CN118070302A

CN118070302A - Data processing method, device, nonvolatile storage medium and electronic equipment

Info

Publication number: CN118070302A
Application number: CN202311587746.2A
Authority: CN
Inventors: 郑培钿; 李平; 周建平; 王攀峰
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2023-11-24
Filing date: 2023-11-24
Publication date: 2024-05-24

Abstract

The application discloses a data processing method, a data processing device, a nonvolatile storage medium and electronic equipment. The method relates to the field of information security and other technical fields, and comprises the following steps: acquiring the identification of a target object; the identification of the target object is respectively sent to N data providers, wherein the N data providers are also used for dividing N groups of data into random parts respectively to obtain random part data of each of the N data providers; receiving random data of each of N data providers in a trusted execution environment by adopting M computing devices, wherein the random data of the same data provider are received by different computing devices; summarizing the received data in a trusted execution environment by adopting M computing devices to obtain M summarized data; and combining the M summarized data to obtain the data of the target object in the N data providers. The application solves the technical problem of high risk of data source leakage in data transmission in the related technology.

Description

Data processing method, device, nonvolatile storage medium and electronic equipment

Technical Field

The present invention relates to the field of information security, and in particular, to a data processing method, apparatus, nonvolatile storage medium, and electronic device. It should be noted that the data processing method, the device, the nonvolatile storage medium and the electronic device determined by the present invention may be used for data processing in the field of financial technology, and may also be used for data processing in any field other than the field of financial technology.

Background

The user may store data in a plurality of data providers, and when the user or another data provider authorized by the user wants to acquire the data stored in the plurality of data providers by the user, a request is generally sent to the plurality of data providers, and the plurality of data providers send the data stored by the user or the other data providers authorized by the user in response to the request. In this process, if there is a malicious interception of data by a third party, there is a risk of leakage of the data itself as well as the source of the data. In the related art, the leakage risk of the data itself can be reduced by an encryption technique, but the leakage risk of the data source cannot be reduced.

Aiming at the technical problem of high risk of data source leakage in data transmission in the related technology, no effective solution is proposed at present.

Disclosure of Invention

The embodiment of the invention provides a data processing method, a data processing device, a nonvolatile storage medium and electronic equipment, which are used for at least solving the technical problem of high risk of data source leakage in data transmission.

In order to achieve the above object, according to one aspect of the present application, there is provided a data processing method. The method comprises the following steps: acquiring the identification of a target object; the identification of the target object is respectively sent to N data providers, wherein the N data providers are used for determining data of the target object in the N data providers respectively according to the identification of the target object and obtaining N groups of data, the N data providers are also used for dividing the N groups of data into random parts respectively to obtain random part data of the N data providers respectively, and N is an integer larger than 1; receiving random data of each of N data providers in a trusted execution environment by adopting M computing devices, wherein the random data of the same data provider are received by different computing devices, and M is an integer greater than 1; summarizing the received data in a trusted execution environment by adopting M computing devices to obtain M summarized data; and combining the M summarized data to obtain the data of the target object in the N data providers.

Optionally, in a case that the N data providers divide the N groups of data into M shares, respectively, receiving random share data of each of the N data providers in the trusted execution environment by using the M computing devices, respectively, including: and respectively receiving M parts of data of each of the N data providers in the trusted execution environment by adopting M computing devices, wherein the computing devices in the M computing devices respectively receive N parts of data from different data providers.

Optionally, before the M computing devices are adopted to aggregate the received data in the trusted execution environment respectively to obtain M pieces of aggregated data, the method further includes: determining respective hash values of the M computing devices; respectively obtaining check values of M computing devices; respectively verifying whether the M computing devices are trusted devices according to the hash values of the M computing devices and the check values of the M computing devices; after verifying that M computing devices are trusted devices, adopting the M computing devices to summarize received data in a trusted execution environment respectively to obtain M summarized data.

Optionally, verifying whether the M computing devices are trusted devices according to the hash values of the M computing devices and the check values of the M computing devices, respectively, includes: matching the hash values of the M computing devices with the check values of the M computing devices respectively; and under the condition that the hash values of the M computing devices are successfully matched with the corresponding check values, verifying the M computing devices as trusted devices.

Optionally, the sending the identification of the target object to the N data providers includes: obtaining the identification of L confusion objects, wherein L is an integer greater than 1; and respectively sending the identifications of the L confusion objects and the identifications of the target objects to N data providers, wherein the N data providers are used for determining the data of the L confusion objects and the target objects in the N data providers according to the identifications of the L confusion objects and the identifications of the target objects.

Optionally, the method further includes sending the identification of the target object to N data providers respectively, and further including: encrypting the identification of the target object by adopting a pre-agreed first encryption key to obtain an identification ciphertext; and respectively sending the identification ciphertext to N data providers, wherein the N data providers respectively decrypt the identification ciphertext by adopting a first decryption key to obtain an identification plaintext, and the first decryption key and the first encryption key are matched key pairs.

Optionally, receiving, with the M computing devices, random access data of each of the N data providers in the trusted execution environment, respectively, including: receiving random data ciphertexts of the N data providers respectively by M computing devices in a trusted execution environment, wherein the N data providers encrypt the random data of the N data providers respectively by a second encryption key agreed in advance to obtain the random data ciphertexts of the N data providers respectively; and decrypting the random data ciphertext of each of the N data providers by adopting a second decryption key to obtain random data plaintext of each of the N data providers, wherein the second decryption key and the second encryption key are matched key pairs.

In order to achieve the above object, according to another aspect of the present application, there is provided a data processing apparatus. The device comprises: the acquisition module is used for acquiring the identification of the target object; the device comprises a sending module, a receiving module and a receiving module, wherein the sending module is used for respectively sending the identification of a target object to N data providers, the N data providers are used for determining data of the target object in the N data providers according to the identification of the target object and obtaining N groups of data, the N data providers are also used for respectively dividing the N groups of data into random parts to obtain random part data of the N data providers, and N is an integer greater than 1; the receiving module is used for receiving the random data of each of N data providers in a trusted execution environment by adopting M computing devices, wherein the random data of the same data provider are received by different computing devices, and M is an integer greater than 1; the computing module is used for summarizing the received data in the trusted execution environment by adopting M computing devices to obtain M summarized data; and the determining module is used for combining the M summarized data to obtain the data of the target object in the N data providers.

In order to achieve the above object, according to another aspect of the present application, there is provided a nonvolatile storage medium including a stored program, wherein the data processing method of any one of the above items of equipment in which the nonvolatile storage medium is located is controlled when the program runs.

In order to achieve the above object, according to another aspect of the present application, there is provided an electronic device including one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the data processing method of any one of the above.

According to the application, the following steps are adopted: acquiring the identification of a target object; the identification of the target object is respectively sent to N data providers, wherein the N data providers are used for determining data of the target object in the N data providers respectively according to the identification of the target object and obtaining N groups of data, the N data providers are also used for dividing the N groups of data into random parts respectively to obtain random part data of the N data providers respectively, and N is an integer larger than 1; receiving random data of each of N data providers in a trusted execution environment by adopting M computing devices, wherein the random data of the same data provider are received by different computing devices, and M is an integer greater than 1; summarizing the received data in a trusted execution environment by adopting M computing devices to obtain M summarized data; the M summarized data are combined to obtain the data of the target object in the N data providers, so that the purpose that the data of the target object in the N data providers can be obtained only without obtaining the source of the data in the N data providers is achieved, the technical problem that the risk of data source leakage in data transmission in the related technology is high is solved, and the technical effect of reducing the risk of data source leakage in data transmission is achieved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application. In the drawings:

FIG. 1 is a flow chart of a data processing method provided according to an embodiment of the present application;

FIG. 2 is a schematic diagram of a data processing method provided in accordance with an alternative embodiment of the present application;

FIG. 3 is a schematic diagram of a data processing apparatus provided in accordance with an embodiment of the present application;

fig. 4 is a schematic structural diagram of an electronic device for performing a data processing method according to an embodiment of the present invention.

Detailed Description

It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.

In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.

It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe the embodiments of the application herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

It should be noted that, related information (including, but not limited to, user equipment information, user personal information, etc.) and data (including, but not limited to, data for presentation, analyzed data, etc.) related to the present disclosure are information and data authorized by a user or sufficiently authorized by each party. For example, an interface is provided between the system and the relevant user or institution, before acquiring the relevant information, the system needs to send an acquisition request to the user or institution through the interface, and acquire the relevant information after receiving the consent information fed back by the user or institution.

In the related art, a user may store data in a plurality of data providers, and when the user or another data provider authorized by the user wants to acquire the data stored in the plurality of data providers, a request is generally sent to the plurality of data providers, and the plurality of data providers send the data stored in the plurality of data providers to the user or the other data providers authorized by the user in response to the request. In this process, if there is a malicious interception of data by a third party, there is a risk of leakage of the data itself as well as the source of the data. The invention provides a data processing method based on the problems of the related technology, which can only pay attention to all data of a target object in N data providers, but not pay attention to which data provider the all data in the N data providers come from.

The present application will be described with reference to preferred implementation steps, and fig. 1 is a flowchart of a data processing method according to an embodiment of the present application, and as shown in fig. 1, the method includes the following steps:

Step S101, the identification of the target object is acquired.

In this step, the target object may be the user who stores data in the plurality of data providers, or may be a mechanism for storing data, or the like. An execution subject of the present invention may be a data processing apparatus trusted by both a target object and a plurality of data providers, and may be composed of a plurality of computing devices. When a target object or other third party wants to acquire data stored by the target object in a plurality of data providers, the identification of the target object is sent to a data processing device. The identity of the target object may be a character capable of uniquely characterizing the identity of the target object, the identity of the target object may be an identification card number if the target object is a person, and the identity of the target object may be an organization code if the target object is an organization.

Step S102, the identification of the target object is respectively sent to N data providers, wherein the N data providers are used for determining data of the target object in the N data providers according to the identification of the target object and obtaining N groups of data, the N data providers are also used for dividing the N groups of data into random parts respectively to obtain random part data of the N data providers respectively, and N is an integer greater than 1.

In this step, the data processing apparatus may send the identification of the target object to the N data providers, respectively, that is, each of the N data providers may receive the identification of the target object. After receiving the identification, the N data providers can determine the data stored by the target object in themselves according to the identification. After any data provider in the N data providers receives the identifier, the following method may be used to generate random data: the data provider can determine all data stored by the target object in the data provider according to the identification, then divide all data into random shares, each share comprises a part of data stored by the target object in the data provider, it should be noted that the process of dividing the data can also be random without equally dividing, and secondly, the data provider can respectively send the random data to different computer devices.

It should be noted that, each data provider may choose to divide data into random shares, the number of divisions chosen by each data provider may be different, the size of memory occupied by each data may be different, or even the data provider may choose not to divide data, and send the data directly to the computing device.

As a specific embodiment of the invention applied to the field of financial science and technology, the data provider can be a financial institution, the target object can be a borrower applying for loans to a plurality of financial institutions, the data can be loan data, specifically can be loan amount, and can be the target object or other financial institutions want to acquire the total loan amount of the target object in N financial institutions. In step S202, the financial institution may determine a loan amount to be loaned by the target object at the financial institution based on the identification; secondly, the borrowing amount can be divided into random parts, each part comprises a part of borrowing amount of the target object borrowed in the financial institution, and the process of dividing the borrowing amount can be random without equally dividing; second, the financial institution may send the random lending data to different computing devices separately.

Specifically, assuming that the total amount of loans of the target object at the financial institution a is 100, the financial institution a may divide 100 into random shares; assuming that the random parts are 3 parts, 100 can be divided into 3 parts, 30 and 40 respectively; at this point, financial institution a may issue 30 to computing device a, another 30 to computing device b, and 40 to computing device c. Similarly, the target object may have been debited 150 at financial institution B, which may divide 150 into 2 shares, 50 and 100 respectively, with 50 being sent to computing device a and 100 being sent to computing device B.

It should be noted that, each financial institution may choose to divide the loan data into random shares, the number of divisions chosen by each financial institution may be different, the amount of each share of the loan data may be different, or even the financial institution may choose not to divide the loan data, and send the loan data directly to the computing device.

And step S103, receiving the random data of each of N data providers in a trusted execution environment by adopting M computing devices, wherein the random data of the same data provider are received by different computing devices, and M is an integer greater than 1.

In this step, the data processing apparatus may use M computing devices that perform independent computation, and each of the N data providers receives random data in the trusted execution environment. It should be noted that, the interfaces of the M computing devices receiving data are not mutually communicated, and the internal computing process is also independently calculated, that is, the computing devices in the M computing devices only know the multiple pieces of random data of multiple data providers accepted by themselves, and do not know the data information sent by the data provider to other computing devices. The N data providers may actively select to send the random data to different computing devices, respectively, where the M computing devices only need to receive the data sent by the data provider. To protect the data of the data provider, it is preferable that random copies of the data of the same data provider be received by different computing devices.

Specifically, following the above example, computing device a receives a 30 of the lending data for financial institution a and also receives a50 of the lending data for financial institution B; computing device B receives 30 a debit of financial institution a and also receives 100a debit of financial institution B; the computing device c receives 40 a debit data from the financial institution a.

And step S104, summarizing the received data in the trusted execution environment by adopting M computing devices to obtain M summarized data.

In this step, in order to improve the security of the data transmission process, M computing devices may respectively aggregate the received data in the trusted execution environment, to obtain M aggregated data. Specifically, when the method provided by the invention is applied to the field of financial science and technology, the M computing devices can respectively calculate the sum of the received lending data to obtain M summary data, and in the above-mentioned example, the summary data of the computing device a is 80, the summary data of the computing device b is 130, and the summary of the computing device c is 40.

And step S105, combining the M summarized data to obtain the data of the target object in the N data providers.

In this step, the M computing devices may output the summary data, and combine the output M summary data, so as to obtain all data of the target object in the N data providers. The method provided by the invention can be applied to the field of financial science and technology, so that the sum of the amounts of the target object applying for the lending transaction to N financial institutions can be obtained. Specifically, in the above example, the sum of the amounts of the debit transactions of the target object to the financial institution a, the financial institution B, and the financial institution C is 250.

It should be noted that, to improve the security of the data transmission computing process, the data processing apparatus may be disposed in a trusted execution environment, and perform the data summarizing process in the trusted execution environment.

According to the data processing method provided by the embodiment of the application, the identification of the target object is obtained; the identification of the target object is respectively sent to N data providers, wherein the N data providers are used for determining data of the target object in the N data providers respectively according to the identification of the target object and obtaining N groups of data, the N data providers are also used for dividing the N groups of data into random parts respectively to obtain random part data of the N data providers respectively, and N is an integer larger than 1; receiving random data of each of N data providers in a trusted execution environment by adopting M computing devices, wherein the random data of the same data provider are received by different computing devices, and M is an integer greater than 1; summarizing the received data in a trusted execution environment by adopting M computing devices to obtain M summarized data; the M summarized data are combined to obtain the data of the target object in the N data providers, so that the purpose that the data of the target object in the N data providers can be obtained only without obtaining the source of the data in the N data providers is achieved, the technical problem that the risk of data source leakage in data transmission in the related technology is high is solved, and the technical effect of reducing the risk of data source leakage in data transmission is achieved.

Optionally, in the data processing method provided by the embodiment of the present application, in a case that N data providers divide N groups of data into M shares, respectively, receiving random share data of each of the N data providers in a trusted execution environment by using M computing devices, respectively, including: and respectively receiving M parts of data of each of the N data providers in the trusted execution environment by adopting M computing devices, wherein the computing devices in the M computing devices respectively receive N parts of data from different data providers.

Optionally, in order to prevent the path trend of the data being sent to the computing device by the data provider from being tracked in the data transmission process, the computing device is specifically cracked according to the determined path trend to obtain the data of the data provider, so that the N data providers divide the respective data into M copies and send the M copies to the M computing devices respectively. Each of the M computing devices receives N copies of data from a different data provider. The size of the memory occupied by each data can be any size. When the invention is applied to the field of financial science and technology, the random share amount sent by the financial institution can be any amount without equipartition.

Optionally, in the data processing method provided by the embodiment of the present application, before using M computing devices to aggregate received data in a trusted execution environment respectively to obtain M pieces of aggregated data, the method further includes: determining respective hash values of the M computing devices; respectively obtaining check values of M computing devices; respectively verifying whether the M computing devices are trusted devices according to the hash values of the M computing devices and the check values of the M computing devices; after verifying that M computing devices are trusted devices, adopting the M computing devices to summarize received data in a trusted execution environment respectively to obtain M summarized data.

Optionally, in the data processing method provided by the embodiment of the present application, verifying, according to the hash values of each of the M computing devices and the check values of the M computing devices, whether the M computing devices are trusted devices includes: matching the hash values of the M computing devices with the check values of the M computing devices respectively; and under the condition that the hash values of the M computing devices are successfully matched with the corresponding check values, verifying the M computing devices as trusted devices.

Optionally, in order to ensure security during data processing, to prevent data leakage at the computing device, trusted verification may be performed on each of the M computing devices. In particular, the respective hash values may be determined according to a computing program of the computing device, and when the computing program fluctuates, the hash values also fluctuate greatly; second, the hash value of the computing device may be matched and compared to a predetermined verification value, and when the hash value and the verification value match, the computing device is verified as a trusted device if the hash value and the verification value are the same. After verifying that all the M computing devices are trusted devices, the M computing devices are adopted to respectively receive the random data of each of the N data providers.

Optionally, in the data processing method provided by the embodiment of the present application, the sending the identifier of the target object to N data providers includes: obtaining the identification of L confusion objects, wherein L is an integer greater than 1; and respectively sending the identifications of the L confusion objects and the identifications of the target objects to N data providers, wherein the N data providers are used for determining the data of the L confusion objects and the target objects in the N data providers according to the identifications of the L confusion objects and the identifications of the target objects.

Alternatively, if only the identity of the target object is sent to N data providers, the N data providers may mark the target object as a potential object, possibly sending marketing information or the like to the target object. At this time, for reasons of the intention of the confusion target object, the identification of the L confusion objects may be acquired, the identification of the L confusion objects and the identification of the target object may be sent to the N data providers together, and the data stored in the N data providers by the L confusion objects may be determined together in a manner similar to determining the data stored in the N data providers by the target object. When the invention is applied to the field of financial science and technology, the invention can prevent a financial institution from marking the target object as a potential borrowing object and sending borrowing marketing information to the target object.

Optionally, in the data processing method provided by the embodiment of the present application, the identifiers of the target objects are sent to N data providers respectively, and further includes: encrypting the identification of the target object by adopting a pre-agreed first encryption key to obtain an identification ciphertext; and respectively sending the identification ciphertext to N data providers, wherein the N data providers respectively decrypt the identification ciphertext by adopting a first decryption key to obtain an identification plaintext, and the first decryption key and the first encryption key are matched key pairs.

Optionally, in order to protect the security of the identification of the target object during the transmission, the identification of the target object may be encrypted. The encryption method can comprise the steps of generating a random number, mixing and splicing the random number and the identifier by a certain rule, encrypting the identifier by a secret key, and encrypting the identifier by combining the two modes. In particular, the data processing apparatus may agree on a key pair with N data providers, which encrypt the identification, and N data providers may decrypt the identification ciphertext.

It should be noted that, the present alternative embodiment may also be used in combination with the previous alternative embodiment, that is, the identification of the target object is confused by using the identifications of the L confused objects, and the identifications of the L confused objects and the identifications of the target object are encrypted.

Optionally, in the data processing method provided by the embodiment of the present application, receiving random data of each of N data providers in a trusted execution environment by using M computing devices, including: receiving random data ciphertexts of the N data providers respectively by M computing devices in a trusted execution environment, wherein the N data providers encrypt the random data of the N data providers respectively by a second encryption key agreed in advance to obtain the random data ciphertexts of the N data providers respectively; and decrypting the random data ciphertext of each of the N data providers by adopting a second decryption key to obtain random data plaintext of each of the N data providers, wherein the second decryption key and the second encryption key are matched key pairs.

Optionally, the random data may be encrypted in order to protect the security of the random data during transmission. The encryption method may be to encrypt the identification with a key. Specifically, the data processing device may agree on a key pair with N data providers, where the N data providers encrypt the random data into a random data ciphertext, and the data processing device may decrypt the random data ciphertext.

As a specific embodiment of the present application applied in the field of financial technology, fig. 2 is a schematic diagram of a data processing method according to an alternative embodiment of the present application. As shown in fig. 2, the financial institution 1 is an application provider and a result receiver, and the financial institution 2 (data providing 1 module 004) and the financial institution 3 (data providing 2 module 005) are data providers. The data processing device provided by the application is composed of an evaluation initiating and receiving module 001, a calculator 1 module 002 and a calculator 2 module 003, wherein the calculator 1 module 002 and the calculator 2 module 003 form 2 computing devices.

The evaluation initiating and receiving module 001 consists of a key processing sub-module 101, an evaluation receiving sub-module 102 and an evaluation initiating and receiving module 103; the calculator 1 module 002 is composed of a key processing sub-module 201 and a data calculation sub-module 202; the calculator 2 module 003 is composed of a key processing sub-module 301 and a data calculation sub-module 302; the data providing 1 module 004 is composed of a key processing sub-module 401 and a data providing sub-module 402; the data providing 2 module 005 is composed of a key processing sub-module 502 and a data providing sub-module 502.

The specific process is as in step 1 to step 12.

Step 1, the applicant (target object) submits a loan application to the financial institution 1, the financial institution 1 obtains the authority of the applicant, and the applicant can apply to a plurality of financial institutions to obtain the sum of loan amounts of the applicant in the plurality of financial institutions.

Step 2, the evaluation initiating and receiving module 001 negotiates keys with the calculator 1 module 002 and the calculator 2 module 003. The key processing sub-module 101 of the evaluation initiating and receiving module 001 generates a public-private key pair PriKey and PukKey1, the private key PriKey1 is stored inside the key processing sub-module 101, the public key PukKey1 is disclosed, and is provided to the calculator 1 module 002 and the calculator 2 module 003.

Step 3, calculator 1 module 002, calculator 2 module 003, data providing 1 module 004, data providing 2 module 005 negotiate a key. The key processing sub-module 201 of the calculator 1 module 002 generates public-private key pairs PriKey2 and PukKey2, the private key PriKey is stored inside the key processing sub-module 201, and the public key PukKey2 is disclosed. The key processing sub-module 301 of the calculator 2 module 003 generates a public-private key pair PriKey and PukKey3, the private key PriKey3 is stored inside the key processing sub-module 301, and the public key PukKey3 is disclosed. The key processing sub-module 401 of the data providing 1 module 004 generates public-private key pairs PriKey4 and PukKey, the private key PriKey is stored inside the key processing sub-module 401, and the public key PukKey4 is disclosed. The key processing sub-module 501 of the data providing 2 module 005 generates public-private key pairs PriKey and PukKey, the private key PriKey is stored inside the key processing sub-module 501, and the public key PukKey is disclosed.

Step 4, the calculator 1 module 002 negotiates the Key6 with the data providing 1 module 004, the Key processing sub-module 201 of the calculator 1 module 002 generates the symmetric Key6, SIGNs the Key6 with PriKey2 to obtain the signature value SIGN1, splices the Key6 into the Key6||sign1, and encrypts the Key 6|sign 1 into the data D1 with the public Key PukKey of the data providing 1 module 004, that is, d1=enc (PukKey, key 6|sign 1). The data providing 1 module 004 receives D1, decrypts with the secret PriKey4, and verifies the signature with the public Key PukKey2 of the calculator 1 module 002 to obtain the Key6. Similarly, the calculator 1 module 002 negotiates the Key7 with the data providing 2 module 005, the calculator 2 module 003 negotiates the Key8 with the data providing 1 module 004, and the calculator 2 module 003 negotiates the Key9 with the data providing 2 module 005.

In order to provide a data interaction flow with higher security, the steps 2 to 4 firstly set key pairs between 5 data interaction parties and confirm the security of the key pairs.

Step 5, the financial institution 1 provides a computing program, wherein the computing program comprises a verification module and a computing model. Program logic of the authentication module: hash value HashValue is computed over the stored catalog of the computing model, and hash value HashValue is counted against the input key. Taking exclusive or as an example, the patent calculates a data decryption key, decrypts the data by using the decryption key, verifies the verification value CheckValue and the hash value HashValue in the data, and then sends the data to a calculation model for calculation after verification is successful. Since the decryption key depends on the computing program, such as the computing program changes, the hash value HashValue changes, verification after decryption is not passed, so that the computing model can be protected from being tampered with, and the data depends on the computing model. After compiling the calculation program, the financial institution 1 calculates the check value CheckValue on the stored directory of the calculation model, and gives it to the data providing 1 module 004 and the data providing 2 module 005.

Wherein, step 5 verifies the security of the computing program.

Step 6, the evaluation initiator module 103 of the evaluation initiating and receiving module 001 extracts the query ID of the applicant, assembles the "query tag+query id+random number" to generate a plurality of "non-query tag+random query id+random number", combines the "query tag+query id+random number" and a plurality of "non-query tag+random query id+random number", encrypts and transmits the same to the calculator 1 module 002 by using the public key PukKey of the calculator 1 module 002, encrypts and transmits the same to the calculator 2 module 003 by using the public key PukKey3 of the calculator 2 module 003.

Wherein step 6 uses the random challenge ID to confuse the true challenge ID and encrypts the ID.

And 7, after the calculator 1 module 002 receives the data, decrypting the data by using the secret PriKey2, removing the query mark and the non-query mark, reassembling the data into the query ID+random number and the random query ID+random number, encrypting the random query ID+random number by using the Key Key6 of the data providing 1 module 004, sending the encrypted data to the data providing 1 module 004, encrypting the encrypted data by using the Key Key7 of the data providing 2 module 005, and sending the encrypted data to the data providing 2 module 005. The financial institution 1 is protected from querying the information of the condition applicant by the confusion technique.

Step 8, the data providing sub-module 402 of the data providing 1 module 004 uses the Key6 to decrypt, extracts each inquiry ID list (including inquiry IDs and random inquiry IDs), reads the total amount of data, and inquires the lending value corresponding to the data according to all the inquiry ID lists. The lending value is segmented, the quantity of the epidemic prevention segments is consistent with that of the calculated parties, and 2 is taken as an example, and the segments are segmented into lending data segments 1 and 2. Since the data is fragmented and the fragments are respectively sent to different calculators, the detail data provided by the data can be protected. Each inquiry id+check value CheckValue +lend value fragment 1 is assembled, encrypted with the Key6 and the calculated check value CheckValue, and sent to the calculator 1 module 002. And assembling each query ID+the check value CheckValue +the lending value fragment 2, encrypting the query ID+the check value CheckValue +the lending value fragment 2 by using the Key Key7 and the calculated check value CheckValue, and sending the encrypted query ID+the check value CheckValue +the lending value fragment to a module 003 of the calculator 2.

And 9, a data providing 2 module 005 is used for assembling the query ID+the check value CheckValue +the lending value fragment 3 in a similar way, encrypting the query ID+the check value CheckValue +the lending value fragment 3 by using a Key Key8 and a calculated check value CheckValue, and sending the encrypted query ID+the check value CheckValue +the lending value fragment to a calculating party 1 module 002. And assembling each query ID+the check value CheckValue +the lending value fragment 4, encrypting the query ID+the check value CheckValue +the lending value fragment by using the Key Key9 and the calculated check value CheckValue, and sending the encrypted query ID+the check value CheckValue +the lending value fragment to the module 003 of the calculator 2.

In step 8 and step 9, the data providing 1 module 004 and the data providing 2 module 005 divide their own detailed data into 2 shares, and send the data to the calculator 1 module 002 and the calculator 2 module 003, respectively.

Step 10, the calculator 1 module 002 obtains the ciphertext of the query id+the check value CheckValue +the lending value fragment, calculates the hash value HashValue of the storage catalog of the calculation model, calculates the hash value HashValue and the Key6 by exclusive or and the like, calculates the data decryption Key, decrypts the data by using the decryption Key, verifies the check value CheckValue and the hash value HashValue in the data, matches all the query IDs after verification is successful, extracts the lending value fragment corresponding to the required query ID, and then sends the lending value fragment to the calculation model for calculation. And the module 002 of the calculator 1 is similarly verified successfully by the Key Key8 and the verification value CheckValue and the lending value fragment 3 is obtained.

In step 11, the data calculation sub-module 201 of the calculator 1 module 002 calculates the service value of each data provider according to the calculation rule of the calculation model, and calculates the lending value slice 1 and the lending value slice 3 as the lending value slice 5. The component 5 ciphertext is encrypted with the key PukKey of the evaluation initiating and receiving module 001 and sent to the evaluation initiating and receiving module 001 evaluation initiator module 103. The calculator 2 module 003 performs calculation on the lending value slice 2 and the lending value slice 4, encrypts the slice 6 ciphertext with the key PukKey1 of the evaluation initiating and receiving module 001, and sends the encrypted slice 6 ciphertext to the evaluation initiator module 103 of the evaluation initiating and receiving module 001.

Step 10 and step 11 are respectively calculating received lending data fragments (random data of each of 2 data providers) by the calculator 1 module 002 and the calculator 2 module 003, so as to obtain respective accumulated lending value fragments (2 summary data).

Step 12, the evaluation initiator module 103 of the evaluation initiating and receiving module 001 decrypts the ciphertext of the segment 5 with the key PriKey to obtain the segment 5, decrypts the ciphertext of the segment 6 with the key PriKey1 to obtain the segment 6, calculates the segment 5 and the segment 6 according to the calculation rule to obtain the lending value, evaluates the lending data, and uses the evaluation result in the subsequent business process.

Step 12 is that the evaluation initiating and receiving module 001 receives the respective accumulated borrowing values (2 pieces of summarized data) sent by the computing side 1 module 002 and the computing side 2 module 003 respectively, and adds them to obtain the total amount of borrowers borrowing in the data providing 1 module 004 and the data providing 2 module 005 (data of the target object in the N data providers), and performs subsequent evaluation.

It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.

The embodiment of the application also provides a data processing device, and the data processing device of the embodiment of the application can be used for executing the data processing method provided by the embodiment of the application. The following describes a data processing apparatus provided in an embodiment of the present application.

FIG. 3 is a schematic diagram of a data processing apparatus according to an embodiment of the present application. As shown in fig. 3, the apparatus includes: an obtaining module 31, configured to obtain an identifier of a target object; the sending module 32 is connected with the obtaining module 31 and is used for respectively sending the identification of the target object to N data providers, wherein the N data providers are used for determining the data of the target object in the N data providers according to the identification of the target object and obtaining N groups of data, the N data providers are also used for respectively dividing the N groups of data into random parts to obtain the random part data of each of the N data providers, and N is an integer greater than 1; the receiving module 33 is connected with the sending module 32 and is used for receiving the random data of each of the N data providers in the trusted execution environment by adopting M computing devices, wherein the random data of the same data provider are received by different computing devices, and M is an integer greater than 1; the computing module 34 is connected with the receiving module 33 and is used for summarizing the received data in the trusted execution environment by adopting M computing devices respectively to obtain M summarized data; the determining module 35 is connected to the calculating module 34, and is configured to combine the M summary data to obtain data of the target object in the N data providers.

The data processing device provided by the embodiment of the application adopts the following steps: acquiring the identification of a target object; the identification of the target object is respectively sent to N data providers, wherein the N data providers are used for determining data of the target object in the N data providers respectively according to the identification of the target object and obtaining N groups of data, the N data providers are also used for dividing the N groups of data into random parts respectively to obtain random part data of the N data providers respectively, and N is an integer larger than 1; receiving random data of each of N data providers in a trusted execution environment by adopting M computing devices, wherein the random data of the same data provider are received by different computing devices, and M is an integer greater than 1; summarizing the received data in a trusted execution environment by adopting M computing devices to obtain M summarized data; the M summarized data are combined to obtain the data of the target object in the N data providers, so that the purpose that the data of the target object in the N data providers can be obtained only without obtaining the source of the data in the N data providers is achieved, the technical problem that the risk of data source leakage in data transmission in the related technology is high is solved, and the technical effect of reducing the risk of data source leakage in data transmission is achieved.

The data processing device comprises a processor and a memory, wherein the acquisition module 31, the transmission module 32, the receiving module 33, the calculation module 34, the determination module 35 and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.

The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be provided with one or more than one, and the purpose of acquiring only the data of the target object in the N data providers, but not acquiring the sources of the data in the N data providers is achieved by adjusting the kernel parameters.

The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip.

An embodiment of the present invention provides a computer-readable storage medium having stored thereon a program which, when executed by a processor, implements the data processing method.

The embodiment of the invention provides a processor which is used for running a program, wherein the data processing method is executed when the program runs.

Fig. 4 is a schematic structural diagram of an electronic device for performing a data processing method according to an embodiment of the present invention, and as shown in fig. 4, the embodiment of the present invention provides an electronic device, where the device includes a processor, a memory, and a program stored in the memory and executable on the processor, and the processor implements the following steps when executing the program: acquiring the identification of a target object; the identification of the target object is respectively sent to N data providers, wherein the N data providers are used for determining data of the target object in the N data providers respectively according to the identification of the target object and obtaining N groups of data, the N data providers are also used for dividing the N groups of data into random parts respectively to obtain random part data of the N data providers respectively, and N is an integer larger than 1; receiving random data of each of N data providers in a trusted execution environment by adopting M computing devices, wherein the random data of the same data provider are received by different computing devices, and M is an integer greater than 1; summarizing the received data in a trusted execution environment by adopting M computing devices to obtain M summarized data; and combining the M summarized data to obtain the data of the target object in the N data providers.

The device herein may be a server, PC, PAD, cell phone, etc.

The application also provides a computer program product adapted to perform, when executed on a data processing device, a program initialized with the method steps of: acquiring the identification of a target object; the identification of the target object is respectively sent to N data providers, wherein the N data providers are used for determining data of the target object in the N data providers respectively according to the identification of the target object and obtaining N groups of data, the N data providers are also used for dividing the N groups of data into random parts respectively to obtain random part data of the N data providers respectively, and N is an integer larger than 1; receiving random data of each of N data providers in a trusted execution environment by adopting M computing devices, wherein the random data of the same data provider are received by different computing devices, and M is an integer greater than 1; summarizing the received data in a trusted execution environment by adopting M computing devices to obtain M summarized data; and combining the M summarized data to obtain the data of the target object in the N data providers.

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.

Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.

The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.

Claims

1. A method of data processing, comprising:

Acquiring the identification of a target object;

The identification of the target object is respectively sent to N data providers, wherein the N data providers are used for determining data of the target object in the N data providers according to the identification of the target object and obtaining N groups of data, the N data providers are also used for dividing the N groups of data into random parts respectively to obtain random part data of the N data providers respectively, and N is an integer greater than 1;

receiving random data of each of the N data providers in a trusted execution environment by adopting M computing devices, wherein the random data of the same data provider are received by different computing devices, and M is an integer greater than 1;

summarizing the received data in the trusted execution environment by adopting the M computing devices to obtain M summarized data;

and combining the M summarized data to obtain the data of the target object in the N data providers.

2. The method of claim 1, wherein, in the case where the N data providers divide the N groups of data into M shares, respectively, the employing M computing devices to receive random shares of data for the N data providers, respectively, in a trusted execution environment, comprises:

And respectively receiving M parts of data of the N data providers in the trusted execution environment by adopting the M computing devices, wherein the computing devices in the M computing devices respectively receive N parts of data from different data providers.

3. The method of claim 1, further comprising, prior to said employing said M computing devices to aggregate received data in said trusted execution environment, respectively, obtaining M aggregate data:

Determining respective hash values of the M computing devices;

Respectively obtaining check values of the M computing devices;

respectively verifying whether the M computing devices are trusted devices according to the hash values of the M computing devices and the check values of the M computing devices;

And after verifying that the M computing devices are the trusted devices, adopting the M computing devices to summarize the received data in the trusted execution environment respectively to obtain the M summarized data.

4. The method of claim 3, wherein verifying whether the M computing devices are trusted devices based on the respective hash values of the M computing devices and the verification values of the M computing devices, respectively, comprises:

Matching the hash values of the M computing devices with the check values of the M computing devices respectively;

and under the condition that the hash values of the M computing devices are successfully matched with the corresponding check values, verifying that the M computing devices are the trusted devices.

5. The method of claim 1, wherein the sending the identification of the target object to N data providers, respectively, comprises:

obtaining the identification of L confusion objects, wherein L is an integer greater than 1;

And respectively sending the identifications of the L confusion objects and the identifications of the target objects to the N data providers, wherein the N data providers are used for determining the data of the L confusion objects and the target objects in the N data providers according to the identifications of the L confusion objects and the identifications of the target objects.

6. The method of claim 1, wherein the sending the identification of the target object to N data providers, respectively, further comprises:

Encrypting the identification of the target object by adopting a pre-agreed first encryption key to obtain an identification ciphertext;

And respectively sending the identification ciphertext to the N data providers, wherein the N data providers respectively adopt first decryption keys to decrypt the identification ciphertext to obtain an identification plaintext, and the first decryption keys and the first encryption keys are matched key pairs.

7. The method of any of claims 1 to 6, wherein the employing M computing devices to receive the random share data of each of the N data providers in a trusted execution environment, respectively, comprises:

Receiving random data ciphertexts of the N data providers respectively in the trusted execution environment by adopting the M computing devices, wherein the N data providers encrypt the random data of the N data providers respectively by adopting a second encryption key agreed in advance to obtain the random data ciphertexts of the N data providers respectively;

And decrypting the random data ciphertext of each of the N data providers by adopting a second decryption key to obtain the random data plaintext of each of the N data providers, wherein the second decryption key and the second encryption key are matched key pairs.

8.A data processing apparatus, comprising:

The acquisition module is used for acquiring the identification of the target object;

The sending module is used for respectively sending the identifications of the target objects to N data providers, wherein the N data providers are used for determining the data of the target objects in the N data providers according to the identifications of the target objects and obtaining N groups of data, the N data providers are also used for respectively dividing the N groups of data into random parts to obtain the random part data of each of the N data providers, and N is an integer greater than 1;

The receiving module is used for receiving the random data of each of the N data providers in a trusted execution environment by adopting M computing devices, wherein the random data of the same data provider are received by different computing devices, and M is an integer greater than 1;

the computing module is used for summarizing the received data in the trusted execution environment by adopting the M computing devices to obtain M summarized data;

And the determining module is used for combining the M summarized data to obtain the data of the target object in the N data providers.

9. A non-volatile storage medium, characterized in that the non-volatile storage medium comprises a stored program, wherein the program, when run, controls a device in which the non-volatile storage medium is located to perform the data processing method of any one of claims 1 to 7.

10. An electronic device comprising one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the data processing method of any of claims 1-7.