WO2023231817A1 - 数据处理方法、装置、计算机设备及存储介质 - Google Patents
数据处理方法、装置、计算机设备及存储介质 Download PDFInfo
- Publication number
- WO2023231817A1 WO2023231817A1 PCT/CN2023/095501 CN2023095501W WO2023231817A1 WO 2023231817 A1 WO2023231817 A1 WO 2023231817A1 CN 2023095501 W CN2023095501 W CN 2023095501W WO 2023231817 A1 WO2023231817 A1 WO 2023231817A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- information
- encrypted
- identification
- content
- Prior art date
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 14
- 238000012545 processing Methods 0.000 claims abstract description 153
- 238000000034 method Methods 0.000 claims abstract description 106
- 238000013503 de-identification Methods 0.000 claims abstract description 44
- 238000004590 computer program Methods 0.000 claims description 14
- 239000000284 extract Substances 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 abstract description 39
- 238000013507 mapping Methods 0.000 description 23
- 238000010586 diagram Methods 0.000 description 8
- 230000010354 integration Effects 0.000 description 5
- 230000000694 effects Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004549 pulsed laser deposition Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Definitions
- the present application relates to the field of computer technology, and in particular, to a data processing method, device, computer equipment and storage medium.
- Embodiments of the present application provide a data processing method, device, computer equipment and storage medium, which can improve security during object data transmission.
- embodiments of the present application provide a data processing method, including:
- target object data including the object identifier, and encryption instruction information for the target object data
- an embodiment of the present application provides a data processing device, including:
- An acquisition unit configured to acquire target object data including an object identifier, and encryption instruction information for the target object data
- a processing unit configured to de-identify the object identifier using the encrypted instruction information to obtain a pseudo-identity corresponding to the object identifier
- the processing unit is further configured to perform encryption processing on the data content of the target object data based on the encryption instruction information, and generate encrypted content of the data content;
- the processing unit is also configured to send the encrypted data of the target object data generated based on the encrypted content and the pseudo-identification to the data receiver, so that the data receiver can follow the data of the target object data. Use the scenario to decrypt the encrypted data and obtain the corresponding decrypted data.
- embodiments of the present application provide a computer device, including a processor, an input device, an output device, and a memory.
- the processor, the input device, the output device, and the memory are connected to each other, and the memory is used to store A computer program that supports a computer device to perform the above method, the computer program includes program instructions, and the processor is configured to call the program instructions to perform the following steps:
- target object data including the object identifier, and encryption instruction information for the target object data
- embodiments of the present application provide a computer-readable storage medium.
- Program instructions are stored in the computer-readable storage medium.
- the program instructions are executed by a processor, when the program instructions are executed by the processor, , used to perform the data processing method described in the first aspect.
- the computer device can determine the encrypted indication information about the target object based on the identity information of the target object data. Furthermore, the computer device can use the encrypted instruction information, combined with the data usage scenario of the target object data, to de-identify the object data contained in the target object data, and obtain the corresponding pseudo-identification. The computer device uses the encryption instruction information to encrypt the data content of the target object data and generates encrypted content of the data content.
- the computer device can send the encrypted data of the target object data generated based on the encrypted content and the pseudo-identification to the data recipient, so that the data recipient can follow the corresponding According to the data usage scenario, the encrypted data is decrypted and the corresponding decrypted data is obtained.
- the computer device realizes the integration of the de-identification process and the encrypted transmission process for the data content, forming a complete cross-domain transmission solution for object data.
- the parameter information required for de-identification and encryption of data content is determined at one time during the pre-negotiation process, it can ensure that subsequent data processing While ensuring the security of transmission, it also improves the efficiency of subsequent processing and transmission.
- the encryption parameters are all one-time parameters, achieving a one-time encryption capability for the data content.
- the object identification level in the actual business use process, because the data receiver often needs to implement business logic through identification mapping, a relatively stable identification mapping relationship is required, so the one-time pad mapping relationship is not used.
- the data sender in order to prevent the de-identification processing effect and security from being affected by using a fixed mapping relationship for the object identifier for a long time, the data sender introduces timestamp information as the mapping processing factor for the object identifier, and negotiates between both parties.
- the validity period of the timestamp information is used to implement fixed updates of the timestamp information, thereby ensuring the privacy of the object identification.
- the data sender also introduced a reference random factor when encrypting the object identifier to achieve different encryption processing requirements for the object identifier in different data usage scenarios to further ensure the encryption of the target object data.
- Figure 1A is a schematic diagram of a data processing scenario provided by an embodiment of the present application.
- Figure 1B is an overall flow chart of a data processing method provided by an embodiment of the present application.
- Figure 2 is a schematic flow chart of a data processing method provided by an embodiment of the present application.
- Figure 3A is a schematic diagram of a pre-negotiation stage provided by an embodiment of the present application.
- Figure 3B is a schematic diagram of a de-identification processing stage provided by an embodiment of the present application.
- Figure 3C is a schematic diagram of a data transmission stage provided by an embodiment of the present application.
- Figure 3D is a schematic diagram of a logo restoration provided by an embodiment of the present application.
- Figure 4 is a schematic block diagram of a data processing device provided by an embodiment of the present application.
- Figure 5 is a schematic block diagram of a computer device provided by an embodiment of the present application.
- the embodiment of the present application proposes a data processing method, so that when the computer device encrypts the target object data containing the object identifier, the data sender and data receiver corresponding to the target object data can first send data based on the data.
- the identity information of the data recipient and the identity information of the data recipient are used to negotiate a shared secret.
- the shared secret includes encryption instruction information for the target object data and decryption instruction information for the target object data. Since the shared secret is generated with reference to the identity information of both the data sender and the data receiver, the process of encrypting/decrypting the target object data based on the shared secret can only be performed on the corresponding data sender and data receiver. execution, effectively improving the data security of target object data.
- the computer device negotiates the shared secret, when encrypting the target object data based on the encryption instruction information in the shared secret, it will respectively decrypt the object identifier contained in the target object data based on the encryption instruction information. Identification processing, and encrypting the data content contained in the target object data based on the encryption instruction information. Based on the de-identification processing of the object identifier, the transmission security of the object identifier corresponding to the target object data can be effectively guaranteed.
- the computer device After performing de-identification processing on the object identification, based on the encryption processing performed by the computer device on the data content, the computer device realizes the integration of the de-identification processing process and the encryption transmission process of the target object data, forming a complete
- the object data transmission process helps ensure end-to-end object data transmission security.
- the computer device refers to the device where the data sender of the target object data is located during the process of encrypting the target object data.
- the computer device may also be the device during the process of decrypting the target object data. , corresponding to the device where the data receiver is located.
- the computer device may be a server or an intelligent terminal.
- the computer device When the computer device is a server, it may refer to a physical server or a virtual server. When the computer device is a physical server, it may specifically refer to a single server or a server cluster composed of multiple servers.
- the computer device When the computer device is an intelligent terminal, the intelligent terminal may refer to a smartphone, a computer, an intelligent voice interaction device, a smart home appliance, or a vehicle-mounted terminal.
- the target object data is object data including object identification and data content.
- the object identifier contained in the target object data is used to indicate the target object that generates the corresponding data content, and can be used to uniquely identify the target object.
- the object identifier may be the target object's social account, mobile phone number, etc. Any data content generated by the target object can be used as the data content contained in the data of the target object.
- the data content may be, for example, data such as the electronic resource stream of the target object.
- the target object data is obtained only after the corresponding target object has been notified and the corresponding data content and object identification authorization is obtained from the target object. Without obtaining the corresponding authorization, the data content and object identification will not be obtained.
- the identity information of the data sender and data receiver is used to uniquely identify the data sender or data receiver.
- the identity information is the identity certificate of the data sender or data receiver, for example, it may be the key certificate of the data sender or data receiver, etc.
- the shared secrets are negotiated based on the identity information of the data sender and the identity information of the data receiver. It contains the encryption instruction information of the data sender and the decryption instruction information of the data receiver.
- the target object data encrypted based on the encryption instruction information can be decrypted using the decryption instruction information. Therefore, encrypted transmission of target object data between the data sender and the data receiver can be achieved based on the shared secret negotiated by both parties. Since the encryption instruction information and decryption instruction information used when encrypting and transmitting the target object data between the two parties refer to the identity information of both parties, the security of the previous transmission of the target object data between the two parties can be effectively guaranteed.
- de-identification processing refers to mapping an object identifier (such as a user ID) to desensitize the user ID of the object identifier, thereby allowing the corresponding recipient to obtain the User information cannot be accurately located to the corresponding object subject, thus achieving accuracy and security in the process of sending object data.
- object identifier such as a user ID
- the data sender may be a computer device marked by 10 in FIG. 1A
- the data receiver may be any of the computer devices marked by 11 in FIG. 1A .
- the shared secrets negotiated by the data sender 10 and different data receivers are also different.
- the object identifier and object content in the same target object data are mapped to different mapping data, which ensures that the target
- the data privacy and security when object data is transmitted between the data sender and different data receivers also prevents different data receivers from inferring the same mapping data received and determining the target corresponding to the mapping data.
- the problem of object ontology since the target object data is sent from the data sender 10 to the data receiver 11, the shared secrets negotiated by the data sender 10 and different data receivers are also different.
- the object identifier and object content in the same target object data are mapped to different mapping data, which ensures that the target
- the data privacy and security when object data is transmitted between the data sender and different data receivers also prevents different data receivers from inferring the same
- the target object data when the target object data is transmitted between the data sender and the data receiver, it may be sent directly as shown in Figure 1A.
- the target object data can also be forwarded through an intermediary.
- the data sender is device A
- the data receiver is device B
- the intermediary is device C
- device A and device B cannot directly communicate with each other and device C is required to transfer data, due to the When performing encryption processing, the identity information of device A and the identity information of device B are negotiated.
- device C cannot obtain the complete device A. identity information and/or the identity information of device B. Therefore, after the encrypted target object data for transfer is sent to device C, device C cannot decrypt the encrypted data, thus ensuring that the target object data is Data security during transit.
- the data sender and the data receiver implement the transmission of target object data based on the negotiated shared secret, it mainly involves three stages: the pre-negotiation stage, the de-identification processing stage regarding the object identifier in the target object data, and the data transmission.
- the relationship between these three stages can be shown in Figure 1B.
- the goal of the pre-negotiation stage is to negotiate the identity information required to share secrets between the data sender and the data receiver through cryptographic means, and distribute the identity information for use in the following two processes.
- the pre-negotiation process requires the participation of both the data sender and the data receiver. This pre-negotiation process usually only needs to be done once. After the pre-negotiation is completed, the pre-negotiation step can be bypassed and the subsequent de-identification process and data transmission process can be directly performed.
- the de-identification processing stage of the object identifier is mainly based on the identity information of both parties negotiated in advance, and is supplemented by cryptographic means to desensitize the object identifier (such as user ID). This process only requires the involvement of the data sender.
- the data receiver in a scenario where the data receiver is not allowed to decode the object identifier (that is, the object identifier is irreversible), the data receiver cannot decode and restore the object identifier.
- the data receiver implements the decoding process of the object identifier based on the relevant information obtained from the data sender.
- the data sender and the data receiver also need to participate.
- the data sender generates a derived key, uses the derived key to encrypt the data content in the target object data, and transmits the encrypted relevant data to the data receiver.
- the data receiver generates a corresponding restoration key (decryption key), uses the generated restoration key to decrypt the encrypted data, and obtains the corresponding decrypted data.
- the data output method can be executed by the above-mentioned computer device. As shown in Figure 2, the method may include:
- S201 Obtain target object data including the object identifier and encryption instruction information for the target object data.
- the computer device When transmitting target object data, after obtaining the target object data, the computer device (or data sender) also needs to obtain encryption instruction information for the target object data.
- the encryption instruction information is obtained after negotiation between the data sender and the data receiver corresponding to the target object data in the pre-negotiation stage.
- the data sender can first obtain the data sender's identity information, where the identity information includes the data sender's public identity information and the data sender's specific identity information.
- the public identity information of the data sender refers to the identity information that needs to be sent to the data receiver, so that the data receiver can generate the decryption instruction information based on the obtained public identity information of the data sender. .
- the specific identity information of the data sender refers to the identity information that is stored in the data sender itself and is not published or sent externally.
- the data sender can also obtain the public identity information of the data receiver from the data receiver, where the public identity information of the data receiver is obtained from the identity of the data receiver.
- the identity information of the data recipient also includes the public identity information of the data recipient and the specific identity information of the data recipient, and the public identity information of the data recipient is also released to the outside world after being generated. of the data recipient.
- a key agreement algorithm can be used, based on the identity information of the data sender and the data receiver. Generate encryption instructions based on the party's public identity information.
- the identity information of the data sender may be an identity certificate.
- the identity information of the data sender may be the first key pair generated by the data sender.
- the first key pair includes a first public key (denoted as Pa) and a first private key (denoted as Sa).
- the first public key is the public identity information of the data sender
- the first private key is the specific identity information of the data sender.
- the identity information of the data recipient can also be the second key pair generated by the data recipient.
- the second public key (denoted as Pb) included in the second key pair is used as the public identity information of the data recipient
- the second private key (denoted as Sb) included in the second key pair is used as the specific information of the data recipient.
- the above-mentioned first key pair generated by the data sender and the second key pair generated by the data receiver can be generated by both parties based on cryptographic means.
- both the data sender and the data receiver can use the SM2 algorithm (cryptography algorithm) to generate a key pair.
- the key agreement algorithm can be used to combine the first public key Pa, the first private key Sb, and the second public key Pb to encrypt the instruction information (denoted as Rk). generate.
- the key agreement algorithm may use the ECDH algorithm (DH (Diffie-Hellman) key exchange algorithm based on ECC (Elliptic Curve Cryptosystems, Elliptic Curve Cryptosystems)).
- the data sender in order to determine the object identifier of the target object according to the corresponding data usage scenario (and whether the data receiver is allowed to decode the object identifier), different de-identification methods are used. Therefore, in the pre-order stage of de-identification processing, such as the pre-negotiation stage, the data sender is also involved in the generation of timestamp information (denoted as time) and the random secret factor (denoted as random) generation process. Among them, the timestamp information and the random secret factor are used by the data sender as processing factors for subsequent de-identification processing.
- the data sender when de-identifying the object identifier, the data sender will not only refer to the encryption instruction information generated by the identity information of both parties, but also refer to the timestamp information time and/or the random factor (i.e., the random secret factor random) to further ensure the identity security of the object identity.
- the timestamp information time and/or the random factor i.e., the random secret factor random
- step S301 the data sender generates an SM2 key pair (first key pair), including a public key Pa (first public key) and a private key Sa (first private key).
- the data receiver generates an SM2 key pair (second key pair), including public key Pb (second public key) and private key Sb (second private key).
- step S302 the data sender generates a timestamp and determines its corresponding validity period.
- step S303 it is determined whether the recipient allows the restoration of the original object identification of the target object, that is, whether the encrypted object identification is allowed to be restored.
- step S304 if allowed, the two parties exchange their respective public key information, and the data sender sends the timestamp information and the corresponding validity period to the data receiver.
- step S305 if it is not allowed, the data sender generates a random secret factor random, and in step S306, the timestamp information, the corresponding validity period and the random secret factor random are sent to the data receiver.
- the data sender and data receiver of the target object data mainly perform the generation process of the data required in the subsequent de-identification processing stage and the data transmission stage, as well as the process of data exchange of related data. Then, after the data sender generates its own identity information in the pre-negotiation stage and obtains the public identity information of the data receiver, it can generate corresponding encryption instruction information.
- the generated encryption instruction information can be identified by Rk.
- the object identifier contained in the target object data can be de-identified, and then step S202 can be executed.
- S202 Use the encrypted instruction information to de-identify the object identifier to obtain a pseudo-identity corresponding to the object identifier.
- the computer device may use the data usage scenario of the target object data. Different identification processing rules are used to perform de-identification processing on the object identification.
- the computer device (that is, the device corresponding to the data sender) may first determine the data usage scenario of the target object data. Among them, the data usage scenario stipulates the identification processing rules when de-identifying the object identification.
- the computer device can de-identify the object identifier according to the identifier processing rules and use the encrypted instruction information to obtain a pseudo-identity corresponding to the object identifier.
- the data usage scenario is used to describe whether it supports the data receiver to obtain the original object identifier of the target object and the process of de-identifying the object identifier, that is, encrypting the object identifier. Process of processing. Then, the data usage scenario is used to describe whether the data receiver is supported to decrypt the encrypted object identifier. Whether the data receiver is allowed to obtain the original object identifier of the target object can be determined based on the usage scenario corresponding to the target object data containing the object identifier. If the data receiver needs to perform object portrait analysis based on the original object identifier, it is determined that the data receiver is allowed to obtain the original object identifier. If the data receiver only needs to perform corresponding services based on the data content contained in the target object data, it is determined that the data receiver is not allowed to obtain the original object identifier.
- the data generator performs de-identification processing on the corresponding object identifier based on the data usage scenario, as shown in Figure 3B.
- the data sender obtains the encryption instruction information Rk through generation (step S310), it determines whether the data usage scenario indication data receiver allows (supports) object identification restoration (step S311). If the data usage scenario indicates that the data receiver does not support decryption to obtain the object identification of the target object, then the data generator can use the generated reference random factor (ie, the random secret factor random generated in the above step S305) as the target object for the pair. Processing factor when de-identifying an image identifier.
- the generated reference random factor ie, the random secret factor random generated in the above step S305
- the data generator can generate the first identification processing key for performing de-identification processing based on the reference random factor, encryption instruction information and timestamp information after generating the timestamp information and the reference random factor random. key (step S312).
- the data sender may use a key generation algorithm and generate the first identity processing key based on the reference random factor random, encryption indication information Rk and timestamp information (recorded as time).
- the key generation algorithm may be PBKDF2-SM3-HMAC algorithm (Password-Based Key Derivation Function-SM3Cryptographic Hash Algorithm-Hash-based Message Authentication Cod).
- idkey1 PBKDF2-SM3-HMAC(time, Rk, random) Equation 2
- the data sender can use the first identification processing key idkey1 to encrypt the object identification (recorded as id), and use the encrypted object identification as The pseudo identification of the object identification (recorded as fakeid) (step S314).
- the data sender uses the first identification processing key idkey1 to encrypt the object identification id, it can also use a corresponding encryption algorithm (such as the SM4 algorithm), which can be specifically shown in Equation 3.
- fakeid SM4(id,idkey1) Formula 3
- the determined method is used to perform de-identification.
- the processed key is the second identification processing key (recorded as idkey2) (step S313). Then, when generating the second identification processing key, the data sender can obtain the timestamp information time, and then can use the encryption indication information Rk and the timestamp information time to generate a second identification for performing de-identification processing.
- the data sender uses the second identification processing key idkey2 to encrypt the object identification id, as shown in Equation 5, and the encrypted object
- the identifier is a pseudo-identifier that is used as the object identifier (step S314).
- the data sender when the data usage scenario indicates that the data receiver does not support the decryption process of the object identifier, the data sender introduces reference randomness when encrypting the object identifier contained in the target object.
- the factor random serves as the processing factor.
- the reference random factor random will not be used as the encryption processing factor for the object identifier, but only the timestamp information time and encryption instruction information Rk will be used as The encryption processing factor identified for this object.
- the data sender since the data sender has already The encryption instruction information is sent to the data receiving end, then based on the symmetry of the symmetric encryption process, after the data sender uses the timestamp information and the second identification processing key generated by the encryption instruction information to encrypt the corresponding object identification, the data The recipient may also use the timestamp information and encryption instruction information obtained from the data sender to generate an identification decryption key that is equivalent to the second identification key. This allows the data recipient to successfully decrypt the encrypted pseudo-identity and obtain the original object identification when the data usage scenario indicates that the data recipient is supported in decrypting the object identification.
- the data sender introduces the reference random factor random as the processing factor for encrypting the object identifier, and does not use the reference random factor. Random is sent to the data receiving end, which makes it impossible for the data receiving end to decrypt and restore the pseudo-identity due to the lack of reference random factors.
- the embodiment of the present application is different from the traditional de-identification process based on fixed mapping.
- the embodiment of this application will derive a local key for performing de-identification processing (the first identification processing key) based on the combination of the identity information of the transmitting parties, the timestamp information, and the optional secret factor (refer to the random factor random). key or second identification processing key), so that the object identification can be encrypted with the derived local key to achieve de-identification of the object identification. Since the identity information of both parties is added to the mapping algorithm, different mappings can be established for different transmission scenarios at the algorithm level.
- the optional secret factor can be shared with the receiver at the data sender's discretion depending on the application scenario.
- the data receiver can decrypt it and obtain the original object identifier.
- the data recipient When deciding not to share it with the recipient, the data recipient only obtains a completely de-identified object identifier (ie, a pseudo-identifier), which greatly enhances the flexibility and security of performing de-identification processing.
- the timestamp information generated by the data sender is also set with a validity period.
- the validity period may be used to indicate the valid time range of the identity processing key (including the above-mentioned first identity processing key and the second identity processing key) generated based on the corresponding timestamp information.
- the data sender can update the timestamp information, and use the updated timestamp information to update the corresponding identification processing key.
- the updated timestamp information can also be sent to the data receiver, so that when the data receiver is supported to decrypt and obtain the object identifier of the target object, it can obtain the object identifier of the target object based on the received
- the updated timestamp information is processed for identification decryption.
- the encryption processing factor for the object identifier can be updated and adjusted when the valid duration is reached.
- the encryption mapping relationship of the object identifier can be updated, thereby enhancing the security of de-identification processing of the corresponding object identifier.
- the encryption method of the object identification can be adjusted according to the valid duration in the same data usage scenario. For example, data usage scenarios all support data If the receiver decrypts and obtains the object identification of the target object, and the validity period set for the timestamp information is 1 day, then for the object identification of the same target object, the processing factor for encrypting the object identification on that day is The timestamp information contained must be different from the timestamp information contained in the processing factor used to encrypt the object ID the next day.
- the data sender may also encrypt the data content of the target object based on the encryption instruction information.
- there is no sequential relationship between the de-identification process performed by the data sender on the object identifier based on the encryption instruction information and the encryption process performed on the data content of the target object data and can be performed sequentially. They can also be executed at the same time, which is not limited in the embodiment of this application.
- S203 Encrypt the data content of the target object data based on the encryption instruction information to generate encrypted content of the data content.
- the process in which the data sender encrypts the data content of the target object data can be seen in the part framed by the dotted line in Figure 3C.
- the data sender obtains the encryption instruction information Rk through generation (step S320)
- the data sender can first perform a temporary random factor (denoted as nonce) through generation ) is obtained (step S321).
- the temporary random factor nonce obtained by the data sender is a one-time random number. After the temporary random factor nonce is used to encrypt/decrypt the data of the target object data, the temporary random factor nonce becomes invalid, which can ensure the security of the data content of the target object data.
- the temporary random factor and the reference random factor random generated during the pre-negotiation process are two different random numbers.
- the reference random factor is a non-one-time random number.
- the reference random factor random is a random number that is valid for a long time. That is to say, when the data sender encrypts the data content of the target object data, based on the generation of a one-time temporary random factor nonce, a high-strength end-to-end encryption transmission method of one-time pad can be implemented.
- the one-time pad encrypted transmission can realize each rotation of the encryption key for the data content, which can effectively prevent the intermediary from obtaining the plain text of the content data, further ensuring the security of the data content during the data transmission process.
- the key reference information secret can be generated based on the encryption instruction information and the temporary random factor (step S322).
- the generated key reference information contains at least two bytes.
- the data sender can also use the PBKDF2-SM3-HMAC algorithm to combine the encryption instruction information Rk and the temporary random factor nonce to generate the key reference information secret, which can be specifically shown in Equation 6.
- Secret PBKDF2-SM3-HMAC(nonce,Rk) Equation 6
- the data generator when the data generator generates the key reference information secret, it will be based on a one-time The temporary random factor nonce is performed, then the key reference information secret generated based on the one-time temporary random factor nonce is also one-time.
- the data sender After the data sender obtains the key reference information, it can further perform byte division processing on at least two bytes contained in the key reference information to obtain the initial encryption vector (denoted as IV) and the content encryption key respectively. (recorded as SK).
- the key reference information obtained by the data sender generally contains 32 bytes, the data sender performs byte division processing and obtains the initial encryption vector IV and content encryption key SK.
- the upper 16 bytes of the key reference information secret can be used as the initial encryption vector IV
- the lower 16 bytes of the key reference information secret can be used as the content encryption key SK (step S323).
- the content encryption key and initial encryption vector can be used to encrypt the data content of the target object data to generate an encryption of the data content.
- content (step S324).
- the data sender encrypts the data based on the content encryption key and the initial encryption vector pair.
- SM4_gcm is a data encryption algorithm. After the data sender calculates and obtains the encrypted content encypted_data of the target object data, based on the encrypted content encypted_data, the pseudo identity fakeid generated after de-identifying the object identifier of the target object data can be generated, and the data content can be The temporary random factor nonce generated during the encryption process generates the encrypted data of the target object data. Therefore, the encrypted data of the target object data generated by the data sender can be identified by (fakeid, encypted_data, nonce).
- the encrypted data can be sent to the data receiver (step S325), and step S204 can then be executed.
- the data sender when the data sender sends the generated encrypted data to the data receiving end, since the sent data has been encrypted, the data sender can directly send the generated encrypted data to the data receiving end. square.
- the generated encrypted data can also be sent to the data receiver based on the secure channel implemented by the SSL protocol (Secure Sockets Layer, a secure transmission protocol) to ensure the security of the transmission. Encrypt data security to further ensure the security of target object data.
- SSL protocol Secure Sockets Layer, a secure transmission protocol
- S204 Send the encrypted data of the target object data generated based on the encrypted content and pseudo-identification to the data receiver, so that the data receiver can decrypt the encrypted data according to the data usage scenario of the target object data and obtain corresponding decrypted data.
- the data receiver can decrypt the encrypted data according to the data usage scenario for the target object data and obtain the corresponding solution. Confidential data. Next, the decryption process of the encrypted data performed by the data receiver according to the data usage scenario will be described in detail in conjunction with Figure 3C.
- the encryption process for the target object data is performed using a symmetric encryption algorithm. Then, when decrypting the encrypted data of the target object data, the data receiver can use the encryption process during the generation and encryption process. The decryption key with the same key can decrypt the encrypted data. In one embodiment, after the data receiver obtains the encrypted data from the data sender (step S326), the data receiver can obtain the encrypted data from the data sender when decrypting the encrypted data according to the data usage scenario.
- the public identity of the data sender The identity information generated by the data recipient includes the public identity information of the data recipient and the specific identity information of the data recipient. The corresponding public identity information obtained by the data receiver from the data sender may be the first public key Pa generated by the data sender.
- the data receiver can further adopt a key agreement algorithm and generate decryption instruction information Rk based on the public identity information of the data sender (i.e., the first public key Pa) and the identity information of the data receiver. '(step S327).
- the identity information of the data recipient includes the second public key pb and the second private key Sb in the above-mentioned second key pair generated by the data recipient. Then, based on the symmetry of the symmetric encryption algorithm and the preceding key pair negotiation process between the two parties, the decryption instruction information generated by the data receiver is equivalent to the encryption instruction information generated by the data sender.
- the decryption instruction information Rk' generated by the data receiver can be used to decrypt the encryption instruction information Rk generated by the data sender.
- the generation of the decryption instruction information Rk' generated by the data receiver can also be implemented based on the above-mentioned key agreement algorithm ECDH, which can be specifically shown in Equation 8.
- ECDH key agreement algorithm
- the data receiver After the data receiver obtains the decryption instruction information, it can use the decryption instruction information and decrypt the encrypted data according to the data usage scenario of the target object data.
- the decryption instruction information Rk' obtained by the data receiver is used to decrypt the encrypted content included in the encrypted data. Then, when the data receiver uses the decryption instruction information to decrypt the encrypted content in the encrypted data, since the encrypted data of the target object data contains the temporary random factor nonce generated during the encryption process of the data content, therefore, in step S328, the data receiver can first extract the temporary random factor nonce from the encrypted data (fakeid, encypted_data, nonce).
- step S328 based on the symmetry of the symmetric encryption algorithm and the pre-negotiation process of both parties, the data receiver generates equivalent information (denoted as secret') that is equivalent to the key reference information secret (step S328). Afterwards, the encrypted content obtained after being encrypted based on the key reference information secret can be decrypted.
- the decryption vector IV' and the content decryption key Sk' can be determined from at least two bytes contained in the equivalent information (step S329). Then the data receiver uses the decryption vector IV' and the content decryption key Sk' to decrypt the encrypted content and obtain the decrypted content data' of the encrypted content (step S330). In one embodiment, when the data receiver determines the decryption vector IV' and the content decryption key Sk' from the equivalent information Secret' of the reference key information, it can also use the high 16 bytes of the equivalent information Secret' as the decryption key.
- data' refers to the decrypted content obtained after decrypting the encrypted content.
- the decrypted content data' obtained by the data decryption party after decrypting the encrypted content is the same as the original data content data contained in the target object data (that is, the data content data before the encryption/decryption process is performed). . Therefore, after the data receiver obtains the decrypted content corresponding to the encrypted content, the reception of the data content data is completed.
- the data receiver can further decrypt the object identifier corresponding to the target object data based on the data usage scenario for the target object data.
- the fake identifier fakeid is extracted, and then the decrypted content data' and the extracted fake identifier fakeid can be used as decrypted data of the encrypted data (step S332).
- the data receiver can process the encrypted data after obtaining the decrypted content of the encrypted content.
- the pseudo identity fakeid included in is decrypted to obtain the decryption identity (recorded as id') corresponding to the pseudo identity (step S333), and thus the decrypted content of the decryption identity can be obtained (step S334).
- the identity decryption key can first be generated based on the timestamp information time and the decryption instruction information Rk' (step S341). Wherein, the identity decryption key generated by the data receiver is equal to the second identity processing key.
- idkey' PBKDF2-SM3-HMAC(time, Rk') Equation 11
- the identity decryption key idkey' can be used to decrypt the pseudo identity included in the encrypted data and obtain the corresponding decryption identity (step S342).
- the above-mentioned cryptographic algorithms such as SM2, SM4, PBKDF2-SM3-HMAC, etc. can be replaced by cryptographic algorithms of the same type, such as sha256 algorithm (Secure Hash Algorithm 256), aes Algorithm (Advanced Encryption Standard), pbkdf2-sha256-hmac algorithm (another cryptographic algorithm) any one or more.
- sha256 algorithm Cure Hash Algorithm 256
- aes Algorithm Advanced Encryption Standard
- pbkdf2-sha256-hmac algorithm another cryptographic algorithm
- the computer device can determine the encrypted indication information about the target object based on the identity information of the target object data. Furthermore, the computer device can use the encrypted instruction information, combined with the data usage scenario of the target object data, to de-identify the object data contained in the target object data, and obtain the corresponding pseudo-identification.
- the computer device uses the encryption instruction information to encrypt the data content of the target object data and generates encrypted content of the data content. Then the computer device can send the encrypted data of the target object data generated based on the encrypted content and the pseudo-identification to the data receiver, so that the data receiver can decrypt the encrypted data according to the corresponding data usage scenario and obtain the corresponding data. of decrypted data.
- the computer device realizes the integration of the de-identification process and the encrypted transmission process for the data content, forming a complete cross-domain transmission solution for object data. Moreover, since in the cross-domain transmission scheme of the embodiment of the present application, the parameter information required for de-identification and encryption of data content is determined at one time during the pre-negotiation process, it can ensure that subsequent data processing While ensuring the security of transmission, it also improves the efficiency of subsequent processing and transmission. Moreover, when the computer device encrypts the data content of the target object data, the encryption parameters are all one-time parameters, achieving a one-time encryption capability for the data content.
- the data sender introduces timestamp information as the mapping processing factor for the object identifier, and negotiates between both parties. The validity period of the timestamp information is used to implement fixed updates to the timestamp information. new, thereby ensuring the privacy of the object identification.
- the data sender also introduced the reference random factor random when encrypting the object identifier to achieve different encryption processing requirements for the object identifier in different data usage scenarios to further ensure that the target object data encryption security and transmission security.
- inventions of the present application also provide a data processing device.
- the data processing device may be a computer program (including program code) running in the above computer equipment.
- the data processing device can be used to perform the data processing method as shown in Figure 2.
- the data processing device includes: an acquisition unit 401 and a processing unit 402.
- the acquisition unit 401 is used to acquire target object data including an object identifier, and encryption instruction information for the target object data.
- the processing unit 402 is configured to use the encrypted instruction information to de-identify the object identifier to obtain a pseudo-identity corresponding to the object identifier.
- the processing unit 402 is further configured to perform encryption processing on the data content of the target object data based on the encryption instruction information, and generate encrypted content of the data content.
- the processing unit 402 is also configured to send the encrypted data of the target object data generated based on the encrypted content and the pseudo-identification to a data recipient, so that the data recipient can process the data according to the data of the target object data. Use the scenario to decrypt the encrypted data and obtain the corresponding decrypted data.
- processing unit 402 is specifically used to:
- the encryption instruction information is obtained after negotiation between the data sender of the target object data and the data receiver.
- the processing unit 402 is specifically used to:
- the identity information includes the public identity information of the data sender and the specific identity information of the data sender;
- a key agreement algorithm is used, and the encryption indication information is generated based on the identity information of the data sender and the public identity information of the data receiver.
- the processing unit 402 is specifically used for:
- the first identification processing key is used to encrypt the object identification, and the encrypted object identification is used as a pseudo identification of the object identification.
- the processing unit 402 is specifically used to:
- the object identification is encrypted based on the second identification processing key, and the encrypted object identification is used as a pseudo identification of the object identification.
- the timestamp information is set with a valid duration, and the valid duration is used to indicate the valid time range of the identity processing key generated based on the corresponding timestamp information.
- the processing unit 402 is specifically used to:
- the timestamp information is updated, and the corresponding identification processing key is updated using the updated timestamp information
- the updated timestamp information is sent to the data receiver, so that when the data receiver is supported in decryption to obtain the object identification of the target object, it can perform identification decryption processing based on the received timestamp information.
- processing unit 402 is specifically used to:
- the data content of the target object data is encrypted to generate encrypted content of the data content.
- the obtaining unit 401 is also used to obtain a temporary random factor generated during the encryption process of the data content
- the processing unit 402 is also configured to generate encrypted data of the target object data based on the encrypted content, the pseudo identifier and the temporary random factor.
- the data receiver processes the encrypted data according to the data usage scenario of the target object data.
- Methods for decrypting data include:
- the data receiver obtains the public identity information of the data sender from the data sender, and the identity information generated by the data receiver includes the public identity information of the data receiver and the specific identity of the data receiver. information;
- the data receiver adopts a key agreement algorithm and generates decryption instruction information based on the public identity information of the data sender and the identity information of the data receiver, wherein the decryption instruction information is equivalent to the encryption instruction information;
- the data receiver uses the decryption instruction information and decrypts the encrypted data according to the data usage scenario of the target object data.
- the decryption instruction information is used by the data recipient to decrypt the encrypted content included in the encrypted data
- the encrypted data of the target object data further includes: decrypting the data content.
- the temporary random factor generated during the encryption process, and the method for the data receiver to use the decryption instruction information to decrypt the encrypted content in the encrypted data includes:
- the data receiver extracts a temporary random factor from the encrypted data
- the data receiver uses the temporary random factor and the decryption instruction information to generate equivalent information of the key reference information, and determines the decryption vector and the content decryption key from at least two bytes contained in the equivalent information. ;
- the data receiver uses the decryption vector and the content decryption key to decrypt the encrypted content to obtain the decrypted content of the encrypted content.
- the data usage scenario indicates that the data recipient does not support decryption to obtain the object identifier of the target object
- the data recipient obtains the decrypted content of the encrypted content
- the data receiver extracts the pseudo-identity from the encrypted data, and uses the decrypted content and the extracted pseudo-identity as the decrypted data of the encrypted data.
- the data usage scenario indicates that the data recipient obtains the object identifier of the target object through decryption
- the data recipient obtains the decrypted content of the encrypted content
- the data receiver decrypts the pseudo-identity included in the encrypted data to obtain the decryption identification corresponding to the pseudo-identity;
- the data recipient uses the encryption identifier and the decrypted content as the decrypted data of the encrypted data.
- the method by which the data recipient decrypts the pseudo-identity included in the encrypted data includes:
- the data receiver obtains timestamp information from the data sender, and uses the timestamp information and the decryption instruction information to generate an identification decryption key;
- the data recipient uses the identification decryption key to decrypt the pseudo identification included in the encrypted data.
- the identity information of the data sender includes a first key pair generated by the data sender, and the first key pair includes a first public key and a first private key; wherein, the The first public key is the public identity information of the data sender, and the first private key is the specific identity information of the data sender;
- the identity information of the data recipient includes a second key pair generated by the data recipient, wherein the second public key contained in the second key pair is used as the public identity information of the data recipient, so The second private key included in the second key pair is used as the specific identity information of the data recipient.
- the processing unit 402 may determine the encryption indication information about the target object based on the identity information of the target object data. Furthermore, the processing unit 402 can use the encrypted indication information and combine it with the data usage scenario of the target object data to de-identify the object data contained in the target object data and obtain the corresponding pseudo-identification. The processing unit 402 can use the encryption instruction information to perform encryption processing on the data content of the target object data, and generate encrypted content of the data content.
- the processing unit 402 can send the encrypted data of the target object data generated based on the encrypted content and pseudo-identification to the data receiver, so that the data receiver can decrypt the encrypted data according to the corresponding data usage scenario, and obtain Decrypt the data accordingly.
- the integration of the de-identification process and the encrypted transmission process for data content is achieved, forming a complete cross-domain transmission solution for object data.
- the parameter information required for de-identification and encryption of data content is determined at one time during the pre-negotiation process, it can ensure that subsequent data processing While ensuring the security of transmission, it also improves the efficiency of subsequent processing and transmission.
- the encryption parameters are all one-time parameters, realizing the one-time encryption capability of the data content.
- the object identification level in the actual business use process, because the data receiver often needs to implement business logic through identification mapping, a relatively stable identification mapping relationship is required, so the one-time pad mapping relationship is not used.
- the data sender introduces timestamp information as the mapping processing factor for the object identifier, and negotiates between both parties. The validity period of the timestamp information is used to implement fixed updates of the timestamp information, thereby ensuring the privacy of the object identification.
- the data sender also introduced a reference random factor when encrypting the object identifier to achieve different encryption processing requirements for the object identifier in different data usage scenarios to further ensure the encryption of the target object data. Cryptographic security and transmission security.
- FIG. 5 is a schematic structural block diagram of a computer device provided by an embodiment of the present application.
- the computer device in this embodiment as shown in Figure 5 may include: one or more processors 501; one or more input devices 502, one or more output devices 503 and a memory 504.
- the above-mentioned processor 501, input device 502, output device 503 and memory 504 Connected via bus 505.
- the memory 504 is used to store computer programs, which include program instructions, and the processor 501 is used to execute the program instructions stored in the memory 504 .
- the memory 504 may include volatile memory (volatile memory), such as random-access memory (random-access memory, RAM).
- volatile memory such as random-access memory (random-access memory, RAM).
- non-volatile memory such as flash memory (flash memory), solid-state drive (SSD), etc.
- Memory 504 may also include a combination of the types of memory described above.
- the processor 501 may be a central processing unit (CPU).
- the processor 501 may further include a hardware chip.
- the above-mentioned hardware chips can be application-specific integrated circuits (ASICs), programmable logic devices (programmable logic devices, PLDs), etc.
- the PLD can be a field-programmable gate array (FPGA), a general array logic (generic array logic, GAL), etc.
- the processor 501 may also be a combination of the above structures.
- the memory 504 is used to store computer programs, and the computer programs include program instructions.
- the processor 501 is used to execute program instructions stored in the memory 504 to implement the above steps of the corresponding method in Figure 2.
- the processor 501 is configured to invoke the program instructions for performing:
- target object data including the object identifier, and encryption instruction information for the target object data
- the processor 501 is configured to invoke the program instructions for performing:
- the data usage scenario is used to specify the identification processing rules when de-identifying the object identification;
- the encryption instruction information is obtained after negotiation between the data sender of the target object data and the data receiver.
- the processor 501 is configured to call the program instruction for execution. :
- the identity information includes the public identity information of the data sender, and Specific identifying information of the data sender;
- a key agreement algorithm is used, and the encryption indication information is generated based on the identity information of the data sender and the public identity information of the data receiver.
- the processor 501 is configured to call the program instructions for executing:
- the encryption indication information and the timestamp information Based on the reference random factor, the encryption indication information and the timestamp information, generate a first identification processing key for performing de-identification processing;
- the first identification processing key is used to encrypt the object identification, and the encrypted object identification is used as a pseudo identification of the object identification.
- the processor 501 is configured to call the program instructions for executing:
- the object identification is encrypted based on the second identification processing key, and the encrypted object identification is used as a pseudo identification of the object identification.
- the timestamp information is set with a valid duration, and the valid duration is used to indicate the valid time range of the identification processing key generated based on the corresponding timestamp information;
- the processor 501 is configured to call the program instructions , used to execute:
- the timestamp information is updated, and the corresponding identification processing key is updated using the updated timestamp information
- the updated timestamp information is sent to the data receiver, so that when the data receiver is supported in decryption to obtain the object identification of the target object, it can perform identification decryption processing based on the received timestamp information.
- the processor 501 is configured to invoke the program instructions for performing:
- the data content of the target object data is encrypted to generate encrypted content of the data content.
- the processor 501 is configured to invoke the program instructions for performing:
- Encrypted data of the target object data is generated based on the encrypted content, the pseudo-identification and the temporary random factor.
- the method by which the data receiver decrypts the encrypted data according to the data usage scenario of the target object data includes:
- the data receiver obtains the public identity information of the data sender from the data sender, and the identity information generated by the data receiver includes the public identity information of the data receiver and the specific identity of the data receiver. information;
- the data receiver adopts a key agreement algorithm and generates decryption instruction information based on the public identity information of the data sender and the identity information of the data receiver; wherein the decryption instruction information is equivalent to the encryption instruction information;
- the data receiver uses the decryption instruction information and decrypts the encrypted data according to the data usage scenario of the target object data.
- the decryption instruction information is used by the data recipient to decrypt the encrypted content included in the encrypted data, and the encrypted data of the target object data further includes: decrypting the data content.
- a temporary random factor generated during the encryption process; the method for the data receiver to use the decryption instruction information to decrypt the encrypted content in the encrypted data includes:
- the data receiver extracts a temporary random factor from the encrypted data
- the data receiver uses the temporary random factor and the decryption instruction information to generate equivalent information of the key reference information, and determines the decryption vector and the content decryption key from at least two bytes contained in the equivalent information. ;
- the data receiver uses the decryption vector and the content decryption key to decrypt the encrypted content to obtain the decrypted content of the encrypted content.
- the data usage scenario indicates that the data recipient does not support decryption to obtain the object identifier of the target object
- the data recipient obtains the decrypted content of the encrypted content
- the data receiver extracts the pseudo-identity from the encrypted data, and uses the decrypted content and the extracted pseudo-identity as the decrypted data of the encrypted data.
- the data usage scenario indicates that the data recipient obtains the object identifier of the target object through decryption
- the data recipient obtains the decrypted content of the encrypted content
- the data receiver decrypts the pseudo-identity included in the encrypted data to obtain the pseudo-identity corresponding to the pseudo-identity. decryption identification;
- the data recipient uses the encryption identifier and the decrypted content as the decrypted data of the encrypted data.
- the method by which the data recipient decrypts the pseudo-identity included in the encrypted data includes:
- the data receiver obtains timestamp information from the data sender, and uses the timestamp information and the decryption instruction information to generate an identification decryption key;
- the data recipient uses the identification decryption key to decrypt the pseudo identification included in the encrypted data.
- the identity information of the data sender includes a first key pair generated by the data sender, and the first key pair includes a first public key and a first private key; wherein, the The first public key is the public identity information of the data sender, and the first private key is the specific identity information of the data sender;
- the identity information of the data recipient includes a second key pair generated by the data recipient, wherein the second public key contained in the second key pair is used as the public identity information of the data recipient, so The second private key included in the second key pair is used as the specific identity information of the data recipient.
- Embodiments of the present application provide a computer program product or computer program.
- the computer program product or computer program includes computer instructions, and the computer instructions are stored in a computer-readable storage medium.
- the processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the above method embodiment shown in FIG. 2 .
- the computer-readable storage medium can be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM) or a random access memory (Random Access Memory, RAM), etc.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Storage Device Security (AREA)
Abstract
本申请实施例公开了一种数据处理方法、装置、计算机设备及存储介质,其中方法包括:获取包含对象标识的目标对象数据,以及针对所述目标对象数据的加密指示信息;采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识;基于所述加密指示信息对所述目标对象数据的数据内容进行加密处理,生成所述数据内容的加密内容;将基于所述加密内容和所述伪标识生成的所述目标对象数据的加密数据发送到数据接收方,以使所述数据接收方按照所述目标对象数据的数据使用场景对所述加密数据进行解密处理,并得到相应的解密数据,可提升对象数据传输过程中的安全性。
Description
本申请要求2022年05月31日提交的申请号为202210619420.2、发明名称为“数据处理方法、装置、计算机设备及存储介质”的中国专利申请的优先权。
本申请涉及计算机技术领域,尤其涉及一种数据处理方法、装置、计算机设备及存储介质。
随着计算机技术的不断深入发展,如今已然进入大数据时代。而基于不同的业务需求,需要在不同的数据拥有方之间进行数据的跨域传输,从而保证业务的快速和有效执行。而当前在进行数据传输,特别是针对与对象(即如相应用户)相关的对象数据传输时,为了实现关于对象数据的隐私保护,如何实现对相关对象的对象数据进行有效保证,以保证相应对象数据的数据安全性已成为了当前的研究热点问题。
发明内容
本申请实施例提供了一种数据处理方法、装置、计算机设备及存储介质,可提升对象数据传输过程中的安全性。
一方面,本申请实施例提供了一种数据处理方法,包括:
获取包含对象标识的目标对象数据,以及针对所述目标对象数据的加密指示信息;
采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识;
基于所述加密指示信息对所述目标对象数据的数据内容进行加密处理,生成所述数据内容的加密内容;
将基于所述加密内容和所述伪标识生成的所述目标对象数据的加密数据发送到数据接收方,以使所述数据接收方按照所述目标对象数据的数据使用场景对所述加密数据进行解密处理,并得到相应的解密数据。
再一方面,本申请实施例提供了一种数据处理装置,包括:
获取单元,用于获取包含对象标识的目标对象数据,以及针对所述目标对象数据的加密指示信息;
处理单元,用于采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识;
所述处理单元,还用于基于所述加密指示信息对所述目标对象数据的数据内容进行加密处理,生成所述数据内容的加密内容;
所述处理单元,还用于将基于所述加密内容和所述伪标识生成的所述目标对象数据的加密数据发送到数据接收方,以使所述数据接收方按照所述目标对象数据的数据使用场景对所述加密数据进行解密处理,并得到相应的解密数据。
再一方面,本申请实施例提供了一种计算机设备,包括处理器、输入设备、输出设备和存储器,所述处理器、输入设备、输出设备和存储器相互连接,其中,所述存储器用于存储支持计算机设备执行上述方法的计算机程序,所述计算机程序包括程序指令,所述处理器被配置用于调用所述程序指令,执行如下步骤:
获取包含对象标识的目标对象数据,以及针对所述目标对象数据的加密指示信息;
采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识;
基于所述加密指示信息对所述目标对象数据的数据内容进行加密处理,生成所述数据内容的加密内容;
将基于所述加密内容和所述伪标识生成的所述目标对象数据的加密数据发送到数据接收方,以使所述数据接收方按照所述目标对象数据的数据使用场景对所述加密数据进行解密处理,并得到相应的解密数据。
再一方面,本申请实施例提供了一种计算机可读存储介质,所述计算机可读存储介质中存储有程序指令,所述程序指令被处理器执行时,所述程序指令被处理器执行时,用于执行如第一方面所述的数据处理方法。
在本申请实施例中,计算机设备在获取到包含对象标识的目标对象数据后,可基于目标对象数据的身份信息确定出关于目标对象的加密指示信息。进而计算机设备可采用该加密指示信息,并结合该目标对象数据的数据使用场景,对该目标对象数据中包含的对象数据进行去标识化处理,并得到相应的伪标识。计算机设备采用该加密指示信息,对该目标对象数据的数据内容进行加密处理,生成该数据内容的加密内容。进而计算机设备可将基于该加密内容和伪标识生成的目标对象数据的加密数据发送到数据接收方,以使该数据接收方按照相应
的数据使用场景,对该加密数据进行解密处理,并得到相应的解密数据。通过上述过程,使计算机设备实现了将去标识化过程和针对数据内容的加密传输过程的融合,形成了完整的关于对象数据的跨域传输方案。而且,由于在本申请实施例的跨域传输方案中,进行去标识化处理及对数据内容进行加密处理所需的参数信息是在前置协商过程中一次性确定出,可在保证后续进行数据传输的安全性的同时,提升后续进行处理传输的效率。且该计算机设备在对目标对象数据的数据内容进行加密处理时,加密参数均是一次性的参数,实现了针对数据内容的一次一密的加密能力。而对于对象标识层面,在实际业务使用过程中,由于数据接收方往往需要通过标识映射来进行业务逻辑的实现,也就需要较为稳定的标识映射关系,也就没有采用一次一密的映射关系。同时,为了防止长期都对该对象标识使用固定的映射关系而导致的去标识处理效果和安全性受到影响,数据发送方通过引入时间戳信息作为针对该对象标识的映射处理因子,并通过双方协商该时间戳信息的有效时长来实现对时间戳信息的固定更新,进而保证了针对该对象标识的私密性。此外,该数据发送方还引入了对该对象标识进行加密处理时的参考随机因子,以实现对不同数据使用场景下,针对该对象标识的不同加密处理需求,以进一步保证对该目标对象数据的加密安全性和传输安全性。
为了更清楚地说明本申请实施例技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1A是本申请实施例提供的一种数据处理场景的示意图;
图1B是本申请实施例提供的一种数据处理方法的整体流程图;
图2是本申请实施例提供的一种数据处理方法的示意流程图;
图3A是本申请实施例提供的一种前置协商阶段的示意图;
图3B是本申请实施例提供的一种去标识化处理阶段的示意图;
图3C是本申请实施例提供的一种数据传输阶段的示意图;
图3D是本申请实施例提供的一种标识还原的示意图;
图4是本申请实施例提供的一种数据处理装置的示意性框图;
图5是本申请实施例提供的一种计算机设备的示意性框图。
本申请实施例提出了一种数据处理方法,使计算机设备在对包含对象标识的目标对象数据进行加密处理时,可先由目标对象数据对应的数据发送方与数据接收方,分别基于该数据发送方的身份信息和数据接收方的身份信息,协商出共享秘密。共享秘密包括针对该目标对象数据的加密指示信息,以及针对该目标对象数据的解密指示信息。而由于共享秘密的生成参考了数据发送方和数据接收方双方的身份信息,也就使得基于该共享秘密对目标对象数据进行加/解密的过程,只能在相应的数据发送方和数据接收方执行,有效提升了目标对象数据的数据安全性。另外,该计算机设备在协商出共享秘密后,在基于该共享秘密中的加密指示信息对该目标对象数据进行加密处理时,将分别基于该加密指示信息对该目标对象数据包含的对象标识进行去标识化处理,以及基于该加密指示信息对目标对象数据包含的数据内容进行加密处理。而基于对该对象标识的去标识化处理,可有效保证目标对象数据对应对象标识的传输安全性。而在对该对象标识执行去标识化处理后,基于计算机设备对数据内容执行的加密处理,使计算机设备实现了对目标对象数据的去标识化处理过程和加密传输过程的融合处理,形成了完整的对象数据传输过程,有助于保证端到端的对象数据的传输安全性。在一个实施例中,该计算机设备是指在对目标对象数据加密处理的过程中,目标对象数据的数据发送方所在的设备,或者,该计算机设备也可以是在对目标对象数据进行解密的过程中,对应数据接收方所在的设备。而该计算机设备在本申请实施例中,可以是服务器也可以是智能终端。在该计算机设备为服务器时,可以是指物理服务器,或者也可以是指虚拟服务器。在该计算机设备为物理服务器的情况下,可以具体指单个的服务器,也可指多个服务器构成的服务器集群。在该计算机设备为智能终端的情况下,该智能终端可以是指智能手机、电脑、智能语音交互设备、智能家电、或车载终端等。
在一个实施例中,该目标对象数据是包含对象标识和数据内容的对象数据。该目标对象数据包含的对象标识用于指示产生相应数据内容的目标对象,可用于对该目标对象进行唯一标识。其中,该对象标识可以是该目标对象的社交账号,手机号等。而该目标对象产生的任何数据内容均可作为该目标对象数据包含的数据内容。该数据内容例如可以是该目标对象的电子资源流等数据。该目标对象数据的获取均是在已告知相应目标对象后,并从目标对象处获取到关于相应的数据内容和对象标识的获取授权后,才进行数据内容和对象标识的获取的。而在没有获取到相应授权的情况下,将不会进行数据内容和对象标识的获取操作。另外,该数据发送方和数据接收方的身份信息用于对数据发送方或数据接收方进行唯一标识。该身份信息是该数据发送方或数据接收方的身份证书,如具体可以是数据发送方或数据接收方的密钥证书等。而分别基于数据发送方的身份信息和数据接收方的身份信息协商出的共享秘密,
则是包含数据发送方的加密指示信息,以及数据接收方的解密指示信息。基于该加密指示信息加密后的目标对象数据,可采用该解密指示信息进行解密得到。因此,基于双方协商出的共享秘密可实现在数据发送方和数据接收方之间对目标对象数据的加密传输。由于在双方之间加密传输目标对象数据时所采用的加密指示信息和解密指示信息均参考了双方的身份信息,从而也就可有效保证在双方之前进行目标对象数据传输时的安全性。
基于双方协商出的共享秘密,数据发送方可基于该共享秘密中的加密指示信息对目标对象数据中包含的对象标识执行去标识化处理,以及对该目标对象数据中包含的数据内容加密处理,从而实现对目标对象数据的去标识化处理过程和内容加密过程的融合。在一个实施例中,去标识化处理是指通过对对象标识(如用户ID)进行映射处理,从而实现对该对象标识的用户ID脱敏处理,从而也就使相应的接收方通过获取到的用户信息无法准确定位到相应对象主体,也就实现了在对象数据发送过程中的准确性和安全性。
在一个实施例中,该数据发送方可以是如图1A中由10标记的计算机设备,而该数据接收方则可以是如图1A中由11标记的计算机设备中的任一个。在一个实施例中,由于目标对象数据在从数据发送方10发送到数据接收方11时,数据发送方10和不同的数据接收方协商出的共享秘密也就是不同的。对于同一个目标对象数据,在被从数据发送方10发送到不同的数据接收方时,该同一个目标对象数据中的对象标识和对象内容均被映射为不同的映射数据,也就保证了目标对象数据在数据发送方与不同数据接收方之间进行传输时的数据私密性和安全性,也避免了不同的数据接收方对接收到的相同映射数据进行推断,并确定出映射数据对应的目标对象本体的问题。
在一个实施例中,该目标对象数据在数据发送方和数据接收方之间进行传输时,可以是如图1A所示直接发送的。或者,该目标对象数据还可通过中间方进行数据转发。如在数据发送方为A设备,数据接收方为B设备,中间方为C设备的情况下,如果设备A和设备B不能直接进行数据通信,需要C设备进行数据中转时,由于对目标对象数据进行加密处理时,是采用由设备A的身份信息和设备B的身份信息协商得出的,那么,加密后的目标对象数据即使通过C设备进行中转转发,C设备由于无法获取到完整的设备A的身份信息和/或设备B的身份信息,因此,进行中转的加密后的目标对象数据在被发送到C设备后,该C设备也无法对加密后的数据进行解密,从而保证了目标对象数据在中转传输过程中的数据安全性。
数据发送方和数据接收方基于协商的共享秘密实现对目标对象数据进行传输时,主要涉及前置协商阶段、关于目标对象数据中对象标识的去标识化处理阶段、以及数据传输这三个阶段,这三个阶段之间的关系可如图1B所示。
其中,前置协商阶段的目标是通过密码学手段协商出数据发送方和数据接收方之间共享秘密所需的身份信息,并将身份信息进行分发,以用于后续的两个过程。其中,前置协商过程需要数据发送方和数据接收方两方共同参与。该前置协商过程通常只需要进行一次。在前置协商完成后,后续可以绕过前置协商的步骤,直接执行后续的去标识化处理过程及数据传输过程。在一个实施例中,关于对象标识的去标识化处理阶段则主要是根据前置协商出的双方身份信息,并辅以密码学的手段对对象标识(如用户ID)进行脱敏处理。该过程仅需要数据发送方参与。其中,在去标识化处理阶段中,在不允许数据接收方进行对象标识解码(即对象标识不可逆)的场景下,数据接收方是无法进行对象标识的解码还原的。而在允许数据接收方对该对象标识进行解码还原时,该数据接收方则基于从数据发送方获取到的相关信息实现对该对象标识的解码处理。此外,在数据传输阶段,也是需要由数据发送方和数据接收方共同参与的。数据发送方生成派生密钥,及采用该派生密钥对目标对象数据中的数据内容进行加密处理,以及将加密处理后的相关数据传输到数据接收方。数据接收方生成相应的还原密钥(解密密钥),采用生成的还原密钥进行加密数据的解密处理,并得到相应的解密数据。
下面,结合图2,对本申请实施例提及的数据处理方法进行详细说明,该数据出方法可由上述的计算机设备执行,如图2所示,该方法可包括:
S201,获取包含对象标识的目标对象数据,以及针对目标对象数据的加密指示信息。
在进行目标对象数据传输时,该计算机设备(或数据发送方)在获取到目标对象数据后,还需获取针对该目标对象数据的加密指示信息。其中,该加密指示信息是该数据发送方和目标对象数据对应的数据接收方在前置协商阶段进行协商后得到的。而在协商得到该加密指示信息时,该数据发送方可先获取数据发送方的身份信息,其中,该身份信息包含数据发送方的公共身份信息,以及数据发送方的特定身份信息。在一个实施例中,该数据发送方的公共身份信息是指需发送到数据接收方的身份信息,以使该数据接收方可基于获取到的数据发送方的公共身份信息进行解密指示信息的生成。而该数据发送方的特定身份信息则是指保存在该数据发送方本身、不进行对外公布和发送的身份信息。在一个实施例中,数据发送方获取到相应的身份信息后,还可从数据接收方获取该数据接收方的公共身份信息,其中,该数据接收方的公共身份信息是从数据接收方的身份信息中获取得到的,而该数据接收方的身份信息也包含该数据接收方的公共身份信息和该数据接收方的特定身份信息,而该数据接收方的公共身份信息也是在生成之后对外公布给数据接收方的。那么,在数据发送方获取到数据接收方的公共信息后,则可采用密钥协商算法,并基于数据发送方的身份信息,以及数据接收
方的公共身份信息生成加密指示信息。
在一个实施例中,数据发送方的身份信息可以是身份证书。例如,该数据发送方的身份信息可以是该数据发送方生成的第一密钥对。该第一密钥对包含第一公钥(记为Pa)和第一私钥(记为Sa)。其中,第一公钥为数据发送方的公共身份信息,第一私钥为数据发送方的特定身份信息。另外,数据接收方的身份信息同样也可以是数据接收方生成的第二密钥对。而第二密钥对包含的第二公钥(记为Pb)被作为数据接收方的公共身份信息,第二密钥对包含的第二私钥(记为Sb)被作为数据接收方的特定身份信息。其中,上述的数据发送方生成的第一密钥对和数据接收方生成的第二密钥对,均可以是双方基于密码学手段进行生成的。如该数据发送方和数据接收方均可采用SM2算法(密码学算法)进行密钥对的生成。那么,该数据发送方在生成该加密指示信息时,则可采用密钥协商算法结合第一公钥Pa、第一私钥Sb、以及第二公钥Pb进行加密指示信息(记为Rk)的生成。在一个实施例中,该密钥协商算法可以使用ECDH算法(基于ECC(Elliptic Curve Cryptosystems,椭圆曲线密码体制)的DH(Diffie-Hellman)密钥交换算法)。那么,在数据发送方生成的加密指示信息Rk则可如式1所示:
Rk=ECDH(Pa,Sa,Pb) 式1
Rk=ECDH(Pa,Sa,Pb) 式1
在一个实施例中,由于在后续的去标识化处理阶段,为了对目标对象的对象标识按照相应的数据使用场景(及数据接收方是否被允许解码得到对象标识的场景),采用不同的去标识化处理过程进行处理,因此,在去标识化处理的前序阶段,例如在前置协商的阶段中,数据发送方还涉及时间戳信息(记为time)的生成,以及随机秘密因子(记为random)的生成过程。其中,该时间戳信息和随机秘密因子被数据发送方作为后续进行去标识化处理的处理因子。那么,也就使得数据发送方在对对象标识执行去标识化处理时,不仅将参考双方的身份信息生成的加密指示信息,还将参考时间戳信息time和/或参考随机因子(即随机秘密因子random)进行,以进一步保证该对象标识的标识安全性。下面,结合图3A,对数据发送方和数据接收方的前置过程进行详细阐述。如图3A所示:
在步骤S301,数据发送方生成SM2密钥对(第一密钥对),包含公钥Pa(第一公钥)、私钥Sa(第一私钥)。数据接收方生成SM2密钥对(第二密钥对),包含公钥Pb(第二公钥)、私钥Sb(第二私钥)。
在步骤S302,数据发送方生成时间戳,并确定其对应的有效时长。
在步骤S303,确定接收方是否允许还原目标对象的原始对象标识,即是否允许对加密后的对象标识进行还原处理。
在步骤S304,若允许,则双方交换各自的公钥信息,且数据发送方将时间戳信息和对应的有效时长发送到数据接收方。
在步骤S305,若不允许,则由数据发送方进行随机秘密因子random的生成,以及在步骤S306,将时间戳信息、对应的有效时长和随机秘密因子random发送到数据接收方。
在前置协商过程中,主要是由目标对象数据的数据发送方和数据接收方进行后续去标识化处理阶段和数据传输阶段中所需数据的生成过程,以及对相关数据进行数据交换的过程。那么,在数据发送方在前置协商阶段生成自身的身份信息,并获取到数据接收方的公共身份信息后,则可生成相应的加密指示信息。其中,生成的加密指示信息可采用Rk进行标识。而在数据发送方生成加密指示信息后,则可实现对目标对象数据中包含的对象标识进行去标识化处理,即可转而执行步骤S202。
S202,采用加密指示信息对该对象标识进行去标识化处理,得到对象标识对应的伪标识。
在一个实施例中,计算机设备在去标识化处理阶段中,在采用加密指示信息对该目标对象数据中包含的对象标识进行去标识化处理时,可基于该目标对象数据的数据使用场景,采用不同的标识处理规则,对该对象标识执行去标识化处理。在具体实现中,该计算机设备(即数据发送方对应的设备)可先确定目标对象数据的数据使用场景。其中,该数据使用场景规定了对该对象标识进行去标识化处理时的标识处理规则。进而该计算机设备也就可按照标识处理规则,并采用加密指示信息对对象标识进行去标识化处理,得到对象标识对应的伪标识。在一个实施例中,该数据使用场景是用于描述是否支持数据接收方获取得到目标对象的原对象标识的、对该对象标识进行去标识化处理的过程,也即是对该对象标识进行加密处理的过程。那么,该数据使用场景则用于描述是否支持该数据接收方对加密后的对象标识进行解密处理。其中,该数据接收方是否被允许获取得到该目标对象的原对象标识,可以基于包含该对象标识的目标对象数据对应的使用场景进行确定。如在数据接收方需基于原始的对象标识进行对象画像分析时,则确定允许该数据接收方进行原对象标识的获取。而如果数据接收方仅需基于目标对象数据中包含的数据内容执行相应业务时,则确定不允许该数据接收方进行原对象标识的获取。
在一个实施例中,数据生成方基于数据使用场景,对相应的对象标识执行去标识化处理的过程可如图3B所示。其中,在数据发送方通过生成而获取加密指示信息Rk(步骤S310)之后,判断数据使用场景指示数据接收方是否允许(支持)进行对象标识还原(步骤S311)。如果数据使用场景指示不支持数据接收方解密得到目标对象的对象标识,那么,该数据生成方则可将生成的参考随机因子(即上述步骤S305生成的随机秘密因子random)作为对该对
象标识进行去标识化处理时的处理因子。在具体实现中,该数据生成方可在生成时间戳信息和参考随机因子random后,基于参考随机因子、加密指示信息和时间戳信息,以生成用于执行去标识化处理的第一标识处理密钥(步骤S312)。在一个实施例中,该数据发送方可采用密钥生成算法,并基于该参考随机因子random和加密指示信息Rk及时间戳信息(记为time)生成第一标识处理密钥。其中,该密钥生成算法可以是PBKDF2-SM3-HMAC算法(Password-Based Key Derivation Function-SM3Cryptographic Hash Algorithm-Hash-based Message Authentication Cod)。那么,基于该密钥生成算法生成该第一标识处理密钥(记为idkey1)的算法表达式可如式2所示。
idkey1=PBKDF2-SM3-HMAC(time,Rk,random) 式2
idkey1=PBKDF2-SM3-HMAC(time,Rk,random) 式2
基于数据发送方确定出的第一标识处理密钥,该数据发送方则可采用该第一标识处理密钥idkey1对该对象标识(记为id)进行加密处理,并将加密后的对象标识作为对象标识的伪标识(记为fakeid)(步骤S314)。数据发送方采用该第一标识处理密钥idkey1对该对象标识id进行加密处理时,也可采用相应的加密算法(如SM4算法来执行),具体可如式3所示。
fakeid=SM4(id,idkey1) 式3
fakeid=SM4(id,idkey1) 式3
在一个实施例中,如果该数据使用场景指示支持数据接收方解密得到目标对象的对象标识,那么,该数据发送方对该对象标识进行去标识化处理过程中,确定的用于执行去标识化处理的密钥若为第二标识处理密钥(记为idkey2)(步骤S313)。那么,该数据发送方在生成该第二标识处理密钥时,则可获取时间戳信息time,进而则可采用加密指示信息Rk和时间戳信息time生成用于执行去标识化处理的第二标识处理密钥,具体可如式4所示。
idkey2=PBKDF2-SM3-HMAC(time,Rk) 式4
idkey2=PBKDF2-SM3-HMAC(time,Rk) 式4
基于数据发送方确定出的第二标识处理密钥idkey2,该数据发送方采用该第二标识处理密钥idkey2对该对象标识id进行加密处理的过程可如式5所示,而加密后的对象标识则是被作为的对象标识的伪标识(步骤S314)。
fakeid=SM4(id,idkey2) 式5
fakeid=SM4(id,idkey2) 式5
由上述式2~式5可知,在数据使用场景指示不支持数据接收方对该对象标识进行解密处理时,该数据发送方在对该目标对象包含的对象标识进行加密处理时,引入了参考随机因子random作为处理因子。而在数据使用场景指示支持数据接收方对该对象标识进行解密处理时,则不会将参考随机因子random作为针该对象标识的加密处理因子,而仅将时间戳信息time和加密指示信息Rk作为针对该对象标识的加密处理因子。
进一步结合前述的前置协商阶段,由于数据发送方在前置协商阶段已将时间戳信息和加
密指示信息发送到数据接收端,那么基于对称加密处理的对称性,在数据发送方采用该时间戳信息和加密指示信息生成的第二标识处理密钥对相应的对象标识加密处理后,该数据接收方也可采用从数据发送方获取得到的时间戳信息和加密指示信息生成与第二标识密钥等同的标识解密密钥。从而也就使得该数据接收方可在数据使用场景指示支持数据接收方对该对象标识进行解密处理的情况下,成功对加密后的伪标识进行解密处理,并实现对原对象标识的获取。而在数据使用场景指示不支持数据接收方对该对象标识进行解密处理的情况下,由于数据发送方引入了参考随机因子random作为对对象标识进行加密处理的处理因子,而并未将参考随机因子random发送到数据接收端,也就使得数据接收端由于缺少参考随机因子,而无法实现对伪标识的解密还原处理。
本申请实施例不同于传统的基于固定映射实现的去标识化处理过程。本申请实施例将基于传输双方身份信息、时间戳信息、及可选的秘密因子(参考随机因子random)联合来派生出一个用于执行去标识化处理的本地密钥(为第一标识处理密钥或第二标识处理密钥),从而可通过派生出的本地密钥来加密对象标识,实现对该对象标识的去标识化处理。由于在映射算法中增加了双方身份信息,可以在算法层面给不同传输场景下建立不同的映射。另外,可选的秘密因子可以由数据发送方视应用场景来决定是否共享给接收方。当决定共享给数据接收方时,数据接收方则可以解密获得原始对象标识。当决定不共享给接收方时,数据接收方则仅获取一个完全去标识化处理后的对象标识(即伪标识),大大加强了执行去标识化处理的灵活性和安全性。
在一个实施例中,数据发送方生成的时间戳信息还被设置了有效时长。该有效时长可用于指示基于相应时间戳信息生成的标识处理密钥(包含上述的第一标识处理密钥和第二标识处理密钥)的有效时间范围。在有效时长到达时,数据发送方则可对时间戳信息进行更新处理,并采用更新后的时间戳信息对相应的标识处理密钥进行更新处理。在一个实施例中,在数据发送方更新时间戳信息之后,也可将更新后的时间戳信息发送到数据接收方,以便数据接收方在被支持解密得到目标对象的对象标识时,基于接收到的更新后的时间戳信息进行标识解密处理。基于对时间戳信息的有效时长的设置,可实现在该有效时长到达时,对针对该对象标识的加密处理因子的更新调整。而基于对该对象标识对应的加密处理因子的更新调整,可实现对该对象标识的加密映射关系的更新,也就增强了对相应对象标识执行去标识化处理的安全性。
在一个实施例中,基于为时间戳信息设置的有效时长,可在同一数据使用场景下,按照该有效时长实现对该对象标识的加密方式的调整。举例来说,在数据使用场景均是支持数据
接收方解密得到目标对象的对象标识的,而为时间戳信息设置的有效时长为1天的情况下,那么,针对同一目标对象的对象标识,在当天对该对象标识进行加密处理的处理因子所包含的时间戳信息,与第二天对该对象标识进行加密处理的处理因子所包含的时间戳信息必然不同。也就是说,基于为时间戳信息设置的有效时长,在对同一目标对象的对象标识进行加密处理时,将基于设置的有效时长实现周期性的更新调整,也就可更进一步地提升对该对象标识进行加密处理时的安全性。
基于数据发送方对加密指示信息的生成,该数据发送方还可基于该加密指示信息对目标对象的数据内容进行加密处理。在一个实施例中,该数据发送方基于加密指示信息对该对象标识执行的去标识化处理,及对该目标对象数据的数据内容执行的加密处理之间是没有先后关系的,可先后执行,也可同时执行,在本申请实施例中不做限定。
S203,基于加密指示信息对目标对象数据的数据内容进行加密处理,生成数据内容的加密内容。
在一个实施例中,数据发送方在对该目标对象数据的数据内容进行加密处理的过程可参见图3C中由虚线框出的部分。在数据发送方通过生成而获取加密指示信息Rk(步骤S320)之后,数据发送方在采用该加密指示信息对目标对象的数据内容进行加密处理时,可先通过生成进行临时随机因子(记为nonce)的获取(步骤S321)。其中,该数据发送方所获取的临时随机因子nonce为一个一次性的随机数。在采用该临时随机因子nonce对该目标对象数据的数据进行加/解密处理后,该临时随机因子nonce即失效,可以保证该目标对象数据的数据内容的安全性。另外,该临时随机因子和前置协商过程中生成的参考随机因子random是两个不同的随机数。该参考随机因子是一个非一次性的随机数。例如,该参考随机因子random是一个有效时间较长的随机数。也就是说,在数据发送方对目标对象数据的数据内容进行加密处理时,基于对一次性的临时随机因子nonce的生成,可实现一次一密的高强度端到端加密传输方法。而一次一密的加密传输可实现针对数据内容的加密密钥的每次轮换,也就能有效阻止中间方获取到该内容数据的明文,进一步保证在数据传输过程中的数据内容的安全性。
在数据发送方获取到临时随机因子后,则可基于加密指示信息和临时随机因子生成密钥参考信息secret(步骤S322)。其中,生成的密钥参考信息包含至少两个字节。在一个实施例中,数据发送方也可采用PBKDF2-SM3-HMAC算法结合该加密指示信息Rk和临时随机因子nonce生成该密钥参考信息secret,具体可如式6所示。
Secret=PBKDF2-SM3-HMAC(nonce,Rk) 式6
Secret=PBKDF2-SM3-HMAC(nonce,Rk) 式6
在一个实施例中,由于数据生成方在进行密钥参考信息secret的生成时,将基于一次性
的临时随机因子nonce进行,那么,基于该一次性的临时随机因子nonce生成的密钥参考信息secret也是一次性的。在该数据发送方获取到密钥参考信息后,则可进一步对该密钥参考信息包含的至少两个字节进行字节划分处理,分别得到初始加密向量(记为IV)及内容加密密钥(记为SK)。在具体实现中,由于该数据发送方得到的密钥参考信息一般包含了32个字节,因此,该数据发送方在基于字节划分处理,并得到初始加密向量IV和内容加密密钥SK时,可以将该密钥参考信息secret的高16字节作为初始加密向量IV的,并将该密钥参考信息secret的低16字节作为内容加密密钥SK的(步骤S323)。
在数据发送方基于密钥参考信息确定出内容加密密钥和初始加密向量后,则可采用该内容加密密钥和初始加密向量,对目标对象数据的数据内容进行加密处理,生成数据内容的加密内容(步骤S324)。在一个实施例中,若目标对象数据的数据内容被记为data,而该目标对象数据的数据内容的加密内容被记为encypted_data,那么,该数据发送方基于内容加密密钥和初始加密向量对目标对象数据的数据内容进行加密处理的表达式可如式7所示。
encypted_data=SM4_gcm(IV,Sk,data) 式7
encypted_data=SM4_gcm(IV,Sk,data) 式7
其中,SM4_gcm是一种数据加密算法。而在该数据发送方计算得到目标对象数据的加密内容encypted_data后,则可基于该加密内容encypted_data,对该目标对象数据的对象标识执行去标识化处理后生成的伪标识fakeid,以及在对数据内容进行加密过程中生成的临时随机因子nonce,生成该目标对象数据的加密数据。因此,该数据发送方生成的目标对象数据的加密数据可采用(fakeid,encypted_data,nonce)进行标识。
在该数据发送方生成该目标对象数据的加密数据后,则可将该加密数据发送到数据接收方(步骤S325),即可转而执行步骤S204。在一个实施例中,该数据发送方在将生成的加密数据发送到数据接收端时,由于被发送的数据已完成加密处理,所以,该数据发送方可直接将生成的加密数据发送到数据接收方。或者,为了仅一步保证该加密数据的数据安全性,也可基于SSL协议(Secure Sockets Layer,一种安全传输协议)实现的安全信道,将生成的加密数据发送到数据接收方,以保证传输的加密数据的安全性,从而实现对目标对象数据的安全性的进一步保障。
S204,将根据加密内容和伪标识生成的目标对象数据的加密数据发送到数据接收方,以使数据接收方按照目标对象数据的数据使用场景对加密数据进行解密处理,并得到相应的解密数据。
在数据发送方将该目标对象数据对应的加密数据发送到该数据接收方后,该数据接收方则可按照针对目标对象数据的数据使用场景,对该加密数据进行解密处理,并得到相应的解
密数据。下面,将结合图3C,对数据接收方按照数据使用场景进行加密数据的解密过程进行详细说明。
在一个实施例中,针对目标对象数据进行加密处理是采用对称加密算法进行的,那么,在对目标对象数据的加密数据进行解密处理时,数据接收方则可通过生成与加密处理过程中的加密密钥等同的解密密钥即可实现对加密数据的解密处理。在一个实施例中,该数据接收方在从数据发送方获取到加密数据(步骤S326)后,在按照数据使用场景对该加密数据进行解密处理时,该数据接收方可从数据发送方获取该数据发送方的公共身份信息。数据接收方生成的身份信息包含数据接收方的公共身份信息和数据接收方的特定身份信息。该数据接收方从数据发送方获取的相应公共身份信息可以是该数据发送方生成的第一公钥Pa。而数据接收方基于获取的第一公钥Pa,可进一步采用密钥协商算法,并基于数据发送方的公共身份信息(即第一公钥Pa)、数据接收方的身份信息生成解密指示信息Rk'(步骤S327)。其中,该数据接收方的身份信息是包含上述的由该数据接收方生成的第二密钥对中的第二公钥pb和第二私钥Sb。那么,基于对称加密算法的对称性,及前置的双方进行的密钥对协商过程,由该数据接收方生成的解密指示信息是与由数据发送方生成的加密指示信息等同的。也就是说,采用数据接收方生成的解密指示信息Rk',可实现对由数据发送方生成的加密指示信息Rk的解密处理。其中,该数据接收方生成的解密指示信息Rk'的生成同样可基于上述的密钥协商算法ECDH来实现,具体可如式8所示。
Rk'=ECDH(Pb,Sb,Pa) 式8
Rk'=ECDH(Pb,Sb,Pa) 式8
在数据接收方获取到该解密指示信息后,则可采用该解密指示信息,并按照目标对象数据的数据使用场景对加密数据进行解密处理。在一个实施例中,该数据接收方得到的解密指示信息Rk'用于对加密数据中包括的加密内容进行解密处理。那么,该数据接收方在采用解密指示信息对加密数据中的加密内容进行解密处理时,由于该目标对象数据的加密数据中包含对数据内容进行加密过程中生成的临时随机因子nonce,因此,在步骤S328中,该数据接收方可先从加密数据(fakeid,encypted_data,nonce)中提取得到临时随机因子nonce。然后则可采用临时随机因子nonce和解密指示信息Rk',生成密钥参考信息的等同信息。接着,在步骤S328中,同样基于对称加密算法的对称性,及双方的前置协商过程,该数据接收方生成与密钥参考信息secret等同的等同信息(记为secret')(步骤S328)。之后可实现对基于密钥参考信息secret进行加密后得到的加密内容进行解密处理。其中,该数据接收方生成密钥参考信息的等同信息secret'的过程可如式9所示。
Secret'=PBKDF2-SM3-HMAC(nonce,Rk') 式9
Secret'=PBKDF2-SM3-HMAC(nonce,Rk') 式9
在数据接收方确定出参考密钥信息的等同信息Secret'后,则可从等同信息包含的至少两个字节中确定出解密向量IV'和内容解密密钥Sk'(步骤S329)。然后数据接收方采用解密向量IV'和内容解密密钥Sk',对加密内容进行解密处理,得到加密内容的解密内容data'(步骤S330)。在一个实施例中,数据接收方从参考密钥信息的等同信息Secret'中确定出解密向量IV'和内容解密密钥Sk'时,同样也可以将等同信息Secret'的高16字节作为解密向量IV',并将该等同信息Secret'的低16字节作为内容解密密钥Sk'。那么,该数据接收方在采用解密向量IV'和内容解密密钥Sk'对加密内容进行解密处理的算法表达式则可如式10所示。
data'=SM4_gcm(IV',Sk',encypted_data) 式10
data'=SM4_gcm(IV',Sk',encypted_data) 式10
其中,data'是指对加密内容进行解密处理后得到的解密内容。在一般情况下,该数据解密方对加密内容进行解密处理后得到的解密内容data',与目标对象数据中包含的原数据内容data(即执行加/解密处理之前的数据内容data)是相同的。因此,在数据接收方得到加密内容对应的解密内容后,也就完成了对数据内容data的接收。
在数据接收方完成对目标对象数据的数据内容的接收后,该数据接收方可进一步基于针对目标对象数据的数据使用场景,对目标对象数据对应的对象标识进行解密处理。在一个实施例中,在步骤S331,判断数据接收方是否被允许进行对象标识还原。如果该数据接收方确定数据使用场景指示不支持数据接收方解密得到目标对象的对象标识(不允许进行对象标识还原)时,该数据接收方得到加密内容的解密内容之后,则可从加密数据中提取得到伪标识fakeid,进而则可将解密内容data'和提取得到的伪标识fakeid,作为加密数据的解密数据(步骤S332)。在另一种实现方式中,如果数据使用场景指示支持数据接收方解密得到目标对象的对象标识(允许进行对象标识还原),那么,数据接收方在得到加密内容的解密内容之后,可对加密数据中包括的伪标识fakeid进行解密处理,得到伪标识对应的解密标识(记为id')(步骤S333),从而也就可以得到解密标识的解密内容(步骤S334)。将解密标识和解密内容作为加密数据的解密数据。
下面,结合图3D,对数据接收方对加密数据中包括的伪标识进行解密处理的过程进行说明。由于数据接收方在前置协商过程中已从数据发送方获取到时间戳信息time,并已得到解密指示信息Rk'(步骤S340),那么,该数据接收方在对该加密数据中包含的伪标识fakeid进行解密处理时,则可先基于该时间戳信息time和解密指示信息Rk'生成标识解密密钥(步骤S341)。其中,该数据接收方生成标识解密密钥是与第二标识处理密钥等同的。若该标识解密密钥被记为idkey',那么生成标识解密密钥idkey'的过程可如式11所示。
idkey'=PBKDF2-SM3-HMAC(time,Rk') 式11
idkey'=PBKDF2-SM3-HMAC(time,Rk') 式11
在数据接收方得到标识解密密钥后,则可采用该标识解密密钥idkey'对加密数据中包括的伪标识进行解密处理,并得到相应的解密标识(步骤S342)。其中,得到该解密标识的表达式可如式12所示。
id'=SM4(fakeid,idkey') 式12
id'=SM4(fakeid,idkey') 式12
在一个实施例中,上述的提及的SM2、SM4、PBKDF2-SM3-HMAC等密码学算法,可被替换为同类型的密码学算法,如可替换为sha256算法(Secure Hash Algorithm 256)、aes算法(Advanced Encryption Standard)、pbkdf2-sha256-hmac算法(又一种密码学算法)中的任意一种或多种。基于对称加密算法的特性,为了保证数据接收方成功计算出每个与加密过程中的加密密钥等同的解密密钥,对相同数据执行的加密处理和解密处理过程中,所采用的密码学算法是相同的。如在对该目标对象数据中的对象标识进行加密处理时所采用的加密算法包括SM2算法,那么,数据接收方在对加密后的伪标识进行解密处理时采用的解密算法也必然包含SM2算法。
在本申请实施例中,计算机设备在获取到包含对象标识的目标对象数据后,可基于目标对象数据的身份信息确定出关于目标对象的加密指示信息。进而计算机设备可采用该加密指示信息,并结合该目标对象数据的数据使用场景,对该目标对象数据中包含的对象数据进行去标识化处理,并得到相应的伪标识。计算机设备采用该加密指示信息,对该目标对象数据的数据内容进行加密处理,生成该数据内容的加密内容。进而计算机设备可将基于该加密内容和伪标识生成的目标对象数据的加密数据发送到数据接收方,以使该数据接收方按照相应的数据使用场景,对该加密数据进行解密处理,并得到相应的解密数据。通过上述过程,使计算机设备实现了将去标识化过程和针对数据内容的加密传输过程的融合,形成了完整的关于对象数据的跨域传输方案。而且,由于在本申请实施例的跨域传输方案中,进行去标识化处理及对数据内容进行加密处理所需的参数信息是在前置协商过程中一次性确定出,可在保证后续进行数据传输的安全性的同时,提升后续进行处理传输的效率。且该计算机设备在对目标对象数据的数据内容进行加密处理时,加密参数均是一次性的参数,实现了针对数据内容的一次一密的加密能力。而对于对象标识层面,在实际业务使用过程中,由于数据接收方往往需要通过标识映射来进行业务逻辑的实现,也就需要较为稳定的标识映射关系,也就没有采用一次一密的映射关系。同时,为了防止长期都对该对象标识使用固定的映射关系而导致的去标识处理效果和安全性受到影响,数据发送方通过引入时间戳信息作为针对该对象标识的映射处理因子,并通过双方协商该时间戳信息的有效时长来实现对时间戳信息的固定更
新,进而保证了针对该对象标识的私密性。此外,该数据发送方还引入了对该对象标识进行加密处理时的参考随机因子random,以实现对不同数据使用场景下,针对该对象标识的不同加密处理需求,以进一步保证对该目标对象数据的加密安全性和传输安全性。
基于上述数据处理方法实施例的描述,本申请实施例还提出了一种数据处理装置,该数据处理装置可以是运行于上述计算机设备中的一个计算机程序(包括程序代码)。该数据处理装置可用于执行如图2所述的数据处理方法。请参见图4,该数据处理装置包括:获取单元401和处理单元402。
获取单元401用于获取包含对象标识的目标对象数据,以及针对所述目标对象数据的加密指示信息。
处理单元402用于采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识。
所述处理单元402还用于基于所述加密指示信息对所述目标对象数据的数据内容进行加密处理,生成所述数据内容的加密内容。
所述处理单元402还用于将基于所述加密内容和所述伪标识生成的所述目标对象数据的加密数据发送到数据接收方,以使所述数据接收方按照所述目标对象数据的数据使用场景对所述加密数据进行解密处理,并得到相应的解密数据。
在一个实施例中,所述处理单元402,具体用于:
确定所述目标对象数据的数据使用场景,所述数据使用场景用于规定对所述对象标识进行去标识化处理时的标识处理规则;
按照所述标识处理规则,并采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识。
在一个实施例中,所述加密指示信息是所述目标对象数据的数据发送方与所述数据接收方进行协商处理后得到的,所述处理单元402,具体用于:
获取所述数据发送方的身份信息,所述身份信息包含数据发送方的公共身份信息,以及数据发送方的特定身份信息;
从数据接收方获取所述数据接收方的公共身份信息,所述数据接收方的公共身份信息是从所述数据接收方的身份信息中获取得到的;
采用密钥协商算法,并基于所述数据发送方的身份信息,以及所述数据接收方的公共身份信息生成所述加密指示信息。
在一个实施例中,若所述数据使用场景指示不支持数据接收方解密得到所述目标对象的
对象标识;所述处理单元402,具体用于:
生成时间戳信息和参考随机因子;
基于所述参考随机因子、所述加密指示信息和所述时间戳信息生成用于执行去标识化处理的第一标识处理密钥;
采用所述第一标识处理密钥对所述对象标识进行加密处理,并将加密后的对象标识作为所述对象标识的伪标识。
在一个实施例中,若所述数据使用场景指示支持数据接收方解密得到所述目标对象的对象标识;所述处理单元402,具体用于:
生成时间戳信息,并采用所述加密指示信息和所述时间戳信息生成用于执行去标识化处理的第二标识处理密钥;
基于所述第二标识处理密钥对所述对象标识进行加密处理,并将加密后的对象标识作为所述对象标识的伪标识。
在一个实施例中,时间戳信息被设置了有效时长,所述有效时长用于指示基于相应时间戳信息生成的标识处理密钥的有效时间范围,所述处理单元402,具体用于:
当所述有效时长到达时,对所述时间戳信息进行更新处理,并采用更新后的时间戳信息对相应的标识处理密钥进行更新处理;
其中,更新后的时间戳信息被发送到所述数据接收方,以便所述数据接收方在被支持解密得到所述目标对象的对象标识时,基于接收到的时间戳信息进行标识解密处理。
在一个实施例中,所述处理单元402,具体用于:
生成临时随机因子,并基于所述加密指示信息和所述临时随机因子生成密钥参考信息,所述密钥参考信息包含至少两个字节;
对所述密钥参考信息包含的至少两个字节进行字节划分处理,并分别得到初始加密向量及内容加密密钥;
采用所述内容加密密钥和所述初始加密向量,对所述目标对象数据的数据内容进行加密处理,生成所述数据内容的加密内容。
在一个实施例中,所述获取单元401,还用于获取在对所述数据内容进行加密过程中生成的临时随机因子;
所述处理单元402,还用于基于所述加密内容、所述伪标识和所述临时随机因子,生成所述目标对象数据的加密数据。
在一个实施例中,所述数据接收方按照所述目标对象数据的数据使用场景对所述加密数
据进行解密处理的方式包括:
所述数据接收方从所述数据发送方获取所述数据发送方的公共身份信息,所述数据接收方生成的身份信息包含所述数据接收方的公共身份信息和所述数据接收方的特定身份信息;
所述数据接收方采用密钥协商算法,并基于所述数据发送方的公共身份信息、数据接收方的身份信息生成解密指示信息,其中,所述解密指示信息与所述加密指示信息等同;
所述数据接收方采用所述解密指示信息,并按照所述目标对象数据的数据使用场景对所述加密数据进行解密处理。
在一个实施例中,所述解密指示信息被所述数据接收方用于对所述加密数据中包括的加密内容进行解密处理的,所述目标对象数据的加密数据还包括:对所述数据内容进行加密过程中生成的临时随机因子,所述数据接收方采用所述解密指示信息对所述加密数据中的加密内容进行解密处理的方式包括:
所述数据接收方从所述加密数据中提取得到临时随机因子;
所述数据接收方采用所述临时随机因子和所述解密指示信息,生成密钥参考信息的等同信息,并从所述等同信息包含的至少两个字节中确定出解密向量和内容解密密钥;
所述数据接收方采用所述解密向量和所述内容解密密钥,对所述加密内容进行解密处理,得到所述加密内容的解密内容。
在一个实施例中,在所述数据使用场景指示不支持数据接收方解密得到所述目标对象的对象标识时,所述所述数据接收方得到所述加密内容的解密内容之后,
所述数据接收方从所述加密数据中提取得到伪标识,并将所述解密内容和提取得到的伪标识,作为所述加密数据的解密数据。
在一个实施例中,在所述数据使用场景指示支持数据接收方解密得到所述目标对象的对象标识时,所述所述数据接收方得到所述加密内容的解密内容之后,
所述数据接收方对所述加密数据中包括的伪标识进行解密处理,得到所述伪标识对应的解密标识;
所述数据接收方将所述加密标识和所述解密内容作为所述加密数据的解密数据。
在一个实施例中,所述数据接收方对所述加密数据中包括的伪标识进行解密处理的方式包括:
所述数据接收方从所述数据发送方获取时间戳信息,并采用所述时间戳信息和所述解密指示信息生成标识解密密钥;
所述数据接收方采用所述标识解密密钥对所述加密数据中包括的伪标识进行解密处理。
在一个实施例中,所述数据发送方的身份信息包括所述数据发送方生成的第一密钥对,所述第一密钥对包含第一公钥和第一私钥;其中,所述第一公钥为所述数据发送方的公共身份信息,所述第一私钥为所述数据发送方的特定身份信息;
所述数据接收方的身份信息包括所述数据接收方生成的第二密钥对,其中,所述第二密钥对包含的第二公钥被作为所述数据接收方的公共身份信息,所述第二密钥对包含的第二私钥被作为所述数据接收方的特定身份信息。
在本申请实施例中,在获取单元401获取到包含对象标识的目标对象数据后,处理单元402可基于目标对象数据的身份信息确定出关于目标对象的加密指示信息。进而处理单元402可采用该加密指示信息,并结合该目标对象数据的数据使用场景,对该目标对象数据中包含的对象数据进行去标识化处理,并得到相应的伪标识。处理单元402可采用该加密指示信息,对该目标对象数据的数据内容进行加密处理,生成该数据内容的加密内容。进而处理单元402可将基于该加密内容和伪标识生成的目标对象数据的加密数据发送到数据接收方,以使该数据接收方按照相应的数据使用场景,对该加密数据进行解密处理,并得到相应的解密数据。通过上述过程,实现了将去标识化出过程和针对数据内容的加密传输过程的融合,形成了完整的关于对象数据的跨域传输方案。而且,由于在本申请实施例的跨域传输方案中,进行去标识化处理及对数据内容进行加密处理所需的参数信息是在前置协商过程中一次性确定出,可在保证后续进行数据传输的安全性的同时,提升后续进行处理传输的效率。且在对目标对象数据的数据内容进行加密处理时,因此的加密参数均是一次性的参数,实现了针对数据内容的一次一密的加密能力。而对于对象标识层面,在实际业务使用过程中,由于数据接收方往往需要通过标识映射来进行业务逻辑的实现,也就需要较为稳定的标识映射关系,也就没有采用一次一密的映射关系。同时,为了防止长期都对该对象标识使用固定的映射关系而导致的去标识处理效果和安全性受到影响,数据发送方通过引入时间戳信息作为针对该对象标识的映射处理因子,并通过双方协商该时间戳信息的有效时长来实现对时间戳信息的固定更新,进而保证了针对该对象标识的私密性。此外,该数据发送方还引入了对该对象标识进行加密处理时的参考随机因子,以实现对不同数据使用场景下,针对该对象标识的不同加密处理需求,以进一步保证对该目标对象数据的加密安全性和传输安全性。
请参见图5,是本申请实施例提供的一种计算机设备的结构示意性框图。如图5所示的本实施例中的计算机设备可包括:一个或多个处理器501;一个或多个输入设备502,一个或多个输出设备503和存储器504。上述处理器501、输入设备502、输出设备503和存储器504
通过总线505连接。存储器504用于存储计算机程序,所述计算机程序包括程序指令,处理器501用于执行所述存储器504存储的程序指令。
所述存储器504可以包括易失性存储器(volatile memory),如随机存取存储器(random-access memory,RAM)。存储器504也可以包括非易失性存储器(non-volatile memory),如快闪存储器(flash memory),固态硬盘(solid-state drive,SSD)等。存储器504还可以包括上述种类的存储器的组合。
所述处理器501可以是中央处理器(central processing unit,CPU)。所述处理器501还可以进一步包括硬件芯片。上述硬件芯片可以是专用集成电路(application-specific integrated circuit,ASIC),可编程逻辑器件(programmable logic device,PLD)等。该PLD可以是现场可编程逻辑门阵列(field-programmable gate array,FPGA),通用阵列逻辑(generic array logic,GAL)等。所述处理器501也可以为上述结构的组合。
本申请实施例中,所述存储器504用于存储计算机程序,所述计算机程序包括程序指令。处理器501用于执行存储器504存储的程序指令,用来实现上述如图2中相应方法的步骤。
在一个实施例中,所述处理器501被配置调用所述程序指令,用于执行:
获取包含对象标识的目标对象数据,以及针对所述目标对象数据的加密指示信息;
采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识;
基于所述加密指示信息对所述目标对象数据的数据内容进行加密处理,生成所述数据内容的加密内容;
将基于所述加密内容和所述伪标识生成的所述目标对象数据的加密数据发送到数据接收方,以使所述数据接收方按照所述目标对象数据的数据使用场景对所述加密数据进行解密处理,并得到相应的解密数据。
在一个实施例中,所述处理器501被配置调用所述程序指令,用于执行:
获取所述目标对象数据的数据使用场景;所述数据使用场景用于规定对所述对象标识进行去标识化处理时的标识处理规则;
按照所述标识处理规则,并采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识。
在一个实施例中,所述加密指示信息是所述目标对象数据的数据发送方与所述数据接收方进行协商处理后得到的,所述处理器501被配置调用所述程序指令,用于执行:
获取所述数据发送方的身份信息,所述身份信息包含数据发送方的公共身份信息,以及
数据发送方的特定身份信息;
从数据接收方获取所述数据接收方的公共身份信息,所述数据接收方的公共身份信息是从所述数据接收方的身份信息中获取得到的;
采用密钥协商算法,并基于所述数据发送方的身份信息,以及所述数据接收方的公共身份信息生成所述加密指示信息。
在一个实施例中,若所述数据使用场景指示不支持数据接收方解密得到所述目标对象的对象标识;所述处理器501被配置调用所述程序指令,用于执行:
获取时间戳信息和参考随机因子;
基于所述参考随机因子,所述加密指示信息和所述时间戳信息生成用于执行去标识化处理的第一标识处理密钥;
采用所述第一标识处理密钥对所述对象标识进行加密处理,并将加密后的对象标识作为所述对象标识的伪标识。
在一个实施例中,若所述数据使用场景指示支持数据接收方解密得到所述目标对象的对象标识;所述处理器501被配置调用所述程序指令,用于执行:
获取时间戳信息,并采用所述加密指示信息和所述时间戳信息生成用于执行去标识化处理的第二标识处理密钥;
基于所述第二标识处理密钥对所述对象标识进行加密处理,并将加密后的对象标识作为所述对象标识的伪标识。
在一个实施例中,时间戳信息被设置了有效时长,所述有效时长用于指示基于相应时间戳信息生成的标识处理密钥的有效时间范围;所述处理器501被配置调用所述程序指令,用于执行:
当所述有效时长到达时,对所述时间戳信息进行更新处理,并采用更新后的时间戳信息对相应的标识处理密钥进行更新处理;
其中,更新后的时间戳信息被发送到所述数据接收方,以便所述数据接收方在被支持解密得到所述目标对象的对象标识时,基于接收到的时间戳信息进行标识解密处理。
在一个实施例中,所述处理器501被配置调用所述程序指令,用于执行:
获取临时随机因子,并基于所述加密指示信息和所述临时随机因子生成密钥参考信息,所述密钥参考信息包含至少两个字节;
对所述密钥参考信息包含的至少两个字节进行字节划分处理,并分别得到初始加密向量及内容加密密钥;
采用所述内容加密密钥和所述初始加密向量,对所述目标对象数据的数据内容进行加密处理,生成所述数据内容的加密内容。
在一个实施例中,所述处理器501被配置调用所述程序指令,用于执行:
获取在对所述数据内容进行加密过程中生成的临时随机因子;
基于所述加密内容、所述伪标识和所述临时随机因子,生成所述目标对象数据的加密数据。
在一个实施例中,所述数据接收方按照所述目标对象数据的数据使用场景对所述加密数据进行解密处理的方式包括:
所述数据接收方从所述数据发送方获取所述数据发送方的公共身份信息,所述数据接收方生成的身份信息包含所述数据接收方的公共身份信息和所述数据接收方的特定身份信息;
所述数据接收方采用密钥协商算法,并基于所述数据发送方的公共身份信息、数据接收方的身份信息生成解密指示信息;其中,所述解密指示信息与所述加密指示信息等同;
所述数据接收方采用所述解密指示信息,并按照所述目标对象数据的数据使用场景对所述加密数据进行解密处理。
在一个实施例中,所述解密指示信息被所述数据接收方用于对所述加密数据中包括的加密内容进行解密处理的,所述目标对象数据的加密数据还包括:对所述数据内容进行加密过程中生成的临时随机因子;所述数据接收方采用所述解密指示信息对所述加密数据中的加密内容进行解密处理的方式包括:
所述数据接收方从所述加密数据中提取得到临时随机因子;
所述数据接收方采用所述临时随机因子和所述解密指示信息,生成密钥参考信息的等同信息,并从所述等同信息包含的至少两个字节中确定出解密向量和内容解密密钥;
所述数据接收方采用所述解密向量和所述内容解密密钥,对所述加密内容进行解密处理,得到所述加密内容的解密内容。
在一个实施例中,在所述数据使用场景指示不支持数据接收方解密得到所述目标对象的对象标识时,所述所述数据接收方得到所述加密内容的解密内容之后,
所述数据接收方从所述加密数据中提取得到伪标识,并将所述解密内容和提取得到的伪标识,作为所述加密数据的解密数据。
在一个实施例中,在所述数据使用场景指示支持数据接收方解密得到所述目标对象的对象标识时,所述所述数据接收方得到所述加密内容的解密内容之后,
所述数据接收方对所述加密数据中包括的伪标识进行解密处理,得到所述伪标识对应的
解密标识;
所述数据接收方将所述加密标识和所述解密内容作为所述加密数据的解密数据。
在一个实施例中,所述数据接收方对所述加密数据中包括的伪标识进行解密处理的方式包括:
所述数据接收方从所述数据发送方获取时间戳信息,并采用所述时间戳信息和所述解密指示信息生成标识解密密钥;
所述数据接收方采用所述标识解密密钥对所述加密数据中包括的伪标识进行解密处理。
在一个实施例中,所述数据发送方的身份信息包括所述数据发送方生成的第一密钥对,所述第一密钥对包含第一公钥和第一私钥;其中,所述第一公钥为所述数据发送方的公共身份信息,所述第一私钥为所述数据发送方的特定身份信息;
所述数据接收方的身份信息包括所述数据接收方生成的第二密钥对,其中,所述第二密钥对包含的第二公钥被作为所述数据接收方的公共身份信息,所述第二密钥对包含的第二私钥被作为所述数据接收方的特定身份信息。
本申请实施例提供了一种计算机程序产品或计算机程序,该计算机程序产品或计算机程序包括计算机指令,该计算机指令存储在计算机可读存储介质中。计算机设备的处理器从计算机可读存储介质读取该计算机指令,处理器执行该计算机指令,使得该计算机设备执行上述如图2所示的方法实施例。其中,所述的计算机可读存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。
以上所揭露的仅为本发明的局部实施例而已,当然不能以此来限定本发明之权利范围,本领域普通技术人员可以理解实现上述实施例的全部或局部流程,并依本发明权利要求所作的等同变化,仍属于发明所涵盖的范围。
Claims (17)
- 一种数据处理方法,其特征在于,包括:获取包含对象标识的目标对象数据,以及针对所述目标对象数据的加密指示信息;采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识;基于所述加密指示信息对所述目标对象数据的数据内容进行加密处理,生成所述数据内容的加密内容;将基于所述加密内容和所述伪标识生成的所述目标对象数据的加密数据发送到数据接收方,以使所述数据接收方按照所述目标对象数据的数据使用场景对所述加密数据进行解密处理,并得到相应的解密数据。
- 如权利要求1所述的方法,其特征在于,所述采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识,包括:确定所述目标对象数据的数据使用场景,其中,所述数据使用场景用于规定对所述对象标识进行去标识化处理时的标识处理规则;按照所述标识处理规则,并采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识。
- 如权利要求1所述的方法,其特征在于,所述加密指示信息是所述目标对象数据的数据发送方与所述数据接收方进行协商处理后得到的,其中,协商得到所述加密指示信息的方式包括:获取所述数据发送方的身份信息,所述身份信息包含数据发送方的公共身份信息,以及数据发送方的特定身份信息;从数据接收方获取所述数据接收方的公共身份信息,所述数据接收方的公共身份信息是从所述数据接收方的身份信息中获取得到的;采用密钥协商算法,并基于所述数据发送方的身份信息,以及所述数据接收方的公共身份信息生成所述加密指示信息。
- 如权利要求2所述的方法,其特征在于,若所述数据使用场景指示不支持数据接收方解密得到所述目标对象的对象标识,则所述按照所述标识处理规则,并采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识,包括:生成时间戳信息和参考随机因子;基于所述参考随机因子、所述加密指示信息和所述时间戳信息生成用于执行去标识化处 理的第一标识处理密钥;采用所述第一标识处理密钥对所述对象标识进行加密处理,并将加密后的对象标识作为所述对象标识的伪标识。
- 如权利要求2所述的方法,其特征在于,若所述数据使用场景指示支持数据接收方解密得到所述目标对象的对象标识,则所述按照所述标识处理规则,并采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识,包括:生成时间戳信息,并采用所述加密指示信息和所述时间戳信息生成用于执行去标识化处理的第二标识处理密钥;基于所述第二标识处理密钥对所述对象标识进行加密处理,并将加密后的对象标识作为所述对象标识的伪标识。
- 如权利要求4或5所述的方法,其特征在于,时间戳信息被设置了有效时长,所述有效时长用于指示基于相应时间戳信息生成的标识处理密钥的有效时间范围,所述方法还包括:当所述有效时长到达时,对所述时间戳信息进行更新处理,并采用更新后的时间戳信息对相应的标识处理密钥进行更新处理;其中,更新后的时间戳信息被发送到所述数据接收方,以便所述数据接收方在被支持解密得到所述目标对象的对象标识时,基于接收到的时间戳信息进行标识解密处理。
- 如权利要求1所述的方法,其特征在于,所述基于所述加密指示信息对所述目标对象数据的数据内容进行加密处理,生成所述数据内容的加密内容,包括:生成临时随机因子,并基于所述加密指示信息和所述临时随机因子生成密钥参考信息,所述密钥参考信息包含至少两个字节;对所述密钥参考信息包含的至少两个字节进行字节划分处理,分别得到初始加密向量及内容加密密钥;采用所述内容加密密钥和所述初始加密向量,对所述目标对象数据的数据内容进行加密处理,生成所述数据内容的加密内容。
- 如权利要求1所述的方法,其特征在于,所述方法还包括:获取在对所述数据内容进行加密过程中生成的临时随机因子;基于所述加密内容、所述伪标识和所述临时随机因子,生成所述目标对象数据的加密数据。
- 如权利要求1所述的方法,其特征在于,所述数据接收方按照所述目标对象数据的数据使用场景对所述加密数据进行解密处理的方式包括:所述数据接收方从所述数据发送方获取所述数据发送方的公共身份信息,所述数据接收方生成的身份信息包含所述数据接收方的公共身份信息和所述数据接收方的特定身份信息;所述数据接收方采用密钥协商算法,并基于所述数据发送方的公共身份信息、数据接收方的身份信息生成解密指示信息,其中,所述解密指示信息与所述加密指示信息等同;所述数据接收方采用所述解密指示信息,并按照所述目标对象数据的数据使用场景对所述加密数据进行解密处理。
- 如权利要求9所述的方法,其特征在于,所述解密指示信息被所述数据接收方用于对所述加密数据中包括的加密内容进行解密处理,所述目标对象数据的加密数据还包括:在对所述数据内容进行加密过程中生成的临时随机因子,所述数据接收方采用所述解密指示信息对所述加密数据中的加密内容进行解密处理的方式包括:所述数据接收方从所述加密数据中提取得到临时随机因子;所述数据接收方采用所述临时随机因子和所述解密指示信息,生成密钥参考信息的等同信息,并从所述等同信息包含的至少两个字节中确定出解密向量和内容解密密钥;所述数据接收方采用所述解密向量和所述内容解密密钥,对所述加密内容进行解密处理,得到所述加密内容的解密内容。
- 如权利要求10所述的方法,其特征在于,在所述数据使用场景指示不支持数据接收方解密得到所述目标对象的对象标识时,所述所述数据接收方得到所述加密内容的解密内容之后,所述数据接收方从所述加密数据中提取得到伪标识,并将所述解密内容和提取得到的伪标识,作为所述加密数据的解密数据。
- 如权利要求10所述的方法,其特征在于,在所述数据使用场景指示支持数据接收方解密得到所述目标对象的对象标识时,所述所述数据接收方得到所述加密内容的解密内容之后,所述数据接收方对所述加密数据中包括的伪标识进行解密处理,得到所述伪标识对应的解密标识;所述数据接收方将所述加密标识和所述解密内容作为所述加密数据的解密数据。
- 如权利要求12所述的方法,其特征在于,所述数据接收方对所述加密数据中包括的伪标识进行解密处理的方式包括:所述数据接收方从所述数据发送方获取时间戳信息,并采用所述时间戳信息和所述解密指示信息生成标识解密密钥;所述数据接收方采用所述标识解密密钥对所述加密数据中包括的伪标识进行解密处理。
- 如权利要求3或9所述的方法,其特征在于,所述数据发送方的身份信息包括所述数据发送方生成的第一密钥对,所述第一密钥对包含第一公钥和第一私钥,其中,所述第一公钥为所述数据发送方的公共身份信息,所述第一私钥为所述数据发送方的特定身份信息;所述数据接收方的身份信息包括所述数据接收方生成的第二密钥对,其中,所述第二密钥对包含的第二公钥被作为所述数据接收方的公共身份信息,所述第二密钥对包含的第二私钥被作为所述数据接收方的特定身份信息。
- 一种数据处理装置,其特征在于,包括:获取单元,用于获取包含对象标识的目标对象数据,以及针对所述目标对象数据的加密指示信息;处理单元,用于采用所述加密指示信息对所述对象标识进行去标识化处理,得到所述对象标识对应的伪标识;所述处理单元,还用于基于所述加密指示信息对所述目标对象数据的数据内容进行加密处理,生成所述数据内容的加密内容;所述处理单元,还用于将基于所述加密内容和所述伪标识生成的所述目标对象数据的加密数据发送到数据接收方,以使所述数据接收方按照所述目标对象数据的数据使用场景对所述加密数据进行解密处理,并得到相应的解密数据。
- 一种计算机设备,其特征在于,包括处理器、输入设备、输出设备和存储器,所述处理器、所述输入设备、所述输出设备和所述存储器相互连接,其中,所述存储器用于存储计算机程序,所述计算机程序包括程序指令,所述处理器被配置用于调用所述程序指令,执行如权利要求1~14任一项所述的方法。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行如权利要求1~14任一项所述的方法。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US18/752,578 US20240348588A1 (en) | 2022-05-31 | 2024-06-24 | Data processing method and apparatus, computer device, and storage medium |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210619420.2 | 2022-05-31 | ||
CN202210619420.2A CN115118458B (zh) | 2022-05-31 | 2022-05-31 | 数据处理方法、装置、计算机设备及存储介质 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/752,578 Continuation US20240348588A1 (en) | 2022-05-31 | 2024-06-24 | Data processing method and apparatus, computer device, and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023231817A1 true WO2023231817A1 (zh) | 2023-12-07 |
Family
ID=83325733
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2023/095501 WO2023231817A1 (zh) | 2022-05-31 | 2023-05-22 | 数据处理方法、装置、计算机设备及存储介质 |
Country Status (3)
Country | Link |
---|---|
US (1) | US20240348588A1 (zh) |
CN (1) | CN115118458B (zh) |
WO (1) | WO2023231817A1 (zh) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115118458B (zh) * | 2022-05-31 | 2024-04-19 | 腾讯科技(深圳)有限公司 | 数据处理方法、装置、计算机设备及存储介质 |
CN118041695A (zh) * | 2024-04-11 | 2024-05-14 | 腾讯科技(深圳)有限公司 | 信息交互方法、装置、电子设备、存储介质及程序产品 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113282959A (zh) * | 2021-06-09 | 2021-08-20 | 支付宝(杭州)信息技术有限公司 | 业务数据处理方法、装置及电子设备 |
CN113704816A (zh) * | 2021-08-05 | 2021-11-26 | 绿盟科技集团股份有限公司 | 一种数据脱敏的方法、装置及存储介质 |
WO2022022009A1 (zh) * | 2020-07-28 | 2022-02-03 | 百果园技术(新加坡)有限公司 | 消息处理方法、装置、设备及存储介质 |
CN114491637A (zh) * | 2022-01-28 | 2022-05-13 | 腾讯科技(深圳)有限公司 | 数据查询方法、装置、计算机设备和存储介质 |
CN115118458A (zh) * | 2022-05-31 | 2022-09-27 | 腾讯科技(深圳)有限公司 | 数据处理方法、装置、计算机设备及存储介质 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102014100173B4 (de) * | 2014-01-09 | 2017-12-14 | Kobil Systems Gmbh | Verfahren zum geschützten Übermitteln eines Datenobjekts |
KR101784265B1 (ko) * | 2016-06-09 | 2017-10-12 | 주식회사 그리즐리 | 빅데이터의 비식별화 처리 방법 |
CN111460475B (zh) * | 2020-03-27 | 2023-04-25 | 公安部第三研究所 | 基于云服务实现数据对象主体去标识化处理的方法 |
CN111756777B (zh) * | 2020-08-28 | 2020-11-17 | 腾讯科技(深圳)有限公司 | 数据传输方法、数据处理设备、装置及计算机存储介质 |
CN113904832B (zh) * | 2021-09-30 | 2023-10-17 | 平安银行股份有限公司 | 数据加密方法、装置、设备及存储介质 |
CN114428973A (zh) * | 2022-01-25 | 2022-05-03 | 北京星河卓越科技有限公司 | 去标识化的信息传输方法、装置、设备和计算机可读介质 |
-
2022
- 2022-05-31 CN CN202210619420.2A patent/CN115118458B/zh active Active
-
2023
- 2023-05-22 WO PCT/CN2023/095501 patent/WO2023231817A1/zh active Application Filing
-
2024
- 2024-06-24 US US18/752,578 patent/US20240348588A1/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022022009A1 (zh) * | 2020-07-28 | 2022-02-03 | 百果园技术(新加坡)有限公司 | 消息处理方法、装置、设备及存储介质 |
CN113282959A (zh) * | 2021-06-09 | 2021-08-20 | 支付宝(杭州)信息技术有限公司 | 业务数据处理方法、装置及电子设备 |
CN113704816A (zh) * | 2021-08-05 | 2021-11-26 | 绿盟科技集团股份有限公司 | 一种数据脱敏的方法、装置及存储介质 |
CN114491637A (zh) * | 2022-01-28 | 2022-05-13 | 腾讯科技(深圳)有限公司 | 数据查询方法、装置、计算机设备和存储介质 |
CN115118458A (zh) * | 2022-05-31 | 2022-09-27 | 腾讯科技(深圳)有限公司 | 数据处理方法、装置、计算机设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN115118458A (zh) | 2022-09-27 |
CN115118458B (zh) | 2024-04-19 |
US20240348588A1 (en) | 2024-10-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6844908B2 (ja) | セキュアセッションの確立と暗号化データ交換のためのコンピュータ利用システム及びコンピュータ利用方法 | |
US10050955B2 (en) | Efficient start-up for secured connections and related services | |
US11101999B2 (en) | Two-way handshake for key establishment for secure communications | |
US9887838B2 (en) | Method and device for secure communications over a network using a hardware security engine | |
WO2017032242A1 (zh) | 密钥生成方法及装置 | |
WO2023231817A1 (zh) | 数据处理方法、装置、计算机设备及存储介质 | |
US11736304B2 (en) | Secure authentication of remote equipment | |
US12010216B2 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
CN111756529B (zh) | 一种量子会话密钥分发方法及系统 | |
CN114513327B (zh) | 一种基于区块链的物联网隐私数据快速共享方法 | |
US11528127B2 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
TW201537937A (zh) | 統一身份認證平臺及認證方法 | |
JP2012100206A (ja) | 暗号通信中継システム、暗号通信中継方法および暗号通信中継用プログラム | |
WO2020042023A1 (zh) | 一种即时通信的数据加密方法及装置 | |
CN113708928B (zh) | 一种边缘云通信方法及相关装置 | |
CN111404670A (zh) | 一种密钥生成方法、ue及网络设备 | |
JP2009065226A (ja) | 認証付鍵交換システム、認証付鍵交換方法およびプログラム | |
CN114050897A (zh) | 一种基于sm9的异步密钥协商方法及装置 | |
CN108462677A (zh) | 一种文件加密方法及系统 | |
Gupta et al. | Security mechanisms of Internet of things (IoT) for reliable communication: a comparative review | |
CN115694997B (zh) | 一种物联网智能网关系统 | |
JP2023138927A (ja) | データファイル送信及びデータファイルへのアクセス権を管理するためのシステム及び方法 | |
CN115514473A (zh) | 数据安全通信的方法、系统、设备及存储介质 | |
CN113726507A (zh) | 数据传输方法、系统、装置及存储介质 | |
KR20110080100A (ko) | 음성 특징에 기반한 암호키를 이용하여 음성 데이터 패킷을 송수신하기 위한 방법 및 장치 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 23815001 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2023815001 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2023815001 Country of ref document: EP Effective date: 20240829 |