WO2023178919A1 - Système et procédé d'interrogation de tri basés sur un protocole de transfert inconscient - Google Patents

Système et procédé d'interrogation de tri basés sur un protocole de transfert inconscient Download PDF

Info

Publication number
WO2023178919A1
WO2023178919A1 PCT/CN2022/114566 CN2022114566W WO2023178919A1 WO 2023178919 A1 WO2023178919 A1 WO 2023178919A1 CN 2022114566 W CN2022114566 W CN 2022114566W WO 2023178919 A1 WO2023178919 A1 WO 2023178919A1
Authority
WO
WIPO (PCT)
Prior art keywords
query
data
module
output service
data output
Prior art date
Application number
PCT/CN2022/114566
Other languages
English (en)
Chinese (zh)
Inventor
胡姣姣
冯思博
张亮
Original Assignee
深圳前海环融联易信息科技服务有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海环融联易信息科技服务有限公司 filed Critical 深圳前海环融联易信息科技服务有限公司
Publication of WO2023178919A1 publication Critical patent/WO2023178919A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • G06F16/9535Search customisation based on user profiles and personalisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Definitions

  • the invention relates to the field of computer information technology, and in particular to a sorting query system and method based on oblivious transmission protocol.
  • the security query method is more about the query of fixed value. According to the identity identification number provided by the user, a piece of information related to the identity identification number is queried in the query system. With the application requirements of different scenarios, the security query method needs to be Expand further.
  • the present invention proposes a sorting query system and method based on the oblivious transmission protocol that can effectively solve the above problems.
  • a technical solution provided by the present invention to solve the above technical problems is to provide a sorting query system based on oblivious transmission protocol, including a query module and a data output service module.
  • the query module and the data output service module are connected in communication.
  • the query The module screens the correct query results in the query data according to the query conditions provided by the user.
  • the data output service module is used to provide specific query events and return query data, and output encrypted results; the query module includes a first query unit and a verification unit.
  • the first query unit is connected to the verification unit, the first query unit is connected to the data output service module, and the first query unit is used to send part of the information in the query conditions to the data output service module,
  • the verification unit is used to locate the location of the user's interesting features among all the sortable feature variables sent by the data output service module, and then encrypts the random number according to the public key provided in the data output service module, and queries the encrypted data in the returned data. the string after.
  • the data output service module includes an interface module, which is connected to the query module and used to transmit data between the query module and the data output service module.
  • the data output service module includes a second query unit, which is connected to the interface unit and is used to query the target data source name in the database according to part of the query conditions in the first query unit. Locate the data source that needs to be queried.
  • the data output service module includes a confusion unit, which is connected to the second query unit and is used to perform sorting queries according to all sortable feature variables in the target data source. Filter all sortable feature variables from the data source matched by the second query unit.
  • the data output service module includes an encryption unit, which is connected to the obfuscation unit and the interface unit. It is first used to encrypt the query data generated by the obfuscation unit using a private key, and then the encrypted result Return to the query module; secondly, decrypt the encrypted information sent by the verification unit and perform an XOR operation with the private key, and return the result of the XOR operation to the verification unit.
  • an encryption unit which is connected to the obfuscation unit and the interface unit. It is first used to encrypt the query data generated by the obfuscation unit using a private key, and then the encrypted result Return to the query module; secondly, decrypt the encrypted information sent by the verification unit and perform an XOR operation with the private key, and return the result of the XOR operation to the verification unit.
  • the data output service module includes a data storage unit connected to the second query unit for storing all queryable data information.
  • the present invention also provides a sorting query method based on oblivious transmission protocol, which includes the following steps:
  • Step S1 The query module queries the database for matching data and generates query conditions in the specified format
  • Step S2 the data output service module generates obfuscated data and correct information based on part of the query conditions, and uses the private key to encrypt the obfuscated data and correct information;
  • Step S3 the data output service module returns the encrypted result of obfuscated data and correct information, as well as the public key pair and all sortable variable characteristics to the query module;
  • Step S4 The query module locates all sortable variable features according to the user's interest variables
  • Step S5 the data output service module encrypts the correct results and obfuscated data and transmits them to the query module;
  • Step S6 The verification unit encrypts the random number and public key provided by the query module, extracts the private key information from the returned data, and uses the private key data to decrypt to obtain the user's query data.
  • step S6 the verification unit encrypts the random number and public key provided by the query module, and then transmits it to the data output service module.
  • the data output service module After decryption, the data output service module performs an XOR operation with the private key; Query After obtaining the result of the above XOR operation, the module XORs again to obtain the private key, and uses the private key to decrypt the result to obtain the query result required by the user.
  • This application further provides another sorting query method based on oblivious transmission protocol, including the following steps:
  • Step 1 The query module sends part of the information in the query conditions provided by the user to the data output service module;
  • Step 2 The data output service module returns sortable variable characteristics to the query module according to some query conditions
  • Step 3 The query module locates the location of the feature of interest to the user in all sortable feature variables, encrypts the random number based on the public key provided in the data output service module, and queries the encrypted string in the returned data.
  • step 1 the query module sends part of the query conditions submitted by the user to the second query unit in the data output service module, and the part of the query conditions includes the target data source.
  • the data output service module in step 2, the data output service module generates obfuscated data and correct information based on part of the query conditions, and uses a private key to encrypt the obfuscated data and correct information; the data output service module generates obfuscated data and correct information.
  • the encrypted result of the data and correct information is returned to the query module along with the public key pair and all sortable variable characteristics.
  • step 1 the query module generates random numbers and saves them locally;
  • step 3 the random number is encrypted using the public key provided by the query module, and the encryption result is transmitted to the data output service module.
  • the data output service module decrypts the encryption result and performs an XOR operation with the private key; the query module obtains The results of the above XOR operation are then XORed again to obtain the private key, and the private key is used to decrypt the result to obtain the query results required by the user.
  • Figure 1 is a structural diagram of the sorting query system based on the oblivious transmission protocol of the present invention
  • Figure 2 is a flow chart of the sorting query method based on the oblivious transmission protocol of the present invention
  • FIG. 3 is a flow chart of the sorting query method based on the oblivious transmission protocol of the present invention.
  • the sorting query system based on the oblivious transmission protocol of the present invention includes a query module and a data output service module.
  • the query module and the data output service module are connected through communication.
  • the query module is based on the query provided by the user.
  • the conditions filter the correct query results in the query data, and the data output service module is used to provide specific query events and return query data, and output encrypted results.
  • the query module includes a first query unit and a verification unit.
  • the first query unit is connected to the verification unit.
  • the first query unit is connected to the data output service module.
  • the first query unit is used to query the query conditions. Part of the information in is sent to the data output service module.
  • the verification unit is used to locate the location of the user's interesting features among all the sortable feature variables sent by the data output service module, and then based on the public key pair provided in the data output service module.
  • the random number is encrypted, and the encrypted string is queried in the returned data.
  • the user submits the target data source name, sorting method, interest variables and data volume information in the first query unit.
  • the first query unit formats the submitted information and sends the three pieces of information: data source name, sorting method and data volume to Data output service module.
  • the data output service module includes an interface module, which is connected to the query module and used to transmit data between the query module and the data output service module, which involves the transmission and verification of some query conditions in the first query unit. Transmission of all sortable feature variables in the unit, public key information, query data in the data output service module, and transmission of XOR results.
  • the data output service module also includes a second query unit, which is connected to the interface unit and is used to locate the target data source name in the database that needs to be queried according to some of the query conditions in the first query unit.
  • the data source in the data storage unit matches the data source name in the query condition.
  • the data output service module also includes a confusion unit, which is connected to the second query unit and used to perform sorting queries according to all sortable feature variables in the target data source.
  • a confusion unit which is connected to the second query unit and used to perform sorting queries according to all sortable feature variables in the target data source.
  • the second query unit matches All sortable feature variables are screened from the data source, and based on these feature variables, sorting operations are performed according to the sorting method in the query conditions transmitted by the first query unit, and then each sorting result is taken into a specified number according to the amount of data in the query conditions. Save, the query data obtained contains obfuscated data and correct results. Obfuscates the unit and stores the following feature variables and query results in a consistent order. If the query result is stored in a large amount, it is stored in the form of a file, and the file name is named after the relevant variable name. If the query result is not stored in a large amount, it is stored in the form of a list.
  • the data output service module also includes an encryption unit, which is connected to the obfuscation unit and the interface unit. It is first used to encrypt the query data generated by the obfuscation unit using a private key, and returns the encrypted results to the query module; Secondly, the encrypted information sent by the verification unit is decrypted and XORed with the private key, and the result of the XOR operation is returned to the verification unit.
  • an encryption unit which is connected to the obfuscation unit and the interface unit. It is first used to encrypt the query data generated by the obfuscation unit using a private key, and returns the encrypted results to the query module; Secondly, the encrypted information sent by the verification unit is decrypted and XORed with the private key, and the result of the XOR operation is returned to the verification unit.
  • the data output service module also includes a data storage unit connected to the second query unit for storing all queryable data information.
  • the present invention also provides a sorting query method based on oblivious transmission protocol implemented by using the above sorting query system.
  • the sorting query method includes the following steps:
  • Step S1 The query module queries the database for matching data and generates query conditions in the specified format
  • Step S2 the data output service module generates obfuscated data and correct information based on part of the query conditions, and uses the private key to encrypt the obfuscated data and correct information;
  • Step S3 the data output service module returns the encrypted result of obfuscated data and correct information, as well as the public key pair and all sortable variable characteristics to the query module;
  • Step S4 The query module locates among all sortable variable features according to the user's interest variables
  • Step S5 the data output service module encrypts the correct results and obfuscated data and transmits them to the query module;
  • Step S6 The verification unit encrypts the random number and public key provided by the query module, extracts the private key information from the returned data, and uses the private key data to decrypt to obtain the user's query data.
  • step S6 the verification unit encrypts the random number and public key provided by the query module, and then transmits it to the data output service module.
  • the data output service module After decryption, the data output service module performs an XOR operation with the private key; the query module obtains the above XOR operation. After XORing the result, the private key is obtained again, and the private key is used to decrypt the result to obtain the query result required by the user.
  • Paillier encryption which only generates the public key and private key once, and generates random numbers during encryption to achieve one-time encryption.
  • the oblivious transmission protocol-based sorting query method implemented by the above system of the present invention includes the following steps:
  • step S11 the user submits relevant query information in the first query unit in the query module according to requirements, including data source D, feature V, sorting rule up/down, and query number n.
  • Step S22 The verification unit in the query module generates a 1024-bit large random number r and saves it locally.
  • step S33 the query module transmits (D, u/d, n) in the query conditions submitted by the user to the second query unit in the data output service module.
  • step S44 the data output service module selects m sortable variables on the data table D, and then sorts the data table according to the m numerical variables, and the first n results are taken from each sorted result.
  • the query module generates m RSA public key-private key pairs: ( ⁇ Pub ⁇ _1, ⁇ Pri ⁇ _1), ( ⁇ Pub ⁇ _2, ⁇ Pri ⁇ _2),..., ( ⁇ Pub ⁇ _m, ⁇ Pri ⁇ _m ).
  • Step S55 after the verification unit in the query module obtains V, E_R and P, it compares x_1, x_2,...,x_m in V with the feature V selected by the user, determines the sorting attribute as x_t, and saves the location information t. Then the verification unit in the query module takes ⁇ Pub ⁇ _t, encrypts r to obtain R, and then sends R to the encryption unit of the data output service module.
  • Step S66 the encryption unit in the data output service module uses ⁇ Pri ⁇ _1, ⁇ Pri ⁇ _2,..., ⁇ Pri ⁇ _m to decrypt R respectively.
  • step S88 the verification unit of the query module returns the final query results [ID ⁇ _1, [ID ⁇ _2,..., [ID ⁇ _n]] to the first query unit and displays them to the user, completing the entire query operation.
  • the present invention also provides another embodiment of a sorting query method based on the oblivious transmission protocol implemented by the above-mentioned sorting query system, which includes the following steps:
  • Step 1 The query module sends part of the information in the query conditions provided by the user to the data output service module;
  • Step 2 The data output service module returns sortable variable characteristics to the query module according to some query conditions
  • Step 3 The query module locates the location of the feature of interest to the user in all sortable feature variables, encrypts the random number based on the public key provided in the data output service module, and queries the encrypted string in the returned data.
  • step 1 the query module sends part of the query conditions submitted by the user to the second query unit in the data output service module, and the part of the query conditions includes the target data source.
  • step 2 the data output service module generates obfuscated data and correct information based on part of the query conditions, and uses the private key to encrypt the obfuscated data and correct information; the data output service module encrypts the obfuscated data and correct information.
  • the results are returned to the query module along with the public key pair and all sortable variable features.
  • step 1 the query module generates random numbers and saves them locally.
  • step 3 the random number is encrypted using the public key provided by the query module, and the encryption result is transmitted to the data output service module.
  • the data output service module decrypts the encryption result and performs an XOR operation with the private key; the query module obtains The results of the above XOR operation are then XORed again to obtain the private key, and the private key is used to decrypt the result to obtain the query results required by the user.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne le domaine technique des informations informatiques, en particulier un système et un procédé d'interrogation de tri basés sur un protocole de transfert inconscient. Un module d'interrogation est en connexion de communication avec un module de service de sortie de données, le module d'interrogation filtre un résultat d'interrogation correct à partir de données d'interrogation selon une condition d'interrogation fournie par un utilisateur, et le module de service de sortie de données est configuré pour fournir un événement d'interrogation spécifique, pour renvoyer les données d'interrogation et pour délivrer un résultat de chiffrement. Par comparaison avec l'état de la technique, le système et le procédé d'interrogation de tri basés sur le protocole de transfert inconscient de la présente invention garantissent la sécurité d'informations d'un propriétaire de données, et rendent le propriétaire de données incapable de connaître des variables caractéristiques d'intérêt d'une partie d'interrogation, de telle sorte que la fonction d'interrogation de sécurité est étendue, et l'exigence d'interrogation de suivi caché triable est satisfaite.
PCT/CN2022/114566 2022-03-24 2022-08-24 Système et procédé d'interrogation de tri basés sur un protocole de transfert inconscient WO2023178919A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210296911.8A CN114661992A (zh) 2022-03-24 2022-03-24 一种基于不经意传输协议的排序查询系统及方法
CN202210296911.8 2022-03-24

Publications (1)

Publication Number Publication Date
WO2023178919A1 true WO2023178919A1 (fr) 2023-09-28

Family

ID=82032382

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/114566 WO2023178919A1 (fr) 2022-03-24 2022-08-24 Système et procédé d'interrogation de tri basés sur un protocole de transfert inconscient

Country Status (2)

Country Link
CN (1) CN114661992A (fr)
WO (1) WO2023178919A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117595991A (zh) * 2024-01-18 2024-02-23 深圳大学 一种结合密钥协商的隐私信息检索方法
CN117851660A (zh) * 2024-01-23 2024-04-09 广东电网有限责任公司信息中心 一种电网数据匿踪查询方法

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114661992A (zh) * 2022-03-24 2022-06-24 深圳前海环融联易信息科技服务有限公司 一种基于不经意传输协议的排序查询系统及方法
CN115292378B (zh) * 2022-08-16 2023-12-05 北京冲量在线科技有限公司 基于可信执行环境和不经意传输的隐匿查询系统及其方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180308164A1 (en) * 2013-09-24 2018-10-25 Chicago Mercantile Exchange Inc. Secure Exchange Feed Market Data Embargo
CN110210249A (zh) * 2019-06-13 2019-09-06 上海富数科技有限公司 基于数据混淆实现匿踪查询功能的系统及其方法
CN113190584A (zh) * 2021-04-07 2021-07-30 四川新网银行股份有限公司 一种基于不经意传输协议的匿踪查询方法
CN113239046A (zh) * 2021-05-20 2021-08-10 平安科技(深圳)有限公司 数据查询方法、系统、计算机设备及存储介质
CN114661992A (zh) * 2022-03-24 2022-06-24 深圳前海环融联易信息科技服务有限公司 一种基于不经意传输协议的排序查询系统及方法

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7620625B2 (en) * 2004-05-20 2009-11-17 Ntt Docomo, Inc. Method and apparatus for communication efficient private information retrieval and oblivious transfer
US10691754B1 (en) * 2015-07-17 2020-06-23 Hrl Laboratories, Llc STAGS: secure, tunable, and accountable generic search in databases
US10868674B2 (en) * 2016-08-12 2020-12-15 ALTR Solutions, Inc. Decentralized database optimizations

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180308164A1 (en) * 2013-09-24 2018-10-25 Chicago Mercantile Exchange Inc. Secure Exchange Feed Market Data Embargo
CN110210249A (zh) * 2019-06-13 2019-09-06 上海富数科技有限公司 基于数据混淆实现匿踪查询功能的系统及其方法
CN113190584A (zh) * 2021-04-07 2021-07-30 四川新网银行股份有限公司 一种基于不经意传输协议的匿踪查询方法
CN113239046A (zh) * 2021-05-20 2021-08-10 平安科技(深圳)有限公司 数据查询方法、系统、计算机设备及存储介质
CN114661992A (zh) * 2022-03-24 2022-06-24 深圳前海环融联易信息科技服务有限公司 一种基于不经意传输协议的排序查询系统及方法

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117595991A (zh) * 2024-01-18 2024-02-23 深圳大学 一种结合密钥协商的隐私信息检索方法
CN117595991B (zh) * 2024-01-18 2024-04-05 深圳大学 一种结合密钥协商的隐私信息检索方法
CN117851660A (zh) * 2024-01-23 2024-04-09 广东电网有限责任公司信息中心 一种电网数据匿踪查询方法

Also Published As

Publication number Publication date
CN114661992A (zh) 2022-06-24

Similar Documents

Publication Publication Date Title
WO2023178919A1 (fr) Système et procédé d'interrogation de tri basés sur un protocole de transfert inconscient
US20210281402A1 (en) Multi-party security computing method and apparatus, and electronic device
US11206132B2 (en) Multiparty secure computing method, device, and electronic device
US9977918B2 (en) Method and system for verifiable searchable symmetric encryption
CN105610793B (zh) 一种外包数据加密存储与密文查询系统及其应用方法
CN112738051B (zh) 数据信息加密方法、系统及计算机可读存储介质
US8176313B2 (en) Executable software security system
CN110569666A (zh) 一种基于区块链的数据统计的方法及装置
CN114840867B (zh) 基于可交换加密数据混淆的数据查询方法、装置和系统
CN108090370A (zh) 基于索引的即时通信加密方法和系统
CN113190584A (zh) 一种基于不经意传输协议的匿踪查询方法
CN104243149A (zh) 加、解密方法,装置和服务器
CN114491637B (zh) 数据查询方法、装置、计算机设备和存储介质
CN114547668A (zh) 一种基于国密和索引混淆的匿踪查询方法及装置
CN114969128A (zh) 一种基于安全多方计算技术的隐匿查询方法、系统和存储介质
CN115396115A (zh) 区块链数据隐私保护方法、装置、设备及可读存储介质
CN116707798B (zh) 一种基于等值测试的密文审查方法、装置和系统
CN117371011A (zh) 数据隐匿查询方法、电子设备和可读存储介质
EP3704617B1 (fr) Analyse de journal respectant la confidentialité
CN113065151A (zh) 关系型数据库信息安全强化方法、系统、终端及存储介质
JPH0969831A (ja) 暗号通信システム
CN114611152B (zh) 查询方法和查询系统
US7792289B2 (en) Encrypted communications
ElSaid Securing Sensitive Digital Data in Educational Institutions using Encryption Technology
CN114640543B (zh) 一种跨网域数据加密传输与加密状态下数据匹配的方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22932971

Country of ref document: EP

Kind code of ref document: A1