CN115329359A - Secret query method and system - Google Patents

Secret query method and system Download PDF

Info

Publication number
CN115329359A
CN115329359A CN202211004951.7A CN202211004951A CN115329359A CN 115329359 A CN115329359 A CN 115329359A CN 202211004951 A CN202211004951 A CN 202211004951A CN 115329359 A CN115329359 A CN 115329359A
Authority
CN
China
Prior art keywords
query
result
ciphertext
party
encrypting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211004951.7A
Other languages
Chinese (zh)
Inventor
张津铭
王华忠
殷山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Ant Blockchain Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ant Blockchain Technology Shanghai Co Ltd filed Critical Ant Blockchain Technology Shanghai Co Ltd
Priority to CN202211004951.7A priority Critical patent/CN115329359A/en
Publication of CN115329359A publication Critical patent/CN115329359A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the specification discloses a secret query method and a secret query system, wherein the method comprises the following steps: the first party encrypts the target data identifier based on a first encryption method to determine a first ciphertext; acquiring a second ciphertext, wherein the second ciphertext is obtained by encrypting the first ciphertext by other parties based on a second encryption method; the first encryption method and the second encryption method satisfy a commutative law; decrypting the second ciphertext based on a first decryption method to determine a target key, wherein the first decryption method corresponds to the first encryption method; sending a plurality of query identifiers to a second party, the plurality of query identifiers including the target data identifier and one or more other data identifiers; obtaining a plurality of result ciphertexts from a second party, wherein the result ciphertexts are obtained based on the encryption of the query results corresponding to the query identifications; determining a query result corresponding to the target data identification based on the target key and the plurality of result ciphertexts.

Description

Secret query method and system
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a secret query method and system.
Background
Data plays an increasingly important role in the world today, and in many application scenarios, data has become a resource to be protected. In a related business scenario of data query, a querier with data query requirements may query a data provider with data or with data acquisition capability for acquiring certain data based on data identification. In some cases, in order to protect the data security of the inquirer and the data provider, in the data inquiry process, the data provider needs to be unable to know the real inquiry target of the inquirer, such as the data identifier (e.g., data ID) of the real data to be inquired, and also needs to be unable to know other data of the data provider except the data to be inquired, that is, data irrelevant to the inquiry is not disclosed to the inquirer.
Therefore, the present specification provides a secret query method and system, which can realize the data security protection of the querier and the data provider in the data query process.
Disclosure of Invention
One aspect of an embodiment of the present specification provides a secret query method, applied to a first party, the method including: encrypting the target data identifier based on a first encryption method to determine a first ciphertext; acquiring a second ciphertext, wherein the second ciphertext is obtained by encrypting the first ciphertext by other parties based on a second encryption method; the first encryption method and the second encryption method satisfy a commutative law; decrypting the second ciphertext based on a first decryption method to determine a target key, wherein the first decryption method corresponds to the first encryption method; sending a plurality of query identifiers to a second party, the plurality of query identifiers including the target data identifier and one or more other data identifiers; obtaining a plurality of result ciphertexts from a second party, wherein the plurality of result ciphertexts are obtained based on the encryption of a plurality of query results corresponding to the plurality of query identifications; determining a query result corresponding to the target data identification based on the target key and the plurality of result ciphertexts.
Another aspect of embodiments of the present specification provides a covert query system, deployed at a first party, comprising: the first ciphertext determining module is used for encrypting the target data identifier based on a first encryption method to determine a first ciphertext; the first party second ciphertext acquisition module is used for acquiring a second ciphertext, and the second ciphertext is obtained by encrypting the first ciphertext by other parties based on a second encryption method; the first encryption method and the second encryption method satisfy commutative law; a target key obtaining module, configured to decrypt the second ciphertext based on a first decryption method to determine a target key, where the first decryption method corresponds to the first encryption method; a query identifier sending module, configured to send a plurality of query identifiers to a second party, where the plurality of query identifiers include the target data identifier and one or more other data identifiers; a result ciphertext receiving module, configured to obtain a plurality of result ciphertexts from a second party, where the plurality of result ciphertexts are obtained based on encrypting a plurality of query results corresponding to the plurality of query identifiers; and the query result determining module is used for determining a query result corresponding to the target data identification based on the target key and the result ciphertexts.
Another aspect of an embodiment of the present specification provides a covert querying device comprising at least one storage medium and at least one processor, the at least one storage medium being configured to store computer instructions; the at least one processor is configured to execute the computer instructions to implement a secret query method provided by the embodiments of the present specification.
Another aspect of an embodiment of the present specification provides another secret query method, applied to a second party, the method including obtaining a first ciphertext, where the first ciphertext is obtained by encrypting, by another party, a target data identifier of the query identifiers based on a first encryption method; acquiring a second ciphertext, wherein the second ciphertext is obtained by encrypting the first ciphertext based on a second encryption method, and the first encryption method and the second encryption method meet the commutative law; receiving a plurality of query identifications from a first party; obtaining a plurality of corresponding query results based on the plurality of query identifications; obtaining a plurality of corresponding result ciphertexts based on the encryption of the plurality of query results, wherein the method comprises the following steps: for each query identifier, encrypting the corresponding query result based on the corresponding symmetric encryption key to obtain the corresponding result ciphertext, and encrypting the query identifier based on the second encryption method by using the corresponding symmetric encryption key; and sending the result ciphertexts to a first party so that the first party can decrypt the second cipher text to obtain a target key, and determining a query result corresponding to the target data identification based on the target key and the result ciphertexts.
Another aspect of an embodiment of the present specification provides another secret query system, deployed at a second party, the system comprising: the first ciphertext acquisition module is used for acquiring a first ciphertext, and the first ciphertext is obtained by encrypting the target data identifier in the plurality of query identifiers by other parties based on a first encryption method; the second party second ciphertext obtaining module is used for obtaining a second ciphertext, the second ciphertext is obtained by encrypting the first ciphertext based on a second encryption method, and the first encryption method and the second encryption method meet the commutative law; a query identifier receiving module for receiving a plurality of query identifiers from a first party; the query result acquisition module is used for acquiring a plurality of corresponding query results based on the plurality of query identifications; a result ciphertext obtaining module, configured to obtain a plurality of corresponding result ciphertexts based on encrypting the plurality of query results, where the result ciphertext obtaining module includes: for each query identifier, encrypting the corresponding query result based on the corresponding symmetric encryption key to obtain the corresponding result ciphertext, and encrypting the query identifier based on the second encryption method by using the corresponding symmetric encryption key; and the result ciphertext sending module is used for sending the result ciphertexts to the first party so that the first party decrypts the second ciphertext to obtain a target key, and determining a query result corresponding to the target data identifier on the basis of the target key and the result ciphertexts.
Another aspect of an embodiment of the present specification provides a covert querying device comprising at least one storage medium and at least one processor, the at least one storage medium being configured to store computer instructions; the at least one processor is configured to execute the computer instructions to implement another secret query method provided by the embodiments of the present specification.
Drawings
The present description will be further explained by way of exemplary embodiments, which will be described in detail by way of the accompanying drawings. These embodiments are not intended to be limiting, and in these embodiments like numerals are used to indicate like structures, wherein:
FIG. 1-1 is a diagram of an exemplary application scenario of a covert query system, shown in accordance with some embodiments of the present description;
1-2 are diagrams of exemplary application scenarios of a covert query system, shown in accordance with further embodiments of the present description;
FIG. 2 is an exemplary interaction flow diagram of a secret query method, shown in accordance with some embodiments of the present description;
FIG. 3 is an exemplary flow diagram illustrating obtaining multiple result ciphertexts according to some embodiments of the present description;
FIG. 4 is an exemplary interaction flow diagram of a secret query method, shown in accordance with further embodiments of the present description;
FIG. 5 is an exemplary block diagram of a covert query system, shown in accordance with some embodiments of the present description;
FIG. 6 is an exemplary block diagram of a covert query system, shown in accordance with further embodiments of the present description.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the present description, and that for a person skilled in the art, the present description can also be applied to other similar scenarios on the basis of these drawings without inventive effort. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
It should be understood that "system", "device", "unit" and/or "module" as used herein is a method for distinguishing different components, elements, parts, portions or assemblies of different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this specification and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
Flowcharts are used in this specification to illustrate the operations performed by the system according to embodiments of the present specification. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
In a related business scenario of data query, a querier with data query requirements may query a data provider with data or with data acquisition capability for acquiring some data. The data queried may be various types of data, such as data values, text, images, and so forth.
In some embodiments, the inquirer can initiate a data inquiry request to the data provider and send the inquiry identification of the data to be inquired to the data provider. After receiving the query request and the query identifier of the data to be queried, the data provider can query corresponding data in the database based on the query identifier to obtain a query result, and the data provider can return the query result to the querier, so that data query is realized.
In some cases, in the data query process, both the querying party and the data provider want to protect their data security, which requires that the data provider cannot know the query target of the querying party, such as the query identifier (e.g., data ID) of the data to be queried, i.e., does not reveal the query intention to the data provider, and that the querying party cannot know other data of the data provider except the data to be queried, i.e., does not reveal data irrelevant to the query to the querying party. Based on the above, some embodiments of the present specification provide a secret query method to realize data query and guarantee data security of a querier and a data provider.
It should be noted that in some embodiments of the present specification, "first party", "second party", and "other party" are used to distinguish different parties involved in the data query method, such as the querying party, the data provider, or other third party, but the "first party", "second party", and "other party" are only used to distinguish the parties and do not limit the parties. The technical solutions disclosed in the embodiments of the present specification are explained in detail by the explanation of the drawings below.
1-1 and 1-2 are diagrams of exemplary application scenarios of a covert query system, shown in accordance with some embodiments of the present description.
In some application scenarios, a first party may have data query requirements and a second party may hold or have the ability to obtain data. The functionality implemented by a party in a secret query, such as a first party, a second party, or other party, may be implemented by a processing device of the party.
The processing device may contain one or more sub-processing devices (e.g., a single-core processing device or a multi-core, multi-core processing device). In some embodiments, a processing device may include various types of processors, systems, platforms, and the like, or any combination thereof.
As shown in fig. 1-1, a first party may determine a query identity of data to be queried and initiate a data query request to a second party. The query identifier may include a data identifier indicating data, each of which may have a corresponding data identifier, based on which the corresponding data may be located from a database or other data store. The data identification may be in any feasible form of data, such as a data ID.
After receiving the data query request of the first party, the second party can return the query result to the first party to further realize data query. In this process, the second party needs not to know the real query intention of the first party, and the first party only needs to know the data to be queried but not other data of the second party.
In some embodiments, as shown in fig. 1-2, the first party may send a plurality of query identifications, e.g., ID _0, ID _1, ID _2, …, to the second party. The query identifiers include a data identifier of real data to be queried of a first party, such as ID _0 (the data identifier of the real data to be queried of the first party is referred to as a target data identifier), and also include one or more other data identifiers (the data identifiers except the target data identifier are referred to as other data identifiers), such as ID _1, ID _2, and …, where the other data identifiers may play a role in confusing a query intention of the first party, so that a second party cannot know the real query intention of the first party.
In some embodiments, the second party may obtain a plurality of query results, such as various types of data, corresponding to the plurality of query identifiers after receiving the plurality of query identifiers. The second party may obtain the query result corresponding to the data identifier through various feasible methods, for example, finding corresponding data based on the data identifier in a database in a local or other place.
In some embodiments, the second party may encrypt each obtained query result by a cryptographic encryption algorithm to obtain a plurality of result ciphertexts, such as Cv _ 0 、Cv_ 1 、Cv_ 2 .., and to the first party, and to: the first party can obtain a query result (referred to as a target query result) corresponding to the target data identifier, such as a data value "12032", based on the obtained key and the plurality of result ciphertexts, while the first party cannot know the query result (referred to as other query results) corresponding to other data identifiers, so that other plaintext data of the data provider is not required to be disclosed.
FIG. 2 is an exemplary interaction flow diagram of a secret query method, shown in accordance with some embodiments of the present description.
In some embodiments, the illustrated interaction flow may be performed cooperatively by processing devices of parties participating in the data query, and for convenience of illustration, the steps (e.g., steps 202, 204, 206, 208, 210, 212) in the flow 200 of this specification are primarily described as being performed by way of example by the first party. For example, the part of the interaction flow executed by the first party (e.g., the steps in the flow 200) may be stored in the form of a program or instructions in a storage device of the first party (e.g., an onboard storage unit of the processing device or an external storage device), and the part of the interaction flow executed by the other party such as the second party may be stored in the form of a program or instructions in a storage device of the other party such as the second party. The programs or instructions, when executed, may implement a stealth query process. In some embodiments, process 200 may be implemented by stealth query system 500. It should be noted that the other parties involved in the process 200 may be other parties besides the first party, such as a second party or other third parties.
Step 202, encrypting the target data identifier based on a first encryption method to determine a first ciphertext.
In some embodiments, step 202 may be performed by the first ciphertext determination module 510.
The encryption method for encrypting the target data identification by the first party is called a first encryption method, and the encrypted ciphertext is called a first ciphertext.
And step 204, acquiring a second ciphertext.
In some embodiments, step 204 may be performed by the first-party second ciphertext acquisition module 520.
The first party may send the first ciphertext to the other party.
The other party can encrypt the first ciphertext, the encryption method for encrypting the first ciphertext by the other party is called a second encryption method, and the ciphertext obtained by encryption is called a second ciphertext. The first encryption method and the second encryption method satisfy the commutative law.
The encryption methods satisfy the commutative law, which means that if B (a (msg)) = a (B (msg)) (where msg denotes original data, and B (x) and a (x) denote that data x is encrypted by the encryption methods B and a, respectively), it can be said that the encryption methods a and B satisfy the commutative law. The encryption methods a and B may be the same encryption algorithm using different encryption keys, or may be different encryption algorithms satisfying the commutative law.
The encryption algorithm meeting the commutative law referred to in the present specification may adopt various existing or future encryption algorithms meeting the commutative law, such as RSA, ECC, and the like.
As an example: the first encryption method may be that the target data identifier ID _0 is encrypted by the encryption algorithm E based on the key Pk _ a to obtain a first ciphertext C0, i.e. E (ID _0, pk \u) = C0; the second encryption method may be that the first ciphertext C0 is encrypted by the encryption algorithm E based on the key Pk _ b to obtain a second ciphertext C1, i.e., E (C0, pk _ b) = C1, i.e., E (ID _0, pk \, a), pk _ b) = C1, and the first encryption method and the second encryption method satisfy: e (ID _0, pk _), pk _ b) = E (ID _0, pk _b), pk _ a).
The encryption key of the first encryption method, the encryption key of the second encryption method may be generated based on various feasible methods.
The first party may obtain the second ciphertext generated by the other party.
And step 206, decrypting the second ciphertext based on the first decryption method to determine a target key.
In some embodiments, step 206 may be performed by target key acquisition module 530.
In the embodiments of the present specification, a decryption method corresponding to the first encryption method is referred to as a first decryption method.
In some embodiments, the first party may decrypt the obtained second ciphertext based on the first decryption method, and the obtained decryption result is referred to as a first decryption result.
As an example, decrypting the second ciphertext based on the first decryption method corresponding to the first encryption method E (ID _0, pk _a) is: the second ciphertext is decrypted by a decryption algorithm D based on decryption key D1, i.e., D (C1, D1), i.e., D (E (ID _0, pk _ b), D1). The decryption key corresponding to the encryption algorithm may be generated correspondingly when the encryption key is generated.
Based on the first encryption method and the second encryption method satisfying the commutative law, D (E (ID _0, pk _ b), D1) = D (E (ID _0, pk _ a), D1) = E (ID _0, pk _). Thus, the first decryption result may be E (ID _0, pk _b), which is the result of encrypting the target data identification based on the second encryption method.
The first party may use the first decryption result as a target key (available Cid _) 0 Representation) for subsequent decryption of the resulting ciphertext.
It should be noted that there is no sequential limitation between the foregoing steps 202, 204, and 206 and the following steps 208 and 210, for example, the steps 202, 204, and 206 may be performed before or after the steps 208 and 210 or simultaneously.
Step 208, sending a plurality of query identifiers to the second party, wherein the plurality of query identifiers comprises the target data identifier and one or more other data identifiers.
In some embodiments, step 208 may be performed by query identity transmitting module 540.
The first party may determine one or more other data identifications, such as ID _1, ID _2, …, by various possible methods (e.g., randomly specified or specified by a user).
The first party may send a plurality of query identities to the second party. The transmitted plurality of query identifications includes a target data identification (e.g., ID _ 0) and one or more other data identifications (e.g., ID _1, ID _2, …).
The true query intent of the first party may be suppressed to the second party since the second party receives multiple query tokens and does not know which is the target data token that the first party really needs to query.
Step 210, a plurality of result ciphertexts is obtained from the second party.
In some embodiments, step 210 may be performed by result ciphertext receiving module 550.
After receiving the multiple query identifiers sent by the first party, the second party may perform data lookup based on the query identifiers to obtain multiple query results corresponding to the multiple query identifiers.
As an example, the plurality of query results obtained by the second party corresponding to ID _0, ID _1, and ID _2 are in turn: value _0: "12032", value _1: "13547", value _2: "14356".
The second party may encrypt each query result to obtain a result ciphertext corresponding to each query result.
In some embodiments, the second party encrypting the query result may include: and directly encrypting the query result to obtain a corresponding result ciphertext.
In some embodiments, the second party encrypting the query result may also include: and encrypting the query result and the related information of the query result together to obtain a corresponding result ciphertext.
In some embodiments, the relevant information of the query results may be used to: reflecting the corresponding relation between the query result and the data identification and/or checking the correctness (such as whether the query result is complete or correct or not) of the query result.
In some embodiments, the relevant information of the query results may include one or more of the following: information reflecting the corresponding relationship between the query result and the data identifier (e.g., the data identifier corresponding to the query result, identifiers corresponding to both the data identifier and the query result, such as a number and an order), and information enabling the correctness of the query result to be verified (e.g., a check code such as an MD5 code of the query result).
In some embodiments, the second party, based on a plurality of result ciphertexts obtained by encrypting the plurality of query results, may be to: the first party may obtain a target query result, that is, a query result corresponding to the target data identifier, based on the target key and the result ciphertexts obtained by the first party, and the first party may not obtain other query results or may not obtain correct other query results.
For more details on the second party obtaining the result ciphertexts based on the encryption of the query results, refer to fig. 3 and its related description.
The first party may obtain a plurality of resulting ciphertexts obtained by the second party.
Step 212, determining a query result corresponding to the target data identification based on the target key and the plurality of result ciphertexts.
In some embodiments, step 212 may be performed by query result determination module 560.
In some embodiments, the first party may obtain the correspondence between each query identifier and each result ciphertext from the second party. For example, the first party may obtain, from the second party, a query identifier corresponding to the result ciphertext (e.g., obtain a key-value pair including the query identifier and the corresponding result ciphertext), an identifier corresponding to both the query identifier and the result ciphertext (e.g., a number, etc.), an order of the result ciphertexts corresponding to an order of the query identifiers (which may be correspondingly determined when the result ciphertexts are obtained), or other information reflecting a corresponding relationship between the query identifier and the result ciphertext.
In some embodiments, the first party may determine, among the obtained plurality of result ciphertexts, a result cipher text that needs to be decrypted, which is referred to as a target result cipher text. In some embodiments, specifically, the first party may determine, based on the obtained correspondence between each query identifier and each result ciphertext, a result ciphertext corresponding to the target data identifier, that is, a target result ciphertext.
As an example, a first party may obtain, from a second party, a plurality of key value pairs that include a query identification and a corresponding result ciphertext: "ID _0= cv \ 0 (****)”、“ID_1=Cv_ 1 (****)”、“ID_2=Cv_ 2 Based on the plurality of key value pairs, the first party can know that the result ciphertext corresponding to the target data ID _0, that is, the target result ciphertext is Cv \u ″ 0 (****)。
In some embodiments, the first party may be based on the obtained target key Cid _ 0 Decrypt the target result ciphertext and may be decrypted successfully to obtain the target query result, e.g., D ec (Cv_ 0 ,Cid_ 0 )=Value_0,D ec Representing a decryption algorithm.
In some embodiments, the first party may decrypt a plurality of resulting ciphertexts obtained from the second party based on the target key, e.g., D ec (Cv_ k ,Cid_ 0 ),D ec Representing a decryption algorithm, cv _ k And k is 0, 1, 2 and … and is used for indicating different query identifications for the result ciphertext corresponding to each query identification.
In some embodiments, the first party may determine the target query result based on the data result decrypted for the plurality of result ciphertexts.
In some embodiments, the first party is able to successfully decrypt a result ciphertext of the plurality of result ciphertexts based on the target key and obtain a successfully decrypted data result, and the first party fails to decrypt other result ciphertexts of the plurality of result ciphertexts. The first party can decrypt the successful result ciphertext, that is, the targetTarget result ciphertext, and the first party may obtain a target query result based on a data result from a successful decryption, e.g., D ec (Cv_ 0 ,Cid_ 0 ) Value _0, value _0is the target query result.
In some embodiments, the first party may obtain a corresponding plurality of data results based on decrypting the plurality of result ciphertexts, including successfully decrypted data results (i.e., correct data results) and unsuccessfully decrypted other data results (e.g., incorrect data results). The first party may determine a successfully decrypted data result from the plurality of data results by checking the obtained data result, and may obtain the target query result based on the data result.
As described above, in some embodiments, the second party may encrypt the query result and the related information of the query result together to obtain a corresponding result ciphertext, and the related information of the query result may be used to reflect the corresponding relationship between the query result and the data identifier and/or to check the correctness (e.g., whether the query result is complete or correct, etc.) of the query result. Based on this, in some embodiments, if the first party succeeds in decrypting the result ciphertext, the data result obtained by decryption may include the corresponding query result and the related information of the query result. In some embodiments, if the first party obtains the relevant information of the query result in a certain data result, for example, the MD5 check code, the first party may check the query result in the data result based on the relevant information of the query result.
In some embodiments, if the first party obtains the relevant information of the query result in a certain data result, and verifies the query result in the data result based on the relevant information of the query result, and the verification result that the certain data result is obtained is that the query result is correct, or additionally, verifies that the query result is a target query result, the data result is a data result that is successfully decrypted, and the first party may use the query result in the data result as the target query result.
Through some embodiments described above, the first party can obtain the target key based on decrypting the second ciphertext, and decrypt the result ciphertext obtained from the second party with the target key to obtain the target query result, while the first party cannot decrypt other result ciphertext to obtain other query results or cannot obtain correct other query results. Therefore, the real query intention of the first party such as the query party can be hidden for the second party, other plaintext data of the second party such as the data provider can be guaranteed not to be disclosed for the first party, and data safety of all the participants participating in data query is effectively guaranteed.
Fig. 3 is an exemplary flow diagram illustrating obtaining multiple result ciphertexts according to some embodiments of the present description.
In some embodiments, each query identifier has a corresponding encryption key, and the encryption key corresponding to the query identifier may be obtained based on encrypting the query identifier.
In some embodiments, the method of encrypting the query identification may be the same as the second encryption method. For example, E (ID _ k, pk _ b) = Cid _ k ,Cid_ k I.e. as an encryption key to which the data identity ID k corresponds.
Each query identification may be generated by a party other than the first party (e.g., a second party or other third party).
In some embodiments, for each query identifier, the second party may perform symmetric encryption on the query result corresponding to the query identifier based on the encryption key corresponding to the query identifier, to obtain a corresponding result ciphertext. For example, it can be represented as E nc (Value_k,Cid_ k )=Cv_ k ,E nc Representing a symmetric encryption algorithm, cid k Indicating the encryption key corresponding to the data ID _ k, value _ k indicating the data corresponding to the data ID _ k, cv \u k And indicating the result ciphertext corresponding to Value _ k.
Symmetric encryption refers to the encryption key used for encryption (referred to as a symmetric encryption key) being the same as the decryption key used for the corresponding decryption of the encrypted result.
FIG. 4 is an exemplary interaction flow diagram of a secret query method, shown in accordance with further embodiments of the present description.
In some embodiments, the illustrated interaction flow may be performed cooperatively by processing devices of parties participating in the data query, and for convenience of illustration, the steps (e.g., steps 402, 404, 406, 408, 410, 412) in the flow 400 of this specification are primarily described as being performed by way of example by a second party. In some embodiments, flow 400 may be implemented by stealth query system 600. It should be noted that the other party involved in the flow 400 may be other parties than the second party, such as the first party or other third parties.
Step 402, obtaining a first ciphertext.
In some embodiments, step 402 may be performed by the first ciphertext acquisition module 610.
In some embodiments, the other party may encrypt the target data identification based on a first encryption method to determine a first ciphertext, and the second party may obtain the first ciphertext from the other party.
For more details about the first ciphertext, reference may be made to fig. 2 and its associated description.
Step 404, a second ciphertext is obtained.
In some embodiments, step 404 may be performed by the second party second ciphertext acquisition module 620.
In some embodiments, the second party may encrypt the first ciphertext to obtain a second ciphertext.
In some embodiments, other third parties may encrypt the first ciphertext to obtain a second ciphertext, and the second party may obtain the second ciphertext from the other parties.
In some embodiments, the first party may obtain second ciphertext of the second party or other third parties.
The first party may decrypt the obtained second ciphertext based on a first decryption method corresponding to the first encryption method to obtain the target key.
For more details of the second ciphertext and the target key obtained by the first party, reference may be made to fig. 2 and its associated description.
At step 406, a plurality of query identifications are received from a first party.
In some embodiments, step 406 may be performed by query identity receiving module 630.
The first party may send a plurality of query identities to the second party. The plurality of query identifications includes a target data identification (e.g., ID _ 0) and a plurality of other data identifications (e.g., ID _1, ID _2, …).
More details regarding the multiple query identifications can be found in FIG. 2 and its associated description.
Step 408, obtaining a plurality of corresponding query results based on the plurality of query identifications.
In some embodiments, step 408 may be performed by query result acquisition module 640.
After receiving the plurality of query identifiers sent by the first party, the second party may perform data search based on the query identifiers to obtain a plurality of query results corresponding to the plurality of query identifiers.
More details regarding the plurality of query results can be found in FIG. 2 and its associated description.
Step 410, a plurality of result ciphertexts corresponding to the plurality of query results are obtained based on the encryption.
In some embodiments, step 410 may be performed by the result ciphertext acquisition module 650.
In some embodiments, for each of the query identifications, the second party may encrypt the corresponding query result based on the corresponding symmetric encryption key to obtain a corresponding result ciphertext.
In some embodiments, for each of the query identifications, a corresponding symmetric encryption key may be derived based on encrypting the query identification.
For more details on encrypting a plurality of query results to obtain a corresponding plurality of result ciphertexts, refer to fig. 2 and fig. 3 and their related descriptions.
Step 412, sending the plurality of result ciphertexts to the first party.
In some embodiments, step 412 may be performed by the result ciphertext transmission module 660.
The first party may determine a target query result, i.e., a query result corresponding to the target data identification, based on the target key and the plurality of result ciphertexts. Meanwhile, the first party cannot obtain other query results or cannot obtain correct other query results.
More details regarding the second party sending the plurality of result ciphertexts to the first party, the first party determining the target query result based on the target key and the plurality of result ciphertexts may be found in fig. 2 and its associated description.
It should be noted that the above description of the respective flows is only for illustration and description, and does not limit the applicable scope of the present specification. Various modifications and changes to the flow may occur to those skilled in the art, given the benefit of this disclosure. However, such modifications and variations are intended to be within the scope of the present description. For example, the process steps related to the present specification may be changed, such as adding a preprocessing step, a storage step, adding an interaction step between a third-party system and a first party or a second party (for example, the first party performs an encryption and decryption step by using the third-party system a interacting with the processing device of the first party, such as obtaining a first ciphertext by encrypting a target data identifier, determining a target key by decrypting a second ciphertext, obtaining a target query result by using the target key and a plurality of result ciphertexts, and the like), and the second party performs an encryption step by using the third-party system B interacting with the processing device of the second party, such as obtaining a second ciphertext by encrypting the first ciphertext, obtaining an encryption key corresponding to the query identifier by encrypting the query identifier, obtaining a plurality of result ciphertexts corresponding to the plurality of query results by encrypting the plurality of result ciphertexts), and the like.
FIG. 5 is an exemplary block diagram of a covert query system, shown in some embodiments of the present description.
The stealth query system 500 may be deployed at a first party. As shown in fig. 5, the system 500 may include a first ciphertext determination module 510, a first-party second ciphertext acquisition module 520, a target key acquisition module 530, a query identifier sending module 540, a result ciphertext receiving module 550, and a query result determination module 560.
In some embodiments, the first ciphertext determination module 510 may be configured to encrypt the target data identification based on a first encryption method to determine a first ciphertext.
In some embodiments, the first party second ciphertext acquisition module 520 may be configured to acquire a second ciphertext obtained by encrypting the first ciphertext by the other party based on a second encryption method. The first encryption method and the second encryption method satisfy a commutative law.
In some embodiments, the target key obtaining module 530 may be configured to decrypt the second ciphertext based on a first decryption method, where the first decryption method corresponds to the first encryption method, to determine the target key.
In some embodiments, the query identity sending module 540 may be configured to send a plurality of query identities to the second party, the plurality of query identities including the target data identity and one or more other data identities.
In some embodiments, the result ciphertext receiving module 550 may be configured to obtain, from the second party, a plurality of result ciphertexts obtained based on encrypting the plurality of query results corresponding to the plurality of query identifications.
In some embodiments, query result determination module 560 may be operative to determine a query result corresponding to the target data identification based on the target key and the plurality of result ciphertexts.
With regard to the detailed description of the modules of the system shown above, reference may be made to the flow chart portion of the specification, e.g., fig. 2 and 3 and their associated description.
FIG. 6 is an exemplary block diagram of a covert query system, shown in accordance with further embodiments of the present description.
The stealth query system 600 may be deployed to a second party. As shown in fig. 6, the system 600 may include a first ciphertext obtaining module 610, a second party second ciphertext obtaining module 620, a query identifier receiving module 630, a query result obtaining module 640, a result ciphertext obtaining module 650, and a result ciphertext sending module 660.
In some embodiments, the first ciphertext obtaining module 610 may be configured to obtain the first ciphertext obtained by encrypting, by the other party, the target data identifier of the plurality of query identifiers based on a first encryption method.
In some embodiments, the second-party second ciphertext obtaining module 620 may be configured to obtain a second ciphertext, where the second ciphertext is obtained by encrypting the first ciphertext according to a second encryption method, and the first encryption method and the second encryption method satisfy the commutative law.
In some embodiments, query identity receiving module 630 may be operative to receive a plurality of query identities from a first party.
In some embodiments, the query result obtaining module 640 may be configured to obtain a corresponding plurality of query results based on the plurality of query identifications.
In some embodiments, the result ciphertext acquisition module 650 may be configured to obtain a corresponding plurality of result ciphertexts based on encrypting the plurality of query results, including: and for each query identifier, encrypting the corresponding query result based on the corresponding symmetric encryption key to obtain the corresponding result ciphertext, and encrypting the query identifier based on the second encryption method by using the corresponding symmetric encryption key to obtain the result ciphertext.
In some embodiments, the result ciphertext transmission module 660 may be configured to transmit the plurality of result ciphertexts to the first party, so that the first party decrypts the second ciphertext to obtain the target key, and determine the query result corresponding to the target data identifier based on the target key and the plurality of result ciphertexts.
For a detailed description of the modules of the system shown above, reference may be made to the flow chart portion of this specification, e.g., fig. 4 and its associated description.
It should be understood that the systems shown in fig. 5 and 6 and their modules may be implemented in a variety of ways. For example, in some embodiments, the system and its modules may be implemented in hardware, software, or a combination of software and hardware. Wherein the hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory for execution by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the methods and systems described above may be implemented using computer executable instructions and/or embodied in processor control code, for example such code provided on a carrier medium such as a diskette, CD-or DVD-ROM, programmable memory such as read-only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The system and its modules in this specification may be implemented not only by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, etc., or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., but also by software executed by various types of processors, for example, or by a combination of hardware circuits and software (e.g., firmware).
It should be noted that the above description of the secret query system and its modules is for convenience only and should not limit the present disclosure to the scope of the illustrated embodiments. It will be appreciated by those skilled in the art that, given the teachings of the present system, any combination of modules or sub-system configurations may be used to connect to other modules without departing from such teachings. For example, in some embodiments, the result ciphertext obtaining module 650 and the result ciphertext sending module 660 may be different modules in a system, or may be a module that implements the functions of two or more modules described above. For example, each module may share one memory module, and each module may have its own memory module. Such variations are within the scope of the present disclosure.
Embodiments of the present specification also provide a secret query apparatus, comprising at least one storage medium and at least one processor, the at least one storage medium configured to store computer instructions; the at least one processor is configured to execute the computer instructions to implement a stealth query method, the method comprising: encrypting the target data identifier based on a first encryption method to determine a first ciphertext; acquiring a second ciphertext, wherein the second ciphertext is obtained by encrypting the first ciphertext by other parties based on a second encryption method; the first encryption method and the second encryption method satisfy commutative law; decrypting the second ciphertext based on a first decryption method to determine a target key, wherein the first decryption method corresponds to the first encryption method; sending a plurality of query identifiers to a second party, the plurality of query identifiers including the target data identifier and one or more other data identifiers; obtaining a plurality of result ciphertexts from a second party, wherein the plurality of result ciphertexts are obtained based on the encryption of a plurality of query results corresponding to the plurality of query identifications; determining a query result corresponding to the target data identification based on the target key and the plurality of result ciphertexts.
Embodiments of the present specification also provide another secret querying device, including at least one storage medium and at least one processor, the at least one storage medium storing computer instructions; the at least one processor is configured to execute the computer instructions to implement a stealth query method, the method comprising: acquiring a first ciphertext, wherein the first ciphertext is obtained by encrypting the target data identifier in the plurality of query identifiers by other parties based on a first encryption method; acquiring a second ciphertext, wherein the second ciphertext is obtained by encrypting the first ciphertext based on a second encryption method, and the first encryption method and the second encryption method meet the commutative law; receiving a plurality of query identifications from a first party; obtaining a plurality of corresponding query results based on the plurality of query identifications; obtaining a plurality of corresponding result ciphertexts based on the encryption of the plurality of query results, wherein the method comprises the following steps: for each query identifier, encrypting the corresponding query result based on the corresponding symmetric encryption key to obtain the corresponding result ciphertext, and encrypting the query identifier based on the second encryption method by using the corresponding symmetric encryption key; and sending the result ciphertexts to a first party so that the first party can decrypt the second cipher text to obtain a target key, and determining a query result corresponding to the target data identification based on the target key and the result ciphertexts.
The beneficial effects that may be brought by the embodiments of the present description include, but are not limited to: the method comprises the steps that a first party sends a plurality of query identifications to a second party, the first party and the second party encrypt target data identifications by using a first encryption method and a second encryption method which meet an exchange law to obtain a second ciphertext, and the second party encrypts a plurality of result ciphertexts based on a plurality of query results corresponding to the plurality of query identifications to obtain a plurality of result ciphertexts, so that the first party can obtain a target secret key based on the obtained second ciphertext and obtain a target query result based on the target secret key and the obtained result ciphertexts, the purpose that the first party such as a query party can be concealed to the second party in a data query process is achieved, other plaintext data of the second party such as a data provider can be prevented from being revealed to the first party, and data safety of each participant participating in data query is effectively guaranteed. It is to be noted that different embodiments may produce different advantages, and in different embodiments, any one or combination of the above advantages may be produced, or any other advantages may be obtained.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be regarded as illustrative only and not as limiting the present specification. Various modifications, improvements and adaptations to the present description may occur to those skilled in the art, though not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present specification and thus fall within the spirit and scope of the exemplary embodiments of the present specification.
Also, the description uses specific words to describe embodiments of the description. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification is included. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, certain features, structures, or characteristics may be combined as suitable in one or more embodiments of the specification.
Moreover, those skilled in the art will appreciate that aspects of the present description may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereof. Accordingly, aspects of this description may be performed entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.), or by a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the present description may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.
The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, and the like, or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for the operation of various portions of this specification may be written in any one or more programming languages, including an object oriented programming language such as Java, scala, smalltalk, eiffel, JADE, emerald, C + +, C #, VB.NET, python, and the like, a conventional programming language such as C, visual Basic, fortran 2003, perl, COBOL 2002, PHP, ABAP, a dynamic programming language such as Python, ruby, and Groovy, or other programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
Additionally, the order in which the elements and sequences of the process are recited in the specification, the use of alphanumeric characters, or other designations, is not intended to limit the order in which the processes and methods of the specification occur, unless otherwise specified in the claims. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing server or mobile device.
Similarly, it should be noted that in the preceding description of embodiments of the present specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to imply that more features than are expressly recited in a claim. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
Numerals describing the number of components, attributes, etc. are used in some embodiments, it being understood that such numerals used in the description of the embodiments are modified in some instances by the use of the modifier "about", "approximately" or "substantially". Unless otherwise indicated, "about", "approximately" or "substantially" indicates that the number allows a variation of ± 20%. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximations that may vary depending upon the desired properties of the individual embodiments. In some embodiments, the numerical parameter should take into account the specified significant digits and employ a general digit preserving approach. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of the range are approximations, in the specific examples, such numerical values are set forth as precisely as possible within the scope of the application.
For each patent, patent application publication, and other material, such as articles, books, specifications, publications, documents, etc., cited in this specification, the entire contents of each are hereby incorporated by reference into this specification. Except where the application history document does not conform to or conflict with the contents of the present specification, it is to be understood that the application history document, as used herein in the present specification or appended claims, is intended to define the broadest scope of the present specification (whether presently or later in the specification) rather than the broadest scope of the present specification. It is to be understood that the descriptions, definitions and/or uses of terms in the accompanying materials of this specification shall control if they are inconsistent or contrary to the descriptions and/or uses of terms in this specification.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments described herein. Other variations are also possible within the scope of the present description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.

Claims (9)

1. A secret query method, applied to a first party, the method comprising:
encrypting the target data identifier based on a first encryption method to determine a first ciphertext;
acquiring a second ciphertext, wherein the second ciphertext is obtained by encrypting the first ciphertext by other parties based on a second encryption method;
the first encryption method and the second encryption method satisfy a commutative law;
decrypting the second ciphertext based on a first decryption method to determine a target key, wherein the first decryption method corresponds to the first encryption method;
sending a plurality of query identifiers to a second party, the plurality of query identifiers including the target data identifier and one or more other data identifiers;
obtaining a plurality of result ciphertexts from a second party, wherein the plurality of result ciphertexts are obtained based on the encryption of a plurality of query results corresponding to the plurality of query identifications;
determining a query result corresponding to the target data identification based on the target key and the plurality of result ciphertexts.
2. The method of claim 1, comprising:
identifying for one of said queries: and the corresponding result ciphertext is obtained by encrypting the corresponding query result based on the corresponding symmetric encryption key, and the corresponding symmetric encryption key is obtained by encrypting the query identifier by other parties based on the second encryption method.
3. The method of claim 1, the determining a query result corresponding to the target data identification based on the target key and the plurality of result ciphertexts, comprising:
acquiring the corresponding relation between the plurality of query identifications and the plurality of result ciphertexts from a second party, and correspondingly determining a target result cipher text;
and decrypting the target result ciphertext based on the target key to determine the query result corresponding to the target data identifier.
4. The method of claim 1, the determining a query result corresponding to the target data identification based on the target key and the plurality of result ciphertexts comprising:
decrypting the plurality of result ciphertexts based on the target key, and determining the query result corresponding to the target data identification based on the decrypted data result.
5. A covert query system, deployed at a first party, said system comprising:
the first ciphertext determining module is used for encrypting the target data identifier based on a first encryption method to determine a first ciphertext;
the first party second ciphertext acquisition module is used for acquiring a second ciphertext, and the second ciphertext is obtained by encrypting the first ciphertext by other parties based on a second encryption method; the first encryption method and the second encryption method satisfy a commutative law;
a target key obtaining module, configured to decrypt the second ciphertext based on a first decryption method to determine a target key, where the first decryption method corresponds to the first encryption method;
a query identifier sending module, configured to send a plurality of query identifiers to a second party, where the plurality of query identifiers include the target data identifier and one or more other data identifiers;
a result ciphertext receiving module, configured to obtain a plurality of result ciphertexts from a second party, where the plurality of result ciphertexts are obtained based on encrypting a plurality of query results corresponding to the plurality of query identifiers;
and the query result determining module is used for determining a query result corresponding to the target data identification based on the target key and the result ciphertexts.
6. A stealth lookup apparatus, the apparatus comprising at least one processor and at least one memory;
the at least one memory is for storing computer instructions;
the at least one processor is configured to execute at least some of the computer instructions to implement the method of any one of claims 1-4.
7. A secret query method applied to a second party, the method comprising:
acquiring a first ciphertext, wherein the first ciphertext is obtained by encrypting the target data identifier in the plurality of query identifiers by other parties based on a first encryption method;
acquiring a second ciphertext, wherein the second ciphertext is obtained by encrypting the first ciphertext based on a second encryption method, and the first encryption method and the second encryption method meet a commutative law;
receiving a plurality of query identifications from a first party;
obtaining a plurality of corresponding query results based on the plurality of query identifications;
obtaining a plurality of corresponding result ciphertexts based on the encryption of the plurality of query results, wherein the method comprises the following steps: for each query identifier, encrypting the corresponding query result based on the corresponding symmetric encryption key to obtain the corresponding result ciphertext, and encrypting the query identifier based on the second encryption method by using the corresponding symmetric encryption key;
and sending the result ciphertexts to a first party so that the first party can decrypt the second cipher text to obtain a target key, and determining a query result corresponding to the target data identification based on the target key and the result ciphertexts.
8. A secret query system deployed to a second party, the system comprising:
the first ciphertext acquisition module is used for acquiring a first ciphertext, and the first ciphertext is obtained by encrypting the target data identifier in the plurality of query identifiers by other parties based on a first encryption method;
the second party second ciphertext obtaining module is used for obtaining a second ciphertext, the second ciphertext is obtained by encrypting the first ciphertext based on a second encryption method, and the first encryption method and the second encryption method meet the commutative law;
a query identifier receiving module for receiving a plurality of query identifiers from a first party;
the query result acquisition module is used for acquiring a plurality of corresponding query results based on the plurality of query identifications;
a result ciphertext obtaining module, configured to obtain a plurality of corresponding result ciphertexts based on encrypting the plurality of query results, where the result ciphertext obtaining module includes: for each query identifier, encrypting the corresponding query result based on the corresponding symmetric encryption key to obtain the corresponding result ciphertext, and encrypting the query identifier based on the second encryption method by using the corresponding symmetric encryption key;
and the result ciphertext sending module is used for sending the result ciphertexts to the first party so that the first party can decrypt the second ciphertext to obtain a target key, and determining a query result corresponding to the target data identifier based on the target key and the result ciphertexts.
9. A surreptitious querying device, said device comprising at least one processor and at least one memory;
the at least one memory is for storing computer instructions;
the at least one processor is configured to execute at least some of the computer instructions to implement the method of claim 7.
CN202211004951.7A 2022-08-22 2022-08-22 Secret query method and system Pending CN115329359A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211004951.7A CN115329359A (en) 2022-08-22 2022-08-22 Secret query method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211004951.7A CN115329359A (en) 2022-08-22 2022-08-22 Secret query method and system

Publications (1)

Publication Number Publication Date
CN115329359A true CN115329359A (en) 2022-11-11

Family

ID=83926722

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211004951.7A Pending CN115329359A (en) 2022-08-22 2022-08-22 Secret query method and system

Country Status (1)

Country Link
CN (1) CN115329359A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115630400A (en) * 2022-12-21 2023-01-20 成都卫士通信息产业股份有限公司 Query method, device, equipment and storage medium for de-identified data

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115630400A (en) * 2022-12-21 2023-01-20 成都卫士通信息产业股份有限公司 Query method, device, equipment and storage medium for de-identified data

Similar Documents

Publication Publication Date Title
CN111027086B (en) Private data protection method and system
CN110519309B (en) Data transmission method, device, terminal, server and storage medium
CN111049825B (en) Secure multi-party computing method and system based on trusted execution environment
CN111327643B (en) Multi-party data sharing method and device
CN109067528B (en) Password operation method, work key creation method, password service platform and equipment
CN112926092A (en) Privacy-protecting identity information storage and identity authentication method and device
CN109347625B (en) Password operation method, work key creation method, password service platform and equipment
CN108471403B (en) Account migration method and device, terminal equipment and storage medium
EP3552131B1 (en) Password security
WO2017000648A1 (en) Authentication method and apparatus for reinforced software
US10700865B1 (en) System and method for granting secure access to computing services hidden in trusted computing environments to an unsecure requestor
US10439809B2 (en) Method and apparatus for managing application identifier
EP3206329A1 (en) Security check method, device, terminal and server
CN111090870A (en) Privacy-protecting user information query method and device
CN108449322B (en) Identity registration and authentication method, system and related equipment
CN114500069A (en) Method and system for storing and sharing electronic contract
CN117220865A (en) Longitude and latitude encryption method, longitude and latitude verification device and readable storage medium
CN115329359A (en) Secret query method and system
CN111917711B (en) Data access method and device, computer equipment and storage medium
CN106992978B (en) Network security management method and server
CN112966309A (en) Service implementation method and device based on block chain
KR102056612B1 (en) Method for Generating Temporary Anonymous Certificate
CN111510421B (en) Data processing method and device, electronic equipment and computer readable storage medium
CN113127818A (en) Block chain-based data authorization method and device and readable storage medium
CN112418850A (en) Transaction method and device based on block chain and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination