CN116226924A

CN116226924A - Account scoring information encryption method, device, computer equipment and storage medium

Info

Publication number: CN116226924A
Application number: CN202310282856.1A
Authority: CN
Inventors: 蔡楚君; 王伟权; 吴佳文; 林鹏
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2023-03-22
Filing date: 2023-03-22
Publication date: 2023-06-06

Abstract

The application relates to an account scoring information encryption method, an account scoring information encryption device, computer equipment and a storage medium. The method comprises the following steps: acquiring a resource service account scoring information set and a resource interaction account scoring information set; classifying according to at least one classification type according to each resource service account scoring information in the resource service account scoring information set and each resource interaction account scoring information in the resource interaction account scoring information set to obtain an integrated resource account scoring information set; determining encryption algorithm parameters corresponding to the integrated resource account scoring information set, and performing attribute encryption on the integrated resource account scoring information set according to the encryption algorithm parameters to obtain an encrypted account scoring information set; and determining access strategy information aiming at the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameters. The data recording security in the resource interaction platform can be improved.

Description

Account scoring information encryption method, device, computer equipment and storage medium

Technical Field

The present invention relates to the field of computer technologies, and in particular, to an account scoring information encryption method, an apparatus, a computer device, a storage medium, and a computer program product.

Background

With the development of computer technology, a resource interaction platform appears, however, if the resource interaction platform is separated from the monitoring of the resource interaction platform when executing resource interaction, the resource which is already scheduled cannot be recovered and the risk of additional value of the resource created by the scheduled resource will be caused, so many resource interaction platforms have strict admission requirements on the target object applying for resource scheduling, wherein the account scoring information of the target object is the most important item for investigation.

The scoring information investigation of the application resource scheduling of the target object is mainly evaluated through account scoring information and resource scheduling capability of the target object. In the conventional technology, the system of the existing resource interaction platform adopts an encryption method to intensively grasp the resource scheduling information of each existing target object in the corresponding server, and once the server is invaded, the encryption method in the conventional technology cannot completely ensure that the data of each target object is not revealed, so that the security of data record in the resource interaction platform is insufficient.

Disclosure of Invention

In view of the foregoing, it is desirable to provide an account scoring information encryption method, apparatus, computer device, computer readable storage medium, and computer program product that can completely ensure that data of each target object is not compromised, and improve data recording security in a resource interaction platform.

In a first aspect, the present application provides an account scoring information encryption method. The method comprises the following steps: acquiring a resource service account scoring information set and a resource interaction account scoring information set; the resource service user scoring information set is obtained in response to scoring operation of the resource service platform on the target account; the resource interaction account scoring information set is obtained in response to scoring operation of the resource interaction platform on the target account; classifying according to at least one classification type according to each resource service account scoring information in the resource service account scoring information set and each resource interaction account scoring information in the resource interaction account scoring information set to obtain an integrated resource account scoring information set; determining encryption algorithm parameters corresponding to the integrated resource account scoring information set, and carrying out attribute encryption on the integrated resource account scoring information set according to the encryption algorithm parameters to obtain an encrypted account scoring information set; the encryption algorithm parameters are parameters for encryption calculation of a preset encryption algorithm; and determining access policy information for the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameters.

In a second aspect, the present application provides an account scoring information decryption method. The method comprises the following steps: responding to an account scoring information query request of a target object, and acquiring a decryption account key corresponding to the target object; the decryption account key is obtained through calculation of an account identifier and an account attribute set of the target object; calculating account attribute value policy information according to a second encryption calculation parameter under the condition that each attribute name index of the target account has an attribute name index in the decryption account key; under the condition that the account attribute value policy information representation meets access policy information, verifying the validity of the target object according to the decryption account key to obtain an object verification result; the access policy information is calculated according to an account scoring information encryption method; under the condition that the object verification result represents that the target object passes verification, decrypting the encrypted account scoring information set according to the access strategy information and decryption algorithm parameters corresponding to a decryption algorithm to obtain a resource service account scoring information set and a resource interaction account scoring information set; the encrypted account scoring information set is calculated according to an account scoring information encryption method; the decryption algorithm parameters are parameters obtained by calculation through a preset decryption algorithm.

In a third aspect, the present application further provides an account scoring information encryption device. The device comprises: the scoring information acquisition module is used for acquiring a scoring information set of the resource service account and a scoring information set of the resource interaction account; the resource service user scoring information set is obtained in response to scoring operation of the resource service platform on the target account; the resource interaction account scoring information set is obtained in response to scoring operation of the resource interaction platform on the target account; the scoring information integration module is used for classifying according to at least one classification type according to each resource service account scoring information in the resource service account scoring information set and each resource interaction account scoring information in the resource interaction account scoring information set to obtain an integrated resource account scoring information set; the scoring information encryption module is used for determining encryption algorithm parameters corresponding to the scoring information set of the integrated resource account, and carrying out attribute encryption on the scoring information set of the integrated resource account according to the encryption algorithm parameters to obtain an encrypted scoring information set of the account; the encryption algorithm parameters are parameters for encryption calculation of a preset encryption algorithm; and the access policy determining module is used for determining access policy information aiming at the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameters.

In a fourth aspect, the present application further provides an account scoring information decryption device. The device comprises: the decryption key acquisition module is used for responding to the account scoring information inquiry request of the target object and acquiring a decryption account key corresponding to the target object; the decryption account key is obtained through calculation of an account identifier and an account attribute set of the target object; the policy information calculating module is used for calculating account attribute value policy information according to a second encryption calculation parameter under the condition that the attribute name indexes in the decryption account key exist in the attribute name indexes of the target account; the object information verification module is used for verifying the validity of the target object according to the decryption account key under the condition that the account attribute value policy information represents that the access policy information is met, and obtaining an object verification result; the access policy information is calculated according to an account scoring information encryption method; the scoring information decryption module is used for decrypting the encrypted account scoring information set according to the access strategy information and the decryption algorithm parameters corresponding to the decryption algorithm under the condition that the object verification result represents that the target object passes verification, so as to obtain a resource service account scoring information set and a resource interaction account scoring information set; the encrypted account scoring information set is calculated according to an account scoring information encryption method; the decryption algorithm parameters are parameters obtained by calculation through a preset decryption algorithm.

In a fifth aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of: acquiring a resource service account scoring information set and a resource interaction account scoring information set; the resource service user scoring information set is obtained in response to scoring operation of the resource service platform on the target account; the resource interaction account scoring information set is obtained in response to scoring operation of the resource interaction platform on the target account; classifying according to at least one classification type according to each resource service account scoring information in the resource service account scoring information set and each resource interaction account scoring information in the resource interaction account scoring information set to obtain an integrated resource account scoring information set; determining encryption algorithm parameters corresponding to the integrated resource account scoring information set, and carrying out attribute encryption on the integrated resource account scoring information set according to the encryption algorithm parameters to obtain an encrypted account scoring information set; the encryption algorithm parameters are parameters for encryption calculation of a preset encryption algorithm; and determining access policy information for the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameters.

Responding to an account scoring information query request of a target object, and acquiring a decryption account key corresponding to the target object; the decryption account key is obtained through calculation of an account identifier and an account attribute set of the target object; calculating account attribute value policy information according to a second encryption calculation parameter under the condition that each attribute name index of the target account has an attribute name index in the decryption account key; under the condition that the account attribute value policy information representation meets access policy information, verifying the validity of the target object according to the decryption account key to obtain an object verification result; the access policy information is calculated according to an account scoring information encryption method; under the condition that the object verification result represents that the target object passes verification, decrypting the encrypted account scoring information set according to the access strategy information and decryption algorithm parameters corresponding to a decryption algorithm to obtain a resource service account scoring information set and a resource interaction account scoring information set; the encrypted account scoring information set is calculated according to an account scoring information encryption method; the decryption algorithm parameters are parameters obtained by calculation through a preset decryption algorithm.

In a sixth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of: acquiring a resource service account scoring information set and a resource interaction account scoring information set; the resource service user scoring information set is obtained in response to scoring operation of the resource service platform on the target account; the resource interaction account scoring information set is obtained in response to scoring operation of the resource interaction platform on the target account; classifying according to at least one classification type according to each resource service account scoring information in the resource service account scoring information set and each resource interaction account scoring information in the resource interaction account scoring information set to obtain an integrated resource account scoring information set; determining encryption algorithm parameters corresponding to the integrated resource account scoring information set, and carrying out attribute encryption on the integrated resource account scoring information set according to the encryption algorithm parameters to obtain an encrypted account scoring information set; the encryption algorithm parameters are parameters for encryption calculation of a preset encryption algorithm; and determining access policy information for the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameters.

In a seventh aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of: acquiring a resource service account scoring information set and a resource interaction account scoring information set; the resource service user scoring information set is obtained in response to scoring operation of the resource service platform on the target account; the resource interaction account scoring information set is obtained in response to scoring operation of the resource interaction platform on the target account; classifying according to at least one classification type according to each resource service account scoring information in the resource service account scoring information set and each resource interaction account scoring information in the resource interaction account scoring information set to obtain an integrated resource account scoring information set; determining encryption algorithm parameters corresponding to the integrated resource account scoring information set, and carrying out attribute encryption on the integrated resource account scoring information set according to the encryption algorithm parameters to obtain an encrypted account scoring information set; the encryption algorithm parameters are parameters for encryption calculation of a preset encryption algorithm; and determining access policy information for the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameters.

The account scoring information encryption method, the account scoring information encryption device, the computer equipment, the storage medium and the computer program product are characterized in that a resource service account scoring information set and a resource interaction account scoring information set are obtained; the scoring information set of the resource service user is obtained in response to scoring operation of the resource service platform on the target account; the resource interaction account scoring information set is obtained in response to scoring operation of the resource interaction platform on the target account; classifying according to at least one classification type according to each resource service account scoring information in the resource service account scoring information set and each resource interaction account scoring information in the resource interaction account scoring information set to obtain an integrated resource account scoring information set; determining encryption algorithm parameters corresponding to the integrated resource account scoring information set, and performing attribute encryption on the integrated resource account scoring information set according to the encryption algorithm parameters to obtain an encrypted account scoring information set; the encryption algorithm parameters are parameters for carrying out encryption calculation on a preset encryption algorithm; and determining access strategy information aiming at the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameters.

The account scoring information decryption method, the account scoring information decryption device, the computer equipment, the storage medium and the computer program product acquire a decryption account key corresponding to a target object by responding to an account scoring information query request of the target object; the decryption account key is obtained through account identification of the target object and account attribute set calculation; under the condition that the attribute name indexes in the decryption account key exist in the attribute name indexes of the target account, calculating account attribute value strategy information according to the second encryption calculation parameters; under the condition that the account attribute value policy information representation meets the access policy information, verifying the legitimacy of the target object according to the decryption account key to obtain an object verification result; the access policy information is calculated according to an account scoring information encryption method; under the condition that the object verification result is that the characterization target object passes verification, decrypting the encrypted account scoring information set according to the access strategy information and the decryption algorithm parameters corresponding to the decryption algorithm to obtain a resource service account scoring information set and a resource interaction account scoring information set; the encrypted account scoring information set is calculated according to an account scoring information encryption method; the decryption algorithm parameters are parameters obtained by calculation through a preset decryption algorithm.

In addition, in order to solve the problem that the illegal target object accesses cause the leakage of the account information of the legal target object, a dual strategy of attribute encryption and identity verification is adopted, and the preset attribute strategy is required to be met during decryption, and the identity verification is required to be passed, so that illegal users are guaranteed to have no right to access the account information data of legal users, the data recording security in a resource interaction platform is improved, and the comprehensive evaluation of the score of the target account is realized.

Drawings

FIG. 1 is an application environment diagram of an account scoring information encryption method in one embodiment;

FIG. 2 is a flowchart of an account scoring information encryption method according to one embodiment;

FIG. 3 is a flow chart of a method for obtaining a set of encrypted account scoring information in one embodiment;

FIG. 4 is a flow diagram of a method of access parameter determination in one embodiment;

FIG. 5 is a flow diagram of a method for obtaining a set of random primes in one embodiment;

FIG. 6 is a flowchart of a method for obtaining a set of encrypted account scoring information according to another embodiment;

FIG. 7 is a flow diagram of a method for obtaining access policy information in one embodiment;

FIG. 8 is a flowchart of a method for decrypting account scoring information according to one embodiment;

FIG. 9 is a flow chart of a method for obtaining decryption algorithm parameters in one embodiment;

FIG. 10 is a schematic diagram of a blockchain-based credit information integration system workflow in one embodiment;

FIG. 11 is a block diagram illustrating an account scoring information encryption device according to one embodiment;

FIG. 12 is a block diagram illustrating an account scoring information decryption device according to one embodiment;

fig. 13 is an internal structural view of a computer device in one embodiment.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.

