CN114329599A - Data query method and device and storage medium - Google Patents

Data query method and device and storage medium Download PDF

Info

Publication number
CN114329599A
CN114329599A CN202111659363.2A CN202111659363A CN114329599A CN 114329599 A CN114329599 A CN 114329599A CN 202111659363 A CN202111659363 A CN 202111659363A CN 114329599 A CN114329599 A CN 114329599A
Authority
CN
China
Prior art keywords
data
ciphertext
client
hash value
query
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111659363.2A
Other languages
Chinese (zh)
Other versions
CN114329599B (en
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Real AI Technology Co Ltd
Original Assignee
Beijing Real AI Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Real AI Technology Co Ltd filed Critical Beijing Real AI Technology Co Ltd
Priority to CN202111659363.2A priority Critical patent/CN114329599B/en
Publication of CN114329599A publication Critical patent/CN114329599A/en
Application granted granted Critical
Publication of CN114329599B publication Critical patent/CN114329599B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The application relates to the field of data processing, and provides a data query method, a data query device and a storage medium. The method comprises the following steps: receiving a first query request which is sent by a client and carries a ciphertext identifier, wherein the ciphertext identifier is obtained by encrypting the client based on a plaintext identifier of target data in a fully homomorphic encryption mode, and the target data comprises unstructured data; obtaining packed data corresponding to the ciphertext identifier in the first query request based on at least two pre-stored layers of mapping relations, wherein the packed data are generated in advance based on the target data and comprise structured data; and returning the packed data to the client so that the client can obtain target data based on the packed data. By preprocessing unstructured data and generating at least two corresponding layers of mapping relations, the method can feed back a complete result by one-time track hiding query; and the target data identification after homomorphic encryption is supported to be transmitted, so that the privacy safety is ensured.

Description

Data query method and device and storage medium
Technical Field
Embodiments of the present application relate to the field of data processing, and in particular, to a data query method, apparatus and storage medium.
Background
The confidential Information Retrieval (Private Information Retrieval-PIR) is also called Private Information Retrieval, and helps a querying party to protect Private Information of a user from being leaked when sending a query request to a data party, and obtain data to be queried, that is, the data party does not know the Private Information and query Information of the querying party.
In the existing products with hidden track query, most of the products use a transmission technology based on an oblivious transmission protocol (OT), a data party retrieves a plurality of data according to a query request of the query party, and then finds a corresponding result from the plurality of data, which results in low accuracy, performance and effective data amount included in a single communication, and increased time cost for obtaining an accurate query result. In addition, the query result that the protocol supports transmission is usually simple label data, and when large data amount information is to be queried, such as unstructured data (e.g., pictures, audio, text, etc.), the current technical scheme is that a data side firstly performs data segmentation and encryption, then transmits the data to a query side, and the data is decrypted and spliced by the query side to obtain complete data. This requires a large number of repeated queries to obtain each data block, and when the data blocks are spliced, the accuracy of finally obtaining complete data is affected by the disorder of the sequence.
Disclosure of Invention
The embodiment of the application provides a data query method, a data query device and a storage medium, a data side preprocesses unstructured target data to obtain compressed structured packed data for feedback to the data side, and generates a corresponding mapping relation comprising at least two layers, and under the condition that specific query data cannot be pushed backwards, a complete result can be fed back through one-time query; and corresponding target data is acquired according to the homomorphic encrypted target data identifier, so that privacy safety is guaranteed.
In a first aspect of the present application, there is provided a data query method including:
receiving a first query request which is sent by a client and carries a ciphertext identifier, wherein the ciphertext identifier is obtained by encrypting the client based on a plaintext identifier of target data in a fully homomorphic encryption mode, and the target data comprises unstructured data;
obtaining packed data corresponding to a ciphertext identifier in the first query request based on at least two pre-stored layers of mapping relationships, wherein the at least two layers of mapping relationships form continuous chain type mapping between the ciphertext identifier and the packed data, each mapping relationship at least comprises a ciphertext parameter encrypted by a secret key generated by a client, the packed data is pre-generated based on the target data, and the packed data comprises structured data;
and returning the packed data to the client so that the client can obtain target data based on the packed data.
In a second aspect of the present application, there is provided a data query apparatus including:
the system comprises an input/output module, a first query module and a second query module, wherein the input/output module is configured to receive a first query request which is sent by a client and carries a ciphertext identifier, the ciphertext identifier is obtained by encrypting the client based on a plaintext identifier of target data in a fully homomorphic encryption mode, and the target data comprises unstructured data;
the processing module is configured to obtain packed data corresponding to the ciphertext identifier in the first query request based on at least two pre-stored layers of mapping relationships, wherein the at least two layers of mapping relationships form continuous chain mapping between the ciphertext identifier and the packed data, each mapping relationship at least comprises a ciphertext parameter encrypted by a key generated by a client, the packed data is pre-generated based on the target data, and the packed data comprises structured data;
the input and output module is further configured to return the packaged data to the client, so that the client obtains target data based on the packaged data.
In a third aspect of the present application, a computer-readable storage medium is provided, comprising instructions which, when run on a computer, cause the computer to perform the method according to the first aspect.
In a fourth aspect of the present application, a computing device is provided, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of the first aspect when executing the computer program.
Compared with the prior art, the data query is carried out by the transmission technology of an accidental transmission protocol (OT), a data side can retrieve a plurality of data according to the query request of a user, and then a corresponding result is found from the plurality of data; when the unstructured data is queried, the data needs to be segmented and encrypted firstly, then the data is transmitted to a querying party, and the data is decrypted and spliced by the querying party to obtain complete data, so that the data query efficiency is low, and the accuracy is poor. The data query method disclosed by the application is used for preprocessing unstructured data, compressing the unstructured data into structured packed data and generating at least two corresponding layers of mapping relations, wherein each mapping relation at least comprises a ciphertext parameter encrypted by a secret key generated by a client, and under the condition that the specific data queried by a query party cannot be pushed backwards, a complete result can be fed back through one-time query without segmentation during data preprocessing and splicing operation during data query, so that the data query efficiency is high, and the query result is accurate; and corresponding target data is acquired according to the homomorphic encrypted target data identifier, so that privacy safety is guaranteed. In some embodiments of the present application, when a mapping relationship is generated in advance, a random arrangement parameter is added, so as to increase the difficulty of backward pushing of target data queried by a user, and further ensure privacy and security of a track-hiding query.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present application will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. Several embodiments of the present application are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which:
FIG. 1a is a schematic diagram of an implementation environment of a data query method according to some embodiments of the present application for generating m-level mapping relationships in advance;
FIG. 1b is a schematic diagram of an implementation environment of a data query method according to some embodiments of the present application in which two-layer mapping relationships are pre-generated;
fig. 2a is a signaling interaction diagram of a data query method according to the embodiment of the present application corresponding to fig. 1 a;
fig. 2b is a signaling interaction diagram of a data query method according to the embodiment of the present application corresponding to fig. 1 b;
FIG. 3 is a flow diagram illustrating the preprocessing of unstructured data according to one embodiment of the present application;
FIG. 4 is a schematic flow chart illustrating an out-of-order second mapping relationship obtained by preprocessing unstructured data according to yet another embodiment of the present application;
FIG. 5 is a schematic flow chart illustrating an out-of-order first mapping relationship obtained by preprocessing unstructured data according to yet another embodiment of the present application;
fig. 6 is a signaling interaction diagram for performing non-structural data preprocessing in a data query method according to an embodiment of the present application;
FIG. 7 is a schematic structural diagram of a data query device according to an embodiment of the present application;
FIG. 8 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present application;
FIG. 9 is a block diagram of a computing device that implements a data query method in one embodiment of the present application;
fig. 10 is a schematic structural diagram of a server implementing the data query method in an embodiment of the present application.
In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
The principles and spirit of the present application will be described with reference to a number of exemplary embodiments. It is understood that these examples are given solely to enable those skilled in the art to better understand and to practice the present application, and are not intended to limit the scope of the present application in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As will be appreciated by one skilled in the art, embodiments of the present application may be embodied as a system, apparatus, device, method, or computer program product. Thus, the present application may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Moreover, any number of elements in the drawings are by way of example and not by way of limitation, and any nomenclature is used solely for differentiation and not by way of limitation.
For the purpose of facilitating an understanding of the embodiments of the present application, a brief introduction of several concepts is provided below:
protocol for oblivious transfer: the two-party communication protocol can protect privacy and enable two communication parties to transmit messages in a selective fuzzification mode. The inadvertent transmission protocol is a basic protocol of cryptography, which can make the receiver of the service obtain some messages input by the sender of the service in an inadvertent way, thus protecting the target content of the receiver from being known by the sender.
Hash Function (Hash Function): also known as a hash function, is to transform an input of arbitrary length into an output of fixed length by a hash algorithm. The basic properties of the material mainly comprise: 1) unidirectional refers to the irreversibility of the operation direction, and in the HASH function, the output can be derived from the input, but the input cannot be calculated from the output; 2) collision constraints refer to the inability to find an input that results in an output equal to a known output or to find two different inputs at the same time that results in outputs that are identical.
Homomorphic Encryption (Homomorphic Encryption) is a cryptographic technique based on the theory of computational complexity of mathematical problems. The homomorphic encrypted data is processed to produce an output, which is decrypted, the result being the same as the output obtained by processing the unencrypted original data in the same way. The overall matrix operation adopted by the fully homomorphic encryption algorithm is superior to semi-homomorphic encryption and other algorithms with equivalent efficiency in the encryption and operation stages. The fully homomorphic encryption algorithm can resist quantum attack, and the semi-homomorphic encryption algorithm based on the elliptic curve does not contain the characteristic.
Asymmetric encryption algorithm: two keys, namely a public key and a private key are needed, the public key and the private key are a pair of keys, if the public key is used for encrypting data, the data can be decrypted only by using the corresponding private key, the confidentiality of an asymmetric encryption algorithm is good, and the need of exchanging and transmitting the symmetric key by an end user is eliminated.
At present, most of data hiding query uses a transmission technology based on an accidental transmission protocol, a data side can retrieve a plurality of pieces of data according to a query request of a query side, and then a corresponding result is found from the plurality of pieces of data; when large data amount information such as unstructured data (e.g., pictures, audio, text, etc.) needs to be queried, data needs to be segmented and encrypted first, then the data is transmitted to a querying party, and the data is decrypted and spliced by the querying party to obtain complete data. The accuracy and performance of the track hiding query by adopting the oblivious transmission protocol and the effective data volume included in single communication are lower, and the time cost for obtaining the accurate query result is higher.
Therefore, the embodiment of the application provides a data query method, which includes processing unstructured data in a database in advance to generate each structured packed data, then generating continuous chain type mapping at least comprising two layers of ciphertext identifications and packed data correspondingly, further receiving a query request sent by a client by a server when data query is performed, wherein the query request at least comprises a fully homomorphic encrypted ciphertext identification indirectly corresponding to the target data, then obtaining the packed data of the target data through step-by-step matching according to the ciphertext identification and at least two layers of mapping relations, and then feeding the packed data back to the client; the unstructured data are structured by compressing and packaging the unstructured data, the target unstructured data can be fed back completely in a one-time query structure, corresponding target data can be obtained according to the ciphertext identification, the query plaintext of the client cannot be revealed even if the ciphertext identification is revealed, and the method has higher safety
Please refer to fig. 1a, which illustrates a schematic structural diagram of an implementation environment related to a data query method provided in an embodiment of the present application. The implementation environment may include a terminal 01 and a server 02. The terminal (client) 01 may be, but is not limited to, a tablet computer, a notebook computer, a desktop computer, and the like. The server 02 may be a server, a server cluster composed of several servers, or a cloud computing service center. And a connection between the terminal 01 and the server 02 can be established through a wired or wireless network.
A database may be deployed in the server 02, and each unstructured data may be stored in the database.
The terminal 01 can send a first query request carrying a ciphertext identifier to the server 02, after the server 02 receives the first query request, the server 02 can search for packed data corresponding to the ciphertext identifier in a preset mapping relationship of at least two layers according to the ciphertext identifier in the first query request, and then feed back the obtained packed data to the terminal 01. After receiving the packed data, the terminal 01 may analyze the packed data to obtain target unstructured data.
After receiving the first query request, the server 02 searches for the packed data corresponding to the ciphertext identifier in a preset mapping relationship of at least two layers according to the ciphertext identifier in the first query request. Each mapping relation at least comprises a ciphertext parameter encrypted by a secret key held by the terminal 01, so that the target data can be correctly acquired only if the terminal 01 continuously participates in the inquiry process. Specifically, the terminal 01 sends a first query request carrying a ciphertext identifier 1, the server receives the first query request, and then a ciphertext x1 corresponding to the ciphertext identifier 1 is obtained in a first mapping relationship; it can be understood that the ciphertext identifier 1 is encrypted by using a fully homomorphic encryption technology, and even if the plaintext identifier 1 is stored in the server 02, the ciphertext identifier 1 does not need to be decrypted, so that the ciphertext x1 corresponding to the ciphertext identifier 1 can be directly obtained in a mapping relationship; the ciphertext x1 can only be decrypted by the key held by the terminal 01; next, the server 02 sends the ciphertext x1 to the terminal 01, and the terminal 01 decrypts the ciphertext x1 by using a corresponding key to obtain a plaintext x 1; then, the terminal 01 sends the plaintext x1 to the server 02, and the server 02 acquires the corresponding ciphertext y1 from the server 02 according to the plaintext x 1; the server 02 continues to send the ciphertext y1 to the terminal 01 for decryption, the terminal 01 decrypts the ciphertext y1 and then sends the ciphertext to the server 02, the processes are sequentially continued until the server 02 obtains the packed data 1 in the last mapping relation based on the plaintext z1 sent by the terminal 01, and then the obtained packed data are fed back to the terminal 01. After receiving the packed data, the terminal 01 may analyze the packed data to obtain target unstructured data.
The various embodiments of the present application are schematically illustrated as applied to the implementation environment shown in fig. 1a or fig. 1 b.
Exemplary method
In the following, in conjunction with the implementation scenario of fig. 1a, the method for data query according to the exemplary embodiment of the present application is described with reference to fig. 2a, and the method may be applied to a computing device, which may be the server 02 in the above-listed implementation environment, and the present application does not limit the product form and structure of the computing device executing the pair of data query methods.
In one embodiment of the present application, a data query method is provided, including:
step S110, receiving a first query request which is sent by a client and carries a ciphertext identifier;
in this embodiment, the ciphertext identifier is obtained by encrypting the client by adopting a fully homomorphic encryption mode based on the plaintext identifier of the target data; the overall matrix operation adopted by the fully homomorphic encryption algorithm is superior to semi-homomorphic encryption and other algorithms with equivalent efficiency in the encryption and operation stages. And the fully homomorphic encryption algorithm can resist quantum attack and is safer. Therefore, the ciphertext identification obtained by adopting the fully homomorphic encryption can be directly matched with the plaintext identification stored in the server for calculation, the safety of data request transmission in the data query process is ensured, and the data query information of the client is not easy to leak.
In this embodiment, the target data may include unstructured data, which is data that has an irregular or incomplete data structure, has no predefined data model, and is not conveniently represented by a database two-dimensional logical table. Including office documents, text, pictures, XML, HTML, various types of reports, images, audio/video information, and the like, in all formats.
After receiving the first query request, next executing step S120, obtaining packed data corresponding to the ciphertext identifier in the first query request based on at least two pre-stored layers of mapping relationships;
in this embodiment, as shown in fig. 1a, the at least two layers of mapping relationships form a continuous chain mapping between the ciphertext identifier and the packed data, and each of the mapping relationships at least includes a ciphertext parameter encrypted by a key generated by a client. Therefore, in the data query process, several mapping relations exist, the client side is required to decrypt the ciphertext for several times, and only if the client side continuously decrypts the ciphertext in each mapping relation to obtain the plaintext in the next mapping relation, the corresponding packed data can be obtained in the final mapping relation. By setting the at least two layers of mapping relations, it is ensured that the corresponding packed data can be finally obtained only by the continuous participation of the client, and the confidential query of the data is realized, namely, the server cannot directly determine the specific query information according to the query request sent by the client. In addition, in this embodiment, the packed data is generated in advance based on the target data, and the packed data includes structured data;
referring to fig. 1b, a terminal (client) 01 may send a first query request carrying a ciphertext identifier to the server 02, and after receiving the first query request, the server 02 may search for a corresponding ciphertext hash value in the first mapping relationship according to the ciphertext identifier in the first query request, and then feed back the ciphertext hash value corresponding to the ciphertext identifier to the terminal 01. After receiving the ciphertext hash value, the terminal 01 may decrypt the ciphertext hash value to obtain a corresponding plaintext hash value, and then send a second query request carrying the plaintext hash value to the server 02. After receiving the second query request, the server 02 may search for the packed data corresponding to the plaintext hash value in the second mapping relationship, and then feed back the obtained packed data to the terminal 01. After receiving the packed data, the terminal 01 may analyze the packed data to obtain target unstructured data.
Specifically, referring to fig. 2b, in this embodiment, after receiving the first query request, the server next performs step S120-1, and obtains a ciphertext hash value corresponding to the ciphertext identifier in the first query request based on a first mapping relationship between each ciphertext identifier and each ciphertext hash value stored in advance;
in this embodiment, the generating manner of the first mapping relationship between each pre-stored plaintext identifier and each pre-stored ciphertext hash value includes:
compressing each data in a preset database respectively to obtain corresponding packed data;
since the data size of the unstructured data itself may be relatively large, for example, the data size of the video data is often MB level, so as to facilitate feeding back complete unstructured data to the client during data query, in this embodiment, the server storing the data performs compression processing on the unstructured data in advance to obtain each packed data corresponding to each unstructured data.
Then, performing hash calculation on each packed data to obtain corresponding plaintext hash values;
in order to conveniently acquire target data during data query, an identifier of the target data is generally sent when a query request is sent, and then the target data is correspondingly searched according to the identifier of the target data. However, if the identification of the target data is revealed, it is likely to cause the privacy of the user's query to be revealed; in addition, if the corresponding target data can be directly acquired according to the identifier of the target data, the target data may also be leaked due to the leakage of the identifier of the target data; that is, an attacker can steal the identification of the target data and then request the target data corresponding to the identification from the server.
Therefore, in the embodiment, a first mapping relation between the plaintext identifier and the ciphertext hash value of each data and a second mapping relation between the plaintext hash value and the packed data are respectively established, and through two layers of mapping, an attacker at least needs to break two ciphertexts (the ciphertext identifier and the ciphertext hash value) when stealing target data, so that the safety of a user query request and the safety of the target data are ensured; in addition, the (data side) server cannot reverse out the query information from the received query request and the transmitted packed data.
Next, how to generate the first mapping relationship is continuously described, specifically, after obtaining each packed data based on the unstructured data, the server calculates a plaintext hash value of each packed data, and then encrypts each plaintext hash value respectively to obtain corresponding ciphertext hash values; storing a first mapping relation between the plaintext identification of each data and the corresponding ciphertext hash value; and then storing a second mapping relation between each packed data and the corresponding plaintext hash value.
In this embodiment, the hash calculation manner may include one or more of the existing hash calculation manners such as MD4, MD5, and SHS, which is not limited in this embodiment.
In order to further enhance the security of the data stored in the server and the security of the query result fed back to the client, in an embodiment of the present application, before compressing each unstructured data, each unstructured data is further encrypted, specifically, referring to fig. 3, compressing each data in the preset database to obtain corresponding packaged data includes:
encrypting each data in a preset database by using a first public key respectively to obtain each corresponding ciphertext data;
in this embodiment, the first public key is generated by a client; when the first client generates the first public key, the first client can also correspondingly generate a first private key, namely a group of corresponding public and private key pairs are generated by adopting an asymmetric encryption algorithm; the first private key may be used to decrypt the ciphertext data, that is, after the client receives the ciphertext data, the client decrypts the ciphertext data by using the first private key to obtain the target data.
It can be understood that, in this embodiment, in order to save data transmission amount, the server compresses the ciphertext data to obtain structured packed data, at this time, the server sends the packed data to the client, and after receiving the packed data, the client decompresses the packing to obtain ciphertext data, and then decrypts the ciphertext data by using the first private key to obtain target data.
In order to further improve the security of the data query process, in an embodiment of the present application, referring to fig. 4, after obtaining each ciphertext data based on each unstructured data encryption, each ciphertext data is further fused with a first random permutation parameter, and then compressed respectively to obtain each corresponding packed data; and then carrying out hash calculation based on each packed data to obtain each corresponding plaintext hash value, and storing a second mapping relation between each packed data and the corresponding plaintext hash value.
In this embodiment, since each ciphertext data is further fused with the first random permutation parameter before compression and hash calculation, the second mapping relationship between each packed data and the corresponding plaintext hash value, which is correspondingly established, will be out of order; for example, when the ciphertext data is not fused with the first random arrangement parameter, the originally established second mapping relationship is as shown in fig. 1b, and when the plaintext hash value and the packed data are in one-to-one correspondence, the original data rule is also maintained, that is, the sequence of 1, 2 and 3 · · n is maintained, and an attacker may push back the storage position of the data, thereby causing data leakage; after the ciphertext data is fused with the first random arrangement parameter, the established out-of-order second mapping relation is shown in fig. 4, when the plaintext hash value and the packed data are in one-to-one correspondence, the original data rule is not maintained, the difficulty of an attacker in reversely pushing out the storage position of the data is increased, and data leakage can be avoided.
In this embodiment, after the ciphertext data and the first random permutation parameter are fused, the plaintext hash value calculated is obviously different from the plaintext hash value of the ciphertext data that is not fused with the first random permutation parameter, so that a second out-of-order mapping relationship can be obtained during sorting.
Similarly, in order to further enhance the security of the data query process and the security of the query process, in an embodiment of the present embodiment, referring to fig. 5, after performing hash calculation based on each packed data to obtain each corresponding plaintext hash value, the ciphertext hash value encrypted by each plaintext hash value is further fused with the second random permutation parameter, so as to obtain each corresponding (fused) ciphertext hash value; and then storing a first mapping relation between the plaintext identification of each data and the corresponding (fused) ciphertext hash value.
In this embodiment, since each ciphertext hash value is fused with the second random permutation parameter after the plaintext hash value is encrypted, the first mapping relationship between the plaintext identifier of each piece of data and the corresponding ciphertext hash value, which is correspondingly established, will be out of order; for example, when the ciphertext hash value is not fused with the second random permutation parameter, the originally established first mapping relationship is as shown in fig. 1b, and when the ciphertext hash value and the plaintext identifier are in one-to-one correspondence, the original data rule is also maintained, and an attacker may push back the storage position of the data, which may cause data leakage; after the ciphertext hash value is fused with the second random permutation parameter, the established out-of-order first mapping relation is shown in fig. 5, when the ciphertext hash value and the plaintext identifier are in one-to-one correspondence, the original data rule is not maintained, the difficulty of an attacker in reversely pushing out the storage position of the data is increased, and the data can be prevented from being leaked.
In addition, in an embodiment of the present application, when the plaintext hash value is encrypted to obtain the ciphertext hash value, a second public key generated by the client may be used, referring to fig. 6, that is, when the server preprocesses the unstructured data, the first public key and the second public key generated and sent by the client may be received, and the client may respectively generate two sets of key pairs by using an asymmetric encryption algorithm; namely a first private key and a first public key, and a second private key and a second public key; the first private key and the second private key are stored in the client so as to decrypt corresponding data in a data query process, for example, after the server receives the first public key and the second public key, the server firstly encrypts unstructured data by using the first public key and then compresses the data to obtain packed data; then, encrypting the plaintext Hash values obtained based on the packed data by adopting a second public key to obtain corresponding ciphertext Hash values; and finally, respectively establishing a first mapping relation between the plaintext identification and the ciphertext hash value and a second mapping relation between the plaintext hash value and the packed data.
After introducing how the server preprocesses the unstructured data to obtain the first mapping relationship and the second mapping relationship, continuing to introduce how to perform data query, executing step S120-2, and sending the obtained ciphertext hash value to the client.
Therefore, in this embodiment, after receiving the ciphertext hash value, the client may decrypt the ciphertext hash value according to the stored second private key to obtain a corresponding plaintext hash value, and then send the plaintext hash value to the server, so as to continue data query;
after the client sends a second query request carrying the plaintext hash value, next, step S120-3 is executed, and the server receives the second query request carrying the plaintext hash value sent by the client;
then, step S120-4 is executed, and according to the pre-stored second mapping relation between each plaintext Hash value and each packed data, the packed data corresponding to the plaintext Hash value in the second query request sent by the client is obtained;
in this embodiment, the first mapping relationship and the second mapping relationship may be stored in a cache of a server when being generated, that is, the first mapping relationship and the second mapping relationship may be stored non-persistently, so that after the data query task is ended, the storage resource is released in time.
It is understood that, if the client needs to persistently query the server for data, the first mapping relationship and the second mapping relationship may also be persisted, i.e. fixedly stored in the database of the server.
In addition, in order to ensure the security of data query, in an embodiment of the present application, the data preprocessing is configured to be performed repeatedly at regular or irregular time, that is, the client regenerates the first public and private key pair and the second public and private key pair, and then updates the first mapping relationship and the second mapping relationship, so that an attacker can gradually crack sensitive information such as a ciphertext identifier, a ciphertext hash value and packed ciphertext data through a persistent packet capturing process of a data query process or a (data side) server cannot reversely push the data of the data query process, thereby determining target query data of a user.
After completely introducing how the server generates the mapping pipe in advance, continuing to introduce how to perform data query, after obtaining the packed data according to the second mapping relationship, the server executes step S130 to return the packed data to the client, and after receiving the packed data, the client can decompress the packed data to obtain ciphertext data of the target data, where the ciphertext data is obtained by encrypting the ciphertext data by using a first public key generated and sent by the client, and thus, the client can decrypt the ciphertext data by using a first private key stored by the client to obtain the target data.
The data query method of the embodiment of the application preprocesses unstructured data, compresses the unstructured data into structured packed data, and generates at least two corresponding layers of mapping relations, wherein each mapping relation at least comprises a ciphertext parameter encrypted by a secret key generated by a client, and under the condition that specific data queried by a query party cannot be pushed backwards, complete results can be fed back through one-time query without segmentation during data preprocessing and splicing operation during data query, so that the data query efficiency is high, and the query results are accurate; and corresponding target data is acquired according to the homomorphic encrypted target data identifier, so that privacy safety is guaranteed. In some embodiments of the present application, when a mapping relationship is generated in advance, a random arrangement parameter is added, so as to increase the difficulty of backward pushing of target data queried by a user, and further ensure privacy and security of a track-hiding query.
Exemplary devices
Having described the data query method according to the exemplary embodiment of the present application, next, referring to fig. 7, an apparatus for data query according to the exemplary embodiment of the present application, which may also be applied to a computing device implementing the scenario shown in the foregoing example, where the apparatus 70 includes:
the input and output module 710 is configured to receive a first query request carrying a ciphertext identifier sent by a client, where the ciphertext identifier is obtained by encrypting the client in a fully homomorphic encryption manner based on a plaintext identifier of target data, and the target data includes unstructured data;
a processing module 720, configured to obtain packed data corresponding to the ciphertext identifier in the first query request based on at least two pre-stored layers of mapping relationships, where the at least two layers of mapping relationships form a continuous chain mapping between the ciphertext identifier and the packed data, each mapping relationship at least includes a ciphertext parameter encrypted by a key generated by a client, the packed data is pre-generated based on the target data, and the packed data includes structured data;
the input-output module 710 is further configured to return the packaged data to the client, so that the client obtains target data based on the packaged data.
In an embodiment of the application, the processing module 720 is further configured to obtain a ciphertext hash value corresponding to the ciphertext identifier in the first query request based on a first mapping relationship between each plaintext identifier and each ciphertext hash value stored in advance;
the input/output module 710 is further configured to send the obtained ciphertext hash value to a client, so that the client decrypts the ciphertext hash value to obtain a plaintext hash value, where the plaintext hash value is generated in advance based on packed data corresponding to target data; receiving a second query request carrying the plaintext hash value and sent by the client;
the processing module 720 is further configured to obtain the packed data corresponding to the plaintext hash value in the second query request sent by the client according to a second mapping relationship between each plaintext hash value and each packed data stored in advance.
In an embodiment of the application, the processing module 720 is further configured to generate a first mapping relationship between the pre-stored plaintext identifiers and the stored ciphertext hash values, and specifically configured to:
compressing each data in a preset database respectively to obtain corresponding packed data;
performing hash calculation on each packed data to obtain corresponding plaintext hash values;
respectively encrypting each plaintext hash value to obtain each corresponding ciphertext hash value;
and storing a first mapping relation between each data and the corresponding ciphertext hash value.
In an embodiment of the application, the processing module 720 is further configured to generate a second mapping relationship between the pre-stored plaintext hash values and the packed data, and specifically configured to:
and storing a second mapping relation between each packed data and each corresponding plaintext hash value.
In an embodiment of the application, the processing module 720 is further configured to encrypt each data in the preset database by using a first public key respectively to obtain corresponding ciphertext data, where the first public key is generated by the client; and
and fusing each ciphertext data with the first random permutation parameter, and then respectively compressing to obtain corresponding packed data.
In an embodiment of the application, the processing module 720 is further configured to fuse each plaintext hash value with the second random permutation parameter, and then encrypt each plaintext hash value with the second public key to obtain each corresponding ciphertext hash value;
wherein the second public key is generated by a client.
In an embodiment of the application, after receiving the packed data, the client decrypts the packed data by using a first private key stored in advance to obtain corresponding target data;
and generating the first private key and the first public key in advance correspondingly.
In an embodiment of the application, after receiving the ciphertext hash value, the client decrypts the ciphertext hash value by using a pre-stored second private key to obtain a corresponding plaintext hash value;
and generating the second private key and the second public key in advance correspondingly.
The data query device of the embodiment of the application preprocesses unstructured data, compresses the unstructured data into structured packed data, and generates at least two corresponding layers of mapping relations, wherein each mapping relation at least comprises a ciphertext parameter encrypted by a secret key generated by a client, and under the condition that specific data queried by a query party cannot be pushed backwards, complete results can be fed back through one-time query without segmentation during data preprocessing and splicing operation during data query, so that the data query efficiency is high, and the query results are accurate; and corresponding target data is acquired according to the homomorphic encrypted target data identifier, so that privacy safety is guaranteed. In some embodiments of the present application, when a mapping relationship is generated in advance, a random arrangement parameter is added, so as to increase the difficulty of backward pushing of target data queried by a user, and further ensure privacy and security of a track-hiding query.
Exemplary Medium
Having described the data query method and apparatus of the exemplary embodiment of the present application, next, a computer-readable storage medium of the exemplary embodiment of the present application is described with reference to fig. 9, which illustrates a computer-readable storage medium being an optical disc 60 having a computer program (i.e., a program product) stored thereon, where the computer program, when being executed by a processor, implements the steps described in the foregoing method embodiments, for example, receives a first query request carrying a ciphertext identifier sent by a client; acquiring packed data corresponding to the ciphertext identifier in the first query request based on at least two pre-stored layers of mapping relations; and returning the packed data to the client so that the client can obtain target data based on the packed data. The specific implementation of each step is not repeated here.
It should be noted that examples of the computer-readable storage medium may also include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory, or other optical and magnetic storage media, which are not described in detail herein.
Exemplary computing device
The data query apparatus 70 in the embodiment of the present application is described above from the perspective of a modular functional entity, and the server and the terminal that execute the data query method in the embodiment of the present application are described below from the perspective of hardware processing. It should be noted that, in the embodiment of the data query apparatus of the present application, the entity device corresponding to the input/output module 910 shown in fig. 9 may be an input/output unit, a transceiver, a radio frequency circuit, a communication module, an input/output (I/O) interface, and the like, and the entity device corresponding to the processing module 720 may be a processor. The data query apparatus 70 shown in fig. 7 may have a structure as shown in fig. 9, when the data query apparatus 70 shown in fig. 7 has the structure as shown in fig. 9, the processing unit 901 and the I/O interface 905 in fig. 9 can implement the same or similar functions of the processing module 720 and the input/output module 710 provided in the foregoing apparatus embodiment corresponding to the apparatus, and the processing unit 901 in fig. 9 executes the computer program that needs to be called when the data query method is executed.
FIG. 9 illustrates a block diagram of an exemplary computing device 80 suitable for use in implementing embodiments of the present application, where the computing device 80 may be a computer system or server. The computing device 80 shown in fig. 9 is only one example and should not impose any limitations on the functionality or scope of use of embodiments of the application.
As shown in fig. 9, components of computing device 80 may include, but are not limited to: one or more processors or processing units 801, a system memory 802, and a bus 803 that couples various system components including the system memory 802 and the processing unit 801.
Computing device 80 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by computing device 80 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 802 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)8021 and/or cache memory 8022. Computing device 80 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, ROM8023 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 9, and typically referred to as a "hard disk drive"). Although not shown in FIG. 9, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to the bus 803 by one or more data media interfaces. At least one program product may be included in system memory 802 having a set (e.g., at least one) of program modules configured to carry out the functions of embodiments of the application.
Program/utility 8025, having a set (at least one) of program modules 8024, can be stored, for example, in system memory 802, and such program modules 8024 include, but are not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment. Program modules 8024 generally perform the functions and/or methods of embodiments described herein.
Computing device 80 may also communicate with one or more external devices 804 (e.g., keyboard, pointing device, display, etc.). Such communication may be through input/output (I/O) interfaces 805. Moreover, computing device 80 may also communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via network adapter 806. As shown in FIG. 9, the network adapter 806 communicates with other modules of the computing device 80, such as the processing unit 801, over the bus 803. It should be appreciated that although not shown in FIG. 9, other hardware and/or software modules may be used in conjunction with computing device 80.
The processing unit 801 executes various functional applications and data processing by running the program stored in the system memory 802, for example, receiving a first query request carrying a ciphertext identifier sent by a client; acquiring packed data corresponding to the ciphertext identifier in the first query request based on at least two pre-stored layers of mapping relations; and returning the packed data to the client so that the client can obtain target data based on the packed data. The specific implementation of each step is not repeated here.
It should be noted that although in the above detailed description several units/modules or sub-units/sub-modules of the data querying device are mentioned, such a division is merely exemplary and not mandatory. Indeed, according to embodiments of the application, the features and functions of two or more units/modules described above may be embodied in one unit/module. Conversely, the features and functions of one unit/module described above may be further divided into embodiments by a plurality of units/modules.
Referring to fig. 10, fig. 10 is a schematic structural diagram of a server provided in the embodiment of the present application, where the server 1100 may generate relatively large differences due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 1122 (e.g., one or more processors) and a memory 1132, and one or more storage media 1130 (e.g., one or more mass storage devices) storing an application program 1142 or data 1144. Memory 1132 and storage media 1130 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 1130 may include one or more modules (not shown), each of which may include a series of instruction operations for the server. Still further, the central processor 1122 may be provided in communication with the storage medium 1130 to execute a series of instruction operations in the storage medium 1130 on the server 1100.
The Server 1110 may also include one or more power supplies 1120, one or more wired or wireless network interfaces 1150, one or more input-output interfaces 1158, and/or one or more operating systems 1141, such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, etc.
The steps performed by the server in the above-described embodiment may be based on the structure of the server 1100 shown in fig. 10. For example, the steps performed by the data query device 70 shown in fig. 10 in the above-described embodiment may be based on the server structure shown in fig. 10. For example, the central processor 1122, by calling instructions in the memory 1132, performs the following operations:
receiving a first query request which is sent by a client and carries a ciphertext identifier through an input/output interface 1158;
the central processor 1122 obtains the packed data corresponding to the ciphertext identifier in the first query request based on at least two pre-stored layers of mapping relationships.
Finally, the input/output interface 1158 returns the packed data to the client, so that the client obtains the target data based on the packed data.
Further, while the operations of the methods of the present application are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
While the spirit and principles of the application have been described with reference to several particular embodiments, it is to be understood that the application is not limited to the specific embodiments disclosed, nor is the division of aspects, which is for convenience only as the features in such aspects may not be combined to benefit from the present disclosure. The application is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims (10)

1. A method of data query, comprising:
receiving a first query request which is sent by a client and carries a ciphertext identifier, wherein the ciphertext identifier is obtained by encrypting the client based on a plaintext identifier of target data in a fully homomorphic encryption mode, and the target data comprises unstructured data;
obtaining packed data corresponding to a ciphertext identifier in the first query request based on at least two pre-stored layers of mapping relationships, wherein the at least two layers of mapping relationships form continuous chain type mapping between the ciphertext identifier and the packed data, each mapping relationship at least comprises a ciphertext parameter encrypted by a secret key generated by a client, the packed data is pre-generated based on the target data, and the packed data comprises structured data;
and returning the packed data to the client so that the client can obtain target data based on the packed data.
2. The data query method of claim 1, wherein obtaining the packed data corresponding to the ciphertext identifier in the first query request based on at least two pre-stored layers of mapping relationships comprises:
acquiring ciphertext hash values corresponding to the ciphertext identifications in the first query request based on a first mapping relation between each plaintext identification and each ciphertext hash value stored in advance;
sending the obtained ciphertext hash value to a client so that the client can decrypt the ciphertext hash value to obtain a plaintext hash value based on the ciphertext hash value, wherein the plaintext hash value is generated in advance based on packed data corresponding to target data;
receiving a second query request carrying the plaintext hash value and sent by a client;
and acquiring the packed data corresponding to the plaintext hash value in the second query request sent by the client according to a second mapping relation between each plaintext hash value and each packed data stored in advance.
3. The data query method according to claim 2, wherein the pre-stored manner of generating the first mapping relationship between each plaintext identifier and each ciphertext hash value comprises:
compressing each data in a preset database respectively to obtain corresponding packed data;
performing hash calculation on each packed data to obtain corresponding plaintext hash values;
respectively encrypting each plaintext hash value to obtain each corresponding ciphertext hash value;
storing a first mapping relation between a plaintext identifier of each data and a corresponding ciphertext hash value;
the generation mode of the second mapping relation between each pre-stored plaintext hash value and each packed data comprises the following steps:
and storing a second mapping relation between each packaging data and the corresponding plaintext hash value.
4. The data query method of claim 3, wherein compressing each data in the preset database to obtain each corresponding packed data comprises:
encrypting each data in a preset database by using a first public key respectively to obtain corresponding ciphertext data, wherein the first public key is generated by a client;
and fusing each ciphertext data with the first random permutation parameter, and then respectively compressing to obtain each corresponding packed data.
5. The data query method of claim 3, wherein the encrypting each plaintext hash value to obtain a corresponding each ciphertext hash value comprises:
after each plaintext hash value is encrypted by adopting a second public key respectively, the plaintext hash values are fused with second random arrangement parameters respectively to obtain corresponding ciphertext hash values;
wherein the second public key is generated by a client.
6. The data query method of claim 4, wherein the client, after receiving the packed data, decrypts the packed data using a first private key stored in advance to obtain corresponding target data;
and generating the first private key and the first public key in advance correspondingly.
7. The data query method according to claim 5, wherein the client decrypts the ciphertext hash value by using a pre-stored second private key after receiving the ciphertext hash value to obtain a corresponding plaintext hash value;
and generating the second private key and the second public key in advance correspondingly.
8. A data query apparatus, comprising:
the system comprises an input/output module, a first query module and a second query module, wherein the input/output module is configured to receive a first query request which is sent by a client and carries a ciphertext identifier, the ciphertext identifier is obtained by encrypting the client based on a plaintext identifier of target data in a fully homomorphic encryption mode, and the target data comprises unstructured data;
the processing module is configured to obtain packed data corresponding to the ciphertext identifier in the first query request based on at least two pre-stored layers of mapping relationships, wherein the at least two layers of mapping relationships form continuous chain mapping between the ciphertext identifier and the packed data, each mapping relationship at least comprises a ciphertext parameter encrypted by a key generated by a client, the packed data is pre-generated based on the target data, and the packed data comprises structured data;
the input and output module is further configured to return the packaged data to the client, so that the client obtains target data based on the packaged data.
9. A computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform the method of any one of claims 1-7.
10. A computing device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 7 when executing the computer program.
CN202111659363.2A 2021-12-30 2021-12-30 Data query method and device and storage medium Active CN114329599B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111659363.2A CN114329599B (en) 2021-12-30 2021-12-30 Data query method and device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111659363.2A CN114329599B (en) 2021-12-30 2021-12-30 Data query method and device and storage medium

Publications (2)

Publication Number Publication Date
CN114329599A true CN114329599A (en) 2022-04-12
CN114329599B CN114329599B (en) 2022-09-30

Family

ID=81018281

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111659363.2A Active CN114329599B (en) 2021-12-30 2021-12-30 Data query method and device and storage medium

Country Status (1)

Country Link
CN (1) CN114329599B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114691759A (en) * 2022-06-01 2022-07-01 平安科技(深圳)有限公司 Data query statistical method, device, computer equipment and storage medium
CN115098549A (en) * 2022-08-25 2022-09-23 北京数牍科技有限公司 Fair data hiding trace query method, device, equipment and storage medium
CN115114895A (en) * 2022-08-26 2022-09-27 华控清交信息科技(北京)有限公司 Method and device for combining reports and readable storage medium
CN115408451A (en) * 2022-11-01 2022-11-29 北京信安世纪科技股份有限公司 Confidential trace query method and storage medium
CN115935429A (en) * 2022-12-30 2023-04-07 上海零数众合信息科技有限公司 Data processing method, device, medium and electronic equipment
CN116055144A (en) * 2022-12-29 2023-05-02 电子科技大学 Data security analysis method, device, equipment and storage based on Internet of things
CN116702215A (en) * 2023-08-07 2023-09-05 腾讯科技(深圳)有限公司 Query processing method, device, equipment and medium
CN116821461A (en) * 2023-08-28 2023-09-29 云阵(杭州)互联网技术有限公司 Resource query method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130173917A1 (en) * 2011-12-30 2013-07-04 Christopher J. Clifton Secure search and retrieval
CN105471826A (en) * 2014-09-04 2016-04-06 中电长城网际系统应用有限公司 Ciphertext data query method, device and ciphertext query server
CN107819579A (en) * 2017-12-13 2018-03-20 西安Tcl软件开发有限公司 A kind of processing method, server and the computer-readable recording medium of user's request
CN110096899A (en) * 2019-04-29 2019-08-06 腾讯科技(深圳)有限公司 A kind of data query method and device
CN110636070A (en) * 2019-09-26 2019-12-31 支付宝(杭州)信息技术有限公司 Data sending method, data query method, device, electronic equipment and system
CN112084521A (en) * 2020-09-27 2020-12-15 中国建设银行股份有限公司 Unstructured data processing method, device and system for block chain
CN112749412A (en) * 2021-01-18 2021-05-04 中国民航信息网络股份有限公司 Method, system, equipment and storage medium for processing passenger identity information

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130173917A1 (en) * 2011-12-30 2013-07-04 Christopher J. Clifton Secure search and retrieval
CN105471826A (en) * 2014-09-04 2016-04-06 中电长城网际系统应用有限公司 Ciphertext data query method, device and ciphertext query server
CN107819579A (en) * 2017-12-13 2018-03-20 西安Tcl软件开发有限公司 A kind of processing method, server and the computer-readable recording medium of user's request
CN110096899A (en) * 2019-04-29 2019-08-06 腾讯科技(深圳)有限公司 A kind of data query method and device
CN110636070A (en) * 2019-09-26 2019-12-31 支付宝(杭州)信息技术有限公司 Data sending method, data query method, device, electronic equipment and system
CN112084521A (en) * 2020-09-27 2020-12-15 中国建设银行股份有限公司 Unstructured data processing method, device and system for block chain
CN112749412A (en) * 2021-01-18 2021-05-04 中国民航信息网络股份有限公司 Method, system, equipment and storage medium for processing passenger identity information

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114691759A (en) * 2022-06-01 2022-07-01 平安科技(深圳)有限公司 Data query statistical method, device, computer equipment and storage medium
CN114691759B (en) * 2022-06-01 2022-09-06 平安科技(深圳)有限公司 Data query statistical method, device, computer equipment and storage medium
CN115098549A (en) * 2022-08-25 2022-09-23 北京数牍科技有限公司 Fair data hiding trace query method, device, equipment and storage medium
CN115098549B (en) * 2022-08-25 2022-10-28 北京数牍科技有限公司 Fair data track hiding query method, device, equipment and storage medium
CN115114895A (en) * 2022-08-26 2022-09-27 华控清交信息科技(北京)有限公司 Method and device for combining reports and readable storage medium
CN115408451B (en) * 2022-11-01 2023-01-17 北京信安世纪科技股份有限公司 Confidential trace query method and storage medium
CN115408451A (en) * 2022-11-01 2022-11-29 北京信安世纪科技股份有限公司 Confidential trace query method and storage medium
CN116055144A (en) * 2022-12-29 2023-05-02 电子科技大学 Data security analysis method, device, equipment and storage based on Internet of things
CN115935429A (en) * 2022-12-30 2023-04-07 上海零数众合信息科技有限公司 Data processing method, device, medium and electronic equipment
CN115935429B (en) * 2022-12-30 2023-08-22 上海零数众合信息科技有限公司 Data processing method, device, medium and electronic equipment
CN116702215A (en) * 2023-08-07 2023-09-05 腾讯科技(深圳)有限公司 Query processing method, device, equipment and medium
CN116702215B (en) * 2023-08-07 2023-12-08 腾讯科技(深圳)有限公司 Query processing method, device, equipment and medium
CN116821461A (en) * 2023-08-28 2023-09-29 云阵(杭州)互联网技术有限公司 Resource query method and device
CN116821461B (en) * 2023-08-28 2023-12-12 云阵(杭州)互联网技术有限公司 Resource query method and device

Also Published As

Publication number Publication date
CN114329599B (en) 2022-09-30

Similar Documents

Publication Publication Date Title
CN114329599B (en) Data query method and device and storage medium
US10063528B2 (en) Searchable encryption enabling encrypted search based on document type
CN110096899B (en) Data query method and device
US9355271B2 (en) System and method for dynamic, non-interactive, and parallelizable searchable symmetric encryption
JP2014002365A (en) Encrypted data inquiry method and system which can protect privacy
CN113343305A (en) Intersection calculation method, device and equipment of private data and storage medium
US20240104234A1 (en) Encrypted information retrieval
CN111082929A (en) Method for realizing encrypted instant communication
CN112989027B (en) Method for querying lists and for providing list querying services and related products
CN114528331A (en) Data query method, device, medium and equipment based on block chain
CN114443718A (en) Data query method and system
CN115150821A (en) Offline package transmission and storage method and device
CN108768994B (en) Data matching method and device and computer readable storage medium
US20230006813A1 (en) Encrypted information retrieval
US20220209945A1 (en) Method and device for storing encrypted data
CN114143098A (en) Data storage method and data storage device
Xue-Zhou Network data encryption strategy for cloud computing
Xu et al. Strong leakage-resilient encryption: enhancing data confidentiality by hiding partial ciphertext
CN111565178B (en) Service information issuing method, device, server, client and storage medium
CN116318621B (en) Industrial Internet of things data privacy protection system based on homomorphic encryption
CN115277206B (en) Data processing method and server
Ma et al. Secure deduplication of encrypted data in online and offline environments
EP4009212A1 (en) Consent management
CN113347144A (en) Method, system, equipment and storage medium for reciprocal data encryption
CN114969806A (en) Method and device for determining whether query data belongs to target data set

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20220412

Assignee: Beijing Intellectual Property Management Co.,Ltd.

Assignor: Beijing Ruili Wisdom Technology Co.,Ltd.

Contract record no.: X2023110000073

Denomination of invention: A data query method, device, and storage medium

Granted publication date: 20220930

License type: Common License

Record date: 20230531