WO2021073170A1 - Procédé et appareil de fourniture et de fusion de données - Google Patents

Procédé et appareil de fourniture et de fusion de données Download PDF

Info

Publication number
WO2021073170A1
WO2021073170A1 PCT/CN2020/100400 CN2020100400W WO2021073170A1 WO 2021073170 A1 WO2021073170 A1 WO 2021073170A1 CN 2020100400 W CN2020100400 W CN 2020100400W WO 2021073170 A1 WO2021073170 A1 WO 2021073170A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
public key
cluster
encryption result
fusion
Prior art date
Application number
PCT/CN2020/100400
Other languages
English (en)
Chinese (zh)
Inventor
余超凡
王磊
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021073170A1 publication Critical patent/WO2021073170A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • One or more embodiments of this specification relate to the field of data security, and in particular to methods and devices for data fusion by multiple parties.
  • One or more embodiments of this specification describe methods and devices for data provision and data fusion, which can perform data provision and data fusion more safely, efficiently and conveniently.
  • a method for providing data for data fusion which is executed by a first data provider, and the method includes: determining first data to be fused, for adding to the first data The decrypted first symmetric key and the first public key information of the data acquisition party corresponding to the first data; the cluster public key is used to encrypt the first symmetric key and the first public key information to generate the first Encryption result; wherein the cluster public key is the public key of an authenticated trusted computing cluster, and the trusted computing cluster is used for data fusion; storing the first encryption result in a data management platform; using the The first symmetric key encrypts the first data to generate a second encryption result; and stores the second encryption result in the data management platform.
  • the method before generating the first encryption result, further includes: remotely authenticating the trusted computing cluster; and obtaining the cluster public key if the authentication is passed.
  • performing remote authentication on the trusted computing cluster specifically includes: receiving a report file from the trusted computing cluster, where the report file includes the code hash of the fusion task running in the cluster, and the cluster The signature information of the computing unit in the computer; sending the report file to a third-party certification body to obtain a certification result file, the certification result file containing the code hash and the agency signature information of the third-party certification body; In the case where the verification of the agency signature information is successful and the code hash meets the expectation, it is determined that the trusted computing cluster has passed the authentication.
  • performing remote authentication on the trusted computing cluster specifically includes: receiving an authentication result file from the trusted computing cluster, where the authentication result file is a file certified by a third-party certification authority and includes The code hash of the running fusion task, and the agency signature information of the third-party certification agency; in the case that the agency signature information is successfully verified and the code hash meets expectations, it is determined that the trusted computing cluster is certified by.
  • the first public key information is a public key list, which includes multiple public keys corresponding to multiple data acquirers.
  • the method further includes: determining the second data to be fused and the corresponding second public key information of the data acquiring party; encrypting the first symmetric secret key and the second public key using the cluster public key Public key information to generate a third encryption result; store the third encryption result in a data management platform; use the first symmetric key to encrypt the second data to generate a fourth encryption result; encrypt the fourth The result is stored in the data management platform.
  • a data management method which is executed by a data management platform, the method comprising: receiving a first request from a trusted computing cluster, the first request being used to request a related key for the first data
  • the trusted computing cluster is used for data fusion; the first encryption result stored by the first data provider is obtained, and the first encryption result is encrypted by using the cluster public key of the trusted computing cluster to encrypt the first symmetric secret Key and first public key information, where the first symmetric secret key is used to encrypt and decrypt the first data, and the first public key information is the public key of the data acquirer corresponding to the first data.
  • a data fusion method which is executed by a trusted computing cluster, the method comprising: sending a first request to a data management platform, the first request being used to request a related key of the first data Receiving a first encryption result from the data management platform, the first encryption result being generated by encrypting the first symmetric secret key and the first public key information using the cluster public key of the trusted computing cluster, wherein the first symmetric The secret key is used to encrypt and decrypt the first data, the first public key information is the public key information of the data acquisition party corresponding to the first data; the cluster private key corresponding to the cluster public key is used, Decrypt the first encryption result to obtain the first symmetric secret key and the first public key information; send a second request to the data management platform, the second request is used to request the first data; Receiving a second encryption result from the data management platform, the second encryption result being generated by encrypting the first data using the first symmetric key; decrypting the second encryption using the first symmetric key As
  • the above method further includes storing the third encryption result in the data management platform.
  • the first public key information is a public key list, which includes multiple public keys corresponding to multiple data acquisition parties; in this case, the generating the fusion encryption result includes using the multiple A public key encrypts the fusion data, and multiple pieces of encrypted data are obtained as the fusion encryption result.
  • a device for providing data for data fusion which is deployed in a first data provider, and the device includes: a first determining unit configured to determine first data to be fused, for The first symmetric secret key for encrypting and decrypting the first data, and the first public key information of the data acquiring party corresponding to the first data; the first encryption unit is configured to encrypt the first public key using the cluster public key A symmetric secret key and the first public key information to generate a first encryption result; wherein, the cluster public key is a public key of an authenticated trusted computing cluster, and the trusted computing cluster is used for data fusion; A storage unit configured to store the first encryption result in a data management platform; a second encryption unit configured to encrypt the first data using the first symmetric key to generate a second encryption result; second storage A unit configured to store the second encryption result in the data management platform.
  • a data management device deployed on a data management platform, the device comprising: a first request receiving unit configured to receive a first request from a trusted computing cluster, the first request being used for Request the relevant secret key of the first data; the trusted computing cluster is used for data fusion; the first obtaining unit is configured to obtain the first encryption result stored by the first data provider, and the first encryption result is used
  • the cluster public key of the trusted computing cluster is generated by encrypting a first symmetric secret key and first public key information, wherein the first symmetric secret key is used to encrypt and decrypt the first data, and the first public key is used to encrypt and decrypt the first data.
  • the key information is the public key information of the data acquirer corresponding to the first data; the first sending unit is configured to send the first encryption result to the trusted computing cluster; the second request receiving unit is configured to receive The trusted computing cluster receives a second request, the second request is for requesting first data; a second obtaining unit is configured to obtain a second encryption result stored by the first data provider, and the second encryption The result is generated by encrypting the first data using the first symmetric key; the second sending unit is configured to send the second encryption result to the trusted computing cluster for it to target the first data Perform decryption and data fusion.
  • a data fusion device deployed in a trusted computing cluster comprising: a first request sending unit configured to send a first request to a data management platform, and the first request is used for For requesting the relevant secret key of the first data; the first receiving unit is configured to receive the first encryption result from the data management platform, and the first encryption result encrypts the first symmetric secret by using the cluster public key of the trusted computing cluster Key and first public key information, where the first symmetric secret key is used to encrypt and decrypt the first data, and the first public key information is the public key of the data acquirer corresponding to the first data.
  • a first decryption unit configured to use the cluster private key corresponding to the cluster public key to decrypt the first encryption result to obtain the first symmetric secret key and the first public key information;
  • second The request sending unit is configured to send a second request to the data management platform, the second request is used to request the first data;
  • the second receiving unit is configured to receive a second encryption result from the data management platform, The second encryption result is generated by encrypting the first data using the first symmetric key;
  • a second decryption unit is configured to decrypt the second encryption result using the first symmetric key to obtain the First data;
  • a fusion unit configured to perform a data fusion operation based on at least the first data to generate fusion data;
  • a fusion encryption unit configured to use the first public key information to encrypt the fusion data to generate fusion encryption The result is available to the data acquirer.
  • a computer-readable storage medium having a computer program stored thereon, and when the computer program is executed in a computer, the computer is caused to execute the method of one of the first aspect to the third aspect.
  • a computing device including a memory and a processor, characterized in that executable code is stored in the memory, and when the processor executes the executable code, the first aspect to the first aspect are implemented.
  • executable code is stored in the memory, and when the processor executes the executable code, the first aspect to the first aspect are implemented.
  • the data provider stores the encrypted data in the data management platform through the authentication phase, the data storage phase, and the data fusion phase, and performs data fusion through the authenticated trusted computing cluster .
  • the result of the fusion is encrypted with the public key of the data acquirer, so as to be provided to the authorized data acquirer in a targeted manner. In this way, data provision and data fusion can be carried out more safely, efficiently and conveniently.
  • Figure 1 is a schematic diagram of an implementation scenario of an embodiment disclosed in this specification
  • Figure 2 is a schematic diagram of an authentication phase according to an embodiment
  • Fig. 3 shows a schematic diagram of a data storage stage according to an embodiment
  • Figure 4 shows a schematic diagram of a data fusion stage according to an embodiment
  • Fig. 5 shows a schematic block diagram of a data providing apparatus deployed on a data provider according to an embodiment
  • Figure 6 shows a schematic block diagram of a data management device deployed on a data management platform according to an embodiment
  • Fig. 7 shows a schematic block diagram of a data fusion device deployed in a trusted computing cluster according to an embodiment.
  • Fig. 1 is a schematic diagram of an implementation scenario of an embodiment disclosed in this specification.
  • the data provision and fusion system mainly involves a data provider 100, a data management platform 200 and a trusted computing cluster 300 for data fusion.
  • the data provider 100 is used to provide data to be fused. Although only one data provider is shown in FIG. 1, in actual scenarios, there are often multiple data providers.
  • the trusted computing cluster 300 is used for data fusion processing, and data from various data providers can be fused or further processed.
  • the data provider does not directly interact with the trusted computing cluster 300 that executes the fusion service, but instead entrusts and authorizes an intermediate data management platform to store the data. And management. That is, the data provider 100 encrypts and stores the data to be fused to the data management platform 200, and the trusted computing cluster 300 reads the data to be fused from the data management platform 200 for further processing according to processing needs.
  • the whole process can be divided into an authentication phase, a data storage phase and a data fusion phase.
  • the data provider 100 passes remote authentication to confirm that the trusted computing cluster 300 is running in a trusted execution environment and the converged services running therein meet expectations. After the authentication is passed, the data provider 100 obtains the cluster public key PubK-TEE of the trusted computing cluster 300.
  • the data provider 100 In the data storage stage, for the data X to be shared and merged, the data provider 100 encrypts it with the symmetric key KX, and stores the encrypted data En(X) thus generated in the data management platform 200.
  • the data provider 100 also uses the above-mentioned cluster public key PubK-TEE to encrypt the above-mentioned symmetric secret key KX and the public key Pub-KC of the data acquisition party authorized to obtain the fusion data, and the thus obtained encryption key En(KX , Pub-KC) is also stored in the data management platform 200.
  • the trusted computing cluster 300 first obtains the encryption key En (KX, Pub-KC) from the data management platform 200, and uses its own private key to decrypt to obtain the symmetric key KX and the data acquisition party public key Pub-KC. Then the encrypted data En(X) is obtained, and the obtained symmetric key KX is used to decrypt it to obtain the original data X, and then the data X can be fused. Finally, use the public key Pub-KC of the data acquirer to encrypt the fused data X'for the data acquirer to acquire.
  • En KX, Pub-KC
  • the data provider 100 and the trusted computing cluster 300 can safely, efficiently and conveniently perform data provision and data fusion.
  • the results of the fusion can be provided to designated authorized acquirers in a targeted manner, so as to achieve targeted access control to the results of the fusion.
  • Fig. 2 is a schematic diagram of an authentication phase according to an embodiment, which shows the authentication process of a trusted computing cluster by a data provider.
  • the trusted computing cluster 300 is a computing cluster composed of trusted computing units running in a Trusted Execution Environment (TEE), which includes multiple trusted computing units as working nodes.
  • a trusted computing unit is a computing module or computing device that has a certain isolation capability to ensure computing security. Its isolation capability can ensure that the outside world, including operating systems or drivers, cannot obtain secrets such as internal runtime memory.
  • the aforementioned trusted computing unit may be a trusted computing enclave, for example, implemented by using technologies such as SGX or Trust Zone. For example, according to SGX technology, by providing a series of CPU instruction codes, allowing user code to create a private memory area with high access rights to form a computing enclave.
  • Other application programs including operating system OS, BIOS system, virtual machine system, etc., cannot access the data in the encircled Enclave, and cannot spy on and tamper with the state and data of the application programs in it.
  • the above-mentioned trusted computing cluster 300 is used to perform data fusion, and each trusted computing unit therein will run the computing task of the above-mentioned data fusion service. Because it runs in a trusted execution environment, for example, a trusted computing unit implemented as an enclave can ensure that the code of the data fusion task is isolated from the outside world, and the operation of the fusion task is safe and data is not leaked.
  • each trusted computing unit will perform trusted authentication with each other.
  • the content of trusted authentication includes confirming that other trusted computing units are running in the TEE environment, and confirming that both parties are running the same computing task, that is, the code hash with the same computing task.
  • the cluster secret key will be synchronized between the trusted computing units, so that each trusted computing unit that joins the same trusted computing cluster has the same computing task code hash and maintains the same cluster secret.
  • the secret key is generally an asymmetric secret key pair, including the cluster public key and the cluster private key.
  • each trusted computing unit added to the trusted computing cluster 300 for data fusion business has the code hash of the data fusion business, and all the clusters of the cluster 300 are maintained.
  • Public key PubK-TEE and cluster private key PriK-TEE PubK-TEE and cluster private key PriK-TEE.
  • a certain data provider shown as data provider A in FIG. 2, can authenticate the credibility of the trusted computing cluster 300, and after passing the authentication, obtain its cluster public key PubK-TEE.
  • the data provider A authenticates the trusted computing cluster 300 by means of remote authentication (RA). Since each trusted computing unit in the trusted computing cluster 300 maintains the same code hash and cluster secret key, in specific operations, the data provider A can perform RA authentication with any trusted computing unit in the cluster.
  • RA remote authentication
  • the data provider A first sends an authentication request to the trusted computing cluster 300 (more specifically, to any trusted computing unit in the trusted computing cluster 300).
  • the trusted computing cluster 300 sends authentication information to the data provider A.
  • the trusted computing unit in the trusted computing cluster 300 generates a report file and returns it to the data provider as authentication information.
  • the report file is used to describe the configuration and operation status of the computing unit itself.
  • the report file includes at least the hash value of the program code of the fusion task running in the trusted computing unit (also running in the trusted computing cluster), called code hash, and the signature information of the computing unit .
  • the code hash can be used to uniquely identify the computing task running in it, and the signature information can ensure the authenticity of the report file and prevent forgery and tampering.
  • the report file may also include other description information of the fusion computing task running in it, such as name, version, attribute information, etc., as well as software and hardware configuration information of the trusted computing unit itself.
  • data provider A After data provider A receives the above message file, it can send the report file to a third-party certification body to obtain a certification result file.
  • third-party certification bodies are credible and authoritative certification bodies with certification capabilities.
  • each trusted computing unit will be registered with the third-party certification authority before being put into use. Therefore, the third-party certification structure registers the configuration status of each trusted computing unit, so that it can be subsequently authenticated.
  • the third-party certification authority is an Intel certification server (Attestation Service).
  • the third-party certification authority may be an organization that produces and deploys the corresponding computing unit or its associated organization.
  • the third-party certification body can authenticate the security and credibility of the computing unit based on the report file. Specifically, the third-party certification authority first verifies whether the report file is authentic and without tampering according to the signature information in the report file, and judges whether the computing unit is indeed authentic according to the information registered in advance by each trusted computing unit maintained. In addition, the third-party certification agency also verifies whether the computing task is running in a trusted execution environment based on the relevant information of the computing task in the report file.
  • the third-party organization can add its own signature to the report file to generate a certification result file.
  • the certification result file contains the above code hash and the agency signature information of the third-party certification agency.
  • the data provider A may verify the organization signature in the authentication result file, and if the verification passes, confirm that the trusted computing cluster is running in a trusted computing environment.
  • the data provider A also uses the above code hash to determine whether the converged business executed in the cluster meets expectations. In the case where the institutional signature verification is successful and the above code hash meets expectations, it is determined that the trusted computing cluster 300 has passed the authentication.
  • the trusted computing unit in the trusted computing cluster 300 after the trusted computing unit in the trusted computing cluster 300 generates the report file, it sends it to a third-party certification authority for verification, and obtains a certification result file from the third-party certification authority.
  • the certification result file contains the above code hash and the agency signature information of the third-party certification agency.
  • the above-mentioned trusted computing unit returns the authentication result file to the data provider A as authentication information.
  • Step 203 is the same as described above.
  • the data provider A performs remote authentication on the trusted computing cluster 300.
  • the data provider A obtains the cluster public key PubK-TEE of the trusted computing cluster 300 and stores it locally.
  • the data provider A confirms that the trusted computing cluster 300 is in the trusted computing environment through the remote authentication RA, in which the required fusion computing tasks are running. On this basis, data provider A obtains the cluster public key PubK-TEE of the cluster, which is used for encryption in the data storage phase.
  • Fig. 3 shows a schematic diagram of a data storage stage according to an embodiment.
  • the data provider A has stored the cluster public key PubK-TEE of the trusted computing cluster 300.
  • the data storage phase can include the following steps.
  • step 301 the data provider A determines the first data to be fused (for simplicity, it is recorded as data X), and the first symmetric key used to encrypt and decrypt the first data X (for simplicity, it is recorded as KX) , And the first public key information of the data acquiring party corresponding to the first data X (denoted as PubK-C).
  • the data provider A uses a unified symmetric secret key to encrypt the data to be shared, which facilitates the secret key management of the data provider.
  • the first symmetric key KX in step 301 is the unified symmetric key.
  • the data provider A may set or generate a different symmetric key for each piece of data to be shared.
  • the corresponding first symmetric key KX may be generated for the first data X, or the first symmetric key KX generated in advance for the first data X may be read.
  • the symmetric key KX This can enhance the security of the data; even if the encryption key of one data block is cracked, the security of other data blocks will not be affected.
  • the data provider A can set up data acquirers who have the right to obtain the corresponding fusion results according to the content of each piece of data to be fused, and obtain the public keys of these data acquirers in advance.
  • the data provider A can determine the acquirer who has the right to acquire the fusion result corresponding to the first data X, and acquire its public key as the above-mentioned first public key information PubK-C.
  • the data provider A may authorize multiple institutions as the data acquirer who has the right to read the fusion result of the first data X.
  • the first public key information may be a public key list, which contains multiple public keys corresponding to the multiple authorized data acquisition parties.
  • step 302 the data provider A uses the cluster public key PubK-TEE to encrypt the first symmetric secret key KX and the first public key information PubK-C, and generates a first encryption result, which can be denoted as En(KX, PubK -C). It can be understood that the foregoing encryption process can be implemented using various asymmetric encryption algorithms.
  • step 303 the data provider A stores the first encryption result En (KX, PubK-C) in the data management platform 200.
  • step 304 the data provider A uses the above-mentioned first symmetric key KX to encrypt the first data X, and generates a second encryption result, denoted as En(X). It can be understood that the foregoing encryption process can be implemented using various symmetric encryption algorithms.
  • step 305 the data provider A stores the above-mentioned second encryption result En(X) in the data management platform 200.
  • steps 302-303 and steps 304-305 can be executed in parallel or in any order, which is not limited here.
  • the process in which the data provider A stores its encrypted data to the data management platform is described. This process can be similarly applied to other data to be fused.
  • the data provider A may also store the relevant encryption result corresponding to the second data Y to the data management platform through the above process.
  • the cluster public key is used to encrypt the unified symmetric key (equivalent to the aforementioned first symmetric key KX) and the first symmetric key.
  • the second public key information corresponding to the two data generates a third encryption result; in step 304, the second data Y is encrypted using the unified symmetric secret key to generate a fourth encryption result.
  • the data provider A similarly uploads the aforementioned third encryption result and the fourth encryption result to the data management platform 200 for storage.
  • step 301 a second symmetric key KY generated for the second data Y is obtained.
  • step 302 use the cluster public key to encrypt the second symmetric key KY and the second public key information to generate a third encryption result;
  • step 304 use the second symmetric key KY to encrypt the second data Y to generate a fourth encryption result.
  • the above-mentioned third encryption result and fourth encryption result are stored in the data management platform 200.
  • the above process can also be similarly applied to other data providers.
  • the data provider B can also store the relevant encryption results of the to-be-fused data Z in the data management platform through the above process.
  • each data provider stores the encrypted data in the intervening data management platform 200 instead of real-time data interaction with the trusted computing cluster 300 that performs data fusion
  • the above data storage process can be performed offline.
  • the data stored in the data management platform 200 is encrypted data, and the data management platform 200 itself does not have a secret key for decryption, the data management platform 200 cannot snoop on the plaintext content of the data, and no data will be generated. Give way.
  • the data management platform 200 stores encrypted data uploaded by each data provider. These encrypted data are used to provide the trusted computing cluster 300 in the data fusion stage to perform data fusion.
  • Fig. 4 shows a schematic diagram of a data fusion stage according to an embodiment.
  • the example of FIG. 3 is continued in FIG. 4.
  • the data fusion stage includes at least the following steps.
  • step 401 the trusted computing cluster 300 sends a first request to the data management platform 200 for requesting the relevant secret key of the first data. Since each trusted computing unit in the trusted computing cluster 300 runs the same fusion computing task and maintains a common cluster public key private key pair, this step and subsequent steps can be performed by any of the trusted computing cluster 300 Trusted computing unit execution.
  • the data management platform 200 sends the first encryption result En(KX, PubK-C) to the trusted computing cluster 300.
  • the first encryption result En(KX, PubK-C) is generated by using the cluster public key PubK-TEE of the trusted computing cluster 300 to encrypt the first symmetric key KX and the first public key information PubK-C ,
  • the first symmetric secret key KX is used to encrypt and decrypt the first data X
  • the first public key information PubK-C is the public key information of the data acquirer corresponding to the first data X.
  • the trusted computing cluster 300 After receiving the first encryption result, in step 403, the cluster private key PriK-TEE corresponding to the cluster public key PubK-TEE can be used to decrypt the first encryption result En(KX, PubK-C) to obtain the first symmetric The secret key KX and the first public key information PubK-C.
  • step 404 the trusted computing cluster 300 sends a second request to the data management platform 200 for requesting the first data X.
  • the data management platform 200 sends the second encryption result En(X) to the trusted computing cluster 300.
  • the second encryption result En(X) is generated by encrypting the first data X with the first symmetric key KX.
  • the trusted computing cluster 300 uses the first symmetric key KX decrypted in the foregoing step 403 to decrypt the second encryption result En(X), thereby obtaining Plain text data of the first data X.
  • the trusted computing cluster 300 performs a data fusion operation based on at least the first data X to generate fusion data X'.
  • the above data fusion operation may be further processing of the first data X, or may be combined with other data blocks for comprehensive processing.
  • the above data fusion operation is a fusion processing operation performed by combining data from multiple different data providers.
  • the trusted computing cluster 300 uses the first public key information PubK-C decrypted in step 403 to encrypt the above-mentioned fusion data X', and generates a fusion encryption result En(X') for the data acquirer to obtain.
  • PubK-C public key information
  • the trusted computing cluster 300 is mainly used to perform computing tasks without persistent storage. Therefore, after obtaining the above-mentioned fusion encryption result En(X'), the trusted computing cluster 300 can store it in any storage system, such as an object storage service OSS system or a MYSQL database. In one embodiment, the trusted computing cluster 300 stores the generated fusion encryption result En(X') in the aforementioned data management platform 200 to reuse its data management capabilities.
  • the fusion encryption result En(X') is encrypted using the first public key information PubK-C
  • only authorized data acquisition parties can restore the fusion result.
  • the authorized data acquisition party may use the private key corresponding to the public key in the first public key information to decrypt the fusion encryption result En(X'), thereby obtaining the plaintext of the fusion result X'. In this way, the authorized use of data and access control are ensured.
  • the data provider A may authorize multiple institutions as the data acquirer who has the right to read the fusion result of the first data X.
  • the first public key information PubK-C is a public key list, which contains multiple public keys corresponding to the multiple authorized data acquisition parties, such as C1, C2,..., Cn.
  • the trusted computing cluster 300 uses the aforementioned multiple public keys C1, C2,..., Cn to perform asymmetric encryption on the fusion result X', and obtain multiple encrypted data as the aforementioned fusion encryption result.
  • each authorized data acquisition party can read the encrypted data encrypted with its own public key from the fusion encryption result, and decrypt it with its own private key, thereby recovering the plaintext data of the fusion result X' .
  • the data provider stores the encrypted data in the data management platform, and performs data fusion through the authenticated trusted computing cluster.
  • the result of the fusion is encrypted with the public key of the data acquirer, so as to be provided to the authorized data acquirer in a targeted manner.
  • the data provider can set the data user (trusted computing cluster) and data acquirer for each data block, so as to perform authorization of data use behavior and access control of the fusion result in a targeted manner, so that The output and acquisition of fusion results are safer.
  • the solution in the embodiment introduces a data management platform as an intermediate layer to decouple the data provider and the data user (trusted computing cluster).
  • the data management platform only manages encrypted data, but does not have the corresponding private key, so the plaintext of the data cannot be stolen or snooped.
  • the data management platform as the middle layer, the data provider only needs to upload the data to be fused once, and the data user does not need to upload the data repeatedly for multiple use.
  • the data provider only needs to upload the data offline in advance, and does not need to deploy a data providing service to transmit data in real time with the converged business.
  • the solution of the embodiment of this specification can perform data provision and data fusion more safely, efficiently and conveniently.
  • a device for providing data for data fusion is provided.
  • the device can be deployed on a data provider, and the data provider can be implemented as any device, platform or device cluster with computing and processing capabilities.
  • Fig. 5 shows a schematic block diagram of a data providing apparatus deployed on a data provider according to an embodiment. As shown in FIG.
  • the data providing device 500 includes: a first determining unit 501 configured to determine first data to be merged, a first symmetric key used to encrypt and decrypt the first data, and The first public key information of the data acquisition party corresponding to the first data; the first encryption unit 502 is configured to encrypt the first symmetric secret key and the first public key information using the cluster public key to generate a first encryption result; Wherein, the cluster public key is a public key of an authenticated trusted computing cluster, and the trusted computing cluster is used for data fusion; the first storage unit 503 is configured to store the first encryption result in the data management Platform; a second encryption unit 504, configured to use the first symmetric key to encrypt the first data to generate a second encryption result; a second storage unit 505, configured to store the second encryption result in the Data management platform.
  • a first determining unit 501 configured to determine first data to be merged, a first symmetric key used to encrypt and decrypt the first data, and The first public key information of the data acquisition party corresponding to the first
  • the above-mentioned apparatus 500 further includes (not shown): an authentication unit configured to remotely authenticate the trusted computing cluster; and a public key obtaining unit configured to obtain the The cluster public key.
  • the authentication unit is specifically configured to receive a report file from the trusted computing cluster, the report file including the code hash of the fusion task running in the cluster, and the signature of the computing unit in the cluster Information; send the report file to a third-party certification body to obtain a certification result file, the certification result file contains the code hash, and the third-party certification body’s agency signature information; sign the information at the agency If the verification is successful and the code hash meets expectations, it is determined that the trusted computing cluster has passed the authentication.
  • the above authentication unit is specifically configured to receive an authentication result file from the trusted computing cluster, where the authentication result file is a file certified by a third-party certification authority and contains code for the fusion task running in the cluster Hash, and the agency signature information of the third-party certification agency; if the verification of the agency signature information is successful and the code hash meets expectations, it is determined that the trusted computing cluster has passed the certification.
  • the first public key information may be a public key list, which includes multiple public keys corresponding to multiple data acquirers.
  • the device 500 may further include (not shown): a second determining unit configured to determine the second data to be merged and the corresponding second public key information of the data acquiring party; and third encryption A unit configured to use the cluster public key to encrypt the first symmetric secret key and the second public key information to generate a third encryption result; a third storage unit configured to store the third encryption result in a data management platform A fourth encryption unit, configured to use the first symmetric key to encrypt the second data to generate a fourth encryption result; a fourth storage unit, configured to store the fourth encryption result in the data management platform .
  • a data management device is provided.
  • the device can be deployed on a data management platform, and the data management platform can be implemented as any device, platform or device cluster with processing and storage capabilities.
  • Fig. 6 shows a schematic block diagram of a data management device deployed on a data management platform according to an embodiment. As shown in FIG.
  • the data management apparatus 600 includes: a first request receiving unit 601 configured to receive a first request from a trusted computing cluster, the first request being used to request a related key of the first data;
  • the trusted computing cluster is used for data fusion;
  • the first obtaining unit 602 is configured to obtain the first encryption result stored by the first data provider, and the first encryption result uses the cluster public key of the trusted computing cluster It is generated by encrypting a first symmetric key and first public key information, wherein the first symmetric key is used to encrypt and decrypt the first data, and the first public key information is corresponding to the first data
  • the first sending unit 603 is configured to send the first encryption result to the trusted computing cluster;
  • the second request receiving unit 604 is configured to receive the second encryption result from the trusted computing cluster Request, the second request is used to request the first data;
  • the second obtaining unit 605 is configured to obtain a second encryption result stored by the first data provider, and the second encryption result uses the first
  • a data fusion device is provided, and the device can be deployed in a trusted computing cluster.
  • Fig. 7 shows a schematic block diagram of a data fusion device deployed in a trusted computing cluster according to an embodiment.
  • the data fusion device 700 includes: a first request sending unit 701 configured to send a first request to the data management platform, where the first request is used to request a related key of the first data;
  • the unit 702 is configured to receive a first encryption result from the data management platform, the first encryption result being generated by encrypting the first symmetric secret key and the first public key information using the cluster public key of the trusted computing cluster, wherein
  • the first symmetric key is used to encrypt and decrypt the first data, and the first public key information is the public key information of the data acquisition party corresponding to the first data;
  • the first decryption unit 703 is configured to use The cluster private key corresponding to the cluster public key decrypts the first encryption result to obtain the first symmetric secret key and the first public key information;
  • the data fusion device 700 further includes a storage unit configured to store the third encryption result in the data management platform.
  • the first public key information is a public key list, which includes multiple public keys corresponding to multiple data acquisition parties; in this case, the fusion encryption unit 708 is configured to: use the Multiple public keys encrypt the fusion data, and multiple copies of encrypted data are obtained as the fusion encryption result.
  • a computer-readable storage medium having a computer program stored thereon, and when the computer program is executed in a computer, the computer is caused to execute the method described in conjunction with FIG. 2 to FIG. 4.
  • a computing device including a memory and a processor, the memory stores executable code, and when the processor executes the executable code, a combination of FIGS. 2 to 4 is implemented. The method described.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

Selon des modes de réalisation, la présente invention concerne un procédé et un appareil de fourniture de données et de fusion de données. Selon le procédé, dans une phase d'authentification, un fournisseur de données authentifie une grappe informatique de confiance, et acquiert une clé publique de grappe de celle-ci après la réussite de l'authentification. Dans une phase de stockage de données, pour des données à fusionner, le fournisseur de données chiffre celles-ci en utilisant une clé secrète symétrique, et stocke des données chiffrées produites dans une plateforme de gestion de données. De plus, la clé publique de grappe est également utilisée pour chiffrer la clé secrète symétrique et une clé publique d'un acquéreur de données, et la clé secrète chiffrée ainsi obtenue est également stockée dans la plateforme de gestion de données. Dans une phase de fusion de données, la grappe informatique de confiance acquiert la clé chiffrée auprès de la plateforme de gestion de données, et utilise sa propre clé privée pour déchiffrer la clé symétrique et la clé publique de l'acquéreur de données. Puis, les données chiffrées sont acquises, et la clé secrète symétrique est utilisée pour déchiffrer et obtenir des données d'origine pour un traitement de fusion. Enfin, la clé publique de l'acquéreur de données est utilisée pour chiffrer les données fusionnées pour l'acquisition par l'acquéreur de données.
PCT/CN2020/100400 2019-10-18 2020-07-06 Procédé et appareil de fourniture et de fusion de données WO2021073170A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910995194.6A CN110750803B (zh) 2019-10-18 2019-10-18 数据提供和融合的方法及装置
CN201910995194.6 2019-10-18

Publications (1)

Publication Number Publication Date
WO2021073170A1 true WO2021073170A1 (fr) 2021-04-22

Family

ID=69278929

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/100400 WO2021073170A1 (fr) 2019-10-18 2020-07-06 Procédé et appareil de fourniture et de fusion de données

Country Status (2)

Country Link
CN (1) CN110750803B (fr)
WO (1) WO2021073170A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113391880A (zh) * 2021-06-21 2021-09-14 西安超越申泰信息科技有限公司 一种分层双重哈希验证的可信镜像传输方法
CN113434891A (zh) * 2021-07-07 2021-09-24 建信金融科技有限责任公司 一种数据融合方法、装置、设备及系统
CN114201748A (zh) * 2021-12-14 2022-03-18 南湖实验室 高可信环境下计算移向数据端场景中数据源可信验证方法
US12010249B1 (en) * 2022-12-07 2024-06-11 Nanhu Laboratory Method and device for zero-trust fusion computation of multi-party data

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110750803B (zh) * 2019-10-18 2021-04-09 支付宝(杭州)信息技术有限公司 数据提供和融合的方法及装置
CN111092726B (zh) * 2020-03-18 2020-07-28 支付宝(杭州)信息技术有限公司 生成共享合约密钥的方法及装置
CN111092727B (zh) * 2020-03-18 2020-07-17 支付宝(杭州)信息技术有限公司 共享集群密钥的方法及装置
CN111327643B (zh) * 2020-05-15 2020-09-01 支付宝(杭州)信息技术有限公司 一种多方数据共享方法和装置
CN112926051B (zh) * 2021-03-25 2022-05-06 支付宝(杭州)信息技术有限公司 多方安全计算方法和装置
CN113468593A (zh) * 2021-06-17 2021-10-01 卓尔智联(武汉)研究院有限公司 一种医疗数据的处理方法、装置、电子设备及存储介质
CN113987554B (zh) * 2021-12-23 2022-04-08 支付宝(杭州)信息技术有限公司 获取数据授权的方法、装置及系统
CN114629639A (zh) * 2022-03-10 2022-06-14 阿里云计算有限公司 基于可信执行环境的密钥管理方法、装置和电子设备
CN116186787B (zh) * 2022-11-28 2023-11-10 河南九域腾龙信息工程有限公司 一种基于区块链技术的数据存证方法及系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108092768A (zh) * 2017-12-21 2018-05-29 中国联合网络通信集团有限公司 数据融合方法与系统
CN110011956A (zh) * 2018-12-12 2019-07-12 阿里巴巴集团控股有限公司 一种数据处理方法和装置
CN110138799A (zh) * 2019-05-30 2019-08-16 东北大学 一种基于sgx的安全云存储方法
US10438006B2 (en) * 2017-07-27 2019-10-08 Citrix Systems, Inc. Secure information storage
CN110750803A (zh) * 2019-10-18 2020-02-04 支付宝(杭州)信息技术有限公司 数据提供和融合的方法及装置

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7392243B2 (en) * 2004-10-20 2008-06-24 Microsoft Corporation Using permanent identifiers in documents for change management
US20080010468A1 (en) * 2006-06-06 2008-01-10 Ruiz R P Method and technique for enforcing transience and propagation constraints on data transmitted by one entity to another entity by means of data division and retention
CN102299792B (zh) * 2011-09-30 2013-09-11 北京理工大学 一种安全高效的数据融合方法
CN104320389B (zh) * 2014-10-11 2018-04-27 南京邮电大学 一种基于云计算的融合身份保护系统及方法
US9977671B2 (en) * 2015-07-20 2018-05-22 Google Llc Methods for multi-source configuration of mobile applications
CN105740380B (zh) * 2016-01-27 2019-03-12 北京邮电大学 数据融合方法及系统
CN106911712B (zh) * 2017-03-31 2020-04-07 山东汇佳软件科技股份有限公司 一种应用于分布式系统的加密方法及系统
CN109472005B (zh) * 2018-11-08 2023-08-04 北京锐安科技有限公司 数据可信度评估方法、装置、设备和存储介质
CN109543434B (zh) * 2018-11-28 2020-10-09 深圳市墨者安全科技有限公司 区块链信息加密方法、解密方法、存储方法及装置
CN110046507B (zh) * 2018-12-12 2024-02-06 创新先进技术有限公司 形成可信计算集群的方法及装置
CN109873801B (zh) * 2018-12-12 2020-07-24 阿里巴巴集团控股有限公司 在用户和可信计算集群之间建立可信通道的方法、装置、存储介质及计算设备
CN109902495B (zh) * 2019-01-31 2021-09-24 同盾控股有限公司 一种数据融合方法和装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10438006B2 (en) * 2017-07-27 2019-10-08 Citrix Systems, Inc. Secure information storage
CN108092768A (zh) * 2017-12-21 2018-05-29 中国联合网络通信集团有限公司 数据融合方法与系统
CN110011956A (zh) * 2018-12-12 2019-07-12 阿里巴巴集团控股有限公司 一种数据处理方法和装置
CN110138799A (zh) * 2019-05-30 2019-08-16 东北大学 一种基于sgx的安全云存储方法
CN110750803A (zh) * 2019-10-18 2020-02-04 支付宝(杭州)信息技术有限公司 数据提供和融合的方法及装置

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113391880A (zh) * 2021-06-21 2021-09-14 西安超越申泰信息科技有限公司 一种分层双重哈希验证的可信镜像传输方法
CN113391880B (zh) * 2021-06-21 2023-04-07 超越科技股份有限公司 一种分层双重哈希验证的可信镜像传输方法
CN113434891A (zh) * 2021-07-07 2021-09-24 建信金融科技有限责任公司 一种数据融合方法、装置、设备及系统
CN113434891B (zh) * 2021-07-07 2022-09-02 建信金融科技有限责任公司 一种数据融合方法、装置、设备及系统
CN114201748A (zh) * 2021-12-14 2022-03-18 南湖实验室 高可信环境下计算移向数据端场景中数据源可信验证方法
CN114201748B (zh) * 2021-12-14 2024-02-06 南湖实验室 高可信环境下计算移向数据端场景中数据源可信验证方法
US12010249B1 (en) * 2022-12-07 2024-06-11 Nanhu Laboratory Method and device for zero-trust fusion computation of multi-party data

Also Published As

Publication number Publication date
CN110750803A (zh) 2020-02-04
CN110750803B (zh) 2021-04-09

Similar Documents

Publication Publication Date Title
WO2021073170A1 (fr) Procédé et appareil de fourniture et de fusion de données
JP6811339B2 (ja) 高可用な高信頼実行環境を使用したブロックチェーンネットワークのためのパブリックデータの読み出し
WO2021184882A1 (fr) Procédé et appareil de vérification de contrat
WO2021184963A1 (fr) Procédé et appareil d'appel de contrat
TWI725655B (zh) 用於在可信執行環境中執行子邏輯代碼的程式執行和資料證明的方法、設備和系統
WO2021179449A1 (fr) Système de défense mimétique basé sur une authentification d'identité de certificat, et procédé d'émission de certificat
WO2021184968A1 (fr) Procédé et dispositif de partage de clé de grappe
JP6547079B1 (ja) 登録・認可方法、装置及びシステム
WO2021114923A1 (fr) Procédé et appareil de mémorisation de données et procédé et appareil de lecture de données pour données privées
US9912485B2 (en) Method and apparatus for embedding secret information in digital certificates
CN111327643B (zh) 一种多方数据共享方法和装置
JP2020528224A (ja) 信頼できる実行環境におけるスマート契約動作のセキュアな実行
TWI701929B (zh) 密碼運算、創建工作密鑰的方法、密碼服務平台及設備
TW201933255A (zh) 區塊鏈系統及用於區塊鏈系統的資料處理方法
JP7454564B2 (ja) 鍵管理のための方法、ユーザ・デバイス、管理デバイス、記憶媒体及びコンピュータ・プログラム製品
WO2019127278A1 (fr) Procédé, appareil, système, support de stockage et dispositif électronique pour chaîne de blocs d'accès sécurisé
US20140270179A1 (en) Method and system for key generation, backup, and migration based on trusted computing
JP2020518850A (ja) 信頼されるハードウェアを利用するセキュア・ダイナミック閾値署名スキーム
CA3058239A1 (fr) Environnement d'execution securise base sur un reseau prediffuse programmable par l'utilisateur destine a etre utilise dans un reseau de chaine de blocs
US10855465B2 (en) Audited use of a cryptographic key
US20180131677A1 (en) Balancing public and personal security needs
US11831753B2 (en) Secure distributed key management system
Zhou et al. EverSSDI: blockchain-based framework for verification, authorisation and recovery of self-sovereign identity using smart contracts
JP2010514000A (ja) 電子装置にプログラム状態データをセキュアに記憶するための方法
CN116601912A (zh) 提供加密安全的后秘密供应服务

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20876389

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20876389

Country of ref document: EP

Kind code of ref document: A1