, which includes a bus 1110, a processor 1120, a transceiver 1130, a bus interface 1140, a memory 1150, and a user interface 1160.
In an embodiment of the present invention, the electronic device further includes: a computer program stored on the memory 1150 and executable on the processor 1120, the computer program, when executed by the processor 1120, implementing the various processes of the method embodiments of controlling output data described above.
A transceiver 1130 for receiving and transmitting data under the control of the processor 1120.
In embodiments of the invention in which a bus architecture (represented by bus 1110) is used, bus 1110 may include any number of interconnected buses and bridges, with bus 1110 connecting various circuits including one or more processors, represented by processor 1120, and memory, represented by memory 1150.
Bus 1110 represents one or more of any of several types of bus structures, including a memory bus, and a memory controller, a peripheral bus, an accelerated graphics port, a processor, or a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include: industry standard architecture bus, micro-channel architecture bus, expansion bus, video electronics standards association, peripheral component interconnect bus.
Processor 1120 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method embodiments may be performed by integrated logic circuits in hardware or instructions in software in a processor. The processor described above includes: general purpose processors, central processing units, network processors, digital signal processors, application specific integrated circuits, field programmable gate arrays, complex programmable logic devices, programmable logic arrays, micro-control units or other programmable logic devices, discrete gates, transistor logic devices, discrete hardware components. The various methods, steps and logic blocks disclosed in embodiments of the present invention may be implemented or performed. For example, the processor may be a single core processor or a multi-core processor, which may be integrated on a single chip or located on multiple different chips.
Processor 1120 may be a microprocessor or any conventional processor. The steps of the method disclosed in connection with the embodiments of the present invention may be directly performed by a hardware decoding processor, or may be performed by a combination of hardware and software modules in the decoding processor. The software modules may reside in random access memory, flash memory, read only memory, programmable read only memory, erasable programmable read only memory, registers, and the like, as is known in the art. The readable storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
The bus 1110 may also connect various other circuits such as peripherals, voltage regulators, or power management circuits to provide an interface between the bus 1110 and the transceiver 1130, as is well known in the art. Therefore, the embodiments of the present invention will not be further described.
The transceiver 1130 may be one element or may be multiple elements, such as multiple receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. For example: the transceiver 1130 receives external data from other devices, and the transceiver 1130 transmits data processed by the processor 1120 to other devices. Depending on the nature of the computer system, a user interface 1160 may also be provided, such as: touch screen, physical keyboard, display, mouse, speaker, microphone, trackball, joystick, stylus.
It is to be appreciated that in embodiments of the invention, the memory 1150 may further include memory located remotely with respect to the processor 1120, which may be coupled to a server via a network. One or more portions of the above-described network may be an ad hoc network, an intranet, an extranet, a virtual private network, a local area network, a wireless local area network, a wide area network, a wireless wide area network, a metropolitan area network, the internet, a public switched telephone network, a plain old telephone service network, a cellular telephone network, a wireless fidelity network, and a combination of two or more of the above. For example, the cellular telephone network and the wireless network may be a global system for mobile communications, code division multiple access, global microwave interconnect access, general packet radio service, wideband code division multiple access, long term evolution, LTE frequency division duplex, LTE time division duplex, long term evolution-advanced, universal mobile communications, enhanced mobile broadband, mass machine type communications, ultra-reliable low latency communications, etc.
It is to be understood that the memory 1150 in embodiments of the present invention can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. Wherein the nonvolatile memory includes: read-only memory, programmable read-only memory, erasable programmable read-only memory, electrically erasable programmable read-only memory, or flash memory.
The volatile memory includes: random access memory, which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as: static random access memory, dynamic random access memory, synchronous dynamic random access memory, double data rate synchronous dynamic random access memory, enhanced synchronous dynamic random access memory, synchronous link dynamic random access memory, and direct memory bus random access memory. The memory 1150 of the electronic device described in the embodiments of the invention includes, but is not limited to, the above and any other suitable types of memory.
In an embodiment of the present invention, memory 1150 stores the following elements of operating system 1151 and application programs 1152: an executable module, a data structure, or a subset thereof, or an expanded set thereof.
Specifically, the operating system 1151 includes various system programs such as: a framework layer, a core library layer, a driver layer, etc. for implementing various basic services and processing hardware-based tasks. Applications 1152 include various applications such as: media player, browser, used to realize various application services. A program implementing a method of an embodiment of the invention may be included in application program 1152. The application programs 1152 include: applets, objects, components, logic, data structures, and other computer system executable instructions that perform particular tasks or implement particular abstract data types.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements each process of the above method for controlling output data, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
The above description is only a specific implementation of the embodiments of the present invention, but the scope of the embodiments of the present invention is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the embodiments of the present invention, and all such changes or substitutions should be covered by the scope of the embodiments of the present invention. Therefore, the protection scope of the embodiments of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. A privacy data intersection method for transmitting trace data by one party, wherein the method comprises the following steps:
obtaining a first encrypted data set and a second encrypted data set;
the first requester carries out signature calculation according to the first encrypted data group to obtain a first data signature;
the first data party generates an encryption Key value data set and a first encryption Key one by one according to the second encryption data set and the first data stamp;
the first data party encrypts additional data of the Key value data set according to the first encryption Key to generate first encrypted additional data, wherein the Key value data set and the additional data have a corresponding relation;
the first requester obtains a Key value intersection according to the first encrypted data group, the first data stamp and the encrypted Key value data set, and obtains a first decryption Key at the same time, wherein the first decryption Key is a decryption Key of intersection additional data corresponding to the Key value intersection;
and the first requester decrypts the intersection additional data in the first encrypted additional data according to the first decryption Key to obtain a first additional plaintext corresponding to the Key value intersection.
2. The method of claim 1, wherein the obtaining a first encrypted data set and a second encrypted data set comprises:
obtaining a first random number according to the first request party;
obtaining a second random number according to the first data party;
obtaining a first encryption parameter through negotiation between the first requester and the first data side;
obtaining the Key value field data set according to the first requester information;
generating the first encrypted data group according to the first random number, the first encryption parameter and the Key value field data set;
and generating the second encrypted data group according to the second random number, the first encryption parameter and the Key value field data set.
3. The method of claim 2, wherein the negotiating by the first requestor and the first datar obtains first encryption parameters comprises:
the first encryption parameter comprises a large integer N, QRNAnd two hash functions H (·), H ' (·), where N ═ pq, p ═ 2p ' +1, q ═ 2q ' +1, and p, q, p ', q ' are all large primes.
4. The method of claim 2, the method comprising:
obtaining first demand application data;
acquiring first application data to be appended according to the first requirement application data;
according to a first additional instruction, the first data direction attaches the first to-be-attached application data to the Key value data set to generate first additional data.
5. The method of claim 3, wherein the first requestor performs a signature calculation based on the first encrypted data set to obtain a first data signature, wherein the first data signature is calculated by:
Figure FDA0003328885250000021
wherein B is the first digital stamp; rcIs the first random number; a is represented by the formulaPCHCalculating and obtaining the modN; PCH pass through
Figure FDA0003328885250000022
Calculating to obtain; hc isiBy hci=H(xi) And (6) calculating.
6. The method of claim 5, wherein the length of the first data stamp is a fixed length and the first data stamp is transmitted by the first requestor to the first requestor in a first predetermined manner.
7. The method of claim 3, wherein the first requestor intersects Key values from the first encrypted data set and the first encrypted Key value data set while obtaining a first decryption Key, the method comprising:
the Key value intersection passes through H' (K)c,j) And H' (K)s,j) Comparing and obtaining intersection, wherein the H' (K)c,j) Middle Kc,jIs calculated byAnd said H' (K)s,j) Middle Ks,jAre respectively calculated as
Figure FDA0003328885250000031
Figure FDA0003328885250000032
Wherein R isCIs the first random number; rSIs the second random number.
8. A private data exchange system for transmitting trace data by one party, wherein the system comprises:
a first obtaining unit configured to obtain a first encrypted data group and a second encrypted data group;
a second obtaining unit, configured to perform signature calculation on the first encrypted data set by the first requester to obtain a first data signature;
a first generation unit, configured to generate, by the first data party, an encrypted Key value data set and a first encrypted Key item by item according to the second encrypted data group and the first data stamp;
a third obtaining unit, configured to encrypt, by the first data party, additional data of the Key value data set according to the first encryption Key to generate first encrypted additional data, where the Key value data set and the additional data have a correspondence relationship;
a fourth obtaining unit, configured to obtain, by the first requestor, a Key value intersection according to the first encrypted data group, the first data stamp, and the encrypted Key value data set, and obtain a first decryption Key at the same time, where the first decryption Key is a decryption Key of intersection additional data corresponding to the Key value intersection;
a fifth obtaining unit, configured to decrypt, by the first requestor, the intersection additional data in the first encrypted additional data according to the first decryption Key, and obtain a first additional plaintext corresponding to the Key value intersection.
9. A private data exchange system for transmitting trace data by a party, comprising a bus, a transceiver, a memory, a processor and a computer program stored on the memory and executable on the processor, the transceiver, the memory and the processor being connected via the bus, wherein the computer program when executed by the processor implements the steps in the method of controlling output data according to any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, wherein the computer program, when being executed by a processor, carries out the steps of the method of controlling output data according to any one of claims 1-7.
CN202111274270.8A 2021-10-29 2021-10-29 Private data intersection method and system for transmitting trace data by one party Pending CN113946855A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111274270.8A CN113946855A (en) 2021-10-29 2021-10-29 Private data intersection method and system for transmitting trace data by one party

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111274270.8A CN113946855A (en) 2021-10-29 2021-10-29 Private data intersection method and system for transmitting trace data by one party

Publications (1)

Publication Number Publication Date
CN113946855A true CN113946855A (en) 2022-01-18

Family

ID=79337188

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111274270.8A Pending CN113946855A (en) 2021-10-29 2021-10-29 Private data intersection method and system for transmitting trace data by one party

Country Status (1)

Country Link
CN (1) CN113946855A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230090453A1 (en) * 2020-10-30 2023-03-23 KnowBe4, Inc. Systems and methods for determination of level of security to apply to a group before display of user data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230090453A1 (en) * 2020-10-30 2023-03-23 KnowBe4, Inc. Systems and methods for determination of level of security to apply to a group before display of user data
US11943253B2 (en) * 2020-10-30 2024-03-26 KnowBe4, Inc. Systems and methods for determination of level of security to apply to a group before display of user data

Similar Documents

Publication Publication Date Title
CN113424185B (en) Fast inadvertent transmission
CN113032840B (en) Data processing method, device, equipment and computer readable storage medium
US8873754B2 (en) Proxy-based encryption method, proxy-based decryption method, network equipment, network device and system
TW498233B (en) Method of authenticating anonymous users while reducing potential for ""middleman"" fraud
CN113411345B (en) Method and device for secure session
CN116204912B (en) Data processing method and device based on isomorphic encryption
CN109905229B (en) Anti-quantum computing Elgamal encryption and decryption method and system based on group asymmetric key pool
CN110635912B (en) Data processing method and device
WO2018016330A1 (en) Communication terminal, server device, and program
CN111555880A (en) Data collision method and device, storage medium and electronic equipment
CN113987584A (en) Method and system for hiding query
CN111291420B (en) Distributed off-link data storage method based on block chain
CN116830523A (en) threshold key exchange
JP2023114996A (en) Correlation coefficient acquisition method, apparatus, electronic device and storage medium
CN111586142A (en) Safe multi-party computing method and system
CN113434906B (en) Data query method, device, computer equipment and storage medium
CN111917533A (en) Privacy preserving benchmark analysis with leakage reducing interval statistics
WO2021168614A1 (en) Data encryption processing method, data decryption processing method, apparatus, and electronic device
CN113946855A (en) Private data intersection method and system for transmitting trace data by one party
CN101150399A (en) Generation method for share secret key
Somaiya et al. Implementation and evaluation of EMAES–A hybrid encryption algorithm for sharing multimedia files with more security and speed
CN113645022B (en) Method, device, electronic equipment and storage medium for determining intersection of privacy sets
CN113094735B (en) Privacy model training method
US11496287B2 (en) Privacy preserving fully homomorphic encryption with circuit verification
CN107872312A (en) Symmetric key dynamic creation method, device, equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100000 floors 1-3, block a, global creative Plaza, No. 10, Furong street, Chaoyang District, Beijing

Applicant after: Bairong Zhixin (Beijing) Technology Co.,Ltd.

Address before: 100000 floors 1-3, block a, global creative Plaza, No. 10, Furong street, Chaoyang District, Beijing

Applicant before: Bairong Zhixin (Beijing) credit investigation Co.,Ltd.