CN116628720A - Data management method, data storage system and computing device - Google Patents
Data management method, data storage system and computing device Download PDFInfo
- Publication number
- CN116628720A CN116628720A CN202310638234.8A CN202310638234A CN116628720A CN 116628720 A CN116628720 A CN 116628720A CN 202310638234 A CN202310638234 A CN 202310638234A CN 116628720 A CN116628720 A CN 116628720A
- Authority
- CN
- China
- Prior art keywords
- target
- data table
- field value
- data storage
- storage system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013500 data storage Methods 0.000 title claims abstract description 111
- 238000000034 method Methods 0.000 title claims abstract description 71
- 238000013523 data management Methods 0.000 title claims abstract description 17
- 238000012545 processing Methods 0.000 claims abstract description 36
- 230000004048 modification Effects 0.000 claims description 13
- 238000012986 modification Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 11
- 238000010276 construction Methods 0.000 claims description 4
- 101150083341 LOG2 gene Proteins 0.000 claims description 2
- 238000006243 chemical reaction Methods 0.000 claims description 2
- 239000004973 liquid crystal related substance Substances 0.000 claims 2
- 230000006870 function Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 9
- 230000006872 improvement Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 108010001267 Protein Subunits Proteins 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000007795 chemical reaction product Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 229920001296 polysiloxane Polymers 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 239000010979 ruby Substances 0.000 description 1
- 229910001750 ruby Inorganic materials 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2282—Tablespace storage structures; Management thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Bioethics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Automation & Control Theory (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
A data management method, a data storage system and a computing device are provided, wherein a target data table and an auxiliary public key of an identical-state encryption algorithm corresponding to the target data table are stored in the data storage system, and a field value under a target field in the target data table comprises a field value ciphertext obtained by processing plaintext data based on the identical-state encryption algorithm. The data storage system may receive a target query request from a computing device, wherein the instruction performs an arithmetic operation on field values below a target field; then, whether the operation needs to use the auxiliary public key or not can be determined, if so, the operation is performed on the field value under the target field according to the homomorphic encryption algorithm and the auxiliary public key, a first query result is obtained according to the execution result of the operation, and the first query result is sent to the computing device.
Description
Technical Field
The embodiment of the specification belongs to the technical field of computers, and particularly relates to a data management method, a data storage system and computing equipment.
Background
In the data table stored in the data storage system, the privacy data under certain specific columns/fields can be stored and operated in the form of ciphertext according to the privacy protection requirement. Therefore, security risks caused by the fact that an attacker obtains the private data in a mode of illegally stealing the storage medium, illegally copying the data file, illegally stealing the manager authority of the data storage system and the like can be avoided.
Disclosure of Invention
The invention aims to provide a data management method, a data storage system and a computing device.
In a first aspect, a data management method is provided, where the method is executed by a data storage system, where a target data table and an auxiliary public key of an identical encryption algorithm corresponding to the target data table are stored in the data storage system, and a field value under a target field in the target data table includes a field value ciphertext obtained by processing plaintext data based on the identical encryption algorithm; the method comprises the following steps: receiving a target query request from a computing device, wherein an instruction is made to perform an arithmetic operation on a field value under the target field; determining whether the operation needs to use the auxiliary public key, if so, executing the operation on the field value under the target field according to the isomorphic encryption algorithm and the auxiliary public key, and obtaining a first query result according to the execution result of the operation; and sending the first query result to the computing device.
In a second aspect, a data management method is provided, a target data table and an auxiliary public key of an isomorphic encryption algorithm corresponding to the target data table are stored in a data storage system involved in the method, and a field value under a target field in the target data table comprises a field value ciphertext obtained by processing plaintext data based on the isomorphic encryption algorithm; the method comprises the following steps: sending a target query request to the data storage system, wherein an instruction is used for executing operation on a field value under the target field, so that the data storage system executes the operation on the field value under the target field according to the fully homomorphic encryption algorithm and the auxiliary public key under the condition that the operation is determined to use the auxiliary public key, and a first query result is obtained based on an execution result of the operation; the first query result is received from the data storage system.
In a third aspect, a data storage system is provided, where a target data table and an auxiliary public key of an identical encryption algorithm corresponding to the target data table are stored in the data storage system, and a field value under a target field in the target data table includes a field value ciphertext obtained by processing plaintext data based on the identical encryption algorithm; the data storage system includes: a request receiving unit configured to receive a target query request from a computing device, wherein an instruction is made to perform an arithmetic operation on a field value under the target field; a request processing unit configured to determine whether the operation requires the use of the auxiliary public key, if so, execute the operation on a field value under the target field according to the isomorphic encryption algorithm and the auxiliary public key, and obtain a first query result according to an execution result of the operation; and a result return unit configured to send the first query result to the computing device.
In a fourth aspect, a computing device is provided, where a data storage system connected with the computing device stores a target data table and an auxiliary public key of an isomorphic encryption algorithm corresponding to the target data table, and a field value under a target field in the target data table includes a field value ciphertext obtained by processing plaintext data based on the isomorphic encryption algorithm; the computing device includes: a request transmitting unit configured to transmit a target query request to the data storage system, wherein an instruction is given to perform an operation on a field value under the target field, so that the data storage system performs the operation on the field value under the target field according to the fully homomorphic encryption algorithm and the auxiliary public key, and obtains a first query result based on an execution result of the operation, in a case where it is determined that the operation requires the use of the auxiliary public key; and a result receiving unit configured to receive the first query result from the data storage system.
In a fifth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computing device, performs the method as described in the first or second aspect.
In the technical solution provided in the embodiments of the present disclosure, a target data table including a target field is stored in a data storage system, and in a case where a field value under the target field includes a field value ciphertext obtained by processing plaintext data based on an isohomomorphic encryption algorithm corresponding to the target data table, an auxiliary public key of the isohomomorphic encryption algorithm corresponding to the target data table is stored in the data storage system; when the data storage system receives a target query request from the computing device indicating that an operation is performed on a field value under a target field, the data storage system may perform the operation on the field value under the target field according to the full homomorphic encryption algorithm and the auxiliary public key, obtain a first query result according to an execution result of the operation, and send the first query result to the computing device, if it is determined that the operation requires the use of the auxiliary public key. Therefore, the data storage system can support the data storage system to execute more operation operations on the field values under the corresponding target fields by storing the target data table and the auxiliary public key of the isomorphic encryption algorithm corresponding to the target data table in an associated mode, and the requirement of multiple and complex data query of the computing equipment is met.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that are needed in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a technical scenario of a technical solution provided in an embodiment of the present disclosure;
FIG. 2 is one of the flowcharts of a data management method provided in the embodiments of the present disclosure;
FIG. 3 is a second flowchart of a data management method according to an embodiment of the present disclosure;
FIG. 4 is a third flowchart of a data management method according to the embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a data management device according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a computing device provided in an embodiment of the present disclosure.
Detailed Description
In order to make the technical solution in the present specification better understood by those skilled in the art, the technical solution in the embodiments of the present specification will be clearly and completely described in the following with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are intended to be within the scope of the present disclosure.
In the data table stored in the data storage system, the privacy data under certain specific columns/fields can be stored and operated in the form of ciphertext according to the privacy protection requirement. In some technical scenarios, referring to FIG. 1, a computing device expects to store data X1 via a target data table in a data storage system, which includes a field value y corresponding to under a target field; the computing device, or other computing node that allows access to the data storage system, may encrypt the field value y according to the full homomorphic encryption algorithm corresponding to the target field to obtain a ciphertext of the field value y, and further store data X2 corresponding to the data X1 to the data storage system, where the field value corresponding to the target field in the data X2 includes the ciphertext of the field value y. The foregoing data storage system may be, for example, a database supporting structured query language (structured query language, SQL) or other form of storage system, and in the present embodiment, the description is mainly given by taking the data storage system as an example of a database supporting SQL.
Embodiments of the present disclosure provide at least a data management method, a data storage system, and a computing device. A target data table comprising a target field is stored in the data storage system, and under the condition that a field value under the target field comprises a field value ciphertext obtained by processing plaintext data based on an homomorphic encryption algorithm corresponding to the target data table, an auxiliary public key of the homomorphic encryption algorithm corresponding to the target data table is stored in the data storage system; when the data storage system receives a target query request from the computing device indicating that an operation is performed on a field value under a target field, the data storage system may perform the operation on the field value under the target field according to the full homomorphic encryption algorithm and the auxiliary public key, obtain a first query result according to an execution result of the operation, and send the first query result to the computing device, if it is determined that the operation requires the use of the auxiliary public key. Therefore, the data storage system can support the data storage system to execute more operation operations on the field values under the corresponding target fields by storing the target data table and the auxiliary public key of the isomorphic encryption algorithm corresponding to the target data table in an associated mode, and the requirement of multiple and complex data query of the computing equipment is met.
Fig. 2 is a flowchart of a data management method according to an embodiment of the present disclosure. The method illustratively describes a process of creating and storing a target data table in a data storage system, and storing an auxiliary public key of an homomorphic encryption algorithm corresponding to the target data table. Referring to fig. 2, the method may include, but is not limited to, the following steps S201 to S209.
In step S201, the computing device sends a table building request to the data storage system, wherein table building information of the target data table is indicated.
The table-building information of the target data table may indicate the identification (i.e. table name) of the target data table and the identifications of a plurality of fields included in the target data table, and may also indicate at least one encryption algorithm corresponding to each of the plurality of fields. The at least one encryption algorithm corresponding to a single field in the target data table may include, but is not limited to, one or more of the following: deterministic encryption algorithm DET, order-preserving encryption algorithm (OPE) and homomorphic encryption algorithm (fully homomorphic encryption, FHE). One or more target fields may be included in the several fields, where at least one encryption algorithm corresponding to the target fields includes an homomorphic encryption algorithm, and the homomorphic encryption algorithm may be, for example, a CKKS algorithm or a BFV algorithm. Wherein different target fields may correspond to the same or different isomorphic encryption algorithms.
For example, the table-building information may indicate: the destination data table is identified as a destination data table comprising a plurality of fields identified as a name and a score, the encryption algorithm corresponding to the field name comprising a deterministic encryption algorithm DET and the encryption algorithm corresponding to the field score comprising an homomorphic encryption algorithm, such as CKKS algorithm or BFV algorithm.
In step S203, the data storage system creates a target data table according to the table creation information, and stores the target data table and the table creation information.
In step S205, the computing device obtains an encryption key, a decryption key, and an auxiliary public key of the homomorphic encryption algorithm corresponding to the target data table. The encryption key and decryption key of the homomorphic encryption algorithm corresponding to the target data table may be stored permanently in the computing device, or may be stored to a key management service (key management service, KMS). It will be appreciated that when a plurality of destination fields are included in the destination data table and different destination fields correspond to different isomorphic encryption algorithms, the computing device may obtain the encryption key, decryption key, and auxiliary public key of each of the plurality of different isomorphic encryption algorithms.
In step S207, the computing device sends a request for modifying the table creation information to the data storage system, including the identification of the target data table and the auxiliary public key of the homomorphic encryption algorithm corresponding to the target data table.
For example, the reserved field SECOND PUBLIC KEY may be used to store the auxiliary public key of the full homomorphic encryption algorithm corresponding to the target data table in the table establishment information of the target data table. The computing device may, for example, send an example SQL statement "ALTER TABLE Student SECOND PUBLIC KEY '$ { P }', to the data storage system, where P in the SQL statement characterizes the auxiliary public key of the homomorphic encryption algorithm corresponding to the target data table. It will be appreciated that when the target data table includes a plurality of target fields and different target fields correspond to different identical encryption algorithms, P represents a plurality of auxiliary public keys arranged in sequence, and any i-th auxiliary public key is an auxiliary public key of an identical encryption algorithm corresponding to the i-th target field.
In step S209, the data storage system sets an auxiliary public key in the table establishment information of the target data table according to the identification of the target data table. Setting the field value of reserved field SECOND PUBLIC KEY of the data table student to P may be accomplished, for example, by executing the SQL statement "ALTER TABLE student SECOND PUBLIC KEY '$ { P }', of the foregoing example, thereby accomplishing the persistent storage of the auxiliary public key of the homomorphic encryption algorithm corresponding to the target data table in the data storage system.
The schemes provided in the foregoing steps S201 to S209 are merely exemplary, and the storing of the target data table and the auxiliary public key of the homomorphic encryption algorithm corresponding thereto in the data storage system may be accomplished in other ways. For example, the computing device may obtain the auxiliary public key of the isomorphic encryption algorithm corresponding to the target data table in advance, where the computing device may include the auxiliary public key of the isomorphic encryption algorithm corresponding to the target data table in the table establishment information carried by the computing device when requesting the data storage system to create the target data table, so that the data storage system directly completes storing the auxiliary public key of the isomorphic encryption algorithm corresponding to the target data table in the data storage system when storing the target data table and the table establishment information thereof.
After creating the target data table in the data storage system is completed, the computing device may store data using the target data table.
FIG. 3 is a second flowchart of a data management method according to an embodiment of the present disclosure. The method illustratively describes a process by which a computing device stores data using a target data table in a data storage system. Referring to fig. 3, the method may include, but is not limited to, some or all of the following steps S301 to S307.
In step S301, the computing device obtains first metadata of the target data table, where the first metadata is used to indicate at least one encryption algorithm corresponding to each of a plurality of fields in the target data table. Wherein, referring to the foregoing, one or more target fields may be included in the plurality of fields, and at least one encryption algorithm corresponding to the target fields includes an homomorphic encryption algorithm.
The computing device may query the first metadata of the target data table from the table building information of the target data table stored by the data storage system; alternatively, the computing device may persist the table build information for the target data table, and the computing device may query the first metadata of the target data table from its own persisted table build information for the target data table.
Step S303, the computing equipment acquires second data corresponding to the first data expected to be stored according to the first metadata; the second data comprises a field value corresponding to the ith first field, and the computing equipment encrypts the field value corresponding to the ith first field in the first data to obtain a field value ciphertext according to at least one encryption algorithm corresponding to the ith field.
For example, the first data desired to be stored by the data table student is shown in table 1 below.
| name | score |
| mike | g1 |
| john | g2 |
| simon | g3 |
TABLE 1
The encryption algorithm corresponding to the field name comprises a deterministic encryption algorithm DET, and the encryption algorithm corresponding to the field score comprises a deterministic encryption algorithm DET, a sequence-preserving encryption algorithm OPE and an homomorphic encryption algorithm FHE. Then, for the field values mike, john, and simon under the field name, they may be sequentially encrypted according to the encryption key of the deterministic encryption algorithm DET to obtain the field value ciphertexts F1, F2, and F3; for the field values G1, G2 and G3 under the field score, they may be first sequentially encrypted according to the encryption key of the deterministic encryption algorithm DET to obtain the field value ciphertexts G11, G21 and G31, then sequentially encrypted according to the encryption key of the order preserving encryption algorithm OPE to obtain the field value ciphertexts G12, G22 and G32, and then sequentially encrypted according to the encryption key of the homomorphic encryption algorithm to obtain the field value ciphertexts G13, G23 and G33. Thus, the computing device may obtain the second data as shown in table 2 below.
TABLE 2
Referring to table 2, a field value G1 under the field score includes field value ciphertexts G11, G12 and G13, a field value G2 includes field value ciphertexts G21, G22 and G23, and a field value G3 includes field value ciphertexts G31, G32 and G33.
In step S305, the computing device sends a data storage request to the data storage system for requesting to store second data corresponding to the first data in the target data table.
The data storage request includes second data. The data storage request may be an SQL statement or a file format that allows resolution by the data storage system, such as a csv file that allows resolution by the data storage system.
In step S307, the data storage system stores the second data in the target data table according to the data storage request.
The computing device may query the data stored in the data storage system via the target data table on demand.
Fig. 4 is a third flowchart of a data management method according to an embodiment of the present disclosure. The method illustratively describes a process by which a computing device queries data stored in a data storage system via a target data table. Referring to fig. 4, the method may include, but is not limited to, some or all of the following steps S401 to S411.
In step S401, the computing device sends a target query request to the data storage system, wherein the instruction performs an arithmetic operation on a field value under a target field in the target data table. As described above, the field value under the target field in the target data table includes the field value ciphertext obtained by processing the plaintext data using the homomorphic encryption algorithm.
The computing device may initiate a target query request as needed that involves an operation on field values under a target field in a target data table. The foregoing arithmetic operations may include EXP, POW, LOG, LOG, LOG10, SQRT, ABS, SUBSTR, CONCAT, LOWER, or uper, for example. The following will mainly describe an example of performing an operation SQRT on a field value under a field score in a data table Student by using a target query request, i.e. the target query request may include, for example, an exemplary SQL statement select SQRT (score) from Student.
In step S403, the data storage system determines whether the operation requires the use of an auxiliary public key.
When the isomorphic encryption algorithm corresponding to the target data table comprises a CKKS algorithm, the CKKS-supported arithmetic operations include, but are not limited to, one or more of the following: addition, subtraction, multiplication, SUM, AVG, EXP, POW, LOG, LOG, LOG10, SQRT, ABS; the arithmetic operations in which the auxiliary public key is required include one or more of the following: EXP, POW, LOG, LOG2, LOG10, SQRT, ABS. When the isomorphic encryption algorithm corresponding to the target data table comprises a BFV algorithm, the BFV supports and requires operation using the auxiliary public key comprising one or more of the following various operation: SUBSTR, CONCAT, LOWER, UPPER.
The data storage system can obtain the operation which is indicated in the target query request and is executed on the field value under the target field by analyzing the target query request, then judges whether the operation is the operation supported by the isohomomorphic encryption algorithm corresponding to the target field, and determines whether the operation needs to use the auxiliary public key of the isohomomorphic encryption algorithm corresponding to the target field. Taking the example that the target query request is the SQL statement selection SQRT (score) from Student of the previous example, assuming that the isotactic encryption algorithm corresponding to the target field score in the data table Student is CKS, analyzing the SQL statement to obtain the operation SQRT of the field value under the target field score, then determining that the operation SQRT is the operation supported by the isotactic encryption algorithm CKS corresponding to the target field score, and determining that the operation SQRT needs to use the auxiliary public key of the isotactic encryption algorithm CKS corresponding to the target field score; correspondingly, it can be determined that the field value ciphertext supporting the operation SQRT is the field value ciphertext obtained by processing the plaintext data by adopting the homomorphic encryption algorithm CKS. After determining that the operation requires the auxiliary public key, the data storage system may read the data table Student into the memory, and read the auxiliary public key of the isomorphic encryption algorithm from the table establishment information of the data table Student into the memory, so as to execute each subsequent step related to the target query request by using the data table Student and the auxiliary public key of the isomorphic encryption algorithm corresponding to the data table Student.
When the data storage system determines that the auxiliary public key of the homomorphic encryption algorithm needs to be used for the operation to be performed on the field value under the target field, the data storage system may then execute step S405, and execute the operation on the field value under the target field according to the homomorphic encryption algorithm corresponding to the target data table and the auxiliary public key thereof, to obtain the execution result.
Continuing to assume that the target data table is a data table student, wherein the stored data is as shown in the foregoing table 2; among the field values G1, G2, and G3 under the target field score, the field value ciphertext G13 is obtained by processing the plaintext data G1 by using the homomorphic encryption algorithm CKKS, the field value ciphertext G23 is obtained by processing the plaintext data G2 by using the homomorphic encryption algorithm CKKS, and the field value ciphertext G33 is obtained by processing the plaintext data G3 by using the homomorphic encryption algorithm CKKS. Then, the data storage system may specifically execute the operation SQRT on the field value ciphertexts G13, G23 and G33 under the target field score according to the homomorphic encryption algorithm CKKS and the auxiliary public key thereof, where the execution result includes the ciphertexts operation results Eg1, eg2 and Eg3 corresponding to the field value ciphertexts G13, G23 and G33 respectively. For how to use the isomorphic encryption algorithm and its auxiliary public key to perform the operation on the field value ciphertext, reference may be made to the related art, and details thereof will not be repeated in the embodiments of the present disclosure.
Next, in step S407, the data storage system obtains a first query result according to the execution result of the operation.
The first query result may be an execution result of the operation, or the first query result is obtained by further processing the target data table according to the execution result. For example, the foregoing ciphertext operation results Eg1, eg2, and Eg3 may be used as field values corresponding to the target field score, and the first query result may include field values Eg1, eg2, and Eg3 corresponding to the target field score.
Next, in step S409, the data management system transmits the first query result to the computing device.
In the case that the first query result includes at least one field value corresponding to the target field, the computing device may further execute step S411 to obtain a second query result corresponding to the first query result, where the second query result includes a decryption result obtained by decrypting the at least one field value according to the homomorphic encryption algorithm. For example, in the case where the first query result includes field values Eg1, eg2, and Eg3 corresponding to the target field score, the decryption processing may be performed on Eg1, eg2, and Eg3 according to the decryption key of the isomorphic encryption algorithm CKKS, to obtain decryption results g11, g21, and g31, where the value of g11 is the result of performing the operation SQRT directly on g1, and the value of g21 is the result of performing the operation SQRT directly on g2, and where the value of g31 is the result of performing the operation SQRT directly on g3.
Based on the same concept as the foregoing method embodiment, the embodiment of the present disclosure further provides a data storage system 500, where a target data table and an auxiliary public key of an identical encryption algorithm corresponding to the target data table are stored in the data storage system 500, and a field value under a target field in the target data table includes a field value ciphertext obtained by processing plaintext data based on the identical encryption algorithm. Referring to fig. 5, the data storage system 500 includes: a request receiving unit 501 configured to receive a target query request from a computing device, wherein an instruction is made to perform an arithmetic operation on a field value under the target field; a request processing unit 503 configured to determine whether the operation requires the use of the auxiliary public key, and if so, execute the operation on a field value under the target field according to the isomorphic encryption algorithm and the auxiliary public key, and obtain a first query result according to an execution result of the operation; a result return unit 505 configured to send the first query result to the computing device.
In one possible implementation, the data storage system 500 stores table construction information of the target data table; wherein the request receiving unit 501 is further configured to receive a table establishment information modification request from the computing device, where the table establishment information modification request includes an identifier of the target data table and the auxiliary public key; the request processing unit 503 is further configured to set the auxiliary public key in the table establishment information of the target data table according to the identification of the target data table.
In a possible implementation manner, the request receiving unit 501 is further configured to receive a table establishment request from the computing device, where the table establishment request indicates table establishment information of the target data table; the request processing unit 503 is further configured to create the target data table according to the table creating information, and store the target data table and the table creating information.
In a possible implementation manner, the request receiving unit 501 is further configured to receive a data storage request from the computing device, where the request is used to store second data corresponding to first data in the target data table, where a field value corresponding to the target field in the second data includes a field value ciphertext obtained by encrypting, by the computing device, a field value corresponding to the target field in the first data according to the isomorphic encryption algorithm; the request processing unit 503 is further configured to store the second data in the target data table according to the data storage request.
Based on the same concept as the foregoing method embodiment, in an embodiment of the present disclosure, a computing device 600 is further provided, where a target data table and an auxiliary public key of an all-homomorphic encryption algorithm corresponding to the target data table are stored in a data storage system connected to the computing device, and a field value under a target field in the target data table includes a field value ciphertext obtained by processing plaintext data based on the all-homomorphic encryption algorithm. Referring to fig. 6, the computing device 600 includes: a request sending unit 601 configured to send a target query request to the data storage system, where an instruction is given to perform an operation on a field value under the target field, so that the data storage system performs the operation on the field value under the target field according to the fully homomorphic encryption algorithm and the auxiliary public key, and obtains a first query result based on an execution result of the operation, in a case where it is determined that the operation requires the use of the auxiliary public key; a result receiving unit 603 configured to receive the first query result from the data storage system.
In a possible implementation manner, the request sending unit 601 is further configured to send a table establishment information modification request to the computing device, where the table establishment information modification request includes the identifier of the target data table and the auxiliary public key, so that the data storage system sets the auxiliary public key in the table establishment information of the target data table according to the identifier of the target data table.
In a possible implementation manner, the execution result includes at least one field value corresponding to the target field, and the first query result includes the first execution result; wherein the computing device further comprises: the security conversion unit 605 is configured to obtain a second query result according to the first query result, where the second query result includes a decryption result obtained by decrypting the at least one field value according to the fully homomorphic encryption algorithm.
There is also provided in embodiments of the present specification a computer readable storage medium having stored thereon a computer program/instructions which, when executed in a computer, cause the computer to perform the method steps of the various embodiments described above that are performed by a computing device or a data storage system.
Embodiments of the present disclosure also provide a computing device including a memory and a processor, where the memory stores a computer program/instruction that, when executed, implements the method steps performed by the computing device or data storage system in the foregoing embodiments.
In the 90 s of the 20 th century, improvements to one technology could clearly be distinguished as improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) or software (improvements to the process flow). However, with the development of technology, many improvements of the current method flows can be regarded as direct improvements of hardware circuit structures. Designers almost always obtain corresponding hardware circuit structures by programming improved method flows into hardware circuits. Therefore, an improvement of a method flow cannot be said to be realized by a hardware entity module. For example, a programmable logic device (Programmable Logic Device, PLD) (e.g., field programmable gate array (Field Programmable Gate Array, FPGA)) is an integrated circuit whose logic function is determined by the programming of the device by a user. A designer programs to "integrate" a digital system onto a PLD without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Moreover, nowadays, instead of manually manufacturing integrated circuit chips, such programming is mostly implemented by using "logic compiler" software, which is similar to the software compiler used in program development and writing, and the original code before the compiling is also written in a specific programming language, which is called hardware description language (Hardware Description Language, HDL), but not just one of the hdds, but a plurality of kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), lava, lola, myHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog are currently most commonly used. It will also be apparent to those skilled in the art that a hardware circuit implementing the logic method flow can be readily obtained by merely slightly programming the method flow into an integrated circuit using several of the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in a pure computer readable program code, it is well possible to implement the same functionality by logically programming the method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Such a controller may thus be regarded as a kind of hardware component, and means for performing various functions included therein may also be regarded as structures within the hardware component. Or even means for achieving the various functions may be regarded as either software modules implementing the methods or structures within hardware components.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation device is a server system. Of course, the application does not exclude that as future computer technology advances, the computer implementing the functions of the above-described embodiments may be, for example, a personal computer, a laptop computer, a car-mounted human-computer interaction device, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
Although one or more embodiments of the present description provide method operational steps as described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one way of performing the order of steps and does not represent a unique order of execution. When implemented in an actual device or end product, the instructions may be executed sequentially or in parallel (e.g., in a parallel processor or multi-threaded processing environment, or even in a distributed data processing environment) as illustrated by the embodiments or by the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, it is not excluded that additional identical or equivalent elements may be present in a process, method, article, or apparatus that comprises a described element. For example, if first, second, etc. words are used to indicate a name, but not any particular order.
For convenience of description, the above devices are described as being functionally divided into various modules, respectively. Of course, when one or more of the present description is implemented, the functions of each module may be implemented in the same piece or pieces of software and/or hardware, or a module that implements the same function may be implemented by a plurality of sub-modules or a combination of sub-units, or the like. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage, graphene storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
One skilled in the relevant art will recognize that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Moreover, one or more embodiments of the present description can take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
One or more embodiments of the present specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the present description may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments. In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present specification. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the various embodiments or examples described in this specification and the features of the various embodiments or examples may be combined and combined by those skilled in the art without contradiction.
The foregoing is merely an example of one or more embodiments of the present specification and is not intended to limit the one or more embodiments of the present specification. Various modifications and alterations to one or more embodiments of this description will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, or the like, which is within the spirit and principles of the present specification, should be included in the scope of the claims.
Claims (17)
1. A data management method, the method is executed by a data storage system, a target data table and an auxiliary public key of an identical state encryption algorithm corresponding to the target data table are stored in the data storage system, and a field value under a target field in the target data table comprises a field value ciphertext obtained by processing plaintext data based on the identical state encryption algorithm; the method comprises the following steps:
receiving a target query request from a computing device, wherein an instruction is made to perform an arithmetic operation on a field value under the target field;
determining whether the operation needs to use the auxiliary public key, if so, executing the operation on the field value under the target field according to the isomorphic encryption algorithm and the auxiliary public key, and obtaining a first query result according to the execution result of the operation;
And sending the first query result to the computing device.
2. The method of claim 1, wherein the data storage system stores table construction information of the target data table;
wherein the method further comprises:
receiving a table build information modification request from the computing device, the table build information modification request including an identification of the target data table and the auxiliary public key;
and setting the auxiliary public key in the table construction information of the target data table according to the identification of the target data table.
3. The method of claim 2, the method further comprising:
receiving a table building request from the computing device, wherein table building information indicating the target data table in the table building request;
and creating the target data table according to the table creating information, and storing the target data table and the table creating information.
4. The method of claim 1, the execution result comprising at least one field value corresponding under the target field, the at least one field value included in the first query result.
5. The method of claim 1, the method further comprising:
receiving a data storage request from the computing device, wherein the data storage request is used for requesting to store second data corresponding to first data in the target data table, the field value corresponding to the target field in the second data comprises a field value ciphertext obtained by encrypting the field value corresponding to the target field in the first data according to the full homomorphic encryption algorithm;
And storing the second data in the target data table according to the data storage request.
6. The method of claims 1-5, the isomorphic encryption algorithm comprising a CKKS algorithm, the operations requiring use of the auxiliary public key comprising one or more of the following: EXP, POW, LOG, LOG2, LOG10, SQRT, ABS; alternatively, the isomorphic encryption algorithm comprises a BFV algorithm, and the operation requiring use of the auxiliary public key comprises one or more of the following: SUBSTR, CONCAT, LOWER, UPPER.
7. The method comprises the steps that a target data table and an auxiliary public key of an identical encryption algorithm corresponding to the target data table are stored in a data storage system, and field values under target fields in the target data table comprise field value ciphertext obtained by processing plaintext data based on the identical encryption algorithm; the method comprises the following steps:
sending a target query request to the data storage system, wherein an instruction is used for executing operation on a field value under the target field, so that the data storage system executes the operation on the field value under the target field according to the fully homomorphic encryption algorithm and the auxiliary public key under the condition that the operation is determined to use the auxiliary public key, and a first query result is obtained based on an execution result of the operation;
The first query result is received from the data storage system.
8. The method of claim 7, the method further comprising: and sending a table establishment information modification request to the computing equipment, wherein the table establishment information modification request comprises the identification of the target data table and the auxiliary public key, so that the data storage system sets the auxiliary public key in the table establishment information of the target data table according to the identification of the target data table.
9. The method of claim 7 or 8, the execution result comprising at least one field value corresponding under the target field, the first query result comprising the first execution result; wherein the method further comprises: and obtaining a second query result according to the first query result, wherein the second query result comprises a decryption result obtained by decrypting the at least one field value according to the homomorphic encryption algorithm.
10. A data storage system in which a target data table and an auxiliary public key of an identical encryption algorithm corresponding to the target data table are stored, wherein a field value under a target field in the target data table includes a field value ciphertext obtained by processing plaintext data based on the identical encryption algorithm, the data storage system comprising:
A request receiving unit configured to receive a target query request from a computing device, wherein an instruction is made to perform an arithmetic operation on a field value under the target field;
a request processing unit configured to determine whether the operation requires the use of the auxiliary public key, if so, execute the operation on a field value under the target field according to the isomorphic encryption algorithm and the auxiliary public key, and obtain a first query result according to an execution result of the operation;
and a result return unit configured to send the first query result to the computing device.
11. The data storage system of claim 10, wherein the data storage system stores table construction information of the target data table; wherein, the liquid crystal display device comprises a liquid crystal display device,
the request receiving unit is further configured to receive a table establishment information modification request from the computing device, where the table establishment information modification request includes an identifier of the target data table and the auxiliary public key;
the request processing unit is further configured to set the auxiliary public key in the table establishment information of the target data table according to the identification of the target data table.
12. The data storage system of claim 11, wherein:
The request receiving unit is further configured to receive a table building request from the computing device, wherein table building information indicating the target data table in the table building request;
the request processing unit is further configured to create the target data table according to the table creating information, and store the target data table and the table creating information.
13. The data storage system of claim 10, wherein:
the request receiving unit is further configured to receive a data storage request from the computing device, and the data storage request is used for requesting to store second data corresponding to first data in the target data table, wherein a field value corresponding to the target field in the second data comprises a field value ciphertext obtained by encrypting a field value corresponding to the target field in the first data according to the full homomorphic encryption algorithm;
the request processing unit is further configured to store the second data in the target data table according to the data storage request.
14. A computing device, where a data storage system to which the computing device is connected stores a target data table and an auxiliary public key of an homomorphic encryption algorithm corresponding to the target data table, a field value under a target field in the target data table includes a field value ciphertext obtained by processing plaintext data based on the homomorphic encryption algorithm, the computing device comprising:
A request transmitting unit configured to transmit a target query request to the data storage system, wherein an instruction is given to perform an operation on a field value under the target field, so that the data storage system performs the operation on the field value under the target field according to the fully homomorphic encryption algorithm and the auxiliary public key, and obtains a first query result based on an execution result of the operation, in a case where it is determined that the operation requires the use of the auxiliary public key;
and a result receiving unit configured to receive the first query result from the data storage system.
15. The computing device of claim 14, the request sending unit further configured to send a table build information modification request to the computing device including the identification of the target data table and the auxiliary public key, such that the data storage system sets the auxiliary public key in the table build information of the target data table according to the identification of the target data table.
16. The computing device of claim 14 or 15, the execution result comprising at least one field value corresponding under the target field, the first query result comprising the first execution result therein; wherein the computing device further comprises: and the security conversion unit is configured to acquire a second query result according to the first query result, wherein the second query result comprises a decryption result obtained by decrypting the at least one field value according to the homomorphic encryption algorithm.
17. A computer readable storage medium having stored thereon a computer program which, when executed in a computing device, performs the method of any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310638234.8A CN116628720A (en) | 2023-05-31 | 2023-05-31 | Data management method, data storage system and computing device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310638234.8A CN116628720A (en) | 2023-05-31 | 2023-05-31 | Data management method, data storage system and computing device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116628720A true CN116628720A (en) | 2023-08-22 |
Family
ID=87591763
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310638234.8A Pending CN116628720A (en) | 2023-05-31 | 2023-05-31 | Data management method, data storage system and computing device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116628720A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102402664A (en) * | 2011-12-28 | 2012-04-04 | 用友软件股份有限公司 | Data access control device and data access control method |
| CN110866274A (en) * | 2019-11-12 | 2020-03-06 | 支付宝(杭州)信息技术有限公司 | Data fusion method, data fusion platform, data fusion system and data processing platform |
| CN114490728A (en) * | 2022-01-20 | 2022-05-13 | 深圳市电子商务安全证书管理有限公司 | Data query method, device, system, equipment and medium |
| US20220374540A1 (en) * | 2021-05-20 | 2022-11-24 | Salesforce.Com, Inc. | Field level encryption searchable database system |
| CN115422579A (en) * | 2022-08-23 | 2022-12-02 | 山东浪潮智慧医疗科技有限公司 | Data encryption storage and query method and system after storage |
| CN115712910A (en) * | 2022-11-17 | 2023-02-24 | 杭州安恒信息技术股份有限公司 | Method and system for protecting operation privacy of database SQL (structured query language) character string |
-
2023
- 2023-05-31 CN CN202310638234.8A patent/CN116628720A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102402664A (en) * | 2011-12-28 | 2012-04-04 | 用友软件股份有限公司 | Data access control device and data access control method |
| CN110866274A (en) * | 2019-11-12 | 2020-03-06 | 支付宝(杭州)信息技术有限公司 | Data fusion method, data fusion platform, data fusion system and data processing platform |
| US20220374540A1 (en) * | 2021-05-20 | 2022-11-24 | Salesforce.Com, Inc. | Field level encryption searchable database system |
| CN114490728A (en) * | 2022-01-20 | 2022-05-13 | 深圳市电子商务安全证书管理有限公司 | Data query method, device, system, equipment and medium |
| CN115422579A (en) * | 2022-08-23 | 2022-12-02 | 山东浪潮智慧医疗科技有限公司 | Data encryption storage and query method and system after storage |
| CN115712910A (en) * | 2022-11-17 | 2023-02-24 | 杭州安恒信息技术股份有限公司 | Method and system for protecting operation privacy of database SQL (structured query language) character string |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021103708A1 (en) | Data query method, apparatus, device and system based on privacy information protection | |
| EP3937525A1 (en) | Methods, apparatuses, devices and systems for backtracking service behavior | |
| CN112581131B (en) | Asset transfer method, device, equipment and system | |
| EP3962021A1 (en) | Service processing methods, apparatuses, devices and systems | |
| CN109347629B (en) | Secret key transmission method and system based on shared security application, storage medium and equipment | |
| US8769302B2 (en) | Encrypting data and characterization data that describes valid contents of a column | |
| WO2024001038A1 (en) | Method for detecting private data leak | |
| US11601258B2 (en) | Selector derived encryption systems and methods | |
| TW202008763A (en) | Data processing method and apparatus, and client | |
| WO2024001028A1 (en) | Method and apparatus for maintaining blockchain data, and electronic device and storage medium | |
| CN114297692A (en) | Private data processing method based on data processing system | |
| CN115292359A (en) | Data query method, device, storage medium, server and query end | |
| CN113709696B (en) | Vehicle remote control method and device, and key initialization method and device | |
| CN112788151B (en) | Method, device and system for data synchronization | |
| CN116107520B (en) | S3 object storage protocol encrypted data storage method and system | |
| CN116628720A (en) | Data management method, data storage system and computing device | |
| CN116010992A (en) | Data processing method and device, readable storage medium and electronic equipment | |
| CN115834018A (en) | Multi-party data processing method, system and equipment for protecting privacy | |
| CN115276952A (en) | Private data processing method and device | |
| CN116738456A (en) | Data management method and device | |
| CN114896635A (en) | Data processing method and device, electronic equipment and storage medium | |
| WO2024087312A1 (en) | Database access method, computing device and server | |
| WO2024087313A1 (en) | Database access method and apparatus | |
| CN117955680A (en) | Data processing method and related device | |
| CN117041980B (en) | Network element management method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |