WO2022217714A1 - Data collision method, apparatus and device, and computer-readable storage medium - Google Patents

Data collision method, apparatus and device, and computer-readable storage medium Download PDF

Info

Publication number
WO2022217714A1
WO2022217714A1 PCT/CN2021/097417 CN2021097417W WO2022217714A1 WO 2022217714 A1 WO2022217714 A1 WO 2022217714A1 CN 2021097417 W CN2021097417 W CN 2021097417W WO 2022217714 A1 WO2022217714 A1 WO 2022217714A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
key
ciphertext data
encryption algorithm
participants
Prior art date
Application number
PCT/CN2021/097417
Other languages
French (fr)
Chinese (zh)
Inventor
李震川
孔维罡
翁志
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2022217714A1 publication Critical patent/WO2022217714A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the present application relates to the field of security protection, and in particular, to a data collision method, apparatus, device, and computer-readable storage medium.
  • the data is mainly encrypted based on the commonly used encryption algorithm and then transmitted in ciphertext, but both parties can obtain the ciphertext by selecting the same encryption algorithm for data collision, but the inventor found that either party can establish the ciphertext and plaintext
  • the mapping relationship is used to deduce the information transmitted by the other party, which causes the problem of data leakage. Therefore, how to realize the collision of sensitive data without revealing sensitive data is an urgent problem to be solved at present.
  • Embodiments of the present application provide a data collision method, apparatus, device, and computer-readable storage medium, which aim to realize the collision of sensitive data on the premise of not leaking sensitive data.
  • an embodiment of the present application provides a data collision method, including:
  • the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and according to the second encryption algorithm and the The first key encrypts the first ciphertext data to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
  • an embodiment of the present application further provides a data collision method, including:
  • Decrypt the two ciphertext data to obtain the first ciphertext data of the multiple participants, and determine the intersection of the first ciphertext data of the multiple participants;
  • mapping relationship ciphertext data Decrypt the mapping relationship ciphertext data according to the third encryption algorithm and the second key to obtain the mapping relationship plaintext between the sensitive data plaintext and the second ciphertext data;
  • the corresponding sensitive data plaintext is obtained from the mapping relationship plaintext.
  • an embodiment of the present application further provides a data collision device, where the data collision device includes:
  • the obtaining module is used to obtain the second ciphertext data and the first key of the plurality of participants, wherein the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and the second ciphertext data is obtained according to the second encryption algorithm.
  • the encryption algorithm and the first key encrypt the first ciphertext data to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first encryption algorithm of different participants is different. a different key;
  • the data collision module is used for decrypting the corresponding second ciphertext data according to the second encryption algorithm and the first key corresponding to each of the participants to obtain the data of the multiple participants. the first ciphertext data;
  • the data collision module is further configured to determine the intersection of the first ciphertext data of the multiple participants, and send the intersection to each of the participants, wherein the participants are based on the second encryption
  • the intersection is encrypted with the algorithm and the first key, and the ciphertext data of the mapping relationship is decrypted according to the third encryption algorithm and the second key to obtain the mapping relationship between the second ciphertext data and the plaintext of the sensitive data
  • embodiments of the present application further provide a computer device, the computer device includes a processor, a memory, and a computer program stored on the memory and executable by the processor, wherein the computer program is executed by When executed by the processor, the steps of the data collision method described above are implemented.
  • embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, wherein when the computer program is executed by a processor, the data collision method as described above is implemented A step of.
  • the embodiments of the present application provide a data collision method, apparatus, device, and computer-readable storage medium.
  • the method obtains the second ciphertext data and the first key of multiple participants, and the first key of each participant and decrypt the corresponding second ciphertext data according to the encryption algorithm and the first key of each participant to obtain the first ciphertext data of multiple participants, and then determine the first ciphertext data of the multiple participants.
  • the intersection of text data and the intersection of text and data are sent to each participant. Since the data collision is carried out for the cipher text data, and the first key of each participant is different, it is possible to use different first keys.
  • Obtaining different ciphertext data ensures the isolation of ciphertext data between participants, which can solve the problem of collision of sensitive data without revealing sensitive data, and improve the security and shared circulation of sensitive data.
  • FIG. 1 is a schematic flowchart of a data collision method provided by an embodiment of the present application.
  • FIG. 2 is a schematic diagram of a scene for implementing the data collision method provided by the present embodiment
  • FIG. 3 is a schematic flowchart of another data collision method provided by an embodiment of the present application.
  • FIG. 4 is a schematic block diagram of a data collision device provided by an embodiment of the present application.
  • FIG. 5 is a schematic block diagram of a submodule of the data collision device in FIG. 4;
  • FIG. 6 is a schematic structural block diagram of a computer device provided by an embodiment of the present application.
  • Embodiments of the present application provide a data collision method, apparatus, device, and computer-readable storage medium.
  • the data collision method can be applied to a data collision device or a data encryption device, and the data collision device or data encryption device can be a terminal device or a server, and the terminal device can be a mobile phone, a tablet computer, a notebook computer, a desktop computer, Personal digital assistants and wearable devices, etc.
  • the data collision method can also be applied to a server, and the server can be a single server or a server cluster composed of multiple servers.
  • FIG. 1 is a schematic flowchart of a data collision method provided by an embodiment of the present application.
  • the data collision method is applied to a data collision device, and the data collision device may be a terminal device or a server.
  • the data collision method includes steps S101 to S103.
  • Step S101 Acquire second ciphertext data and first keys of multiple participants.
  • the participant is the holder of the sensitive data, and the second ciphertext data is obtained by encrypting the plaintext of the sensitive data twice.
  • the data encryption device obtains the sensitive data plaintext, the first key and the second key input by the participant, and generates a random key; encrypts the sensitive data plaintext according to the random key and the first encryption algorithm, and obtains the first key.
  • ciphertext data and encrypt the first ciphertext data according to the second encryption algorithm and the first key to obtain the second ciphertext data; according to the third encryption algorithm and the second key, the sensitive data plaintext and the second ciphertext data are encrypted
  • the mapping relationship between the text data is encrypted to obtain the mapping relationship cipher text data, and the second cipher text data and the mapping relationship cipher text data are stored.
  • the plaintext of the sensitive data is plain_id
  • the plain_id is encrypted based on the first encryption algorithm and the random key to obtain the first ciphertext data tmp_secure_id
  • the tmp_secure_id is encrypted based on the second encryption algorithm and the first key to obtain the second ciphertext
  • the mapping relationship between plain_id and app_secure_id is encrypted according to the third encryption algorithm and the second key to obtain the mapping relationship ciphertext data secure_cypher_id_map.
  • each participant holds its own data encryption device
  • the data encryption device can be a terminal device or a server installed with a data encryption program.
  • the plaintext of the sensitive data can be encrypted, and then the second ciphertext can be obtained.
  • the data and the ciphertext of the mapping relationship, the first key and the second key of each participant are different, and the first encryption algorithm is different from the second encryption algorithm.
  • the first encryption algorithm can be any one of the deterministic encryption algorithms.
  • An encryption algorithm includes but is not limited to MD5 algorithm, SM3 algorithm, SHA256 algorithm, HMAC algorithm, for example, using SM3 algorithm to encrypt sensitive data plaintext
  • the second encryption algorithm is any one of the format-preserving encryption algorithms
  • the second encryption algorithm Including but not limited to FF1 algorithm, FF3-1 algorithm, for example, using FF3-1 algorithm and the first key to encrypt the first ciphertext data
  • the third encryption algorithm can be any public key or private key encryption algorithm
  • the third encryption algorithm Three encryption algorithms include but are not limited to RSA algorithm, SM2 algorithm, ECC algorithm, AES algorithm, SM4 algorithm, 3DES algorithm, for example, use the SM2 algorithm and the second key to map the relationship between the sensitive data plaintext and the second ciphertext data to encrypt.
  • the plaintext of the sensitive data is plain_id
  • the plain_id is encrypted based on the SHA256 algorithm and a random key to obtain the first ciphertext data tmp_secure_id
  • the tmp_secure_id is encrypted based on the FF1 algorithm and the first key to obtain the second ciphertext data app_secure_id
  • encrypt the mapping relationship between plain_id and app_secure_id according to the RSA algorithm and the second key and obtain the mapping relationship ciphertext data secure_cypher_id_map.
  • the data collision device obtains the second ciphertext data and the first key of the plurality of participants from an external storage device.
  • the data collision device receives the second ciphertext data and the first key sent by multiple data encryption devices, one data encryption device sends a set of second ciphertext data and the first key, and each participant holds their own data encrypted device.
  • the external storage device includes a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card, a flash memory card (Flash Card), a USB flash drive, and the like.
  • Step S102 Decrypt the second ciphertext data corresponding to each participant according to the second encryption algorithm and the first key corresponding to each participant to obtain the first ciphertext data of the multiple participants.
  • the multiple participants include a first participant, a second participant, and a third participant, and the second ciphertext data and the first key held by the first participant are app_secure_id-1 and key_1-1, respectively.
  • the second ciphertext data and the first key held by the second party are app_secure_id-2 and key_1-2 respectively
  • the second ciphertext data and the first key held by the third party are app_secure_id-3 and key_1 respectively -3, therefore, decrypt app_secure_id-1 according to the second encryption algorithm and key_1-1 to obtain the first ciphertext data tmp_secure_id-1
  • decrypt app_secure_id-2 according to the second encryption algorithm and key_1-2 to obtain
  • the second ciphertext data and the first key of the multiple participants are input into the security chip, so that the security chip can use the second encryption algorithm and the first key corresponding to each participant to Decrypt the corresponding second ciphertext data to obtain the first ciphertext data of the multiple participants; and obtain the first ciphertext data of the multiple participants output by the security chip.
  • the security of sensitive data can be further improved by inputting the second ciphertext data and the first key of multiple participants into the security chip and decrypting by the security chip.
  • Step S103 Determine the intersection of the first ciphertext data of the multiple participants, and send the intersection to each participant.
  • the participant after receiving the intersection of the first ciphertext data of multiple participants, the participant encrypts the intersection based on the second encryption algorithm and its own first key, and encrypts the intersection according to the third encryption algorithm and the second key. Decrypt the ciphertext data of the mapping relationship to obtain the plaintext of the mapping relationship between the second ciphertext data and the plaintext of the sensitive data, and obtain the corresponding plaintext of the sensitive data from the plaintext of the mapping relationship according to the encrypted intersection.
  • the data collision program in the security chip is run to perform collision comparison on the first ciphertext data of the multiple participants; the collision comparison result output by the security chip is obtained, and the first ciphertext data of the multiple participants is determined according to the collision comparison result. An intersection of ciphertext data.
  • the data collision program in the security chip can be updated according to the needs of each participant.
  • the first ciphertext data of multiple participants is subjected to collision comparison through the security chip, and the collision comparison result is output, which can further ensure the security of sensitive data.
  • the second ciphertext data and the first key of the multiple participants are input into the security chip, and the security chip, according to the second encryption algorithm and the first key corresponding to each participant, Decrypt the second ciphertext data to obtain the first ciphertext data of multiple participants; run the data collision program in the security chip to compare the first ciphertext data of the multiple participants; obtain the collision comparison result output by the security chip , and determine the intersection of the first ciphertext data of multiple participants according to the collision comparison result.
  • the security chip completes the decryption process and the data collision process, and outputs the collision comparison result without outputting the intermediate result, which can further ensure the security of sensitive data. sex.
  • the data collision device obtains a data collision application request sent by the target participant, and the data collision application request includes a plurality of remaining participants applying for participating in the data collision; sends authorization application information to each of the remaining participants, and obtains the data collision application request.
  • the second ciphertext data and the first key sent by each of the remaining participants based on the authorization application information; the second ciphertext data and the first key of the target participant are obtained from the data collision application request.
  • the data collision device obtains the data collision application request sent by the data encryption device held by the target participant, and sends authorization application information to the data encryption device held by each other participant, and the data encryption device outputs the authorization application information.
  • the data encryption device detects the authorization confirmation instruction of the participant, it sends the stored second ciphertext data and the first key to the data collision device.
  • the data encryption device 21 is held by the first participant, the data encryption device 22 is held by the second participant, and the data encryption device 23 is held by the third participant.
  • a data collision application request is sent to the data collision device 10 through the data encryption device 21, and the data collision device 10 obtains the data collision application request sent by the data encryption device 21, and the data collision application request carries the IP of the data encryption device 22. address and the IP address of the data encryption device 23, the data collision device 10 sends authorization application information to the data encryption device 22 and the data encryption device 23 through the IP address of the data encryption device 22 and the IP address of the data encryption device 23;
  • the data encryption device 22 outputs the authorization application information.
  • the data encryption device 22 detects the authorization confirmation instruction triggered by the second participant, it sends the second ciphertext data and the first key held by the second participant to the data collision device 10
  • the data encryption device 23 outputs the authorization application information
  • the data encryption device 23 detects the authorization confirmation instruction triggered by the third participant, it sends the second ciphertext data and the first password held by the second participant to the data collision device 10
  • the data collision device 10 obtains the second ciphertext data and the first key held by the first participant from the data collision application request, and obtains the second ciphertext data held by the second participant sent by the data encryption device 22 and the first key, to obtain the second ciphertext data and the first key held by the third party and sent by the data encryption device 23 .
  • the data collision device sends the intersection of the first ciphertext data of the multiple participants to the target participant, and the target participant inputs the intersection of the first ciphertext data of the multiple participants into the security chip for decryption, and outputs the result.
  • the plaintext of the sensitive data corresponding to the intersection. Decrypting the intersection of the first ciphertext data of multiple participants through the security chip can further improve the security of sensitive data. For example, as shown in FIG.
  • the data collision device 10 sends the intersection of the first ciphertext data of the multiple participants to the data encryption device 21, and the data encryption device 21 inputs the intersection of the first ciphertext data of the multiple participants into the security
  • the chip decrypts, and the security chip outputs the plaintext of the sensitive data corresponding to the intersection.
  • the data collision method provided by the above-mentioned embodiment, by acquiring the second ciphertext data and the first key of multiple participants, the first key of each participant is different, and according to the encryption algorithm and the first key of each participant.
  • the key decrypts the corresponding second ciphertext data to obtain the first ciphertext data of multiple participants, then determines the intersection of the first ciphertext data of the multiple participants, and sends the intersection to each participant, Since the data collision is carried out for the ciphertext data, and the first key of each participant is different, different ciphertext data can be obtained through different first keys, so as to ensure the encryption between the participants.
  • the isolation of text data can solve the problem of collision of sensitive data without leaking sensitive data, and improve the security and shared circulation of sensitive data.
  • FIG. 3 is a schematic flowchart of another data collision method provided by an embodiment of the present application.
  • the data collision method is applied to a data encryption device, and the data encryption device is connected in communication with the data collision device.
  • the data collision method includes steps S201 to S208.
  • Step S201 Obtain the plaintext of the sensitive data, the first key and the second key.
  • the plaintext of the sensitive data may include data such as customer information, property information, and behavioral trajectories.
  • the customer information includes the customer's ID number, mobile phone number, bank card password, home address, etc.
  • the first key and the second key are different.
  • Step S202 Encrypt the plaintext of the sensitive data according to the first encryption algorithm to obtain the first ciphertext data.
  • the first encryption algorithm may be any one of deterministic encryption algorithms, and the first encryption algorithm includes but is not limited to MD5 algorithm, SM3 algorithm, SHA256 algorithm, and HMAC algorithm.
  • the plaintext of the sensitive data is plain_id
  • the plain_id is encrypted based on the SM3 algorithm to obtain the first ciphertext data tmp_secure_id.
  • Step S203 Encrypt the first ciphertext data according to the second encryption algorithm and the first key to obtain second ciphertext data.
  • the second encryption algorithm may be any one of the format-reserved encryption algorithms, and the second encryption algorithm includes but is not limited to the FF1 algorithm and the FF3-1 algorithm.
  • tmp_secure_id is encrypted based on the FF1 algorithm and the first key to obtain the second ciphertext data app_secure_id.
  • Step S204 Encrypt the mapping relationship between the plaintext of the sensitive data and the second ciphertext data according to the third encryption algorithm and the second key to obtain the ciphertext data of the mapping relationship.
  • the third encryption algorithm may be any public key or private key encryption algorithm, including but not limited to RSA algorithm, SM2 algorithm, ECC algorithm, AES algorithm, SM4 algorithm, and 3DES algorithm.
  • RSA algorithm public key or private key encryption algorithm
  • SM2 algorithm ECC algorithm
  • AES algorithm AES algorithm
  • SM4 algorithm 3DES algorithm
  • the mapping relationship between plain_id and app_secure_id is encrypted according to the AES algorithm and the second key to obtain the mapping relationship ciphertext data secure_cypher_id_map.
  • the second ciphertext data, the first key and the mapping relation ciphertext data are stored.
  • Step S205 Send the second ciphertext data and the first key to the data collision device.
  • the data collision application instruction triggered by the target participant obtain the second ciphertext data of the target participant, the first key, and the IP addresses of the other participants participating in the data collision, and generate a second ciphertext carrying the second ciphertext.
  • the data collision application request of the data, the first key and the IP addresses of the remaining participants participating in the data collision and then send the data collision application request to the data collision device, and the data collision device obtains the target participant's data collision application request from the data collision application request.
  • the second ciphertext data and the first key are sent to the remaining participants based on their IP addresses, and the authorization application information is sent to the remaining participants, and the second ciphertext data and the first key sent by the remaining participants based on the authorization application information are obtained. .
  • the data collision device inputs the received second ciphertext data and the first key of each participant into the security chip, and the security chip uses the second encryption algorithm and the corresponding first cipher of each participant. and decrypt the corresponding second ciphertext data to obtain the first ciphertext data of multiple participants; the security chip runs a data collision program to collide and compare the first ciphertext data of multiple participants; obtain the output of the security chip and the intersection of the first ciphertext data of the multiple participants is determined according to the collision comparison result, and then the intersection of the first ciphertext data of the multiple participants is sent to the target participant.
  • Step S206 Acquire the intersection sent by the data collision device, and encrypt the intersection according to the second encryption algorithm and the first key.
  • the data encryption device obtains the intersection of the first ciphertext data of the multiple participants sent by the data collision device, and encrypts the intersection of the first ciphertext data of the multiple participants according to the second encryption algorithm and its own first key .
  • Step S207 Decrypt the ciphertext data of the mapping relationship according to the third encryption algorithm and the second key to obtain the plaintext of the mapping relationship between the plaintext of the sensitive data and the second ciphertext data.
  • the third encryption algorithm may be any public key or private key encryption algorithm, including but not limited to RSA algorithm, SM2 algorithm, ECC algorithm, AES algorithm, SM4 algorithm, and 3DES algorithm.
  • Step S208 Obtain the corresponding sensitive data plaintext from the mapping relationship plaintext according to the encrypted intersection.
  • the corresponding plaintext of the sensitive data can be obtained from the plaintext of the mapping relationship between the plaintext of the sensitive data and the data of the second ciphertext according to the encrypted intersection.
  • FIG. 4 is a schematic block diagram of a data collision apparatus provided by an embodiment of the present application.
  • the data collision device 300 includes: an acquisition module 310 and a data collision module 320, wherein:
  • the acquiring module 310 is configured to acquire the second ciphertext data and the first key of the multiple participants, wherein the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and The second ciphertext data is obtained by encrypting the first ciphertext data according to the second encryption algorithm and the first key.
  • the first encryption algorithm is different from the second encryption algorithm, and the first keys are different;
  • the data collision module 320 is configured to decrypt the corresponding second ciphertext data according to the second encryption algorithm and the first key corresponding to each of the participants to obtain the plurality of The first ciphertext data of the participant.
  • the data collision module 320 is further configured to determine the intersection of the first ciphertext data of the multiple participants, and send the intersection to each of the participants, wherein the participants are based on the second Encrypting the intersection with the encryption algorithm and the first key, and decrypting the ciphertext data of the mapping relationship according to the third encryption algorithm and the second key, to obtain the mapping between the second ciphertext data and the plaintext of the sensitive data For the relation plaintext, according to the encrypted intersection, obtain the corresponding sensitive data plaintext from the mapping relation plaintext.
  • the data collision module 320 includes an input sub-module 321, a security chip 322 and an acquisition sub-module 323, wherein:
  • the input sub-module 321 is used to input the second ciphertext data and the first key of the multiple participants into the security chip 322;
  • the security chip 322 is configured to decrypt the corresponding second ciphertext data according to the second encryption algorithm and the first key corresponding to each of the participants to obtain the plurality of participants The first ciphertext data of ;
  • the obtaining sub-module 323 is configured to obtain the first ciphertext data of the multiple participants output by the security chip 322 .
  • the security chip 322 is further configured to run a data collision program to perform collision comparison on the first ciphertext data of the multiple participants;
  • the obtaining sub-module 323 is further configured to obtain the collision comparison result output by the security chip, and determine the intersection of the first ciphertext data of the multiple participants according to the collision comparison result.
  • the obtaining module 310 is further configured to:
  • the target participant obtaining a data collision application request sent by the target participant, where the data collision application request includes a plurality of other participants applying for participating in the data collision;
  • the data collision device further includes a sending module, the sending module is configured to:
  • the first encryption algorithm is a deterministic encryption algorithm, and the first encryption algorithm includes: MD5 algorithm, SM3 algorithm, SHA256 algorithm, and HMAC algorithm;
  • the second encryption algorithm is a format-preserving encryption algorithm, and the second encryption algorithm includes: FF1 algorithm and FF3-1 algorithm.
  • the apparatuses provided in the above embodiments may be implemented in the form of a computer program, and the computer program may be executed on the computer device as shown in FIG. 6 .
  • FIG. 6 is a schematic structural block diagram of a computer device provided by an embodiment of the present application.
  • the computer device may be a data collision device or a data encryption device.
  • the computer device includes a processor, a memory, and a network interface connected through a system bus, wherein the memory may include a storage medium and an internal memory.
  • the storage medium may store an operating system and a computer program.
  • the computer program includes program instructions that, when executed, can cause the processor to perform any data collision method.
  • the processor is used to provide computing and control capabilities to support the operation of the entire computer equipment.
  • the internal memory provides an environment for running the computer program in the storage medium.
  • the processor can execute any data collision method.
  • the network interface is used for network communication, such as sending assigned tasks.
  • the network interface is used for network communication, such as sending assigned tasks.
  • FIG. 6 is only a block diagram of a partial structure related to the solution of the present application, and does not constitute a limitation on the computer equipment to which the solution of the present application is applied. Include more or fewer components than shown in the figures, or combine certain components, or have a different arrangement of components.
  • the processor may be a central processing unit (Central Processing Unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (Digital Signal Processors, DSP), application specific integrated circuits (Application Specific Integrated circuits) Circuit, ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor can be a microprocessor or the processor can also be any conventional processor or the like.
  • the processor is used for running the computer program stored in the memory to realize the following steps:
  • the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and according to the second encryption algorithm and the The first key encrypts the first ciphertext data to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
  • the processor decrypts the corresponding second ciphertext data according to the second encryption algorithm and the first key corresponding to each of the participants to obtain the corresponding second ciphertext data.
  • the processor decrypts the corresponding second ciphertext data according to the second encryption algorithm and the first key corresponding to each of the participants to obtain the corresponding second ciphertext data.
  • the security chip decrypts the second ciphertext data corresponding to each of the participating parties according to the second encryption algorithm and the first key corresponding to each of the participating parties to obtain the first encryption data of the multiple participating parties.
  • the processor when the processor determines the intersection of the first ciphertext data of the multiple participants, the processor is configured to:
  • the collision comparison result output by the security chip is acquired, and the intersection of the first ciphertext data of the multiple participants is determined according to the collision comparison result.
  • the processor when the processor acquires the second ciphertext data and the first key of the multiple participants, the processor is configured to:
  • the target participant obtaining a data collision application request sent by the target participant, where the data collision application request includes a plurality of other participants applying for participating in the data collision;
  • processor is further configured to implement the following steps:
  • the first encryption algorithm is a deterministic encryption algorithm, and the first encryption algorithm includes: MD5 algorithm, SM3 algorithm, SHA256 algorithm, and HMAC algorithm;
  • the second encryption algorithm is a format-preserving encryption algorithm, and the second encryption algorithm includes: FF1 algorithm and FF3-1 algorithm.
  • the processor is further configured to implement the following steps:
  • Decrypt the two ciphertext data to obtain the first ciphertext data of the multiple participants, and determine the intersection of the first ciphertext data of the multiple participants;
  • mapping relationship ciphertext data Decrypt the mapping relationship ciphertext data according to the third encryption algorithm and the second key to obtain the mapping relationship plaintext between the sensitive data plaintext and the second ciphertext data;
  • the corresponding sensitive data plaintext is obtained from the mapping relationship plaintext.
  • Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, the computer program includes program instructions, and when the program instructions are executed, the following steps are implemented:
  • the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and according to the second encryption algorithm and the The first key encrypts the first ciphertext data to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
  • the computer-readable storage medium may be volatile or non-volatile.
  • the computer-readable storage medium may be an internal storage unit of the computer device described in the foregoing embodiments, such as a hard disk or a memory of the computer device.
  • the computer-readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk equipped on the computer device, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) ) card, Flash Card, etc.
  • the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function, and the like; The data created by the use of the node, etc.
  • the blockchain referred to in this application is a new application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm.
  • Blockchain essentially a decentralized database, is a series of data blocks associated with cryptographic methods. Each data block contains a batch of network transaction information to verify its Validity of information (anti-counterfeiting) and generation of the next block.
  • the blockchain can include the underlying platform of the blockchain, the platform product service layer, and the application service layer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present application relates to the field of security protection, and provides a data collision method, apparatus and device, and a computer-readable storage medium. The method comprises: acquiring second ciphertext data and first keys of a plurality of participants, wherein different participants have different first keys; according to a second encryption algorithm and the respective first keys corresponding to the participants, decrypting the respective corresponding second ciphertext data to obtain first ciphertext data of the plurality of participants; and determining an intersection set of the first ciphertext data of the plurality of participants, and sending the intersection set to the participants. By means of the present application, the problem of realizing the collision of sensitive data insofar as the sensitive data is not leaked is solved. The present application further relates to the field of blockchains, and the computer-readable storage medium can store data, which is created according to the use of a blockchain node.

Description

数据碰撞方法、装置、设备及计算机可读存储介质Data collision method, apparatus, device, and computer-readable storage medium
本申请要求于2021年4月16日提交中国专利局、申请号为202110414455.8、发明名称为“数据碰撞方法、装置、设备及计算机可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on April 16, 2021 with the application number 202110414455.8 and the invention titled "Data Collision Method, Apparatus, Equipment and Computer-readable Storage Medium", the entire contents of which are approved by Reference is incorporated in this application.
技术领域technical field
本申请涉及安全防护领域,尤其涉及一种数据碰撞方法、装置、设备及计算机可读存储介质。The present application relates to the field of security protection, and in particular, to a data collision method, apparatus, device, and computer-readable storage medium.
背景技术Background technique
随着网络化和数字化程度不断加深,大量涉及个人隐私、财产信息和行为轨迹等数据在互联网上存储和传输,保护数据安全的重要性不言而喻。对于企业而言,主要是对商业秘密和用户资料等敏感数据进行加密保护,在与其他企业进行某项业务合作时,利用这部分数据可以产生很大的业务价值,但出于敏感数据保护的目的,这部分数据往往不能明文传输给对方,当某些业务需要双方敏感数据进行数据碰撞时,这部分业务功能无法实现。With the deepening of networking and digitization, a large amount of data involving personal privacy, property information, and behavioral trajectories are stored and transmitted on the Internet. The importance of protecting data security is self-evident. For enterprises, it is mainly to encrypt and protect sensitive data such as trade secrets and user information. When conducting a business cooperation with other enterprises, the use of this part of data can generate great business value, but due to the protection of sensitive data For this purpose, this part of the data often cannot be transmitted to the other party in clear text. When some services require sensitive data from both parties for data collision, this part of the business function cannot be realized.
目前,主要是基于常用的加密算法将数据进行加密后用密文传输,但双方可以通过选用相同的加密算法得到密文进行数据碰撞,但发明人发现任意一方都可以通过建立密文与明文的映射关系来反推出对方所传输的信息,这就造成了数据泄露的问题。因此,如何在不泄露敏感数据的前提下,实现敏感数据的碰撞是目前亟待解决的问题。At present, the data is mainly encrypted based on the commonly used encryption algorithm and then transmitted in ciphertext, but both parties can obtain the ciphertext by selecting the same encryption algorithm for data collision, but the inventor found that either party can establish the ciphertext and plaintext The mapping relationship is used to deduce the information transmitted by the other party, which causes the problem of data leakage. Therefore, how to realize the collision of sensitive data without revealing sensitive data is an urgent problem to be solved at present.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供一种数据碰撞方法、装置、设备及计算机可读存储介质,旨在不泄露敏感数据的前提下,实现敏感数据的碰撞。Embodiments of the present application provide a data collision method, apparatus, device, and computer-readable storage medium, which aim to realize the collision of sensitive data on the premise of not leaking sensitive data.
第一方面,本申请实施例提供一种数据碰撞方法,包括:In a first aspect, an embodiment of the present application provides a data collision method, including:
获取多个参与方的第二密文数据和第一密钥,其中,所述参与方根据第一加密算法对敏感数据明文进行加密得到第一密文数据,并根据第二加密算法和所述第一密钥对所述第一密文数据进行加密得到所述第二密文数据,所述第一加密算法与所述第二加密算法不同,不同参与方的所述第一密钥不同;Obtain the second ciphertext data and the first key of multiple participants, wherein the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and according to the second encryption algorithm and the The first key encrypts the first ciphertext data to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密,得到所述多个参与方的第一密文数据;Decrypt the second ciphertext data corresponding to each of the participating parties according to the second encryption algorithm and the first key corresponding to each of the participating parties to obtain the first ciphertext data of the plurality of participating parties;
确定所述多个参与方的第一密文数据的交集,并向每个所述参与方发送所述交集,其中,所述参与方基于所述第二加密算法和所述第一密钥对所述交集进行加密,并根据第三加密算法和第二密钥对映射关系密文数据进行解密,得到第二密文数据与敏感数据明文之间的映射关系明文,根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。determining an intersection of the first ciphertext data of the plurality of parties, and sending the intersection to each of the parties, wherein the parties are based on the second encryption algorithm and the first key pair The intersection is encrypted, and the ciphertext data of the mapping relationship is decrypted according to the third encryption algorithm and the second key to obtain the plaintext of the mapping relationship between the second ciphertext data and the plaintext of the sensitive data. The corresponding sensitive data plaintext is obtained from the plaintext of the mapping relationship.
第二方面,本申请实施例还提供一种数据碰撞方法,包括:In a second aspect, an embodiment of the present application further provides a data collision method, including:
获取敏感数据明文、第一密钥和第二密钥,所述第一密钥与所述第二密钥不同;Obtaining plaintext of sensitive data, a first key and a second key, where the first key is different from the second key;
根据第一加密算法对所述敏感数据明文进行加密,得到第一密文数据;Encrypting the sensitive data plaintext according to the first encryption algorithm to obtain first ciphertext data;
根据第二加密算法和所述第一密钥对所述第一密文数据进行加密,得到第二密文数据,所述第一加密算法与所述第二加密算法不同;Encrypting the first ciphertext data according to a second encryption algorithm and the first key to obtain second ciphertext data, where the first encryption algorithm is different from the second encryption algorithm;
根据第三加密算法和所述第二密钥对所述敏感数据明文与所述第二密文数据之间的映射关系进行加密,得到映射关系密文数据;Encrypt the mapping relationship between the sensitive data plaintext and the second ciphertext data according to the third encryption algorithm and the second key to obtain mapping relationship ciphertext data;
向数据碰撞设备发送所述第二密文数据和所述第一密钥,以供所述数据碰撞设备根据所述第二加密算法和每个参与方的第一密钥,对各自对应的第二密文数据进行解密,得到多个参与方的第一密文数据,并确定所述多个参与方的第一密文数据的交集;Send the second ciphertext data and the first key to the data collision device, so that the data collision device can compare the corresponding first key according to the second encryption algorithm and the first key of each participant. Decrypt the two ciphertext data to obtain the first ciphertext data of the multiple participants, and determine the intersection of the first ciphertext data of the multiple participants;
获取所述数据碰撞设备发送的所述交集,并根据所述第二加密算法和所述第一密钥对所述交集进行加密;acquiring the intersection sent by the data collision device, and encrypting the intersection according to the second encryption algorithm and the first key;
根据所述第三加密算法和所述第二密钥对所述映射关系密文数据进行解密,得到所述敏感数据明文与所述第二密文数据之间的映射关系明文;Decrypt the mapping relationship ciphertext data according to the third encryption algorithm and the second key to obtain the mapping relationship plaintext between the sensitive data plaintext and the second ciphertext data;
根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。According to the encrypted intersection, the corresponding sensitive data plaintext is obtained from the mapping relationship plaintext.
第三方面,本申请实施例还提供一种数据碰撞装置,所述数据碰撞装置包括:In a third aspect, an embodiment of the present application further provides a data collision device, where the data collision device includes:
获取模块,用于获取多个参与方的第二密文数据和第一密钥,其中,所述参与方根据第一加密算法对敏感数据明文进行加密得到第一密文数据,并根据第二加密算法和所述第一密钥对所述第一密文数据进行加密得到所述第二密文数据,所述第一加密算法与所述第二加密算法不同,不同参与方的所述第一密钥不同;The obtaining module is used to obtain the second ciphertext data and the first key of the plurality of participants, wherein the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and the second ciphertext data is obtained according to the second encryption algorithm. The encryption algorithm and the first key encrypt the first ciphertext data to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first encryption algorithm of different participants is different. a different key;
数据碰撞模块,用于根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密,得到所述多个参与方的第一密文数据;The data collision module is used for decrypting the corresponding second ciphertext data according to the second encryption algorithm and the first key corresponding to each of the participants to obtain the data of the multiple participants. the first ciphertext data;
所述数据碰撞模块,还用于确定所述多个参与方的第一密文数据的交集,并向每个所述参与方发送所述交集,其中,所述参与方基于所述第二加密算法和所述第一密钥对所述交集进行加密,并根据第三加密算法和第二密钥对映射关系密文数据进行解密,得到第二密文数据与敏感数据明文之间的映射关系明文,根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。The data collision module is further configured to determine the intersection of the first ciphertext data of the multiple participants, and send the intersection to each of the participants, wherein the participants are based on the second encryption The intersection is encrypted with the algorithm and the first key, and the ciphertext data of the mapping relationship is decrypted according to the third encryption algorithm and the second key to obtain the mapping relationship between the second ciphertext data and the plaintext of the sensitive data For the plaintext, according to the encrypted intersection, obtain the corresponding plaintext of the sensitive data from the plaintext of the mapping relationship.
第四方面,本申请实施例还提供一种计算机设备,所述计算机设备包括处理器、存储器、以及存储在所述存储器上并可被所述处理器执行的计算机程序,其中所述计算机程序被所述处理器执行时,实现如上所述的数据碰撞方法的步骤。In a fourth aspect, embodiments of the present application further provide a computer device, the computer device includes a processor, a memory, and a computer program stored on the memory and executable by the processor, wherein the computer program is executed by When executed by the processor, the steps of the data collision method described above are implemented.
第五方面,本申请实施例还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,其中所述计算机程序被处理器执行时,实现如上所述的数据碰撞方法的步骤。In a fifth aspect, embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, wherein when the computer program is executed by a processor, the data collision method as described above is implemented A step of.
本申请实施例提供一种数据碰撞方法、装置、设备及计算机可读存储介质,该方法通过获取多个参与方的第二密文数据和第一密钥,每个参与方的第一密钥不同,并根据加密算法和每个参与方的第一密钥对各自对应的第二密文数据进行解密,得到多个参与方的第一密文数据,然后确定多个参与方的第一密文数据的交集,并向每个参与方发送交集,由于在进行数据碰撞时,是针对密文数据进行的,且每个参与方的第一密钥不同,使得通过不同的第一密钥可以得到不同的密文数据,保证参与方之间的密文数据的隔离性,能够解决在不泄露敏感数据的前提下,实现敏感数据的碰撞的问题,提高敏感数据的安全性和共享流通。The embodiments of the present application provide a data collision method, apparatus, device, and computer-readable storage medium. The method obtains the second ciphertext data and the first key of multiple participants, and the first key of each participant and decrypt the corresponding second ciphertext data according to the encryption algorithm and the first key of each participant to obtain the first ciphertext data of multiple participants, and then determine the first ciphertext data of the multiple participants. The intersection of text data and the intersection of text and data are sent to each participant. Since the data collision is carried out for the cipher text data, and the first key of each participant is different, it is possible to use different first keys. Obtaining different ciphertext data ensures the isolation of ciphertext data between participants, which can solve the problem of collision of sensitive data without revealing sensitive data, and improve the security and shared circulation of sensitive data.
附图说明Description of drawings
为了更清楚地说明本申请实施例技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the technical solutions of the embodiments of the present application more clearly, the following briefly introduces the accompanying drawings used in the description of the embodiments. For those of ordinary skill, other drawings can also be obtained from these drawings without any creative effort.
图1是本申请实施例提供的一种数据碰撞方法的流程示意图;1 is a schematic flowchart of a data collision method provided by an embodiment of the present application;
图2是实施本实施例提供的数据碰撞方法的一场景示意图;FIG. 2 is a schematic diagram of a scene for implementing the data collision method provided by the present embodiment;
图3是本申请实施例提供的另一种数据碰撞方法的流程示意图;3 is a schematic flowchart of another data collision method provided by an embodiment of the present application;
图4是本申请实施例提供的一种数据碰撞装置的示意性框图;4 is a schematic block diagram of a data collision device provided by an embodiment of the present application;
图5是图4中的数据碰撞装置的子模块的示意性框图;5 is a schematic block diagram of a submodule of the data collision device in FIG. 4;
图6是本申请实施例提供的一种计算机设备的结构示意性框图。FIG. 6 is a schematic structural block diagram of a computer device provided by an embodiment of the present application.
本申请目的的实现、功能特点及优点将结合实施例,参阅附图做进一步说明。The realization, functional characteristics and advantages of the purpose of the present application will be further described with reference to the accompanying drawings in conjunction with the embodiments.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
附图中所示的流程图仅是示例说明,不是必须包括所有的内容和操作/步骤,也不是必须按所描述的顺序执行。例如,有的操作/步骤还可以分解、组合或部分合并,因此实际执行的顺序有可能根据实际情况改变。The flowcharts shown in the figures are for illustration only, and do not necessarily include all contents and operations/steps, nor do they have to be performed in the order described. For example, some operations/steps can also be decomposed, combined or partially combined, so the actual execution order may be changed according to the actual situation.
本申请实施例提供一种数据碰撞方法、装置、设备及计算机可读存储介质。其中,该数据碰撞方法可应用于数据碰撞设备或数据加密设备中,数据碰撞设备或数据加密设备可以为终端设备,也可以为服务器,该终端设备可以手机、平板电脑、笔记本电脑、台式电脑、个人数字助理和穿戴式设备等,该数据碰撞方法也可以应用于服务器中,该服务器可以为单台的服务器,也可以为多台服务器组成的服务器集群。Embodiments of the present application provide a data collision method, apparatus, device, and computer-readable storage medium. The data collision method can be applied to a data collision device or a data encryption device, and the data collision device or data encryption device can be a terminal device or a server, and the terminal device can be a mobile phone, a tablet computer, a notebook computer, a desktop computer, Personal digital assistants and wearable devices, etc., the data collision method can also be applied to a server, and the server can be a single server or a server cluster composed of multiple servers.
下面结合附图,对本申请的一些实施方式作详细说明。在不冲突的情况下,下述的实施例及实施例中的特征可以相互组合。Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and features in the embodiments may be combined with each other without conflict.
请参阅图1,图1是本申请实施例提供的一种数据碰撞方法的流程示意图。该数据碰撞方法应用于数据碰撞设备,该数据碰撞设备可以为终端设备,也可以为服务器。Please refer to FIG. 1. FIG. 1 is a schematic flowchart of a data collision method provided by an embodiment of the present application. The data collision method is applied to a data collision device, and the data collision device may be a terminal device or a server.
如图1所示,该数据碰撞方法包括步骤S101至步骤S103。As shown in FIG. 1 , the data collision method includes steps S101 to S103.
步骤S101、获取多个参与方的第二密文数据和第一密钥。Step S101: Acquire second ciphertext data and first keys of multiple participants.
其中,参与方为敏感数据的持有方,第二密文数据是通过对敏感数据明文进行两次加密得到的。The participant is the holder of the sensitive data, and the second ciphertext data is obtained by encrypting the plaintext of the sensitive data twice.
示例性的,数据加密设备获取参与方输入的敏感数据明文、第一密钥和第二密钥,并生成随机密钥;根据随机密钥和第一加密算法对敏感数据明文进行加密,得到第一密文数据,并根据第二加密算法和第一密钥对第一密文数据进行加密,得到第二密文数据;根据第三加密算法和第二密钥对敏感数据明文与第二密文数据之间的映射关系进行加密,得到映射关系密文数据,存储第二密文数据和映射关系密文数据。例如,敏感数据明文为 plain_id,基于第一加密算法和随机密钥对plain_id进行加密,得到第一密文数据tmp_secure_id,基于第二加密算法和第一密钥对tmp_secure_id进行加密,得到第二密文数据app_secure_id,根据第三加密算法和第二密钥对plain_id与app_secure_id之间的映射关系进行加密,得到映射关系密文数据secure_cypher_id_map。Exemplarily, the data encryption device obtains the sensitive data plaintext, the first key and the second key input by the participant, and generates a random key; encrypts the sensitive data plaintext according to the random key and the first encryption algorithm, and obtains the first key. ciphertext data, and encrypt the first ciphertext data according to the second encryption algorithm and the first key to obtain the second ciphertext data; according to the third encryption algorithm and the second key, the sensitive data plaintext and the second ciphertext data are encrypted The mapping relationship between the text data is encrypted to obtain the mapping relationship cipher text data, and the second cipher text data and the mapping relationship cipher text data are stored. For example, the plaintext of the sensitive data is plain_id, the plain_id is encrypted based on the first encryption algorithm and the random key to obtain the first ciphertext data tmp_secure_id, and the tmp_secure_id is encrypted based on the second encryption algorithm and the first key to obtain the second ciphertext For the data app_secure_id, the mapping relationship between plain_id and app_secure_id is encrypted according to the third encryption algorithm and the second key to obtain the mapping relationship ciphertext data secure_cypher_id_map.
其中,各参与方持有各自的数据加密设备,该数据加密设备可以为安装有数据加密程序的终端设备或服务器,通过该数据加密程序可以实现对敏感数据明文的加密,进而得到第二密文数据和映射关系密文,各参与方的第一密钥和第二密钥不同,第一加密算法与第二加密算法不同,第一加密算法可以为确定性加密算法中的任一种,第一加密算法包括但不限于MD5算法、SM3算法、SHA256算法、HMAC算法,例如,使用SM3算法对敏感数据明文进行加密,第二加密算法为格式保留加密算法中的任一种,第二加密算法包括但不限于FF1算法、FF3-1算法,例如,使用FF3-1算法和第一密钥对第一密文数据进行加密,第三加密算法可以为任意的公钥或私钥加密算法,第三加密算法包括但不限于RSA算法、SM2算法、ECC算法、AES算法、SM4算法、3DES算法,例如,使用SM2算法和第二密钥对敏感数据明文与第二密文数据之间的映射关系进行加密。Wherein, each participant holds its own data encryption device, and the data encryption device can be a terminal device or a server installed with a data encryption program. Through the data encryption program, the plaintext of the sensitive data can be encrypted, and then the second ciphertext can be obtained. The data and the ciphertext of the mapping relationship, the first key and the second key of each participant are different, and the first encryption algorithm is different from the second encryption algorithm. The first encryption algorithm can be any one of the deterministic encryption algorithms. An encryption algorithm includes but is not limited to MD5 algorithm, SM3 algorithm, SHA256 algorithm, HMAC algorithm, for example, using SM3 algorithm to encrypt sensitive data plaintext, the second encryption algorithm is any one of the format-preserving encryption algorithms, the second encryption algorithm Including but not limited to FF1 algorithm, FF3-1 algorithm, for example, using FF3-1 algorithm and the first key to encrypt the first ciphertext data, the third encryption algorithm can be any public key or private key encryption algorithm, the third encryption algorithm Three encryption algorithms include but are not limited to RSA algorithm, SM2 algorithm, ECC algorithm, AES algorithm, SM4 algorithm, 3DES algorithm, for example, use the SM2 algorithm and the second key to map the relationship between the sensitive data plaintext and the second ciphertext data to encrypt.
示例性的,敏感数据明文为plain_id,基于SHA256算法和随机密钥对plain_id进行加密,得到第一密文数据tmp_secure_id,基于FF1算法和第一密钥对tmp_secure_id进行加密,得到第二密文数据app_secure_id,根据RSA算法和第二密钥对plain_id与app_secure_id之间的映射关系进行加密,得到映射关系密文数据secure_cypher_id_map。Exemplarily, the plaintext of the sensitive data is plain_id, and the plain_id is encrypted based on the SHA256 algorithm and a random key to obtain the first ciphertext data tmp_secure_id, and the tmp_secure_id is encrypted based on the FF1 algorithm and the first key to obtain the second ciphertext data app_secure_id , encrypt the mapping relationship between plain_id and app_secure_id according to the RSA algorithm and the second key, and obtain the mapping relationship ciphertext data secure_cypher_id_map.
在一实施例中,数据碰撞设备从外部存储设备中获取多个参与方的第二密文数据和第一密钥。或者,数据碰撞设备接收多个数据加密设备发送的第二密文数据和第一密钥,一个数据加密设备发送一组第二密文数据和第一密钥,各参与方持有各自的数据加密设备。其中,该外部存储设备包括插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)、优盘等。In one embodiment, the data collision device obtains the second ciphertext data and the first key of the plurality of participants from an external storage device. Alternatively, the data collision device receives the second ciphertext data and the first key sent by multiple data encryption devices, one data encryption device sends a set of second ciphertext data and the first key, and each participant holds their own data encrypted device. The external storage device includes a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card, a flash memory card (Flash Card), a USB flash drive, and the like.
步骤S102、根据第二加密算法和每个参与方各自对应的第一密钥,对各自对应的第二密文数据进行解密,得到多个参与方的第一密文数据。Step S102: Decrypt the second ciphertext data corresponding to each participant according to the second encryption algorithm and the first key corresponding to each participant to obtain the first ciphertext data of the multiple participants.
例如,多个参与方包括第一参与方、第二参与方和第三参与方,第一参与方持有的第二密文数据和第一密钥分别为app_secure_id-1和key_1-1,第二参与方持有的第二密文数据和第一密钥分别为app_secure_id-2和key_1-2,第三参与方持有的第二密文数据和第一密钥分别为app_secure_id-3和key_1-3,因此,根据第二加密算法和key_1-1对app_secure_id-1进行解密,可以得到第一密文数据tmp_secure_id-1,根据第二加密算法和key_1-2对app_secure_id-2进行解密,可以得到第一密文数据tmp_secure_id-2,根据第二加密算法和key_1-3对app_secure_id-3进行解密,可以得到第一密文数据tmp_secure_id-3。For example, the multiple participants include a first participant, a second participant, and a third participant, and the second ciphertext data and the first key held by the first participant are app_secure_id-1 and key_1-1, respectively. The second ciphertext data and the first key held by the second party are app_secure_id-2 and key_1-2 respectively, and the second ciphertext data and the first key held by the third party are app_secure_id-3 and key_1 respectively -3, therefore, decrypt app_secure_id-1 according to the second encryption algorithm and key_1-1 to obtain the first ciphertext data tmp_secure_id-1, and decrypt app_secure_id-2 according to the second encryption algorithm and key_1-2 to obtain For the first ciphertext data tmp_secure_id-2, decrypt app_secure_id-3 according to the second encryption algorithm and key_1-3 to obtain the first ciphertext data tmp_secure_id-3.
在一实施例中,将多个参与方的第二密文数据和第一密钥输入安全芯片,以供安全芯片根据第二加密算法和每个参与方各自对应的第一密钥,对各自对应的第二密文数据进行解密得到多个参与方的第一密文数据;获取安全芯片输出的多个参与方的第一密文数据。通过将多个参与方的第二密文数据和第一密钥输入安全芯片,由安全芯片进行解密,可以进一步的提高敏感数据的安全性。In one embodiment, the second ciphertext data and the first key of the multiple participants are input into the security chip, so that the security chip can use the second encryption algorithm and the first key corresponding to each participant to Decrypt the corresponding second ciphertext data to obtain the first ciphertext data of the multiple participants; and obtain the first ciphertext data of the multiple participants output by the security chip. The security of sensitive data can be further improved by inputting the second ciphertext data and the first key of multiple participants into the security chip and decrypting by the security chip.
步骤S103、确定多个参与方的第一密文数据的交集,并向每个参与方发送交集。Step S103: Determine the intersection of the first ciphertext data of the multiple participants, and send the intersection to each participant.
其中,参与方在接收到多个参与方的第一密文数据的交集后,基于第二加密算法和自 己的第一密钥对该交集进行加密,并根据第三加密算法和第二密钥对映射关系密文数据进行解密,得到第二密文数据与敏感数据明文之间的映射关系明文,根据加密后的交集,从该映射关系明文中获取对应的敏感数据明文。Wherein, after receiving the intersection of the first ciphertext data of multiple participants, the participant encrypts the intersection based on the second encryption algorithm and its own first key, and encrypts the intersection according to the third encryption algorithm and the second key. Decrypt the ciphertext data of the mapping relationship to obtain the plaintext of the mapping relationship between the second ciphertext data and the plaintext of the sensitive data, and obtain the corresponding plaintext of the sensitive data from the plaintext of the mapping relationship according to the encrypted intersection.
在一实施例中,运行安全芯片内的数据碰撞程序对多个参与方的第一密文数据进行碰撞对比;获取安全芯片输出的碰撞对比结果,并根据碰撞对比结果确定多个参与方的第一密文数据的交集。其中,安全芯片内的数据碰撞程序可以根据各参与方的需求进行更新。通过安全芯片来对多个参与方的第一密文数据进行碰撞对比,并输出碰撞对比结果,可以进一步的保证敏感数据的安全性。In one embodiment, the data collision program in the security chip is run to perform collision comparison on the first ciphertext data of the multiple participants; the collision comparison result output by the security chip is obtained, and the first ciphertext data of the multiple participants is determined according to the collision comparison result. An intersection of ciphertext data. Among them, the data collision program in the security chip can be updated according to the needs of each participant. The first ciphertext data of multiple participants is subjected to collision comparison through the security chip, and the collision comparison result is output, which can further ensure the security of sensitive data.
在一实施例中,将多个参与方的第二密文数据和第一密钥输入安全芯片,安全芯片根据第二加密算法和每个参与方各自对应的第一密钥,对各自对应的第二密文数据进行解密得到多个参与方的第一密文数据;运行安全芯片内的数据碰撞程序对多个参与方的第一密文数据进行碰撞对比;获取安全芯片输出的碰撞对比结果,并根据碰撞对比结果确定多个参与方的第一密文数据的交集。通过将多个参与方的第二密文数据和第一密钥输入安全芯片,由安全芯片完成解密过程和数据碰撞过程,输出碰撞对比结果,不输出中间结果,可以进一步的保证敏感数据的安全性。In one embodiment, the second ciphertext data and the first key of the multiple participants are input into the security chip, and the security chip, according to the second encryption algorithm and the first key corresponding to each participant, Decrypt the second ciphertext data to obtain the first ciphertext data of multiple participants; run the data collision program in the security chip to compare the first ciphertext data of the multiple participants; obtain the collision comparison result output by the security chip , and determine the intersection of the first ciphertext data of multiple participants according to the collision comparison result. By inputting the second ciphertext data and the first key of multiple participants into the security chip, the security chip completes the decryption process and the data collision process, and outputs the collision comparison result without outputting the intermediate result, which can further ensure the security of sensitive data. sex.
在一实施例中,数据碰撞设备获取目标参与方发送的数据碰撞申请请求,该数据碰撞申请请求包括申请参与数据碰撞的多个其余参与方;向每个其余参与方发送授权申请信息,并获取每个其余参与方基于该授权申请信息发送的第二密文数据和第一密钥;从该数据碰撞申请请求中获取目标参与方的第二密文数据和第一密钥。其中,数据碰撞设备获取目标参与方持有的数据加密设备发送的数据碰撞申请请求,并向每个其余参与方持有的数据加密设备发送授权申请信息,数据加密设备输出该授权申请信息,若数据加密设备检测到参与方的授权确认指令时,将存储的第二密文数据和第一密钥发送给数据碰撞设备。In one embodiment, the data collision device obtains a data collision application request sent by the target participant, and the data collision application request includes a plurality of remaining participants applying for participating in the data collision; sends authorization application information to each of the remaining participants, and obtains the data collision application request. The second ciphertext data and the first key sent by each of the remaining participants based on the authorization application information; the second ciphertext data and the first key of the target participant are obtained from the data collision application request. Among them, the data collision device obtains the data collision application request sent by the data encryption device held by the target participant, and sends authorization application information to the data encryption device held by each other participant, and the data encryption device outputs the authorization application information. When the data encryption device detects the authorization confirmation instruction of the participant, it sends the stored second ciphertext data and the first key to the data collision device.
例如,如图2所示,数据加密设备21由第一参与方持有,数据加密设备22由第二参与方持有,数据加密设备23由第三参与方持有,当第一参与方想碰撞敏感数据时,通过数据加密设备21向数据碰撞设备10发送数据碰撞申请请求,数据碰撞设备10获取数据加密设备21发送的数据碰撞申请请求,该数据碰撞申请请求携带有数据加密设备22的IP地址和数据加密设备23的IP地址,数据碰撞设备10通过数据加密设备22的IP地址和数据加密设备23的IP地址向数据加密设备22和数据加密设备23发送授权申请信息;For example, as shown in FIG. 2, the data encryption device 21 is held by the first participant, the data encryption device 22 is held by the second participant, and the data encryption device 23 is held by the third participant. When the sensitive data is collided, a data collision application request is sent to the data collision device 10 through the data encryption device 21, and the data collision device 10 obtains the data collision application request sent by the data encryption device 21, and the data collision application request carries the IP of the data encryption device 22. address and the IP address of the data encryption device 23, the data collision device 10 sends authorization application information to the data encryption device 22 and the data encryption device 23 through the IP address of the data encryption device 22 and the IP address of the data encryption device 23;
数据加密设备22输出授权申请信息,数据加密设备22在检测到第二参与方触发的授权确认指令时,向数据碰撞设备10发送第二参与方持有的第二密文数据和第一密钥,数据加密设备23输出授权申请信息,数据加密设备23在检测到第三参与方触发的授权确认指令时,向数据碰撞设备10发送第二参与方持有的第二密文数据和第一密钥,数据碰撞设备10从数据碰撞申请请求中获取第一参与方持有的第二密文数据和第一密钥,获取数据加密设备22发送的第二参与方持有的第二密文数据和第一密钥,获取数据加密设备23发送的第三参与方持有的第二密文数据和第一密钥。The data encryption device 22 outputs the authorization application information. When the data encryption device 22 detects the authorization confirmation instruction triggered by the second participant, it sends the second ciphertext data and the first key held by the second participant to the data collision device 10 , the data encryption device 23 outputs the authorization application information, and when the data encryption device 23 detects the authorization confirmation instruction triggered by the third participant, it sends the second ciphertext data and the first password held by the second participant to the data collision device 10 The data collision device 10 obtains the second ciphertext data and the first key held by the first participant from the data collision application request, and obtains the second ciphertext data held by the second participant sent by the data encryption device 22 and the first key, to obtain the second ciphertext data and the first key held by the third party and sent by the data encryption device 23 .
在一实施例中,数据碰撞设备向目标参与方发送多个参与方的第一密文数据的交集,目标参与方将多个参与方的第一密文数据的交集输入安全芯片进行解密,输出该交集对应的敏感数据明文。通过安全芯片来对多个参与方的第一密文数据的交集进行解密,可以进一步的提高敏感数据的安全性。例如,如图2所示,数据碰撞设备10向数据加密设备21 发送多个参与方的第一密文数据的交集,数据加密设备21将多个参与方的第一密文数据的交集输入安全芯片进行解密,由安全芯片输出该交集对应的敏感数据明文。In one embodiment, the data collision device sends the intersection of the first ciphertext data of the multiple participants to the target participant, and the target participant inputs the intersection of the first ciphertext data of the multiple participants into the security chip for decryption, and outputs the result. The plaintext of the sensitive data corresponding to the intersection. Decrypting the intersection of the first ciphertext data of multiple participants through the security chip can further improve the security of sensitive data. For example, as shown in FIG. 2, the data collision device 10 sends the intersection of the first ciphertext data of the multiple participants to the data encryption device 21, and the data encryption device 21 inputs the intersection of the first ciphertext data of the multiple participants into the security The chip decrypts, and the security chip outputs the plaintext of the sensitive data corresponding to the intersection.
上述实施例提供的数据碰撞方法,通过获取多个参与方的第二密文数据和第一密钥,每个参与方的第一密钥不同,并根据加密算法和每个参与方的第一密钥对各自对应的第二密文数据进行解密,得到多个参与方的第一密文数据,然后确定多个参与方的第一密文数据的交集,并向每个参与方发送交集,由于在进行数据碰撞时,是针对密文数据进行的,且每个参与方的第一密钥不同,使得通过不同的第一密钥可以得到不同的密文数据,保证参与方之间的密文数据的隔离性,能够解决在不泄露敏感数据的前提下,实现敏感数据的碰撞的问题,提高敏感数据的安全性和共享流通。The data collision method provided by the above-mentioned embodiment, by acquiring the second ciphertext data and the first key of multiple participants, the first key of each participant is different, and according to the encryption algorithm and the first key of each participant. The key decrypts the corresponding second ciphertext data to obtain the first ciphertext data of multiple participants, then determines the intersection of the first ciphertext data of the multiple participants, and sends the intersection to each participant, Since the data collision is carried out for the ciphertext data, and the first key of each participant is different, different ciphertext data can be obtained through different first keys, so as to ensure the encryption between the participants. The isolation of text data can solve the problem of collision of sensitive data without leaking sensitive data, and improve the security and shared circulation of sensitive data.
请参阅图3,图3是本申请实施例提供的另一种数据碰撞方法的流程示意图。该数据碰撞方法应用于数据加密设备,该数据加密设备与数据碰撞设备通信连接。Please refer to FIG. 3 , which is a schematic flowchart of another data collision method provided by an embodiment of the present application. The data collision method is applied to a data encryption device, and the data encryption device is connected in communication with the data collision device.
如图3所示,该数据碰撞方法包括步骤S201至S208。As shown in FIG. 3 , the data collision method includes steps S201 to S208.
步骤S201、获取敏感数据明文、第一密钥和第二密钥。Step S201: Obtain the plaintext of the sensitive data, the first key and the second key.
其中,该敏感数据明文可以包括客户信息、财产信息和行为轨迹等数据,客户信息包括客户的身份证号码、手机号码、银行卡密码、家庭住址等,第一密钥和第二密钥不同。The plaintext of the sensitive data may include data such as customer information, property information, and behavioral trajectories. The customer information includes the customer's ID number, mobile phone number, bank card password, home address, etc. The first key and the second key are different.
步骤S202、根据第一加密算法对敏感数据明文进行加密,得到第一密文数据。Step S202: Encrypt the plaintext of the sensitive data according to the first encryption algorithm to obtain the first ciphertext data.
其中,第一加密算法可以为确定性加密算法中的任一种,第一加密算法包括但不限于MD5算法、SM3算法、SHA256算法、HMAC算法。例如,敏感数据明文为plain_id,基于SM3算法对plain_id进行加密,得到第一密文数据tmp_secure_id。The first encryption algorithm may be any one of deterministic encryption algorithms, and the first encryption algorithm includes but is not limited to MD5 algorithm, SM3 algorithm, SHA256 algorithm, and HMAC algorithm. For example, the plaintext of the sensitive data is plain_id, and the plain_id is encrypted based on the SM3 algorithm to obtain the first ciphertext data tmp_secure_id.
步骤S203、根据第二加密算法和第一密钥对第一密文数据进行加密,得到第二密文数据。Step S203: Encrypt the first ciphertext data according to the second encryption algorithm and the first key to obtain second ciphertext data.
其中,第二加密算法可以为格式保留加密算法中的任一种,第二加密算法包括但不限于FF1算法、FF3-1算法。例如,基于FF1算法和第一密钥对tmp_secure_id进行加密,得到第二密文数据app_secure_id。The second encryption algorithm may be any one of the format-reserved encryption algorithms, and the second encryption algorithm includes but is not limited to the FF1 algorithm and the FF3-1 algorithm. For example, tmp_secure_id is encrypted based on the FF1 algorithm and the first key to obtain the second ciphertext data app_secure_id.
步骤S204、根据第三加密算法和第二密钥对敏感数据明文与第二密文数据之间的映射关系进行加密,得到映射关系密文数据。Step S204: Encrypt the mapping relationship between the plaintext of the sensitive data and the second ciphertext data according to the third encryption algorithm and the second key to obtain the ciphertext data of the mapping relationship.
其中,第三加密算法可以为任意的公钥或私钥加密算法,包括但不限于RSA算法、SM2算法、ECC算法、AES算法、SM4算法、3DES算法。例如,根据AES算法和第二密钥对plain_id与app_secure_id之间的映射关系进行加密,得到映射关系密文数据secure_cypher_id_map。存储第二密文数据、第一密钥和映射关系密文数据。The third encryption algorithm may be any public key or private key encryption algorithm, including but not limited to RSA algorithm, SM2 algorithm, ECC algorithm, AES algorithm, SM4 algorithm, and 3DES algorithm. For example, the mapping relationship between plain_id and app_secure_id is encrypted according to the AES algorithm and the second key to obtain the mapping relationship ciphertext data secure_cypher_id_map. The second ciphertext data, the first key and the mapping relation ciphertext data are stored.
步骤S205、向数据碰撞设备发送第二密文数据和第一密钥。Step S205: Send the second ciphertext data and the first key to the data collision device.
示例性的,获取目标参与方触发的数据碰撞申请指令,获取目标参与方的第二密文数据、第一密钥和参与数据碰撞的其余参与方的IP地址,并生成携带有第二密文数据、第一密钥和参与数据碰撞的其余参与方的IP地址的数据碰撞申请请求,然后向数据碰撞设备发送该数据碰撞申请请求,数据碰撞设备从该数据碰撞申请请求中获取目标参与方的第二密文数据和第一密钥,并基于其余参与方的IP地址向其余参与方发送授权申请信息,并获取其余参与方基于该授权申请信息发送的第二密文数据和第一密钥。Exemplarily, obtain the data collision application instruction triggered by the target participant, obtain the second ciphertext data of the target participant, the first key, and the IP addresses of the other participants participating in the data collision, and generate a second ciphertext carrying the second ciphertext. The data collision application request of the data, the first key and the IP addresses of the remaining participants participating in the data collision, and then send the data collision application request to the data collision device, and the data collision device obtains the target participant's data collision application request from the data collision application request. The second ciphertext data and the first key are sent to the remaining participants based on their IP addresses, and the authorization application information is sent to the remaining participants, and the second ciphertext data and the first key sent by the remaining participants based on the authorization application information are obtained. .
在一实施例中,数据碰撞设备将接收到的每个参与方的第二密文数据和第一密钥输入安全芯片,安全芯片根据第二加密算法和每个参与方各自对应的第一密钥,对各自对应的 第二密文数据进行解密得到多个参与方的第一密文数据;安全芯片运行数据碰撞程序对多个参与方的第一密文数据进行碰撞对比;获取安全芯片输出的碰撞对比结果,并根据碰撞对比结果确定多个参与方的第一密文数据的交集,然后向目标参与方发送多个参与方的第一密文数据的交集。In one embodiment, the data collision device inputs the received second ciphertext data and the first key of each participant into the security chip, and the security chip uses the second encryption algorithm and the corresponding first cipher of each participant. and decrypt the corresponding second ciphertext data to obtain the first ciphertext data of multiple participants; the security chip runs a data collision program to collide and compare the first ciphertext data of multiple participants; obtain the output of the security chip and the intersection of the first ciphertext data of the multiple participants is determined according to the collision comparison result, and then the intersection of the first ciphertext data of the multiple participants is sent to the target participant.
步骤S206、获取数据碰撞设备发送的交集,并根据第二加密算法和第一密钥对交集进行加密。Step S206: Acquire the intersection sent by the data collision device, and encrypt the intersection according to the second encryption algorithm and the first key.
数据加密设备获取数据碰撞设备发送的多个参与方的第一密文数据的交集,并根据第二加密算法和自身的第一密钥对多个参与方的第一密文数据的交集进行加密。The data encryption device obtains the intersection of the first ciphertext data of the multiple participants sent by the data collision device, and encrypts the intersection of the first ciphertext data of the multiple participants according to the second encryption algorithm and its own first key .
步骤S207、根据第三加密算法和第二密钥对映射关系密文数据进行解密,得到敏感数据明文与第二密文数据之间的映射关系明文。Step S207: Decrypt the ciphertext data of the mapping relationship according to the third encryption algorithm and the second key to obtain the plaintext of the mapping relationship between the plaintext of the sensitive data and the second ciphertext data.
其中,第三加密算法可以为任意的公钥或私钥加密算法,包括但不限于RSA算法、SM2算法、ECC算法、AES算法、SM4算法、3DES算法。通过第三加密算法和第二密钥对之前存储的映射关系密文数据进行解密,可以得到敏感数据明文与第二密文数据之间的映射关系明文。The third encryption algorithm may be any public key or private key encryption algorithm, including but not limited to RSA algorithm, SM2 algorithm, ECC algorithm, AES algorithm, SM4 algorithm, and 3DES algorithm. By decrypting the previously stored ciphertext data of the mapping relationship by using the third encryption algorithm and the second key, the plaintext of the mapping relationship between the plaintext of the sensitive data and the second ciphertext data can be obtained.
步骤S208、根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。Step S208: Obtain the corresponding sensitive data plaintext from the mapping relationship plaintext according to the encrypted intersection.
在得到敏感数据明文与第二密文数据之间的映射关系明文后,可以根据加密后的交集,从敏感数据明文与第二密文数据之间的映射关系明文中获取对应的敏感数据明文。After obtaining the plaintext of the mapping relationship between the plaintext of the sensitive data and the data of the second ciphertext, the corresponding plaintext of the sensitive data can be obtained from the plaintext of the mapping relationship between the plaintext of the sensitive data and the data of the second ciphertext according to the encrypted intersection.
请参阅图4,图4是本申请实施例提供的一种数据碰撞装置的示意性框图。Please refer to FIG. 4. FIG. 4 is a schematic block diagram of a data collision apparatus provided by an embodiment of the present application.
如图4所示,该数据碰撞装置300,包括:获取模块310和数据碰撞模块320,其中:As shown in FIG. 4 , the data collision device 300 includes: an acquisition module 310 and a data collision module 320, wherein:
所述获取模块310,用于获取多个参与方的第二密文数据和第一密钥,其中,所述参与方根据第一加密算法对敏感数据明文进行加密得到第一密文数据,并根据第二加密算法和所述第一密钥对所述第一密文数据进行加密得到所述第二密文数据,所述第一加密算法与所述第二加密算法不同,不同参与方的所述第一密钥不同;The acquiring module 310 is configured to acquire the second ciphertext data and the first key of the multiple participants, wherein the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and The second ciphertext data is obtained by encrypting the first ciphertext data according to the second encryption algorithm and the first key. The first encryption algorithm is different from the second encryption algorithm, and the the first keys are different;
所述数据碰撞模块320,用于根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密,得到所述多个参与方的第一密文数据。The data collision module 320 is configured to decrypt the corresponding second ciphertext data according to the second encryption algorithm and the first key corresponding to each of the participants to obtain the plurality of The first ciphertext data of the participant.
所述数据碰撞模块320,还用于确定所述多个参与方的第一密文数据的交集,并向每个所述参与方发送所述交集,其中,所述参与方基于所述第二加密算法和所述第一密钥对所述交集进行加密,并根据第三加密算法和第二密钥对映射关系密文数据进行解密,得到第二密文数据与敏感数据明文之间的映射关系明文,根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。The data collision module 320 is further configured to determine the intersection of the first ciphertext data of the multiple participants, and send the intersection to each of the participants, wherein the participants are based on the second Encrypting the intersection with the encryption algorithm and the first key, and decrypting the ciphertext data of the mapping relationship according to the third encryption algorithm and the second key, to obtain the mapping between the second ciphertext data and the plaintext of the sensitive data For the relation plaintext, according to the encrypted intersection, obtain the corresponding sensitive data plaintext from the mapping relation plaintext.
在一实施例中,如图5所示,所述数据碰撞模块320包括输入子模块321、安全芯片322和获取子模块323,其中:In one embodiment, as shown in FIG. 5 , the data collision module 320 includes an input sub-module 321, a security chip 322 and an acquisition sub-module 323, wherein:
所述输入子模块321,用于将所述多个参与方的第二密文数据和第一密钥输入安全芯片322;The input sub-module 321 is used to input the second ciphertext data and the first key of the multiple participants into the security chip 322;
所述安全芯片322,用于根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密得到所述多个参与方的第一密文数据;The security chip 322 is configured to decrypt the corresponding second ciphertext data according to the second encryption algorithm and the first key corresponding to each of the participants to obtain the plurality of participants The first ciphertext data of ;
所述获取子模块323,用于获取所述安全芯片322输出的所述多个参与方的第一密文数据。The obtaining sub-module 323 is configured to obtain the first ciphertext data of the multiple participants output by the security chip 322 .
在一实施例中,所述安全芯片322,还用于运行数据碰撞程序对所述多个参与方的第 一密文数据进行碰撞对比;In one embodiment, the security chip 322 is further configured to run a data collision program to perform collision comparison on the first ciphertext data of the multiple participants;
所述获取子模块323,还用于获取所述安全芯片输出的碰撞对比结果,并根据所述碰撞对比结果确定所述多个参与方的第一密文数据的交集。The obtaining sub-module 323 is further configured to obtain the collision comparison result output by the security chip, and determine the intersection of the first ciphertext data of the multiple participants according to the collision comparison result.
在一实施例中,所述获取模块310,还用于:In one embodiment, the obtaining module 310 is further configured to:
获取目标参与方发送的数据碰撞申请请求,所述数据碰撞申请请求包括申请参与数据碰撞的多个其余参与方;obtaining a data collision application request sent by the target participant, where the data collision application request includes a plurality of other participants applying for participating in the data collision;
向每个所述其余参与方发送授权申请信息,并获取每个所述其余参与方基于所述授权申请信息发送的第二密文数据和第一密钥;Send authorization application information to each of the remaining participants, and obtain the second ciphertext data and the first key sent by each of the remaining participants based on the authorization application information;
从所述数据碰撞申请请求中获取所述目标参与方的第二密文数据和第一密钥。Obtain the second ciphertext data and the first key of the target participant from the data collision application request.
在一实施例中,所述数据碰撞装置还包括发送模块,所述发送模块,用于:In one embodiment, the data collision device further includes a sending module, the sending module is configured to:
向所述目标参与方发送所述交集,以供所述目标参与方将所述交集输入安全芯片进行解密,得到所述交集对应的敏感数据明文。Sending the intersection set to the target participant, so that the target participant can input the intersection set into the security chip for decryption, and obtain the sensitive data plaintext corresponding to the intersection set.
在一实施例中,所述第一加密算法为确定性加密算法,所述第一加密算法包括:MD5算法、SM3算法、SHA256算法、HMAC算法;In one embodiment, the first encryption algorithm is a deterministic encryption algorithm, and the first encryption algorithm includes: MD5 algorithm, SM3 algorithm, SHA256 algorithm, and HMAC algorithm;
所述第二加密算法为格式保留加密算法,所述第二加密算法包括:FF1算法、FF3-1算法。The second encryption algorithm is a format-preserving encryption algorithm, and the second encryption algorithm includes: FF1 algorithm and FF3-1 algorithm.
需要说明的是,所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的装置和各模块及单元的具体工作过程,可以参考前述数据碰撞方法实施例中的对应过程,在此不再赘述。It should be noted that those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working process of the above-described device and each module and unit may refer to the corresponding process in the foregoing data collision method embodiment, It is not repeated here.
上述实施例提供的装置可以实现为一种计算机程序的形式,该计算机程序可以在如图6所示的计算机设备上运行。The apparatuses provided in the above embodiments may be implemented in the form of a computer program, and the computer program may be executed on the computer device as shown in FIG. 6 .
请参阅图6,图6是本申请实施例提供的一种计算机设备的结构示意性框图。该计算机设备可以为数据碰撞设备或数据加密设备。Please refer to FIG. 6. FIG. 6 is a schematic structural block diagram of a computer device provided by an embodiment of the present application. The computer device may be a data collision device or a data encryption device.
如图6所示,该计算机设备包括通过系统总线连接的处理器、存储器和网络接口,其中,存储器可以包括存储介质和内存储器。As shown in FIG. 6, the computer device includes a processor, a memory, and a network interface connected through a system bus, wherein the memory may include a storage medium and an internal memory.
存储介质可存储操作系统和计算机程序。该计算机程序包括程序指令,该程序指令被执行时,可使得处理器执行任意一种数据碰撞方法。The storage medium may store an operating system and a computer program. The computer program includes program instructions that, when executed, can cause the processor to perform any data collision method.
处理器用于提供计算和控制能力,支撑整个计算机设备的运行。The processor is used to provide computing and control capabilities to support the operation of the entire computer equipment.
内存储器为存储介质中的计算机程序的运行提供环境,该计算机程序被处理器执行时,可使得处理器执行任意一种数据碰撞方法。The internal memory provides an environment for running the computer program in the storage medium. When the computer program is executed by the processor, the processor can execute any data collision method.
该网络接口用于进行网络通信,如发送分配的任务等。本领域技术人员可以理解,图6中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备的限定,具体的计算机设备可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。The network interface is used for network communication, such as sending assigned tasks. Those skilled in the art can understand that the structure shown in FIG. 6 is only a block diagram of a partial structure related to the solution of the present application, and does not constitute a limitation on the computer equipment to which the solution of the present application is applied. Include more or fewer components than shown in the figures, or combine certain components, or have a different arrangement of components.
应当理解的是,处理器可以是中央处理单元(Central Processing Unit,CPU),该处理器还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。其中,通用处理器可以是微处理器或者该处理器也可以是任何 常规的处理器等。It should be understood that the processor may be a central processing unit (Central Processing Unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (Digital Signal Processors, DSP), application specific integrated circuits (Application Specific Integrated circuits) Circuit, ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. Wherein, the general-purpose processor can be a microprocessor or the processor can also be any conventional processor or the like.
其中,在一实施例中,所述处理器用于运行存储在存储器中的计算机程序,以实现如下步骤:Wherein, in one embodiment, the processor is used for running the computer program stored in the memory to realize the following steps:
获取多个参与方的第二密文数据和第一密钥,其中,所述参与方根据第一加密算法对敏感数据明文进行加密得到第一密文数据,并根据第二加密算法和所述第一密钥对所述第一密文数据进行加密得到所述第二密文数据,所述第一加密算法与所述第二加密算法不同,不同参与方的所述第一密钥不同;Obtain the second ciphertext data and the first key of multiple participants, wherein the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and according to the second encryption algorithm and the The first key encrypts the first ciphertext data to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密,得到所述多个参与方的第一密文数据。Decrypt the second ciphertext data corresponding to each of the participants according to the second encryption algorithm and the first key corresponding to each of the participants to obtain the first ciphertext data of the multiple participants.
确定所述多个参与方的第一密文数据的交集,并向每个所述参与方发送所述交集,其中,所述参与方基于所述第二加密算法和所述第一密钥对所述交集进行加密,并根据第三加密算法和第二密钥对映射关系密文数据进行解密,得到第二密文数据与敏感数据明文之间的映射关系明文,根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。determining an intersection of the first ciphertext data of the plurality of parties, and sending the intersection to each of the parties, wherein the parties are based on the second encryption algorithm and the first key pair The intersection is encrypted, and the ciphertext data of the mapping relationship is decrypted according to the third encryption algorithm and the second key to obtain the plaintext of the mapping relationship between the second ciphertext data and the plaintext of the sensitive data. The corresponding sensitive data plaintext is obtained from the plaintext of the mapping relationship.
在一实施例中,所述处理器在实现根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密,得到所述多个参与方的第一密文数据时,用于实现:In an embodiment, the processor decrypts the corresponding second ciphertext data according to the second encryption algorithm and the first key corresponding to each of the participants to obtain the corresponding second ciphertext data. When describing the first ciphertext data of multiple participants, it is used to implement:
将所述多个参与方的第二密文数据和第一密钥输入安全芯片;inputting the second ciphertext data and the first key of the plurality of participants into the security chip;
通过所述安全芯片根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密得到所述多个参与方的第一密文数据;The security chip decrypts the second ciphertext data corresponding to each of the participating parties according to the second encryption algorithm and the first key corresponding to each of the participating parties to obtain the first encryption data of the multiple participating parties. ciphertext data;
获取所述安全芯片输出的所述多个参与方的第一密文数据。Obtain the first ciphertext data of the multiple participants output by the security chip.
在一实施例中,所述处理器在实现确定所述多个参与方的第一密文数据的交集时,用于实现:In an embodiment, when the processor determines the intersection of the first ciphertext data of the multiple participants, the processor is configured to:
运行所述安全芯片内的数据碰撞程序对所述多个参与方的第一密文数据进行碰撞对比;Running the data collision program in the security chip to perform collision comparison on the first ciphertext data of the multiple participants;
获取所述安全芯片输出的碰撞对比结果,并根据所述碰撞对比结果确定所述多个参与方的第一密文数据的交集。The collision comparison result output by the security chip is acquired, and the intersection of the first ciphertext data of the multiple participants is determined according to the collision comparison result.
在一实施例中,所述处理器在实现获取多个参与方的第二密文数据和第一密钥时,用于实现:In one embodiment, when the processor acquires the second ciphertext data and the first key of the multiple participants, the processor is configured to:
获取目标参与方发送的数据碰撞申请请求,所述数据碰撞申请请求包括申请参与数据碰撞的多个其余参与方;obtaining a data collision application request sent by the target participant, where the data collision application request includes a plurality of other participants applying for participating in the data collision;
向每个所述其余参与方发送授权申请信息,并获取每个所述其余参与方基于所述授权申请信息发送的第二密文数据和第一密钥;Send authorization application information to each of the remaining participants, and obtain the second ciphertext data and the first key sent by each of the remaining participants based on the authorization application information;
从所述数据碰撞申请请求中获取所述目标参与方的第二密文数据和第一密钥。Obtain the second ciphertext data and the first key of the target participant from the data collision application request.
其中,在一实施例中,所述处理器还用于实现如下步骤:Wherein, in one embodiment, the processor is further configured to implement the following steps:
向所述目标参与方发送所述交集,以供所述目标参与方将所述交集输入安全芯片进行解密,得到所述交集对应的敏感数据明文。Sending the intersection set to the target participant, so that the target participant can input the intersection set into the security chip for decryption, and obtain the sensitive data plaintext corresponding to the intersection set.
在一实施例中,所述第一加密算法为确定性加密算法,所述第一加密算法包括:MD5算法、SM3算法、SHA256算法、HMAC算法;In one embodiment, the first encryption algorithm is a deterministic encryption algorithm, and the first encryption algorithm includes: MD5 algorithm, SM3 algorithm, SHA256 algorithm, and HMAC algorithm;
所述第二加密算法为格式保留加密算法,所述第二加密算法包括:FF1算法、FF3-1 算法。The second encryption algorithm is a format-preserving encryption algorithm, and the second encryption algorithm includes: FF1 algorithm and FF3-1 algorithm.
在一实施例中,所述处理器还用于实现如下步骤:In one embodiment, the processor is further configured to implement the following steps:
获取敏感数据明文、第一密钥和第二密钥,所述第一密钥与所述第二密钥不同;Obtaining plaintext of sensitive data, a first key and a second key, where the first key is different from the second key;
根据第一加密算法对所述敏感数据明文进行加密,得到第一密文数据;Encrypting the sensitive data plaintext according to the first encryption algorithm to obtain first ciphertext data;
根据第二加密算法和所述第一密钥对所述第一密文数据进行加密,得到第二密文数据,所述第一加密算法与所述第二加密算法不同;Encrypting the first ciphertext data according to a second encryption algorithm and the first key to obtain second ciphertext data, where the first encryption algorithm is different from the second encryption algorithm;
根据第三加密算法和所述第二密钥对所述敏感数据明文与所述第二密文数据之间的映射关系进行加密,得到映射关系密文数据;Encrypt the mapping relationship between the sensitive data plaintext and the second ciphertext data according to the third encryption algorithm and the second key to obtain mapping relationship ciphertext data;
向数据碰撞设备发送所述第二密文数据和所述第一密钥,以供所述数据碰撞设备根据所述第二加密算法和每个参与方的第一密钥,对各自对应的第二密文数据进行解密,得到多个参与方的第一密文数据,并确定所述多个参与方的第一密文数据的交集;Send the second ciphertext data and the first key to the data collision device, so that the data collision device can compare the corresponding first key according to the second encryption algorithm and the first key of each participant. Decrypt the two ciphertext data to obtain the first ciphertext data of the multiple participants, and determine the intersection of the first ciphertext data of the multiple participants;
获取所述数据碰撞设备发送的所述交集,并根据所述第二加密算法和所述第一密钥对所述交集进行加密;acquiring the intersection sent by the data collision device, and encrypting the intersection according to the second encryption algorithm and the first key;
根据所述第三加密算法和所述第二密钥对所述映射关系密文数据进行解密,得到所述敏感数据明文与所述第二密文数据之间的映射关系明文;Decrypt the mapping relationship ciphertext data according to the third encryption algorithm and the second key to obtain the mapping relationship plaintext between the sensitive data plaintext and the second ciphertext data;
根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。According to the encrypted intersection, the corresponding sensitive data plaintext is obtained from the mapping relationship plaintext.
需要说明的是,所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的计算机设备的具体工作过程,可以参考前述数据碰撞方法实施例中的对应过程,在此不再赘述。It should be noted that those skilled in the art can clearly understand that, for the convenience and brevity of description, for the specific working process of the computer equipment described above, reference may be made to the corresponding process in the foregoing data collision method embodiment, which is not repeated here. Repeat.
通过以上的实施方式的描述可知,本领域的技术人员可以清楚地了解到本申请可借助软件加必需的通用硬件平台的方式来实现。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例或者实施例的某些部分所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that the present application can be implemented by means of software plus a necessary general hardware platform. Based on this understanding, the technical solutions of the present application can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products can be stored in storage media, such as ROM/RAM, magnetic disks , CD-ROM, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in various embodiments or some parts of the embodiments of the present application.
本申请实施例还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序中包括程序指令,所述程序指令被执行时,以实现以下步骤:Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, the computer program includes program instructions, and when the program instructions are executed, the following steps are implemented:
获取多个参与方的第二密文数据和第一密钥,其中,所述参与方根据第一加密算法对敏感数据明文进行加密得到第一密文数据,并根据第二加密算法和所述第一密钥对所述第一密文数据进行加密得到所述第二密文数据,所述第一加密算法与所述第二加密算法不同,不同参与方的所述第一密钥不同;Obtain the second ciphertext data and the first key of multiple participants, wherein the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and according to the second encryption algorithm and the The first key encrypts the first ciphertext data to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密,得到所述多个参与方的第一密文数据;Decrypt the second ciphertext data corresponding to each of the participating parties according to the second encryption algorithm and the first key corresponding to each of the participating parties to obtain the first ciphertext data of the plurality of participating parties;
确定所述多个参与方的第一密文数据的交集,并向每个所述参与方发送所述交集,其中,所述参与方基于所述第二加密算法和所述第一密钥对所述交集进行加密,并根据第三加密算法和第二密钥对映射关系密文数据进行解密,得到第二密文数据与敏感数据明文之间的映射关系明文,根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。determining an intersection of the first ciphertext data of the plurality of parties, and sending the intersection to each of the parties, wherein the parties are based on the second encryption algorithm and the first key pair The intersection is encrypted, and the ciphertext data of the mapping relationship is decrypted according to the third encryption algorithm and the second key to obtain the plaintext of the mapping relationship between the second ciphertext data and the plaintext of the sensitive data. The corresponding sensitive data plaintext is obtained from the plaintext of the mapping relationship.
其中,所述程序指令被执行时所执行的方法可参阅本申请数据碰撞方法的各个实施例。所述计算机可读存储介质可以是易失性的,也可以是非易失性的。所述计算机可读存 储介质可以是前述实施例所述的计算机设备的内部存储单元,例如所述计算机设备的硬盘或内存。所述计算机可读存储介质也可以是所述计算机设备的外部存储设备,例如所述计算机设备上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。For the method executed when the program instruction is executed, reference may be made to the various embodiments of the data collision method of the present application. The computer-readable storage medium may be volatile or non-volatile. The computer-readable storage medium may be an internal storage unit of the computer device described in the foregoing embodiments, such as a hard disk or a memory of the computer device. The computer-readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk equipped on the computer device, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) ) card, Flash Card, etc.
进一步地,所述计算机可读存储介质可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序等;存储数据区可存储根据区块链节点的使用所创建的数据等。Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function, and the like; The data created by the use of the node, etc.
本申请所指区块链是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式。区块链(Blockchain),本质上是一个去中心化的数据库,是一串使用密码学方法相关联产生的数据块,每一个数据块中包含了一批次网络交易的信息,用于验证其信息的有效性(防伪)和生成下一个区块。区块链可以包括区块链底层平台、平台产品服务层以及应用服务层等。The blockchain referred to in this application is a new application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm. Blockchain, essentially a decentralized database, is a series of data blocks associated with cryptographic methods. Each data block contains a batch of network transaction information to verify its Validity of information (anti-counterfeiting) and generation of the next block. The blockchain can include the underlying platform of the blockchain, the platform product service layer, and the application service layer.
应当理解,在此本申请说明书中所使用的术语仅仅是出于描述特定实施例的目的而并不意在限制本申请。如在本申请说明书和所附权利要求书中所使用的那样,除非上下文清楚地指明其它情况,否则单数形式的“一”、“一个”及“该”意在包括复数形式。It should be understood that the terms used in the specification of the present application herein are for the purpose of describing particular embodiments only and are not intended to limit the present application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural unless the context clearly dictates otherwise.
还应当理解,在本申请说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者系统不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者系统所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者系统中还存在另外的相同要素。It will also be understood that, as used in this specification and the appended claims, the term "and/or" refers to and including any and all possible combinations of one or more of the associated listed items. It should be noted that, herein, the terms "comprising", "comprising" or any other variation thereof are intended to encompass non-exclusive inclusion, such that a process, method, article or system comprising a series of elements includes not only those elements, It also includes other elements not expressly listed or inherent to such a process, method, article or system. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, article or system that includes the element.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以权利要求的保护范围为准。The above-mentioned serial numbers of the embodiments of the present application are only for description, and do not represent the advantages or disadvantages of the embodiments. The above are only specific embodiments of the present application, but the protection scope of the present application is not limited thereto. Any person skilled in the art can easily think of various equivalents within the technical scope disclosed in the present application. Modifications or substitutions shall be covered by the protection scope of this application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (20)

  1. 一种数据碰撞方法,包括:A data collision method, including:
    获取多个参与方的第二密文数据和第一密钥,其中,所述参与方根据第一加密算法对敏感数据明文进行加密得到第一密文数据,并根据第二加密算法和所述第一密钥对所述第一密文数据进行加密得到所述第二密文数据,所述第一加密算法与所述第二加密算法不同,不同参与方的所述第一密钥不同;Obtain the second ciphertext data and the first key of multiple participants, wherein the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and according to the second encryption algorithm and the The first key encrypts the first ciphertext data to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
    根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密,得到所述多个参与方的第一密文数据;Decrypt the second ciphertext data corresponding to each of the participating parties according to the second encryption algorithm and the first key corresponding to each of the participating parties to obtain the first ciphertext data of the plurality of participating parties;
    确定所述多个参与方的第一密文数据的交集,并向每个所述参与方发送所述交集,其中,所述参与方基于所述第二加密算法和所述第一密钥对所述交集进行加密,并根据第三加密算法和第二密钥对映射关系密文数据进行解密,得到第二密文数据与敏感数据明文之间的映射关系明文,根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。determining an intersection of the first ciphertext data of the plurality of parties, and sending the intersection to each of the parties, wherein the parties are based on the second encryption algorithm and the first key pair The intersection is encrypted, and the ciphertext data of the mapping relationship is decrypted according to the third encryption algorithm and the second key to obtain the plaintext of the mapping relationship between the second ciphertext data and the plaintext of the sensitive data. The corresponding sensitive data plaintext is obtained from the plaintext of the mapping relationship.
  2. 根据权利要求1所述的数据碰撞方法,其中,所述根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密,得到所述多个参与方的第一密文数据,包括:The data collision method according to claim 1, wherein the second ciphertext data corresponding to each of the participants is decrypted according to the second encryption algorithm and the first key corresponding to each of the participating parties. , obtain the first ciphertext data of the multiple participants, including:
    将所述多个参与方的第二密文数据和第一密钥输入安全芯片;inputting the second ciphertext data and the first key of the plurality of participants into the security chip;
    通过所述安全芯片根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密得到所述多个参与方的第一密文数据;The security chip decrypts the second ciphertext data corresponding to each of the participating parties according to the second encryption algorithm and the first key corresponding to each of the participating parties to obtain the first encryption data of the multiple participating parties. ciphertext data;
    获取所述安全芯片输出的所述多个参与方的第一密文数据。Obtain the first ciphertext data of the multiple participants output by the security chip.
  3. 根据权利要求2所述的数据碰撞方法,其中,所述确定所述多个参与方的第一密文数据的交集,包括:The data collision method according to claim 2, wherein the determining the intersection of the first ciphertext data of the multiple participants comprises:
    运行所述安全芯片内的数据碰撞程序对所述多个参与方的第一密文数据进行碰撞对比;Running the data collision program in the security chip to perform collision comparison on the first ciphertext data of the multiple participants;
    获取所述安全芯片输出的碰撞对比结果,并根据所述碰撞对比结果确定所述多个参与方的第一密文数据的交集。The collision comparison result output by the security chip is acquired, and the intersection of the first ciphertext data of the multiple participants is determined according to the collision comparison result.
  4. 根据权利要求1所述的数据碰撞方法,其中,所述获取多个参与方的第二密文数据和第一密钥,包括:The data collision method according to claim 1, wherein the acquiring the second ciphertext data and the first key of the plurality of participants comprises:
    获取目标参与方发送的数据碰撞申请请求,所述数据碰撞申请请求包括申请参与数据碰撞的多个其余参与方;obtaining a data collision application request sent by the target participant, where the data collision application request includes a plurality of other participants applying for participating in the data collision;
    向每个所述其余参与方发送授权申请信息,并获取每个所述其余参与方基于所述授权申请信息发送的第二密文数据和第一密钥;Send authorization application information to each of the remaining participants, and obtain the second ciphertext data and the first key sent by each of the remaining participants based on the authorization application information;
    从所述数据碰撞申请请求中获取所述目标参与方的第二密文数据和第一密钥。Obtain the second ciphertext data and the first key of the target participant from the data collision application request.
  5. 根据权利要求4所述的数据碰撞方法,其中,所述方法还包括:The data collision method according to claim 4, wherein the method further comprises:
    向所述目标参与方发送所述交集,以供所述目标参与方将所述交集输入安全芯片进行解密,得到所述交集对应的敏感数据明文。Sending the intersection set to the target participant, so that the target participant can input the intersection set into the security chip for decryption, and obtain the sensitive data plaintext corresponding to the intersection set.
  6. 根据权利要求1-5任一项所述的数据碰撞方法,其中,所述第一加密算法为确定性加密算法,所述第一加密算法包括:MD5算法、SM3算法、SHA256算法、HMAC算法;The data collision method according to any one of claims 1-5, wherein the first encryption algorithm is a deterministic encryption algorithm, and the first encryption algorithm includes: MD5 algorithm, SM3 algorithm, SHA256 algorithm, and HMAC algorithm;
    所述第二加密算法为格式保留加密算法,所述第二加密算法包括:FF1算法、FF3-1算法。The second encryption algorithm is a format-preserving encryption algorithm, and the second encryption algorithm includes: FF1 algorithm and FF3-1 algorithm.
  7. 一种数据碰撞方法,其中,包括:A data collision method, which includes:
    获取敏感数据明文、第一密钥和第二密钥,所述第一密钥与所述第二密钥不同;Obtaining plaintext of sensitive data, a first key and a second key, where the first key is different from the second key;
    根据第一加密算法对所述敏感数据明文进行加密,得到第一密文数据;Encrypting the sensitive data plaintext according to the first encryption algorithm to obtain first ciphertext data;
    根据第二加密算法和所述第一密钥对所述第一密文数据进行加密,得到第二密文数据,所述第一加密算法与所述第二加密算法不同;Encrypting the first ciphertext data according to a second encryption algorithm and the first key to obtain second ciphertext data, where the first encryption algorithm is different from the second encryption algorithm;
    根据第三加密算法和所述第二密钥对所述敏感数据明文与所述第二密文数据之间的映射关系进行加密,得到映射关系密文数据;Encrypt the mapping relationship between the sensitive data plaintext and the second ciphertext data according to the third encryption algorithm and the second key to obtain mapping relationship ciphertext data;
    向数据碰撞设备发送所述第二密文数据和所述第一密钥,以供所述数据碰撞设备根据所述第二加密算法和每个参与方的第一密钥,对各自对应的第二密文数据进行解密,得到多个参与方的第一密文数据,并确定所述多个参与方的第一密文数据的交集;Send the second ciphertext data and the first key to the data collision device, so that the data collision device can compare the corresponding first key according to the second encryption algorithm and the first key of each participant. Decrypt the two ciphertext data to obtain the first ciphertext data of the multiple participants, and determine the intersection of the first ciphertext data of the multiple participants;
    获取所述数据碰撞设备发送的所述交集,并根据所述第二加密算法和所述第一密钥对所述交集进行加密;acquiring the intersection sent by the data collision device, and encrypting the intersection according to the second encryption algorithm and the first key;
    根据所述第三加密算法和所述第二密钥对所述映射关系密文数据进行解密,得到所述敏感数据明文与所述第二密文数据之间的映射关系明文;Decrypt the mapping relationship ciphertext data according to the third encryption algorithm and the second key to obtain the mapping relationship plaintext between the sensitive data plaintext and the second ciphertext data;
    根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。According to the encrypted intersection, the corresponding sensitive data plaintext is obtained from the mapping relationship plaintext.
  8. 一种数据碰撞装置,其中,所述数据碰撞装置包括:A data collision device, wherein the data collision device comprises:
    获取模块,用于获取多个参与方的第二密文数据和第一密钥,其中,所述参与方根据第一加密算法对敏感数据明文进行加密得到第一密文数据,并根据第二加密算法和所述第一密钥对所述第一密文数据进行加密得到所述第二密文数据,所述第一加密算法与所述第二加密算法不同,不同参与方的所述第一密钥不同;The obtaining module is used to obtain the second ciphertext data and the first key of the plurality of participants, wherein the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and the second ciphertext data is obtained according to the second encryption algorithm. The encryption algorithm and the first key encrypt the first ciphertext data to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first encryption algorithm of different participants is different. a different key;
    数据碰撞模块,用于根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密,得到所述多个参与方的第一密文数据;The data collision module is used for decrypting the corresponding second ciphertext data according to the second encryption algorithm and the first key corresponding to each of the participants to obtain the data of the multiple participants. the first ciphertext data;
    所述数据碰撞模块,还用于确定所述多个参与方的第一密文数据的交集,并向每个所述参与方发送所述交集,其中,所述参与方基于所述第二加密算法和所述第一密钥对所述交集进行加密,并根据第三加密算法和第二密钥对映射关系密文数据进行解密,得到第二密文数据与敏感数据明文之间的映射关系明文,根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。The data collision module is further configured to determine the intersection of the first ciphertext data of the multiple participants, and send the intersection to each of the participants, wherein the participants are based on the second encryption The intersection is encrypted with the algorithm and the first key, and the ciphertext data of the mapping relationship is decrypted according to the third encryption algorithm and the second key to obtain the mapping relationship between the second ciphertext data and the plaintext of the sensitive data For the plaintext, according to the encrypted intersection, obtain the corresponding plaintext of the sensitive data from the plaintext of the mapping relationship.
  9. 一种计算机设备,其中,所述计算机设备包括处理器、存储器、以及存储在所述存储器上并可被所述处理器执行的计算机程序,其中所述计算机程序被所述处理器执行时,实现以下步骤;A computer device, wherein the computer device includes a processor, a memory, and a computer program stored on the memory and executable by the processor, wherein the computer program, when executed by the processor, implements the following steps;
    获取多个参与方的第二密文数据和第一密钥,其中,所述参与方根据第一加密算法对敏感数据明文进行加密得到第一密文数据,并根据第二加密算法和所述第一密钥对所述第一密文数据进行加密得到所述第二密文数据,所述第一加密算法与所述第二加密算法不同,不同参与方的所述第一密钥不同;Obtain the second ciphertext data and the first key of multiple participants, wherein the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and according to the second encryption algorithm and the The first key encrypts the first ciphertext data to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
    根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密,得到所述多个参与方的第一密文数据;Decrypt the second ciphertext data corresponding to each of the participating parties according to the second encryption algorithm and the first key corresponding to each of the participating parties to obtain the first ciphertext data of the plurality of participating parties;
    确定所述多个参与方的第一密文数据的交集,并向每个所述参与方发送所述交集,其 中,所述参与方基于所述第二加密算法和所述第一密钥对所述交集进行加密,并根据第三加密算法和第二密钥对映射关系密文数据进行解密,得到第二密文数据与敏感数据明文之间的映射关系明文,根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。determining an intersection of the first ciphertext data of the plurality of parties, and sending the intersection to each of the parties, wherein the parties are based on the second encryption algorithm and the first key pair The intersection is encrypted, and the ciphertext data of the mapping relationship is decrypted according to the third encryption algorithm and the second key to obtain the plaintext of the mapping relationship between the second ciphertext data and the plaintext of the sensitive data. The corresponding sensitive data plaintext is obtained from the plaintext of the mapping relationship.
  10. 根据权利要求9所述的计算机设备,其中,所述处理器在实现根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密,得到所述多个参与方的第一密文数据时,用于实现:The computer device according to claim 9, wherein, when the processor implements, according to the second encryption algorithm and the first key corresponding to each of the participants, the corresponding second ciphertext When the data is decrypted to obtain the first ciphertext data of the multiple participants, it is used to realize:
    将所述多个参与方的第二密文数据和第一密钥输入安全芯片;inputting the second ciphertext data and the first key of the plurality of participants into the security chip;
    通过所述安全芯片根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密得到所述多个参与方的第一密文数据;The security chip decrypts the second ciphertext data corresponding to each of the participating parties according to the second encryption algorithm and the first key corresponding to each of the participating parties to obtain the first encryption data of the multiple participating parties. ciphertext data;
    获取所述安全芯片输出的所述多个参与方的第一密文数据。Obtain the first ciphertext data of the multiple participants output by the security chip.
  11. 根据权利要求10所述的计算机设备,其中,所述处理器在实现确定所述多个参与方的第一密文数据的交集时,用于实现:The computer device according to claim 10, wherein the processor, when implementing determining the intersection of the first ciphertext data of the plurality of participants, is configured to implement:
    运行所述安全芯片内的数据碰撞程序对所述多个参与方的第一密文数据进行碰撞对比;Running the data collision program in the security chip to perform collision comparison on the first ciphertext data of the multiple participants;
    获取所述安全芯片输出的碰撞对比结果,并根据所述碰撞对比结果确定所述多个参与方的第一密文数据的交集。The collision comparison result output by the security chip is acquired, and the intersection of the first ciphertext data of the multiple participants is determined according to the collision comparison result.
  12. 根据权利要求9所述的计算机设备,其中,所述处理器在实现获取多个参与方的第二密文数据和第一密钥时,用于实现:The computer device according to claim 9, wherein, when the processor obtains the second ciphertext data and the first key of the plurality of participants, the processor is configured to:
    获取目标参与方发送的数据碰撞申请请求,所述数据碰撞申请请求包括申请参与数据碰撞的多个其余参与方;obtaining a data collision application request sent by the target participant, where the data collision application request includes a plurality of other participants applying for participating in the data collision;
    向每个所述其余参与方发送授权申请信息,并获取每个所述其余参与方基于所述授权申请信息发送的第二密文数据和第一密钥;Send authorization application information to each of the remaining participants, and obtain the second ciphertext data and the first key sent by each of the remaining participants based on the authorization application information;
    从所述数据碰撞申请请求中获取所述目标参与方的第二密文数据和第一密钥。Obtain the second ciphertext data and the first key of the target participant from the data collision application request.
  13. 根据权利要求12所述的计算机设备,其中,所述处理器还用于实现如下步骤:The computer device of claim 12, wherein the processor is further configured to implement the steps of:
    向所述目标参与方发送所述交集,以供所述目标参与方将所述交集输入安全芯片进行解密,得到所述交集对应的敏感数据明文。Sending the intersection set to the target participant, so that the target participant can input the intersection set into the security chip for decryption, and obtain the sensitive data plaintext corresponding to the intersection set.
  14. 根据权利要求9-13中的任一项所述的计算机设备,其中,所述第一加密算法为确定性加密算法,所述第一加密算法包括:MD5算法、SM3算法、SHA256算法、HMAC算法;The computer device according to any one of claims 9-13, wherein the first encryption algorithm is a deterministic encryption algorithm, and the first encryption algorithm includes: MD5 algorithm, SM3 algorithm, SHA256 algorithm, HMAC algorithm ;
    所述第二加密算法为格式保留加密算法,所述第二加密算法包括:FF1算法、FF3-1算法。The second encryption algorithm is a format-preserving encryption algorithm, and the second encryption algorithm includes: FF1 algorithm and FF3-1 algorithm.
  15. 一种计算机可读存储介质,其中,所述计算机可读存储介质上存储有计算机程序,其中所述计算机程序被处理器执行时,实现以下步骤:A computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the following steps are implemented:
    获取多个参与方的第二密文数据和第一密钥,其中,所述参与方根据第一加密算法对敏感数据明文进行加密得到第一密文数据,并根据第二加密算法和所述第一密钥对所述第一密文数据进行加密得到所述第二密文数据,所述第一加密算法与所述第二加密算法不同,不同参与方的所述第一密钥不同;Obtain the second ciphertext data and the first key of multiple participants, wherein the participants encrypt the sensitive data plaintext according to the first encryption algorithm to obtain the first ciphertext data, and according to the second encryption algorithm and the The first key encrypts the first ciphertext data to obtain the second ciphertext data, the first encryption algorithm is different from the second encryption algorithm, and the first keys of different participants are different;
    根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密,得到所述多个参与方的第一密文数据;Decrypt the second ciphertext data corresponding to each of the participating parties according to the second encryption algorithm and the first key corresponding to each of the participating parties to obtain the first ciphertext data of the plurality of participating parties;
    确定所述多个参与方的第一密文数据的交集,并向每个所述参与方发送所述交集,其中,所述参与方基于所述第二加密算法和所述第一密钥对所述交集进行加密,并根据第三加密算法和第二密钥对映射关系密文数据进行解密,得到第二密文数据与敏感数据明文之间的映射关系明文,根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。determining an intersection of the first ciphertext data of the plurality of parties, and sending the intersection to each of the parties, wherein the parties are based on the second encryption algorithm and the first key pair The intersection is encrypted, and the ciphertext data of the mapping relationship is decrypted according to the third encryption algorithm and the second key to obtain the plaintext of the mapping relationship between the second ciphertext data and the plaintext of the sensitive data. The corresponding sensitive data plaintext is obtained from the plaintext of the mapping relationship.
  16. 根据权利要求15所述的计算机可读存储介质,其中,所述处理器在实现根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密,得到所述多个参与方的第一密文数据时,用于实现:The computer-readable storage medium according to claim 15, wherein, when the processor implements, according to the second encryption algorithm and the first key corresponding to each of the participating parties, to the corresponding first key When the second ciphertext data is decrypted to obtain the first ciphertext data of the multiple participants, it is used to realize:
    将所述多个参与方的第二密文数据和第一密钥输入安全芯片;inputting the second ciphertext data and the first key of the plurality of participants into the security chip;
    通过所述安全芯片根据所述第二加密算法和每个所述参与方各自对应的第一密钥,对各自对应的所述第二密文数据进行解密得到所述多个参与方的第一密文数据;The security chip decrypts the second ciphertext data corresponding to each of the participating parties according to the second encryption algorithm and the first key corresponding to each of the participating parties to obtain the first encryption data of the multiple participating parties. ciphertext data;
    获取所述安全芯片输出的所述多个参与方的第一密文数据。Obtain the first ciphertext data of the multiple participants output by the security chip.
  17. 根据权利要求16所述的计算机可读存储介质,其中,所述处理器在实现确定所述多个参与方的第一密文数据的交集时,用于实现:The computer-readable storage medium of claim 16, wherein the processor, when implementing determining the intersection of the first ciphertext data of the plurality of participants, is configured to implement:
    运行所述安全芯片内的数据碰撞程序对所述多个参与方的第一密文数据进行碰撞对比;Running the data collision program in the security chip to perform collision comparison on the first ciphertext data of the multiple participants;
    获取所述安全芯片输出的碰撞对比结果,并根据所述碰撞对比结果确定所述多个参与方的第一密文数据的交集。The collision comparison result output by the security chip is acquired, and the intersection of the first ciphertext data of the multiple participants is determined according to the collision comparison result.
  18. 根据权利要求15所述的计算机可读存储介质,其中,所述处理器在实现获取多个参与方的第二密文数据和第一密钥时,用于实现:The computer-readable storage medium according to claim 15, wherein, when the processor implements acquiring the second ciphertext data and the first key of the plurality of participants, the processor is configured to implement:
    获取目标参与方发送的数据碰撞申请请求,所述数据碰撞申请请求包括申请参与数据碰撞的多个其余参与方;obtaining a data collision application request sent by the target participant, where the data collision application request includes a plurality of other participants applying for participating in the data collision;
    向每个所述其余参与方发送授权申请信息,并获取每个所述其余参与方基于所述授权申请信息发送的第二密文数据和第一密钥;Send authorization application information to each of the remaining participants, and obtain the second ciphertext data and the first key sent by each of the remaining participants based on the authorization application information;
    从所述数据碰撞申请请求中获取所述目标参与方的第二密文数据和第一密钥。Obtain the second ciphertext data and the first key of the target participant from the data collision application request.
  19. 根据权利要求18所述的计算机可读存储介质,其中,所述处理器还用于实现如下步骤:The computer-readable storage medium of claim 18, wherein the processor is further configured to implement the steps of:
    向所述目标参与方发送所述交集,以供所述目标参与方将所述交集输入安全芯片进行解密,得到所述交集对应的敏感数据明文。Sending the intersection set to the target participant, so that the target participant can input the intersection set into the security chip for decryption, and obtain the sensitive data plaintext corresponding to the intersection set.
  20. 一种计算机可读存储介质,其中,所述计算机可读存储介质上存储有计算机程序,其中所述计算机程序被处理器执行时,实现以下步骤:A computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the following steps are implemented:
    获取敏感数据明文、第一密钥和第二密钥,所述第一密钥与所述第二密钥不同;Obtaining plaintext of sensitive data, a first key and a second key, where the first key is different from the second key;
    根据第一加密算法对所述敏感数据明文进行加密,得到第一密文数据;Encrypting the sensitive data plaintext according to the first encryption algorithm to obtain first ciphertext data;
    根据第二加密算法和所述第一密钥对所述第一密文数据进行加密,得到第二密文数据,所述第一加密算法与所述第二加密算法不同;Encrypting the first ciphertext data according to a second encryption algorithm and the first key to obtain second ciphertext data, where the first encryption algorithm is different from the second encryption algorithm;
    根据第三加密算法和所述第二密钥对所述敏感数据明文与所述第二密文数据之间的映射关系进行加密,得到映射关系密文数据;Encrypt the mapping relationship between the sensitive data plaintext and the second ciphertext data according to the third encryption algorithm and the second key to obtain mapping relationship ciphertext data;
    向数据碰撞设备发送所述第二密文数据和所述第一密钥,以供所述数据碰撞设备根据所述第二加密算法和每个参与方的第一密钥,对各自对应的第二密文数据进行解密,得到多个参与方的第一密文数据,并确定所述多个参与方的第一密文数据的交集;Send the second ciphertext data and the first key to the data collision device, so that the data collision device can compare the corresponding first key according to the second encryption algorithm and the first key of each participant. Decrypt the two ciphertext data to obtain the first ciphertext data of the multiple participants, and determine the intersection of the first ciphertext data of the multiple participants;
    获取所述数据碰撞设备发送的所述交集,并根据所述第二加密算法和所述第一密钥对所述交集进行加密;acquiring the intersection sent by the data collision device, and encrypting the intersection according to the second encryption algorithm and the first key;
    根据所述第三加密算法和所述第二密钥对所述映射关系密文数据进行解密,得到所述敏感数据明文与所述第二密文数据之间的映射关系明文;Decrypt the mapping relationship ciphertext data according to the third encryption algorithm and the second key to obtain the mapping relationship plaintext between the sensitive data plaintext and the second ciphertext data;
    根据加密后的交集,从所述映射关系明文中获取对应的敏感数据明文。According to the encrypted intersection, the corresponding sensitive data plaintext is obtained from the mapping relationship plaintext.
PCT/CN2021/097417 2021-04-16 2021-05-31 Data collision method, apparatus and device, and computer-readable storage medium WO2022217714A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110414455.8A CN112953974B (en) 2021-04-16 2021-04-16 Data collision method, device, equipment and computer readable storage medium
CN202110414455.8 2021-04-16

Publications (1)

Publication Number Publication Date
WO2022217714A1 true WO2022217714A1 (en) 2022-10-20

Family

ID=76232968

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/097417 WO2022217714A1 (en) 2021-04-16 2021-05-31 Data collision method, apparatus and device, and computer-readable storage medium

Country Status (2)

Country Link
CN (1) CN112953974B (en)
WO (1) WO2022217714A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115860017A (en) * 2023-02-14 2023-03-28 紫光同芯微电子有限公司 Data processing method and related device
CN118094628A (en) * 2024-03-13 2024-05-28 国网河南省电力公司经济技术研究院 Multi-main-body data cross-domain secure interaction system based on encryption algorithm

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113259106B (en) * 2021-06-28 2021-09-24 华控清交信息科技(北京)有限公司 Data processing method and system
CN114095157B (en) * 2021-10-29 2023-10-24 上海浦东发展银行股份有限公司 Key management method, key management device, computer equipment and readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3410630A1 (en) * 2017-05-30 2018-12-05 BE-Invest International SA General data protection method for multicentric sensitive data storage and sharing
CN109933995A (en) * 2019-01-31 2019-06-25 广州中国科学院软件应用技术研究所 A kind of user's protecting sensitive data and system based on cloud service and block chain
CN111177762A (en) * 2019-12-30 2020-05-19 北京同邦卓益科技有限公司 Data processing method, device, server and federal learning system
CN111416702A (en) * 2020-03-09 2020-07-14 上海数据交易中心有限公司 Data transmission method, data transmission system and computer readable storage medium
CN111555880A (en) * 2019-02-12 2020-08-18 北京京东尚科信息技术有限公司 Data collision method and device, storage medium and electronic equipment
CN111552736A (en) * 2020-03-30 2020-08-18 深圳壹账通智能科技有限公司 Method, device and storage medium for comparing peer-to-peer relationship of encrypted data

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11216570B2 (en) * 2017-05-18 2022-01-04 Visa International Service Association Reducing compromise of sensitive data in virtual machine
CN110061845A (en) * 2019-03-14 2019-07-26 深圳壹账通智能科技有限公司 Block chain data ciphering method, device, computer equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3410630A1 (en) * 2017-05-30 2018-12-05 BE-Invest International SA General data protection method for multicentric sensitive data storage and sharing
CN109933995A (en) * 2019-01-31 2019-06-25 广州中国科学院软件应用技术研究所 A kind of user's protecting sensitive data and system based on cloud service and block chain
CN111555880A (en) * 2019-02-12 2020-08-18 北京京东尚科信息技术有限公司 Data collision method and device, storage medium and electronic equipment
CN111177762A (en) * 2019-12-30 2020-05-19 北京同邦卓益科技有限公司 Data processing method, device, server and federal learning system
CN111416702A (en) * 2020-03-09 2020-07-14 上海数据交易中心有限公司 Data transmission method, data transmission system and computer readable storage medium
CN111552736A (en) * 2020-03-30 2020-08-18 深圳壹账通智能科技有限公司 Method, device and storage medium for comparing peer-to-peer relationship of encrypted data

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115860017A (en) * 2023-02-14 2023-03-28 紫光同芯微电子有限公司 Data processing method and related device
CN115860017B (en) * 2023-02-14 2023-07-14 紫光同芯微电子有限公司 Data processing method and related device
CN118094628A (en) * 2024-03-13 2024-05-28 国网河南省电力公司经济技术研究院 Multi-main-body data cross-domain secure interaction system based on encryption algorithm

Also Published As

Publication number Publication date
CN112953974B (en) 2022-06-10
CN112953974A (en) 2021-06-11

Similar Documents

Publication Publication Date Title
WO2022217714A1 (en) Data collision method, apparatus and device, and computer-readable storage medium
US10594472B2 (en) Hybrid fully homomorphic encryption (F.H.E.) systems
US9609024B2 (en) Method and system for policy based authentication
US9954826B2 (en) Scalable and secure key management for cryptographic data processing
WO2022199290A1 (en) Secure multi-party computation
JP2022525137A (en) Methods and equipment for performing data-based actions
WO2021114885A1 (en) Sensitive information protection method and apparatus, computer device, and storage medium
WO2022134812A1 (en) Consortium blockchain-based multi-institution data processing method, apparatus, and related device
US11483136B2 (en) Wrapped keys with access control predicates
Thilakanathan et al. Secure multiparty data sharing in the cloud using hardware-based TPM devices
CN112699390B (en) Data processing method, device, electronic equipment, storage medium and program product
US20240063999A1 (en) Multi-party cryptographic systems and methods
US20220060314A1 (en) Privacy preserving fully homomorphic encryption with circuit verification
WO2020177109A1 (en) Lot-drawing processing method, trusted chip, node, storage medium and electronic device
CN113411347B (en) Transaction message processing method and processing device
US20220006795A1 (en) Secure message passing using semi-trusted intermediaries
TW202304172A (en) Location-key encryption system
CN116599647B (en) Information processing method, service node, blockchain network, and storage medium
CA3104787C (en) Secure message passing using semi-trusted intermediaries
US11736462B1 (en) Hybrid content protection architecture for email
Kumar et al. On Cloud Security using Biometric Cryptographic Techniques
CN114499901A (en) Information processing method and device, server, terminal and data platform
WO2019020197A1 (en) Secure messaging

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21936586

Country of ref document: EP

Kind code of ref document: A1