CN111611623B - Private data processing method and device - Google Patents

Private data processing method and device Download PDF

Info

Publication number
CN111611623B
CN111611623B CN202010630840.1A CN202010630840A CN111611623B CN 111611623 B CN111611623 B CN 111611623B CN 202010630840 A CN202010630840 A CN 202010630840A CN 111611623 B CN111611623 B CN 111611623B
Authority
CN
China
Prior art keywords
data
client
privacy data
intersection
privacy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010630840.1A
Other languages
Chinese (zh)
Other versions
CN111611623A (en
Inventor
张尧
张博
胡珀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202010630840.1A priority Critical patent/CN111611623B/en
Publication of CN111611623A publication Critical patent/CN111611623A/en
Application granted granted Critical
Publication of CN111611623B publication Critical patent/CN111611623B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes

Abstract

The embodiment of the invention discloses a method and a device for processing private data; after a privacy data processing request is obtained, the privacy data processing request indicates a client needing to perform privacy data interaction with a local, a main security space is created locally according to the privacy data processing request, a guest security space is created locally by the client, when the security of the main security space and the security of the guest security space meet a preset verification condition, a security channel and an interaction key between the main security space and the guest security space are established, privacy data interaction is performed with the client through the security channel and the interaction key, and a privacy data intersection between the local and the client is calculated based on the interacted privacy data; the scheme can greatly improve the safety and the processing speed of the privacy data processing.

Description

Private data processing method and device
Technical Field
The invention relates to the technical field of communication, in particular to a method and a device for processing private data.
Background
In recent years, with the rapid development of internet technology, data in the internet also becomes more and more, data islands are further opened through multi-party data fusion, and the data mining with higher value is realized. Meanwhile, the security problem of private data is becoming more and more sudden, data abuse needs to be prevented while the application value of the data is reasonably mined, and the private data is protected.
In the research and practice process of the prior art, the inventor of the present invention finds that, for the third-party server to construct a secure space to protect the security of the private data, the private data needs to be stored in the third-party server, so that a certain degree of potential safety hazard exists, and when a large amount of private data is processed, the processing speed of processing the private data is greatly reduced.
Disclosure of Invention
The embodiment of the invention provides a private data processing method and device. The security and processing speed of the private data processing can be improved.
A method of private data processing, comprising:
the method comprises the steps of obtaining a privacy data processing request, wherein the privacy data processing request indicates a client needing to carry out privacy data interaction with the local;
according to the privacy data processing request, a main security space is created locally, and the client is enabled to create a guest security space locally at the client;
when the safety of the main safety space and the guest safety space meets a preset condition, a safety channel and an interactive key between the main safety space and the guest safety space are constructed;
and performing privacy data interaction with the client through the secure channel and the interaction key, and calculating privacy data intersection between the local and the client based on the interacted privacy data.
Correspondingly, an embodiment of the present invention provides a private data processing apparatus, including:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a privacy data processing request which indicates a client needing to perform privacy data interaction with a local area;
a creating unit, configured to create a host secure space locally according to the private data processing request, and enable the client to create a guest secure space locally at the client;
the construction unit is used for constructing a safety channel and an interactive key between the main safety space and the guest safety space when the safety of the main safety space and the guest safety space meets a preset condition;
and the interaction unit is used for carrying out privacy data interaction with the client through the secure channel and the interaction key, and calculating privacy data intersection between the local client and the client based on the interacted privacy data.
Optionally, in some embodiments, the creating unit may be specifically configured to perform hash measurement on the attribute information of the main secure space, and send a first measurement result obtained through the hash measurement to the client, so that the client verifies the security of the main secure space according to the first measurement result; receiving a security verification result of the main security space and a second measurement result of the attribute information of the guest security space, which are sent by the client; when the second measurement result is the same as a preset measurement result, determining that the security verification result of the guest security space is verified; and when the safety verification results of the main safety space and the passenger safety space are both verification pass, determining that the safety of the main safety space and the passenger safety space meets the preset condition.
Optionally, in some embodiments, the building unit may be specifically configured to obtain a host data transmission interface of the host secure space and a guest data transmission interface of the guest secure space; adopting a preset safety transmission protocol, constructing a data transmission channel between the main data transmission interface and the guest data transmission interface, and taking the data transmission channel as a safety channel between the main safety space and the guest safety space; exchanging a key file with the client over the secure channel to generate an interaction key between the master secure space and the guest secure space.
Optionally, in some embodiments, the interaction unit may be specifically configured to exchange, with the client through the secure channel, basic information of the stored private data, where the basic information includes a data total amount of local master private data and a data total amount of guest private data of the client; comparing the total amount of the guest privacy data with the total amount of the master privacy data to determine the type of the client; and according to the secure channel, the main secure space and the interactive key, performing private data interaction with the client by adopting an interactive strategy corresponding to the client type, and calculating a private data intersection between the local client and the client based on the interactive private data.
Optionally, in some embodiments, the interaction unit may be specifically configured to calculate a data difference between a total data amount of the guest privacy data and a total data amount of the local master privacy data; when the data difference value does not exceed a preset difference value threshold value, determining that the type of the client is an equivalent client; and when the data difference value exceeds the preset difference value threshold value, determining the type of the client as a difference client.
Optionally, in some embodiments, the interaction unit may be specifically configured to, according to a type of the client, screen out, in the client, a target client for interacting with local private data, and determine an interaction policy of the target client; and according to the interaction strategy and the interaction key, carrying out privacy data interaction on the master privacy data and the guest privacy data of the target client through the secure channel and the master security space, and calculating privacy data intersection between the local client and the client based on the interacted privacy data.
Optionally, in some embodiments, the interaction unit may be specifically configured to, when the client is a peer client, use the peer client as a target client performing private data interaction with a local area, and determine that an interaction policy of the target client is peer-to-peer interaction; when the client is a difference client, screening a preset number of difference clients from the difference clients as target clients, and determining the interaction strategy of the target clients as oblique interaction; when the clients comprise the equivalent clients and the difference clients, screening a preset number of difference clients from the difference clients, taking the preset number of difference clients and all the equivalent clients as the target clients, determining the interaction strategy of the target clients to be composite interaction, wherein the composite interaction is in peer-to-peer interaction with the equivalent clients, and after the peer-to-peer interaction is completed, performing oblique interaction with the difference clients.
Optionally, in some embodiments, the interaction unit may be specifically configured to, when the interaction policy is peer-to-peer interaction, perform privacy data interaction on an equal number of proportions of the master privacy data and guest privacy data of the peer client through the secure channel and the interaction key, and calculate an intersection between the master privacy data and the guest privacy data of the peer client in a master security space, so as to obtain a privacy data intersection between a local client and the client; when the interaction strategy is oblique interaction, receiving candidate privacy data sent by the difference client, and determining privacy data intersection between the local client and the client according to the candidate privacy data; when the interaction strategy is composite interaction, carrying out privacy data interaction on the master privacy data with the same quantity proportion and the guest privacy data of the same client, calculating an intersection between the master privacy data and the guest privacy data of the same client in the master security space to obtain an initial data intersection, receiving the guest privacy data sent by the difference client, and determining the privacy data intersection between the local client and the client according to the initial data intersection and the guest privacy data sent by the difference client.
Optionally, in some embodiments, the interaction unit may be specifically configured to screen out, from the master privacy data, privacy data in a target quantity proportion as target master privacy data, and send the target master privacy data to the peer client through the secure channel and the interaction key; receiving target guest privacy data sent by the peer client, and calculating the intersection of the remaining master privacy data which are not sent to the peer client and the target guest privacy data in the master security space to obtain a first initial data intersection; sending the first initial data intersection to the peer client, and receiving a second initial data intersection sent by the peer client, where the second initial data intersection is an intersection between remaining guest privacy data calculated by the peer client and not sent to the local and the target master privacy data; and fusing the first initial data intersection and the second initial data intersection to obtain the privacy data intersection between the local client and the client.
Optionally, in some embodiments, the interaction unit may be specifically configured to determine, according to the basic information of the peer client, a target quantity ratio of private data interaction locally performed with the peer client and a bucket quantity of data buckets used for storing private data; creating main data sub-buckets corresponding to the sub-bucket quantity in a local area outside the main security space; performing hash operation on the session key to obtain a hash salt value, wherein the hash salt value is effective in a single private data interaction; performing initial encryption on the main privacy data by adopting the hash salt value; cutting the initially encrypted local privacy data into sub privacy data corresponding to the sub-bucket number, and determining the sub-bucket number of each sub privacy data stored in the main data sub-bucket; storing the sub-private data to a main data sub-bucket corresponding to the sub-bucket number; screening main privacy data corresponding to the target quantity proportion from the main data sub-buckets to serve as target main privacy data, and storing the target main privacy data to the main security space; and encrypting the target main privacy data by adopting the symmetric key and the authentication key in the main security space, and sending the encrypted target main privacy data to the peer client through the security channel.
Optionally, in some embodiments, the interaction unit may be specifically configured to verify, in the master secure space, integrity of the target guest privacy data by using the authentication key; when the integrity of the target guest privacy data passes verification, decrypting the target guest privacy data by adopting the symmetric key; and calculating the intersection between the decrypted target guest privacy data and the rest main privacy data which are not sent to the same client to obtain a first initial data intersection.
Optionally, in some embodiments, the interaction unit may be specifically configured to, when a total data amount of the master privacy data exceeds a total data amount of guest privacy data of the difference client, receive the first candidate privacy data sent by the difference client, and calculate, according to the interaction key, an intersection between the master privacy data and the first candidate privacy data in the master secure space to obtain a privacy data intersection between a local client and the client, where the first candidate privacy data is the guest privacy data encrypted by the difference client; when the total data amount of the main privacy data does not exceed the total data amount of the guest privacy data of the difference client, according to the interaction key, the main privacy data is sent to the difference client after being encrypted, the second candidate privacy data sent by the difference client is received, the second candidate privacy data is used as a privacy data intersection between the local client and the client, and the second privacy data is the intersection between the main privacy data calculated by the difference client and the guest privacy data stored by the difference client.
Optionally, in some embodiments, the interaction unit may be specifically configured to verify integrity of the first candidate private data by using the authentication key in the main secure space; when the integrity of the first candidate private data passes verification, decrypting the first candidate private data by using the symmetric key in the main secure space; and calculating the intersection between the decrypted first candidate privacy data and the main privacy data in the main security space to obtain a target privacy data intersection, and taking the target privacy data intersection as the privacy data intersection between the local client and the client.
Optionally, in some embodiments, the interaction unit may be specifically configured to perform initial encryption on the master privacy data by using the session key, and store the initially encrypted master privacy data in a data sub-bucket; storing the data in the sub-bucket to the main safe space, and encrypting the main private data in the data sub-bucket by adopting the symmetric key and the authentication key to obtain encrypted main private data; sending the encrypted main privacy data to the difference client to enable the difference client to calculate the intersection of the encrypted main privacy data and the guest privacy data stored by the difference client to obtain second candidate privacy data; receiving the second candidate privacy data sent by the difference client, and using the second candidate privacy data as a privacy data intersection between the local and the client.
Optionally, in some embodiments, the interaction unit may be specifically configured to screen out candidate master privacy data used for privacy data interaction from the master privacy data, and encrypt the candidate master privacy data with the interaction key; sending the encrypted candidate master privacy data to the peer client through the secure channel, and receiving candidate guest privacy data sent by the peer client; calculating an intersection of the candidate guest privacy data and privacy data of the master privacy data other than the candidate privacy data in the master security space to obtain an initial data intersection between the master privacy data and guest privacy data of the peer client; when the total data amount of the private data in the initial data intersection exceeds the total data amount of the guest private data of the difference client, receiving the current guest private data sent by the difference client, calculating an intersection between the initial data intersection and the current guest private data to obtain a current private data intersection, and taking the current private data intersection as the private data intersection between the local client and the client; when the total data amount of the private data in the initial data intersection does not exceed the total data amount of the guest private data of the difference client, according to the interaction key, sending the initial data intersection to the difference client after encryption, receiving a private data set sent by the difference client after the difference client solves intersection for the initial data intersection, and taking the private data set as the private data intersection between the local client and the client.
In addition, an embodiment of the present invention further provides an electronic device, which includes a processor and a memory, where the memory stores an application program, and the processor is configured to run the application program in the memory to implement the method for processing private data provided in the embodiment of the present invention.
In addition, the embodiment of the present invention further provides a computer-readable storage medium, where a plurality of instructions are stored, and the instructions are suitable for being loaded by a processor to perform the steps in any one of the privacy data processing methods provided by the embodiment of the present invention.
After a privacy data processing request is obtained, the privacy data processing request indicates a client needing to perform privacy data interaction with the local, a main safety space is created locally according to the privacy data processing request, a guest safety space is created locally by the client, when the safety of the main safety space and the guest safety space meets a preset verification condition, a safety channel and an interaction key between the main safety space and the guest safety space are established, privacy data interaction is performed with the client through the safety channel and the interaction key, and a privacy data intersection between the local and the client is calculated based on the interacted privacy data; according to the scheme, the safe spaces are respectively established in the host and the client, the safe channel and the interactive key between the host safe space and the guest safe space are established, the private data are directly processed in the safe space through the safe channel and the interactive key, the processing of the private data is not needed through a third-party server, and the safety and the processing speed of the processing of the private data can be greatly improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic view of a scenario of a private data processing method provided in an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for processing private data according to an embodiment of the present invention;
fig. 3 is another schematic flow chart of a private data processing method provided in an embodiment of the present invention;
FIG. 4 is an interaction flow diagram of peer-to-peer interaction in private data interaction provided by an embodiment of the invention;
FIG. 5 is a schematic interaction flow diagram of a tilting interaction in a private data interaction provided by an embodiment of the present invention;
FIG. 6 is a schematic diagram of a ramping interaction with a total amount of data for master privacy data exceeding a total amount of data for guest privacy data for a differencing client provided by an embodiment of the invention;
FIG. 7 is a schematic diagram of a ramping interaction provided by an embodiment of the present invention where the total amount of data of the master privacy data does not exceed the total amount of data of the guest privacy data of the differencing client;
FIG. 8 is an interaction flow diagram of a composite interaction in a private data interaction provided by an embodiment of the invention;
FIG. 9 is a flow chart illustrating another interaction among multiple clients according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a private data processing apparatus according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of an interaction unit of a privacy data processing apparatus according to an embodiment of the present invention;
fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides a private data processing method and device and a computer readable storage medium. The privacy data processing apparatus may be integrated in an electronic device, and the electronic device may be a server or a terminal.
The private data may be data related to personal information of the user, and on the terminal or the server platform, the private data mainly includes an address book, a short message, device Information (ID), personal identification information, location information, and network related information. For example, when a user registers to use a new service (e.g., WeChat, Whatsapp, etc.), it is a necessary operation in most cases to find out which services are registered in the same category from the user's existing contacts. This may be done effectively by sending the user's contacts to the service provider, but at the same time the user's contact information may be private data, in which case the user's private data is typically exposed to the service provider if the user's contact information is sent directly to the service provider. Therefore, in this scenario, the function of finding a contact can be completed by performing privacy data processing with the contact information of the user as input of one party and all user information of the service provider as input of the other party, and information other than the intersection can be prevented from being leaked to any party. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, Network service, cloud communication, middleware service, domain name service, security service, Network acceleration service (CDN), big data and an artificial intelligence platform. The terminal may be, but is not limited to, a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, and the like. The terminal and the server may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.
For example, referring to fig. 1, taking an example that the private data processing apparatus is integrated in an electronic device, after acquiring a private data processing request, the electronic device indicates a client that needs to perform private data interaction with a local, according to the private data processing request, locally creating a host secure space, and enabling the client to locally create a guest secure space at the client, then, when security of the host secure space and the guest secure space meets a preset verification condition, constructing a secure channel and an interaction key between the host secure space and the guest secure space, performing private data interaction with the client through the secure channel and the interaction key, and calculating a private data intersection between the local and the client based on the interacted private data.
When the privacy data processing device is integrated in the electronic equipment, the local area of the privacy data processing device can be the local storage of the electronic equipment.
The client may be an entity or a virtual device providing data services corresponding to the local host, and the client and the local host mainly represent an implementation manner of network data access. The local host and the client may be integrated in one electronic device including a hardware device, may be integrated in different electronic devices including hardware devices, and may also be virtual cloud devices and the like. And carrying out private data interaction between the local host and the client.
The client and the local host can be cloud hosts or cloud clients under a cloud server, content data is stored in the cloud server mainly through cloud storage, cloud storage (cloud storage) is a new concept extending and developing on the cloud computing concept, and a distributed cloud storage system (hereinafter referred to as a storage system) refers to a storage system which integrates a large number of storage devices (storage devices are also referred to as storage nodes) of different types in a network through functions of cluster application, grid technology, distributed storage file systems and the like to cooperatively work through application software or application interfaces and provides data storage and service access functions to the outside.
At present, a storage method of a storage system is as follows: logical volumes are created, and when created, each logical volume is allocated physical storage space, which may be the disk composition of a certain storage device or of several storage devices. The client stores data on a certain logical volume, that is, the data is stored on a file system, the file system divides the data into a plurality of parts, each part is an object, the object not only contains the data but also contains additional information such as data identification (ID, ID entry), the file system writes each object into a physical storage space of the logical volume, and the file system records storage location information of each object, so that when the client requests to access the data, the file system can allow the client to access the data according to the storage location information of each object.
The process of allocating physical storage space for the logical volume by the storage system specifically includes: physical storage space is divided in advance into stripes according to a group of capacity measures of objects stored in a logical volume (the measures often have a large margin with respect to the capacity of the actual objects to be stored) and Redundant Array of Independent Disks (RAID), and one logical volume can be understood as one stripe, thereby allocating physical storage space to the logical volume.
The following are detailed below. It should be noted that the following description of the embodiments is not intended to limit the preferred order of the embodiments.
The embodiment will be described from the perspective of a privacy data processing apparatus, where the privacy data processing apparatus may be specifically integrated in an electronic device, and the electronic device may be a server or a terminal; the terminal may include a tablet Computer, a notebook Computer, a Personal Computer (PC), and other devices.
A method of private data processing, comprising:
the method comprises the steps of obtaining a privacy data processing request, wherein the privacy data processing request indicates a client needing to carry out privacy data interaction with the local, creating a main safety space in the local according to the privacy data processing request, enabling the client to create a guest safety space in the local of the client, when the safety of the main safety space and the security of the guest safety space meet preset verification conditions, constructing a safety channel and an interaction key between the main safety space and the guest safety space, carrying out privacy data interaction with the client through the safety channel and the interaction key, and calculating privacy data intersection between the local and the client based on the interacted privacy data.
As shown in fig. 2, the specific flow of the privacy data processing method is as follows:
101. and acquiring a privacy data processing request.
Wherein the privacy data processing request indicates a client which needs to perform privacy data interaction with the local.
For example, the privacy data request may be directly obtained, for example, a user selects a client that needs to perform privacy data interaction with a local area through a data interaction application program to trigger generation of a privacy data processing request, the privacy data processing request may carry information of the client, the privacy data processing request is sent to the privacy data processing apparatus, and the privacy data processing request may be directly received by the privacy data processing apparatus. When the number of the clients needing to perform the private data interaction with the local is large, the private data processing request can be indirectly acquired, for example, a user selects information of a plurality of clients needing to perform the private data interaction with the local through a data interaction application program to generate a client information set, the client information set is stored in a third-party database to obtain a storage address of the client information set, the private data processing request is generated, the storage address is added to the private data processing request, the private data processing request added with the storage address is sent to a private data processing device, the private data processing device extracts the storage address after receiving the private data processing request, and the client information set is acquired in the third-party database according to the extracted storage address.
Note that the client may also receive a private data processing request. The specific receiving mode is consistent with the receiving mode of the local host.
102. The host secure space is created locally in accordance with the private data processing request, and the client is caused to create the guest secure space locally at the client.
The main secure space and the guest secure space both belong to secure spaces, and the secure space may be a space that operates independently under a Trusted Execution Environment (TEE), and the narrow sense may be an area on the CPU. The function of this block area is to provide a more secure space for the execution of data and code and to ensure their confidentiality and integrity. The secure space is protected by hardware devices. Other applications or processes in the device cannot directly access the secure space. The underlying hardware manner for creating the secure space may include, but is not limited to, SGX (a hardware structure) of the Intel platform, TurstZone (a hardware structure) of the ARM platform, and the like.
For example, after receiving the private data processing request, the local host creates a secure space process, which is used to initialize a TEE environment in the local hardware area, and the space in the TEE environment may be referred to as a main secure space. Correspondingly, after the client receives the private data processing request, the client can also create a secure space process for initializing another TEE environment in the local hardware area of the client, and taking the space in the TEE environment as the guest secure space.
Optionally, after the master security space and the guest security space are created, the security of the master security space and the security of the guest security space need to be verified, and whether the security of the master security space and the security of the guest security space meet the preset verification condition is verified, the specific verification method may be as follows:
the method comprises the steps of conducting Hash measurement on attribute information of a main safety space, sending a first measurement result obtained through Hash measurement to a client, enabling the client to verify the safety of the main safety space according to the first measurement result, receiving a second measurement result of the safety verification result of the main safety space and the attribute information of the guest safety space, sent by the client, determining that the safety verification result of the guest safety space is verification pass when the second measurement result is the same as a preset measurement result, and determining that the main safety space and the guest safety space accord with preset conditions when the safety verification results of the main safety space and the guest safety space are verification pass.
For example, software code information of the main security space is acquired, hash measurement is performed on the software code information to obtain a first measurement result, the first measurement result is sent to the client, the client compares the first measurement result with a preset measurement result, if the preset measurement result is the same as the first measurement result, the client determines that security verification of the main security space is passed, and if the preset measurement result is not the same as the first measurement result, the client determines that security verification of the main security space is not passed. And the client can also perform Hash measurement on the software code information of the guest security space in the process of verifying the host security space to obtain a second measurement result. And the client sends the second measurement result and the security verification result of the main security space to the local, the local host compares the second measurement result with a preset measurement result, and when the second measurement result is the same as the preset measurement result, the security verification result of the guest security space is determined to be passed. And when the safety verification results of the main safety space and the passenger safety space are both verification passing, determining that the safety of the main safety space and the safety of the passenger safety space meet the preset conditions.
103. And when the safety of the main safety space and the guest safety space meets the preset conditions, constructing a safety channel and an interactive key between the main safety space and the guest safety space.
The secure channel may be a channel for securely transmitting data, and the secure channel is used to connect the local host secure space and the guest secure space of the client.
For example, when the Security of the host Security space and the Security of the guest Security space meet a preset condition, a host data transmission interface of the host Security space and a guest data transmission interface of the guest Security space are obtained, a preset Security transmission protocol is adopted, and a data transmission channel is constructed between the host data transmission interface and the guest data transmission interface, for example, the data transmission channel may be constructed based on a Transport Layer Security protocol (TLS), and the data transmission channel is used as a Security channel between the host Security space and the guest Security space. The key file is interacted with the client over the secure channel to generate an interaction key between the host secure space and the guest secure space. For example, a key file is exchanged with a client through Diffie-Hellman (key exchange protocol) in a secure channel, a session key between a host secure space and a guest secure space is generated according to the exchanged key file, a Hash operation of session extension is performed on the session key to obtain a symmetric key required by symmetric encryption and an Authentication key used for generating a Message Authentication Code (HMAC), and the session key, the symmetric key and the Authentication key are used as interaction keys and stored in the host secure space and the guest secure space.
Where the local host-generated interaction key and the client-generated interaction key may be the same.
104. And performing privacy data interaction with the client through the secure channel and the interaction key, and calculating privacy data intersection between the local and the client based on the interacted privacy data.
For example, basic information of the stored private data, including a total amount of the private data, may be exchanged with the client through the secure channel, the total amount of the private data of the client is compared with a total amount of the local main private data to determine a type of the client, an interaction policy corresponding to the client type is used to perform private data intersection with the client according to the secure channel, the main secure space and the interaction key, and the private data intersection between the local client and the client is calculated based on the interacted private data, which may specifically be as follows:
s1, basic information of the private data stored in the client is exchanged with the client through the secure channel.
The basic information includes a data amount of the local master privacy data and a data amount of the guest privacy data of the client, for example, the basic information may be data information such as a data size in the master privacy data set and the guest privacy data set.
For example, the basic information of the local master privacy data is acquired, the master privacy data is sent to the client, and the basic information of the guest privacy data sent by the client is received, so that the local host and the client can interact with the basic information of the private data stored respectively.
S2, comparing the total amount of the guest privacy data with the total amount of the master privacy data to determine the type of the client.
For example, a data difference value between the total amount of data of the guest privacy data and the total amount of data of the master privacy data may be calculated, the data difference value may be compared with a preset difference threshold, when the data difference value does not exceed the preset difference threshold, the type of the client may be determined as a peer client, and when the data difference value exceeds the preset difference threshold, the type of the client may be determined as a difference client.
Where a peer client may be understood as a client that is on the same order of magnitude as the private data of the local host, and a difference client may be understood as a client that is on a different order of magnitude than the private data of the local host.
And S3, according to the security channel, the main security space and the interaction key, performing privacy data interaction with the client by adopting an interaction strategy corresponding to the client type, and calculating privacy data intersection between the local and the client based on the interacted privacy data.
For example, according to the type of the client, a target client for performing private data interaction with the local is screened out from the clients, an interaction policy of the target client is determined, according to the interaction policy and an interaction key, private data interaction is performed between master private data and guest private data of the target client through a secure channel and a master secure space, and a private data intersection between the local and the client is calculated based on the interacted private data, which may specifically be as follows:
and C1, screening out target clients for interacting with the local private data in the clients according to the types of the clients, and determining the interaction strategy of the target clients.
For example, when the client is a peer client, the peer client is used as a target client for private data interaction with the local, and the interaction policy of the target client is determined to be peer-to-peer interaction. When the clients are difference clients, a preset number of difference clients are screened out from the difference clients as target clients, for example, when only one order of magnitude of difference clients exists in the clients performing privacy data interaction with the local, the preset number may be 1, when a plurality of orders of magnitude of difference clients exist in the clients performing privacy data interaction with the local, the preset number may be a number corresponding to the plurality of orders of magnitude, the preset number of difference clients are screened out from the difference clients as target clients, and the interaction policy of the target clients is determined to be oblique interaction. When the clients comprise the equal clients and the difference clients, a preset number of difference clients are screened out from the difference clients, the preset number of difference clients and all the equal clients are used as target clients, and the interaction strategy of the target clients is determined to be composite interaction.
The composite interaction can be peer-to-peer interaction with peer clients first, and tilt interaction with the difference client after the peer-to-peer interaction is completed.
And C2, carrying out privacy data interaction between the master privacy data and the guest privacy data of the target client through a security channel and the master security space according to the interaction strategy and the interaction key, and calculating the privacy data intersection between the local client and the client based on the interacted privacy data.
For example, when the interaction policy is peer-to-peer interaction, performing privacy data interaction on the same amount of proportion of master privacy data and the guest privacy data of the peer client through a secure channel and an interaction key, calculating the intersection between the master privacy data and the guest privacy data of the peer client in the master security space to obtain the privacy data intersection between the local client and the client, when the interaction policy is oblique interaction, receiving candidate privacy data sent by the difference client, determining the privacy data intersection between the local client and the client according to the candidate privacy data, when the interaction policy is composite interaction, performing privacy data interaction on the same amount of proportion of master privacy data and the guest privacy data of the peer client, calculating the intersection between the master privacy data and the guest privacy data of the peer client in the master security space to obtain the initial data intersection, and receiving guest privacy data sent by the difference client, and determining the privacy data intersection between the local client and the client according to the initial data intersection and the guest privacy data sent by the difference client. Specifically, the following may be mentioned:
(1) when the interaction strategy is peer-to-peer interaction, carrying out privacy data interaction on the master privacy data with the same quantity proportion and the guest privacy data of the same client through a security channel and an interaction key, and calculating the intersection between the master privacy data and the guest privacy data of the same client in the master security space to obtain the privacy data intersection between the local client and the client.
For example, when the interaction policy is peer-to-peer interaction, privacy data of a target quantity proportion may be screened from the master privacy data as target master privacy data, the target master privacy data is sent to the peer client through a secure channel and an interaction key, the target guest privacy data sent by the peer client is received, an intersection of the remaining master privacy data that is not sent to the peer client and the target guest privacy data is calculated in a master security space, a first initial data intersection is obtained, the first initial data intersection is sent to the peer client, a second initial data intersection sent by the peer client is received, the first initial data intersection and the second initial data intersection are fused, and a privacy data intersection between the local client and the client is obtained. Specifically, the following may be mentioned:
b1, screening privacy data with a target quantity proportion from the master privacy data to serve as target master privacy data, and sending the target master privacy data to the peer client through the secure channel and the interactive key.
For example, when the interaction policy is peer-to-peer interaction, the target number ratio of the private data interaction between the local and peer clients and the number of the data buckets for storing the private data are determined according to the basic information of the peer clients, for example, the target number ratio of the private data interaction between the local and peer clients may be determined according to the number of the peer clients, for example, the number of the peer clients is n, and the local host interacting with the peer clients is added, so as to ensure that the target number ratio of the interaction between each client is the same, the target number ratio may be determined to be 1/(n + 1). Then, the number of data buckets for storing the private data is determined according to the maximum secure memory of the main secure space and the guest secure space and the total amount of the private data used for interaction, for example, with the secure memory of the main secure space and the guest secure space being 128M, each data bucket can store 10M at most, the maximum data of the total amount of the private data of user interaction being 200M, and the target quantity ratio being 1/5 as an example, the total amount of the private data used for interaction in the main secure space and the guest secure space can be 40M at most, and therefore, the number of data Buckets (BN) can be determined to be 4, and the number of data buckets can be stored in a local area outside the secure space. The method comprises the steps that a main data sub-bucket corresponding to the number of sub-buckets is established in a local area outside a main safety space, a session key is adopted to conduct initial encryption on main privacy data, the initial encrypted local privacy data are cut into sub-privacy data corresponding to the number of sub-buckets, the number of each sub-privacy data stored in the sub-bucket of the main data sub-bucket is determined, and the sub-privacy data are stored in the main data sub-bucket corresponding to the number of the sub-bucket. For example, the session key is hashed to obtain a hash value, the hash value is valid in a single private data interaction, the hash value is output to a local area outside the main secure space and stored as a salt file, carrying out hash operation with salt on the local main private data according to the hash salt in the salt file, wherein the algorithm of the hash operation can be SHA-256 algorithm, and the operation result is subjected to sub-bucket to store the encrypted main privacy data into the data sub-bucket, such as, the CRC32 algorithm may be used to convert the hash result into an integer value within a fixed range, and perform a modulo operation, which may be the number of buckets, therefore, the main private data can be cut into sub private data corresponding to the sub-bucket number, the sub-bucket number of each sub private data is obtained, and then the sub private data is stored to the main data sub-bucket corresponding to the sub-bucket number.
The master privacy data corresponding to the target quantity proportion is screened out from the master data sub-buckets as the target privacy data, for example, the target quantity proportion is 1/2, and the data sub-buckets in the local host and the client are the same in quantity, so that an odd-even dividing mode can be adopted, for example, the master privacy data in the odd-numbered master data sub-buckets can be screened out from the master privacy data locally as the target master privacy data, and the target guest privacy data screened out by the corresponding client can be the guest privacy data in the even-numbered guest data sub-buckets as the target guest privacy data. The target main private data are stored in a main safe space, the target main private data in the data sub-buckets are encrypted one by one in the main safe space by adopting a symmetric key, the encryption algorithm can be various, for example, an advanced encryption standard AES can be adopted, and the encryption mode selects a Cipher Feedback (CFB) mode. The authentication key is adopted to calculate the HMAC for the target main privacy data, the HMAC is attached to the beginning of the ciphertext of the target main privacy data to obtain encrypted target main privacy data, the encrypted target main privacy data are sent to the same client through the secure channel, and various transmission modes can be adopted through the secure channel sending mode, such as a scp file transmission protocol, a message queue and other transmission modes.
The data sub-bucket is adopted mainly to ensure that paging does not occur when processing private data, and therefore, the minimum sub-bucket number needs to be determined according to the upper limit of the secure memory.
According to the principle of the sub-bucket, in the process of asking for mutual agreement between two parties, if the two parties have the same original private data, the same private data can exist in the same sub-bucket after hash and sub-bucket operation, and therefore the fact that the private data stored in the data sub-bucket by the two parties can be safely asked for mutual agreement and comparison can be guaranteed.
And B2, receiving the target guest privacy data sent by the peer client, and calculating the intersection of the remaining host privacy data which are not sent to the peer client and the target guest privacy data in the host security space to obtain a first initial data intersection.
For example, target guest privacy data sent by an equivalent client is received, integrity of the target guest privacy data is verified by using an authentication key in a master security space, the integrity verification is mainly used for verifying whether the target guest privacy data is complete, the verification method can be used for calculating an HMAC by using the authentication key, the HMAC is compared with an authentication code at the beginning of the target guest privacy data, if the HMAC is consistent with the authentication code at the beginning of the target guest privacy data, the integrity of the target guest privacy data can be determined to pass the verification, otherwise, the integrity of the target guest privacy data is determined not to pass the verification, and at this time, the target guest privacy data is discarded. When the integrity of the target guest private data passes verification, the target guest private data are decrypted by adopting a symmetric key, then, the intersection between the decrypted target guest private data and the residual master private data which are not sent to the same client is calculated to obtain a first initial data intersection, for example, the target master private data in the data sub-bucket corresponding to the odd number are sent to the client, the residual master private data in the data sub-bucket corresponding to the odd number which is not sent to the client are stored in a master security space, the residual master private data are compared with the target guest private data, and the same private data are used as the first initial data intersection.
B3, sending the first initial data intersection to the peer client, and receiving the second initial data intersection sent by the peer client.
Wherein the second initial data intersection may be an intersection between remaining guest privacy data not sent locally calculated by the peer client and the target master privacy data.
For example, when the local host sends the target guest privacy data to the peer client, the peer client calculates the intersection between the remaining guest privacy data that is not sent to the local host and the target host privacy data in the same calculation manner as the local host, so as to obtain the second initial data intersection. The peer client and the local host interact with the respective computed initial data intersection over the secure channel.
And B4, fusing the first initial data intersection and the second initial data intersection to obtain the privacy data intersection between the local computer and the client computer.
For example, the first initial data intersection and the second initial data intersection are combined, for example, the first initial data intersection and the second initial data intersection are compared, if the first initial data intersection and the second initial data intersection do not have the same privacy data, the privacy data in the two initial data intersections are directly combined into a new data intersection to obtain the privacy data intersection between the local area and the client, and if the first initial data intersection and the second initial data intersection have the same privacy data, the same privacy data is calculated as one privacy data, and then the same privacy data is combined with other different privacy data to obtain the privacy data intersection between the local area and the client.
(2) And when the interaction strategy is oblique interaction, receiving candidate privacy data sent by the difference client, and determining the privacy data intersection between the local client and the client according to the candidate privacy data.
For example, when the interaction policy is a tilted interaction, it is necessary to compare the total amount of data of the master privacy data with the total amount of data of the guest privacy data of the difference client, receiving first candidate privacy data transmitted by the difference client when the total amount of data of the master privacy data exceeds the total amount of data of the guest privacy data of the difference client, and based on the interaction key, calculating an intersection between the primary privacy data and the first candidate privacy data in the primary security space to obtain an intersection of privacy data between the local and client machines, when the total amount of data of the master privacy data does not exceed the total amount of data of the guest privacy data of the difference client, and according to the interaction key, encrypting the main privacy data and then sending the main privacy data to the difference client, receiving second candidate privacy data sent by the difference client, and taking the second candidate privacy data as the privacy data intersection between the local client and the client. Specifically, the following may be mentioned:
and A1, when the total data amount of the main privacy data exceeds the total data amount of the guest privacy data of the difference client, receiving first candidate privacy data sent by the difference client, and calculating the intersection between the main privacy data and the first candidate privacy data in the main security space according to the interaction key so as to obtain the privacy data intersection between the local and the client.
Wherein the first privacy data may be guest privacy data encrypted by the difference client.
For example, when the total data amount of the master privacy data exceeds the total data amount of the guest privacy data of the difference client, the first candidate privacy data sent by the client is received, the integrity of the first candidate privacy data is verified by using the authentication key in the master security space, the verification method may be that the HMAC is calculated by using the authentication key, the HMAC is compared with the authentication code at the beginning of the first candidate privacy data, if the comparison is consistent, the integrity of the first candidate privacy data is determined to pass the verification, otherwise, the integrity of the first candidate privacy data is determined not to pass the verification, and at this time, the first candidate privacy data is discarded. And when the integrity of the first candidate private data passes verification, decrypting the first candidate private data by adopting a symmetric key in the main security space, and calculating the intersection between the decrypted first candidate private data and the main private data in the main security space to obtain the target private data intersection. And taking the target privacy data intersection as the privacy data intersection between the local and the client.
And A2, when the total data amount of the main privacy data does not exceed the total data amount of the guest privacy data of the difference client, encrypting the main privacy data according to the interaction key and then sending the main privacy data to the difference client, receiving second candidate privacy data sent by the difference client, and taking the second candidate privacy data as the privacy data intersection between the local client and the client.
For example, when the total amount of the master private data does not exceed the total amount of the guest private data of the difference client, the master private data may be initially encrypted by using the session key, and the initially encrypted master private data may be stored in a data sub-bucket, for example, the session key may be subjected to a hash operation to obtain a hash value, the hash value is valid in a single private data interaction, the hash value is output to a local area outside the master secure space and stored as a salt file, the local master private data may be subjected to a salt hash operation according to the hash value in the salt file, the hash operation may be performed by using a SHA-256 algorithm, and the operation result may be subjected to a sub-bucket to store the encrypted master private data in the data sub-bucket, for example, the CRC32 algorithm may be used to convert the hash result into an integer value in a fixed range and perform a modulo operation, the modulus can be for dividing a bucket quantity, just so can cut into the sub-private data that corresponds to the sub-bucket quantity with main private data, obtain the sub-bucket number of each sub-private data, then, divide the bucket to main data that the sub-private data storage corresponds to the sub-bucket number. Storing the main data in the sub-bucket to a main security space, and encrypting the main private data in the sub-bucket one by one in the main security space by adopting a symmetric key, wherein the encryption algorithm can be various, for example, an advanced encryption standard AES can be adopted, and the encryption mode selects a CFB mode. The method comprises the steps of calculating HMAC (high-speed password) by adopting an authentication key to the main privacy data, attaching the HMAC to the beginning of a ciphertext of the main privacy data to obtain encrypted main privacy data, sending the encrypted main privacy data to a difference client through a secure channel, enabling the difference client to calculate the intersection of the encrypted main privacy data and guest privacy data stored by the difference client, obtaining second candidate privacy data, receiving the second candidate privacy data sent by the difference client, and using the second candidate privacy data as the intersection of the privacy data between the local client and the client.
(3) When the interaction strategy is composite interaction, carrying out privacy data interaction on the master privacy data with the same quantity proportion and the guest privacy data of the same client, calculating the intersection between the master privacy data and the guest privacy data of the same client in the master security space to obtain an initial data intersection, receiving the guest privacy data sent by the different client, and determining the privacy data intersection between the local client and the client according to the initial data intersection and the guest privacy data sent by the different client.
For example, candidate main privacy data used for privacy data interaction is screened out from the main privacy data, the candidate main privacy data is encrypted by using an interaction key, for example, the main privacy data is initially encrypted by using a session key, the initially encrypted main privacy data is stored in a main data sub-bucket, the main privacy data corresponding to a target quantity proportion is screened out from the main data sub-bucket and is used as the candidate main privacy data, the candidate main privacy data is stored in a main security space, and the candidate main privacy data is encrypted by using a symmetric key and an authentication key in the main security space. Sending the encrypted candidate master privacy data to the peer client through a secure channel, receiving the candidate guest privacy data sent by the peer client, calculating the intersection of the candidate guest privacy data and the privacy data except for the candidate privacy data in the master privacy data in a master secure space to obtain the initial data intersection between the master privacy data and the guest privacy data of the peer client, for example, sending the encrypted candidate master privacy data to the peer client, receiving the candidate guest privacy data sent by the peer client, and verifying the integrity of the candidate guest privacy data in the master secure space by using an authentication key, for example, the verification method can be that the HMAC is calculated by using the authentication key, the HMAC is compared with the authentication code at the beginning of the candidate guest privacy data, and if the comparison is consistent, the integrity of the candidate guest privacy data can be determined to pass the verification, otherwise, the integrity of the candidate guest privacy data is determined to be not verified, and at the moment, the candidate guest privacy data is discarded. When the integrity of the candidate guest private data passes verification, the symmetric key is adopted to decrypt the candidate guest private data, the intersection of the decrypted candidate guest private data and the private data except the candidate private data in the master private data is calculated in the master security space, the first candidate data intersection is sent to the same client, the second candidate data intersection sent by the same client is accepted, the first candidate data intersection and the second candidate data intersection are fused, and the initial data intersection of the local master private data and the guest private data of the same client is obtained.
And comparing the data total amount of the private data in the initial data intersection with the number total amount of the guest private data of the difference client, wherein the interaction strategy between the local client and the client returns to the oblique interaction. When the data total amount of the private data in the initial data intersection exceeds the data total amount of the guest private data of the difference client, receiving the current guest private data sent by the difference client, calculating the intersection between the initial data intersection and the current guest private data, for example, receiving the current guest private data sent by the difference client, wherein the current guest private data is formed by encrypting the guest private data stored in the difference client by using a session key for initial encryption and storing the guest private data in a guest data sub-bucket, and continuously encrypting the guest private data in the guest private data by using a symmetric key and an authentication key in a guest security space. The local host computer adopts an authentication key to verify the integrity of the current guest privacy data in the main security space, the verification method can be that the HMAC is calculated by adopting the authentication key, the HMAC is compared with the authentication code at the beginning of the current guest privacy data, if the comparison is consistent, the integrity of the current guest privacy data can be determined to pass the verification, otherwise, the integrity of the current guest privacy data is determined not to pass the verification, and at the moment, the current guest privacy data is discarded. When the integrity of the current guest privacy data passes verification, the current guest privacy data are decrypted by adopting a symmetric key in the main security space, the intersection between the decrypted current guest privacy data and the initial data intersection is calculated in the main security space, a current privacy data intersection is obtained, and the current privacy data intersection is used as the privacy data intersection between the local client and the client.
When the data total amount of the private data in the initial data intersection does not exceed the data total amount of the guest private data of the difference client, according to the interactive key, the initial data intersection is encrypted and then sent to the difference client, for example, the initial data intersection can be initially encrypted by adopting a session key and stored to a main data sub-bucket, the main data sub-bucket is stored to a main security space, the initial data intersection in the main data sub-bucket is encrypted by adopting an authentication key and a symmetric key in a main security control, for example, the initial data intersection can be directly encrypted by adopting the symmetric key, the encryption algorithm can be various, for example, an Advanced Encryption Standard (AES) can be adopted, and the CFB mode is selected in the encryption mode. The method comprises the steps of calculating HMAC (maximum likelihood access control) by adopting an authentication key to the main private data, attaching the HMAC to the beginning of a ciphertext of initial data intersection, encrypting the integrity of the initial data intersection, finally obtaining the encrypted initial data intersection, sending the encrypted initial data intersection to a difference client, verifying the integrity of the encrypted initial data intersection by adopting the authentication key in a guest security space by the difference client, calculating the HMAC by adopting the authentication key, comparing the HMAC with an authentication code of the beginning of the encrypted initial data intersection, determining that the integrity of the encrypted initial data intersection passes verification if the comparison is consistent, otherwise determining that the integrity of the encrypted initial data intersection does not pass verification, and discarding the encrypted initial data intersection. When the integrity of the encrypted initial data intersection passes verification, decrypting the encrypted initial data intersection by using a symmetric key in a guest security space, for example, the symmetric key decryption mode can be advanced encryption standard AES, the encryption mode selects a decryption mode corresponding to a CFB mode, calculating the intersection of the decrypted initial data intersection and guest privacy data stored by the host in the guest security space to obtain a privacy data set after the initial data intersection is solved, sending the privacy data set to the local, and taking the privacy data set as the privacy data intersection between the local and the client when the local host receives the sent privacy data set after the difference client solves the initial data intersection.
It should be noted that, if the client includes the total amount of the guest privacy data corresponding to multiple hierarchies or multiple orders of magnitude, the initial data set obtained after the local intersection with the equivalent client is respectively intersected with the guest privacy data stored by the different clients with different orders of magnitude, and the privacy data set obtained after the initial data intersection is intersected with the guest privacy data stored by all the different clients is used as the privacy data set between the local client and the client. For the difference clients, if the data difference value of the total data amount between the difference clients does not exceed the preset data difference value, peer-to-peer interaction can be adopted between the same difference clients for carrying out the transaction, and the transaction is only carried out locally with any difference client on the order of magnitude after the transaction is completed. For example, the initial data intersection is obtained after local intersection with the peer clients, the difference clients include a first difference client, a second difference client and a third difference client, wherein a data difference value between the total amounts of data of the first difference client and the second difference client does not exceed a preset data difference value, a first difference client may be considered a peer-client relationship with a second difference client, and therefore, the initial data intersection is such that, upon a skewed interaction between the three difference clients, a private data intersection may be found for the first oblique interaction with the third difference client, which, at this point, and the first difference client and the second difference client adopt equal interaction to solve intersection to obtain another privacy data intersection, and the two privacy data intersections are fused to obtain the privacy data intersection between the local client and the client.
Optionally, in the case that there are multiple clients, performing intersection calculation with any one of the local clients to obtain an intersection between the local master privacy data and the guest privacy data of one of the clients, then continuing to perform intersection calculation with another intersection obtained after intersection calculation between two of the other clients, and so on until the guest privacy data of all the clients are completely intersected, so as to obtain an intersection between the local master privacy data and the private data of the clients, for example, the privacy data processing system may include a storage unit that stores the local master privacy data and the guest privacy data stored by the multiple clients, which is described by taking 3 clients as an example, performing intersection calculation between the local master privacy data and the guest privacy data of one of the clients to obtain a first initial privacy data intersection, and the other two clients also perform privacy data intersection calculation to obtain a second initial privacy data intersection, and then the intersection of the first initial privacy data intersection and the second privacy data can be calculated again to obtain the final privacy data intersection of the local main privacy data and the passenger privacy data of all the clients.
As can be seen from the above, in the embodiments of the present application, after a privacy data processing request is obtained, the privacy data processing request indicates a client that needs to perform privacy data interaction with a local area, a master security space is created locally according to the privacy data processing request, and a guest security space is created locally by the client at the client, when security of the master security space and security of the guest security space meet a preset verification condition, a security channel and an interaction key between the master security space and the guest security space are constructed, and perform privacy data interaction with the client through the security channel and the interaction key, and calculate a privacy data intersection between the local area and the client based on the interacted privacy data; according to the scheme, the safe spaces are respectively established in the host and the client, the safe channel and the interactive key between the host safe space and the guest safe space are established, the private data are directly processed in the safe space through the safe channel and the interactive key, the processing of the private data is not needed through a third-party server, and the safety and the processing speed of the processing of the private data can be greatly improved.
The method described in the above examples is further illustrated in detail below by way of example.
In this embodiment, the privacy data processing apparatus is specifically integrated in an electronic device, and the electronic device includes a local host and a local client.
The Host and the client are only devices for conveniently distinguishing and providing the private data service, and two parties participating in calculating the private data intersection can be respectively regarded as Guest and Host, so that the Host can be either Guest or Host, the corresponding client is the other one corresponding to the Host, and for example, the Host is Guest, and the client can be Host. In a private data processing system, the host or client may be one or more.
As shown in fig. 3, a private data processing method specifically includes the following steps:
201. the host and the client respectively obtain the private data processing request.
For example, a user selects a client needing to perform private data interaction with the local through a data interaction application program, so as to trigger generation of a private data processing request, wherein the private data processing request carries information of the client and host information and is used for indicating the client needing to perform private data interaction with the local. And sending the privacy data processing request to the host and the client. The host and the client respectively obtain the privacy data processing requests. For example, the information of a plurality of clients needing to perform private data interaction with the local is selected for the user through a data interaction application program, a host and client information set is generated, the host and client information set is stored in a third-party database, storage addresses of the host and client information set are obtained, a private data processing request is generated, the storage addresses are added to the private data processing request, the private data processing request added with the storage addresses is sent to the host and the client, the storage addresses are extracted after the host and the client receive the private data processing request, and the host and the client information set is obtained in the third-party database according to the extracted storage addresses. The host obtains information for the client in this set of information, and the client obtains information for the host in this set of information.
202. The host locally creates a secure space based on the private data processing request and causes the client to create a guest secure space locally at the client.
For example, after receiving the private data processing request, the local host creates a secure space process, which is used to initialize a TEE environment in the local hardware area to obtain the main secure space. Accordingly, after the client receives the private data handling request, the client may also create a secure space process for initializing another TEE environment in a hardware area local to the client to obtain the guest secure space.
Optionally, after the master security space and the guest security space are created, the security of the master security space and the security of the guest security space need to be verified, and whether the security of the master security space and the security of the guest security space meet the preset verification condition is verified, the specific verification method may be as follows:
the host computer obtains the software code information of the main safety space, carries out Hash measurement on the software code information, sends a first measurement result obtained by the Hash measurement to the client computer, the client computer verifies the safety of the main safety space according to the first measurement result, at the moment, the client computer also needs to carry out Hash measurement on the software code information of the guest safety space to obtain a second measurement result, when the safety verification of the main safety space is completed to obtain the verification result, the second measurement result of the safety verification result of the main safety space and the attribute information of the guest safety space are sent to the host computer, at the moment, the host computer verifies the safety of the guest safety space according to the second measurement result, the mode that the host computer and the client computer verify the measurement result can be that the measurement result is compared with the preset measurement result, when the first measurement result and the second measurement result are the same as the preset measurement result, the security of the host security space and the security of the guest security space can be verified, and at the moment, the security of the host security space and the security of the guest security space can be determined to meet the preset conditions.
203. And when the safety of the host safety space and the guest safety space meets the preset conditions, the host computer and the client computer construct a safety channel and an interaction key between the host safety space and the guest safety space.
For example, when the security of the host security space and the security of the guest security space meet a preset condition, the host and the client respectively obtain a host data transmission interface of the host security space and a guest data transmission interface of the guest security space, and adopt a TLS security protocol to construct a data transmission channel between the host data transmission structure and the guest data transmission interface, and use the data transmission channel as a security channel between the host security space and the guest security space. The host exchanges key files with the client through Diffie-Hellman handshake in a secure channel, the host and the client respectively generate session keys between a host secure space and a guest secure space according to the exchanged key files, the session keys are subjected to hash operation of session extension to obtain symmetric keys required by symmetric encryption and authentication keys used for generating HMAC, and the session keys, the symmetric keys and the authentication keys are used as interaction keys and stored in the host secure space and the guest secure space.
204. The host exchanges basic information of the respective stored private data with the client through the secure channel.
For example, the host acquires basic information of local master privacy data, transmits the master privacy data to the client, and receives the basic information of guest privacy data transmitted by the client, so that the local host and the client interact with the basic information of the private data stored respectively.
205. The host machine compares the data amount of the guest privacy data of the client machine with the data amount of the local master privacy data to determine the type of the client machine.
For example, the host may calculate a data difference value between a total amount of data of the guest privacy data and a total amount of data of the master privacy data, compare the data difference value with a preset difference threshold, may determine that the type of the client is a peer client when the data difference value does not exceed the preset difference threshold, and determine that the type of the client is a difference client when the data difference value exceeds the preset difference threshold.
206. The host screens out target clients for interacting with local private data in the clients according to the types of the clients, and determines interaction strategies of the target clients.
For example, when the client is a peer client, the host takes the peer client as a target client for private data interaction with the local and determines the interaction policy of the target client as peer-to-peer interaction. When the clients are difference clients, the host screens out a preset number of difference clients from the difference clients as target clients, for example, when only one order of magnitude of difference clients exists in the clients performing privacy data interaction with the local, the preset number may be 1, when a plurality of orders of magnitude of difference clients exist in the clients performing privacy data interaction with the local, the preset number may be a number corresponding to the plurality of orders of magnitude, the preset number of difference clients from the difference clients are screened out as the target clients, and the interaction policy of the target clients is determined to be oblique interaction. When the clients comprise the equal clients and the difference clients, a preset number of difference clients are screened out from the difference clients, the preset number of difference clients and all the equal clients are used as target clients, and the interaction strategy of the target clients is determined to be composite interaction.
207. And according to the interaction strategy and the interaction key, the host carries out privacy data interaction on the master privacy data and the guest privacy data of the target client through a security channel and the master security space, and calculates the privacy data intersection between the local client and the client based on the interacted privacy data.
For example, when the interaction policy is peer-to-peer interaction, performing privacy data interaction on the same amount of proportion of master privacy data and the guest privacy data of the peer client through a secure channel and an interaction key, calculating the intersection between the master privacy data and the guest privacy data of the peer client in the master security space to obtain the privacy data intersection between the local client and the client, when the interaction policy is oblique interaction, receiving candidate privacy data sent by the difference client, determining the privacy data intersection between the local client and the client according to the candidate privacy data, when the interaction policy is composite interaction, performing privacy data interaction on the same amount of proportion of master privacy data and the guest privacy data of the peer client, calculating the intersection between the master privacy data and the guest privacy data of the peer client in the master security space to obtain the initial data intersection, and receiving guest privacy data sent by the difference client, and determining the privacy data intersection between the local client and the client according to the initial data intersection and the guest privacy data sent by the difference client. Specifically, the following may be mentioned:
(1) when the interaction strategy is peer-to-peer interaction, the host carries out privacy data interaction on the master privacy data with the same quantity proportion and the guest privacy data of the same client through a safety channel and an interaction key, and calculates the intersection between the master privacy data and the guest privacy data of the same client in the master safety space so as to obtain the privacy data intersection between the local client and the client.
For example, when the interaction policy is peer-to-peer interaction, the host may screen privacy data of a target quantity proportion from the master privacy data as target master privacy data, send the target master privacy data to the peer client through a secure channel and an interaction key, receive the target guest privacy data sent by the peer client, calculate an intersection between the remaining master privacy data that are not sent to the peer client and the target guest privacy data in a master security space, obtain a first initial data intersection, send the first initial data intersection to the peer client, receive a second initial data intersection sent by the peer client, fuse the first initial data intersection and the second initial data intersection, and obtain a privacy data intersection between the local client and the client. As shown in fig. 4, the following may be specifically mentioned:
d1, the host screens the privacy data with the target quantity proportion from the master privacy data to serve as target master privacy data, and sends the target master privacy data to the peer client through the secure channel and the interactive key.
For example, the host may determine a target number ratio of private data interactions with local and peer clients based on the number of peer clients, e.g., n, plus the local host interacting with the peer clients, and thus may determine the target number ratio to be 1/(n + 1) in order to ensure that the target number ratio of interactions between each client is the same. Then, the number of data buckets for storing the private data is determined according to the maximum secure memory of the main secure space and the guest secure space and the total amount of the private data used for interaction, for example, with the secure memory of the main secure space and the guest secure space being 128M, each data bucket can store 10M at most, the maximum data of the total amount of the private data of user interaction being 200M, and the target quantity ratio being 1/5 as an example, the total amount of the private data used for interaction in the main secure space and the guest secure space can be 40M at most, and therefore, the number of data Buckets (BN) can be determined to be 4, and the number of data buckets can be stored in a local area outside the secure space. Creating main data sub-buckets corresponding to the sub-bucket number in a local area outside the main security space, performing hash operation on a session key to obtain a hash salt value, wherein the hash salt value is effective in single privacy data interaction, outputting the hash salt value to the local area outside the main security space to be stored as a salt value file, performing hash operation with salt on the local main privacy data according to the hash salt value in the salt value file, wherein the hash operation algorithm can be SHA-256 algorithm, and sub-buckets are performed on the operation result to store the encrypted main privacy data into data sub-buckets, for example, CRC32 algorithm can be adopted to convert the hash result into an integer value in a fixed range and perform modular operation, the modulus can be the sub-bucket number, so that the main privacy data can be divided into sub-privacy data corresponding to the sub-bucket number to obtain the sub-bucket number of each sub-privacy data, and then, storing the sub-private data to the main data sub-bucket corresponding to the sub-bucket number.
Taking the target quantity ratio of 1/2 as an example, since the local host and the client have the same data sub-bucket quantity, an odd-even division mode can be adopted, for example, the host privacy data in the odd-numbered host data sub-bucket can be screened out from the host privacy data locally as the target host privacy data, and the target guest privacy data screened out by the corresponding client can be the guest privacy data in the even-numbered guest data sub-bucket as the target guest privacy data. And storing the target main privacy data into the main security space, wherein the target main privacy data can be encrypted by adopting an advanced encryption standard AES (advanced encryption standard) and selecting a CFB (computational fluid dynamics) mode as an encryption mode. The authentication key is adopted to calculate the HMAC for the target master privacy data, the HMAC is attached to the beginning of the ciphertext of the target master privacy data to obtain encrypted target master privacy data, the encrypted target master privacy data are sent to the equivalent client through a secure channel,
it should be noted that, when the host filters and encrypts the target master private data, the target client, that is, the peer client, also filters and encrypts the target guest private data, and the filtering and encrypting methods are the same as those of the host.
D2, the host receives the target guest privacy data sent by the peer client, and calculates the intersection of the remaining host privacy data which are not sent to the peer client and the target guest privacy data in the host security space to obtain a first initial data intersection.
For example, the host receives target guest privacy data sent by the peer client, in the master security space, the HMAC is calculated by using the authentication key, the HMAC is compared with the authentication code at the beginning of the target guest privacy data, if the HMAC and the authentication code at the beginning of the target guest privacy data are consistent, the integrity of the target guest privacy data can be determined to pass the verification, otherwise, the integrity of the target guest privacy data is determined not to pass the verification, and at this time, the target guest privacy data is discarded. When the integrity of the target guest private data passes verification, the target guest private data are decrypted by adopting a symmetric key, then, the intersection between the decrypted target guest private data and the residual master private data which are not sent to the same client is calculated to obtain a first initial data intersection, for example, the target master private data in the data sub-bucket corresponding to the odd number are sent to the client, the residual master private data in the data sub-bucket corresponding to the odd number which is not sent to the client are stored in a master security space, the residual master private data are compared with the target guest private data, and the same private data are used as the first initial data intersection.
D3, the host sending the first initial data intersection to the peer client and receiving the second initial data intersection sent by the peer client.
For example, when the local host sends the target guest privacy data to the peer client, the peer client calculates the intersection between the remaining guest privacy data that is not sent to the local host and the target host privacy data in the same calculation manner as the local host, so as to obtain the second initial data intersection. The peer client and the local host interact with the respective computed initial data intersection over the secure channel.
And D4, fusing the first initial data intersection and the second initial data intersection to obtain the privacy data intersection between the local computer and the client computer.
For example, comparing a first initial data intersection with a second initial data intersection, if the first initial data intersection and the second initial data intersection do not have the same privacy data, directly combining the privacy data in the two initial data intersections into a new data intersection to obtain the privacy data intersection between the local and the client, and if the first initial data intersection and the second initial data intersection have the same privacy data, calculating the same privacy data as one privacy data, and combining the same privacy data with other different privacy data to obtain the privacy data intersection between the local and the client.
It should be noted that, in the process of fusing the first initial data intersection and the second initial data intersection, the host and the client may respectively perform fusion, and the process of fusion is the same, or fusion calculation may be performed, and the fusion result is sent to another party, for example, the host performs fusion calculation and sends the fusion result to each client, or the client performs fusion calculation and sends the fusion result to the host.
(2) And when the interaction strategy is oblique interaction, receiving candidate privacy data sent by the difference client, and determining the privacy data intersection between the local client and the client according to the candidate privacy data.
For example, when the interaction policy is a skewed interaction, the host needs to compare the total amount of data of the master privacy data with the total amount of data of the guest privacy data of the difference client, receiving first candidate privacy data transmitted by the difference client when the total amount of data of the master privacy data exceeds the total amount of data of the guest privacy data of the difference client, and based on the interaction key, calculating an intersection between the primary privacy data and the first candidate privacy data in the primary security space to obtain an intersection of privacy data between the local and client machines, when the total amount of data of the master privacy data does not exceed the total amount of data of the guest privacy data of the difference client, and according to the interaction key, encrypting the main privacy data and then sending the main privacy data to the difference client, receiving second candidate privacy data sent by the difference client, and taking the second candidate privacy data as the privacy data intersection between the local client and the client. As shown in fig. 5, the following may be specifically mentioned:
and E1, when the total data amount of the main privacy data exceeds the total data amount of the guest privacy data of the difference client, receiving the first candidate privacy data sent by the difference client, and calculating the intersection between the main privacy data and the first candidate privacy data in the main security space according to the interaction key so as to obtain the privacy data intersection between the local and the client.
For example, when the total amount of the master privacy data exceeds the total amount of the guest privacy data of the difference client, as shown in fig. 6, the difference client needs to encrypt the guest privacy data stored by itself, the encryption may be performed by initially encrypting the guest privacy data with a session key, then storing the guest privacy data after the initial encryption into a guest data sub-bucket, sub-bucket storing the guest data into a guest secure space, encrypting the guest privacy data in the guest data sub-bucket with a symmetric key and an authentication key in the guest secure space to obtain a first candidate privacy data, the difference client sends the first candidate privacy data to the host, the host verifies the integrity of the first candidate privacy data with the authentication key in the master secure space, the verification may be performed by calculating an HMAC with the authentication key, and comparing the HMAC with the authentication code at the beginning of the first candidate privacy data, if the comparison is consistent, the integrity of the first candidate privacy data can be determined to pass the verification, otherwise, the integrity of the first candidate privacy data is determined not to pass the verification, and at the moment, the first candidate privacy data is discarded. When the integrity of the first candidate private data passes verification, the host decrypts the first candidate private data in the main security space by adopting the symmetric key, and calculates the intersection between the decrypted first candidate private data and the main private data in the main security space to obtain the target private data intersection. And taking the target privacy data intersection as the privacy data intersection between the local client and the client, and sending the target privacy data to all the different clients.
And E2, when the total data amount of the main privacy data does not exceed the total data amount of the guest privacy data of the difference client, encrypting the main privacy data according to the interaction key and then sending the main privacy data to the difference client, receiving second candidate privacy data sent by the difference client, and taking the second candidate privacy data as the privacy data intersection between the local client and the client.
For example, when the total amount of the master private data does not exceed the total amount of the guest private data of the difference client, the host needs to encrypt the master private data stored by the host, and then send the encrypted master private data to the difference client for intersection calculation to obtain the private data intersection between the local host and the client, specifically, as shown in fig. 7, a session key is hashed to obtain a hash value, the hash value is valid in a single private data interaction, the hash value is output to a local area outside the master secure space to be stored as a salt file, the local master private data is subjected to a salted hash operation according to the hash value in the salt file, the hash operation may be an SHA-256 algorithm, and the operation result is subjected to binning to store the encrypted master private data into data binning, for example, a CRC32 algorithm may be adopted to convert the hash result into an integer value within a fixed range, and perform a modulo operation, where the modulo may be the number of sub-buckets, so that the main private data may be divided into sub-private data corresponding to the number of sub-buckets, and a sub-bucket number of each sub-private data is obtained, and then the sub-private data is stored in the main data sub-bucket corresponding to the sub-bucket number. Storing the main data stored in the main data sub-bucket into a main security space, and encrypting the main private data in the data sub-bucket one by one in the main security space by adopting a symmetric key. The method comprises the steps of calculating HMAC (high-speed alternating current) by adopting an authentication key for main privacy data, attaching the HMAC to the beginning of a ciphertext of the main privacy data to obtain encrypted main privacy data, sending the encrypted main privacy data to a difference client through a secure channel, verifying the integrity of the encrypted main privacy data by adopting the authentication key by the difference client in a guest security space, decrypting the encrypted main privacy data by adopting a symmetric key after the integrity verification of the encrypted main privacy data passes, selecting a decryption mode corresponding to a CFB (computational fluid dynamics) mode by adopting an Advanced Encryption Standard (AES) in the decryption mode, comparing guest privacy data stored by the difference client with the decrypted main privacy data to obtain the intersection of the main privacy data and the guest privacy data stored by the difference client, obtaining second candidate privacy data, and sending the second candidate privacy data to a host by the difference client, the host uses the second candidate privacy data as the privacy data intersection between the local and client.
(3) When the interaction strategy is composite interaction, carrying out privacy data interaction on the master privacy data with the same quantity proportion and the guest privacy data of the same client, calculating the intersection between the master privacy data and the guest privacy data of the same client in the master security space to obtain an initial data intersection, receiving the guest privacy data sent by the different client, and determining the privacy data intersection between the local client and the client according to the initial data intersection and the guest privacy data sent by the different client.
For example, when the interaction policy is composite interaction, as shown in fig. 8, the host initially encrypts the master privacy data by using the session key, stores the initially encrypted master privacy data in the master data sub-bucket, screens out master privacy data corresponding to a target quantity ratio in the master data sub-bucket as candidate master privacy data, stores the candidate master privacy data in the master security space, and encrypts the candidate master privacy data by using the symmetric key and the authentication key in the master security space. The host sends the encrypted candidate master privacy data to the equivalent client through the secure channel and receives the candidate guest privacy data sent by the equivalent client, and at the moment, the host and the equivalent client calculate the intersection of the master privacy data and the privacy data between the equivalent client in the master security space and the guest security space respectively. The specific calculation method may be that the host computer verifies the integrity of the guest privacy data candidate by using the authentication key in the host secure space, for example, the verification method may be that the HMAC is calculated by using the authentication key, the HMAC is compared with the authentication code at the beginning of the guest privacy data candidate, if the HMAC and the authentication code at the beginning of the guest privacy data candidate are consistent, the integrity of the guest privacy data candidate is determined to pass the verification, otherwise, the integrity of the guest privacy data candidate is determined not to pass the verification, and at this time, the guest privacy data candidate is discarded. And when the integrity of the candidate guest privacy data passes verification, decrypting the candidate guest privacy data by adopting a symmetric key, and calculating the intersection of the decrypted candidate guest privacy data and the privacy data except the candidate privacy data in the main security space to obtain a first candidate data intersection. Meanwhile, the equivalent client also adopts the same calculation mode as the host in the guest security space to calculate the intersection of the decrypted candidate master privacy data and the privacy data except the candidate guest privacy data in the guest privacy data, and obtain second candidate privacy data. The host and the peer client interact with the first candidate privacy data and the second candidate privacy data over a secure channel. And the host and/or the equivalent client fuses the first candidate privacy data and the second candidate privacy data to obtain the initial data intersection of the local main privacy data and the guest privacy data of the equivalent client.
Optionally, the total amount of the private data in the initial data intersection is compared with the total amount of the guest private data of the difference client, and at this time, the interaction policy between the local client and the client returns to the oblique interaction. When the total data amount of the private data in the initial data intersection exceeds the total data amount of the guest private data of the difference client, the difference client encrypts the guest private data stored by the difference client, specifically, the encryption mode can be hash operation is performed on a session key to obtain a hash value, the hash value is output to a local area outside a guest security space to be stored as a salt value file, the guest private data is subjected to hash operation with salt according to the hash value in the salt value file, the algorithm of the hash operation can be SHA-256 algorithm, the operation result is subjected to barreling, the encrypted guest private data is stored to guest data sub-barrels, the sub-barrel algorithm can adopt CRC32 algorithm to convert the hash result into an integer value in a fixed range and perform modular operation, the modulus can be the number of the sub-barrels, so that the guest private data can be cut into sub-private data corresponding to the number of the sub-barrels, and obtaining the sub-bucket number of each piece of sub-private data, and then storing the sub-private data into the guest data sub-bucket corresponding to the sub-bucket number. The guest data are stored in the guest security space in a sub-bucket manner, the guest private data in the data sub-bucket are encrypted one by one in the guest security space by adopting a symmetric key, the encryption algorithm can be various, for example, the advanced encryption standard AES can be adopted, and the CFB mode is selected as the encryption mode. The method comprises the steps of calculating the HMAC (maximum likelihood access control) of the guest privacy data by adopting an authentication key, attaching the HMAC to the beginning of a ciphertext of the guest privacy data to obtain current guest privacy data, sending the current guest privacy data to a host through a secure channel, verifying the integrity of the current guest privacy data by adopting the authentication key in a host secure space, calculating the HMAC by adopting the authentication key, comparing the HMAC with an authentication code at the beginning of the current guest privacy data, if the HMAC is consistent with the authentication code at the beginning of the current guest privacy data, determining that the integrity of the current guest privacy data passes verification, otherwise, determining that the integrity of the current guest privacy data does not pass verification, and discarding the current guest privacy data. When the integrity of the current guest privacy data passes verification, the current guest privacy data are decrypted by adopting a symmetric key in the main security space, the intersection between the decrypted current guest privacy data and the initial data intersection is calculated in the main security space, a current privacy data intersection is obtained, and the current privacy data intersection is used as the privacy data intersection between the local client and the client.
When the total data amount of the private data in the initial data intersection does not exceed the total data amount of the guest private data of the difference client, the host can initially encrypt the initial data intersection by adopting a session key, store the initial data intersection into a main data sub-bucket, store the main data sub-bucket into a main safety space, directly encrypt the initial data intersection by adopting a symmetric key, and have various encryption algorithms, for example, an Advanced Encryption Standard (AES) can be adopted, and the encryption mode selects a CFB mode. And calculating the HMAC (maximum likelihood access control) of the main private data by adopting the authentication key, attaching the HMAC to the beginning of the ciphertext of the initial data intersection, encrypting the integrity of the initial data intersection, and finally obtaining the encrypted initial data intersection. The host sends the encrypted initial data intersection to the difference client, the difference client verifies the integrity of the encrypted initial data intersection by using the authentication key in the guest security space, the verification method can be used for calculating the HMAC by using the authentication key, the HMAC is compared with the authentication code at the beginning of the encrypted initial data intersection, if the HMAC is consistent with the authentication code at the beginning of the encrypted initial data intersection, the integrity of the encrypted initial data intersection can be determined to pass the verification, otherwise, the integrity of the encrypted initial data intersection is determined not to pass the verification, and at the moment, the encrypted initial data intersection is discarded. When the integrity of the encrypted initial data intersection passes verification, decrypting the encrypted initial data intersection by using a symmetric key in a guest security space, for example, the symmetric key decryption mode can be advanced encryption standard AES, the encryption mode selects a decryption mode corresponding to a CFB mode, calculating the intersection of the decrypted initial data intersection and guest privacy data stored by the host in the guest security space to obtain a privacy data set after the initial data intersection is solved, sending the privacy data set to the local, and taking the privacy data set as the privacy data intersection between the local and the client when the local host receives the sent privacy data set after the difference client solves the initial data intersection.
Optionally, under the condition that a plurality of clients exist, the host may further perform intersection calculation with any one of the clients to obtain an intersection between the local master privacy data and the guest privacy data of one of the clients, and then continue to perform intersection calculation again with another intersection obtained after intersection calculation between every two of the other clients to obtain an intersection result of the intermediate privacy data, and so on, until the intersection of the guest privacy data of all the clients is completed, the intersection of the privacy data between the local client and the client may be obtained, as shown in fig. 9.
As can be seen from the above, after the host of this embodiment obtains the privacy data processing request, the privacy data processing request indicates a client that needs to perform privacy data interaction with the local, and according to the privacy data processing request, main privacy data is created locally, and a guest security space is created locally by the client at the client, when the security of the main security space and the guest security space meets a preset verification condition, a security channel and an interaction key between the main security space and the guest security space are constructed, and perform privacy data interaction with the client through the security channel and the interaction key, and calculate a privacy data intersection between the local and the client based on the interacted privacy data; according to the scheme, the safe spaces are respectively established in the host and the client, the safe channel and the interactive key between the host safe space and the guest safe space are established, the private data are directly processed in the safe space through the safe channel and the interactive key, the processing of the private data is not needed through a third-party server, and the safety and the processing speed of the processing of the private data can be greatly improved.
In order to better implement the above method, the embodiment of the present invention further provides a private data processing apparatus, which may be integrated in an electronic device, such as a server or a terminal, and the terminal may include a tablet computer, a notebook computer, and/or a personal computer.
For example, as shown in fig. 10, the privacy data processing apparatus may include an acquisition unit 301, a creation unit 302, a construction unit 303, and an interaction unit 304, as follows:
(1) an acquisition unit 301;
the obtaining unit is used for obtaining a privacy data processing request which indicates a client needing to carry out privacy data interaction with the local.
For example, the obtaining unit 301 may be specifically configured to trigger generation of a privacy data processing request by a user through selecting a client that needs to perform privacy data interaction with a local device in a data interaction application, where the privacy data processing request may carry information of the client, and send the privacy data processing request to a privacy data processing apparatus, and the privacy data processing may directly receive the privacy data processing request.
(2) A creating unit 302;
a creating unit 302, configured to create the master secure space locally according to the private data processing request, and cause the client to create the guest secure space locally at the client.
For example, the creating unit 302 may be specifically configured to create a secure space process after receiving the private data processing request, where the secure space process is used to initialize a TEE environment in the local hardware area, and a space in the TEE environment may be referred to as a main secure space, so that after the client obtains the private data processing request, the secure space process may also be created, and a TEE environment is initially provided outside the local hardware area of the client to obtain the guest secure space.
(3) A building unit 303;
the constructing unit 303 is configured to construct a secure channel and an interaction key between the host secure space and the guest secure space when the security of the host secure space and the guest secure space meets a preset condition;
for example, the constructing unit 303 may be specifically configured to, when the security of the host security space and the security of the guest security space meet a preset condition, obtain a host data transmission interface of the host security space and a guest data transmission interface of the guest security space, construct a data transmission channel between the host data transmission interface and the guest data transmission interface by using a preset security transmission protocol, use the data transmission channel as a security channel between the host security space and the guest security space, and exchange a key file with the client through the security channel to generate an interaction key between the host security space and the guest security space.
(4) An interaction unit 304;
and the interaction unit 304 is configured to perform private data interaction with the client through the secure channel and the interaction key, and calculate a private data intersection between the local and the client based on the interacted private data.
The interaction unit 304 may further include an exchange subunit 3041, a comparison subunit 3042, and an interaction subunit 3043, as shown in fig. 11, which are as follows:
a switching subunit 3041 configured to exchange, with the client via the secure channel, basic information of the respective stored privacy data, where the basic information includes a total amount of data of the local master privacy data and a total amount of data of the guest privacy data of the client;
a comparing subunit 3042, configured to compare the total data amount of the guest privacy data with the total data amount of the master privacy data to determine the type of the client;
the interaction subunit 3043 is configured to perform, according to the secure channel, the main secure space, and the interaction key, privacy data interaction with the client by using an interaction policy corresponding to the client type, and calculate a privacy data intersection between the local and the client based on the interacted privacy data.
For example, the exchanging subunit 3041 exchanges, with the client via the secure channel, basic information of the respective stored private data, where the basic information includes a total amount of data of local master private data and a total amount of data of guest private data of the client, the comparing subunit 3042 compares the total amount of data of the guest private data with the total amount of data of the master private data to determine a type of the client, and the interacting subunit 3043 performs private data interaction with the client using an interaction policy corresponding to the client type according to the secure channel, the master secure space, and the interaction key, and calculates a private data intersection between the local and the client based on the interacted private data.
In a specific implementation, the above units may be implemented as independent entities, or may be combined arbitrarily to be implemented as the same or several entities, and the specific implementation of the above units may refer to the foregoing method embodiments, which are not described herein again.
As can be seen from the above, in this embodiment, after the obtaining unit 301 obtains a privacy data processing request, the privacy data processing request indicates a client that needs to perform privacy data interaction with the local, the creating unit 302 creates a master security space locally according to the privacy data processing request, and enables the client to create a guest security space locally at the client, when security of the master security space and security of the guest security space meet a preset verification condition, the constructing unit 303 constructs a security channel and an interaction key between the master security space and the guest security space, and the interacting unit 304 performs privacy data interaction with the client through the security channel and the interaction key, and calculates a privacy data intersection between the local and the client based on the interacted privacy data; according to the scheme, the safe spaces are respectively established in the host and the client, the safe channel and the interactive key between the host safe space and the guest safe space are established, the private data are directly processed in the safe space through the safe channel and the interactive key, the processing of the private data is not needed through a third-party server, and the safety and the processing speed of the processing of the private data can be greatly improved.
An embodiment of the present invention further provides an electronic device, as shown in fig. 12, which shows a schematic structural diagram of the electronic device according to the embodiment of the present invention, specifically:
the electronic device may include components such as a processor 401 of one or more processing cores, memory 402 of one or more computer-readable storage media, a power supply 403, and an input unit 404. Those skilled in the art will appreciate that the electronic device configuration shown in fig. 12 does not constitute a limitation of the electronic device and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components. Wherein:
the processor 401 is a control center of the electronic device, connects various parts of the whole electronic device by various interfaces and lines, performs various functions of the electronic device and processes data by running or executing software programs and/or modules stored in the memory 402 and calling data stored in the memory 402, thereby performing overall monitoring of the electronic device. Optionally, processor 401 may include one or more processing cores; preferably, the processor 401 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 401.
The memory 402 may be used to store software programs and modules, and the processor 401 executes various functional applications and data processing by operating the software programs and modules stored in the memory 402. The memory 402 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data created according to use of the electronic device, and the like. Further, the memory 402 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 402 may also include a memory controller to provide the processor 401 access to the memory 402.
The electronic device further comprises a power supply 403 for supplying power to the various components, and preferably, the power supply 403 is logically connected to the processor 401 through a power management system, so that functions of managing charging, discharging, and power consumption are realized through the power management system. The power supply 403 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like.
The electronic device may further include an input unit 404, and the input unit 404 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control.
Although not shown, the electronic device may further include a display unit and the like, which are not described in detail herein. Specifically, in this embodiment, the processor 401 in the electronic device loads the executable file corresponding to the process of one or more application programs into the memory 402 according to the following instructions, and the processor 401 runs the application program stored in the memory 402, thereby implementing various functions as follows:
the method comprises the steps of obtaining a privacy data processing request, wherein the privacy data processing request indicates a client needing to carry out privacy data interaction with the local, creating a main safety space in the local according to the privacy data processing request, enabling the client to create a guest safety space in the local of the client, when the safety of the main safety space and the security of the guest safety space meet preset verification conditions, constructing a safety channel and an interaction key between the main safety space and the guest safety space, carrying out privacy data interaction with the client through the safety channel and the interaction key, and calculating privacy data intersection between the local and the client based on the interacted privacy data.
For example, a user selects a client needing to perform private data interaction with the local through a data interaction application program so as to trigger generation of a private data processing request, the private data processing request can carry information of the client, the private data processing request is sent to a private data processing device, and the private data processing request can be directly received through private data processing. After receiving the privacy data processing request, the host computer creates a security space process, the security space process is used for initializing a TEE environment in a local hardware area, the space under the TEE environment can be called as a main security space, the client computer can also create the security space process after acquiring the privacy data processing request, and a TEE environment is initially arranged outside the local hardware area of the client computer to obtain a guest security space. When the safety of the main safety space and the guest safety space meets the preset conditions, a main data transmission interface of the main safety space and a guest data transmission interface of the guest safety space are obtained, a preset safety transmission protocol is adopted, a data transmission channel is constructed between the main data transmission interface and the guest data transmission interface, and the data transmission channel is used as a safety channel between the main safety space and the guest safety space. The key file is interacted with the client over the secure channel to generate an interaction key between the host secure space and the guest secure space. And exchanging basic information of the private data stored respectively with the client through the secure channel, wherein the basic information comprises the data total amount of the local master private data and the data total amount of the guest private data of the client, and comparing the data total amount of the guest private data with the data total amount of the master private data to determine the type of the client. And screening out target clients for interacting with the local private data from the clients according to the types of the clients, and determining the interaction strategy of the target clients. When the interaction strategy is equal-phase interaction, carrying out privacy data interaction on main privacy data with the same quantity proportion and guest privacy data of the equal client through a security channel and an interaction key, calculating the intersection between the main privacy data and the guest privacy data of the equal client in a main security space to obtain the privacy data intersection between a local client and the client, when the interaction strategy is oblique interaction, receiving candidate privacy data sent by the different client, determining the privacy data intersection between the local client and the client according to the candidate privacy data, when the interaction strategy is composite interaction, carrying out privacy data interaction on the main privacy data with the same quantity proportion and the guest privacy data of the equal client, calculating the intersection between the main privacy data and the guest privacy data of the equal client in the main security space to obtain initial data intersection, and receiving guest privacy data sent by the difference client, and determining the privacy data intersection between the local client and the client according to the initial data intersection and the guest privacy data sent by the difference client.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
As can be seen from the above, after the private data processing request is obtained, the private data processing request indicates a client that needs to perform private data interaction with the local, a main security space is created locally according to the private data processing request, a guest security space is created locally by the client at the client, when the security of the main security space and the guest security space meets a preset verification condition, a security channel and an interaction key between the main security space and the guest security space are constructed, the private data interaction with the client is performed through the security channel and the interaction key, and a private data intersection between the local and the client is calculated based on the interacted private data; according to the scheme, the safe spaces are respectively established in the host and the client, the safe channel and the interactive key between the host safe space and the guest safe space are established, the private data are directly processed in the safe space through the safe channel and the interactive key, the processing of the private data is not needed through a third-party server, and the safety and the processing speed of the processing of the private data can be greatly improved.
It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by instructions or by associated hardware controlled by the instructions, which may be stored in a computer readable storage medium and loaded and executed by a processor.
To this end, the embodiment of the present invention provides a computer-readable storage medium, in which a plurality of instructions are stored, where the instructions can be loaded by a processor to execute the steps in any one of the privacy data processing methods provided by the embodiment of the present invention. For example, the instructions may perform the steps of:
the method comprises the steps of obtaining a privacy data processing request, wherein the privacy data processing request indicates a client needing to carry out privacy data interaction with the local, creating a main safety space in the local according to the privacy data processing request, enabling the client to create a guest safety space in the local of the client, when the safety of the main safety space and the security of the guest safety space meet preset verification conditions, constructing a safety channel and an interaction key between the main safety space and the guest safety space, carrying out privacy data interaction with the client through the safety channel and the interaction key, and calculating privacy data intersection between the local and the client based on the interacted privacy data.
For example, a user selects a client needing to perform private data interaction with the local through a data interaction application program so as to trigger generation of a private data processing request, the private data processing request can carry information of the client, the private data processing request is sent to a private data processing device, and the private data processing request can be directly received through private data processing. After receiving the privacy data processing request, the host computer creates a security space process, the security space process is used for initializing a TEE environment in a local hardware area, the space under the TEE environment can be called as a main security space, the client computer can also create the security space process after acquiring the privacy data processing request, and a TEE environment is initially arranged outside the local hardware area of the client computer to obtain a guest security space. When the safety of the main safety space and the guest safety space meets the preset conditions, a main data transmission interface of the main safety space and a guest data transmission interface of the guest safety space are obtained, a preset safety transmission protocol is adopted, a data transmission channel is constructed between the main data transmission interface and the guest data transmission interface, and the data transmission channel is used as a safety channel between the main safety space and the guest safety space. The key file is interacted with the client over the secure channel to generate an interaction key between the host secure space and the guest secure space. And exchanging basic information of the private data stored respectively with the client through the secure channel, wherein the basic information comprises the data total amount of the local master private data and the data total amount of the guest private data of the client, and comparing the data total amount of the guest private data with the data total amount of the master private data to determine the type of the client. And screening out target clients for interacting with the local private data from the clients according to the types of the clients, and determining the interaction strategy of the target clients. When the interaction strategy is equal-phase interaction, carrying out privacy data interaction on main privacy data with the same quantity proportion and guest privacy data of the equal client through a security channel and an interaction key, calculating the intersection between the main privacy data and the guest privacy data of the equal client in a main security space to obtain the privacy data intersection between a local client and the client, when the interaction strategy is oblique interaction, receiving candidate privacy data sent by the different client, determining the privacy data intersection between the local client and the client according to the candidate privacy data, when the interaction strategy is composite interaction, carrying out privacy data interaction on the main privacy data with the same quantity proportion and the guest privacy data of the equal client, calculating the intersection between the main privacy data and the guest privacy data of the equal client in the main security space to obtain initial data intersection, and receiving guest privacy data sent by the difference client, and determining the privacy data intersection between the local client and the client according to the initial data intersection and the guest privacy data sent by the difference client.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
Wherein the computer-readable storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
Since the instructions stored in the computer-readable storage medium may execute the steps in any of the privacy data processing methods provided in the embodiments of the present invention, beneficial effects that can be achieved by any of the privacy data processing methods provided in the embodiments of the present invention may be achieved, for details, see the foregoing embodiments, and are not described herein again.
The above detailed description is provided for a private data processing method, device and computer-readable storage medium according to embodiments of the present invention, and specific examples are applied herein to illustrate the principles and implementations of the present invention, and the above descriptions of the embodiments are only used to help understanding the method and its core ideas of the present invention; meanwhile, for those skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (17)

1. A method for processing private data, comprising:
the method comprises the steps of obtaining a privacy data processing request, wherein the privacy data processing request indicates a client needing to carry out privacy data interaction with the local;
according to the privacy data processing request, a main security space is created locally, and a guest security space is created locally by the client at the client, wherein the main security space and the guest security space both belong to security spaces, and the security spaces are independently operated in a trusted execution environment;
when the safety of the main safety space and the guest safety space meets a preset condition, a safety channel and an interactive key between the main safety space and the guest safety space are constructed;
and performing privacy data interaction with the client through the secure channel and the interaction key, and calculating privacy data intersection between the local and the client based on the interacted privacy data.
2. The method of processing private data according to claim 1, further comprising, after creating secure spaces in the local and the client, respectively, according to the private data processing request:
performing hash measurement on the attribute information of the main security space, and sending a first measurement result obtained by the hash measurement to the client, so that the client verifies the security of the main security space according to the first measurement result;
receiving a security verification result of the main security space and a second measurement result of the attribute information of the guest security space, which are sent by the client;
when the second measurement result is the same as a preset measurement result, determining that the security verification result of the guest security space is verified;
and when the safety verification results of the main safety space and the passenger safety space are both verification pass, determining that the safety of the main safety space and the passenger safety space meets the preset condition.
3. The method of claim 1, wherein the interacting private data with the client through the secure channel and the interaction key, and calculating the private data intersection between the local and the client based on the interacted private data comprises:
exchanging basic information of the stored private data with the client through the secure channel, wherein the basic information comprises the data amount of local master private data and the data amount of client private data of the client;
comparing the total amount of the guest privacy data with the total amount of the master privacy data to determine the type of the client;
and according to the secure channel, the main secure space and the interactive key, performing private data interaction with the client by adopting an interactive strategy corresponding to the client type, and calculating a private data intersection between the local client and the client based on the interactive private data.
4. The method according to claim 3, wherein the comparing the total amount of data of the guest privacy data of the client with the total amount of data of the local master privacy data to determine the type of the client comprises:
calculating a data difference value between the total data amount of the guest privacy data and the total data amount of the local master privacy data;
when the data difference value does not exceed a preset difference value threshold value, determining that the type of the client is an equivalent client;
and when the data difference value exceeds the preset difference value threshold value, determining the type of the client as a difference client.
5. The method of claim 4, wherein the performing, according to the secure channel, the primary secure space, and the interaction key, the interaction of the private data with the client using an interaction policy corresponding to the client type, and calculating the private data intersection between the local and the client based on the interacted private data comprises:
screening out target clients for interacting with local private data from the clients according to the types of the clients, and determining an interaction strategy of the target clients;
and according to the interaction strategy and the interaction key, carrying out privacy data interaction on the master privacy data and the guest privacy data of the target client through the secure channel and the master secure space, and calculating privacy data intersection between the local client and the client based on the interacted privacy data.
6. The method for processing private data according to claim 5, wherein the screening out, among the clients, a target client for interacting with the private data locally according to the type of the client, and determining an interaction policy of the target client comprises:
when the client is a peer client, taking the peer client as the target client for carrying out privacy data interaction with the local, and determining the interaction strategy of the target client as peer-to-peer interaction;
when the client is a difference client, screening a preset number of difference clients from the difference clients as the target client, and determining the interaction strategy of the target client to be oblique interaction;
when the clients comprise the equivalent clients and the difference clients, screening a preset number of difference clients from the difference clients, taking the preset number of difference clients and all the equivalent clients as the target clients, determining the interaction strategy of the target clients to be composite interaction, wherein the composite interaction is in peer-to-peer interaction with the equivalent clients, and after the peer-to-peer interaction is completed, performing oblique interaction with the difference clients.
7. The method of claim 6, wherein the interacting the master privacy data with the guest privacy data of the target client through the secure channel and the master secure space according to the interaction policy and the interaction key, and calculating privacy data intersection between local and the client based on the interacted privacy data comprises:
when the interaction strategy is peer-to-peer interaction, carrying out privacy data interaction on the master privacy data and the guest privacy data of the peer client in the same quantity proportion through the security channel and the interaction key, and calculating an intersection between the master privacy data and the guest privacy data of the peer client in the master security space to obtain a privacy data intersection between a local client and the client;
when the interaction strategy is oblique interaction, receiving candidate privacy data sent by the difference client, and determining privacy data intersection between the local client and the client according to the candidate privacy data;
when the interaction strategy is composite interaction, carrying out privacy data interaction on the master privacy data with the same quantity proportion and the guest privacy data of the same client, calculating an intersection between the master privacy data and the guest privacy data of the same client in the master security space to obtain an initial data intersection, receiving the guest privacy data sent by the difference client, and determining the privacy data intersection between the local client and the client according to the initial data intersection and the guest privacy data sent by the difference client.
8. The method of claim 7, wherein the interacting private data between the peer client and the master private data in a same amount and proportion through the secure channel and the interaction key, and calculating an intersection between the master private data and the peer client's guest private data in a master secure space to obtain a private data intersection between a local and the client comprises:
screening privacy data with a target quantity proportion from the master privacy data as target master privacy data, and sending the target master privacy data to the peer client through the secure channel and the interactive key;
receiving target guest privacy data sent by the peer client, and calculating the intersection of the remaining master privacy data which are not sent to the peer client and the target guest privacy data in the master security space to obtain a first initial data intersection;
sending the first initial data intersection to the peer client, and receiving a second initial data intersection sent by the peer client, where the second initial data intersection is an intersection between remaining guest privacy data calculated by the peer client and not sent to the local and the target master privacy data;
and fusing the first initial data intersection and the second initial data intersection to obtain the privacy data intersection between the local client and the client.
9. The method of claim 8, wherein the interaction key comprises a session key, a symmetric key, and an authentication key, and wherein the screening out a target amount of the privacy data as target master privacy data from the master privacy data and sending the target master privacy data to the peer client via the secure channel and the interaction key comprises:
according to the basic information of the peer client, determining the target quantity proportion of the private data interaction between the local peer client and the bucket quantity of data buckets for storing the private data;
creating main data sub-buckets corresponding to the sub-bucket quantity in a local area outside the main security space;
performing hash operation on the session key to obtain a hash salt value, wherein the hash salt value is effective in a single private data interaction;
performing initial encryption on the main privacy data by adopting the hash salt value;
cutting the initially encrypted local privacy data into sub privacy data corresponding to the sub-bucket number, and determining the sub-bucket number of each sub privacy data stored in the main data sub-bucket;
storing the sub-private data to a main data sub-bucket corresponding to the sub-bucket number;
screening main privacy data corresponding to the target quantity proportion from the main data sub-buckets to serve as target main privacy data, and storing the target main privacy data to the main security space;
and encrypting the target main privacy data by adopting the symmetric key and the authentication key in the main security space, and sending the encrypted target main privacy data to the peer client through the security channel.
10. The method of claim 9, wherein the computing an intersection of remaining primary privacy data not sent to the peer client and the target guest privacy data in the primary secure space to obtain a first initial data intersection comprises:
in the master security space, verifying the integrity of the target guest privacy data by adopting the authentication key;
when the integrity of the target guest privacy data passes verification, decrypting the target guest privacy data by adopting the symmetric key;
and calculating the intersection between the decrypted target guest privacy data and the rest main privacy data which are not sent to the same client to obtain a first initial data intersection.
11. The method according to any one of claims 7 to 10, wherein the candidate privacy data comprises a first candidate privacy data and a second candidate privacy data, and wherein the receiving the candidate privacy data sent by the difference client and determining the privacy data intersection between the local and the client based on the candidate privacy data comprises:
when the total data amount of the main privacy data exceeds the total data amount of the guest privacy data of the difference client, receiving the first candidate privacy data sent by the difference client, and calculating the intersection between the main privacy data and the first candidate privacy data in the main security space according to the interaction key so as to obtain the privacy data intersection between the local private and the client, wherein the first candidate privacy data is the guest privacy data encrypted by the difference client;
when the total data amount of the main privacy data does not exceed the total data amount of the guest privacy data of the difference client, according to the interaction key, the main privacy data is sent to the difference client after being encrypted, the second candidate privacy data sent by the difference client is received, the second candidate privacy data is used as a privacy data intersection between the local client and the client, and the second candidate privacy data is the intersection between the main privacy data calculated by the difference client and the guest privacy data stored by the second candidate privacy data.
12. The method of claim 11, wherein the interaction key comprises an authentication key and a symmetric key, and wherein computing an intersection between the master privacy data and the first candidate privacy data in the master secure space based on the interaction key to obtain an intersection between the privacy data of the local client and the client comprises:
verifying the integrity of the first candidate private data with the authentication key in the master secure space;
when the integrity of the first candidate private data passes verification, decrypting the first candidate private data by using the symmetric key in the main secure space;
and calculating the intersection between the decrypted first candidate privacy data and the main privacy data in the main security space to obtain a target privacy data intersection, and taking the target privacy data intersection as the privacy data intersection between the local client and the client.
13. The method according to claim 12, wherein the interaction key further includes a session key, and wherein the sending the master privacy data to the difference client after encrypting the master privacy data according to the interaction key, receiving the second candidate privacy data sent by the difference client, and using the second candidate privacy data as the privacy data intersection between the local client and the client comprises:
carrying out initial encryption on the main privacy data by adopting the session key, and storing the main privacy data subjected to initial encryption into data sub-buckets;
storing the data in the sub-bucket to the main safe space, and encrypting the main private data in the data sub-bucket by adopting the symmetric key and the authentication key to obtain encrypted main private data;
sending the encrypted main privacy data to the difference client to enable the difference client to calculate the intersection of the encrypted main privacy data and the guest privacy data stored by the difference client to obtain second candidate privacy data;
receiving the second candidate privacy data sent by the difference client, and using the second candidate privacy data as a privacy data intersection between the local and the client.
14. The method according to any one of claims 7 to 10, wherein the performing privacy data interaction on a same number proportion of the master privacy data and the guest privacy data of the peer client, calculating an intersection between the master privacy data and the guest privacy data of the peer client in the master security space to obtain an initial data intersection, receiving the guest privacy data sent by the difference client, and determining the privacy data intersection between a local area and the client according to the initial data intersection and the guest privacy data sent by the difference client comprises:
screening candidate main privacy data for privacy data interaction from the main privacy data, and encrypting the candidate main privacy data by adopting the interaction key;
sending the encrypted candidate master privacy data to the peer client through the secure channel, and receiving candidate guest privacy data sent by the peer client;
calculating an intersection of the candidate guest privacy data and privacy data of the master privacy data other than the candidate privacy data in the master security space to obtain an initial data intersection between the master privacy data and guest privacy data of the peer client;
when the total data amount of the private data in the initial data intersection exceeds the total data amount of the guest private data of the difference client, receiving the current guest private data sent by the difference client, calculating an intersection between the initial data intersection and the current guest private data to obtain a current private data intersection, and taking the current private data intersection as the private data intersection between the local client and the client;
when the total data amount of the private data in the initial data intersection does not exceed the total data amount of the guest private data of the difference client, according to the interaction key, sending the initial data intersection to the difference client after encryption, receiving a private data set sent by the difference client after the difference client solves intersection for the initial data intersection, and taking the private data set as the private data intersection between the local client and the client.
15. A private data processing apparatus characterized by comprising:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a privacy data processing request which indicates a client needing to perform privacy data interaction with a local area;
a creating unit, configured to create a host secure space locally according to the private data processing request, and enable the client to create a guest secure space locally at the client, where the host secure space and the guest secure space both belong to secure spaces, and the secure spaces are spaces that operate independently in a trusted execution environment;
the construction unit is used for constructing a safety channel and an interactive key between the main safety space and the guest safety space when the safety of the main safety space and the guest safety space meets a preset condition;
and the interaction unit is used for carrying out privacy data interaction with the client through the secure channel and the interaction key, and calculating privacy data intersection between the local client and the client based on the interacted privacy data.
16. An electronic device comprising a processor and a memory, the memory storing an application program, the processor being configured to execute the application program in the memory to implement the steps of the method for processing private data according to any one of claims 1 to 14.
17. A computer-readable storage medium storing a plurality of instructions adapted to be loaded by a processor to perform the steps of the method for processing private data according to any one of claims 1 to 14.
CN202010630840.1A 2020-07-03 2020-07-03 Private data processing method and device Active CN111611623B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010630840.1A CN111611623B (en) 2020-07-03 2020-07-03 Private data processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010630840.1A CN111611623B (en) 2020-07-03 2020-07-03 Private data processing method and device

Publications (2)

Publication Number Publication Date
CN111611623A CN111611623A (en) 2020-09-01
CN111611623B true CN111611623B (en) 2020-10-30

Family

ID=72200502

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010630840.1A Active CN111611623B (en) 2020-07-03 2020-07-03 Private data processing method and device

Country Status (1)

Country Link
CN (1) CN111611623B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112887297B (en) * 2021-01-22 2022-09-02 支付宝(杭州)信息技术有限公司 Privacy-protecting differential data determining method, device, equipment and system
CN113254989B (en) * 2021-04-27 2022-02-15 支付宝(杭州)信息技术有限公司 Fusion method and device of target data and server
CN114021198B (en) * 2021-12-29 2022-04-08 支付宝(杭州)信息技术有限公司 Method and device for determining common data for protecting data privacy
CN116132168A (en) * 2023-01-29 2023-05-16 中国联合网络通信集团有限公司 Information sharing method, processing device, server and system
CN116305300B (en) * 2023-05-25 2023-07-21 北京数牍科技有限公司 Fair privacy set intersection method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468612A (en) * 2014-12-24 2015-03-25 无锡儒安科技有限公司 Privacy protection type attribute matching method based on symmetrical encryption
CN107920350A (en) * 2017-11-13 2018-04-17 西安电子科技大学 Privacy protection switching authentication method based on SDN and 5G heterogeneous network
CN109121134A (en) * 2018-09-12 2019-01-01 滁州学院 A kind of secret protection that more applying data fusion suitable for wireless sense network and integrality detection method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102857913B (en) * 2011-06-28 2015-03-11 ***通信集团公司 Method and device for authenticating in safety channel establishing process as well as intelligent card and terminal
CN103560887B (en) * 2013-11-04 2016-09-28 深圳数字电视国家工程实验室股份有限公司 Intelligent terminal remote attestation method and system
CN106506168A (en) * 2016-12-07 2017-03-15 北京信任度科技有限公司 A kind of safe method based on biological characteristic long-distance identity-certifying
CN109241016B (en) * 2018-08-14 2020-07-07 阿里巴巴集团控股有限公司 Multi-party security calculation method and device and electronic equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468612A (en) * 2014-12-24 2015-03-25 无锡儒安科技有限公司 Privacy protection type attribute matching method based on symmetrical encryption
CN107920350A (en) * 2017-11-13 2018-04-17 西安电子科技大学 Privacy protection switching authentication method based on SDN and 5G heterogeneous network
CN109121134A (en) * 2018-09-12 2019-01-01 滁州学院 A kind of secret protection that more applying data fusion suitable for wireless sense network and integrality detection method

Also Published As

Publication number Publication date
CN111611623A (en) 2020-09-01

Similar Documents

Publication Publication Date Title
CN111611623B (en) Private data processing method and device
EP3643041B1 (en) Distributed key management for trusted execution environments
CN111538996B (en) Trusted starting method and device of block chain all-in-one machine
CN111541553B (en) Trusted starting method and device of block chain all-in-one machine
US20210377010A1 (en) Key management method and related device
CN111541724B (en) Block chain all-in-one machine and automatic node adding method and device thereof
EP4318286A1 (en) Secure multi-party computation
CN111541725B (en) Block chain all-in-one machine, password acceleration card thereof, and key management method and device
CN111541552B (en) Block chain all-in-one machine and automatic node adding method and device thereof
CN110602147B (en) Data encryption safe storage method, system and storage medium based on cloud platform
CN112751673B (en) Supervision-capable data privacy sharing method based on end side cloud cooperation
TWI807125B (en) Computer implemented system and method for distributing shares of digitally signed data
CN111125781B (en) File signature method and device and file signature verification method and device
US8930687B1 (en) Secure distributed deduplication in encrypted data storage
TW201946412A (en) Computer implemented method and system for transferring control of a digital asset
JPWO2017033442A1 (en) Information processing apparatus, authentication system, authentication method, and computer program
He et al. A novel cryptocurrency wallet management scheme based on decentralized multi-constrained derangement
Qaisar et al. A scalable and efficient multi-agent architecture for malware protection in data sharing over mobile cloud
CN110784318B (en) Group key updating method, device, electronic equipment, storage medium and communication system
CN104022870A (en) Encryption method of cloud data
CN113595742A (en) Data transmission method, system, computer device and storage medium
KR20220059509A (en) System and method for distributed storage of transactions
Raj et al. Securing Cloud from Data Misconfiguration using Cryptographic Techniques
Talib et al. Systematic Review from Different Encryption Techniques Perspectives
CN117792723A (en) User request processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40028570

Country of ref document: HK