WO2023241142A1 - Procédé et appareil de traitement de données, support de stockage et dispositif électronique - Google Patents

Procédé et appareil de traitement de données, support de stockage et dispositif électronique Download PDF

Info

Publication number
WO2023241142A1
WO2023241142A1 PCT/CN2023/081839 CN2023081839W WO2023241142A1 WO 2023241142 A1 WO2023241142 A1 WO 2023241142A1 CN 2023081839 W CN2023081839 W CN 2023081839W WO 2023241142 A1 WO2023241142 A1 WO 2023241142A1
Authority
WO
WIPO (PCT)
Prior art keywords
computing platform
data
data processing
project
ciphertext
Prior art date
Application number
PCT/CN2023/081839
Other languages
English (en)
Chinese (zh)
Inventor
陈南烨
杜师帅
张钧波
郑宇�
Original Assignee
京东城市(北京)数字科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 京东城市(北京)数字科技有限公司 filed Critical 京东城市(北京)数字科技有限公司
Publication of WO2023241142A1 publication Critical patent/WO2023241142A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Definitions

  • This application relates to the field of information security technology, and in particular to a data processing method and device, storage media and electronic equipment.
  • This application provides a data processing method and device, storage media and electronic equipment, aiming to solve the problems of user privacy leakage, non-compliance in data use and other risks existing in existing solutions.
  • a data processing method, applied to a trusted third-party platform, the method includes:
  • the query request includes at least a first set, and the first set includes at least one identification ciphertext of the data identification to be queried;
  • the target computing platform is a pre-created computing platform associated with the data processing project corresponding to the query request, and the second set includes the data stored by the target computing platform
  • the identification ciphertext of each data identifier in the target data table which is a local data table of the computing platform associated with the data processing project;
  • the identification ciphertext is determined as the first identification ciphertext
  • the data processing result of the query request is obtained;
  • the second identification ciphertext is the identification ciphertext in the first set except the identification ciphertext included in the intersection. arts.
  • the creation process of the data processing project includes:
  • the generation process of the query interface includes:
  • a computing task configuration interface is generated; the computing task configuration interface includes a header field fed back by each computing platform associated with the data processing project and a preset component library , the component library includes multiple security components;
  • the method further includes:
  • the identification ciphertext of the data identification to be queried is the ciphertext obtained by encrypting the data identification to be queried input by the user based on the random number input by the user.
  • the query request also includes a random number ciphertext corresponding to each target computing platform, wherein the random number ciphertext corresponding to the target computing platform is based on the session encryption key corresponding to the target computing platform.
  • the key is obtained by encrypting the random number input by the user, and the session encryption key corresponding to each target computing platform is obtained through negotiation based on the user's user private key and the platform public key of the target computing platform;
  • the obtaining a second set of feedback from each target computing platform includes:
  • each target computing platform can calculate the random number ciphertext based on its own private key and the user's user public key.
  • key negotiate to obtain the session decryption key, decrypt the received random data ciphertext based on the session decryption key, obtain a random number, and decrypt each data in the stored target data table based on the random number.
  • the identification is encrypted to obtain the identification ciphertext;
  • the target computing platform calculates the data corresponding to each first identification ciphertext in the target data table, including:
  • each first identification ciphertext decrypts each first identification ciphertext to obtain the data identification to be queried for each first identification ciphertext, and identify the data to be queried corresponding to each first identification ciphertext. Determine it as the first data identifier to be queried;
  • the data corresponding to each first data identifier to be queried is split to obtain each first corresponding to the target computing platform and each other target computing platform.
  • the split data corresponding to the data identification to be queried, and the split data corresponding to each other target computing platform are shared to the corresponding other target computing platforms; wherein the other target computing platforms are other than the target computing platform.
  • the split data corresponding to the first to-be-queried data identifier corresponding to the target computing platform and the received first Calculate the split data corresponding to the data identifier to be queried to obtain the secret shared value of the first data identifier to be queried;
  • the calculation result is composed of each secret sharing value.
  • a data processing device applied to a trusted third-party platform, the device includes:
  • the first acquisition unit is configured to obtain the user's query request through the query interface pre-generated in the trusted third-party platform.
  • the query request includes at least a first set, and the first set includes at least one data identifier to be queried.
  • the second acquisition unit is used to acquire a second set of feedback from each target computing platform;
  • the target computing platform is a pre-created computing platform associated with the data processing project corresponding to the query request, and the second set includes The identification ciphertext of each data identifier in the target data table stored by the target computing platform, where the target data table is a local data table of the computing platform associated with the data processing project;
  • a third acquisition unit configured to acquire the intersection of the first set and all second sets, and determine each identification ciphertext included in the intersection as the first identification ciphertext
  • a sending unit used to send each first identification ciphertext to each target computing platform
  • the fourth acquisition unit is used to obtain the calculation results fed back by each target computing platform; the calculation results are obtained by the target computing platform calculating the data corresponding to each first identification ciphertext in the target data table;
  • a processing unit configured to process and obtain the data processing result of the query request based on each calculation result and each second identification ciphertext; the second identification ciphertext is the identification ciphertext included in the first set except the intersection. Identification cipher text outside the text.
  • a storage medium that stores an instruction set, wherein the instruction set is used by a processor During execution, the above data processing method is implemented.
  • An electronic device including:
  • a memory for storing at least one set of instructions
  • a processor configured to execute a set of instructions stored in the memory, and implement the above data processing method by executing the set of instructions.
  • this application includes the following advantages:
  • This application provides a data processing method and device, storage media and electronic equipment, including: obtaining the user's query request through a pre-generated query interface in a trusted third-party platform.
  • the query request includes at least the first set, obtaining each The second set fed back by the target computing platform obtains the intersection of the first set and all second sets, determines each identification ciphertext included in the intersection as the first identification ciphertext, and sends each first identification ciphertext to each
  • the target computing platform obtains the calculation results fed back by each target computing platform.
  • the calculation results are obtained by the target computing platform calculating the data corresponding to each first identification ciphertext in the target data table.
  • the target data table is the calculation platform associated with the data processing project.
  • the local data table is processed to obtain the data processing result of the query request based on each calculation result and each second identification ciphertext.
  • the second identification ciphertext is the identification ciphertext in the first set except the identification ciphertext included in the intersection. It can be seen that the solution of this application is not to directly transmit the local data table of the computing platform to the trusted third-party platform, but to calculate the data corresponding to each first identification ciphertext in the local data table of the computing platform.
  • the calculation results are transmitted to a trusted third-party platform, thereby avoiding risks such as user privacy leaks and non-compliant data use.
  • Figure 1 is a schematic structural diagram of a data processing system provided by this application.
  • Figure 2 is a schematic structural diagram of a trusted third-party platform provided by this application.
  • Figure 3 is a schematic structural diagram of a target computing platform provided by this application.
  • Figure 4 is a flow chart of a data processing project creation method provided by this application.
  • Figure 5 is a method flow chart of a computing task creation method provided by this application.
  • Figure 6 is a flow chart of a computing task provided by this application.
  • Figure 7 is a method flow chart of a data processing method provided by this application.
  • Figure 8 is a method flow chart of a target computing platform calculation method provided by this application.
  • Figure 9 is an example diagram of a data processing project creation method provided by this application.
  • Figure 10 is an example diagram of a computing task creation method provided by this application.
  • Figure 11 is an example diagram of a data processing method provided by this application.
  • Figure 12 is a schematic structural diagram of a data processing device provided by this application.
  • Figure 13 is a schematic structural diagram of an electronic device provided by this application.
  • the term “include” and its variations are open-ended, ie, “including but not limited to.”
  • the term “based on” means “based at least in part on.”
  • the term “one embodiment” means “at least one embodiment”; the term “another embodiment” means “at least one additional embodiment”; and the term “some embodiments” means “at least some embodiments”. Relevant definitions of other terms will be given in the description below.
  • the present application may be used in numerous general purpose or special purpose computing device environments or configurations.
  • an embodiment of the present application provides a data processing system 100.
  • the data processing system 100 includes a trusted third-party platform 101 and at least one target computing platform 102.
  • the target computing platform is each computing platform registered in the trusted third-party platform 101 in advance and related to the data processing project to be created. connected computing platform.
  • the trusted third-party platform can be used to create and manage data processing projects, create, configure and manage computing tasks, user registration, user access permission settings, management of user-related information, computing platform registration, and management of computing platform-related information.
  • the trusted third-party platform 101 includes a project management center, a task management center, a component library, a security certification audit center, a user management center and a computing platform management center.
  • Project Management Center for creating and managing data processing projects.
  • the task management center is used to create computing tasks in data processing projects and manage the created computing tasks.
  • the component library includes multiple security components for configuring computing tasks; among them, cryptography protocols are encapsulated in the security components.
  • the security authentication and audit center is used to authenticate users' access rights and monitor and audit access behaviors.
  • the user management center is used for user registration, setting access rights, and managing user registration information, user public keys, and access rights.
  • the computing platform management center is used to register the computing platform and manage the registration information and public key of the computing platform.
  • the user's registration information and user public key can be managed uniformly through the user information table.
  • the user information table is shown in Table 1.
  • the user information table includes the user identification (that is, User ID) and the user public key.
  • the registration information of the computing platform and the computing platform public key can be managed uniformly through the computing platform information table.
  • the computing platform information table is shown in Table 2.
  • the computing platform information table includes the computing platform identification and the computing platform public key.
  • the target computing platform 102 includes a project management center, task management center, component library, security certification audit center, user management center and data management center.
  • Project Management Center for creating and managing data processing projects.
  • the task management center is used to create computing tasks in data processing projects and manage the created computing tasks.
  • Component library multiple security components, used to configure computing tasks; among them, cryptographic protocols are encapsulated in the security components.
  • the security authentication and audit center is used to authenticate users' access rights and monitor and audit access behaviors.
  • the user management center is used for user registration, setting access rights, and managing user registration information, user public keys, and access rights.
  • Data management center is used to obtain and manage data from different data source types.
  • the data source type can be csv type or mysql type.
  • the embodiment of the present application provides a data processing method, which can be applied to a variety of system platforms, and its execution subject can be a trusted third-party platform.
  • a data processing project is created in a trusted third-party platform in advance, a computing task is created in the data processing project, and after the complete computing task is created, a query interface and a password sandbox are generated.
  • the password sandbox can be downloaded to the user's local device.
  • the creation process of the data processing project specifically includes the following steps:
  • the user can send a project creation request through the trusted third-party platform.
  • the user's project creation request is obtained, the user's project creation request is responded to, and each computing platform associated with the project creation request is determined, that is, each computing platform that is pre-registered in the trusted third-party platform is determined.
  • a computing platform associated with the project creation request, and the determined computing platform is identified as the target computing platform.
  • the user's project creation request may be generated by triggering project creation-related function keys in the trusted third-party platform. It should be noted that there are many ways to generate a user's project creation request, including but not limited to what is proposed in the embodiments of this application. The different ways of generating a user's project creation request do not affect the implementation of the embodiments of this application.
  • the project creation request includes at least project information of the data processing project to be created and a computing platform identifier associated with the data processing project to be created.
  • the process of determining each computing platform associated with the project creation request specifically includes, based on the computing platform identification included in the project creation request, determining the computing platform corresponding to the computing platform identification.
  • the determined computing platform is the computing platform associated with the project creation request. Requests the associated computing platform.
  • the project information included in the project creation request is sent to each computing platform associated with the project creation request.
  • each computing platform receives the project information sent by the data processing center, and after receiving the triggering instruction, generates first response information and feeds back the first response information to the trusted third-party platform, where the first response information Used to indicate consent to the creation of a data processing project.
  • step S404 is executed. If any response information indicates that the creation of the data processing project is not agreed, the process ends directly.
  • a prompt message indicating that the creation of the data processing project failed can be generated and the prompt message can be displayed.
  • each first response information indicates agreement to create a data processing project
  • the data processing project is created based on the project information included in the project creation request.
  • the project management center in the trusted third-party platform based on The project information included in the project creation request is used to create a data processing project, that is, to add the data processing project to the project management center.
  • the data processing method provided by the embodiment of this application selects a computing platform associated with the data transaction project to be created through a trusted third-party platform, and creates the data processing project through the trusted third-party platform.
  • step S404 the following steps may also be included:
  • the user's public key is sent to each computing platform associated with the project creation request to trigger each computing platform associated with the project creation request to create a data processing project based on the project information, and associate and store the data processing project with the user's public key.
  • the user's public key is obtained from the trusted third-party platform and sent to each computing platform associated with the project creation request.
  • the project management center in the computing platform creates the data processing project based on the project information and processes the data.
  • the project is stored in association with the user's public key.
  • each computing platform associated with the project creation request determines the local table of the computing platform associated with the data processing project in the local data table of the computing platform, and stores the determined local data of the computing platform
  • the header fields in the table are sent to a trusted third-party platform to facilitate subsequent configuration of calculation tasks for data processing projects.
  • the data processing method provided by the embodiment of the present application creates a data processing project in each computing platform associated with the project creation request to facilitate subsequent creation of computing tasks and data processing.
  • the creation process of the computing task, the generation process of the query interface and the generation process of the password sandbox specifically include the following steps:
  • a computing task configuration interface is generated in response to the user's computing task configuration request for a pre-created data processing project, where the computing task configuration interface includes the data processing project and the header fields and presets of each associated computing platform. Designed component library.
  • the computing task configuration request may be generated by triggering a pre-function key in a data processing project pre-created by the user in the trusted third-party platform.
  • the header fields include a data identification field, a dishonesty field, a mortgage overdue field, a car loan overdue field, and a credit card overdue field.
  • the user can configure the task information of the computing task through the computing task configuration interface.
  • the user can select security components on the computing task configuration interface through dragging, pulling, and dragging operations, and based on each header field, the calculation In the task configuration interface, enter the header fields corresponding to the data that need to participate in the calculation task.
  • the task information of the computing tasks configured by the user through each header field and each security component in the computing task configuration interface is obtained.
  • the task information of the configured computing task is a flow chart.
  • Figure 6 shows a computing task flow chart, including input, query, conditions (ie, logical judgment conditions), Four rules (i.e. logical calculation), customization (i.e. custom logic), binning (i.e. determining the processing logic of different data), data combination and output.
  • task information is sent to each computing platform associated with the data processing project.
  • Each computing platform receives the task information, and after receiving the trigger instruction, generates second response information and feeds it back to the trusted third-party platform. Second response information, where the second response information is used to indicate whether to agree to create the computing task.
  • the second response information fed back by each computing platform associated with the data processing project is received, and it is determined whether each second response information indicates agreement to create a computing task. If all second response information indicates agreement to create a computing task, , then step S505 is executed. If there is any response information indicating that the creation of the computing task is not agreed, the process ends directly.
  • each second response information indicates agreement to create a computing task
  • the task information of the computing task is added to the task list of the data processing project.
  • a computing task creation signal is sent to each computing platform associated with the data processing project.
  • the computing task creation information is used to indicate that the trusted third-party platform has created a computing task in the data processing project.
  • each computing platform associated with the data processing project after each computing platform associated with the data processing project receives the computing task creation signal sent by the trusted third-party platform, each computing platform associated with the data processing project stores the task information in its own pre-created data processing platform. in the project's task list.
  • the encryption sandbox and query interface of the data processing project are generated.
  • the encryption sandbox is bound to the data processing project, and the encryption sandbox includes the platform public keys of all computing platforms associated with the data processing project.
  • the data processing method provided by the embodiment of this application uses a trusted third-party platform to create computing tasks, Generate query interface and password sandbox.
  • Figure 7 the method flow chart of the data processing method is shown in Figure 4, which specifically includes:
  • a data processing project is created in a trusted third-party platform in advance, a computing task is created for the created data processing project, and a query interface and an encryption sandbox are generated.
  • the user's query request is obtained through a pre-generated query interface in the trusted third-party platform, where the query request includes at least a first set, and the first set includes at least one identification ciphertext of the data identification to be queried, where,
  • the identification ciphertext of the data identification to be queried is the ciphertext obtained by encrypting the data identification to be queried input by the user based on the random number input by the user.
  • the query request also includes a random number ciphertext corresponding to each target computing platform, where the target computing platform is a pre-created computing platform associated with the data processing project corresponding to the query request, and the target computing platform corresponds to
  • the random number ciphertext is obtained by encrypting the random number input by the user based on the session encryption key corresponding to the target computing platform.
  • the session encryption key corresponding to each target computing platform is based on the user's user private key and the platform public key of the target computing platform. The key is negotiated.
  • the encryption sandbox downloaded to the user's local device in advance obtains the user's input data identifier to be queried, the user's private key and the random number k, and uses the random number k to encrypt the user's input data identifier to be queried to obtain the query data identifier.
  • the identification ciphertext of the data identification is the identification ciphertext of the data identification.
  • the encryption sandbox negotiates the session encryption key corresponding to each target computing platform based on the user's private key and the platform public key of each target computing platform, and uses the session encryption key corresponding to each target computing platform to calculate the random number k Encrypt to obtain the random number ciphertext corresponding to each target computing platform.
  • the encryption sandbox forms a first set of identification ciphertexts identified by the data to be queried, and based on the first set and the random number ciphertext corresponding to each target computing platform, sends the user's query request to the query interface of the trusted third-party platform.
  • the data query interface in the trusted third-party platform After receiving the user's query request, the data query interface in the trusted third-party platform first performs identity verification on the user. Specifically, it verifies whether the user is the creation user of the data processing project corresponding to the data query interface. If the user If the user is the creation user of the data processing project corresponding to the data query interface, it is determined that the user has passed the identity verification. If the user is not the creation user of the data processing project corresponding to the data query interface, it is determined that the user has not passed the identity verification. test.
  • the first set included in the user's query request and the random number ciphertext corresponding to each target computing platform are obtained.
  • the identification of the data to be queried input by the user may be the user ID to be queried.
  • a second set of feedback from each target computing platform is obtained, where the target computing platform is a pre-created computing platform associated with the data processing project corresponding to the query request, that is, each pre-registered on the trusted third-party platform In the computing platform, the computing platform associated with the data processing project corresponding to the query request.
  • the second set includes the identification ciphertext of each data identifier in the target data table stored by the target computing platform.
  • the target data table is a local data table of the computing platform associated with the data processing project.
  • the process of obtaining the second set of feedback from each target computing platform includes:
  • each target computing platform can negotiate to obtain session decryption based on its own private key and the user's user public key. key, and decrypts the received random data ciphertext based on the session decryption key to obtain a random number, and encrypts each data identifier in the stored target data table based on the random number to obtain the identification ciphertext;
  • the trusted third-party platform sends each target computing platform to the target computing platform. That is to say, for each target computing platform, the trusted third-party platform sends the random number ciphertext corresponding to the target computing platform to the target computing platform.
  • each target computing platform associates and stores the data processing project and the user public key corresponding to the data processing project in advance.
  • each target computing platform negotiates to obtain the session decryption key based on its own platform private key and the user public key stored in association with the data processing project.
  • the session decryption key is used to process the random number. Decrypt the ciphertext to obtain the random number k, and obtain the data identification in the target data table. Use the random number k to encrypt the obtained data identification, obtain the identification ciphertext of the data identification, and combine each identification ciphertext into
  • the second set is sent to the trusted third-party platform, and the trusted third-party platform obtains the second set sent by each target computing platform.
  • the data identifier in the target data table may be a user ID.
  • the session encryption corresponding to the target computing platform The key and the session decryption key are the same key. That is to say, the session encryption key negotiated based on the platform public key and user private key of the target computing platform is different from the platform private key and user public key based on the target computing platform.
  • the session decryption keys obtained through key negotiation are equal.
  • the random number k is only shared between the user and the computing platform, and the trusted third-party platform cannot decrypt the random number k, thus ensuring data privacy and security.
  • intersection of the first set and all the second sets is obtained. That is to say, any identification ciphertext included in the intersection exists in both the first set and every second set.
  • each identification ciphertext included in the intersection is determined as the first identification ciphertext.
  • each first identification ciphertext is sent to each target computing platform.
  • each target computing platform after receiving each first identification ciphertext sent by the trusted third-party platform, each target computing platform calculates the data corresponding to each first identification ciphertext in the target data table, obtains the calculation results, and sends them to Trusted third-party platform.
  • the target computing platform calculates the data corresponding to each first identification ciphertext in the target data table, specifically including the following steps:
  • each first identification ciphertext is decrypted using the random number obtained by decrypting the random number ciphertext, and the to-be-queried data identification of each first identification ciphertext is obtained.
  • step S702 For the specific process of obtaining the random number from the confidential random number ciphertext, please refer to step S702, which will not be described again here.
  • the data identifier to be queried for each first identification ciphertext is determined as the first data identifier to be queried.
  • the data corresponding to each first to-be-queried data identifier in the target data table is obtained. For example, if the target data table includes user B's breach of trust as "yes” and the number of credit card overdues as "6", then based on the first The data to be queried identifies user B, and the data corresponding to user B in the target data table is obtained. “Yes” for breach of trust, and "6" for the number of overdue credit cards.
  • the data corresponding to each first data identifier to be queried is split, so as to remember the target computing platform and other target computing platforms to obtain the target computing platform and each other target.
  • the split data corresponding to each first to-be-queried data identifier corresponding to each of the computing platforms is calculated.
  • the number of data shares to be split is determined based on the number of computing platforms associated with the data processing project.
  • the number of computing platforms associated with the data processing project is 3, which are computing platform a, computing platform Platform b and computing platform c, the computing platform currently performing the data splitting operation is computing platform a, then data A is split into A1 corresponding to computing platform a, A2 corresponding to computing platform b, and A3 corresponding to computing platform c.
  • the other target computing platforms are other target computing platforms except the target computing platform (that is, the target computing platform currently performing the data splitting operation).
  • the split data corresponding to each other target computing platform is shared to the corresponding other target computing platforms. For example, share A2 to computing platform b and share A3 to computing platform c.
  • split data shared by each other target computing platform is received. Specifically, split data corresponding to each first to-be-queried data identifier shared by each other target computing platform is received. For example, computing platform b receives A2 shared by computing platform a, and computing platform c receives A3 shared by computing platform a.
  • the split data corresponding to the first data identifier to be queried corresponding to the target computing platform and the received
  • the split data corresponding to the first data identifier to be queried is processed. Specifically, based on the processing logic in the task information of the computing task, the split data corresponding to the first data identifier to be queried and the received data are processed.
  • the split data corresponding to the first data identifier to be queried is calculated, thereby obtaining the secret sharing value of the first data identifier to be queried.
  • each secret sharing value is combined into the calculation result.
  • S706 Process and obtain the data processing result of the query request based on each calculation result and each second identification ciphertext.
  • the data processing result of the query request is obtained based on each calculation result and each second identification ciphertext, where the second identification ciphertext is the identification ciphertext in the first set except the identification ciphertext included in the set.
  • the process of obtaining the data processing results of the query request based on each calculation result and each second identification ciphertext specifically includes:
  • each second identification ciphertext and the integration result are processed to obtain the data processing result of the query request.
  • each calculation result is integrated to obtain the integration result.
  • the secret sharing value corresponding to the first identification ciphertext is integrated to obtain the first identification ciphertext.
  • the integration result of the text is combined with the integration results of each first identification ciphertext to obtain an integration result, that is, the integration result includes the integration result of each first identification ciphertext.
  • each second identification ciphertext and the integration result are processed to obtain the data processing result of the query request.
  • the processing logic in the task information may be to determine the loan interest rate for each first identification ciphertext and the loan interest rate for each second identification ciphertext, wherein the method for determining the loan interest rate is prestored in the task information.
  • the query requested data processing results can be visually displayed.
  • the data processing results can be downloaded.
  • the data processing method provided by the embodiment of the present application does not directly transmit the local data table of the computing platform to the trusted third-party platform, but transfers the data corresponding to each first identification ciphertext in the local data table of the computing platform to the computing platform.
  • the calculation results obtained by the calculation are transmitted to a trusted third-party platform, thereby realizing data processing while ensuring data privacy and security.
  • the data processing method provided by the embodiment of this application can be implemented based on federated learning.
  • the lending institution hopes to conduct a risk assessment on a new loan customer to determine whether to lend to the loan customer and set the interest rate for the loan.
  • the data of Bank A and Bank B need to be jointly calculated, where, The lending institution is pre-registered on the trusted third-party platform as user 1, bank A is pre-registered on the trusted third-party platform as computing platform A, and bank B is pre-registered on the digital trading platform as computing platform B.
  • the trusted third-party platform responds to user 1's project creation request and determines computing platform A and computing platform B associated with the project creation request. Among them, the project creation request is used to request the creation of a data processing project.
  • the trusted third-party platform sends the project information to computing platform A.
  • the trusted third-party platform sends the project information to computing platform B.
  • Computing platform A generates response information A1 and sends the response information A1 to the trusted third-party platform, where the response information A1 is used to indicate whether computing platform A agrees to create a data processing project.
  • Computing platform B generates response information B1 and sends response information B1 to the trusted third-party platform, where response information B1 is used to indicate whether computing platform B agrees to create a data processing project.
  • the trusted third-party platform determines whether the response information A1 instructs the computing platform A to agree to create a data processing project, and whether the response information B1 instructs the computing platform B to agree to create a data processing project. If not, that is, computing platform A and/or B have not If it is agreed to create the data processing project, execute S907. If so, execute step S908.
  • the trusted third-party platform generates a prompt message indicating that the creation of the data processing project failed, and Prompt information is displayed.
  • the trusted third-party platform creates a data processing project based on the project information.
  • the trusted third-party platform sends the user public key of the data processing project to computing platform A.
  • the trusted third-party platform sends the user public key of the data processing project to computing platform B.
  • Computing platform A adds the project information to the project management center and saves the user's public key.
  • Computing platform B adds the project information to the project management center and saves the user public key.
  • Bank A and Bank B will associate the local data table configuration associated with the data processing project to the data processing project.
  • the trusted third-party platform responds to user 1's computing task configuration request for the data processing project created by itself, and generates a computing configuration interface.
  • the trusted third-party platform obtains the task information of the computing task configured by user 1 through the computing task configuration interface.
  • the trusted third-party platform sends the task information to computing platform A.
  • the trusted third-party platform sends the task information to computing platform B.
  • Computing platform A generates response information A2 and sends response information A2 to the trusted third-party platform, where response information A2 is used to indicate whether computing platform A agrees to create a computing task.
  • Computing platform B generates response information B2 and sends response information B2 to the trusted third-party platform, where response information B2 is used to indicate whether computing platform B agrees to create a computing task.
  • the trusted third-party platform determines whether the response information A2 indicates that the computing platform A agrees to create the computing task, and whether the response information B2 indicates that the computing platform B agrees to create the computing task. If not, that is, computing platform A and/or B do not agree to create the computing task. If the task is calculated, execute S1008. If so, execute step S1009.
  • the trusted third-party platform generates a prompt message indicating that the creation of the computing task failed, and displays the prompt message.
  • the trusted third-party platform adds the computing task to the task list of the trusted third-party platform.
  • the trusted third-party platform sends the computing task creation signal to computing platform A, where the computing task creation signal is used to indicate the successful creation of the computing task.
  • the trusted third-party platform sends the computing task creation signal to computing platform B, where the computing task creation signal is used to indicate the successful creation of the computing task.
  • computing platform A After receiving the computing task creation signal, computing platform A adds the computing task to the task list of the data processing project.
  • computing platform B After receiving the computing task creation signal, computing platform B adds the computing task to the task list of the data processing project.
  • the trusted third-party platform obtains the query user ID ciphertext, the random number ciphertext corresponding to computing platform A, and the random number ciphertext corresponding to computing platform B through the query interface.
  • the query user ID ciphertext is the user ID used by the encryption sandbox. 1 Enter the random number k and encrypt the query user ID input by user 1.
  • the random number ciphertext corresponding to computing platform A is the random number input by user 1 using the session encryption key corresponding to computing platform A in the encryption sandbox. k is encrypted.
  • the session encryption key corresponding to computing platform A is negotiated by the encryption sandbox based on the pre-stored platform public key of computing platform A and the user private key input by user 1.
  • the random number corresponding to computing platform B The ciphertext is obtained by encrypting the random number k input by user 1 using the session encryption key corresponding to computing platform B.
  • the session encryption key corresponding to computing platform B is based on the pre-stored computing platform B.
  • the platform public key is obtained through negotiation with the user private key entered by user 1.
  • the trusted third-party platform sends the random number ciphertext corresponding to computing platform A to computing platform A.
  • the trusted third-party platform sends the random number ciphertext corresponding to computing platform B to computing platform B.
  • Computing platform A negotiates to obtain the session decryption key corresponding to computing platform A based on its own platform private key and the user public key of user 1, and uses the session decryption key to decrypt and send it to the computing platform.
  • Computing platform A sends the user ID ciphertext to the trusted third-party platform.
  • Computing platform B negotiates to obtain the session decryption key corresponding to computing platform B based on its own platform private key and the user public key of user 1, and uses the session decryption key to decrypt the random number ciphertext sent to computing platform B. , obtain the random number k, and obtain all user IDs in the local data table associated with the data processing project, use the random number k to encrypt each user ID, and obtain the user ID ciphertext.
  • Computing platform B sends the user ID ciphertext to the trusted third-party platform.
  • the trusted third-party platform determines the intersection of the query user ID ciphertext and the encrypted user ID ciphertext.
  • the trusted third-party platform sends the ciphertext of each query user ID included in the intersection to computing platform A.
  • the trusted third-party platform sends each query user ID ciphertext included in the intersection to computing platform B respectively.
  • computing platform A Based on the random number k obtained by decrypting the random number ciphertext, computing platform A decrypts the ciphertext of each query user ID to obtain each query user ID, and compares the local data table associated with the data processing project corresponding to each query user ID. Calculate the data and get the calculation results.
  • Computing platform A sends the calculation results to the trusted third-party platform.
  • computing platform B Based on the random number k obtained by decrypting the random number ciphertext, computing platform B decrypts the ciphertext of each query user ID to obtain each query user ID, and compares the local data table associated with the data processing project corresponding to each query user ID. Calculate the data and get the calculation results.
  • Computing platform B sends the calculation results to the trusted third-party platform.
  • the trusted third-party platform determines the encrypted query user ID outside the intersection, and processes to obtain the data processing result based on each calculation result and the determined encrypted query user ID outside the intersection.
  • Bank A The local data table configured by Bank A is shown in Table 3.
  • Bank A includes four header fields representing the ID number, whether it is a dishonest person of Bank A, the number of overdue mortgage loans, and the number of overdue car loans.
  • Table 3 Bank A local data table
  • Bank B The local data table configured by Bank B is shown in Table 4.
  • Bank B includes four header fields representing the ID number, whether it is a dishonest person of Bank B, and the number of overdue credit cards.
  • Query According to the query ID entered by the user, intersect with the user ID in the local data table of bank A and the user ID in the local data table of bank B. The intersection of IDs is B, C, D, E, F, G, as shown in Table 6, the query output is B, C, D, E, F, G.
  • Customization If the logical judgment conditions are not met, that is, the person is a dishonest person of Bank A and/or a non-trustworthy person of Bank B, then the lending interest rate is set to -1, as shown in Table 6, which means no loan will be made. .
  • the final calculation result obtained by user 1 is the output result of the output component.
  • the first acquisition unit 1201 is used to obtain the user's query request through the query interface pre-generated in the trusted third-party platform.
  • the query request includes at least a first set, and the first set includes at least one data to be queried.
  • the second acquisition unit 1202 is used to acquire a second set of feedback from each target computing platform;
  • the target computing platform is a pre-created computing platform associated with the data processing project corresponding to the query request, and the second set Includes identification ciphertext of each data identifier in a target data table stored by the target computing platform, where the target data table is a local data table of the computing platform associated with the data processing project;
  • the third acquisition unit 1203 is configured to acquire the intersection of the first set and all second sets, and determine each identification ciphertext included in the intersection as the first identification ciphertext;
  • the sending unit 1204 is used to send each first identification ciphertext to each target computing platform;
  • the fourth acquisition unit 1205 is used to obtain the calculation results fed back by each target computing platform; the calculation results are obtained by the target computing platform calculating the data corresponding to each first identification ciphertext in the target data table;
  • the processing unit 1206 is configured to process and obtain the data processing result of the query request based on each calculation result and each second identification ciphertext; the second identification ciphertext is the identification included in the first set except the intersection. Identification ciphertext outside the ciphertext.
  • the second acquisition unit 1202 is specifically used to: during the creation process of the data processing project:
  • the first acquisition unit 1201 when querying the generation process of the interface, is specifically used to:
  • a computing task configuration interface is generated; the computing task configuration interface includes a header field fed back by each computing platform associated with the data processing project and a preset component library , the component library includes multiple security components;
  • the second acquisition unit 1202 can also be used to: during the creation process of the data processing project:
  • the identification ciphertext of the data identification to be queried is that the encryption sandbox encrypts the data identification to be queried input by the user based on a random number input by the user. Obtained ciphertext.
  • the query request also includes a random number ciphertext corresponding to each target computing platform, wherein the random number ciphertext corresponding to the target computing platform is based on the target computing platform.
  • the corresponding session encryption key is obtained by encrypting the random number input by the user, and the session encryption key corresponding to each target computing platform is obtained through negotiation based on the user's user private key and the platform public key of the target computing platform;
  • the second acquisition unit 1202 is specifically used for:
  • each target computing platform sends the random number ciphertext corresponding to each target computing platform to the target computing platform, so that After each target computing platform receives the random number ciphertext, it negotiates to obtain the session decryption key based on its own private key and the user's public key, and pairs the received session decryption key based on the session decryption key. Decrypt the random data ciphertext to obtain a random number, and encrypt each data identifier in the stored target data table based on the random number to obtain the identifier ciphertext;
  • the fourth acquisition unit 1205 is specifically used to:
  • each first identification ciphertext decrypts each first identification ciphertext to obtain the data identification to be queried for each first identification ciphertext, and identify the data to be queried corresponding to each first identification ciphertext. Determine it as the first data identifier to be queried;
  • the data corresponding to each first data identifier to be queried is split to obtain the data corresponding to each first data identifier to be queried corresponding to the target computing platform and each other target computing platform.
  • the split data corresponding to the first to-be-queried data identifier corresponding to the target computing platform and the received first Calculate the split data corresponding to the data identifier to be queried to obtain the secret shared value of the first data identifier to be queried;
  • the calculation result is composed of each secret sharing value.
  • Embodiments of the present application also provide a storage medium that stores an instruction set, wherein the data processing method disclosed in any of the above embodiments is executed when the instruction set is run.
  • An embodiment of the present application also provides an electronic device, the schematic structural diagram of which is shown in Figure 13. It specifically includes a memory 1301 for storing at least a set of instructions; a processor 1302 for executing the stored instruction set.
  • the data processing method disclosed in any of the above embodiments is implemented by executing the instruction set stored in the memory.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

La présente demande concerne un procédé et un appareil de traitement de données, un support de stockage et un dispositif électronique, qui sont appliqués au domaine de la sécurité des informations. Le procédé comprend les étapes suivantes : une plate-forme tierce de confiance obtient un résultat de calcul renvoyé par chaque plate-forme informatique cible, le résultat de calcul étant obtenu par la plate-forme informatique cible calculant des données, correspondant à chaque premier texte crypté d'identification, dans une table de données cible, et la table de données cible étant une table de données locale de la plate-forme informatique associée à un élément de traitement de données précréé correspondant à une demande d'interrogation ; et à traiter selon chaque résultat de calcul et chaque second texte crypté d'identification pour obtenir un résultat de traitement de données de la demande d'interrogation. Ainsi, dans la solution de la présente demande, le résultat de calcul obtenu par la plate-forme informatique calculant les données, correspondant à chaque premier texte crypté d'identification, dans la table de données locale de la plate-forme informatique est transmis à la plate-forme tierce de confiance au lieu de transmettre directement la table de données locale de la plate-forme informatique à la plate-forme tierce de confiance, de telle sorte que les risques, tels qu'une fuite de confidentialité d'utilisateur et une utilisation non conforme de données, soient évités.
PCT/CN2023/081839 2022-06-16 2023-03-16 Procédé et appareil de traitement de données, support de stockage et dispositif électronique WO2023241142A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210679199.XA CN115086037B (zh) 2022-06-16 2022-06-16 一种数据处理方法及装置、存储介质及电子设备
CN202210679199.X 2022-06-16

Publications (1)

Publication Number Publication Date
WO2023241142A1 true WO2023241142A1 (fr) 2023-12-21

Family

ID=83254510

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/081839 WO2023241142A1 (fr) 2022-06-16 2023-03-16 Procédé et appareil de traitement de données, support de stockage et dispositif électronique

Country Status (2)

Country Link
CN (1) CN115086037B (fr)
WO (1) WO2023241142A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115086037B (zh) * 2022-06-16 2024-04-05 京东城市(北京)数字科技有限公司 一种数据处理方法及装置、存储介质及电子设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017061950A1 (fr) * 2015-10-09 2017-04-13 Singapore Management University Système de sécurité de données et procédé d'utilisation associé
CN110895611A (zh) * 2019-11-26 2020-03-20 支付宝(杭州)信息技术有限公司 基于隐私信息保护的数据查询方法、装置、设备及系统
CN111510464A (zh) * 2020-06-24 2020-08-07 同盾控股有限公司 一种保护用户隐私的疫情信息共享方法及系统
CN113965310A (zh) * 2021-10-18 2022-01-21 公安部第三研究所 基于可控去标识化的标签实现混合隐私计算处理的方法
CN115086037A (zh) * 2022-06-16 2022-09-20 京东城市(北京)数字科技有限公司 一种数据处理方法及装置、存储介质及电子设备

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112287364A (zh) * 2020-10-22 2021-01-29 同盾控股有限公司 数据共享方法、装置、系统、介质及电子设备
CN113239395A (zh) * 2021-05-10 2021-08-10 深圳前海微众银行股份有限公司 数据查询方法、装置、设备、存储介质及程序产品
CN113434906B (zh) * 2021-07-05 2024-01-16 平安科技(深圳)有限公司 数据查询方法、装置、计算机设备及存储介质
CN114116637A (zh) * 2021-11-22 2022-03-01 中国银联股份有限公司 一种数据共享方法、装置、设备及存储介质

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017061950A1 (fr) * 2015-10-09 2017-04-13 Singapore Management University Système de sécurité de données et procédé d'utilisation associé
CN110895611A (zh) * 2019-11-26 2020-03-20 支付宝(杭州)信息技术有限公司 基于隐私信息保护的数据查询方法、装置、设备及系统
CN111510464A (zh) * 2020-06-24 2020-08-07 同盾控股有限公司 一种保护用户隐私的疫情信息共享方法及系统
CN113965310A (zh) * 2021-10-18 2022-01-21 公安部第三研究所 基于可控去标识化的标签实现混合隐私计算处理的方法
CN115086037A (zh) * 2022-06-16 2022-09-20 京东城市(北京)数字科技有限公司 一种数据处理方法及装置、存储介质及电子设备

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZHAO XUE-LING, JIA ZHU-LIANG, LI SHUN-DONG : "A Secure Multiparty Intersection Computation", JOURNAL OF CRYPTOLOGIC RESEARCH, vol. 9, no. 2, 1 January 2022 (2022-01-01), pages 294 - 307, XP093118063, ISSN: 2095-7025, DOI: 10.13868/j.cnki.jcr.000520 *

Also Published As

Publication number Publication date
CN115086037A (zh) 2022-09-20
CN115086037B (zh) 2024-04-05

Similar Documents

Publication Publication Date Title
US10903976B2 (en) End-to-end secure operations using a query matrix
JP7007985B2 (ja) 鍵を有するリソースロケーター
US20180212753A1 (en) End-To-End Secure Operations Using a Query Vector
CN105408913B (zh) 在云中隐私地处理数据
CN109462472A (zh) 数据加密和解密的方法、装置和系统
CN110169009A (zh) 隔离的集合中的密码操作
US9887993B2 (en) Methods and systems for securing proofs of knowledge for privacy
WO2021159052A1 (fr) Procédé et appareil de gestion de clés de chiffrement et d'informations électroniques chiffrées sur un serveur de réseau
US8220040B2 (en) Verifying that group membership requirements are met by users
CN109743168B (zh) 一种联盟链资源共享方法、装置及其存储介质
CN109214201A (zh) 一种数据共享方法、终端设备及计算机可读存储介质
JP6619401B2 (ja) データ検索システム、データ検索方法およびデータ検索プログラム
CN106612275A (zh) 用于传送和接收消息的用户终端和方法
EP4152197A1 (fr) Procédés et systèmes de gestion de confidentialité de données d'utilisateur
CN109613990A (zh) 软键盘安全输入方法、服务器、客户端、电子设备和介质
WO2023241142A1 (fr) Procédé et appareil de traitement de données, support de stockage et dispositif électronique
WO2021114885A1 (fr) Dispositif informatique, support de stockage, procédé et appareil de traitement d'informations sensibles
Qiu et al. Categorical quantum cryptography for access control in cloud computing
CN110474764B (zh) 密文数据集交集计算方法、装置、系统、客户端、服务器及介质
US11386429B2 (en) Cryptocurrency securing method and device thereof
JP2018085681A (ja) 強化されたセキュリティを有する取引相互監視システム
KR101964757B1 (ko) Otp를 이용한 인증 시스템 및 방법
EP4125236A1 (fr) Protocole de vérification de code secret
WO2022089518A1 (fr) Procédé de génération d'adresse, procédé de traitement d'informations de chaîne de blocs, et dispositif associé
CN106612170A (zh) Drm服务提供装置及方法、内容再现装置及方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23822714

Country of ref document: EP

Kind code of ref document: A1