The account scoring information encryption method provided by the embodiment of the application can be applied to an application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be integrated on the server 104 or may be located on a cloud or other network server. The server 104 responds to the instruction of the terminal 102, and acquires a resource service account scoring information set and a resource interaction account scoring information set from the terminal 102; the scoring information set of the resource service user is obtained in response to scoring operation of the resource service platform on the target account; the resource interaction account scoring information set is obtained in response to scoring operation of the resource interaction platform on the target account; classifying according to at least one classification type according to each resource service account scoring information in the resource service account scoring information set and each resource interaction account scoring information in the resource interaction account scoring information set to obtain an integrated resource account scoring information set; determining encryption algorithm parameters corresponding to the integrated resource account scoring information set, and performing attribute encryption on the integrated resource account scoring information set according to the encryption algorithm parameters to obtain an encrypted account scoring information set; the encryption algorithm parameters are parameters for carrying out encryption calculation on a preset encryption algorithm; and determining access strategy information aiming at the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameters. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices, and portable wearable devices, where the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart vehicle devices, and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The server 104 may be implemented as a stand-alone server or as a server cluster of multiple servers.

In one embodiment, as shown in fig. 2, an account scoring information encryption method is provided, and the method is applied to the server in fig. 1 for illustration, and includes the following steps:

step 202, obtaining a resource service account scoring information set and a resource interaction account scoring information set.

The resource service account scoring information set may be a set collected after scoring the target account in response to a resource service platform, where the resource service platform may be a public service platform that provides information related to resources, such as: an accumulation fund management center, a social care insurance center, and the like.

The resource interaction account scoring information set may be a set collected after the scoring of the target account by the resource interaction platform, where the resource interaction platform may be a public platform for performing resource scheduling and resource interaction, for example: banks, exchanges, insurance companies, and fund companies.

Specifically, the server 104 obtains the resource service account scoring information set and the resource interaction account scoring information set of the target account or the target object from the terminal in response to the instruction for encrypting the resource service account scoring information set and the resource interaction account scoring information set, and stores the obtained resource service account scoring information set and the obtained resource interaction account scoring information set in the storage unit, and when the server needs to process any data record in the resource service account scoring information set and the resource interaction account scoring information set, the server invokes the volatile storage resource from the storage unit for the central processing unit to calculate. Any data record may be a single data input to the central processing unit, or may be a plurality of data input to the central processing unit at the same time.

For example, the server 104 obtains the resource service account scoring information set and the resource interaction account scoring information set from the terminal 102 in response to the instruction of the terminal 102, and stores the resource service account scoring information set and the resource interaction account scoring information set in a storage unit in the server 104, where 10 pieces of data obtained by the server 104 are recorded, and multiple pieces of data can be simultaneously input to the central processor.

Step 204, classifying according to at least one classification type according to each resource service account scoring information in the resource service account scoring information set and each resource interaction account scoring information in the resource interaction account scoring information set to obtain an integrated resource account scoring information set.

The resource service account scoring information may be one of the account scoring information records in the resource service account scoring information set.

The resource interaction account scoring information may be one of the account scoring information records in the resource interaction account scoring information set.

The integrated resource account scoring information set may be an account scoring information set obtained by classifying and integrating each resource service account scoring information and each resource interaction account scoring information.

Specifically, the scoring information of each resource service account in the scoring information set of the resource service account and the scoring information of each resource interaction account in the scoring information set of the resource interaction account are respectively input into an account scoring information filtering algorithm, the scoring information of each resource service account and the scoring information of each resource interaction account are filtered, and the scoring information of the account which does not meet preset conditions is removed. Further, the filtered scoring information of each resource service account and the filtered scoring information of each resource interaction account are classified according to classification types meeting business requirements, wherein the classification types meeting the business requirements can be account basic information, account credit information, account payment information and the like, and the classified scoring information of each account is used as an integrated resource account scoring information set.

Step 206, determining encryption algorithm parameters corresponding to the integrated resource account scoring information set, and performing attribute encryption on the integrated resource account scoring information set according to the encryption algorithm parameters to obtain an encrypted account scoring information set.

The encryption algorithm parameter may be a parameter that is calculated by encrypting by a preset encryption algorithm.

Among them, attribute encryption is also called fuzzy identity-based encryption (fuzzy), and identity is generally regarded as a series of attributes, wherein attribute encryption is mainly divided into two main categories: attribute encryption of ciphertext policies (CP-ABE) and attribute encryption of key policies (KP-ABE).

The encrypted account scoring information set may be encrypted data obtained by performing attribute encryption on the integrated resource account scoring information set.

Specifically, for the task of encrypting account scoring information, the encryption algorithm parameters include an access parameter, a random vector set and a random prime number set, wherein the access parameter includes an access matrix and an access mapping relation, and the random prime number set includes a first random prime number set corresponding to a first prime group and a second random prime number set corresponding to a second prime group. And combining all the integrated resource account scoring information of the integrated resource account scoring information set according to the access matrix, the row and the column to obtain an access matrix for calculation, wherein M is an access matrix of one row and one n column of the access matrix. However, for each row of the access matrix M, the access elements have a correspondence relationship with the attribute name index of the target account, and each access mapping relationship of the encryption algorithm is determined according to the correspondence relationship between each row of the access matrix M and each attribute name index of the target account, ρ is the access element M of each row of the access matrix _j Index I to attribute name _s Is used for accessing the mapping relation.

In response to a pair ofIntegrating encryption tasks of a resource account scoring information set, randomly selecting two vectors from a finite field in a preset encryption algorithm to serve as random vectors, forming a random vector set, and adopting mathematical expression to obtain: randomly selecting two vectors from a finite field of a preset encryption algorithm

And v ₁ ＝(S，v _1，2 ，......，v _1，n )，v ₂ ＝(S，v _2，2 ，......，v _2，n ). And similarly, responding to an encryption task integrating the resource account scoring information set, selecting at least two random primes from prime groups in a preset encryption algorithm to form a random prime number set, and further determining a finite field random number corresponding to the random prime number set. The mathematical expression is as follows: at least two random primes X from a prime group of a preset encryption algorithm ₂ ，X _2，j ，X _1，j ，X′ _1，j ∈G ₂ ，r _j ∈Z _p ，1≤j≤l。

Performing at least one mathematical operation on the random prime numbers in the first random prime number set, the random vector set and the finite field random numbers to obtain a first encryption calculation parameter; and similarly, performing at least one mathematical operation on the random vector set, the random prime numbers in the first random prime number set, the random prime numbers in the second random prime number set and the finite field random numbers to obtain a second encryption calculation parameter. Further, by using the access parameter, the first encryption calculation parameter and the second encryption calculation parameter to perform attribute encryption on the integrated resource account scoring information set (creditInfo), an encrypted account scoring information set (encryptcretefo) is obtained, and the encryption algorithm is specifically implemented as follows:

C ₁ ＝creditInfo·e(g ₁ ，g ₁ ) ^as

C ₂ ＝e(g ₁ ，g ₁ ) ^as′

encryptCreditInfo＝((M，ρ)，C ₁ ，C′ ₁ ，D _1，j ，D′ _1，j ，C ₂ ，C′ ₂ ，D _2，j )

And step 208, determining access strategy information for the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameters.

The access policy information may be an access method used for accessing the resource service account scoring information set and the resource interaction account scoring information set in the blockchain personal credit system.

Specifically, according to the encrypted data of the encrypted account scoring information set, selecting each target attribute value matched with the encrypted data of the encrypted account scoring information set from the original attribute value set of the target object as an access attribute value set, wherein the mathematical expression is as follows:

further, according to the access matrix, each access mapping relation and the access attribute value set, determining the scoring information set aiming at the resource service account according to the preset access strategy generation conditionAnd access policy information of the resource interaction account scoring information set, the mathematical expression is as follows: q= (M, ρ, T). FIG. 10 is a block chain based credit information integration system workflow diagram, in one embodiment.

In the account scoring information encryption method, a resource service account scoring information set and a resource interaction account scoring information set are obtained; the scoring information set of the resource service user is obtained in response to scoring operation of the resource service platform on the target account; the resource interaction account scoring information set is obtained in response to scoring operation of the resource interaction platform on the target account; classifying according to at least one classification type according to each resource service account scoring information in the resource service account scoring information set and each resource interaction account scoring information in the resource interaction account scoring information set to obtain an integrated resource account scoring information set; determining encryption algorithm parameters corresponding to the integrated resource account scoring information set, and performing attribute encryption on the integrated resource account scoring information set according to the encryption algorithm parameters to obtain an encrypted account scoring information set; the encryption algorithm parameters are parameters for carrying out encryption calculation on a preset encryption algorithm; and determining access strategy information aiming at the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameters.

In one embodiment, as shown in fig. 3, determining an encryption algorithm parameter corresponding to the integrated resource account scoring information set, and performing attribute encryption on the integrated resource account scoring information set according to the encryption algorithm parameter to obtain an encrypted account scoring information set, including:

step 302, determining access parameters corresponding to the encryption algorithm according to the integrated resource account scoring information set.

The access parameter may be a parameter corresponding to an access command required to be executed by the target object to access the resource service account scoring information set and the resource interaction account scoring information set.

Specifically, the access parameters include an access matrix and an access mapping relationship. And combining all the integrated resource account scoring information of the integrated resource account scoring information set according to the access matrix, the row and the column to obtain an access matrix for calculation, wherein M is an access matrix of one row and one n column of the access matrix. However, for each row of the access matrix M, the access elements have a correspondence relationship with the attribute name index of the target account, and each access mapping relationship of the encryption algorithm is determined according to the correspondence relationship between each row of the access matrix M and each attribute name index of the target account, ρ is the access element M of each row of the access matrix _j Index I to attribute name _s Is used for accessing the mapping relation.

And step 304, selecting a random vector set and a random prime number set corresponding to the integrated resource account scoring information set according to an encryption algorithm.

Wherein the set of random vectors may be vectors randomly selected from the system for performing an encryption algorithm.

Wherein the set of random primes may be a set of random primes randomly selected from the system for performing an encryption algorithm.

Specifically, in response to an encryption task integrating the resource account scoring information set, randomly selecting two vectors from a finite field in a preset encryption algorithm to serve as random vectors, forming a random vector set, and adopting mathematical expression as follows: randomly selecting two vectors from a finite field of a preset encryption algorithm

And 306, performing attribute encryption on the integral resource account scoring information set according to the access parameters, the random vector set and the random prime number set to obtain an encrypted account scoring information set.

Specifically, performing at least one mathematical operation on random prime numbers, a random vector set and finite field random numbers in a first random prime number set to obtain a first encryption calculation parameter; and similarly, performing at least one mathematical operation on the random vector set, the random prime numbers in the first random prime number set, the random prime numbers in the second random prime number set and the finite field random numbers to obtain a second encryption calculation parameter. Further, by using the access parameter, the first encryption calculation parameter and the second encryption calculation parameter to perform attribute encryption on the integrated resource account scoring information set (creditInfo), an encrypted account scoring information set (encryptcretefo) is obtained, and the encryption algorithm is specifically implemented as follows:

C ₁ ＝creditInfo·e(g ₁ ,g ₁ ) ^as

C ₂ ＝e(g ₁ ,g ₁ ) ^as′

encryptCreditInfo＝((M,ρ),C ₁ ,C′ ₁ ,D _1,j ,D′ _1,j ,C ₂ ,C' ₂ ,D _2,j )

In this embodiment, the access parameters, the random vector set and the random prime number set required by the attribute encryption are determined by using the integrated resource account scoring information set, and the attribute encryption is performed by using the conditions, so that the encryption can be performed by using the characteristics of the blockchain and the random data, the encryption effect is better, and the protection degree of the system on the account scoring information is improved.

In one embodiment, as shown in FIG. 4, the access parameters include an access matrix and an access mapping relationship; according to the integrated resource account scoring information set, determining access parameters corresponding to the encryption algorithm comprises:

step 402, constructing an access matrix corresponding to the encryption algorithm according to the integrated resource account scoring information of the integrated resource account scoring information set.

Wherein the access matrix may be a model describing access control of the system in the form of a matrix.

Specifically, each integrated resource account scoring information of the integrated resource account scoring information set is combined according to an access matrix and rows and columns to obtain the access matrix for calculation, wherein M is an l-row and n-column access matrix of the access matrix.

Step 404, determining each access mapping relation of the encryption algorithm according to the access elements of each row in the access matrix and each attribute name index of the target account.

The access element may be a matrix element corresponding to each row in the access matrix.

Wherein the attribute name index may be a separate, physical storage structure for the target account in order of values of one or more columns in the database table with respect to the attribute name, which is a collection of values of one or more columns in a table and a corresponding logical pointer list pointing to pages of data in the table that physically identify the values.

The access mapping relationship may be a mapping relationship between an access element in the access matrix and an attribute name index.

Specifically, for each row of the access matrix M, the access elements have a correspondence with the attribute name index of the target account, and each access mapping relation of the encryption algorithm is determined according to each row of the access matrix M, each attribute name index-correspondence of the target account, ρ is the access element M of each row of the access matrix _j Index I to attribute name _s Is used for accessing the mapping relation.

In this embodiment, by establishing an access matrix corresponding to the encryption algorithm and an access mapping relationship between access elements of each row and each attribute name index in the encryption algorithm, the encryption result and the subsequently set access policy information can have a corresponding relationship, so that the consistency of the blockchain personal credit investigation system data is improved, and the risk of errors occurring in the system is reduced.

In one embodiment, as shown in fig. 5, determining, according to an encryption algorithm, a set of random vectors and a set of random primes corresponding to the set of integrated resource account scoring information includes:

step 502, selecting two random vectors from a finite field of an encryption algorithm as a random vector set based on the integrated resource account scoring information set.

The finite field may be a galois field (galois field), which is a field containing only a limited number of elements, and its feature number must be a prime number p.

Wherein the random vector may be a vector in a set of vectors in a finite field for being randomly selected.

And v ₁ ＝(S，v _1，2 ，......，v _1，n )，v ₂ ＝(S，v _2，2 ，......，v _2，n )。

Step 504, selecting at least two random primes from the prime group corresponding to the encryption algorithm type as a random prime number set based on the integrated resource account scoring information set.

The prime group may be a set corresponding to at least two prime numbers in the encryption algorithm.

Wherein the random prime numbers may be prime numbers in the encryption algorithm corresponding prime number group for being randomly selected.

Specifically, in response to an encryption task integrating the resource account scoring information set, at least two random primes are selected from prime groups in a preset encryption algorithm to form a random prime number set, and a finite field random number corresponding to the random prime number set is further determined. The mathematical expression is as follows: at least two random primes X from a prime group of a preset encryption algorithm ₂ ，X _2，j ，X _1，j ，X′ _1，j ∈G ₂ ，r _j ∈Z _p ，1≤j≤l。

In this embodiment, by executing the random vector set and the random prime number set that are encrypted by the encryption algorithm, the characteristics of random data can be utilized, so that the encrypted result does not follow the unified encryption rule, the difficulty of cracking by illegal personnel is increased, and the security of scoring information of accounts of the blockchain personal credit investigation system is improved.

In one embodiment, as shown in fig. 6, according to the access parameter, the random vector set and the random prime number set, performing attribute encryption on the integrated resource account scoring information set to obtain an encrypted account scoring information set, including:

step 602, fusing the random vector set, the first random prime number set and the finite field random number to obtain a first encryption calculation parameter.

Wherein the first set of random primes may be a sub-set of random primes named one number (prime group with subscript 1 in the table) of random primes.

Wherein the finite field random number may be a random number in the finite field.

The first encryption calculation parameter may be a result of performing mathematical operation on data corresponding to the random vector set, each prime number of the first random prime number set, and the finite field random number (a C parameter or a D parameter with an encryption algorithm subscript of 1).

Specifically, at least one mathematical operation is performed on the random prime number, the random vector set and the finite field random number in the first random prime number set, so as to obtain a first encryption calculation parameter.

Step 604, fusing the random vector set, the first random prime number set, the second random prime number set and the finite field random number to obtain a second encryption calculation parameter.

Wherein the second set of random primes may be a sub-set of random primes named number two (prime group with subscript 2 in the table) of random primes.

The second encryption calculation parameter may be a result of mathematical operation (a C parameter or a D parameter with an encryption algorithm subscript of 2) of data corresponding to the random vector set, each prime number of the first random prime number set, each prime number of the second random prime number set, and the finite field random number.

Specifically, at least one mathematical operation is performed on the random vector set, the random prime numbers in the first random prime number set, the random prime numbers in the second random prime number set and the finite field random numbers to obtain a second encryption calculation parameter.

And step 606, performing attribute encryption on the integrated resource account scoring information set according to the access parameter, the first encryption calculation parameter and the second encryption calculation parameter to obtain an encrypted account scoring information set.

Specifically, by using the access parameter, the first encryption calculation parameter and the second encryption calculation parameter to perform attribute encryption on the integrated resource account scoring information set (creditInfo), an encrypted account scoring information set (encryptcreteinfo) is obtained, and the encryption algorithm is specifically implemented as follows:

C ₁ ＝creditInfo·e(g ₁ ,g ₁ ) ^as

C ₂ ＝e(g ₁ ,g ₁ ) ^as′

in this embodiment, the access parameter, the first encryption calculation parameter with random characteristic and the second encryption calculation parameter are used to perform attribute encryption on the integral resource account scoring information set, so that the encryption result has randomness and access characteristic at the same time, decryption difficulty can be increased, verification can be ensured when the target object decrypts the encryption result, and the security level of the blockchain personal credit investigation system is improved.

In one embodiment, as shown in fig. 7, determining access policy information for the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameters includes:

step 702, selecting each corresponding target attribute value from the original attribute value set of the target object as the access attribute value set according to the encrypted account scoring information set.

The original attribute value set may be the attribute value set of the target object when the target object registers the target account.

The target attribute value may be an attribute value in the original attribute value that matches the encrypted data of the encrypted account scoring information set.

Wherein the set of access attribute values may be a set formed by a plurality of target attribute values.

step 704, determining access policy information for the resource service account scoring information set and the resource interaction account scoring information set according to the access matrix, each access mapping relation and the access attribute value set.

Specifically, according to the access matrix, each access mapping relation and the access attribute value set, through a preset access policy generation condition, determining access policy information for the resource service account scoring information set and the resource interaction account scoring information set, wherein the mathematical expression is as follows: q= (M, ρ, T).

In this embodiment, by setting access policy information according to the access matrix, the access mapping relationship, and the attribute value set, it is able to ensure that when the target object sends a decryption request to the encryption result, verification of the attribute value policy can be performed on information provided by the target object, so as to determine validity of the operation of decrypting the encrypted data by the target object.

In one embodiment, as shown in fig. 8, there is provided an account scoring information decryption method, including the steps of:

step 802, obtaining a decryption account key corresponding to the target object in response to the account scoring information query request of the target object.

The account scoring information query request may be an instruction of the target object to query the scoring condition of the target account.

The decryption account key may be a key that decrypts the encrypted set of account scoring information.

Specifically, in response to an account scoring information query request instruction of a target object sent by a terminal to a server, the server acquires a decryption account key for decrypting the encrypted account scoring information set from the terminal. The method for obtaining the decryption account key comprises the following steps: when registering a target account, the target object sets its attribute set to θ= (I) _s S), wherein is attribute name index I _s ∈Z _p Is a specific set of attribute values corresponding to the attribute name index. The system randomly selects r, d E Z _p ,R ₃ ,R′ ₃ ,R _3,i ∈G ₃ (i.e.I) _s Calculating a decryption account key SK of a registered target account _θ The following are provided:

in step 804, when there is an attribute name index in the decryption account key in each attribute name index of the target account, account attribute value policy information is calculated according to the second encryption calculation parameter.

The account attribute value policy information may be data for determining whether the target object satisfies the access policy information.

Specifically, whether the attribute name index in the decryption account key exists in each attribute name index of the target account is judged, if the attribute name index in the decryption account key does not exist in each attribute name index of the target account, the algorithm is stopped, and if the attribute name index in the decryption account key exists in each attribute name index of the target account, the account attribute value policy information is calculated according to the second encryption calculation parameter. That is, the blockchain personal credit system obtains the attribute name index from the decryption account key obtained from each attribute name index of the target account, that is, the existence

The target account may calculate a set of satisfied constants ω _i ，ω _i The calculation formula is as follows:

when the attribute name indexes in the decryption account key exist in the attribute name indexes of the target account, calculating according to the second encryption calculation parameters, and calculating account attribute value policy information. If the account attribute value policy information does not satisfy the access policy information, the algorithm is stopped. The account attribute value policy information calculation formula is as follows:

step 806, in the case that the account attribute value policy information representation satisfies the access policy information, verifying the validity of the target object according to the decrypted account key, and obtaining an object verification result.

The object verification result may be whether the target object meets the preset legitimacy of the blockchain personal credit system.

Specifically, if the account attribute value policy information represents that the access policy information can be satisfied, verifying the legitimacy of the target object accessing the resource service account scoring information set and the resource interaction account scoring information set according to each decryption parameter in the decryption account key, and obtaining an object verification result. I.e. obtaining parameters from the key provided by the user, if the target object provides the decryption account key SK _θ The following two formulas can be satisfied, the target object is proved to be a legal user, and the target object is allowed to perform related business operation on the system; otherwise, the decryption account key is regarded as a fake key, and the target object is added into a blacklist, so that the identity verification management of the target object is realized.

And step 808, decrypting the encrypted account scoring information set according to the access strategy information and the decryption algorithm parameters corresponding to the decryption algorithm to obtain a resource service account scoring information set and a resource interaction account scoring information set under the condition that the object verification result is that the characterization target object passes verification.

The decryption algorithm parameter may be a parameter used for decrypting the encrypted account scoring information set in the decryption algorithm.

Specifically, for the task of decrypting account scoring information, two vectors are randomly selected from a finite field in preset encryption and decryption to serve as random vectors, a random vector set is formed, and mathematical expression is adopted as follows: randomly selecting two vectors from a finite field of a preset encryption algorithm

And v ₁ ＝(S,v _1,2 ,……,v _1,n )，v ₂ ＝(S,v _2,2 ,……,v _2,n ). Similarly, in response to a decryption task integrating the resource account scoring information set, at least two random primes are selected from a prime group in a preset decryption algorithm, and a decrypted prime number set is formed, however, the decrypted prime number set is identical to a first random prime number set in the random prime number set, and a decrypted random number can be determined according to the first random prime number set. Further, at least one mathematical operation is performed on the random prime numbers in the decrypted prime number set and the decrypted random numbers to obtain decryption algorithm parameters, namely at least one mathematical operation is performed on the random prime numbers in the first random prime number set and the decrypted random numbers to obtain the decryption algorithm parameters.

And under the condition that the object verification result is that the characterization target object passes verification, performing at least one mathematical calculation on the encrypted account scoring information set by using decryption algorithm parameters corresponding to a decryption algorithm according to the access policy information to obtain a resource service account scoring information set and a resource interaction account scoring information set, wherein the specific calculation process of the decryption algorithm is as follows:

in this embodiment, the account scoring information decryption method, apparatus, computer device, storage medium and computer program product obtain a decrypted account key corresponding to a target object by responding to an account scoring information query request of the target object; the decryption account key is obtained through account identification of the target object and account attribute set calculation; under the condition that the attribute name indexes in the decryption account key exist in the attribute name indexes of the target account, calculating account attribute value strategy information according to the second encryption calculation parameters; under the condition that the account attribute value policy information representation meets the access policy information, verifying the legitimacy of the target object according to the decryption account key to obtain an object verification result; the access policy information is calculated according to an account scoring information encryption method; under the condition that the object verification result is that the characterization target object passes verification, decrypting the encrypted account scoring information set according to the access strategy information and the decryption algorithm parameters corresponding to the decryption algorithm to obtain a resource service account scoring information set and a resource interaction account scoring information set; the encrypted account scoring information set is calculated according to an account scoring information encryption method; the decryption algorithm parameters are parameters obtained by calculation through a preset decryption algorithm.

In one embodiment, as shown in fig. 9, before the step of decrypting the encrypted account scoring information set according to the access policy information and the decryption algorithm parameters corresponding to the decryption algorithm to obtain the resource service account scoring information set and the resource interaction account scoring information set, the method further includes:

step 902, determining a decrypted prime number set and a decrypted random number corresponding to the encrypted account scoring information set according to a decryption algorithm.

Wherein the set of decryption primes may be a set of at least two random primes in the decryption algorithm used to determine the parameters of the decryption algorithm.

The decryption random number may be a random number in a finite field in the decryption algorithm used to calculate the parameters of the decryption algorithm.

And v ₁ ＝(S，v _1，2 ，......，v _1，n )，v ₂ ＝(S，v _2，2 ，......，v _2，n ). Similarly, in response to a decryption task integrating the resource account scoring information set, at least two random primes are selected from a prime group in a preset decryption algorithm, and a decrypted prime number set is formed, however, the decrypted prime number set is identical to a first random prime number set in the random prime number set, and a decrypted random number can be determined according to the first random prime number set.

Step 904, calculating decryption algorithm parameters corresponding to the decryption algorithm according to the decryption prime number set and the decryption random number.

The decryption algorithm parameter may be a parameter required for executing the decryption algorithm, and is used for decrypting the encrypted account scoring information set.

Specifically, at least one mathematical operation is performed on the random prime numbers in the decrypted prime number set and the decrypted random numbers to obtain decryption algorithm parameters, namely, at least one mathematical operation is performed on the random prime numbers in the first random prime number set and the decrypted random numbers to obtain the decryption algorithm parameters.

In the embodiment, the decryption algorithm parameters corresponding to the decryption algorithm are generated by decrypting the prime number set and decrypting the random number, so that the encryption algorithm performs encryption and the decryption algorithm performs decryption to perform asymmetric encryption, and the blockchain personal credit investigation system can not perform decryption by utilizing the characteristics of the blockchain, thereby ensuring the safety of the account scoring information.

In one embodiment, the blockchain personal credit system determines a security parameter λ, three p-order prime-order groups G ₁ ，G ₂ ，G ₃ And randomly selecting a, alpha, b, beta E Z _p ，g ₁ ，h ₁ ∈G ₁ ，g ₂ ，h ₂ ∈G ₂ ，g ₃ ∈G ₃ The calculation public parameters PK and master key MSK are respectively as follows:

MSK＝(a，α，b，β，h ₁ ，g ₃ )

in one embodiment, a parametric interpretation of an account scoring information encryption method and an account scoring information decryption method is shown in the following table:

it should be understood that, although the steps in the flowcharts related to the above embodiments are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.

Based on the same inventive concept, the embodiment of the application also provides an account scoring information encryption device for realizing the account scoring information encryption method. The implementation of the solution provided by the device is similar to that described in the method above, so the specific limitations in one or more embodiments of the account scoring information encryption device provided below may be found in the limitations of one account scoring information encryption method above; the embodiment of the application also provides an account scoring information decryption device for realizing the account scoring information decryption method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiments of the account scoring information decrypting device provided below may refer to the limitation of an account scoring information decrypting method hereinabove, and will not be repeated herein.

In one embodiment, as shown in fig. 11, there is provided an account scoring information encryption apparatus, including: a scoring information acquisition module 1102, a scoring information integration module 1104, a scoring information encryption module 1106, and an access policy determination module 1108, wherein:

The scoring information acquisition module 1102 is configured to acquire a resource service account scoring information set and a resource interaction account scoring information set; the scoring information set of the resource service user is obtained in response to scoring operation of the resource service platform on the target account; the resource interaction account scoring information set is obtained in response to scoring operation of the resource interaction platform on the target account;

the scoring information integrating module 1104 is configured to classify according to at least one classification type according to each resource service account scoring information in the resource service account scoring information set and each resource interaction account scoring information in the resource interaction account scoring information set, so as to obtain an integrated resource account scoring information set;

the scoring information encryption module 1106 is configured to determine encryption algorithm parameters corresponding to the integrated resource account scoring information set, and perform attribute encryption on the integrated resource account scoring information set according to the encryption algorithm parameters to obtain an encrypted account scoring information set; the encryption algorithm parameters are parameters for carrying out encryption calculation on a preset encryption algorithm;

the access policy determining module 1108 is configured to determine access policy information for the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameter.

In one embodiment, the scoring information encryption module 1106 is further configured to determine an access parameter corresponding to the encryption algorithm according to the integrated resource account scoring information set; selecting a random vector set and a random prime number set corresponding to the integrated resource account scoring information set according to an encryption algorithm; and carrying out attribute encryption on the integral resource account scoring information set according to the access parameters, the random vector set and the random prime number set to obtain the encrypted account scoring information set.

In one embodiment, the scoring information encryption module 1106 is further configured to construct an access matrix corresponding to the encryption algorithm according to the scoring information of the integrated resource account scoring information set; determining each access mapping relation of an encryption algorithm according to access elements of each row in the access matrix and each attribute name index of the target account; the access mapping relation characterizes the corresponding relation between the access element and each attribute name index.

In one embodiment, the scoring information encryption module 1106 is further configured to select two random vectors from the finite field of the encryption algorithm as a set of random vectors based on the set of integrated resource account scoring information; and selecting at least two random prime numbers from prime number groups corresponding to the encryption algorithm types as random prime number sets based on the integrated resource account scoring information set.

In one embodiment, the scoring information encryption module 1106 is further configured to fuse the set of random vectors, the first set of random primes and the finite field random number to obtain a first encryption calculation parameter; fusing the random vector set, the first random prime number set, the second random prime number set and the finite field random number to obtain a second encryption calculation parameter; and carrying out attribute encryption on the integrated resource account scoring information set according to the access parameter, the first encryption calculation parameter and the second encryption calculation parameter to obtain an encrypted account scoring information set.

In one embodiment, the access policy determining module 1108 is further configured to select, according to the encrypted account scoring information set, each corresponding target attribute value from the original attribute value set of the target object as the access attribute value set; and determining access strategy information aiming at the resource service account scoring information set and the resource interaction account scoring information set according to the access matrix, each access mapping relation and the access attribute value set.

In one embodiment, as shown in fig. 12, there is provided an account scoring information decrypting apparatus including: a decryption key acquisition module 1202, a policy information calculation module 1204, an object information verification module 1206, and a scoring information decryption module 1208, wherein:

A decryption key obtaining module 1202, configured to obtain a decryption account key corresponding to the target object in response to an account scoring information query request of the target object; the decryption account key is obtained through account identification of the target object and account attribute set calculation;

the policy information calculating module 1204 is configured to calculate account attribute value policy information according to the second encryption calculation parameter when there is an attribute name index in the decryption account key in each attribute name index of the target account;

the object information verification module 1206 is configured to verify, according to the decrypted account key, validity of the target object to obtain an object verification result when the account attribute value policy information represents that the access policy information is satisfied; the access policy information is calculated according to an account scoring information encryption method;

the scoring information decryption module 1208 is configured to decrypt the encrypted account scoring information set according to the access policy information and the decryption algorithm parameter corresponding to the decryption algorithm to obtain a resource service account scoring information set and a resource interaction account scoring information set when the object verification result indicates that the characterization target object passes verification; the encrypted account scoring information set is calculated according to an account scoring information encryption method; the decryption algorithm parameters are parameters obtained by calculation through a preset decryption algorithm.

In one embodiment, the scoring information decryption module 1208 is further configured to determine, according to a decryption algorithm, a decrypted prime number set and a decrypted random number corresponding to the encrypted account scoring information set; and calculating decryption algorithm parameters corresponding to the decryption algorithm according to the decryption prime number set and the decryption random number.

Each of the modules in the above-described one account scoring information encryption device and one account scoring information decryption device may be implemented in whole or in part by software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 13. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is for storing server data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by the processor, implements an account scoring information encryption method and an account scoring information decryption method.

It will be appreciated by those skilled in the art that the structure shown in fig. 13 is merely a block diagram of a portion of the structure associated with the present application and is not limiting of the computer device to which the present application applies, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

In an embodiment, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.

In one embodiment, a computer-readable storage medium is provided, storing a computer program which, when executed by a processor, implements the steps of the method embodiments described above.

In one embodiment, a computer program product or computer program is provided that includes computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the steps in the above-described method embodiments.

It should be noted that, user information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the various embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the various embodiments provided herein may include at least one of relational databases and non-relational databases. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic units, quantum computing-based data processing logic units, etc., without being limited thereto.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the present application. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application shall be subject to the appended claims.

Claims

1. An account scoring information encryption method, the method comprising:

acquiring a resource service account scoring information set and a resource interaction account scoring information set; the resource service user scoring information set is obtained in response to scoring operation of the resource service platform on the target account; the resource interaction account scoring information set is obtained in response to scoring operation of the resource interaction platform on the target account;

Classifying according to at least one classification type according to each resource service account scoring information in the resource service account scoring information set and each resource interaction account scoring information in the resource interaction account scoring information set to obtain an integrated resource account scoring information set;

determining encryption algorithm parameters corresponding to the integrated resource account scoring information set, and carrying out attribute encryption on the integrated resource account scoring information set according to the encryption algorithm parameters to obtain an encrypted account scoring information set; the encryption algorithm parameters are parameters for encryption calculation of a preset encryption algorithm;

and determining access policy information for the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameters.

2. The method of claim 1, wherein the encryption algorithm parameters include an access parameter, a set of random vectors, and a set of random primes; the determining the encryption algorithm parameters corresponding to the integrated resource account scoring information set, and performing attribute encryption on the integrated resource account scoring information set according to the encryption algorithm parameters to obtain an encrypted account scoring information set, including:

Determining access parameters corresponding to the encryption algorithm according to the integrated resource account scoring information set;

selecting a random vector set and a random prime number set corresponding to the integrated resource account scoring information set according to the encryption algorithm;

and carrying out attribute encryption on the integrated resource account scoring information set according to the access parameters, the random vector set and the random prime number set to obtain the encrypted account scoring information set.

3. The method of claim 2, wherein the access parameters include an access matrix and an access mapping relationship; the determining the access parameters corresponding to the encryption algorithm according to the integrated resource account scoring information set comprises the following steps:

constructing an access matrix corresponding to the encryption algorithm according to the integrated resource account scoring information of the integrated resource account scoring information set;

determining each access mapping relation of the encryption algorithm according to the access elements of each row in the access matrix and each attribute name index of the target account; and the access mapping relation characterizes the corresponding relation between the access element and each attribute name index.

4. The method of claim 3, wherein the determining, according to the encryption algorithm, a set of random vectors and a set of random primes corresponding to the set of integrated resource account scoring information comprises:

selecting two random vectors from a finite field of the encryption algorithm as the random vector set based on the integrated resource account scoring information set;

and selecting at least two random primes from prime number groups corresponding to the encryption algorithm based on the integrated resource account scoring information set as the random prime number set.

5. The method of claim 4, wherein the set of random primes comprises a first set of random primes corresponding to a first prime group and a second set of random primes corresponding to a second prime group; the finite field also comprises a finite field random number; and performing attribute encryption on the integrated resource account scoring information set according to the access parameter, the random vector set and the random prime number set to obtain the encrypted account scoring information set, wherein the method comprises the following steps of:

fusing the random vector set, the first random prime number set and the finite field random number to obtain a first encryption calculation parameter;

Fusing the random vector set, the first random prime number set, the second random prime number set and the finite field random number to obtain a second encryption calculation parameter;

and performing attribute encryption on the integrated resource account scoring information set according to the access parameter, the first encryption calculation parameter and the second encryption calculation parameter to obtain the encrypted account scoring information set.

6. The method of claim 3, wherein the determining access policy information for the set of resource service account scoring information and the set of resource interaction account scoring information based on the set of encrypted account scoring information and the encryption algorithm parameters comprises:

selecting corresponding target attribute values from the original attribute value set of the target object as an access attribute value set according to the encrypted account scoring information set;

and determining access strategy information aiming at the resource service account scoring information set and the resource interaction account scoring information set according to the access matrix, each access mapping relation and the access attribute value set.

7. A method for decrypting account scoring information, the method comprising:

responding to an account scoring information query request of a target object, and acquiring a decryption account key corresponding to the target object; the decryption account key is obtained through calculation of an account identifier and an account attribute set of the target object;

calculating account attribute value policy information according to a second encryption calculation parameter under the condition that each attribute name index of the target account has an attribute name index in the decryption account key;

under the condition that the account attribute value policy information representation meets access policy information, verifying the validity of the target object according to the decryption account key to obtain an object verification result; the access policy information is calculated according to the account scoring information encryption method according to any one of claims 1 to 6;

under the condition that the object verification result represents that the target object passes verification, decrypting the encrypted account scoring information set according to the access strategy information and decryption algorithm parameters corresponding to a decryption algorithm to obtain a resource service account scoring information set and a resource interaction account scoring information set; the encrypted account scoring information set is calculated according to the account scoring information encryption method according to any one of claims 1 to 6; the decryption algorithm parameters are parameters obtained by calculation through a preset decryption algorithm.

8. The method according to claim 7, wherein before the step of decrypting the encrypted account scoring information set according to the access policy information and the decryption algorithm parameters corresponding to the decryption algorithm to obtain the resource service account scoring information set and the resource interaction account scoring information set, the method further comprises:

determining a decryption prime number set and a decryption random number corresponding to the encrypted account scoring information set according to the decryption algorithm;

and calculating decryption algorithm parameters corresponding to the decryption algorithm according to the decryption prime number set and the decryption random number.

9. An account scoring information encryption device, the device comprising:

the scoring information acquisition module is used for acquiring a scoring information set of the resource service account and a scoring information set of the resource interaction account; the resource service user scoring information set is obtained in response to scoring operation of the resource service platform on the target account; the resource interaction account scoring information set is obtained in response to scoring operation of the resource interaction platform on the target account;

the scoring information integration module is used for classifying according to at least one classification type according to each resource service account scoring information in the resource service account scoring information set and each resource interaction account scoring information in the resource interaction account scoring information set to obtain an integrated resource account scoring information set;

The scoring information encryption module is used for determining encryption algorithm parameters corresponding to the scoring information set of the integrated resource account, and carrying out attribute encryption on the scoring information set of the integrated resource account according to the encryption algorithm parameters to obtain an encrypted scoring information set of the account; the encryption algorithm parameters are parameters for encryption calculation of a preset encryption algorithm;

and the access policy determining module is used for determining access policy information aiming at the resource service account scoring information set and the resource interaction account scoring information set according to the encrypted account scoring information set and the encryption algorithm parameters.

10. An account scoring information decryption apparatus, the apparatus comprising:

the decryption key acquisition module is used for responding to the account scoring information inquiry request of the target object and acquiring a decryption account key corresponding to the target object; the decryption account key is obtained through calculation of an account identifier and an account attribute set of the target object;

the policy information calculating module is used for calculating account attribute value policy information according to a second encryption calculation parameter under the condition that the attribute name indexes in the decryption account key exist in the attribute name indexes of the target account;

The object information verification module is used for verifying the validity of the target object according to the decryption account key under the condition that the account attribute value policy information represents that the access policy information is met, and obtaining an object verification result; the access policy information is calculated according to the account scoring information encryption method according to any one of claims 1 to 6;

the scoring information decryption module is used for decrypting the encrypted account scoring information set according to the access strategy information and the decryption algorithm parameters corresponding to the decryption algorithm under the condition that the object verification result represents that the target object passes verification, so as to obtain a resource service account scoring information set and a resource interaction account scoring information set; the encrypted account scoring information set is calculated according to the account scoring information encryption method according to any one of claims 1 to 6; the decryption algorithm parameters are parameters obtained by calculation through a preset decryption algorithm.

11. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 8 when the computer program is executed.

12. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 8.

13. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the steps of the method of any one of claims 1 to 8.