CN114611152A - Query method and query system - Google Patents

Query method and query system Download PDF

Info

Publication number
CN114611152A
CN114611152A CN202210500488.9A CN202210500488A CN114611152A CN 114611152 A CN114611152 A CN 114611152A CN 202210500488 A CN202210500488 A CN 202210500488A CN 114611152 A CN114611152 A CN 114611152A
Authority
CN
China
Prior art keywords
target data
terminal
identity
query
management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210500488.9A
Other languages
Chinese (zh)
Other versions
CN114611152B (en
Inventor
卞阳
陈立峰
孙小超
方竞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fucun Technology Shanghai Co ltd
Original Assignee
Fucun Technology Shanghai Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fucun Technology Shanghai Co ltd filed Critical Fucun Technology Shanghai Co ltd
Priority to CN202210500488.9A priority Critical patent/CN114611152B/en
Publication of CN114611152A publication Critical patent/CN114611152A/en
Application granted granted Critical
Publication of CN114611152B publication Critical patent/CN114611152B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2462Approximate or statistical queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/03Credit; Loans; Processing thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/50Oblivious transfer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Abstract

The application provides a query method and a query system, wherein the query method comprises the following steps: the inquiry end provides the identity to be inquired to the management end; the management terminal obtains the concealed query information corresponding to the target data terminal according to the identity to be checked, and sends the concealed query information to the target data terminal, wherein the target data terminal is one of a plurality of data terminals managed by the management terminal; the target data end feeds back a candidate identity vector to the management end according to the hiding query information, and the position value of the candidate identity identifier in the candidate identity vector are recorded in the candidate identity vector; and the management terminal performs summary processing according to the identity to be checked and the candidate identity vectors fed back by the plurality of data terminals to obtain the summary hit times corresponding to the identity to be checked, and feeds the summary hit times corresponding to the identity to be checked back to the query terminal. The query efficiency of hit times is improved to a certain extent.

Description

Query method and query system
Technical Field
The present application relates to the field of multi-party security technologies, and in particular, to an inquiry method and an inquiry system.
Background
When a user loans to a loan institution, the loan institution initiates blacklist query requests to a plurality of financial institutions so that the plurality of financial institutions return blacklist information to the loan institution, and through the blacklist information, the loan institution can know whether the user hits a blacklist of the loan institution, so that the user refuses to loan to the user when the user hits the blacklist for many times. In the prior art, a loan institution initiates a blacklist query request to each financial institution, and then each financial institution queries the blacklist after receiving the blacklist query request, so that the obtaining efficiency of the hit times of the blacklist is low. Moreover, when the loan institution sends a blacklist query request to the financial institution, the loan institution may directly send the identity of the user, for example, the identity card number and/or the mobile phone number, to the financial institution, which may pose a certain risk of privacy disclosure.
Disclosure of Invention
Based on the above, a query method and a query system are provided.
In a first aspect, a query method is provided, including:
the inquiry end provides the identity to be inquired to the management end;
the management terminal obtains the hidden query information corresponding to the target data terminal according to the identity to be checked, and sends the hidden query information to the target data terminal, wherein the target data terminal is one of the plurality of data terminals managed by the management terminal;
the target data end feeds back a candidate identity vector to the management end according to the hiding query information, and the position value of the candidate identity identifier in the candidate identity vector are recorded in the candidate identity vector;
and the management terminal performs summary processing according to the identity to be checked and the candidate identity vectors fed back by the plurality of data terminals to obtain the summary hit times corresponding to the identity to be checked, and feeds the summary hit times corresponding to the identity to be checked back to the query terminal.
According to the query method, the management terminal can obtain the hidden query information according to the identity to be checked, then the hidden query information is used for querying, the query is not directly carried out by using the identity to be checked, the risk of user privacy disclosure is reduced to a certain extent, the data terminals are not communicated, the query terminal and the data terminals are not communicated, the risk of user privacy disclosure is further reduced, in addition, the query terminal only needs to send the identity to be checked to the management terminal once, the summarizing hit times corresponding to the identity to be checked can be obtained, and the query efficiency of the hit times is improved to a certain extent.
In one embodiment, the method for obtaining the concealed query information corresponding to the target data end by the management end according to the identity to be checked includes:
the management terminal carries out fragmentation processing on the identity identifier to be checked according to the fragmentation length required by the target data terminal to obtain a plurality of fragmentation identifiers;
and selecting one piece of concealed query information corresponding to the target data terminal from the plurality of piece identifications.
In one embodiment, the feeding back the candidate identity vector to the management end by the target data end according to the concealed query information includes:
the target data terminal obtains a candidate identity list according to the hiding query information, and a plurality of candidate identity identifications are recorded in the candidate identity list;
the target data terminal maps the candidate identity list to a bloom filter to obtain a primary candidate identity vector;
the target data terminal adds the position value of each position in the preliminary candidate identity vector to the zero and the random number stored in the target data terminal to obtain a candidate identity vector, and the sum of the zero and the random number stored in the plurality of data terminals is zero;
and feeding back the candidate identity vector to the management terminal.
In one embodiment, the feeding back the candidate identity vector to the management terminal includes:
the target data end inputs the candidate identity vector into an inadvertent transmission module between the target data end and the management end so as to feed back the candidate identity vector obtained by the target data end to the management end;
the management terminal performs summary processing according to the identity to be checked and the candidate identity vectors fed back by the plurality of data terminals to obtain the summary hit times corresponding to the identity to be checked, and the summary hit times comprises the following steps:
the management terminal obtains a query position according to the identity identifier to be queried, and inputs the query position into an oblivious transmission module between the target data terminal and the management terminal, so that the oblivious transmission module between the target data terminal and the management terminal obtains a query position value corresponding to the target data terminal according to the candidate identity vector input by the target data terminal and the query position input by the management terminal;
and the management terminal adds the query position values corresponding to the data terminals to obtain the summarizing hit times corresponding to the identity to be checked.
In one embodiment, the plurality of data ends form a ring, each data end on the ring is assigned with a ring serial number, and the ring serial number of the target data end is i;
before the query end provides the identity to be checked to the management end, the method further comprises the following steps:
and the target data end subtracts the subtraction random number from the data end with the ring serial number i-1 to the addition random number from the data end with the ring serial number i +1 to obtain the zero sum random number.
In one embodiment, before subtracting, at the target data end, the minus one random number from the plus one random number at the data end with the ring number i +1 and the minus one random number at the data end with the ring number i-1 to obtain a zero sum random number, the method further includes:
a target data end generates a first random number aiming at a data end with a ring serial number of i + 1;
the data end with the ring serial number of i +1 generates a second random number aiming at the target data end;
the target data end encrypts a first random number by using a public key of the data end with the ring number i +1 to obtain a first encrypted random number;
signing the public key of the target data end and the first encrypted random number by the target data end to obtain a first signature, and sending the public key of the target data end, the first encrypted random number and the first signature to the management end;
the management terminal uses the public key of the target data terminal to perform first verification on the first signature;
after the first verification is passed, the management terminal signs the public key and the first encrypted random number of the target data terminal to obtain a second signature, and sends the public key, the first encrypted random number and the second signature of the target data terminal to the data terminal with the ring number of i + 1;
the data end with the ring sequence number of i +1 uses the public key of the management end to perform second check on the second signature;
and after the second check is passed, the data end with the ring serial number i +1 decrypts the first encrypted random number by using the own private key to obtain a first decrypted random number, and generates an additional random number from the target data end to the data end with the ring serial number i +1 according to the second random number and the first decrypted random number.
In one embodiment, the summarized hit times include blacklist hit times, the management terminal includes a unionpay terminal, and the data terminal includes a bank terminal.
In a second aspect, a query system is provided, including:
the inquiry end is used for providing the identity to be inquired for the management end;
the management terminal is used for obtaining the hiding query information corresponding to the target data terminal according to the identity to be checked and sending the hiding query information to the target data terminal, wherein the target data terminal is one of a plurality of data terminals managed by the management terminal;
the target data terminal is used for feeding back a candidate identity vector to the management terminal according to the hiding query information, and the position value of the candidate identity identifier in the candidate identity vector are recorded in the candidate identity vector;
the management terminal is also used for summarizing the identity identifier to be checked and the candidate identity vectors fed back by the data terminals to obtain the summarized hit times corresponding to the identity identifier to be checked, and feeding the summarized hit times corresponding to the identity identifier to be checked back to the query terminal.
In one embodiment, the management terminal is specifically configured to perform fragmentation processing on the identity identifier to be checked according to the fragmentation length required by the target data terminal to obtain a plurality of fragmentation identifiers; and selecting one piece of concealed query information corresponding to the target data terminal from the plurality of piece identifications.
In an embodiment, the target data terminal is specifically configured to obtain a candidate identity list according to the concealed query information, where a plurality of candidate identity identifiers are recorded in the candidate identity list; mapping the candidate identity list to a bloom filter to obtain a preliminary candidate identity vector; adding the position value of each position in the preliminary candidate identity vector to self-stored zero and random numbers to obtain a candidate identity vector, wherein the sum of the zero and the random numbers stored in the multiple data ends is zero; and feeding back the candidate identity vector to the management terminal.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
FIG. 1 is a schematic flow chart illustrating an implementation of a query method in an embodiment of the present application;
FIG. 2 is a diagram illustrating an embodiment of a management side sending confidential query information to a plurality of data sides;
FIG. 3 is a schematic diagram of a management side, a data side and an inadvertent transmission module in an embodiment of the present application;
FIG. 4 is a schematic view of a ring in an embodiment of the present application;
FIG. 5 is a diagram illustrating sharing of random numbers in an embodiment of the present application;
fig. 6 is a schematic structural diagram of the query system in the embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In one embodiment, as shown in fig. 1, there is provided a query method, including:
step 100, the query end provides the identity to be checked to the management end.
The query end is an end with a requirement for querying the summarized hit times, for example, the query end is a user terminal, namely, a user queries the summarized hit times of the user himself, and for example, the query end is a loan institution, and when the user loans to the loan institution, the loan institution queries the summarized hit times of the user.
The identity to be checked is the identity of the object to be checked and is used for uniquely determining the object to be checked, for example, the identity to be checked is an identity card number, for example, the identity to be checked is a mobile phone number, for example, the identity to be checked is a taxpayer identification number, and for example, the identity to be checked is a user number.
In one example, the query side also sends the backtracking time in order to query the total number of hits from the backtracking time to the current time.
Step 200, the management terminal obtains the concealed query information corresponding to the target data terminal according to the identity to be checked, and sends the concealed query information to the target data terminal, wherein the target data terminal is one of a plurality of data terminals managed by the management terminal.
The concealed query information and the identity to be checked are both information that can be used by the data terminal for querying, but if the identity to be checked is directly sent to the data terminal for querying, there is a risk that privacy of the user is revealed to some extent, and therefore, the concealed query information different from the identity to be checked is obtained according to the identity to be checked, for example, the identity to be checked is 1789996, 1789996 is hashed to obtain a hash value, for example, the obtained hash value is 2785433321, and the concealed query information may be the first three bits of the hash value 2785433321: 278, thereby to some extent guaranteeing that the privacy of the user is not compromised.
The management terminal manages a plurality of data terminals, and the target data terminal is one of the data terminals. For example, if the management side manages 20 data sides, the management side needs to obtain 20 confidential query messages and send the 20 confidential query messages to the 20 data sides, as shown in fig. 2.
And 300, the target data end feeds back a candidate identity vector to the management end according to the hiding query information, and the position value of the candidate identity identifier in the candidate identity vector are recorded in the candidate identity vector.
The candidate identity vector is a vector. For example, the candidate identity is 1222, the candidate identity has a position 12 in the candidate identity vector, and the position value of the position 12 is 1.
In one example, the target data terminal feeds back the candidate identity vector to the management terminal according to the concealed query information, and the method comprises the following steps: the target data terminal obtains a candidate identity list according to the concealed query information, and a plurality of candidate identity identifications are recorded in the candidate identity list; the target data terminal maps the candidate identity list to a bloom filter to obtain a candidate identity vector; and feeding back the candidate identity vector to the management terminal.
For example, the identity to be checked is 3283561, the suppressed query information corresponding to the identity 3283561 to be checked is 128, the hash values of the identities stored by the target data end themselves are 1286561, 3243521, 1245555, 1698333, 5678128, 9991588, 3331282, 7 hash values respectively correspond to different identities, the target data end matches 128 with the hash values of the 7 identities stored by the target data end itself, and selects the hash value containing 128 as a candidate identity, in this example, the candidate identities include 1286561, 5678128 and 3331282, a candidate identity list can be obtained from three candidate identities, the target data end maps the candidate identity list to a bloom filter, that is, the candidate identities 1286561, 5678128 and 3331282 are mapped to the bloom filter, and an output vector [ 0100010100000 ], that is, the candidate identity vector is [ 0100010100000 ], and as shown by the candidate identity vector [ 0100010100000 ], 3 positions are recorded in total, the 3 positions are respectively 1, 5 and 7 (respectively the 1 st hash value, the 5 th hash value and the 7 th hash value in the hash values of the identity identifiers stored by the target data terminal), the position values of the positions 1, 5 and 7 are 1, namely the candidate identity vector realizes the representation of the candidate identity, the positions and the position values of the candidate identity in the candidate identity vector are recorded, and the candidate identity vector is fed back to the management terminal after the candidate identity vector is obtained.
And 400, the management terminal performs summary processing according to the identity to be checked and the candidate identity vectors fed back by the plurality of data terminals to obtain summary hit times corresponding to the identity to be checked, and feeds the summary hit times corresponding to the identity to be checked back to the query terminal.
The management terminal determines whether the identity to be checked hits the candidate identity of the data terminal according to the identity to be checked and the candidate identity vector fed back by a certain data terminal, if the identity to be checked hits the certain candidate identity of the data terminal, the total hit frequency is increased by 1 (it can be understood that the initial value of the total hit frequency is 0), wherein the total hit frequency corresponding to the identity to be checked is the sum of the times of hitting each data terminal obtained by statistics of the management terminal, for example, 20 data terminals are hit in total, 3 data terminals are hit, and then the total hit frequency is 3, and 3 is fed back to the query terminal.
In order to better understand the embodiment of the present application, an application scenario of the present application is described, the summarized hit times include hit times of a blacklist, and for example, the summarized hit times are hit times of a white list, the management end includes a unionpay end, and the data end includes a bank end, for example, a mars bank, a mercury bank, a solar bank, and a universe bank.
According to the query method, the management terminal can obtain the hidden query information according to the identity to be checked, then the hidden query information is used for querying, the query is not directly carried out by using the identity to be checked, the risk of user privacy disclosure is reduced to a certain extent, the data terminals are not communicated, the query terminal and the data terminals are not communicated, the risk of user privacy disclosure is further reduced, in addition, the query terminal only needs to send the identity to be checked to the management terminal once, the summarizing hit times corresponding to the identity to be checked can be obtained, and the query efficiency of the hit times is improved to a certain extent.
In one embodiment, the step 200 of obtaining, by the management terminal according to the identity to be checked, the concealed query information corresponding to the target data terminal includes:
step 201, the management terminal performs fragmentation processing on the identity identifier to be checked according to the fragmentation length required by the target data terminal to obtain a plurality of fragmentation identifiers.
The fragment length required by each data end may be the same, for example, the fragment length required by all data ends is 3, or may be different, so that the management end performs fragment processing on the identity to be checked according to the fragment length required by the target data end to obtain a plurality of fragment identifiers corresponding to the target data end, and then selects one of the fragment identifiers as the confidential query information corresponding to the target data end.
Step 202, selecting one of the segment identifiers as the corresponding concealed query information of the target data terminal.
For example, there are 2 data terminals in total, the fragment length required by the data terminal 1 is 5, the fragment length required by the data terminal 2 is 3, the identity to be checked is 5689788881, and the hash value of the identity to be checked is 178999666523498, and the fragment processing is performed according to the requirement of the data terminal 1 to obtain 3 fragment identities: 17899. 96665 and 23498, selecting one of the 3 segment identifiers, for example, selecting 17899 as the confidential query information corresponding to the data end 1, and performing segment processing according to the requirement of the data end 2 to obtain 5 segment identifiers: 178. 999, 666, 523 and 498, select one of the 5 shard identifications, for example, 178 as the suppressed query information corresponding to the data terminal 2. It can be understood that the number of the ids stored in some data terminals is relatively large, and the number of the ids stored in some data terminals is relatively small, so that, in order to make the number of the candidate ids extracted by each data terminal as consistent as possible, and improve the query efficiency, when the number of the ids stored in the data terminal is relatively large, the length of the fragment of the data terminal can be made larger, for example, 5 bits, thereby avoiding extracting too many candidate ids, and when the number of the ids stored in the data terminal is relatively small, the length of the fragment of the data terminal can be made smaller, for example, 3 bits, thereby avoiding extracting too few candidate ids.
In one example, the management side may further obtain the number of bits of the hidden query information according to the fragment length required by the target data side, and then obtain the hidden query information according to the number of bits of the hidden query information. For example, the fragment length required by the data terminal 1 is 5, the hash value of the identity to be checked is 178999666523498, the bit number is 15, and thus the bit number of the hidden query information is 5, and thus 5 bits can be extracted from any bit number, so that the hidden query information can be obtained, for example, 5 bits are extracted from the second bit, and the obtained hidden query information is: 78999.
the above embodiments provide a simple method for obtaining the hidden query information, that is, the hidden query information is obtained from the segment identifier.
In one embodiment, the step 300 of feeding back the candidate identity vector to the management end by the target data end according to the concealed query information includes:
step 301, the target data end obtains a candidate identity list according to the concealed query information, and a plurality of candidate identity identifiers are recorded in the candidate identity list.
Step 302, the target data terminal maps the candidate identity list to a bloom filter to obtain a preliminary candidate identity vector.
Step 301 and step 302 may refer to the related description for step 300, and are not described in detail here.
Step 303, the target data end adds the position value of each position in the preliminary candidate identity vector to the zero and the random number stored in the target data end to obtain a candidate identity vector, and the sum of the zero and the random number stored in the multiple data ends is zero.
For example, assume that the target data terminal stores zero and a random number of ZiThe preliminary candidate identity vector is [ 0001010100000 ]]Thus, the candidate identity vector is [ Zi Zi Zi Zi+1 Zi Zi+1 Zi Zi+1 Zi Zi Zi ZiZi]。
The sum of the zero and the random number stored in the multiple data terminals is zero, so that the number of the final calculated summary hits is not affected by the zero and the random number, for example, there are 3 data terminals in total, the identity to be checked is hashed, a hash value is obtained after hashing, and the position of the hash value in the candidate identity vector is determined to be 8, and the candidate identity vector corresponding to the data terminal 1 is [ Z [1 Z1 Z1 Z1+1 Z1 Z1+1 Z1 Z1 Z1 Z1 Z1 Z1 Z1+1]The candidate identity vector corresponding to the data terminal 2 is [ Z ]2Z2 Z2 Z2 Z2 Z2+1 Z2 Z2 Z2 Z2 Z2 Z2+1 Z2]The candidate identity vector corresponding to the data terminal 3 is [ Z ]3+1 Z3 Z3 Z3+1 Z3 Z3 Z3 Z3 Z3 Z3 Z3 Z3+1 Z3]Then, find position 8 in the candidate identity vector corresponding to data side 1 to data side 3, and then extract the position value of position 8: z1,Z2,Z3Is a reaction of Z1,Z2,Z3Adding to obtain 0, namely the summarizing hit frequency corresponding to the identity to be checked is 0, if the position of the hash value in the candidate identity vector is 3, finding out the position 3 in the candidate identity vector corresponding to the data end 1 to the data end 3, and then extracting the position value of the position 3: z1+1,Z2,Z3+1, mixing Z1+1,Z2,Z3The +1 addition yields 2.
And step 304, feeding back the candidate identity vector to the management terminal.
According to the embodiment, each position value in the candidate identity vector is added with the zero and the random number, so that privacy disclosure is prevented to a certain extent, privacy safety is guaranteed, and the sum of the zero and the random numbers of each data end is 0, so that the final summary hit frequency is not influenced by the zero and the random numbers while keeping secret.
In one embodiment, the step 304 of feeding back the candidate identity vector to the management side includes: the target data terminal inputs the candidate identity vector into an inadvertent transmission module between the target data terminal and the management terminal so as to feed back the candidate identity vector obtained by the target data terminal to the management terminal; in step 400, the step of summarizing the management terminal according to the identity to be checked and the candidate identity vectors fed back by the multiple data terminals to obtain summarized hit times corresponding to the identity to be checked includes: the management terminal obtains a query position according to the identity identifier to be queried, and inputs the query position into an oblivious transmission module between the target data terminal and the management terminal, so that the oblivious transmission module between the target data terminal and the management terminal obtains a query position value corresponding to the target data terminal according to the candidate identity vector input by the target data terminal and the query position input by the management terminal; and the management terminal adds the query position values corresponding to the data terminals to obtain the summarizing hit times corresponding to the identity to be checked.
As shown in fig. 3, the data terminals 1 to N respectively feed back candidate identity vectors obtained by themselves to the management terminal through the inadvertent transmission module between the data terminals and the management terminal. The oblivious transmission module can enable the management end to only take data which the management end wants, for example, the management end hashes the identity identifier to be checked to obtain a hashed value after hashing, and determines that the position of the hashed value in the candidate identity vector is 8, which indicates that the management end wants to take the position value of the position 8, so that even if the data end inputs the oblivious transmission module which is the candidate identity vector, the management end cannot see the position values of other positions in the candidate identity vector, and the management end can only see the position value of the position 8, thereby realizing privacy protection to a certain extent.
In one example, the candidate identity vector has a size of 13 (the maximum position is position 12), the data side generates 13 pairs of public and private keys, and sends 13 public keys to the management side, the management side wants to take the position value of position 8, the management side generates a random number M and encrypts the random number M by using the public key 8 to obtain an encrypted random number M ', sends M ' to the data side, the data side decrypts M ' by using 13 private keys respectively to obtain 13 decryption results (of the 13 decryption results, only the 8 th decryption result is M, and the other decryption results are not M), the data side xors the 13 decryption results with 13 position values respectively to obtain 13 xor results, and sends 13 xor results to the management side, because the random number held by the management side is M, the management side can obtain the position value of position 8 after obtaining 13 xor results, and after the position value of the position 8 is obtained, the position value of the position 8 is used as the query position value corresponding to the data end, and the query position values corresponding to the data ends are added to obtain the total hit times.
According to the embodiment, the careless transmission protocol is used in the process of obtaining the query position value according to the candidate identity vector and the query position, so that privacy safety is guaranteed to a certain extent.
In one embodiment, the plurality of data ends form a ring, each data end on the ring is assigned with a ring serial number, and the ring serial number of the target data end is i; before the querying end provides the identity to be checked to the management end in step 100, the method further includes: and the target data end subtracts the subtraction random number from the data end with the ring serial number i-1 to the addition random number from the data end with the ring serial number i +1 to obtain the zero sum random number.
The UnionPay end forms a ring with a plurality of data ends, each data end on the ring is distributed with a ring serial number, and all ring serial numbers are shared to each data end, so that the data end can know the ring serial number of the data end and the adjacent data end. As shown in FIG. 4, 4 data terminals (P1 to P4) form a ring, each data terminal on the ring is assigned with a ring number, and assuming that the ring number of the target data terminal is i, then the target data terminal subtracts the subtraction random number from itself to the data terminal with the ring number i-1 and subtracts the addition random number from itself to the data terminal with the ring number i +1 to obtain the zero and random numbers of the target data terminal, for example, the addition random number from the data terminal i to the data terminal i +1 is Ri,i+1The random number subtracted from the data terminal i to the data terminal i-1 isRi,i-1Whereby R4,1-R1,2+R1,2-R2,3+R2,3-R3,4+R3,4-R4,1=0。
The above embodiment illustrates how the zero and the random number at the data end are obtained and guaranteed to be zero-summed.
In one embodiment, before subtracting, by the target data end, the minus random number of the data end with the ring number i-1 from the plus random number of the data end with the ring number i +1 to obtain a zero sum random number, the method further includes: a target data end generates a first random number aiming at a data end with a ring serial number of i + 1; the data end with the ring serial number of i +1 generates a second random number aiming at the target data end; the target data end encrypts a first random number by using a public key of the data end with the ring number i +1 to obtain a first encrypted random number; signing the public key of the target data end and the first encrypted random number by the target data end to obtain a first signature, and sending the public key of the target data end, the first encrypted random number and the first signature to the management end; the management terminal uses the public key of the target data terminal to perform first verification on the first signature; after the first verification is passed, the management terminal signs the public key and the first encrypted random number of the target data terminal to obtain a second signature, and sends the public key, the first encrypted random number and the second signature of the target data terminal to the data terminal with the ring number of i + 1; the data end with the ring sequence number of i +1 uses the public key of the management end to perform second check on the second signature; and after the second check is passed, the data end with the ring serial number i +1 decrypts the first encrypted random number by using the own private key to obtain a first decrypted random number, and generates an additional random number from the target data end to the data end with the ring serial number i +1 according to the second random number and the first decrypted random number.
Such as shown in fig. 5. Through the steps, the data end with the ring number i +1 can obtain a random number from a target data end (the data end with the ring number i) to the data end with the ring number i +1, similarly, according to the same method, the target data end can also obtain a random number from the target data end to the data end with the ring number i +1, specifically, the data end with the ring number i +1 uses the public key of the target data end to encrypt the second random number to obtain a second encrypted random number, the data end with the ring number i +1 uses the public key of the target data end to sign the own public key and the second encrypted random number to obtain a third signature, the public key of the data end with the ring number i +1, the second encrypted random number and the third signature are sent to the management end, the management end uses the public key of the data end with the ring number i +1 to carry out third verification on the third signature, and after the third verification is passed, the public key of the data end with the ring number of i +1 and the second encrypted random number are signed to obtain a fourth signature, the public key of the data end with the ring number of i +1, the second encrypted random number and the fourth signature are sent to a target data end, the target data end carries out fourth verification on the fourth signature by using the public key of a management end, after the fourth verification is passed, the target data end decrypts the second encrypted random number by using a private key of the target data end to obtain a second decrypted random number, and an additional random number from the target data end to the data end with the ring number of i +1 is obtained according to the second decrypted random number (actually, the second random number) and the first random number. The addition of a random number from the data end with the ring number i to the data end with the ring number i +1 is equal to the subtraction of a random number from the data end with the ring number i +1 to the data end with the ring number i, that is, after the addition of a random number from the data end with the ring number i to the data end with the ring number i +1 by the data end with the ring number i +1, the addition of a random number from the data end with the ring number i to the data end with the ring number i +1 can be used as the subtraction of a random number from the data end with the ring number i +1 to the data end with the ring number i.
In the embodiment, banks do not directly communicate with each other but communicate with each other through a union pay, and in the communication process, the first random number is encrypted and can be decrypted only by the data end with the corresponding private key, so that the risk of information leakage can be further reduced, and the random number can be obtained by sharing the random number through the data end, so that zero and the random number can be obtained.
In one embodiment, a query system 600 is provided, comprising: a query end 601, a management end 602 and a data end 603;
the query end 601 is used for providing the identity to be queried for the management end 602;
the management terminal 602 is configured to obtain confidential query information corresponding to the target data terminal 6031 according to the identity to be checked, and send the confidential query information to the target data terminal 6031, where the target data terminal 6031 is one of the data terminals 603 managed by the management terminal 602;
the target data terminal 6031 is configured to feed back a candidate identity vector to the management terminal 602 according to the concealed query information, where a position and a position value of the candidate identity identifier in the candidate identity vector are recorded in the candidate identity vector;
the management terminal 602 is further configured to perform summarization processing according to the identity to be checked and the candidate identity vectors fed back by the multiple data terminals 603, obtain summarized hit times corresponding to the identity to be checked, and feed the summarized hit times corresponding to the identity to be checked back to the query terminal 601.
In an embodiment, the management end 602 is specifically configured to perform fragmentation processing on the identity identifier to be checked according to the fragmentation length required by the target data end 6031, so as to obtain a plurality of fragmentation identifiers; one of the segment identifiers is selected as the confidential query information corresponding to the target data port 6031.
In an embodiment, the target data terminal 6031 is specifically configured to obtain a candidate identity list according to the concealed query information, where a plurality of candidate identities are recorded in the candidate identity list; mapping the candidate identity list to a bloom filter to obtain a preliminary candidate identity vector; adding the position value of each position in the preliminary candidate identity vector to the zero and the random number stored in the preliminary candidate identity vector to obtain a candidate identity vector, wherein the sum of the zero and the random number stored in the multiple data terminals 603 is zero; the candidate identity vectors are fed back to the managing side 602.
In one embodiment, the target data terminal 6031 is specifically configured to input the candidate identity vector to an inadvertent transmission module between the target data terminal 6031 and the management terminal 602, so as to feed back the candidate identity vector obtained by itself to the management terminal 602; the management terminal 602 is specifically configured to obtain a query position according to the identity identifier to be queried, and input the query position into an oblivious transmission module between the target data terminal 6031 and the management terminal 602, so that the oblivious transmission module between the target data terminal 6031 and the management terminal 602 obtains a query position value corresponding to the target data terminal according to the candidate identity vector input by the target data terminal and the query position input by the management terminal 602; the management end 602 is specifically configured to add query location values corresponding to the multiple data ends 603 to obtain a summarized hit frequency corresponding to the identity to be queried.
In one embodiment, the plurality of data ports 603 form a ring, each data port 603 on the ring is assigned with a ring number, and the ring number of the target data port 6031 is i; the target data port 6031 is further configured to subtract the minus random number from the data port 603 with the ring number i-1 by the plus random number from the data port 603 with the ring number i +1 to obtain a zero sum random number.
In one embodiment, the target data port 6031 is further configured to generate a first random number for the data port 603 with a ring number i + 1; the data terminal 603 with the ring number i +1 generates a second random number for the target data terminal 6031; the target data end 6031 is further configured to encrypt the first random number using the public key of the data end 603 with the ring number i +1 to obtain a first encrypted random number; the target data end 6031 is further configured to sign the public key and the first encrypted random number of the target data end 6031 to obtain a first signature, and send the public key, the first encrypted random number, and the first signature of the target data end 6031 to the management end 602; the administrator 602 performs a first verification on the first signature using the public key of the target data terminal 6031; after the first verification is passed, the management side 602 signs the public key and the first encrypted random number of the target data side 6031 to obtain a second signature, and sends the public key, the first encrypted random number and the second signature of the target data side 6031 to the data side 603 with the ring number i + 1; the data end 603 with the ring number i +1 uses the public key of the management end 602 to perform second check on the second signature; after the second check is passed, the data end 603 with the ring number i +1 decrypts the first encrypted random number by using its own private key to obtain a first decrypted random number, and generates an additional random number from the target data end to the data end with the ring number i +1 according to the second random number and the first decrypted random number.
In one embodiment, the summarized hit times include blacklist hit times, the management side 602 includes a unionpay side, and the data side 603 includes a bank side.
In one embodiment, there is provided a query apparatus comprising:
the identity inquiry unit is used for providing the identity to be inquired to the management terminal by the inquiry terminal;
the information sending unit is used for the management terminal to obtain the hiding query information corresponding to the target data terminal according to the identity to be checked, and the hiding query information is sent to the target data terminal, wherein the target data terminal is one of a plurality of data terminals managed by the management terminal;
the information feedback unit is used for feeding back a candidate identity vector to the management end by the target data end according to the hiding query information, and the position value of the candidate identity identifier in the candidate identity vector are recorded in the candidate identity vector;
and the summarizing processing unit is used for summarizing the management end according to the identity to be checked and the candidate identity vectors fed back by the plurality of data ends to obtain summarizing hit times corresponding to the identity to be checked, and feeding the summarizing hit times corresponding to the identity to be checked back to the query end.
In an embodiment, the information sending unit is specifically configured to:
the management terminal carries out fragmentation processing on the identity identifier to be checked according to the fragmentation length required by the target data terminal to obtain a plurality of fragmentation identifiers;
and selecting one piece of concealed query information corresponding to the target data terminal from the plurality of piece identifications.
In an embodiment, the information feedback unit is specifically configured to:
the target data terminal obtains a candidate identity list according to the hiding query information, and a plurality of candidate identity identifications are recorded in the candidate identity list;
the target data terminal maps the candidate identity list to a bloom filter to obtain a primary candidate identity vector;
the target data terminal adds the position value of each position in the preliminary candidate identity vector to the zero and the random number stored in the target data terminal to obtain a candidate identity vector, and the sum of the zero and the random number stored in the plurality of data terminals is zero;
and feeding back the candidate identity vector to the management terminal.
In an embodiment, the information feedback unit is specifically configured to:
the target data terminal inputs the candidate identity vector into an inadvertent transmission module between the target data terminal and the management terminal so as to feed back the candidate identity vector obtained by the target data terminal to the management terminal;
the summary processing unit is specifically configured to:
the management terminal obtains a query position according to the identity identifier to be queried, and inputs the query position into an oblivious transmission module between the target data terminal and the management terminal, so that the oblivious transmission module between the target data terminal and the management terminal obtains a query position value corresponding to the target data terminal according to the candidate identity vector input by the target data terminal and the query position input by the management terminal;
and the management terminal adds the query position values corresponding to the data terminals to obtain the summarizing hit times corresponding to the identity to be checked.
In one embodiment, the plurality of data ends form a ring, each data end on the ring is assigned with a ring serial number, and the ring serial number of the target data end is i;
the inquiry unit, still include: a zero sum unit for:
and the target data end subtracts the subtraction random number from the data end with the ring serial number i-1 to the addition random number from the data end with the ring serial number i +1 to obtain the zero sum random number.
In one embodiment, the query device further comprises: a random unit to:
a target data end generates a first random number aiming at a data end with a ring serial number of i + 1;
the data end with the ring serial number of i +1 generates a second random number aiming at the target data end;
the target data end encrypts a first random number by using a public key of the data end with the ring number i +1 to obtain a first encrypted random number;
signing the public key of the target data end and the first encrypted random number by the target data end to obtain a first signature, and sending the public key of the target data end, the first encrypted random number and the first signature to the management end;
the management terminal uses the public key of the target data terminal to perform first verification on the first signature;
after the first verification is passed, the management terminal signs the public key and the first encrypted random number of the target data terminal to obtain a second signature, and sends the public key, the first encrypted random number and the second signature of the target data terminal to the data terminal with the ring number of i + 1;
the data end with the ring sequence number of i +1 uses the public key of the management end to perform second check on the second signature;
and after the second check is passed, the data end with the ring serial number i +1 decrypts the first encrypted random number by using the own private key to obtain a first decrypted random number, and generates an additional random number from the target data end to the data end with the ring serial number i +1 according to the second random number and the first decrypted random number.
In one embodiment, the summarized hit times include blacklist hit times, the management terminal includes a unionpay terminal, and the data terminal includes a bank terminal.
It should be noted that the query method, the query system and the query device described above belong to a general inventive concept, and the contents in the embodiments of the query method, the query system and the query device may be mutually applicable.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. A method of querying, comprising:
the inquiry end provides the identity to be inquired to the management end;
the management terminal obtains the concealed query information corresponding to the target data terminal according to the identity to be checked, and sends the concealed query information to the target data terminal, wherein the target data terminal is one of a plurality of data terminals managed by the management terminal;
the target data end feeds back a candidate identity vector to the management end according to the hiding query information, and the position value of the candidate identity identifier in the candidate identity vector are recorded in the candidate identity vector;
and the management terminal performs summary processing according to the identity to be checked and the candidate identity vectors fed back by the plurality of data terminals to obtain the summary hit times corresponding to the identity to be checked, and feeds the summary hit times corresponding to the identity to be checked back to the query terminal.
2. The query method according to claim 1, wherein the obtaining, by the management terminal, the concealed query information corresponding to the target data terminal according to the identity to be checked comprises:
the management terminal carries out fragmentation processing on the identity identifier to be checked according to the fragmentation length required by the target data terminal to obtain a plurality of fragmentation identifiers;
and selecting one piece of concealed query information corresponding to the target data terminal from the plurality of piece identifications.
3. The query method according to claim 1, wherein the target data side feeds back the candidate identity vector to the management side according to the concealed query information, and comprises:
the target data terminal obtains a candidate identity list according to the hiding query information, and a plurality of candidate identity identifications are recorded in the candidate identity list;
the target data terminal maps the candidate identity list to a bloom filter to obtain a primary candidate identity vector;
the target data terminal adds the position value of each position in the preliminary candidate identity vector to the zero and the random number stored in the target data terminal to obtain a candidate identity vector, and the sum of the zero and the random number stored in the plurality of data terminals is zero;
and feeding back the candidate identity vector to the management terminal.
4. The query method according to claim 3, wherein the feeding back the candidate identity vector to the management side comprises:
the target data terminal inputs the candidate identity vector into an inadvertent transmission module between the target data terminal and the management terminal so as to feed back the candidate identity vector obtained by the target data terminal to the management terminal;
the management terminal performs summary processing according to the identity to be checked and the candidate identity vectors fed back by the plurality of data terminals to obtain the summary hit times corresponding to the identity to be checked, and the summary hit times comprises the following steps:
the management terminal obtains a query position according to the identity identifier to be queried, and inputs the query position into an oblivious transmission module between the target data terminal and the management terminal, so that the oblivious transmission module between the target data terminal and the management terminal obtains a query position value corresponding to the target data terminal according to the candidate identity vector input by the target data terminal and the query position input by the management terminal;
and the management terminal adds the query position values corresponding to the data terminals to obtain the summarizing hit times corresponding to the identity to be checked.
5. The query method according to claim 4, wherein the plurality of data terminals form a ring, each data terminal on the ring is assigned with a ring number, and the ring number of the target data terminal is i;
before the query end provides the identity to be checked to the management end, the method further comprises the following steps:
and the target data end subtracts the subtraction random number from the data end with the ring serial number i-1 to the addition random number from the data end with the ring serial number i +1 to obtain the zero sum random number.
6. The query method according to claim 5, wherein before subtracting the random number subtracted from the data end with the ring number i-1 from the random number added to the data end with the ring number i +1 at the target data end to obtain zero and a random number, the method further comprises:
a target data end generates a first random number aiming at a data end with a ring serial number of i + 1;
the data end with the ring serial number of i +1 generates a second random number aiming at the target data end;
the target data end encrypts a first random number by using a public key of the data end with the ring number i +1 to obtain a first encrypted random number;
signing the public key and the first encrypted random number of the target data end by the target data end to obtain a first signature, and sending the public key, the first encrypted random number and the first signature of the target data end to the management end;
the management terminal uses the public key of the target data terminal to perform first verification on the first signature;
after the first verification is passed, the management terminal signs the public key and the first encrypted random number of the target data terminal to obtain a second signature, and sends the public key, the first encrypted random number and the second signature of the target data terminal to the data terminal with the ring number of i + 1;
the data end with the ring sequence number of i +1 uses the public key of the management end to perform second check on the second signature;
and after the second check is passed, the data end with the ring serial number i +1 decrypts the first encrypted random number by using the own private key to obtain a first decrypted random number, and generates an additional random number from the target data end to the data end with the ring serial number i +1 according to the second random number and the first decrypted random number.
7. The query method according to any one of claims 1 to 6, wherein the summarized hit times include blacklist hit times, the management terminal includes a unionpay terminal, and the data terminal includes a bank terminal.
8. A query system, comprising: the system comprises a query end, a management end and a data end;
the inquiry end is used for providing the identity to be inquired for the management end;
the management terminal is used for obtaining the hiding query information corresponding to the target data terminal according to the identity to be checked and sending the hiding query information to the target data terminal, wherein the target data terminal is one of a plurality of data terminals managed by the management terminal;
the target data terminal is used for feeding back a candidate identity vector to the management terminal according to the hiding query information, and the position value of the candidate identity identifier in the candidate identity vector are recorded in the candidate identity vector;
the management terminal is also used for summarizing the identity identifier to be checked and the candidate identity vectors fed back by the data terminals to obtain the summarized hit times corresponding to the identity identifier to be checked, and feeding the summarized hit times corresponding to the identity identifier to be checked back to the query terminal.
9. The query system according to claim 8, wherein the management end is specifically configured to perform fragmentation processing on the identity identifier to be queried according to the fragment length required by the target data end, so as to obtain a plurality of fragment identifiers; and selecting one piece of concealed query information corresponding to the target data terminal from the plurality of piece identifications.
10. The query system of claim 8, wherein the target data end is specifically configured to obtain a candidate identity list according to the concealed query information, and a plurality of candidate identities are recorded in the candidate identity list; mapping the candidate identity list to a bloom filter to obtain a preliminary candidate identity vector; adding the position value of each position in the preliminary candidate identity vector to self-stored zero and random numbers to obtain a candidate identity vector, wherein the sum of the zero and the random numbers stored in the multiple data ends is zero; and feeding back the candidate identity vector to the management terminal.
CN202210500488.9A 2022-05-10 2022-05-10 Query method and query system Active CN114611152B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210500488.9A CN114611152B (en) 2022-05-10 2022-05-10 Query method and query system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210500488.9A CN114611152B (en) 2022-05-10 2022-05-10 Query method and query system

Publications (2)

Publication Number Publication Date
CN114611152A true CN114611152A (en) 2022-06-10
CN114611152B CN114611152B (en) 2022-08-02

Family

ID=81870000

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210500488.9A Active CN114611152B (en) 2022-05-10 2022-05-10 Query method and query system

Country Status (1)

Country Link
CN (1) CN114611152B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117390687A (en) * 2023-12-11 2024-01-12 闪捷信息科技有限公司 Sensitive data query method and device, storage medium and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131145A (en) * 2019-11-08 2020-05-08 西安电子科技大学 Management query system and method for hiding communication key nodes
WO2021088546A1 (en) * 2019-11-08 2021-05-14 蚂蚁区块链科技(上海)有限公司 Blockchain account-based privacy data query method and device
CN113190584A (en) * 2021-04-07 2021-07-30 四川新网银行股份有限公司 Concealed trace query method based on oblivious transmission protocol
CN113987584A (en) * 2021-11-11 2022-01-28 建信金融科技有限责任公司 Method and system for hiding query
CN113987583A (en) * 2021-11-11 2022-01-28 建信金融科技有限责任公司 Method and system for hiding query
CN114091054A (en) * 2021-11-03 2022-02-25 深圳前海微众银行股份有限公司 Bidirectional hidden data query method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131145A (en) * 2019-11-08 2020-05-08 西安电子科技大学 Management query system and method for hiding communication key nodes
WO2021088546A1 (en) * 2019-11-08 2021-05-14 蚂蚁区块链科技(上海)有限公司 Blockchain account-based privacy data query method and device
CN113190584A (en) * 2021-04-07 2021-07-30 四川新网银行股份有限公司 Concealed trace query method based on oblivious transmission protocol
CN114091054A (en) * 2021-11-03 2022-02-25 深圳前海微众银行股份有限公司 Bidirectional hidden data query method and device
CN113987584A (en) * 2021-11-11 2022-01-28 建信金融科技有限责任公司 Method and system for hiding query
CN113987583A (en) * 2021-11-11 2022-01-28 建信金融科技有限责任公司 Method and system for hiding query

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117390687A (en) * 2023-12-11 2024-01-12 闪捷信息科技有限公司 Sensitive data query method and device, storage medium and electronic equipment
CN117390687B (en) * 2023-12-11 2024-04-02 闪捷信息科技有限公司 Sensitive data query method and device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN114611152B (en) 2022-08-02

Similar Documents

Publication Publication Date Title
CN111130803B (en) Method, system and device for digital signature
US11880831B2 (en) Encryption system, encryption key wallet and method
US11930103B2 (en) Method, user device, management device, storage medium and computer program product for key management
CN101815091A (en) Cipher providing equipment, cipher authentication system and cipher authentication method
CN111342955B (en) Communication method and device and computer storage medium
CN107767281B (en) Friend-making matching privacy protection method and system based on second-degree connections of mobile social network
CN114840867B (en) Data query method, device and system based on exchangeable encrypted data confusion
CN114840866B (en) Data query method, device and system based on blind signature data confusion
CN115396115B (en) Block chain data privacy protection method, device, equipment and readable storage medium
CN114611152B (en) Query method and query system
Lin Efficient dynamic authentication for mobile satellite communication systems without verification table
CN110401531B (en) Cooperative signature and decryption system based on SM9 algorithm
CN103368918A (en) Method, device and system for dynamic password authentication
Feng et al. White-box implementation of Shamir’s identity-based signature scheme
US20210158444A1 (en) Method and Apparatus for a Blockchain-Agnostic Safe Multi-Signature Digital Asset Management
CN117371011A (en) Data hiding query method, electronic device and readable storage medium
Pu et al. Post quantum fuzzy stealth signatures and applications
WO2020177109A1 (en) Lot-drawing processing method, trusted chip, node, storage medium and electronic device
Li et al. An efficient privacy-preserving bidirectional friends matching scheme in mobile social networks
NL1043779B1 (en) Method for electronic signing and authenticaton strongly linked to the authenticator factors possession and knowledge
CN114726549A (en) Data security query method and system based on bidirectional RSA three-time transmission protocol
Zhao et al. Privacy preserving search services against online attack
CN111754233A (en) Electronic payment method and system based on multi-party signature
Liao et al. A secure and efficient scheme of remote user authentication based on bilinear pairings
US20230006812A1 (en) Method for cogenerating a shared cryptographic material, devices, system and corresponding computer program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant