CN116257887B - Data query method, device, system, equipment and storage medium - Google Patents
Data query method, device, system, equipment and storage medium Download PDFInfo
- Publication number
- CN116257887B CN116257887B CN202310544744.9A CN202310544744A CN116257887B CN 116257887 B CN116257887 B CN 116257887B CN 202310544744 A CN202310544744 A CN 202310544744A CN 116257887 B CN116257887 B CN 116257887B
- Authority
- CN
- China
- Prior art keywords
- data
- ciphertext
- queried
- piece
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The application provides a data query method, a data query device, a data query system, data query equipment and a storage medium. The method comprises the following steps: the data supply terminal receives a data query request which is sent by the data query terminal and comprises a data feature identifier of data to be queried; the data characteristic identifiers of a plurality of pieces of data exist in the data supply end are the same; the data supply end sends the encrypted ciphertext of each piece of data to the data query end. The data query end identifies the ciphertext after primary encryption of the data to be queried, carries out secondary encryption on the ciphertext after primary encryption to obtain the ciphertext after primary encryption and secondary encryption of the data to be queried, and sends the ciphertext to the data supply end so that the data supply end carries out decryption operation corresponding to the primary encryption to obtain the ciphertext after secondary encryption. And the data query end performs decryption operation corresponding to the secondary encryption on the secondarily encrypted ciphertext to obtain data to be queried. The application reduces the calculation amount of the hidden trace query and improves the query efficiency.
Description
Technical Field
The present application relates to computer technologies, and in particular, to a data query method, apparatus, system, device, and storage medium.
Background
The data inquiry terminal can perform data inquiry from the data supply terminal to obtain the data required by the data inquiry terminal. In some scenarios, the data querying end needs to obtain the data to be queried from the data providing end, so that the data providing end cannot know which piece of data the data querying end queries "the data to be queried" is (i.e. the data querying end needs to implement the trace query).
At present, the existing hidden trace query method is mainly a query method based on paillier homomorphic encryption. However, the conventional trace query method has the problems of large calculation amount and low query efficiency.
Disclosure of Invention
The application provides a data query method, a device, a system, equipment and a storage medium, which are used for reducing the calculated amount of a trace query and improving the query efficiency.
In a first aspect, the present application provides a data query method, where the method is applied to a data query end, and the method includes:
sending a data query request to the data supply terminal; the data query request comprises a data characteristic identifier of data to be queried; the data characteristic identifier of at least one piece of data except the data to be queried exists in the data supply end and is the same as the data characteristic identifier of the data to be queried;
Receiving a ciphertext after primary encryption of each piece of data in the pieces of data from the data supply end; the ciphertext of each piece of data after primary encryption is obtained by the data supply terminal according to the data characteristic identifier;
identifying the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data;
performing secondary encryption on the ciphertext after primary encryption of the data to be queried to obtain the ciphertext after primary encryption and secondary encryption of the data to be queried, and sending the ciphertext to the data supply end so that the data supply end performs decryption operation corresponding to the ciphertext after primary encryption and secondary encryption on the ciphertext after primary encryption to obtain the ciphertext after secondary encryption;
and receiving the encrypted ciphertext from the data supply end, and performing decryption operation corresponding to the secondary encryption on the encrypted ciphertext to obtain the data to be queried.
Optionally, the plurality of data belong to the same group of data, the data characteristic identifier is used for representing the group where the data are located, and the data characteristic identifiers among different groups of data are different.
Optionally, before sending the data query request to the data supply end, the method further includes:
And determining the data characteristic identification of the data to be queried according to the data to be queried and the group in which the data to be queried is located.
Optionally, before the identifying the encrypted ciphertext of the data to be queried from the encrypted ciphertext of each piece of data, the method further includes:
receiving a hash value of each piece of data from the data supply terminal; for any piece of data, the hash value of the data is obtained by the data supply end according to the key value of the data;
the identifying the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data comprises the following steps:
and identifying the encrypted ciphertext of the data to be queried from the encrypted ciphertext of each piece of data according to the hash value of each piece of data.
In a second aspect, the present application provides a data query method, where the method is applied to a data supply end, and the method includes:
receiving a data query request from a data query end; the data query request comprises a data characteristic identifier of data to be queried; the data characteristic identifier of at least one piece of data except the data to be queried exists in the data supply end and is the same as the data characteristic identifier of the data to be queried;
Acquiring a ciphertext after primary encryption of each piece of data in the plurality of pieces of data according to the data characteristic identifier;
sending the ciphertext after primary encryption of each piece of data to the data query terminal, so that the data query terminal identifies the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data, and carrying out secondary encryption on the ciphertext after primary encryption of the data to be queried to obtain the ciphertext after primary encryption and secondary encryption of the data to be queried;
receiving the primary encrypted and secondary encrypted ciphertext from the data query end, and performing decryption operation corresponding to the primary encryption on the primary encrypted and secondary encrypted ciphertext to obtain secondary encrypted ciphertext;
and sending the encrypted ciphertext to the data query terminal so that the data query terminal carries out decryption operation corresponding to the secondary encryption on the encrypted ciphertext to obtain the data to be queried.
Optionally, the plurality of data belong to the same group of data, the data characteristic identifier is used for representing the group where the data are located, and the data characteristic identifiers among different groups of data are different.
Optionally, the obtaining the ciphertext after primary encryption of each piece of data in the plurality of pieces of data according to the data feature identifier includes:
determining a group in which the data to be queried are located according to the data characteristic identifier;
and encrypting each piece of data in the group where the data to be queried is located once to obtain a ciphertext after once encryption of each piece of data.
Optionally, after acquiring the plurality of pieces of data according to the data feature identifier, the method further includes:
for any one piece of data in the plurality of pieces of data, acquiring a hash value of the data according to a key value of the data;
and sending the hash value of each piece of data to the data query terminal so that the data query terminal identifies the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data according to the hash value of each piece of data.
In a third aspect, the present application provides a data query device, where the device is applied to a data query end, and the device includes:
the sending module is used for sending a data query request to the data supply terminal; the data query request comprises a data characteristic identifier of data to be queried; the data characteristic identifier of at least one piece of data except the data to be queried exists in the data supply end and is the same as the data characteristic identifier of the data to be queried;
The receiving module is used for receiving the ciphertext after primary encryption of each piece of data in the pieces of data from the data supply end; the ciphertext of each piece of data after primary encryption is obtained by the data supply terminal according to the data characteristic identifier;
the identification module is used for identifying the encrypted ciphertext of the data to be queried from the encrypted ciphertext of each piece of data;
the first processing module is used for carrying out secondary encryption on the ciphertext after primary encryption of the data to be queried to obtain the ciphertext after primary encryption and secondary encryption of the data to be queried, and sending the ciphertext to the data supply end so that the data supply end carries out decryption operation corresponding to the ciphertext after primary encryption and secondary encryption on the ciphertext after primary encryption to obtain the ciphertext after secondary encryption;
and the second processing module is used for receiving the encrypted ciphertext from the data supply end and performing decryption operation corresponding to the secondary encryption on the encrypted ciphertext to obtain the data to be queried.
In a fourth aspect, the present application provides a data query device, the device being applied to a data supply terminal, the device comprising:
The receiving module is used for receiving a data query request from the data query end; the data query request comprises a data characteristic identifier of data to be queried; the data characteristic identifier of at least one piece of data except the data to be queried exists in the data supply end and is the same as the data characteristic identifier of the data to be queried;
the first processing module is used for acquiring a ciphertext after primary encryption of each piece of data in the plurality of pieces of data according to the data characteristic identifier;
the first sending module is used for sending the ciphertext after primary encryption of each piece of data to the data query terminal, so that the data query terminal identifies the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data, and carries out secondary encryption on the ciphertext after primary encryption of the data to be queried to obtain the ciphertext after primary encryption and secondary encryption of the data to be queried;
the second processing module is used for receiving the ciphertext after primary encryption and secondary encryption from the data query end, and performing decryption operation corresponding to the primary encryption on the ciphertext after primary encryption and secondary encryption to obtain the ciphertext after secondary encryption;
And the second sending module is used for sending the encrypted ciphertext to the data query end so that the data query end can perform decryption operation corresponding to the secondary encryption on the encrypted ciphertext to obtain the data to be queried.
In a fifth aspect, the present application provides a data query system, the data query system comprising: a data query end and a data supply end; the data query terminal is configured to execute the method according to any one of the first aspect; the data supply is configured to perform the method according to any one of the second aspects.
In a sixth aspect, the present application provides an electronic device comprising a memory and a processor;
the memory stores a computer program;
the processor is arranged to perform the method of any one of the first and second aspects by means of the computer program.
In a seventh aspect, the present application provides a computer-readable storage medium having stored thereon computer-executable instructions which, when executed by a processor, implement the method of any one of the first and second aspects.
In an eighth aspect, the present application provides a computer program product comprising a computer program which, when executed by a processor, implements the method of any one of the first and second aspects.
The data query method, the device, the system, the equipment and the storage medium provided by the application can send the data query request comprising the data characteristic identification of the data to be queried to the data supply terminal. Because the data characteristic identifier of at least one piece of data except the data to be queried is the same as the data characteristic identifier of the data to be queried in the data supply end, even if the data supply end acquires the data characteristic identifier of the data to be queried, the data supply end cannot know which data is specifically the data to be queried. Then, the data supply end can obtain the encrypted ciphertext of each piece of data in the plurality of pieces of data according to the data characteristic identifier. The data is sent to the data inquiry end after being encrypted once, so that the safety of data transmission is ensured. The data query terminal performs secondary encryption on the primary encrypted ciphertext of the data to be queried in the primary encrypted ciphertext of each piece of data, so that the secondary encrypted ciphertext is protected by the secondary encryption operation of the data query terminal, and further the data supply terminal still cannot determine which piece of data to be queried is the data to be queried by the data query terminal when performing the decryption operation corresponding to the primary encryption. Then, the data query terminal can perform decryption operation corresponding to the secondary encryption on the secondarily encrypted ciphertext to obtain data to be queried, so that the trace query of the data query terminal is realized. By the method, the data query end does not need to use the paillier homomorphic encryption algorithm when realizing the trace query, so that the calculated amount of the trace query is reduced, and the query efficiency is improved.
Drawings
In order to more clearly illustrate the application or the technical solutions of the prior art, the following description will be given for a brief introduction to the drawings used in the embodiments or the description of the prior art, it being obvious that the drawings in the following description are some embodiments of the application and that other drawings can be obtained from these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a data query method provided by the application;
fig. 2 is a schematic diagram of a data packet situation in a data provider according to the present application;
fig. 3 is a schematic structural diagram of a data query device 20 according to the present application;
fig. 4 is a schematic structural diagram of a data query device 30 according to the present application;
fig. 5 is a schematic structural diagram of an electronic device according to the present application.
Specific embodiments of the present application have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or fully authorized by each party, and the collection, use and processing of the related data need to comply with related laws and regulations and standards, and provide corresponding operation entries for the user to select authorization or rejection. In the technical scheme of the application, the related processes of collecting, storing, using, processing, transmitting, providing, disclosing and the like of the information such as financial data or user data are in accordance with the regulations of related laws and regulations, and the public welfare is not violated.
The data inquiry terminal can perform data inquiry from the data supply terminal to obtain the data required by the data inquiry terminal. In some embodiments, the data querying end may explicitly represent the data required by itself in the data querying request, so that the data supplying end may directly provide the data to the data querying end. In this implementation, the data provider may determine which data the data querying peer queries is specific to.
In some scenarios, the data querying end needs to obtain the data to be queried from the data providing end, so that the data providing end cannot know which piece of data the data querying end queries "the data to be queried" is (i.e. the data querying end needs to implement the trace query).
At present, the existing hidden trace query method is mainly a query method based on paillier homomorphic encryption. However, the conventional trace query method has the problems of large calculation amount and low query efficiency.
In view of the above problems of the existing query method, the present application provides a method for realizing the trace query at the data query end without the aid of the paillier homomorphic encryption method, so as to reduce the calculation amount of the trace query, and thus improve the query efficiency. It should be understood that the present application is not limited to the above data query terminal and the data supply terminal. For example, the data query terminal or the data supply terminal may be any electronic device having a processing function, such as a terminal, or a server. In addition, it should be understood that the present application is not limited to the communication manner between the data querying end and the data supplying end.
The technical scheme of the present application will be described in detail with reference to specific examples. The following embodiments may be combined with each other, and some embodiments may not be repeated for the same or similar concepts or processes.
Fig. 1 is a schematic flow chart of a data query method provided by the application. As shown in fig. 1, the method comprises the steps of:
s101, the data query terminal sends a data query request to the data supply terminal.
Wherein the data query request may include a data characteristic identification of the data to be queried. At least one data characteristic identifier of the data except the data to be queried is the same as the data characteristic identifier of the data to be queried in the data supply end. That is, in the data supply terminal, the data feature identifier of the plurality of pieces of data is present as the data feature identifier of the data to be queried. Therefore, even if the data supply end obtains the data characteristic identifier of the data to be queried, the data supply end cannot know which data is specific to the data to be queried.
The data characteristic identifier may be, for example, a number and/or a letter that are present in both the data to be queried and the at least one piece of data "except for the data to be queried". For example, taking the above data to be queried and the above data of the at least one piece of data "except the data to be queried" as an example of a phone number, the data feature identifier may be, for example, the last four digits of the phone number. In this example, the data to be queried is identical to the last four digits of the telephone number of the above-mentioned at least one piece of data "except for the data to be queried".
Alternatively, the data feature identifier may be used to characterize the size of the data volume of the piece of data, or the data type, for example, and the application is not limited to this data feature identifier.
As a possible implementation manner, the data characteristic identifier of the data to be queried may be stored in advance in the data query terminal, for example. As another possible implementation manner, the data characteristic identifier of the data to be queried may be determined in the data query end according to the data to be queried and the group where the data to be queried is located.
Accordingly, the data provider may receive a data query request from the data querying peer.
S102, the data supply end acquires the ciphertext after primary encryption of each piece of data in the plurality of pieces of data according to the data characteristic identification.
Optionally, the data supplier may obtain the data feature identifier from the data query request after receiving the data query request. The data provider may then obtain a plurality of pieces of "data whose data feature identifier is the data feature identifier" from the data stored in itself. Then, the data supply end may encrypt each piece of data in the plurality of pieces of data once, to obtain a ciphertext after once encrypting each piece of data. For example, taking the example that the data supply end obtains 100 pieces of data according to the data feature identifier, the data supply end may encrypt each piece of data in the 100 pieces of data once, so as to obtain the ciphertext after primary encryption corresponding to each piece of 100 pieces of data.
Or, the data supply end may also store in advance a mapping relationship between the data characteristic identifier and the ciphertext after primary encryption of the plurality of pieces of data. In this implementation manner, after receiving the data query request, the data supply end may obtain the ciphertext after one encryption of the plurality of pieces of data according to the data feature identifier included in the data query request and the mapping relationship.
It should be understood that the specific implementation of the present application for performing the above-described one-time encryption operation on the data supply terminal is not limited. For example, for any piece of data in the plurality of pieces of data, the data supply end may encrypt the piece of data by any one of the existing data encryption methods such as an RSA encryption algorithm or an SM2 encryption algorithm, to obtain a ciphertext of the piece of data after primary encryption.
S103, the data supply end sends the encrypted ciphertext of each piece of data to the data inquiry end.
Correspondingly, the data query end can receive the encrypted ciphertext of each piece of data in the pieces of data from the data supply end.
S104, the data query terminal identifies the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data.
As a possible implementation manner, the data supply end may also obtain, for example, after obtaining a plurality of pieces of data according to the data feature identifier, unique identifiers of each piece of data in the plurality of pieces of data (that is, unique identifiers of different pieces of data are different). Then, the data supply end can send the unique identifier of each piece of data and the mapping relation of the ciphertext after primary encryption of each piece of data to the data query end. The unique identifier of each piece of data may be, for example, pre-generated for the data supply terminal. Alternatively, the unique identifier of each piece of data may be generated by a preset algorithm after the data supply terminal acquires the pieces of data.
In this implementation manner, the data query end may identify the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data according to the "unique identifier of each piece of data, and the mapping relationship of the ciphertext after primary encryption of each piece of data" and the unique identifier of the data to be queried.
S105, the data query end performs secondary encryption on the ciphertext after primary encryption of the data to be queried to obtain the ciphertext after primary encryption and secondary encryption of the data to be queried.
It should be understood that the specific implementation manner of the present application for performing the above-mentioned secondary encryption operation on the data querying side is not limited. For example, the data query end may perform secondary encryption on the ciphertext after primary encryption of the data to be queried by any existing data encryption method such as a random number encryption algorithm, to obtain the ciphertext after primary encryption and secondary encryption of the data to be queried.
S106, the data query end sends the ciphertext after primary encryption and secondary encryption to the data supply end.
Correspondingly, the data supply end can receive the ciphertext after primary encryption and secondary encryption from the data query end.
And S107, the data supply end performs decryption operation corresponding to the primary encryption on the primary encrypted ciphertext to obtain the secondary encrypted ciphertext.
The data supply end carries out the decryption operation corresponding to the primary encryption on the primary encrypted ciphertext, so that the decryption of the primary encrypted ciphertext is realized, and the obtained secondary encrypted ciphertext is the secondary encrypted ciphertext protected by the secondary encryption operation of the data query end. Because the cryptograph after the secondary confidentiality is protected by the secondary encryption operation of the data query end, the data supply end still cannot determine which data to be queried is the data to be queried by the data query end.
It should be understood that, the specific implementation manner of performing the decryption operation corresponding to the primary encryption on the ciphertext after the primary encryption and the secondary encryption at the data supply end is not limited.
S108, the data supply end sends the encrypted ciphertext to the data query end.
Correspondingly, the data query end can receive the secondarily encrypted ciphertext from the data supply end.
And S109, the data query terminal carries out decryption operation corresponding to the secondary encryption on the secondarily encrypted ciphertext to obtain data to be queried.
Because the ciphertext after the secondary confidentiality is protected by the secondary encryption operation of the data query terminal, the data query terminal can decrypt the ciphertext after the secondary encryption to obtain the data to be queried. By the method, the data query terminal can acquire the data to be queried from the data supply terminal, and meanwhile, the data supply terminal cannot know which data the data to be queried is, so that the hidden query of the data query terminal is realized.
It should be understood that, the specific implementation manner of the decryption operation corresponding to the secondary encryption performed on the ciphertext after the secondary encryption by the data query terminal is not limited.
In this embodiment, the data querying end may send a data querying request including the data feature identifier of the data to be queried to the data providing end. Because the data characteristic identifier of at least one piece of data except the data to be queried is the same as the data characteristic identifier of the data to be queried in the data supply end, even if the data supply end acquires the data characteristic identifier of the data to be queried, the data supply end cannot know which data is specifically the data to be queried. Then, the data supply end can obtain the encrypted ciphertext of each piece of data in the plurality of pieces of data according to the data characteristic identifier. The data is sent to the data inquiry end after being encrypted once, so that the safety of data transmission is ensured. The data query terminal performs secondary encryption on the primary encrypted ciphertext of the data to be queried in the primary encrypted ciphertext of each piece of data, so that the secondary encrypted ciphertext is protected by the secondary encryption operation of the data query terminal, and further the data supply terminal still cannot determine which piece of data to be queried is the data to be queried by the data query terminal when performing the decryption operation corresponding to the primary encryption. Then, the data query terminal can perform decryption operation corresponding to the secondary encryption on the secondarily encrypted ciphertext to obtain data to be queried, so that the trace query of the data query terminal is realized. By the method, the data query end does not need to use the paillier homomorphic encryption algorithm when realizing the trace query, so that the calculated amount of the trace query is reduced, and the query efficiency is improved.
As a possible implementation manner, the data supply terminal may obtain multiple pieces of data according to the data feature identifier, where the multiple pieces of data may belong to the same group of data. In this implementation, the data characteristic identifier described above may be used to characterize the group in which the data is located. Wherein the data characteristic identification is different between different sets of data.
Fig. 2 is a schematic diagram illustrating a data packet situation in a data provider according to the present application. As shown in fig. 2, a plurality of sets of data may be stored in the data supply terminal. Wherein each set of data may comprise a plurality of pieces of data. The data characteristic identifiers (which may also be referred to as packet characteristics) of each piece of data in the same set of data are the same, e.g., the data characteristic identifiers of each piece of data in the first set of data are all data characteristic identifiers 1.
In this implementation manner, optionally, before sending the data query request to the data supply end, the data query end may further determine the data feature identifier of the data to be queried according to the data to be queried and the group where the data to be queried is located.
For example, the data query may have stored therein, for example, data grouping rules in the data provider, and data feature identifiers of the groups. The data query terminal may determine, according to the data grouping rule and the data to be queried, a grouping in which the data to be queried is located. Then, the data query terminal can use the data feature identifier of the packet in which the data to be queried is located as the data feature identifier of the data to be queried.
By the method, the data query terminal can determine the data characteristic identification of the data to be queried according to the data to be queried and the group in which the data to be queried is located, and a foundation is laid for subsequent hidden query based on the data characteristic identification.
In this implementation manner, optionally, when the data supply end obtains the ciphertext after primary encryption of each piece of data in the plurality of pieces of data according to the data feature identifier, for example, the group where the data to be queried is located may be determined first according to the data feature identifier, and then each piece of data in the group where the data to be queried is located is encrypted once, so as to obtain the ciphertext after primary encryption of each piece of data.
For example, still taking fig. 2 as an example, assuming that the data feature identifier is the data feature identifier 1, the data provider may determine that the group in which the data to be queried is located is the 1 st group. Then, the data supply end can encrypt each piece of data in the 1 st group once to obtain a ciphertext after encrypting each piece of data once.
By the method, the data supply end can determine the group where the data to be queried is located according to the data characteristic identifier, and encrypt each piece of data in the group once to obtain the encrypted ciphertext of each piece of data, so that the primary encryption of a plurality of pieces of data including the data to be queried is realized, the data supply end can not determine which piece of data to be queried is, the information sent by the data supply end is the ciphertext, information leakage can not be caused, and the safety of data transmission between the data supply end and the data query end is improved.
In this embodiment, based on different data feature identifiers, data in the data supply end is stored in groups, so that the data supply end can directly obtain a plurality of pieces of data according to the obtained data feature identifiers, thereby improving the data obtaining efficiency and further improving the efficiency of the trace query.
As another possible implementation, in the data provider, the data may be stored without grouping. For example, the data supply end stores a mapping relation between each piece of data and the data characteristic identifier. In this implementation manner, after the data feature identifier of the data to be queried is obtained, the data supply end may directly obtain a plurality of pieces of data identical to the data feature identifier of the data to be queried according to the data feature identifier of the data to be queried and the mapping relationship between each piece of data and the data feature identifier.
The following details are about how the data query end identifies the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data:
as a possible implementation manner, the data supply end may obtain, after obtaining a plurality of pieces of data according to the data feature identifier, for any piece of data in the plurality of pieces of data, a hash value of the data according to a key value of the data. Optionally, the key value of the data may be, for example, a number and/or a letter included in the piece of data, and the present application is not limited to the key value of the data. It should be understood that the specific implementation of the present application for obtaining the hash value of the data at the data provider according to the key value of the data is not limited. Alternatively, the method for obtaining the hash value of the data may refer to any method for obtaining the hash value of the data, which is not described herein.
After the data supply end obtains the hash value of each piece of data in the plurality of pieces of data, the data supply end can send the hash value of each piece of data to the data inquiry end. Correspondingly, the data query end can receive the hash value of each piece of data from the data supply end before identifying the encrypted ciphertext of the data to be queried from the encrypted ciphertext of each piece of data.
Then, the data query terminal can identify the encrypted ciphertext of the data to be queried from the encrypted ciphertext of each piece of data according to the hash value of each piece of data.
Optionally, the data query end may use, as the encrypted ciphertext of the data to be queried, the encrypted ciphertext of the data corresponding to the hash value identical to the hash value of the data to be queried in the hash values of the pieces of data. The hash value of the data to be queried may be stored in the data querying end in advance, for example. Or, the data query end may also input the data to be queried to a preset hash value generating method, for example, to obtain a hash value of the data to be queried. The method for generating the hash value may be the same as the method for generating the hash value of each piece of data performed by the data supply terminal.
In this embodiment, the data querying end may identify, according to the hash value of each piece of data from the data supplying end, the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data. By the method, the data query terminal can acquire the ciphertext after primary encryption of the data to be queried, and a foundation is laid for the data query terminal to acquire the data to be queried by hiding the trace query based on the ciphertext after primary encryption of the data to be queried.
The data query method provided by the present application is exemplified below by the foregoing data provider executing the foregoing primary encryption algorithm by using the SM2 encryption algorithm:
and step 1, the data supply end sends the encrypted ciphertext of a plurality of pieces of data to the data inquiry end according to the data inquiry request of the data inquiry end.
Alternatively, the data supply end may encrypt each piece of data in the plurality of pieces of data by SM2 encryption operation, fix a random number, encrypt and record m1 respectively, m2 … mn (data itself), a series of ciphertext (c1|c31|c21), (c1|c32|c22), …, (c1|c3n|c2n), i.e. ciphertext of a plurality of pieces of data after one encryption. Optionally, the plaintext message m1, m2 and … mn may be encrypted after being padded, and the used padding algorithm includes, but is not limited to, OAEP and other padding algorithms, so as to effectively distinguish the validity of the plaintext during subsequent decryption.
Step 2, the data supply end calculates hash values H1, H2 … Hn corresponding to the key words of each record m1, m2 … mn in the packet, and sends (C21, H1), (C22, H2) … (C2 n, hn) to the data query end. Where C2n represents the ciphertext of the data after one encryption. Hn represents the hash value of the data.
And 3, selecting an intention ciphertext CK (namely, one-time encrypted ciphertext of the data to be queried) by the data query end according to the keyword hash value HK of the data to be queried. Then, a random number R is selected, and the encrypted ciphertext of the data to be queried is subjected to secondary encryption (also referred to as scrambling) by using the random number R to obtain encrypted ciphertext (for example) And the ciphertext of the data to be queried after primary encryption and secondary encryption is added>And sending the data to a data supply terminal.
Step 4, the data supply end uses the private key to encrypt the ciphertext after primary encryption and secondary encryptionThe decryption operation corresponding to the primary encryption is performed (+)>) Obtaining a secondarily encrypted ciphertext protected by secondary encryption ++>And sending the data to the data query terminal.
Step 5, the data inquiry terminal encrypts the secondarily encrypted ciphertext protected by the secondary encryption Decryption operation corresponding to the above secondary encryption is performed, for example, m= = is calculated>And obtaining real data to be queried.
Taking the foregoing data supply end executing the foregoing primary encryption algorithm by using the RSA encryption algorithm as an example, assuming that the private key of a is dA public key (eA, nA), and the private key of B is dB public key (eB, nB), the data query method provided by the present application is illustrated as follows:
and step 1, the data supply end sends the encrypted ciphertext of a plurality of pieces of data to the data inquiry end according to the data inquiry request of the data inquiry end.
Alternatively, the data supply end may encrypt the plurality of pieces of data m1, m2 and … mn by RSA encryption operation, respectively, to form a series of ciphertexts C1, C22 … Cn, that is, ciphertexts after primary encryption of the plurality of pieces of data. Optionally, the plaintext message m1, m2 and … mn may be encrypted after being padded, and the used padding algorithm includes, but is not limited to, OAEP and other padding algorithms, so as to effectively distinguish the validity of the plaintext during subsequent decryption.
Step 2, the data supply end calculates hash values H1, H2 … Hn corresponding to the key words of each record m1, m2 … mn in the packet, and sends (C21, H1), (C22, H2) … (C2 n, hn) to the data query end. Where C2n represents the ciphertext of the data after one encryption. Hn represents the hash value of the data.
And 3, selecting an intention ciphertext CK (namely, one-time encrypted ciphertext of the data to be queried) by the data query end according to the keyword hash value HK of the data to be queried. Then, the data query end can use its own public key (eB, nB) to make secondary encryption (also called scrambling process) on the encrypted ciphertext of the data to be queried) Obtaining a ciphertext after primary encryption and secondary encryption of the data to be queriedAnd the ciphertext of the data to be queried after primary encryption and secondary encryption is added>And sending the data to a data supply terminal.
Step 4, the data supply end uses the private key to encrypt the ciphertext after primary encryption and secondary encryptionThe decryption operation corresponding to the primary encryption is performed (+)>) Obtaining a secondarily encrypted ciphertext protected by secondary encryption ++>And sending the data to the data query terminal.
Step 5, the data inquiry terminal encrypts the secondarily encrypted ciphertext protected by the secondary encryptionDecryption operations corresponding to the above secondary encryption are performed, e.g. calculate + ->And obtaining real data to be queried.
In this embodiment, by the above method, the database of the data supply terminal is protected, and the secondary encryption ensures that the queried data will not leak to the data supply terminal, and the data query terminal can only acquire one piece of data under the permission of the data supply terminal. The method and the device can realize the protection of the retrieval information of the data query end, and simultaneously can safely protect the authority of the data query end from crossing the boundary and protect the data safety of the data supply end. The privacy information retrieval requirements in various businesses can be supported. By the method, a paillier homomorphic encryption method is not needed, so that the calculation amount of the trace inquiry is reduced, the inquiry efficiency is improved, and the high concurrency requirement of the service is met.
Fig. 3 is a schematic structural diagram of a data query device 20 according to the present application. The data query device 20 is applied to a data query terminal. As shown in fig. 3, the apparatus 20 includes: a transmitting module 21, a receiving module 22, an identifying module 23, a first processing module 24, and a second processing module 25. Wherein, the liquid crystal display device comprises a liquid crystal display device,
and the sending module 21 is used for sending a data query request to the data supply end. The data query request comprises a data characteristic identifier of data to be queried; and the data characteristic identifier of at least one piece of data except the data to be queried exists in the data supply end and is the same as the data characteristic identifier of the data to be queried.
And the receiving module 22 is configured to receive the ciphertext after one encryption of each of the plurality of pieces of data from the data supply terminal. The ciphertext after primary encryption of each piece of data is obtained by the data supply terminal according to the data characteristic identifier.
The identifying module 23 is configured to identify the encrypted ciphertext of the data to be queried from the encrypted ciphertext of each piece of data.
The first processing module 24 is configured to perform secondary encryption on the primary encrypted ciphertext of the data to be queried, obtain the primary encrypted and secondary encrypted ciphertext of the data to be queried, and send the primary encrypted and secondary encrypted ciphertext to the data supply end, so that the data supply end performs the decryption operation corresponding to the primary encryption on the primary encrypted and secondary encrypted ciphertext, and obtain the secondary encrypted ciphertext.
And the second processing module 25 is configured to receive the encrypted ciphertext from the data supply end, and perform a decryption operation corresponding to the secondary encryption on the encrypted ciphertext to obtain the data to be queried.
Optionally, the plurality of data belong to the same group of data, the data characteristic identifier is used for representing the group where the data are located, and the data characteristic identifiers among different groups of data are different.
Optionally, the processing module 24 is further configured to determine, before sending a data query request to the data supply end, a data feature identifier of the data to be queried according to the data to be queried and a group where the data to be queried is located.
Optionally, the receiving module 22 is further configured to receive the hash value of each piece of data from the data supply end before the one-time encrypted ciphertext of the data to be queried is identified from the one-time encrypted ciphertext of each piece of data. And aiming at any piece of data, the hash value of the data is obtained by the data supply end according to the key value of the data. Optionally, the identifying module 23 is specifically configured to identify, from the encrypted ciphertext of each piece of data, the encrypted ciphertext of the data to be queried according to the hash value of each piece of data.
The data query device 20 provided by the present application is configured to execute the data query method executed by the data query end, and its implementation principle and technical effects are similar, and will not be described again.
Fig. 4 is a schematic structural diagram of a data query device 30 according to the present application. The data query device 30 is applied to the data supply terminal. As shown in fig. 4, the apparatus 30 includes: a receiving module 31, a first processing module 32, a first transmitting module 33, a second processing module 34, and a second transmitting module 35. Wherein, the liquid crystal display device comprises a liquid crystal display device,
the receiving module 31 is configured to receive a data query request from a data query end. The data query request comprises a data characteristic identifier of data to be queried; and the data characteristic identifier of at least one piece of data except the data to be queried exists in the data supply end and is the same as the data characteristic identifier of the data to be queried.
The first processing module 32 is configured to obtain, according to the data feature identifier, a ciphertext after primary encryption of each piece of data in the plurality of pieces of data.
The first sending module 33 is configured to send the encrypted ciphertext of each piece of data to the data querying end, so that the data querying end identifies the encrypted ciphertext of the data to be queried from the encrypted ciphertext of each piece of data, and performs secondary encryption on the encrypted ciphertext of the data to be queried to obtain the encrypted ciphertext of the data to be queried.
The second processing module 34 is configured to receive the primary encrypted and secondary encrypted ciphertext from the data query end, and perform a decryption operation corresponding to the primary encryption on the primary encrypted and secondary encrypted ciphertext to obtain a secondary encrypted ciphertext.
And the second sending module 35 is configured to send the secondarily encrypted ciphertext to the data querying end, so that the data querying end performs a decryption operation corresponding to the secondarily encryption on the secondarily encrypted ciphertext to obtain the data to be queried.
Optionally, the plurality of data belong to the same group of data, the data characteristic identifier is used for representing the group where the data are located, and the data characteristic identifiers among different groups of data are different.
Optionally, the first processing module 32 is specifically configured to determine, according to the data feature identifier, a group in which the data to be queried is located; and encrypting each piece of data in the group where the data to be queried is located once to obtain a ciphertext after once encryption of each piece of data.
Optionally, the first processing module 32 is further configured to, after acquiring a plurality of pieces of data according to the data feature identifier, acquire, for any piece of data in the plurality of pieces of data, a hash value of the piece of data according to a key value of the piece of data. Optionally, the first sending module 33 is further configured to send the hash value of each piece of data to the data querying end, so that the data querying end identifies the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data according to the hash value of each piece of data.
The data query device provided by the application is used for executing the data query method embodiment executed by the data supply end, and the implementation principle and the technical effect are similar, and are not repeated.
The application also provides a data query system. The data query system comprises: a data query end and a data supply end. The data query terminal is configured to execute the method executed by the data query terminal according to any one of the foregoing embodiments. The data supply terminal is used for the method executed by the data supply terminal in any embodiment. The implementation principle and technical effects of the data query system provided by the application are similar to those of the foregoing embodiments, and are not repeated.
Fig. 5 is a schematic structural diagram of an electronic device according to the present application. The electronic device may be, for example, the aforementioned data querying side, or the data supplying side. As shown in fig. 5, the electronic device 400 may include: at least one processor 401 and a memory 402.
A memory 402 for storing a program. In particular, the program may include program code including computer-operating instructions.
Memory 402 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The processor 401 is configured to execute computer-executable instructions stored in the memory 402 to implement the data query method described in the foregoing method embodiment. The processor 401 may be a central processing unit (Central Processing Unit, abbreviated as CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, abbreviated as ASIC), or one or more integrated circuits configured to implement embodiments of the present application.
Optionally, the electronic device 400 may also include a communication interface 403. In a specific implementation, if the communication interface 403, the memory 402, and the processor 401 are implemented independently, the communication interface 403, the memory 402, and the processor 401 may be connected to each other by a bus and perform communication with each other. The bus may be an industry standard architecture (Industry Standard Architecture, abbreviated ISA) bus, an external device interconnect (Peripheral Component, abbreviated PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated EISA) bus, among others. Buses may be divided into address buses, data buses, control buses, etc., but do not represent only one bus or one type of bus.
Alternatively, in a specific implementation, if the communication interface 403, the memory 402, and the processor 401 are integrated on a chip, the communication interface 403, the memory 402, and the processor 401 may complete communication through internal interfaces.
The present application also provides a computer-readable storage medium, which may include: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk or an optical disk, etc., in which program codes may be stored, and in particular, the computer-readable storage medium stores program instructions for the methods in the above embodiments.
The present application also provides a program product comprising execution instructions stored in a readable storage medium. The at least one processor of the electronic device may read the execution instructions from the readable storage medium, and execution of the execution instructions by the at least one processor causes the electronic device to implement the data query method provided by the various embodiments described above.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the application.
Claims (11)
1. A data query method, wherein the method is applied to a data query terminal, the method comprising:
sending a data query request to the data supply terminal; the data query request comprises a data characteristic identifier of data to be queried; the data characteristic identifiers of at least one piece of data except the data to be queried are the same as the data characteristic identifiers of the data to be queried, the data characteristic identifiers are used for representing groups where the data are located, the data characteristic identifiers among different groups of data are different, and the data characteristic identifiers are used for representing the size or the data type of the data volume of the data;
receiving a ciphertext after primary encryption of each piece of data in a plurality of pieces of data from the data supply end, wherein the plurality of pieces of data belong to the same group of data; the ciphertext after primary encryption of each piece of data is obtained by the data supply end obtaining a plurality of pieces of data according to the data characteristic identifier and carrying out primary encryption on each piece of data in the plurality of pieces of data through an SM2 encryption algorithm; the random number in the primary encryption process is fixed;
identifying the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data;
Performing secondary encryption on the ciphertext after primary encryption of the data to be queried to obtain the ciphertext after primary encryption and secondary encryption of the data to be queried, and sending the ciphertext to the data supply end so that the data supply end performs decryption operation corresponding to the ciphertext after primary encryption and secondary encryption on the ciphertext after primary encryption to obtain the ciphertext after secondary encryption;
receiving the secondarily encrypted ciphertext from the data supply end, and performing decryption operation corresponding to the secondary encryption on the secondarily encrypted ciphertext to obtain the data to be queried;
the method further comprises the steps of: receiving the unique identifier of each piece of data sent by the data supply end and the mapping relation of the encrypted ciphertext of each piece of data, wherein the mapping relation is used for identifying the encrypted ciphertext of the data to be queried from the encrypted ciphertext of each piece of data according to the mapping relation and the unique identifier of the data to be queried by the data query end, and the unique identifier of the data to be queried is generated by a preset algorithm after the data supply end acquires the plurality of pieces of data.
2. The method of claim 1, wherein prior to sending a data query request to the data supply, the method further comprises:
and determining the data characteristic identification of the data to be queried according to the data to be queried and the group in which the data to be queried is located.
3. The method according to claim 1 or 2, wherein, prior to identifying the one-time encrypted ciphertext of the data to be queried from the one-time encrypted ciphertext of the respective piece of data, the method further comprises:
receiving a hash value of each piece of data from the data supply terminal; for any piece of data, the hash value of the data is obtained by the data supply end according to the key value of the data;
the identifying the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data comprises the following steps:
and identifying the encrypted ciphertext of the data to be queried from the encrypted ciphertext of each piece of data according to the hash value of each piece of data.
4. A data query method, wherein the method is applied to a data supply terminal, and the method comprises:
Receiving a data query request from a data query end; the data query request comprises a data characteristic identifier of data to be queried; the data characteristic identifiers of at least one piece of data except the data to be queried are the same as the data characteristic identifiers of the data to be queried, the data characteristic identifiers are used for representing groups where the data are located, the data characteristic identifiers among different groups of data are different, and the data characteristic identifiers are used for representing the size or the data type of the data volume of the data;
acquiring a plurality of pieces of data according to the data characteristic identifier, and encrypting each piece of data in the plurality of pieces of data once by an SM2 encryption algorithm to obtain a ciphertext after the each piece of data is encrypted once; the random number in the primary encryption process is fixed, and the plurality of pieces of data belong to the same group of data;
sending the ciphertext after primary encryption of each piece of data to the data query terminal, so that the data query terminal identifies the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data, and carrying out secondary encryption on the ciphertext after primary encryption of the data to be queried to obtain the ciphertext after primary encryption and secondary encryption of the data to be queried;
Receiving the primary encrypted and secondary encrypted ciphertext from the data query end, and performing decryption operation corresponding to the primary encryption on the primary encrypted and secondary encrypted ciphertext to obtain secondary encrypted ciphertext;
sending the secondarily encrypted ciphertext to the data query terminal so that the data query terminal carries out decryption operation corresponding to the secondary encryption on the secondarily encrypted ciphertext to obtain the data to be queried;
the method further comprises the steps of:
the unique identification of each piece of data is sent to the data query terminal, and the mapping relation of the encrypted ciphertext of each piece of data is obtained, so that the data query terminal identifies the encrypted ciphertext of the data to be queried from the encrypted ciphertext of each piece of data according to the mapping relation and the unique identification of the data to be queried, and the unique identification of the data to be queried is generated by a preset algorithm after the data supply terminal obtains the plurality of pieces of data.
5. The method of claim 4, wherein the obtaining the encrypted ciphertext for each of the plurality of pieces of data based on the data characteristic identifier comprises:
Determining a group in which the data to be queried are located according to the data characteristic identifier;
and encrypting each piece of data in the group where the data to be queried is located once to obtain a ciphertext after once encryption of each piece of data.
6. The method of claim 4 or 5, wherein after acquiring a plurality of pieces of data from the data characteristic identification, the method further comprises:
for any one piece of data in the plurality of pieces of data, acquiring a hash value of the data according to a key value of the data;
and sending the hash value of each piece of data to the data query terminal so that the data query terminal identifies the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data according to the hash value of each piece of data.
7. A data query device, wherein the device is applied to a data query terminal, the device comprising:
the sending module is used for sending a data query request to the data supply terminal; the data query request comprises a data characteristic identifier of data to be queried; the data characteristic identifiers of at least one piece of data except the data to be queried are the same as the data characteristic identifiers of the data to be queried, the data characteristic identifiers are used for representing groups where the data are located, the data characteristic identifiers among different groups of data are different, and the data characteristic identifiers are used for representing the size or the data type of the data volume of the data;
The receiving module is used for receiving the ciphertext after primary encryption of each piece of data in the pieces of data from the data supply end, and the pieces of data belong to the same group of data; the ciphertext after primary encryption of each piece of data is obtained by the data supply end obtaining a plurality of pieces of data according to the data characteristic identifier and carrying out primary encryption on each piece of data in the plurality of pieces of data through an SM2 encryption algorithm; the random number in the primary encryption process is fixed;
the identification module is used for identifying the encrypted ciphertext of the data to be queried from the encrypted ciphertext of each piece of data;
the first processing module is used for carrying out secondary encryption on the ciphertext after primary encryption of the data to be queried to obtain the ciphertext after primary encryption and secondary encryption of the data to be queried, and sending the ciphertext to the data supply end so that the data supply end carries out decryption operation corresponding to the ciphertext after primary encryption and secondary encryption on the ciphertext after primary encryption to obtain the ciphertext after secondary encryption;
the second processing module is used for receiving the encrypted ciphertext from the data supply end and performing decryption operation corresponding to the secondary encryption on the encrypted ciphertext to obtain the data to be queried;
The receiving module is further configured to receive the unique identifier of each piece of data sent by the data supply end, and a mapping relationship of the encrypted ciphertext of each piece of data, where the mapping relationship is used for the data query end to identify the encrypted ciphertext of each piece of data from the encrypted ciphertext of each piece of data according to the mapping relationship and the unique identifier of the data to be queried, and the unique identifier of the data to be queried is generated by a preset algorithm after the data supply end obtains the plurality of pieces of data.
8. A data querying device, wherein the device is applied to a data supply terminal, the device comprising:
the receiving module is used for receiving a data query request from the data query end; the data query request comprises a data characteristic identifier of data to be queried; the data characteristic identifiers of at least one piece of data except the data to be queried are the same as the data characteristic identifiers of the data to be queried, the data characteristic identifiers are used for representing groups where the data are located, the data characteristic identifiers among different groups of data are different, and the data characteristic identifiers are used for representing the size or the data type of the data volume of the data;
The first processing module is used for acquiring a plurality of pieces of data according to the data characteristic identification, and encrypting each piece of data in the plurality of pieces of data once through an SM2 encryption algorithm to obtain a ciphertext after the each piece of data is encrypted once; the random number in the primary encryption process is fixed, and the plurality of pieces of data belong to the same group of data;
the first sending module is used for sending the ciphertext after primary encryption of each piece of data to the data query terminal, so that the data query terminal identifies the ciphertext after primary encryption of the data to be queried from the ciphertext after primary encryption of each piece of data, and carries out secondary encryption on the ciphertext after primary encryption of the data to be queried to obtain the ciphertext after primary encryption and secondary encryption of the data to be queried;
the second processing module is used for receiving the ciphertext after primary encryption and secondary encryption from the data query end, and performing decryption operation corresponding to the primary encryption on the ciphertext after primary encryption and secondary encryption to obtain the ciphertext after secondary encryption;
the second sending module is used for sending the encrypted ciphertext to the data query terminal so that the data query terminal can perform decryption operation corresponding to the secondary encryption on the encrypted ciphertext to obtain the data to be queried;
The first sending module is further configured to: the unique identification of each piece of data is sent to the data query terminal, and the mapping relation of the encrypted ciphertext of each piece of data is obtained, so that the data query terminal identifies the encrypted ciphertext of the data to be queried from the encrypted ciphertext of each piece of data according to the mapping relation and the unique identification of the data to be queried, and the unique identification of the data to be queried is generated by a preset algorithm after the data supply terminal obtains the plurality of pieces of data.
9. A data query system, the data query system comprising: a data query end and a data supply end; wherein the data query terminal is configured to perform the method of any one of claims 1-3; the data supply for performing the method of any of claims 4-6.
10. An electronic device comprising a memory and a processor;
the memory stores a computer program;
the processor being arranged to perform the method of any of claims 1-6 by means of the computer program.
11. A computer readable storage medium having stored thereon computer executable instructions which, when executed by a processor, implement the method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310544744.9A CN116257887B (en) | 2023-05-16 | 2023-05-16 | Data query method, device, system, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310544744.9A CN116257887B (en) | 2023-05-16 | 2023-05-16 | Data query method, device, system, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116257887A CN116257887A (en) | 2023-06-13 |
| CN116257887B true CN116257887B (en) | 2023-08-22 |
Family
ID=86682898
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310544744.9A Active CN116257887B (en) | 2023-05-16 | 2023-05-16 | Data query method, device, system, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116257887B (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109299149A (en) * | 2018-10-09 | 2019-02-01 | 北京腾云天下科技有限公司 | Data query method calculates equipment and system |
| KR20190116831A (en) * | 2018-04-05 | 2019-10-15 | 주식회사 비즈프렌즈 | Method for sharing encription data in computer systemhaving encription device |
| CN111046047A (en) * | 2019-12-17 | 2020-04-21 | 支付宝(杭州)信息技术有限公司 | Data query method and device for protecting privacy |
| CN112235107A (en) * | 2020-10-27 | 2021-01-15 | 南方电网科学研究院有限责任公司 | Data transmission method, device, equipment and storage medium |
| CN113987584A (en) * | 2021-11-11 | 2022-01-28 | 建信金融科技有限责任公司 | Method and system for hiding query |
| CN114756886A (en) * | 2022-06-13 | 2022-07-15 | 华控清交信息科技(北京)有限公司 | Method and device for hiding trace query |
| CN115098549A (en) * | 2022-08-25 | 2022-09-23 | 北京数牍科技有限公司 | Fair data hiding trace query method, device, equipment and storage medium |
| WO2022266071A1 (en) * | 2021-06-15 | 2022-12-22 | Google Llc | Encrypted information retrieval |
| CN115580396A (en) * | 2022-10-08 | 2023-01-06 | 上海勃池信息技术有限公司 | System and method for inquiring hiding trace |
| CN115688167A (en) * | 2022-10-13 | 2023-02-03 | 北京沃东天骏信息技术有限公司 | Method, device and system for searching for confidential trace and storage medium |
| CN115757535A (en) * | 2022-11-03 | 2023-03-07 | 北京声智科技有限公司 | Data query method, data storage method and device and electronic equipment |
| CN115905710A (en) * | 2022-12-27 | 2023-04-04 | 杭州海康威视数字技术股份有限公司 | System, method and device for inquiring hiding trace, electronic equipment and storage medium |
| CN115905238A (en) * | 2022-12-12 | 2023-04-04 | 上海零数众合信息科技有限公司 | Method and device for hiding query, electronic equipment and storage medium |
-
2023
- 2023-05-16 CN CN202310544744.9A patent/CN116257887B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20190116831A (en) * | 2018-04-05 | 2019-10-15 | 주식회사 비즈프렌즈 | Method for sharing encription data in computer systemhaving encription device |
| CN109299149A (en) * | 2018-10-09 | 2019-02-01 | 北京腾云天下科技有限公司 | Data query method calculates equipment and system |
| CN111046047A (en) * | 2019-12-17 | 2020-04-21 | 支付宝(杭州)信息技术有限公司 | Data query method and device for protecting privacy |
| CN112235107A (en) * | 2020-10-27 | 2021-01-15 | 南方电网科学研究院有限责任公司 | Data transmission method, device, equipment and storage medium |
| WO2022266071A1 (en) * | 2021-06-15 | 2022-12-22 | Google Llc | Encrypted information retrieval |
| CN113987584A (en) * | 2021-11-11 | 2022-01-28 | 建信金融科技有限责任公司 | Method and system for hiding query |
| CN114756886A (en) * | 2022-06-13 | 2022-07-15 | 华控清交信息科技(北京)有限公司 | Method and device for hiding trace query |
| CN115098549A (en) * | 2022-08-25 | 2022-09-23 | 北京数牍科技有限公司 | Fair data hiding trace query method, device, equipment and storage medium |
| CN115580396A (en) * | 2022-10-08 | 2023-01-06 | 上海勃池信息技术有限公司 | System and method for inquiring hiding trace |
| CN115688167A (en) * | 2022-10-13 | 2023-02-03 | 北京沃东天骏信息技术有限公司 | Method, device and system for searching for confidential trace and storage medium |
| CN115757535A (en) * | 2022-11-03 | 2023-03-07 | 北京声智科技有限公司 | Data query method, data storage method and device and electronic equipment |
| CN115905238A (en) * | 2022-12-12 | 2023-04-04 | 上海零数众合信息科技有限公司 | Method and device for hiding query, electronic equipment and storage medium |
| CN115905710A (en) * | 2022-12-27 | 2023-04-04 | 杭州海康威视数字技术股份有限公司 | System, method and device for inquiring hiding trace, electronic equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 同态加密在隐私计算中的应用综述;邵航等;《信息通信技术与政策》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116257887A (en) | 2023-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110457945B (en) | List query method, query party device, service party device and storage medium | |
| US9208491B2 (en) | Format-preserving cryptographic systems | |
| CN111262835B (en) | Desensitization storage method and device for sensitive data | |
| CN112507365B (en) | Data matching method, terminal and storage medium | |
| CN114840867B (en) | Data query method, device and system based on exchangeable encrypted data confusion | |
| CN114036565A (en) | Private information retrieval system and private information retrieval method | |
| CN114840866B (en) | Data query method, device and system based on blind signature data confusion | |
| CN110704853A (en) | Desensitization method and system for sensitive data based on desensitization strategy | |
| CN115544579B (en) | Double-random data confusion query method, device and system | |
| CN113672949A (en) | Data transmission method and system for protecting advertisement multiparty privacy | |
| CN113434555B (en) | Data query method and device based on searchable encryption technology | |
| CN111914279A (en) | Efficient and accurate privacy intersection system, method and device | |
| CN114662135A (en) | Data access method, computer device and readable storage medium | |
| CN104243153A (en) | Method for spotting equipment user, and user equipment | |
| US8161295B2 (en) | Storing of data in a device | |
| CN116257887B (en) | Data query method, device, system, equipment and storage medium | |
| CN115422579A (en) | Data encryption storage and query method and system after storage | |
| Mao et al. | Development of authentication protocols: Some misconceptions and a new approach | |
| CN113946862A (en) | Data processing method, device and equipment and readable storage medium | |
| CN110365468A (en) | Anonymization processing method, device, equipment and storage medium | |
| CN114462088A (en) | Method and device for de-identifying shared data | |
| CN112836239A (en) | Method and device for cooperatively determining target object data by two parties for protecting privacy | |
| CN115630400B (en) | Query method, device, equipment and storage medium for de-identified data | |
| CN114978658B (en) | Data processing method and device | |
| CN113312650B (en) | Transaction log privacy protection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |