CN117390675A - Data query method, electronic device, and readable storage medium - Google Patents

Data query method, electronic device, and readable storage medium Download PDF

Info

Publication number
CN117390675A
CN117390675A CN202311332898.8A CN202311332898A CN117390675A CN 117390675 A CN117390675 A CN 117390675A CN 202311332898 A CN202311332898 A CN 202311332898A CN 117390675 A CN117390675 A CN 117390675A
Authority
CN
China
Prior art keywords
data
key
party
ciphertext
intersection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311332898.8A
Other languages
Chinese (zh)
Inventor
贾晓芸
孙林
周川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Unicom Digital Technology Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Unicom Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd, Unicom Digital Technology Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202311332898.8A priority Critical patent/CN117390675A/en
Publication of CN117390675A publication Critical patent/CN117390675A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • G06F16/90335Query processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • G06F16/9038Presentation of query results
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a data query method, electronic equipment and a readable storage medium, which can be used in the field of data processing. The method is applied to a trusted third party and comprises the following steps: based on a privacy set intersection solving algorithm, acquiring a privacy intersection of a query keyword in a data query party and a data keyword set in a data provider, and transmitting an intersection position of the privacy intersection in the data keyword set to the data query party; transmitting the first public key set received from the data provider to the data inquirer; sending the key ciphertext received from the data querying party to the data provider; receiving a data information ciphertext set sent by a data provider; sending the data information ciphertext set to a data inquiring party; the data information ciphertext set is used for decrypting the data information ciphertext located at the intersection position by the data inquiring party to obtain an inquiring result. The method ensures the data anonymity of both the data inquiring party and the data providing party, and improves the privacy security of the data inquiry.

Description

Data query method, electronic device, and readable storage medium
Technical Field
The present disclosure relates to the field of data processing, and in particular, to a data query method, an electronic device, and a readable storage medium.
Background
Because of entering the big data age, various industries currently need a large amount of data to perform data mining for wind control, marketing and other aspects. As a data consumer, the data consumer must know the specific query record of the data consumer when querying the data consumer without privacy protection. Particularly, in some data query services related to sensitive information, such as query services of financial institutions for private information such as personal credit information and personal fund information, when the data query institutions perform data query to the data providing institutions, if the data query institutions are not subjected to privacy protection, the data providing institutions can necessarily know specific query records of the data query institutions, so that data query users of the data query institutions have risk of revealing the private information.
In order to ensure that the query is completed on the premise that query information is not perceived and leaked when the data query is submitted to a data provider, a data hiding query technology is presented. The hidden inquiry is also called privacy information retrieval (Private Information Retrieval, PIR) and is used for protecting the inquiry privacy of a user, namely, when the data inquiry is submitted to a data provider, the data inquiry is completed under the condition that the inquiry information of the data inquirer is not leaked.
However, in the existing data trace query technology, although the information of the data query party can be protected from being acquired by the data provider, the data query party can acquire the information of the data provider, namely, the anonymity of both the data query party and the data provider can not be ensured in one-way in the existing data trace query technology.
Disclosure of Invention
The application provides a data query method, electronic equipment and a readable storage medium, which are used for solving the problem that the anonymity of data of both a data query party and a data provider cannot be ensured in the data query process.
According to a first aspect of the disclosure, a data query method is provided, which is applied to a trusted third party, and includes:
based on a privacy set intersection solving algorithm, acquiring a privacy intersection of a query keyword in a data query party and a data keyword set in a data provider, and sending an intersection position of the privacy intersection in the data keyword set to the data query party;
transmitting a first set of public keys received from the data provider to the data querying party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set;
Sending the key ciphertext received from the data querying party to the data provider; the key ciphertext is obtained by encrypting a symmetric key by the data inquiring party by utilizing an encryption public key, wherein the encryption public key is a first public key positioned at the intersection position in the first public key set;
receiving a data information ciphertext set sent by the data provider; the data information ciphertext set comprises a plurality of data information ciphertexts, wherein the data information ciphertexts are obtained by encrypting data information associated with the data key by using an encryption key by the data provider, and the encryption key is obtained by decrypting the key ciphertext by using a first private key in a first key pair corresponding to the data key;
sending the data information ciphertext set to the data inquiring party; the data information ciphertext set is used for decrypting the data information ciphertext located at the intersection position in the data information ciphertext set by the data inquiring party by utilizing the symmetric key, so as to obtain an inquiring result.
In a possible implementation manner, the acquiring, based on the privacy set intersection algorithm, the privacy intersection of the query keyword in the data query party and the data keyword set in the data provider includes:
Receiving a first ciphertext and a first random number sent by the data inquiring party; the first ciphertext is obtained by carrying out multiplication semi-homomorphic encryption on the query keyword by using the first random number;
receiving a second ciphertext set and a second random number sent by the data provider; the second ciphertext set is obtained by multiplying the data keywords in the data keyword set by the second random number in a semi-homomorphic manner;
performing multiplication semi-homomorphic encryption on the first ciphertext by using the second random number to obtain a third ciphertext;
performing multiplication semi-homomorphic encryption on a second ciphertext in the second ciphertext set by using the first random number to obtain a fourth ciphertext set;
and carrying out intersection on the third ciphertext and the fourth ciphertext set to obtain the privacy intersection.
In a possible embodiment, the method further comprises:
uploading the first ciphertext, the first random number, the second ciphertext set, and the second random number to a blockchain memory certificate.
In a possible embodiment, the method further comprises:
before crossing the third ciphertext and the fourth ciphertext set, disturbing the sequence of the fourth ciphertext in the fourth ciphertext set;
Prior to sending a first set of public keys received from the data provider to the data querying party, scrambling the order of the first public keys in the first set of public keys;
before the data information ciphertext set is sent to the data inquiring party, the sequence of the data information ciphertext in the data information ciphertext set is disturbed;
the data keyword set, the first public key set and the data information ciphertext set are the same in disorder order.
In a possible embodiment, the method further comprises:
transmitting pre-stored encryption algorithm information to a data sender; the data sender comprises a data inquiry party or a data provider, and the encryption algorithm information comprises a plurality of encryption algorithms selected by the data sender;
receiving a first selection result returned by the data sender; wherein the first selection result corresponds to one encryption algorithm in the encryption algorithm information;
generating a second key pair according to the first selection result, and transmitting a second public key of the second key pair to the data transmitter; the second public key is used for encrypting data sent to the trusted third party by the data sender, and the second private key in the second key pair is used for decrypting data received to the data sender by the trusted third party.
In a possible embodiment, the method further comprises:
the pre-stored encryption algorithm information is sent to a data receiver; wherein the data receiver comprises a data inquiry party or a data provider, and the encryption algorithm information comprises a plurality of encryption algorithms selected by the data receiver;
receiving a second selection result returned by the data receiver; wherein the second selection result corresponds to one encryption algorithm in the encryption algorithm information;
generating a third key pair according to the second selection result, and sending a third private key of the key pair to the data receiver; the third private key is used for decrypting the data received by the data receiver to the trusted third party, and the third public key in the third key pair is used for encrypting the data sent to the data receiver by the trusted third party.
In a possible embodiment, the method further comprises:
and uploading the first public key set and the data information ciphertext set to a blockchain certificate.
According to a second aspect of the disclosure, a data query method is provided, applied to a data query party, including:
Receiving an intersection position sent by a trusted third party; the intersection position is a position of a privacy intersection in a data keyword set, and the privacy intersection is obtained by the trusted third party performing privacy set intersection on a query keyword in a data query party and a data keyword set in a data provider based on a privacy set intersection algorithm;
receiving a first public key set sent by the trusted third party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set;
encrypting the symmetric key by utilizing the encryption public key to obtain a key ciphertext; wherein the encrypted public key is a first public key of the first public key set that is located at the intersection location;
the key ciphertext is sent to the trusted third party, so that the trusted third party can send the key ciphertext to the data provider;
receiving a data information ciphertext set sent by the trusted third party; the data information ciphertext set comprises a plurality of data information ciphertexts, wherein the data information ciphertexts are obtained by encrypting data information associated with the data key by using an encryption key by the data provider, and the encryption key is obtained by decrypting the key ciphertext by using a first private key in a first key pair corresponding to the data key;
And decrypting the data information ciphertext positioned at the intersection position in the data information ciphertext set by using the symmetric key to obtain a query result.
According to a third aspect of the disclosure, there is provided a data query method applied to a data provider, including:
transmitting a first public key set to a trusted third party for the trusted third party to transmit the first public key set to a data querying party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set;
receiving a key ciphertext sent by the trusted third party; the key ciphertext is obtained by encrypting a symmetric key by the data inquiring party by using an encryption public key, the encryption public key is a first public key positioned at an intersection position in the first public key set, the intersection position is a position of a privacy intersection in a data keyword set, and the privacy intersection is obtained by carrying out privacy set intersection on an inquiring keyword in the data inquiring party and the data keyword set in a data provider by the trusted third party based on a privacy set intersection algorithm;
Encrypting data information associated with the data keywords by using an encryption key aiming at each data keyword in the data keyword set to obtain a data information ciphertext; the encryption key is obtained by decrypting the key ciphertext by using a first private key in a first key pair corresponding to the data key;
transmitting a data information ciphertext set formed by a plurality of data information ciphertexts to a trusted third party, so that the trusted third party can transmit the data information ciphertext set to the data inquiring party; the data information ciphertext set is used for decrypting the data information ciphertext positioned at the intersection position in the data information ciphertext set by the data inquiring party by utilizing the symmetric key, so as to obtain an inquiring result.
According to a fourth aspect of the disclosure, a data query device is provided and applied to a trusted third party, and the device includes a privacy set transaction module and a first transceiver module, where:
the privacy set intersection solving module is used for acquiring privacy intersections of query keywords in a data query party and data keyword sets in a data provider based on a privacy set intersection solving algorithm, and sending intersection positions of the privacy intersections in the data keyword sets to the data query party;
The first transceiver module is used for sending a first public key set received from the data provider to the data inquirer; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set;
the first transceiver module is further configured to send a key ciphertext received from the data querying party to the data provider; the key ciphertext is obtained by encrypting a symmetric key by the data inquiring party by utilizing an encryption public key, wherein the encryption public key is a first public key positioned at the intersection position in the first public key set;
the first transceiver module is further used for receiving a data information ciphertext set sent by the data provider; the data information ciphertext set comprises a plurality of data information ciphertexts, wherein the data information ciphertexts are obtained by encrypting data information associated with the data key by using an encryption key by the data provider, and the encryption key is obtained by decrypting the key ciphertext by using a first private key in a first key pair corresponding to the data key;
The first transceiver module is further configured to send the data information ciphertext set to the data querying party; the data information ciphertext set is used for decrypting the data information ciphertext located at the intersection position in the data information ciphertext set by the data inquiring party by utilizing the symmetric key, so as to obtain an inquiring result.
According to a fifth aspect of the disclosure, there is provided a data querying device, applied to a data querying party, the device including a second transceiver module, a key encryption module and a data decryption module, wherein:
the second transceiver module is used for receiving the intersection position sent by the trusted third party; the intersection position is a position of a privacy intersection in a data keyword set, and the privacy intersection is obtained by the trusted third party performing privacy set intersection on a query keyword in a data query party and a data keyword set in a data provider based on a privacy set intersection algorithm;
the second transceiver module is further configured to receive a first public key set sent by the trusted third party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set;
The key encryption module is used for encrypting the symmetric key by utilizing the encryption public key to obtain a key ciphertext; wherein the encrypted public key is a first public key of the first public key set that is located at the intersection location;
the second transceiver module is further configured to send the key ciphertext to the trusted third party, so that the trusted third party sends the key ciphertext to the data provider;
the second transceiver module is also used for receiving a data information ciphertext set sent by the trusted third party; the data information ciphertext set comprises a plurality of data information ciphertexts, wherein the data information ciphertexts are obtained by encrypting data information associated with the data key by using an encryption key by the data provider, and the encryption key is obtained by decrypting the key ciphertext by using a first private key in a first key pair corresponding to the data key;
the data decryption module is used for decrypting the data information ciphertext positioned at the intersection position in the data information ciphertext set by using the symmetric key to obtain a query result.
According to a sixth aspect of the disclosure, there is provided a data query device, applied to a data provider, the device including a third transceiver module and a data encryption module, wherein:
The third transceiver module is used for sending the first public key set to a trusted third party, so that the trusted third party can send the first public key set to a data inquiring party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set;
the third receiving and transmitting module is also used for receiving the key ciphertext sent by the trusted third party; the key ciphertext is obtained by encrypting a symmetric key by the data inquiring party by using an encryption public key, the encryption public key is a first public key positioned at an intersection position in the first public key set, the intersection position is a position of a privacy intersection in a data keyword set, and the privacy intersection is obtained by carrying out privacy set intersection on an inquiring keyword in the data inquiring party and the data keyword set in a data provider by the trusted third party based on a privacy set intersection algorithm;
the data encryption module is used for encrypting data information associated with each data keyword in the data keyword set by using an encryption key to obtain a data information ciphertext; the encryption key is obtained by decrypting the key ciphertext by using a first private key in a first key pair corresponding to the data key;
The third receiving and transmitting module is further configured to send a data information ciphertext set formed by a plurality of data information ciphertexts to a trusted third party, so that the trusted third party sends the data information ciphertext set to the data querying party; the data information ciphertext set is used for decrypting the data information ciphertext positioned at the intersection position in the data information ciphertext set by the data inquiring party by utilizing the symmetric key, so as to obtain an inquiring result.
According to a seventh aspect of the present disclosure, there is provided an electronic device comprising a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored by the memory to implement the method of any one of the first, second or third aspects.
According to an eighth aspect of the present disclosure, there is provided a computer-readable storage medium having stored therein computer-executable instructions for implementing the method of any one of the first, second or third aspects when executed by a processor.
According to a ninth aspect of the present disclosure there is provided a computer program product comprising a computer program for implementing the method of any one of the first, second or third aspects when the computer program is executed by a processor.
Compared with the prior art, the application has the following beneficial effects:
according to the data query method, the electronic device and the readable storage medium, a trusted third party is used as an intermediary role of data interaction, a privacy intersection of query keywords of the data query party and a data keyword set of the data provider is obtained by means of a privacy set intersection algorithm, and the position of the data query party, which is required to query, in the data provider is obtained on the premise that information of the data query party and the data provider is not revealed through the intersection position of the privacy intersection in the data keyword set. And then, carrying out corresponding encryption and decryption operation on the subsequently transmitted data information through the first key pair, the symmetric key and the intersection position, and further enabling the data inquiring party to obtain a correct inquiring result on the premise of not revealing information of the data inquiring party and the data provider. In the data query process, the data anonymity of both the data query party and the data provider party is guaranteed, and the privacy security of the data query is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained by those skilled in the art without inventive work. Wherein:
fig. 1 is a schematic architecture diagram of a data query system according to an embodiment of the present application;
fig. 2 is a flow chart of a data query method according to an embodiment of the present application;
fig. 3 is a schematic flow chart of a privacy intersection algorithm provided in an embodiment of the present application;
fig. 4 is a flow chart of another data query method according to an embodiment of the present application;
fig. 5 is a flowchart of another data query method according to an embodiment of the present application;
fig. 6 is a flowchart of another data query method according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a data query device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of another data query device according to an embodiment of the present application;
Fig. 9 is a schematic structural diagram of another data query device according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Specific embodiments thereof have been shown by way of example in the drawings and will herein be described in more detail. These drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but to illustrate the concepts of the present application to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
Because of entering the big data age, various industries currently need a large amount of data to perform data mining for wind control, marketing and other aspects. As a data consumer, the data consumer must know the specific query record of the data consumer when querying the data consumer without privacy protection. Particularly, in some data query services related to sensitive information, such as query services of financial institutions for private information such as personal credit information and personal fund information, when the data query institutions perform data query to the data providing institutions, if the data query institutions are not subjected to privacy protection, the data providing institutions can necessarily know specific query records of the data query institutions, so that data query users of the data query institutions have risk of revealing the private information.
In order to ensure that the query is completed on the premise that query information is not perceived and leaked when the data query is submitted to a data provider, a data hiding query technology is presented. The hidden inquiry is also called privacy information retrieval (Private Information Retrieval, PIR), which is a privacy information retrieval technology for protecting the user's inquiry privacy, specifically, in the interaction process of a data inquiry party and a data provider, the data inquiry party hides the inquiry keyword or client ID information of the inquired object, the data provider provides the matched inquiry result but can not know the specific corresponding inquiry object, and the inquiry is usually realized based on cryptography technologies such as encryption algorithm, careless transmission and the like, thereby effectively avoiding the possibility of data caching, data leakage and data vending. Among them, the existing common method for inquiring the trace includes a method for inquiring the trace based on careless (Oblivious Transfer, OT) transmission, a method for inquiring the trace based on homomorphic encryption, and a method for inquiring the trace based on keywords.
However, in the existing data trace query technology, although the information of the data query party can be protected from being acquired by the data provider, the data query party can acquire the information of the data provider, namely, the anonymity of both the data query party and the data provider can not be ensured in one-way in the existing data trace query technology. Taking information inquiry of a financial institution as an example, anonymity of both a data inquiry party and a data provider is guaranteed, so that not only is information such as user ID and the like which the data inquiry institution wants to inquire not perceived by the data provider, but also an inquiry result returned by the data provider is guaranteed not to expose any additional privacy information about the data provider.
Aiming at the technical problems, the privacy intersection is obtained by utilizing the trusted third party as an intermediary role of data interaction and utilizing the privacy set intersection solving algorithm, the intersection position of the privacy intersection in the data keyword set is utilized, then the corresponding encryption and decryption operation is carried out on the subsequently transmitted data information through the first key pair, the symmetric key and the intersection position, and the data inquiry party can obtain a correct inquiry result on the premise that the information of the data inquiry party and the data provider party is not revealed.
Next, a basic architecture of the data query system according to the present application will be described with reference to fig. 1.
Fig. 1 is a schematic architecture diagram of a data query system provided in an embodiment of the present application, referring to fig. 1, in some embodiments, the data query system includes a data querying party 101, a data provider 103, and a trusted third party 102, where the trusted third party 102 is connected to the data querying party 101 and the data provider 103 through a network, and in particular, the network may be a wide area network or a local area network, or a combination of the two. Wherein:
the data inquirer 101 refers to an entity that needs to acquire specific data, and the data inquirer may be an individual user, an enterprise organization, or other systems. They typically initiate a data query request to the data provider 103 or trusted third party 102 to obtain the desired data.
The data provider 103 refers to an entity that owns and provides data, and the data provider 103 may be a data holder, a data collection facility, a database service provider, or the like. They are responsible for managing, storing and maintaining data and providing the data to the data querying party 101 or trusted third party 102 as required.
The trusted third party 102 is a neutral and trusted entity, and plays a role as an intermediary for data interaction, and the trusted third party takes responsibility for ensuring security, privacy protection, compliance and the like of data. In some cases, trusted third parties are also responsible for integration, cleansing and analysis of data to provide more valuable data services. In the data interaction and sharing process, the trusted third party 102 serves as an intermediary to interact with the data provider 103 and the data inquirer 101, so that the data inquirer 101 can obtain required data. Trusted third parties 102 play an important role in coordinating, managing and protecting data in the exchange of data.
It should be noted that, fig. 1 is only a schematic structural diagram of a data query system provided in the embodiment of the present application, and the embodiment of the present application does not limit the actual forms of the various devices included in fig. 1, nor limit the interaction manner or the connection manner between the various devices in fig. 1, and in a specific application of the technical scheme, the configuration may be set according to actual requirements.
With reference to the above application scenario, the technical scheme of the data query method provided in the application is described in detail below through a specific embodiment. It should be noted that the following embodiments may exist alone or in combination with each other, and for the same or similar content, the description may not be repeated in different embodiments.
Fig. 2 is a flow chart of a data query method provided in an embodiment of the present application, referring to fig. 2, in some embodiments, the data query method is applied to a trusted third party, and the flow chart includes the following steps:
s201, based on a privacy set intersection algorithm, acquiring a privacy intersection of a query keyword in a data query party and a data keyword set in a data provider, and sending an intersection position of the privacy intersection in the data keyword set to the data query party.
The privacy intersection of the query keyword and the data keyword set in the data query party is obtained based on the privacy set intersection solving algorithm, and the privacy intersection of the query keyword and the data keyword set can be obtained through encryption calculation under the condition that any additional information of the data query party and the data provider is not revealed. The additional information refers to any information except the privacy intersection provided by the data inquirer and the data provider. The aim is to determine the position of query data which a data querying party wants to acquire in a data provider by the position of privacy intersection in the query data set. And sends this location information to the data querying party for use in subsequent data queries.
Specifically, for the data stored by the data provider, the data generally includes a data keyword and data information associated with the data keyword, so that in the data query process, the query keyword in the query request is used as an index to find the data keyword consistent with the query keyword, and the data information associated with the data keyword is used as a query result. Taking a customer deposit amount inquiry scenario of the financial industry as an example, a customer inputs a customer account number (i.e., inquiry keyword) to be inquired through a customer end (i.e., data inquirer), deposit information of a plurality of customers is stored in a financial institution database (i.e., data provider), and the deposit information includes a deposit account number (i.e., data keyword) and a deposit balance (i.e., data information). And searching a deposit account consistent with the client account, returning the deposit balance of the deposit account to the client, and obtaining deposit amount information to be inquired by the client.
S202, a first public key set received from a data provider is sent to a data inquirer; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set.
The data provider generates first key pairs corresponding to the data keywords one by one according to the data keywords in the data keyword set, and sends first public keys in the first key pairs to the trusted third party, and first private keys in the first key pairs are stored in the data provider. After receiving the first public key set sent by the data provider, the trusted third party sends the first public key set to the data inquirer.
Specifically, a key pair consisting of a public key and a private key belongs to asymmetric encryption, the key pair in the encryption mode is a pair, and a sender encrypts original data by using the public key and then sends the original data; the receiver decrypts the data with the private key of the pair of keys to obtain the original data. Since the public and private keys are not identical, they are called asymmetric encryption.
S203, the key ciphertext received from the data inquiring party is sent to the data provider; the key ciphertext is obtained by encrypting a symmetric key by a data inquiring party by using an encryption public key, wherein the encryption public key is a first public key positioned at an intersection position in a first public key set.
After receiving the first public key set, the data querying party selects a first public key located at an intersection position in the first public key set to encrypt the symmetric key selected by the data querying party to obtain a key ciphertext, and sends the key ciphertext to the trusted third party. And after receiving the key ciphertext sent by the data inquiring party, the trusted third party sends the key ciphertext to the data provider.
Specifically, the symmetric key refers to an encryption scheme using the same key when encrypting and decrypting data, and is also referred to as a shared key or a secret key. In symmetric key encryption, the sender and receiver must share the same key, which is used when encrypting data and decrypting data. The encryption process comprises the steps of combining original data and a symmetric key through a preset algorithm to generate ciphertext; the decryption process is to input the ciphertext and the symmetric key into the same algorithm to recover the original message.
Specifically, the symmetric key is randomly selected by the data querying party.
S204, receiving a data information ciphertext set sent by a data provider; the data information ciphertext set comprises a plurality of data information ciphertexts, wherein the data information ciphertexts are obtained by encrypting data information associated with a data key by a data provider by using an encryption key, and the encryption key is obtained by decrypting a key ciphertext by using a first private key in a first key pair corresponding to the data key.
After receiving the key ciphertext, the data provider decrypts the key ciphertext through a first private key in the first key pair to obtain a plurality of encryption keys corresponding to the data keywords one by one, encrypts data information associated with the data keywords by using the encryption keys to obtain encrypted data information ciphertext to form a data information ciphertext set, and sends the data information ciphertext set to a trusted third party.
It should be noted that, since the key ciphertext is obtained by encrypting the first public key at the intersection position, only the encryption key obtained by decrypting the first private key at the intersection position is correct, that is, only the encryption key obtained by decrypting the first private key at the intersection position is consistent with the symmetric key of the data querying party, only the data information encrypted by the encryption key obtained by decrypting the first private key at the intersection position can be correctly decrypted and recovered by the symmetric key of the data querying party.
S205, sending the data information ciphertext set to a data inquiring party; the data information ciphertext set is used for decrypting the data information ciphertext positioned at the intersection position in the data information ciphertext set by the data inquiring party by using the symmetric key, so as to obtain an inquiring result.
And the symmetric key in the data inquiring party can acquire the correct data information only by decrypting the data information ciphertext positioned at the intersection position, wherein the symmetric key in the data inquiring party is corresponding to the correct encryption key obtained by decrypting the first private key positioned at the intersection position. Therefore, after the trusted third party sends the data information ciphertext set to the data inquiring party, the data inquiring party decrypts the data information ciphertext positioned at the intersection position by using the symmetric key, and then an inquiring result can be obtained. Other data information ciphertext cannot be decrypted correctly, so that other data except the query result of the data provider cannot be revealed.
In this embodiment, it can be seen that the data sent by the data provider that can be contacted by the data querying party includes a first public key set and a data information ciphertext set, where, except that the data at the intersection position in the data information ciphertext set can be correctly decrypted by the data querying party as a query result, other data either does not include private data or cannot be correctly decrypted, and the data querying party cannot obtain any other private information about the data provider except the query result. Accordingly, only the key ciphertext sent by the data querying party can be contacted by the data provider, the key ciphertext also does not contain any privacy information about the data querying party, and the data provider also does not know any query information of the data querying party.
Therefore, the trusted third party is used as an intermediary role of data interaction, the privacy intersection of the query keywords of the data query party and the data keyword set of the data provider is obtained by the privacy set intersection algorithm, and the position of the data information which the data query party wants to query in the data provider is obtained on the premise that the information of the data query party and the data provider is not revealed through the intersection position of the privacy intersection in the data keyword set. And then, carrying out corresponding encryption and decryption operation on the subsequently transmitted data information through the first key pair, the symmetric key and the intersection position, and further enabling the data inquiring party to obtain a correct inquiring result on the premise of not revealing information of the data inquiring party and the data provider. In the data query process, the data anonymity of both the data query party and the data provider party is guaranteed, and the privacy security of the data query is improved.
In some embodiments, further comprising: transmitting pre-stored encryption algorithm information to a data sender; the data sender comprises a data inquiry party or a data provider, and the encryption algorithm information comprises a plurality of encryption algorithms selected by the data sender; receiving a first selection result returned by a data sender; wherein the first selection result corresponds to one encryption algorithm in the encryption algorithm information; generating a second key pair according to the first selection result, and transmitting a second public key in the second key pair to a data sender; the second public key is used for encrypting the data sent to the trusted third party by the data sender, and the second private key in the second key pair is used for decrypting the data received to the data sender by the trusted third party.
In this embodiment, in order to ensure the security of data transmission between the trusted third party and the data querying party and between the trusted third party and the data providing party, the data transmitted between the trusted third party and the data querying party and between the trusted third party and the data providing party may be encrypted. The data inquiring party and the data providing party select one of the encryption algorithms and feed the encryption algorithms back to the trusted third party, and the trusted third party generates a key pair according to a selection result and sends a public key part of the key pair to the data inquiring party and the data providing party.
When the data querying party and the data providing party send data to the trusted third party, the data to be sent needs to be encrypted by utilizing the second public key in the second key pair, and after the encrypted data is sent to the trusted third party, the trusted third party decrypts the received data by utilizing the second private key in the second key pair, so that the security of data transmission between the trusted third party and the data querying party and between the trusted third party and the data providing party is ensured.
In some embodiments, further comprising: the pre-stored encryption algorithm information is sent to a data receiver; the data receiving party comprises a data inquiring party or a data providing party, and the encryption algorithm information comprises a plurality of encryption algorithms selected by the data receiving party; receiving a second selection result returned by the data receiver; wherein the second selection result corresponds to one encryption algorithm in the encryption algorithm information; generating a third key pair according to the second selection result, and sending a third private key in the key pair to a data receiver; the third private key is used for decrypting the data received by the trusted third party by the data receiver, and the third public key in the third key pair is used for encrypting the data sent to the data receiver by the trusted third party.
In this embodiment, in order to ensure the security of data transmission between the trusted third party and the data querying party and between the trusted third party and the data providing party, the data transmitted between the trusted third party and the data querying party and between the trusted third party and the data providing party may be encrypted. The data inquiring party and the data providing party select one of the encryption algorithms and feed the encryption algorithms back to the trusted third party, and the trusted third party generates a key pair according to a selection result and sends a private key part of the key pair to the data inquiring party and the data providing party.
Therefore, when the trusted third party sends data to the data querying party and the data provider, the data to be sent needs to be encrypted by utilizing the third public key in the third key pair, and after the encrypted data is sent to the data querying party and the data provider, the data querying party and the data provider decrypt the received data by utilizing the third private key in the third key pair, so that the security of data transmission between the trusted third party and the data querying party and between the trusted third party and the data provider is ensured.
In some embodiments, uploading the first public key set and the set of data information ciphertext to the blockchain credential is further included.
In this embodiment, the purpose of the certificate information uplink is to prevent a malicious data query party or a malicious data provider from providing false data, if there is a party providing false data, verification can be performed according to the certificate information on the blockchain chain, and the identity of the party providing false data is found. Because no extra information can be revealed between the data query party and the data provider, the data provider cannot know the query records of the data query party, so that the query privacy of the data query party is protected, the query records cannot be stored, and the supervision party cannot audit the query records of the data query party. The data provider also desires a query record of the data querying party to be provable and the data querying party to be authenticated. Moreover, the supervisor also needs to audit the query of the data querying party.
In the data query method shown in fig. 2, the query keyword in the data query party and the data keyword set in the data provider need to be subjected to privacy set intersection, and in the technical scheme of the data query method, the content of the privacy set intersection is further described below with reference to fig. 3.
Fig. 3 is a schematic flow chart of a privacy intersection algorithm provided in an embodiment of the present application, referring to fig. 3, in some embodiments, the flow chart of the privacy intersection algorithm includes the following steps:
In some embodiments, based on a privacy set intersection algorithm, obtaining a privacy intersection of a query keyword in a data querying party and a data keyword set in a data provider includes:
s301, receiving a first ciphertext and a first random number sent by a data inquiring party; the first ciphertext is obtained by multiplying the query key word by a first random number and performing semi-homomorphic encryption.
S302, receiving a second ciphertext set and a second random number sent by a data provider; the second ciphertext set is obtained by performing multiplication semi-homomorphic encryption on the data keywords in the data keyword set by using the second random number.
S303, performing multiplication semi-homomorphic encryption on the first ciphertext by using the second random number to obtain a third ciphertext.
S304, performing multiplication semi-homomorphic encryption on the second ciphertext in the second ciphertext set by using the first random number to obtain a fourth ciphertext set.
And S305, performing intersection on the third ciphertext and the fourth ciphertext set to obtain a privacy intersection.
In this embodiment, for the multiplicative semi-homomorphic encryption algorithm, it satisfies the key exchange law. Specifically, assuming that there are data a, random numbers a and b, when data a is secondarily encrypted by the multiplication semi-homomorphic encryption algorithm, the (a a ) b =(A b ) a . Based on the principle, after the query keywords in the data query party and the data keywords in the data provider exchange random numbers and then perform multiplication semi-homomorphic encryption for two times, if the query keywords are consistent with the data keywords, the twice encrypted data of the query keywords and the data keywords should be the same, the privacy intersection represents the same data keywords as the query keywords, and the data information associated with the data keywords corresponding to the privacy intersection is the corresponding query results.
Specifically, the multiplication semi-homomorphic encryption algorithm can be an elliptic curve encryption algorithm.
Specifically, if the privacy intersection is empty, it indicates that no corresponding data is queried in the data provider.
Preferably, the method further comprises uploading the first ciphertext, the first random number, the second ciphertext set, and the second random number to the blockchain credential.
The purpose of the forensic information uplink is to prevent a malicious data inquirer or a malicious data provider from providing false data.
Preferably, the method further comprises the step of disturbing the sequence of the fourth ciphertext in the fourth ciphertext set before the intersection of the third ciphertext and the fourth ciphertext set; prior to sending the first set of public keys received from the data provider to the data querying party, scrambling the order of the first public keys in the first set of public keys; before sending the data information ciphertext set to a data inquiring party, disturbing the sequence of the data information ciphertext in the data information ciphertext set; the data keyword set, the first public key set and the data information ciphertext set are the same in disorder order.
In this embodiment, the data query method of the present application is applicable to a query scenario of one data query party and one data provider, as well as a data query scenario of one data query party and multiple data providers, and multiple data query parties and multiple data providers.
In a scenario involving multiple data providers, the data in the fourth ciphertext set, the first public key set, and the data information ciphertext set come from the multiple data providers, so that in order to avoid the problem of disclosure of identity information of the data providers, for example, two adjacent data are guessed to come from one data provider, the data sequence in the sets can be disordered, and thus, related information of the data providers can be avoided from being obtained from the sequence of the data.
Meanwhile, since the query result is determined by the intersection position of the privacy intersection, the same scrambling sequence should be kept when the above sets are scrambled, so as to ensure that correct data can be obtained by the intersection position of the privacy intersection.
Specifically, a random ordering algorithm such as a shuffling algorithm can be adopted for scrambling the data, and the fourth ciphertext set, the first public key set and the data information ciphertext set adopt the random ordering algorithm with the same parameters, so that the data of the fourth ciphertext set, the first public key set and the data information ciphertext set are ordered consistently after scrambling.
By performing data ordering disturbing operation on the data, the data querying party and the data providers can be guaranteed, and the data querying party can not infer which data providers the queried data come from.
Fig. 4 is a flow chart of another data query method provided in the embodiment of the present application, referring to fig. 4, in some embodiments, the data query method is applied to a data query party, and the flow chart includes the following steps:
s401, receiving an intersection position sent by a trusted third party; the intersection position is the position of the privacy intersection in the data keyword set, and the privacy intersection is obtained by a trusted third party performing privacy set intersection on the query keywords in the data query party and the data keyword set in the data provider based on a privacy set intersection algorithm.
S402, receiving a first public key set sent by a trusted third party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set.
S403, encrypting the symmetric key by using the encryption public key to obtain a key ciphertext; wherein the encrypted public key is a first public key located at an intersection position in the first public key set;
And S404, the key ciphertext is sent to the trusted third party for the trusted third party to send the key ciphertext to the data provider.
S405, receiving a data information ciphertext set sent by a trusted third party; the data information ciphertext set comprises a plurality of data information ciphertexts, wherein the data information ciphertexts are obtained by encrypting data information associated with a data key by a data provider by using an encryption key, and the encryption key is obtained by decrypting a key ciphertext by using a first private key in a first key pair corresponding to the data key.
S406, decrypting the data information ciphertext positioned at the intersection position in the data information ciphertext set by using the symmetric key to obtain a query result.
In this embodiment, it should be noted that, in the flow shown in fig. 4, the implementation principle and technical effects of each step can be referred to the above description about fig. 2, and will not be repeated here.
Fig. 5 is a flow chart of another data query method provided in an embodiment of the present application, referring to fig. 5, in some embodiments, the data query method is applied to a data provider, and the flow chart includes the following steps:
s501, the first public key set is sent to a trusted third party, so that the trusted third party can send the first public key set to a data inquiring party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set.
S502, receiving a key ciphertext sent by a trusted third party; the secret key ciphertext is obtained by encrypting a symmetric key by a data inquiring party by using an encryption public key, the encryption public key is a first public key positioned at an intersection position in a first public key set, the intersection position is a position of a privacy intersection in a data keyword set, and the privacy intersection is obtained by carrying out privacy set intersection on an inquiring keyword in the data inquiring party and the data keyword set in a data provider by a trusted third party based on a privacy set intersection algorithm.
S503, encrypting the data information associated with the data keywords by using an encryption key for each data keyword in the data keyword set to obtain a data information ciphertext; the encryption key is obtained by decrypting the key ciphertext by using a first private key in a first key pair corresponding to the data key.
S504, a data information ciphertext set formed by a plurality of data information ciphertexts is sent to a trusted third party, so that the trusted third party can send the data information ciphertext set to a data inquiring party; the data information ciphertext set is used for decrypting the data information ciphertext positioned at the intersection position in the data information ciphertext set by the data inquiring party by using the symmetric key, so as to obtain an inquiring result.
In this embodiment, it should be noted that, in the flow shown in fig. 5, the implementation principle and technical effects of each step can be referred to the above description about fig. 2, and will not be repeated here.
Fig. 6 is a flow chart of another data query method provided in the embodiment of the present application, referring to fig. 6, in some embodiments, the data query method is applied to a data query system, and the flow chart includes the following steps:
s601, the data inquiring party performs multiplication semi-homomorphic encryption on the inquiring key words by using a first random number to obtain a first ciphertext.
And S602, the data inquiring party sends the first ciphertext and the first random number to a trusted third party.
And S603, the data provider performs multiplication semi-homomorphic encryption on the data keywords in the data keyword set by using the second random number to obtain a second ciphertext set.
And S604, the data provider sends the second ciphertext set and the second random number to a trusted third party.
S605, the trusted third party performs multiplication semi-homomorphic encryption on the first ciphertext by using the second random number to obtain a third ciphertext.
And S606, the trusted third party performs multiplication semi-homomorphic encryption on the second ciphertext in the second ciphertext set by using the first random number to obtain a fourth ciphertext set.
And S607, the trusted third party performs intersection on the third ciphertext and the fourth ciphertext set to obtain a privacy intersection.
And S608, the trusted third party determines the intersection position of the privacy intersection in the data keyword set according to the position of the privacy intersection in the fourth ciphertext set.
And S609, the trusted third party sends the intersection position to the data inquirer.
S610, the data provider sends the first public key set to a trusted third party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set.
S611, after the trusted third party receives the first public key set, the first public key set is sent to the data querying party.
And S612, the data inquirer encrypts the symmetric key by using the first public key positioned at the intersection position in the first public key set to obtain a key ciphertext.
And S613, the data inquiring party sends the key ciphertext to the trusted third party.
And S614, after receiving the key ciphertext, the trusted third party sends the key ciphertext to the data provider.
And S615, after receiving the key ciphertext, the data provider decrypts the key ciphertext by using a first private key in a first key pair corresponding to the data key to obtain an encryption key.
S616, the data provider encrypts the data information associated with the data key using the encryption key corresponding to the data key to obtain a data information ciphertext set.
And S617, the data provider sends the data information ciphertext set to a trusted third party.
And S618, after receiving the data information ciphertext set, the trusted third party sends the data information ciphertext set to the data inquiring party.
And S619, after the data inquiring party receives the data information ciphertext set, decrypting the data information ciphertext positioned at the intersection position in the data information ciphertext set by using the symmetric key to obtain an inquiring result.
In this embodiment, it should be noted that, in the flow shown in fig. 6, the implementation principle and technical effects of each step can be referred to the above description about fig. 2, and will not be repeated here.
In the following, an exemplary application of the data query method of the present application in a practical application scenario will be described in a specific embodiment.
In a specific embodiment, it is assumed that an a bank needs to check the loan amount of a certain customer at other banks when the a bank handles a loan for the certain customer, but the a bank does not want to reveal personal identity information of the customer when inquiring, and the other banks also do not want to reveal own identity information when feeding back information.
Specifically, assuming that the bank a (i.e. the data querying party) is C, the client identity information to be queried is ID ', where ID' is the query key of the data querying party.
Specifically, assume that n other banks (i.e., data providers) are S respectively 1 ,S 2 ,…,S n Data provider S i Assuming that m pieces of data are contained, the data that the data provider has can be expressed as ((ID) i,1 ,M i,1 ),(ID i,2 ,M i,2 ),…,(ID i,m ,M i,m ) I is more than or equal to 1 and n is more than or equal to n. This can be understood simply as ID i,m Customer identity information owned by other banks, namely data keywords of the data provider. M is M i,m The relevant data to which the customer belongs, such as the loan amount of the customer at the bank, i.e. the data information associated with the data key in the data provider.
Specifically, let the people's bank (i.e. trusted third party) be P.
Under the inquiry scene of the client loan amount, the data inquiry method can be applied to a data inquiry system constructed by an A bank (data inquiry party), other banks (data provider) and a people bank (trusted third party), and the specific process comprises the following steps:
step 1, A bank C selects random number r Other banks S i Selecting a random number r i (1.ltoreq.i.ltoreq.n). The random number is used to encrypt the client identity information during the private collection intersection in order to find the intersection without knowing the client information data set owned by the other party.
Step 2, the A bank C uses the random number r Elliptic curve encryption is carried out on the identity information ID of the client to be queried to obtain the identity information ciphertext E (ID ', r ') of the client to be queried, and E (ID, r ') and the random number r are used for obtaining the identity information ciphertext E (ID ', r ') of the client to be queried And the digital signature is sent to the people bank P and its certification information (secondary hash value) is uploaded to the blockchain.
Step 3, other banks S i Respectively using random numbers r i For all customer identity information ID owned by oneself i,m Elliptic curve encryption is sequentially performed to obtain the encrypted text vector (E (ID) i,1 ,r i ),E(ID i,2 ,r i ),...,E(ID i,m ,r i )),1≤i≤n,Then the identity information ciphertext vector and the random number r i And the digital signature is sent to the people's bank P and its certification information (secondary hash value) is uploaded to the blockchain chain.
Step 4, the people bank P receives the A bank C and all the data source parties S i After the information of (2), r is used respectively For S i Identity information ciphertext vector (E (ID) i,1 ,r i ),E(ID i,2 ,r i ),...,E(ID i,m ,r i ) Elliptic curve encryption) to obtain the second ciphertext vector (E (ID) i,1 ,r i ),r′),E(E(ID i,2 ,r i ),r′),...,E(E(ID i,m ,r i ) R')). At the same time, r is i Encrypting E (ID ', r ') to obtain a secondary ciphertext vector E (E (ID ', r '), r ' of the identity information ciphertext of the client to be queried i )。
Step 5, the secondary ciphertext vectors of all the identity information owned by other banks are disordered, and then (E (ID i,1 ,r i ),r′),E(E(ID i,2 ,r i ),r′),...,E(E(ID i,m ,r i ) R ')) and E (E (ID ', r '), r i ) And recording the position information of the elements in the intersection in the second ciphertext vector of the identity information, here we assume that the elements in the private intersection are (i) n′ ,j m′ )。
Since the client to be queried may have loan records in multiple banks, the resulting privacy intersection may also contain multiple elements, each of which represents that the client identity information to be queried by the first bank is identical to the second ciphertext vector of the client identities owned by other banks, i.e., here is the client whose other banks are identical to the client identities to be queried by the first bank.
Finally the trusted third party compares the calculated secondary ciphertext vector (E (ID) i,1 ,r i ),r′),E(E(ID i,2 ,r i ),r′),...,E(E(ID i,m ,r i ) R ') of the challenge information encrypted with different random numbers, a second ciphertext E (ID ', r '), r i ) Respectively carrying out uploading areasThe block chain is verified, and specifically, a secondary hash value can be adopted for the generation mode of the verification information.
Step 6, after the people bank P sends the position information of the privacy intersection to the first bank C, the C randomly selects the symmetric key k . In particular, advanced encryption standard (Advanced Encryption Standard, AES) encryption is taken as an example here, although other symmetric encryption algorithms may be used.
Step 7, other banks S i Selecting m pairs of key pairs, each key pair associated with S i One-to-one correspondence ((k) of owned customer information i,1,pri ,k i,1,pub ),(k i,2,pri ,k i,2,pub ),...,(k i,m,pri ,k i,m,pub )),S i Will private key (k) i,1,pri ,k i,2,pri ,...,k i,m,pri ) Save and store the public key (k i,1,pub ,k i,2,pub ,...,k i,m,pub ) And sent to the civil bank P. Wherein, 1.ltoreq.i.ltoreq.n.
Step 8, people bank P receives all data source side S i After the public key information is transmitted, all public key information (k) is obtained by adopting the same method for disturbing the secondary ciphertext vectors of all data sources in the step 5 i,1,pub ,k i,2,pub ,...,k i,m,pub ) (1 is less than or equal to i is less than or equal to n) and the public key information is scrambled according to the same sequence, and the certification information of the public key information (the production mode of the certification information can adopt secondary hash) is uploaded to the blockchain, and meanwhile the scrambled public key information is sent to the first bank C.
Step 9, after the bank A C receives the public key information, the position is used in (i) n′ ,j m′ ) Public key of (a)For the symmetric key k selected in step 6 Encryption is carried out to obtain a secret key ciphertext ++>And cryptograph the keyAnd sent to the civil bank P. The people bank P sends the information to other corresponding banks S i And uploading the certification information of the information (the generation mode of the certification information can adopt a secondary hash value) to the blockchain.
Step 10, other banks S i Upon receipt of the key ciphertextThereafter, the private key (k) stored by itself is used i,1,pri ,k i,2,pri ,...,k i,m,pri ) Decrypting it to obtain m decryption results (k i,1 ,k i,2 ,...,k i,m ) Then other banks S i By (k) i,1 ,k i,2 ,...,k i,m ) User attributes M respectively owned by them i,m Encryption is performed to obtain a data information ciphertext vector (E (M) i,1 ,k i,1 ),E(M i,2 ,k i,2 ),...,E(M i,m ,k i,m ) Data source side S) i And sending the data information ciphertext vector to the people bank P.
Step 11, after receiving the ciphertext vector, the people bank P uses the same method of disturbing the second ciphertext vector of all the data sources in step 5 to separate all (E (M i,1 ,k i,1 ),E(M i,2 ,k i,2 ),...,E(M i,m ,k i,m ) (1 is less than or equal to i is less than or equal to n) and is sent to the first bank C, and meanwhile, the certification information (the production mode of the certification information can adopt secondary hash) is uploaded to the blockchain.
Step 12, the bank a C adopts the symmetric key k in step 6 For the position (i) n′ ,j m′ ) Is (are) encrypted dataDecryption is performed to obtain the desired data +.>I.e. the user to be queried is at other banks S i Is a loan amount of (c).
In this embodiment, the first bank may not obtain any other relevant information about other banks except for the loan amount of the client to be queried in other banks, and other banks may not obtain any information about the first bank and the client to be queried, thereby realizing bidirectional trace hiding of the first bank and other banks in the data query process.
Fig. 7 is a schematic structural diagram of a data query device according to an embodiment of the present application, and referring to fig. 7, the data query device includes various functional modules for implementing the foregoing data query method, where any functional module may be implemented in software and/or hardware.
In some embodiments, a data query device 700, applied to a trusted third party, includes a privacy set challenge module 701 and a first transceiver module 702, wherein:
the privacy set intersection module 701 is configured to obtain a privacy intersection of a query keyword in a data query party and a data keyword set in a data provider based on a privacy set intersection algorithm, and send an intersection position of the privacy intersection in the data keyword set to the data query party;
the first transceiver module 702 is configured to send a first public key set received from a data provider to a data querying party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set;
the first transceiver module 702 is further configured to send the key ciphertext received from the data querying party to the data provider; the key ciphertext is obtained by encrypting a symmetric key by a data inquiring party by utilizing an encryption public key, wherein the encryption public key is a first public key positioned at an intersection position in a first public key set;
The first transceiver module 702 is further configured to receive a ciphertext set of data information sent by a data provider; the data information ciphertext set comprises a plurality of data information ciphertexts, wherein the data information ciphertexts are obtained by encrypting data information associated with a data key by a data provider by using an encryption key, and the encryption key is obtained by decrypting a key ciphertext by using a first private key in a first key pair corresponding to the data key;
the first transceiver module 702 is further configured to send the ciphertext set of data information to a data querying party; the data information ciphertext set is used for decrypting the data information ciphertext positioned at the intersection position in the data information ciphertext set by the data inquiring party by using the symmetric key, so as to obtain an inquiring result.
In some embodiments, the privacy set intersection module 701 is specifically configured to:
receiving a first ciphertext and a first random number sent by a data inquiring party; the first ciphertext is obtained by multiplying the query keyword by a first random number and performing semi-homomorphic encryption;
receiving a second ciphertext set and a second random number sent by a data provider; the second ciphertext set is obtained by performing multiplication semi-homomorphic encryption on the data keywords in the data keyword set by using second random numbers;
Performing multiplication semi-homomorphic encryption on the first ciphertext by using the second random number to obtain a third ciphertext;
performing multiplication semi-homomorphic encryption on a second ciphertext in the second ciphertext set by using the first random number to obtain a fourth ciphertext set;
and carrying out intersection on the third ciphertext and the fourth ciphertext set to obtain a privacy intersection.
In some embodiments, the apparatus further includes a uplink certification module 703, where the uplink certification module 703 is specifically configured to:
uploading the first ciphertext, the first random number, the second ciphertext set, and the second random number to the blockchain memory card.
In some embodiments, the apparatus further comprises a data out-of-order module 704, specifically configured to:
before crossing the third ciphertext and the fourth ciphertext set, disturbing the sequence of the fourth ciphertext in the fourth ciphertext set;
prior to sending the first set of public keys received from the data provider to the data querying party, scrambling the order of the first public keys in the first set of public keys;
before sending the data information ciphertext set to a data inquiring party, disturbing the sequence of the data information ciphertext in the data information ciphertext set;
the data keyword set, the first public key set and the data information ciphertext set are the same in disorder order.
In some embodiments, the apparatus further comprises a communication encryption module 705, the communication encryption module 705 being specifically configured to:
transmitting pre-stored encryption algorithm information to a data sender; the data sender comprises a data inquiry party or a data provider, and the encryption algorithm information comprises a plurality of encryption algorithms selected by the data sender;
receiving a first selection result returned by a data sender; wherein the first selection result corresponds to one encryption algorithm in the encryption algorithm information;
generating a second key pair according to the first selection result, and transmitting a second public key in the second key pair to a data sender; the second public key is used for encrypting the data sent to the trusted third party by the data sender, and the second private key in the second key pair is used for decrypting the data received to the data sender by the trusted third party.
In some embodiments, the communications encryption module 705 is further specifically configured to:
the pre-stored encryption algorithm information is sent to a data receiver; the data receiving party comprises a data inquiring party or a data providing party, and the encryption algorithm information comprises a plurality of encryption algorithms selected by the data receiving party;
receiving a second selection result returned by the data receiver; wherein the second selection result corresponds to one encryption algorithm in the encryption algorithm information;
Generating a third key pair according to the second selection result, and sending a third private key in the key pair to a data receiver; the third private key is used for decrypting the data received by the trusted third party by the data receiver, and the third public key in the third key pair is used for encrypting the data sent to the data receiver by the trusted third party.
In some embodiments, the uplink authentication module 703 is further specifically configured to:
and uploading the first public key set and the data information ciphertext set to the blockchain certificate.
The data query device provided in the embodiment of the present application is configured to execute the technical scheme provided in the embodiment of the data query method shown in fig. 2, and its implementation principle and technical effects are similar to those in the embodiment of the foregoing method, and are not described herein again.
Fig. 8 is a schematic structural diagram of a data query device according to an embodiment of the present application, and referring to fig. 8, the data query device includes various functional modules for implementing the foregoing data query method, where any functional module may be implemented in software and/or hardware.
In some embodiments, a data query device 800 is applied to a data query party, and the device includes a second transceiver module 801, a key encryption module 802, and a data decryption module 803, where:
The second transceiver module 801 is configured to receive an intersection location sent by a trusted third party; the intersection position is the position of a privacy intersection in the data keyword set, and the privacy intersection is obtained by a trusted third party performing privacy set intersection on the query keywords in the data query party and the data keyword set in the data provider based on a privacy set intersection algorithm;
the second transceiver module 801 is further configured to receive a first public key set sent by a trusted third party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set;
the key encryption module 802 is configured to encrypt the symmetric key with an encryption public key to obtain a key ciphertext; wherein the encrypted public key is a first public key located at an intersection position in the first public key set;
the second transceiver module 801 is further configured to send the key ciphertext to a trusted third party, for the trusted third party to send the key ciphertext to the data provider;
the second transceiver module 801 is further configured to receive a ciphertext set of data information sent by a trusted third party; the data information ciphertext set comprises a plurality of data information ciphertexts, wherein the data information ciphertexts are obtained by encrypting data information associated with a data key by a data provider by using an encryption key, and the encryption key is obtained by decrypting a key ciphertext by using a first private key in a first key pair corresponding to the data key;
The data decryption module 803 is configured to decrypt, from the data information ciphertext set, the data information ciphertext located at the intersection position by using the symmetric key, and obtain a query result.
The data query device 800 provided in the embodiment of the present application is configured to execute the technical scheme provided in the embodiment of the data query method shown in fig. 4, and its implementation principle and technical effects are similar to those in the embodiment of the foregoing method, and are not described herein again.
Fig. 9 is a schematic structural diagram of a data query device provided in the embodiment of the present application, and referring to fig. 9, the data query device includes various functional modules for implementing the foregoing data query method, where any functional module may be implemented by using software and/or hardware.
In some embodiments, a data query device 900 is applied to a data provider, and the device includes a third transceiver module 901 and a data encryption module 902, where:
the third transceiver module 901 is configured to send the first public key set to a trusted third party, so that the trusted third party sends the first public key set to the data querying party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set;
The third transceiver module 901 is further configured to receive a key ciphertext sent by a trusted third party; the key ciphertext is obtained by encrypting a symmetric key by a data inquiring party by using an encryption public key, the encryption public key is a first public key positioned at an intersection position in a first public key set, the intersection position is a position of a privacy intersection in a data keyword set, and the privacy intersection is obtained by carrying out privacy set intersection on an inquiring keyword in the data inquiring party and the data keyword set in a data provider by a trusted third party based on a privacy set intersection algorithm;
the data encryption module 902 is configured to encrypt, for each data keyword in the data keyword set, data information associated with the data keyword by using an encryption key to obtain a data information ciphertext; the encryption key is obtained by decrypting a key ciphertext by using a first private key in a first key pair corresponding to the data key;
the third transceiver module 901 is further configured to send a data information ciphertext set formed by a plurality of data information ciphertexts to a trusted third party, so that the trusted third party sends the data information ciphertext set to the data querying party; the data information ciphertext set is used for decrypting the data information ciphertext positioned at the intersection position in the data information ciphertext set by the data inquiring party by using the symmetric key, so as to obtain an inquiring result.
The data query device 900 provided in the embodiment of the present application is configured to execute the technical solution provided in the embodiment of the data query method shown in fig. 5, and its implementation principle and technical effects are similar to those in the embodiment of the foregoing method, and are not described herein again.
It should be noted that, it should be understood that the division of the modules of the above apparatus is merely a division of a logic function, and may be fully or partially integrated into a physical entity or may be physically separated. The modules can be realized in a form of calling the processing element through software, can be realized in a form of hardware, can be realized in a form of calling the processing element through part of the modules, and can be realized in a form of hardware. For example, the privacy set-up module may be a processing element that is set up alone, may be implemented in a chip of the above-described apparatus, or may be stored in a memory of the above-described apparatus in the form of program codes, and the functions of the privacy set-up module may be called and executed by a processing element of the above-described apparatus. The implementation of the other modules is similar. In addition, all or part of the modules can be integrated together or can be independently implemented. The processing element here may be an integrated circuit with signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in a software form.
Fig. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present application, referring to fig. 10, the electronic device 1000 includes: a processor 1001 and a memory 1002 communicatively connected to the processor 1001;
memory 1002 stores computer-executable instructions;
the processor 1001 executes computer-executable instructions stored in the memory 1002 to implement the technical solution of the foregoing data query method.
In the electronic device 1000, the memory 1002 and the processor 1001 are electrically connected directly or indirectly to each other, so as to realize data transmission or interaction. For example, the elements may be electrically connected to each other via one or more communication buses or signal lines, such as through a bus connection. The bus may be an industry standard architecture (Industry Standard Architecture, abbreviated as ISA) bus, an external device interconnect (Peripheral Component Interconnect, abbreviated as PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) bus, among others. Buses may be divided into address buses, data buses, control buses, etc., but do not represent only one bus or one type of bus. The memory 1002 stores therein computer-executable instructions for implementing the aforementioned data query method, including at least one software functional module that may be stored in the memory 1002 in the form of software or firmware, and the processor 1001 executes the software programs and modules stored in the memory 1002 to thereby perform various functional applications and data processing.
The Memory 1002 includes at least one type of readable storage medium, not limited to random access Memory (Random Access Memory, abbreviated as RAM), read Only Memory (abbreviated as ROM), programmable Read Only Memory (Programmable Read-Only Memory, abbreviated as PROM), erasable Read Only Memory (Erasable Programmable Read-Only Memory, abbreviated as EPROM), electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, abbreviated as EEPROM), and the like. The memory 1002 is used for storing a program, and the processor 1001 executes the program after receiving an execution instruction. Further, the software programs and modules within the memory 1002 may also include an operating system, which may include various software components and/or drivers for managing system tasks (e.g., memory management, storage device control, power management, etc.), and may communicate with various hardware or software components to provide an operating environment for other software components.
The processor 1001 may be an integrated circuit chip having signal processing capabilities. The processor 1001 may be a general-purpose processor, including a central processing unit (Central Processing Unit, abbreviated as CPU), a network processor (Network Processor, abbreviated as NP), a digital signal processor (Digital Signal Processor, abbreviated as DSP), an application specific integrated circuit (Application Specific Integrated Circuit, abbreviated as ASIC), and the like. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor, or the processor 1001 may be any conventional processor or the like.
The implementation principle and technical effects of the technical solution provided by the embodiment of the data query method of the electronic device 1000 are similar to those of the embodiment of the method, and are not repeated here.
The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores computer execution instructions, and when the processor executes the computer execution instructions, the technical scheme of the data query method is realized.
The computer readable storage medium described above may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk. Such computer-readable storage media can be any available media that can be accessed by a general purpose or special purpose computer.
An exemplary readable storage medium is coupled to the processor such the processor can read information from, and write information to, the readable storage medium. In the alternative, the readable storage medium may be integral to the processor. The processor and the readable storage medium may reside in an application specific integrated circuit (Application Specific Integrated Circuits, ASIC for short). It is of course possible that the processor and the readable storage medium are present as separate components in the control means of the data querying device.
The embodiment of the application also provides a computer program product, which comprises a computer program, wherein the computer program is used for realizing the technical scheme of the data query method when being executed by a processor.
In the above embodiments, those skilled in the art will appreciate that implementing the above method embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present invention are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless network, microwave, etc.), from one website, computer, server, or data center. Computer readable storage media can be any available media that can be accessed by a computer or data storage devices, such as servers, data centers, etc., that contain an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy Disk, a hard Disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like. Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the present application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (11)

1. A data query method applied to a trusted third party, comprising:
based on a privacy set intersection solving algorithm, acquiring a privacy intersection of a query keyword in a data query party and a data keyword set in a data provider, and sending an intersection position of the privacy intersection in the data keyword set to the data query party;
transmitting a first set of public keys received from the data provider to the data querying party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set;
sending the key ciphertext received from the data querying party to the data provider; the key ciphertext is obtained by encrypting a symmetric key by the data inquiring party by utilizing an encryption public key, wherein the encryption public key is a first public key positioned at the intersection position in the first public key set;
Receiving a data information ciphertext set sent by the data provider; the data information ciphertext set comprises a plurality of data information ciphertexts, wherein the data information ciphertexts are obtained by encrypting data information associated with the data key by using an encryption key by the data provider, and the encryption key is obtained by decrypting the key ciphertext by using a first private key in a first key pair corresponding to the data key;
sending the data information ciphertext set to the data inquiring party; the data information ciphertext set is used for decrypting the data information ciphertext located at the intersection position in the data information ciphertext set by the data inquiring party by utilizing the symmetric key, so as to obtain an inquiring result.
2. The method according to claim 1, wherein the obtaining, based on the privacy set intersection algorithm, the privacy intersection of the query keyword in the data query party and the data keyword set in the data provider comprises:
receiving a first ciphertext and a first random number sent by the data inquiring party; the first ciphertext is obtained by carrying out multiplication semi-homomorphic encryption on the query keyword by using the first random number;
Receiving a second ciphertext set and a second random number sent by the data provider; the second ciphertext set is obtained by multiplying the data keywords in the data keyword set by the second random number in a semi-homomorphic manner;
performing multiplication semi-homomorphic encryption on the first ciphertext by using the second random number to obtain a third ciphertext;
performing multiplication semi-homomorphic encryption on a second ciphertext in the second ciphertext set by using the first random number to obtain a fourth ciphertext set;
and carrying out intersection on the third ciphertext and the fourth ciphertext set to obtain the privacy intersection.
3. The method according to claim 2, wherein the method further comprises:
uploading the first ciphertext, the first random number, the second ciphertext set, and the second random number to a blockchain memory certificate.
4. The method according to claim 2, wherein the method further comprises:
before crossing the third ciphertext and the fourth ciphertext set, disturbing the sequence of the fourth ciphertext in the fourth ciphertext set;
prior to sending a first set of public keys received from the data provider to the data querying party, scrambling the order of the first public keys in the first set of public keys;
Before the data information ciphertext set is sent to the data inquiring party, the sequence of the data information ciphertext in the data information ciphertext set is disturbed;
the data keyword set, the first public key set and the data information ciphertext set are the same in disorder order.
5. The method according to claim 1, wherein the method further comprises:
transmitting pre-stored encryption algorithm information to a data sender; the data sender comprises a data inquiry party or a data provider, and the encryption algorithm information comprises a plurality of encryption algorithms selected by the data sender;
receiving a first selection result returned by the data sender; wherein the first selection result corresponds to one encryption algorithm in the encryption algorithm information;
generating a second key pair according to the first selection result, and transmitting a second public key of the second key pair to the data transmitter; the second public key is used for encrypting data sent to the trusted third party by the data sender, and the second private key in the second key pair is used for decrypting data received to the data sender by the trusted third party.
6. The method according to claim 1, wherein the method further comprises:
the pre-stored encryption algorithm information is sent to a data receiver; wherein the data receiver comprises a data inquiry party or a data provider, and the encryption algorithm information comprises a plurality of encryption algorithms selected by the data receiver;
receiving a second selection result returned by the data receiver; wherein the second selection result corresponds to one encryption algorithm in the encryption algorithm information;
generating a third key pair according to the second selection result, and sending a third private key of the key pair to the data receiver; the third private key is used for decrypting the data received by the data receiver to the trusted third party, and the third public key in the third key pair is used for encrypting the data sent to the data receiver by the trusted third party.
7. The method according to any one of claims 1-6, further comprising:
and uploading the first public key set and the data information ciphertext set to a blockchain certificate.
8. A data query method is applied to a data query party and comprises the following steps:
Receiving an intersection position sent by a trusted third party; the intersection position is a position of a privacy intersection in a data keyword set, and the privacy intersection is obtained by the trusted third party performing privacy set intersection on a query keyword in a data query party and a data keyword set in a data provider based on a privacy set intersection algorithm;
receiving a first public key set sent by the trusted third party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set;
encrypting the symmetric key by utilizing the encryption public key to obtain a key ciphertext; wherein the encrypted public key is a first public key of the first public key set that is located at the intersection location;
the key ciphertext is sent to the trusted third party, so that the trusted third party can send the key ciphertext to the data provider;
receiving a data information ciphertext set sent by the trusted third party; the data information ciphertext set comprises a plurality of data information ciphertexts, wherein the data information ciphertexts are obtained by encrypting data information associated with the data key by using an encryption key by the data provider, and the encryption key is obtained by decrypting the key ciphertext by using a first private key in a first key pair corresponding to the data key;
And decrypting the data information ciphertext positioned at the intersection position in the data information ciphertext set by using the symmetric key to obtain a query result.
9. A data query method applied to a data provider, comprising:
transmitting a first public key set to a trusted third party for the trusted third party to transmit the first public key set to a data querying party; the first public key set comprises first public keys in a plurality of first key pairs, and the first key pairs are in one-to-one correspondence with data keywords in the data keyword set;
receiving a key ciphertext sent by the trusted third party; the key ciphertext is obtained by encrypting a symmetric key by the data inquiring party by using an encryption public key, the encryption public key is a first public key positioned at an intersection position in the first public key set, the intersection position is a position of a privacy intersection in a data keyword set, and the privacy intersection is obtained by carrying out privacy set intersection on an inquiring keyword in the data inquiring party and the data keyword set in a data provider by the trusted third party based on a privacy set intersection algorithm;
encrypting data information associated with the data keywords by using an encryption key aiming at each data keyword in the data keyword set to obtain a data information ciphertext; the encryption key is obtained by decrypting the key ciphertext by using a first private key in a first key pair corresponding to the data key;
Transmitting a data information ciphertext set formed by a plurality of data information ciphertexts to a trusted third party, so that the trusted third party can transmit the data information ciphertext set to the data inquiring party; the data information ciphertext set is used for decrypting the data information ciphertext positioned at the intersection position in the data information ciphertext set by the data inquiring party by utilizing the symmetric key, so as to obtain an inquiring result.
10. An electronic device comprising a processor and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored in the memory to implement the method of any one of claims 1 to 9.
11. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to carry out the method of any one of claims 1 to 9.
CN202311332898.8A 2023-10-13 2023-10-13 Data query method, electronic device, and readable storage medium Pending CN117390675A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311332898.8A CN117390675A (en) 2023-10-13 2023-10-13 Data query method, electronic device, and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311332898.8A CN117390675A (en) 2023-10-13 2023-10-13 Data query method, electronic device, and readable storage medium

Publications (1)

Publication Number Publication Date
CN117390675A true CN117390675A (en) 2024-01-12

Family

ID=89466039

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311332898.8A Pending CN117390675A (en) 2023-10-13 2023-10-13 Data query method, electronic device, and readable storage medium

Country Status (1)

Country Link
CN (1) CN117390675A (en)

Similar Documents

Publication Publication Date Title
US11019040B2 (en) Cloud key escrow system
US10116645B1 (en) Controlling use of encryption keys
US8396218B2 (en) Cryptographic module distribution system, apparatus, and program
US11405365B2 (en) Method and apparatus for effecting a data-based activity
CN109450633B (en) Information encryption transmission method and device, electronic equipment and storage medium
US10003467B1 (en) Controlling digital certificate use
US11374910B2 (en) Method and apparatus for effecting a data-based activity
US20180227278A1 (en) Communication of Messages Over Networks
US9641328B1 (en) Generation of public-private key pairs
US11637817B2 (en) Method and apparatus for effecting a data-based activity
GB2603495A (en) Generating shared keys
CN111555880A (en) Data collision method and device, storage medium and electronic equipment
CN117371010A (en) Data trace query method, electronic device and readable storage medium
CN117371011A (en) Data hiding query method, electronic device and readable storage medium
CN112887087B (en) Data management method and device, electronic equipment and readable storage medium
Ramachandran et al. Secure and efficient data forwarding in untrusted cloud environment
JP2022545809A (en) Secure environment for cryptographic key generation
KR101992402B1 (en) Method for Protecting Personal Data Using Homomorphic Encryption
CN114726549A (en) Data security query method and system based on bidirectional RSA three-time transmission protocol
CN117390675A (en) Data query method, electronic device, and readable storage medium
KR20170001633A (en) Tokenization-based encryption key managemnent sytem and method
Divya et al. A combined data storage with encryption and keyword based data retrieval using SCDS-TM model in cloud
CN113411347B (en) Transaction message processing method and processing device
CN116599771B (en) Data hierarchical protection transmission method and device, storage medium and terminal
CN114691759B (en) Data query statistical method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination