CN115757497A - Data hiding query method and device for memory database based on trusted key values - Google Patents
Data hiding query method and device for memory database based on trusted key values Download PDFInfo
- Publication number
- CN115757497A CN115757497A CN202211470113.9A CN202211470113A CN115757497A CN 115757497 A CN115757497 A CN 115757497A CN 202211470113 A CN202211470113 A CN 202211470113A CN 115757497 A CN115757497 A CN 115757497A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- file
- query
- inquiring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of privacy calculation, and provides a method and a device for querying data hiding of a memory database based on a trusted key value, wherein the method comprises the following steps of: a data party encrypts a plaintext data file to obtain an encrypted data file, and registers the encrypted data file; the data side decrypts the registered encrypted data file, generates Key-Value pair data and stores the Key-Value pair data into a Key-Value pair database; the inquiring party writes the inquiring condition into the inquiring file and encrypts the inquiring file to obtain an encrypted inquiring file; and the inquiring party inquires the Key-Value data according to the encrypted inquiry file to obtain an inquiry result. According to the data hiding query method and device based on the memory database with the trusted key values, the privacy of a data side and the hiding of a query side can be guaranteed, the file IO (input/output) overhead is obviously reduced, and the query efficiency is improved.
Description
Technical Field
The invention relates to the technical field of privacy calculation, in particular to a data hiding query method and device for an in-memory database based on trusted key values.
Background
The traditional intersection query of multi-party data is carried out on a plaintext basis, and when the data set involved in intersection and the query condition are sensitive information, the information outside the intersection of the data parties and the query condition of the query party are easily exposed.
Hiding the query of deals is an important way to prevent privacy disclosure. As the name is hidden, in the hiding solution query process, the original data of the data party is invisible, and the query party cannot acquire the authorized unexpected record of the data party; and the query record of the inquirer is hidden, and the data side does not know which data the inquirer inquires. The inquiring party sends the id to be inquired to the data party, the data party returns the corresponding information of the id to the inquiring party through intersection, if the id is not inquired, the data party returns the empty data, the inquiring party cannot know the data except the inquiring id in the whole process, and the data party cannot know which id is inquired by the inquiring party.
The existing secret cross query is mainly realized based on a cryptography technology. Chinese patent publication No. CN114091054A proposes a bidirectional covert data query method, which utilizes multiple encryptions to ensure the concealment of bidirectional data; the secret query method based on the RSA algorithm, which is proposed in the Chinese patent with the publication number of CN113987582A, is implemented by adopting asymmetric key encryption and through an exclusive OR operation. Chinese patent publication No. CN112367170A discloses a data hiding query security sharing system based on multi-party security computation, and the like, which ensures that user identity information cannot be decrypted by other third parties and information security sharing of organization core data is not ex-warehouse through a key dynamic double encryption technology and a secret sharing algorithm.
Although the method can ensure the confidentiality of the query, the following defects still exist in practical application: 1. each time a query request is initiated, the data side and the query side need to renegotiate a key; 2. the use of complex cryptography techniques introduces significant delays that result in reduced query efficiency.
Therefore, how to improve the efficiency and real-time performance of the hidden query while realizing the query of the hidden data becomes a technical problem to be solved urgently.
Disclosure of Invention
In view of this, in order to overcome the defects of the prior art, the present invention aims to provide a hidden query method for a memory database based on a trusted key value, in which a key value is implemented inside a TEE to use the memory database for persistent storage of data to be queried, and the key value database is similar to a Redis and a LevelDB database, so that the file IO overhead can be reduced, and the efficiency of encrypted query can be improved.
In one aspect, the present invention provides a data hiding query method for a memory database based on a trusted key value, including:
step S1: a data party encrypts a plaintext data file to obtain an encrypted data file, and registers the encrypted data file;
step S2: the data side decrypts the registered encrypted data file, generates Key-Value pair data and stores the Key-Value pair data into a Key-Value pair database;
and step S3: the inquiring party writes the inquiring conditions into the inquiring file and encrypts the inquiring file to obtain an encrypted inquiring file;
and step S4: and the inquiring party inquires the data by the Key-Value according to the encrypted inquiry file to obtain an inquiry result.
Further, in the method for querying data hiding based on the trusted key value to the memory database of the present invention, the step S1 includes:
a data side exports a plaintext data file from a data side database through a data preprocessing API;
and applying an encryption key to the key management program through the data preprocessing API to encrypt the plaintext data file to obtain an encrypted data file, and sending the encrypted data file to the data registration program.
Further, in the data hiding query method based on the trusted key value to the memory database, the encrypted data file in the step S1 includes a user name of a data party, a path of the encrypted data file, and a key value field.
Further, in the method for querying the data hiding based on the internal memory database with the trusted key value pair of the present invention, the step S2 includes:
the data side acquires a decryption key from the key management program through the data registration program, and decrypts the encrypted data file by adopting the acquired decryption key to acquire a plaintext data file;
reading a plaintext data file through a data registration program, taking a first column of each line of data in the plaintext data file as a Key, and taking other columns as Value, so as to obtain a group of Key-Value pairs;
creating a memory table through a database engine, inserting a Key-Value pair into the memory table, and storing the memory table into a Key-Value pair database.
Further, in the method for querying data hiding based on the trusted key value to the memory database of the present invention, step S3 includes: and the inquiring party writes the inquiring item corresponding to the Key field to be inquired into the inquiring file, applies an encryption Key to the Key management program through the hidden inquiring API to encrypt the inquiring file to obtain an encrypted inquiring file, and sends the encrypted inquiring file to the data inquiring program.
Further, in the data hiding query method based on the trusted key value to the memory database, in step S3, the encrypted query file includes the user name of the querying party and the encrypted query file path.
Further, in the method for querying data hiding based on the trusted key value to the memory database of the present invention, step S4 includes:
the inquiring party acquires the decryption key from the key management program through the data inquiry program, and decrypts the encrypted inquiry file by adopting the acquired decryption key to obtain an inquiry item;
traversing the data by rows according to the query items through a data query program to obtain a Key field to be matched in each row;
reading memory table data carrying a Key-Value pair from a Key-Value pair database through a database engine, inquiring whether the read memory table data carrying the Key-Value pair has the Key field record to be matched, and if so, acquiring the Value corresponding to the Key field record;
and after the traversal is finished, returning the obtained Value record serving as a query result to the query party, and deleting the query file and the query result through a data query program.
In another aspect, the present invention provides a data hiding query apparatus for a memory database based on a trusted key, including:
the data side system is arranged in an area outside the TEE domain and comprises a data side client and a data side database, wherein the data side client comprises a data preprocessing API (application programming interface) for exporting a plaintext data file from the data side database, applying an encryption key to a key management program to encrypt the plaintext data file to obtain an encrypted data file, and sending the encrypted data file to a data registration program; the database of the data party is used for storing the plaintext data file of the data party;
the credible hiding query system is arranged in the TEE region and comprises a credible application module and a credible storage module and is used for returning a query result to the querying party according to the query condition of the querying party;
and the inquiring party system is arranged in an area outside the TEE domain, comprises an inquiring party client and comprises a hidden inquiring API (application programming interface) and is used for applying an encryption key to the key management program to encrypt the inquiring file, obtaining an encrypted inquiring file and sending the encrypted inquiring file to the data inquiring program.
Furthermore, in the data hiding query device for the in-memory database based on the trusted key value, the trusted application module comprises a key management program, a data registration program and a data query program, wherein the key management program is used for providing an encryption key for encrypting a plaintext data file for a data preprocessing API (application programming interface), providing a decryption key for decrypting the encrypted data file for the data registration program, providing an encryption key for encrypting a query file for the hiding query API, and providing a decryption key for decrypting the encrypted query file for the data query program; the data registration program is used for receiving the encrypted data file sent by the data preprocessing API, acquiring a decryption Key from the Key management program, decrypting the encrypted data file by using the acquired decryption Key to obtain a plaintext data file, reading the plaintext data file, and taking a first column of each line of data in the plaintext data file as a Key and taking other columns as values to obtain a group of Key-Value pairs; the data query program is used for receiving an encrypted query file sent by the hidden query API, acquiring a decryption Key from the Key management program, decrypting the encrypted query file by using the acquired decryption Key to obtain a query item, traversing the data according to the row according to the query item to acquire a Key field to be matched in each row, querying whether a Key field record to be matched exists in memory table data which is read by a database engine and carries a Key-Value pair, and acquiring a Value corresponding to the Key field record if the Key field record exists; and after the traversal is finished, returning the obtained Value record serving as a query result to the query party, and deleting the query file and the query result.
On the other hand, in the data hiding query device based on the trusted Key-Value pair memory database, the trusted storage module comprises a database engine and a Key-Value pair database, wherein the database engine is used for creating a memory table, inserting a Key-Value pair into the memory table, storing the memory table into the Key-Value pair database, and reading memory table data carrying the Key-Value pair from the Key-Value pair database; and the Key-Value pair database is used for storing Key-Value pair data.
The method and the device for querying the data hiding based on the trusted key value pair memory database have the following beneficial effects that:
1. the data of the data side is stored and transmitted in a secret form, the query condition of the query side is sent in the secret form, the whole query process is executed in the independent TEE, and the privacy of the data side and the secrecy of the query side are guaranteed.
2. By adding a key value pair database management system, reusable data can reside in a memory; fields needing to be intersected are used as mapping keys in key value pairs, and aiming at query conditions of a query party, the intersection of data of the two parties can be quickly found only through key value matching, so that the file IO expense is remarkably reduced, and the query efficiency is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart illustrating a data hiding query method for a memory database based on trusted key values according to an exemplary first embodiment of the present invention.
Fig. 2 is a flowchart illustrating a data hiding query method for a memory database based on trusted key values according to an exemplary second embodiment of the present invention.
Fig. 3 is a flowchart of a method for querying a data hiding query of a memory database based on trusted key values according to a third exemplary embodiment of the present invention.
Fig. 4 is an architecture diagram of a data hiding query device for a memory database based on trusted key values according to an exemplary fourth embodiment of the present invention.
Detailed Description
Embodiments of the present invention are described in detail below with reference to the accompanying drawings.
It should be noted that, in the case of no conflict, the features in the following embodiments and examples may be combined with each other; moreover, all other embodiments that can be derived by one of ordinary skill in the art from the embodiments disclosed herein without making any creative effort fall within the scope of the present disclosure.
It is noted that various aspects of the embodiments are described below within the scope of the appended claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the disclosure, one skilled in the art should appreciate that one aspect described herein may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. In addition, such an apparatus may be implemented and/or such a method may be practiced using other structure and/or functionality in addition to or other than one or more of the aspects set forth herein.
The technical principle of the invention is as follows:
the present invention is implemented based on a Trusted Execution Environment (TEE). The trusted computing environment provides a trusted environment for privacy preserving computing by untrusted participants. The trusted environment separately creates a safe area in the memory of the computer for storing the plaintext data of each party and performing the transaction query operation. The TEE provides a feasible technical scheme for data hiding query, but when data of a certain party needs to be frequently utilized, a TEE node program needs to repeatedly read a corresponding encrypted data file, file IO (input/output) operation is frequent, and the efficiency of the TEE program is further influenced.
For example, suppose that three parties B, C, and D need to use their own data and the data of party a to perform intersection. In the traditional mode, the intersection of A and B, A and C, and A and D requires three times of decryption and reading operations on the data file of the party A, and the operational efficiency of intersection is seriously influenced. Taking Intel SGX as an example, each party needing to be submitted first selects a certain TEE node and carries out credible authentication; then the data provider applies for a data encryption key from the TEE node to encrypt respective data files, and registers the encrypted file path to the TEE node; and simultaneously, the task initiator submits the credible intersection program to the TEE internal executor. The TEE node generates an isolated enclave (Encalve) in the memory, finds out an encrypted data file according to the registered information, decrypts and reads the file and loads the file into the Encalve memory, and finally performs related operations on the data of all parties.
Aiming at the defect that the existing TEE multi-party hiding query (based on Intel SGX) has the defect of repeated reading of the same data file in a data party, the invention provides a hiding query method for a memory database based on a trusted key value, namely, a key value pair memory database is realized in the TEE for carrying out persistent storage on the data to be queried (the key value pair database is similar to a Redis and a LevelDB database), so that the cost of file IO (input/output) can be reduced, and the query efficiency can be improved.
The following examples relate to the following names to be explained:
data query: the method comprises the steps that a query party and at least one data party are included, the query party gives one or more IDs to be matched and a plurality of query fields, intersection is calculated for a data set of the data party according to the IDs shared by the parties, and then query field information in a matched item is obtained.
Key-value database: a non-relational database stores data as a set of Key-Value pairs, with a Key as a unique identifier. The key-value pair database has the advantages of concise operation and strong expandability. Common key-value pair memory databases include Redis and LevelDB.
Fig. 1 is a flowchart of a method for querying a data hiding of a memory database based on a trusted key according to an exemplary first embodiment of the present invention, as shown in fig. 1, the method of the present embodiment includes:
step S1: a data party encrypts a plaintext data file to obtain an encrypted data file, and registers the encrypted data file;
step S2: the data side decrypts the registered encrypted data file, generates Key-Value pair data and stores the Key-Value pair data into a Key-Value pair database;
and step S3: the inquiring party writes the inquiring conditions into the inquiring file and encrypts the inquiring file to obtain an encrypted inquiring file;
and step S4: and the inquiring party inquires the Key-Value data according to the encrypted inquiry file to obtain an inquiry result.
In practical application, the method stores and transmits the data of the data side in a secret form, sends the query conditions of the query side in a secret form, and executes the whole query process in the independent TEE, so that the privacy of the data side and the concealment of the query side are ensured.
Fig. 2 is a flowchart of a method for querying a data hiding database based on a trusted key value according to an exemplary second embodiment of the present invention, which is a preferred embodiment of the method shown in fig. 1.
As shown in fig. 2, in this embodiment, step S1 includes:
a data side exports a plaintext data file from a data side database through a data preprocessing API;
and applying an encryption key to a key management program through a data preprocessing API to encrypt the plaintext data file to obtain an encrypted data file, and sending the encrypted data file to a data registration program, wherein the encrypted data file comprises a data party user name, an encrypted data file path and a key value field.
As shown in fig. 2, in this embodiment, step S2 includes:
the data side acquires a decryption key from the key management program through the data registration program, and decrypts the encrypted data file by adopting the acquired decryption key to acquire a plaintext data file;
reading a plaintext data file through a data registration program, taking a first column of each line of data in the plaintext data file as a Key, and taking other columns as Value, so as to obtain a group of Key-Value pairs; for example, plaintext data file a is shown in table 1 below:
TABLE 1
For the plaintext data file a, an example of a set of Key-Value pairs extracted is: { < A11, [ A12, A13] >, < A21, [ A22, A23] >, < 8230 \\ 8230; } 8230;.
Creating a memory table through a database engine, inserting a Key-Value pair into the memory table, and storing the memory table into a Key-Value pair database.
Fig. 3 is a flowchart of a method for querying a data hiding query of a memory database based on trusted key values according to an exemplary third embodiment of the present invention, which is a preferred embodiment of the method shown in fig. 1.
As shown in fig. 3, step S3 of the method of this embodiment includes:
and the inquiring party writes the inquiring item corresponding to the Key field to be inquired into an inquiring file, applies an encryption Key to the Key management program through the hidden inquiring API to encrypt the inquiring file to obtain an encrypted inquiring file, and sends the encrypted inquiring file to the data inquiring program, wherein the encrypted inquiring file comprises an inquiring party user name and an encrypted inquiring file path.
As shown in fig. 3, step S4 of the method of this embodiment includes:
the inquiring party acquires the decryption key from the key management program through the data inquiry program, and decrypts the encrypted inquiry file by adopting the acquired decryption key to obtain an inquiry item;
traversing the data by rows according to the query items through a data query program to obtain a Key field to be matched in each row;
reading memory table data carrying a Key-Value pair from a Key-Value pair database through a database engine, inquiring whether the read memory table data carrying the Key-Value pair has the Key field record to be matched, and if so, acquiring the Value corresponding to the Key field record;
and after the traversal is finished, returning the obtained Value record as a query result to the query party.
Step S4 of the method of this embodiment further includes: and after the data side acquires the query result, deleting the query file and the query result through the data query program.
The method of the embodiment enables the reusable data to reside in the memory by adding the key value pair database management system; fields needing to be intersected are used as mapping keys in key value pairs, and aiming at query conditions of a query party, the intersection of data of the two parties can be quickly found only through key value matching, so that the file IO expense is remarkably reduced, and the query efficiency is improved.
Fig. 4 is an architecture diagram of a data hiding query apparatus for a memory database based on trusted key values according to an exemplary fourth embodiment of the present invention, as shown in fig. 4, the apparatus of this embodiment includes:
the data side system is arranged in an area outside the TEE domain and comprises a data side client and a data side database, wherein the data side client comprises a data preprocessing API (application programming interface) for exporting plaintext data files from the data side database, applying an encryption key to a key management program to encrypt the plaintext data files to obtain encrypted data files, and sending the encrypted data files to a data registration program; the database of the data side is used for storing the plaintext data file of the data side;
the credible hiding query system is arranged in the TEE region, comprises a credible application module and a credible storage module and is used for returning a query result to the querying party according to the query condition of the querying party;
and the inquiring party system is arranged in an area outside the TEE domain, comprises an inquiring party client and comprises a hidden inquiring API (application programming interface) and is used for applying an encryption key to the key management program to encrypt the inquiring file, obtaining an encrypted inquiring file and sending the encrypted inquiring file to the data inquiring program.
In the device of this embodiment, the trusted application module includes a key management program, a data registration program, and a data query program, where the key management program is configured to provide an encryption key for encrypting a plaintext data file for the data preprocessing API, provide a decryption key for decrypting the encrypted data file for the data registration program, provide an encryption key for encrypting a query file for the hiding query API, and provide a decryption key for decrypting the encrypted query file for the data query program; the data registration program is used for receiving the encrypted data file sent by the data preprocessing API, acquiring a decryption Key from the Key management program, decrypting the encrypted data file by using the acquired decryption Key to obtain a plaintext data file, reading the plaintext data file, and taking a first column of each line of data in the plaintext data file as a Key and taking other columns as values to obtain a group of Key-Value pairs; the data query program is used for receiving an encrypted query file sent by the hidden query API, acquiring a decryption Key from the Key management program, decrypting the encrypted query file by using the acquired decryption Key to obtain query items, traversing data according to rows according to the query items to acquire Key fields to be matched in each row, querying whether a Key field record to be matched exists in memory table data which is read by a database engine and carries Key-Value pairs, and if yes, acquiring Value corresponding to the Key field record; returning the obtained Value record serving as a query result to the query party after the traversal is finished; and after the data side acquires the query result, deleting the query file and the query result.
In the device of this embodiment, the trusted storage module includes a database engine and a Key-Value pair database, where the database engine is configured to create a memory table, insert a Key-Value pair into the memory table, store the memory table into the Key-Value pair database, and read memory table data carrying the Key-Value pair from the Key-Value pair database; and the Key-Value pair database is used for storing Key-Value pair data.
In this embodiment, the file data and the query condition in the area outside the TEE domain are encrypted before leaving the client, and the communication between the two areas is realized based on the TLS protocol, so as to ensure the security of the data itself and the security of transmission. In addition, the same data of the data side is permanently stored in the trusted key value pair memory database only by registering once, so that the encryption calculation cost is reduced; and the data query program is executed in the memory, so that the efficiency is greatly improved.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method for data hiding query of a memory database based on trusted key values, the method comprising:
step S1: a data party encrypts a plaintext data file to obtain an encrypted data file, and registers the encrypted data file;
step S2: the data side decrypts the registered encrypted data file, generates Key-Value pair data and stores the Key-Value pair data into a Key-Value pair database;
and step S3: the inquiring party writes the inquiring conditions into the inquiring file and encrypts the inquiring file to obtain an encrypted inquiring file;
and step S4: and the inquiring party inquires the Key-Value data according to the encrypted inquiry file to obtain an inquiry result.
2. The method for the data hiding query of the memory database based on the trusted key value as claimed in claim 1, wherein the step S1 comprises:
a data side exports a plaintext data file from a data side database through a data preprocessing API;
and applying an encryption key to the key management program through the data preprocessing API to encrypt the plaintext data file to obtain an encrypted data file, and sending the encrypted data file to the data registration program.
3. The method for the hidden query of the data in the memory database based on the trusted key value according to claim 1 or 2, wherein the encrypted data file in the step S1 includes a user name of a data party, a path of the encrypted data file, and a key value field.
4. The method for the data hiding query of the memory database based on the trusted key value as claimed in claim 1, wherein the step S2 comprises:
the data side acquires a decryption key from the key management program through the data registration program, and decrypts the encrypted data file by adopting the acquired decryption key to acquire a plaintext data file;
reading a plaintext data file through a data registration program, taking a first column of each line of data in the plaintext data file as a Key, and taking other columns as Value, and obtaining a group of Key-Value pairs;
creating a memory table through a database engine, inserting a Key-Value pair into the memory table, and storing the memory table into a Key-Value pair database.
5. The method for data hiding query on the basis of the trusted key value as claimed in claim 4, wherein the step S3 comprises: and the inquiring party writes the inquiring item corresponding to the Key field to be inquired into the inquiring file, applies an encryption Key to the Key management program through the hidden inquiring API to encrypt the inquiring file to obtain an encrypted inquiring file, and sends the encrypted inquiring file to the data inquiring program.
6. The method for the hidden query of the data in the memory database based on the trusted key value as claimed in claim 1, wherein in step S3, the encrypted query file includes a user name of the querying party and an encrypted query file path.
7. The method for data hiding query on the basis of the trusted key value as claimed in claim 1, wherein the step S4 comprises:
the inquiring party acquires the decryption key from the key management program through the data inquiry program, and decrypts the encrypted inquiry file by adopting the acquired decryption key to obtain an inquiry item;
traversing the data by rows according to the query items through a data query program to obtain a Key field to be matched in each row;
reading memory table data carrying a Key-Value pair from a Key-Value pair database through a database engine, inquiring whether the read memory table data carrying the Key-Value pair has the Key field record to be matched, and if so, acquiring the Value corresponding to the Key field record;
and after traversing, returning the obtained Value record serving as a query result to the query party, and deleting the query file and the query result through a data query program.
8. An apparatus for data hiding query of a memory database based on trusted key values, the apparatus comprising:
the data side system is arranged in an area outside the TEE domain and comprises a data side client and a data side database, wherein the data side client comprises a data preprocessing API (application programming interface) for exporting a plaintext data file from the data side database, applying an encryption key to a key management program to encrypt the plaintext data file to obtain an encrypted data file, and sending the encrypted data file to a data registration program; the database of the data side is used for storing the plaintext data file of the data side;
the credible hiding query system is arranged in the TEE region and comprises a credible application module and a credible storage module and is used for returning a query result to the querying party according to the query condition of the querying party;
and the inquiring party system is arranged in an area outside the TEE domain, comprises an inquiring party client and comprises a hidden inquiring API (application programming interface) and is used for applying an encryption key to the key management program to encrypt the inquiring file, obtaining an encrypted inquiring file and sending the encrypted inquiring file to the data inquiring program.
9. The device for the covert data query based on trusted key value to in-memory database according to claim 8, wherein the trusted application module comprises a key management program, a data registration program and a data query program, wherein the key management program is configured to provide an encryption key for encrypting a plaintext data file for the data preprocessing API, a decryption key for decrypting an encrypted data file for the data registration program, an encryption key for encrypting a query file for the covert query API, and a decryption key for decrypting an encrypted query file for the data query program; the data registration program is used for receiving the encrypted data file sent by the data preprocessing API, acquiring a decryption Key from the Key management program, decrypting the encrypted data file by using the acquired decryption Key to obtain a plaintext data file, reading the plaintext data file, and taking a first column of each line of data in the plaintext data file as a Key and taking other columns as values to obtain a group of Key-Value pairs; the data query program is used for receiving an encrypted query file sent by the hidden query API, acquiring a decryption Key from the Key management program, decrypting the encrypted query file by using the acquired decryption Key to obtain a query item, traversing the data according to the row according to the query item to acquire a Key field to be matched in each row, querying whether a Key field record to be matched exists in memory table data which is read by a database engine and carries a Key-Value pair, and acquiring a Value corresponding to the Key field record if the Key field record exists; and after the traversal is finished, returning the obtained Value record serving as a query result to the query party, and deleting the query file and the query result.
10. The device according to claim 8, wherein the trusted storage module comprises a database engine and a Key-Value pair database, wherein the database engine is configured to create a memory table, insert a Key-Value pair into the memory table, store the memory table into the Key-Value pair database, and read memory table data carrying the Key-Value pair from the Key-Value pair database; the Key Value pair database is used for storing Key-Value pair data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211470113.9A CN115757497A (en) | 2022-11-23 | 2022-11-23 | Data hiding query method and device for memory database based on trusted key values |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211470113.9A CN115757497A (en) | 2022-11-23 | 2022-11-23 | Data hiding query method and device for memory database based on trusted key values |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115757497A true CN115757497A (en) | 2023-03-07 |
Family
ID=85336535
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211470113.9A Pending CN115757497A (en) | 2022-11-23 | 2022-11-23 | Data hiding query method and device for memory database based on trusted key values |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115757497A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117493344A (en) * | 2023-11-09 | 2024-02-02 | 兰州大学 | Efficient data organization method based on confidential computing technology |
-
2022
- 2022-11-23 CN CN202211470113.9A patent/CN115757497A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117493344A (en) * | 2023-11-09 | 2024-02-02 | 兰州大学 | Efficient data organization method based on confidential computing technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108900533B (en) | Shared data privacy protection method, system, terminal and medium | |
| JP6105068B2 (en) | Secure Private Database Query with Content Hiding Bloom Filter | |
| JP6180177B2 (en) | Encrypted data inquiry method and system capable of protecting privacy | |
| US8639947B2 (en) | Structure preserving database encryption method and system | |
| US10341103B2 (en) | Data analytics on encrypted data elements | |
| CN109784931B (en) | Query method of data query platform based on blockchain | |
| Rady et al. | Integrity and confidentiality in cloud outsourced data | |
| CN107547525A (en) | A kind of method for secret protection of big data query processing | |
| Liu et al. | Practical-oriented protocols for privacy-preserving outsourced big data analysis: Challenges and future research directions | |
| Wu et al. | An efficient searchable encryption against keyword guessing attacks for sharable electronic medical records in cloud-based system | |
| JPWO2012043056A1 (en) | Encrypted database system, client terminal, encrypted database server, natural join method and program | |
| Pattuk et al. | Bigsecret: A secure data management framework for key-value stores | |
| JP7061042B2 (en) | Systems and architectures that support parsing for encrypted databases | |
| Sun et al. | Research on logistics information blockchain data query algorithm based on searchable encryption | |
| Köhler et al. | Confidential database-as-a-service approaches: taxonomy and survey | |
| CN108170753B (en) | Key-Value database encryption and security query method in common cloud | |
| Moghadam et al. | Toward securing cloud-based data analytics: A discussion on current solutions and open issues | |
| Liu | Securing outsourced databases in the cloud | |
| Zeng et al. | P3GQ: a practical privacy-preserving generic location-based services query scheme | |
| CN115757497A (en) | Data hiding query method and device for memory database based on trusted key values | |
| Gajmal et al. | Blockchain-based access control and data sharing mechanism in cloud decentralized storage system | |
| Purushothama et al. | Efficient query processing on outsourced encrypted data in cloud with privacy preservation | |
| CN115225258B (en) | Block chain-based cross-domain trusted data security management method and system | |
| CN115694921A (en) | Data storage method, device and medium | |
| Yuan et al. | Towards a ledger-assisted architecture for secure query processing over distributed iot data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |