CN113746829B - Multi-source data association method, device, equipment and storage medium - Google Patents

Multi-source data association method, device, equipment and storage medium Download PDF

Info

Publication number
CN113746829B
CN113746829B CN202111023429.9A CN202111023429A CN113746829B CN 113746829 B CN113746829 B CN 113746829B CN 202111023429 A CN202111023429 A CN 202111023429A CN 113746829 B CN113746829 B CN 113746829B
Authority
CN
China
Prior art keywords
data
encrypted
encryption
key
source
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111023429.9A
Other languages
Chinese (zh)
Other versions
CN113746829A (en
Inventor
周辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Bank Co Ltd
Original Assignee
Ping An Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Bank Co Ltd filed Critical Ping An Bank Co Ltd
Priority to CN202111023429.9A priority Critical patent/CN113746829B/en
Publication of CN113746829A publication Critical patent/CN113746829A/en
Application granted granted Critical
Publication of CN113746829B publication Critical patent/CN113746829B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a data security technology, and discloses a multi-source data association method, which comprises the following steps: the method comprises the steps of obtaining encrypted data sets sent by a plurality of data sources in a alliance chain, carrying out key exchange with the data sources and a pre-constructed data exchange system by using temporary keys based on a pre-constructed re-encryption protocol to obtain a re-encrypted key set, carrying out proxy re-encryption on encrypted data in the encrypted data set by using the re-encrypted key set to obtain a re-encrypted data set, and associating re-encrypted data of different data sources in the re-encrypted data set to obtain associated data. Furthermore, the invention relates to blockchain techniques, the association data being storable in a node of the blockchain. The invention also provides a multi-source data association method and device, electronic equipment and a computer readable storage medium. The invention can solve the problem of low data association security.

Description

Multi-source data association method, device, equipment and storage medium
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a method and an apparatus for associating multi-source data, an electronic device, and a computer-readable storage medium.
Background
With the coming of the information age, enterprises, systems and users can generate a large amount of data, and the use efficiency of the data can be greatly improved by associating the data. For example, different professional company businesses in a group often have great complementarity, a great number of customers are simultaneously common customers of two or more companies in the group, and if unified integration association can be performed on the customers, the data utilization efficiency can be greatly improved. In the prior art, when data (such as a common user) of different data sources are associated, a plaintext ID method is often used for aggregation, but the method reveals client data, association cannot be performed on the premise of ensuring data privacy, and data security is low.
Disclosure of Invention
The invention provides a method, a device, equipment and a storage medium for associating multi-source data, and mainly aims to solve the problem of low data association security.
In order to achieve the above object, the present invention provides a method for associating multi-source data, including:
acquiring an encrypted data set sent by a plurality of data sources in a alliance chain;
based on a pre-constructed re-encryption protocol, performing key exchange with the plurality of data sources and the pre-constructed data exchange system by using temporary keys to obtain a re-encryption key set;
carrying out proxy re-encryption on the encrypted data in the encrypted data set by using the re-encryption key set to obtain a re-encrypted data set;
and associating the re-encrypted data with the same ciphertext in the re-encrypted data set to obtain associated data.
Optionally, before obtaining the encrypted data set sent by the multiple data sources in the federation chain, the method further includes:
acquiring identity certificate sets sent by the plurality of data sources;
determining the plurality of data sources as participants, and taking each participant as a federation node of a blockchain;
negotiating a validation rule and an association rule with the plurality of data sources according to the identity certificate set;
establishing an intelligent contract by utilizing the verification rule and the association rule, and storing the intelligent contract into the alliance node;
and summarizing all stored alliance nodes to obtain the alliance chain.
Optionally, the obtaining the encrypted data set sent by the multiple data sources in the federation chain includes:
acquiring multiple groups of encrypted data sent by multiple data sources, wherein the encrypted data is obtained by encrypting each data source by using a hash algorithm and a local public key;
authenticating a plurality of said data sources using said smart contracts;
and summarizing the encrypted data of all the data sources passing the identity verification to obtain the encrypted data set.
Optionally, the performing key exchange with the multiple data sources and a pre-constructed data exchange system by using the temporary key to obtain a re-encryption key set includes:
sequentially selecting one of the data sources as a data source to be processed, and generating a temporary public key and a temporary private key based on a preset encryption algorithm;
sending the temporary public key to the data source to be selected and the data exchange system;
receiving an encryption key sent by the data source to be selected, wherein the encryption key is obtained by homomorphic encryption of an encryption private key obtained by encrypting a local private key by the data source to be selected by using the temporary public key and an encryption public key obtained by encrypting the local public key by the data exchange system by using the temporary public key;
decrypting the encrypted private key by using the temporary private key to obtain a re-encrypted private key corresponding to the data source to be processed;
and returning to the step of sequentially selecting one of the data sources as a data source to be processed, and summarizing all the re-encryption keys to obtain the re-encryption key set.
Optionally, the performing, by using the re-encryption key set, proxy re-encryption on the encrypted data in the encrypted data set to obtain a re-encrypted data set includes:
acquiring re-encryption keys corresponding to the plurality of data sources from the alliance chain by using the intelligent contract;
re-encrypting the encrypted data of each data source in the encrypted data set by using the re-encryption key to obtain a plurality of re-encrypted encryption tables;
and summarizing all the re-encrypted ciphertext tables to obtain the re-encrypted data set.
Optionally, associating the re-encrypted data having the same ciphertext in the re-encrypted data set to obtain associated data includes:
associating the re-encrypted ciphertext table by using a preset association function to obtain an associated ciphertext table;
and searching data with the same cipher text in the association cipher text table based on the association function, and determining the searched data as the association data.
Optionally, after obtaining the associated data, the method further includes:
carrying out reverse re-encryption protocol with the plurality of data sources and the pre-constructed data exchange system to obtain a reverse re-encryption key;
and re-encrypting the associated data by using the reverse re-encryption key, and storing the re-encrypted associated data to the data exchange system so that the data exchange system maps the re-encrypted associated data back to the plurality of data sources.
In order to solve the above problem, the present invention further provides a device for associating multi-source data, where the device includes:
the encrypted data acquisition module is used for acquiring encrypted data sets sent by a plurality of data sources in a alliance chain;
the re-encryption key construction module is used for performing key exchange with the plurality of data sources and the pre-constructed data exchange system by using temporary keys based on a pre-constructed re-encryption protocol to obtain a re-encryption key set;
the proxy re-encryption module is used for performing proxy re-encryption on the encrypted data in the encrypted data set by using the re-encryption key set to obtain a re-encrypted data set;
and the data association module is used for associating the re-encrypted data with the same ciphertext in the re-encrypted data set to obtain associated data.
In order to solve the above problem, the present invention also provides an electronic device, including:
a memory storing at least one computer program; and
and the processor executes the computer program stored in the memory to realize the correlation method of the multi-source data.
In order to solve the above problem, the present invention further provides a computer-readable storage medium, in which at least one computer program is stored, and the at least one computer program is executed by a processor in an electronic device to implement the above-mentioned multi-source data association method.
According to the invention, by acquiring the encrypted data of each data source, the plaintext data and the encryption key of the encrypted data are not mastered in the data association process, so that the security of data transmission is improved. Meanwhile, the re-encryption keys corresponding to different data sources are obtained through a re-encryption protocol constructed by the multiple data sources and the data exchange system, the data in the encrypted data set is subjected to proxy re-encryption by using the re-encryption key set, the encrypted data of the multiple data sources can be unified, data association can be performed without decryption, and the security and the efficiency of data association are further improved. Therefore, the multi-source data association method, the multi-source data association device, the electronic equipment and the computer-readable storage medium can solve the problem of low data association security.
Drawings
Fig. 1 is a schematic flow chart illustrating a method for associating multi-source data according to an embodiment of the present invention;
FIG. 2 is a functional block diagram of an apparatus for associating multi-source data according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device implementing the multi-source data association method according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The embodiment of the application provides a multi-source data association method. The execution subject of the multi-source data association method includes, but is not limited to, at least one of electronic devices such as a server and a terminal, which can be configured to execute the method provided by the embodiments of the present application. In other words, the association method of the multi-source data may be performed by software or hardware installed in the terminal device or the server device, and the software may be a block chain platform. The server includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like. The server may be an independent server, or may be a cloud server that provides basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, content Delivery Network (CDN), big data and artificial intelligence platform, and the like
Fig. 1 is a schematic flow chart of a multi-source data association method according to an embodiment of the present invention. In this embodiment, the method for associating multi-source data includes:
s1, acquiring an encrypted data set sent by a plurality of data sources in a alliance chain.
In the embodiment of the present invention, the multiple data sources are different data providers, for example, the multiple data sources may be systems of multiple professional subsidiaries related to services in the same group in each field, and specifically, the systems of the professional subsidiaries in the AA group include: AA banking systems, AA venture systems, AA trust systems, etc.
In this embodiment, the encrypted data set includes one or more sets of encrypted data sent by multiple data sources.
Specifically, before obtaining the encrypted data set sent by the multiple data sources in the federation chain, the method further includes:
acquiring identity certificate sets sent by the plurality of data sources;
determining the plurality of data sources as participants, and using each participant as a federation node of a blockchain;
negotiating a validation rule and an association rule with the plurality of data sources according to the identity certificate set;
constructing an intelligent contract by using the verification rule and the association rule, and storing the intelligent contract into the alliance node;
and summarizing all stored alliance nodes to obtain the alliance chain.
In the embodiment of the invention, the identity card set is a certificate set for determining the identity information of each data source. For example, the identity certificate set includes specific information of organizations such as group internal banks, trusts and the like.
The verification rule is used for verifying whether the identity information sent by each data source is consistent with the identity certificate in the federation chain, and the association rule is used for limiting association conditions of different data sources, for example, a data source A can only be associated with a data source B. By constructing the alliance chain with each data source, the safety of data transmission is improved based on the non-tamper property and traceability of the block chain, and for the newly added data source, the newly added data source only needs to be added into the alliance chain as a new alliance node, so that the method is more convenient and faster.
In the embodiment of the invention, any data source can be randomly selected as a federation owner of the federation chain, and the federation owner integrates the identity certificate sets, the association rules and the verification rules of all parties to obtain the intelligent contract and distribute the intelligent contract to all the participants.
In detail, the obtaining the encrypted data set sent by a plurality of data sources in the federation chain includes:
acquiring multiple groups of encrypted data sent by multiple data sources, wherein the encrypted data is obtained by encrypting each data source by using a hash algorithm and a local public key;
authenticating a plurality of said data sources using said smart contracts;
and summarizing the encrypted data of all the data sources passing the identity verification to obtain the encrypted data set.
In the embodiment of the present invention, the hash algorithm is specifically to change input data of any length into an output string of a fixed length, and the hash algorithm includes a secret SM3 hash algorithm, an MD5 algorithm, and the like.
The local public key refers to an encrypted public key locally stored by each data source.
For example, encrypted data obtained by encrypting the local client information by each data source using a hash algorithm and a local public key is obtained.
In the embodiment of the invention, the data source is subjected to identity verification and association matching by using the intelligent contract, so that the safety of data transmission can be improved.
And S2, based on the pre-constructed re-encryption protocol, performing key exchange with the plurality of data sources and the pre-constructed data exchange system by using temporary keys to obtain a re-encrypted key set.
In this embodiment of the present invention, the re-encryption protocol may be a Rekey generation protocol based on multiplication homomorphic encryption, and the re-encryption key is used to encrypt encrypted data of multiple data sources. And the data exchange system is used for storing the associated data and outputting the data. The temporary secret key comprises a temporary public key and a temporary private key.
Specifically, the performing key exchange with the multiple data sources and the pre-constructed data exchange system by using the temporary key to obtain a re-encryption key set includes:
sequentially selecting one of the data sources as a data source to be processed, and generating a temporary public key and a temporary private key based on a preset encryption algorithm;
sending the temporary public key to the data source to be selected and the data exchange system;
receiving an encryption key sent by the data source to be selected, wherein the encryption key is obtained by homomorphic encryption of an encryption private key obtained by encrypting a local private key by the data source to be selected by using the temporary public key and an encryption public key obtained by encrypting the local public key by the data exchange system by using the temporary public key;
decrypting the encrypted private key by using the temporary private key to obtain a re-encrypted private key corresponding to the data source to be processed;
and returning to the step of sequentially selecting one of the data sources as a data source to be processed, and summarizing all the re-encryption keys to obtain the re-encryption key set.
Further, after obtaining the re-encryption key set, storing the re-encryption key set in the nodes of the federation chain.
In the embodiment of the present invention, taking an execution subject as a data center C as an example, the preset encryption algorithm may be an RSA encryption algorithm, one of the data sources is a professional company a, the data exchange system is a data exchange center B, and the generation step of the re-encryption key corresponding to the professional company a is as follows:
1. the data center C generates a pair of temporary public keys (PKt) and a temporary private key (SKt) based on an RSA algorithm, and sends the temporary public keys (PKt) to the professional subsidiary company A and the data exchange center B;
2. the data exchange center B encrypts a local Public Key (PKB) by using a temporary public key (PKt) to obtain an encrypted public key (XB), and sends the encrypted public key (XB) to the professional subsidiary company A;
3. the professional subsidiary company A encrypts a local private key (SKA) by using a temporary public key (PKt) to obtain an encrypted private key (XA), and multiplies the encrypted private key (XA) and the encrypted public key (XB) to obtain an encrypted secret key (Xr, k);
4. the data center C obtains the encryption key (Xr, k), and decrypts the encryption key (Xr, k) by using the temporary private key to obtain the re-encryption key (rk).
In the re-encryption protocol, the plain texts of the local private key SKA of the professional subsidiary company A, the local public key PKB of the data exchange center B and the re-encryption key rk of the data center C do not leave all parties, so that the data security of three parties is ensured, and the secure re-encryption calculation of one three party is completed.
And S3, carrying out proxy re-encryption on the encrypted data in the encrypted data set by using the re-encryption key set to obtain a re-encrypted data set.
The proxy re-encryption is a key conversion mechanism among ciphertexts, in the proxy re-encryption, a semi-trusted agent (namely, a data center C) generates encrypted ciphertexts through a proxy authorizer (namely, a professional subsidiary company A) and converts the encrypted ciphertexts into ciphertexts encrypted by a public key of an authorized person (namely, a data exchange center B), and in the process, the agent cannot obtain plaintext information of data, so that the risk of data leakage is reduced.
In the embodiment of the invention, the proxy re-encryption can realize cloud ciphertext data sharing under the condition that decryption keys of data owners (namely data sources) are not leaked, and the ciphertext re-encrypted by the re-encryption key is equivalent to encryption by a public key of a data exchange system, so that the encrypted ciphertext can be unified.
Specifically, performing proxy re-encryption on the encrypted data in the encrypted data set by using the re-encryption key set to obtain a re-encrypted data set, including:
acquiring re-encryption keys corresponding to the plurality of data sources from the alliance chain by using the intelligent contract;
re-encrypting the encrypted data of each data source in the encrypted data set by using the re-encryption key to obtain a plurality of re-encrypted encryption tables;
and summarizing all the re-encrypted ciphertext tables to obtain the re-encrypted data set.
In the embodiment of the invention, the encrypted data of each data source is encrypted by using the corresponding re-encryption key to obtain the re-encrypted ciphertext table (namely the ciphertext space of each data source) of each data source, so that the data can be associated and matched in the ciphertext space, and the safety and the matching rate of the data are improved.
And S4, correlating the re-encrypted data with the same ciphertext in the re-encrypted data set to obtain correlated data.
In the embodiment of the invention, because the data in the ciphertext space is the encrypted ciphertext obtained by re-encrypting the plurality of data sources, which is equivalent to unifying the ciphertext space of each data source by using the public key of the data exchange system, the complexity of data association matching is reduced by carrying out proxy re-encryption on the data of each data source.
Specifically, associating the re-encrypted data having the same ciphertext in the re-encrypted data set to obtain associated data includes:
associating the re-encrypted ciphertext table by using a preset association function to obtain an associated ciphertext table;
and searching data with the same ciphertext in the association ciphertext table based on the association function, and determining the searched data as the association data.
In the embodiment of the present invention, the associated data refers to the same data in different data sources, for example, client information of professional subsidiary 1 and professional subsidiary 2 is subjected to proxy re-encryption to obtain a re-encrypted ciphertext table a (i.e., ciphertext space of professional subsidiary 1) and a re-encrypted ciphertext table B (i.e., ciphertext space of professional subsidiary 2), where each table includes two fields: IDX and CDX, IDX refers to ciphertext encrypted by each professional subsidiary, CDX refers to ciphertext re-encrypted, and the re-encrypted ciphertext table a includes: IDX: XYZ, ZYX and XYZ; CDX1: ABC, CBA and ACB, wherein the re-encryption ciphertext table B comprises: IDX2: XYZ, ZYX and XYZ; CDX2: LMN, LNM, and ACB. The preset correlation function may be: SELECT a. Idx FROM a, B WHERE CDX1= CDX2, and the same ciphertext in the two tables is XYZ, it can be determined that the data corresponding to XYZ is the same customer information of two companies. The invention can use the ciphertext after proxy re-encryption to correlate the same data of different companies, and can improve the security of the data by correlating the same data of different companies.
In another optional embodiment of the present invention, after obtaining the associated data, the method further includes:
carrying out reverse re-encryption protocol with the plurality of data sources and the pre-constructed data exchange system to obtain a reverse re-encryption key;
and re-encrypting the associated data by using the reverse re-encryption key, and storing the re-encrypted associated data to the data exchange system so that the data exchange system maps the re-encrypted associated data back to the plurality of data sources.
In the embodiment of the present invention, the reverse re-encryption protocol is similar to the re-encryption protocol, and only the processing steps of the multiple data sources and the data exchange system are exchanged, which is not described herein again.
In the embodiment of the invention, after the corresponding associated data is obtained by using the ciphertext space, the ciphertext space of the corresponding professional subsidiary company can be restored by using the proxy re-encryption mode through the data exchange center, and the whole scheme completely accords with the principle that multi-party safety calculation can be used but is invisible, so that the data safety is improved.
According to the invention, by acquiring the encrypted data of each data source, the plaintext data and the encryption key of the encrypted data are not mastered in the data association process, so that the security of data transmission is improved. Meanwhile, the re-encryption keys corresponding to different data sources are obtained through a re-encryption protocol constructed by the multiple data sources and the data exchange system, the data in the encrypted data set is subjected to proxy re-encryption by using the re-encryption key set, the encrypted data of the multiple data sources can be unified, data association can be performed without decryption, and the security and the efficiency of data association are further improved. Therefore, the multi-source data association method provided by the invention can solve the problem of low data association security.
Fig. 2 is a functional block diagram of an apparatus for associating multi-source data according to an embodiment of the present invention.
The device 100 for associating multi-source data can be installed in electronic equipment. According to the realized functions, the multi-source data association device 100 may include an encrypted data acquisition module 101, a re-encryption key construction module 102, an agent re-encryption module 103, and a data association module 104. The module of the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the encrypted data obtaining module 101 obtains encrypted data sets sent by a plurality of data sources in a federation chain.
In an embodiment of the present invention, the plurality of data sources are different data providers, for example, the plurality of data sources may be systems in which a plurality of professional subsidiaries are associated with a service in the same group in each field, and specifically, the system of the professional subsidiaries in the AA group includes: AA banking systems, AA venture systems, AA trust systems, etc.
In this embodiment, the encrypted data set includes one or more sets of encrypted data transmitted by multiple data sources.
Specifically, the apparatus further comprises a federation chain construction module configured to:
acquiring identity certificate sets sent by the plurality of data sources;
determining the plurality of data sources as participants, and using each participant as a federation node of a blockchain;
negotiating a validation rule and an association rule with the plurality of data sources according to the identity certificate set;
constructing an intelligent contract by using the verification rule and the association rule, and storing the intelligent contract into the alliance node;
and summarizing all stored alliance nodes to obtain the alliance chain.
In the embodiment of the invention, the identity card set is a certificate set for determining the identity information of each data source. For example, the identity certificate set includes specific information of organizations such as group internal banks, trusts and the like.
The verification rule is used for verifying whether the identity information sent by each data source is consistent with the identity certificate in the federation chain, and the association rule is used for limiting association conditions of different data sources, for example, a data source A can only be associated with a data source B. By constructing the alliance chain with each data source, the safety of data transmission is improved based on the non-tamper property and traceability of the block chain, and for the newly added data source, the newly added data source only needs to be added into the alliance chain as a new alliance node, so that the method is more convenient and faster.
In the embodiment of the invention, any data source can be randomly selected as a federation owner of the federation chain, and the federation owner integrates the identity certificate sets, the association rules and the verification rules of all parties to obtain the intelligent contract and distribute the intelligent contract to all the participants.
In detail, the encrypted data obtaining module 101 obtains encrypted data sets of a plurality of data sources by performing the following operations, including:
acquiring multiple groups of encrypted data sent by multiple data sources, wherein the encrypted data is obtained by encrypting each data source by using a hash algorithm and a local public key;
authenticating a plurality of said data sources using said smart contracts;
and summarizing the encrypted data of all the data sources passing the identity authentication to obtain the encrypted data set.
In the embodiment of the present invention, the hash algorithm is specifically to change input data of any length into an output string of a fixed length, and the hash algorithm includes a secret SM3 hash algorithm, an MD5 algorithm, and the like.
The local public key refers to an encrypted public key locally stored by each data source.
For example, encrypted data obtained by encrypting the local client information by each data source using a hash algorithm and a local public key is obtained.
In the embodiment of the invention, the data source is subjected to identity verification and association matching by using the intelligent contract, so that the safety of data transmission can be improved.
The re-encryption key construction module 102, based on the pre-constructed re-encryption protocol, performs key exchange with the plurality of data sources and the pre-constructed data exchange system by using the temporary key to obtain a re-encryption key set.
In this embodiment of the present invention, the re-encryption protocol may be a Rekey generation protocol based on multiplication homomorphic encryption, and the re-encryption key is used to encrypt encrypted data of multiple data sources. And the data exchange system is used for storing the associated data and outputting the data. The temporary secret key comprises a temporary public key and a temporary private key.
Specifically, the re-encryption key construction module 102 obtains a re-encryption key set by performing the following operations:
sequentially selecting one of the data sources as a data source to be processed, and generating a temporary public key and a temporary private key based on a preset encryption algorithm;
sending the temporary public key to the data source to be selected and the data exchange system;
receiving an encryption key sent by the data source to be selected, wherein the encryption key is obtained by homomorphic encryption of an encryption private key obtained by encrypting a local private key by the data source to be selected by using the temporary public key and an encryption public key obtained by encrypting the local public key by the data exchange system by using the temporary public key;
decrypting the encrypted private key by using the temporary private key to obtain a re-encrypted key corresponding to the data source to be processed;
and returning to the step of sequentially selecting one of the data sources as a data source to be processed, and summarizing all the re-encryption keys to obtain the re-encryption key set.
Further, after obtaining the re-encryption key set, storing the re-encryption key set in the nodes of the federation chain.
In the embodiment of the present invention, taking an execution subject as a data center C as an example, the preset encryption algorithm may be an RSA encryption algorithm, one of the data sources is a professional company a, the data exchange system is a data exchange center B, and the generation step of the re-encryption key corresponding to the professional company a is as follows:
1. the data center C generates a pair of temporary public keys (PKt) and a temporary private key (SKt) based on an RSA algorithm, and sends the temporary public keys (PKt) to the professional subsidiary company A and the data exchange center B;
2. the data exchange center B encrypts a local Public Key (PKB) by using a temporary public key (PKt) to obtain an encrypted public key (XB), and sends the encrypted public key (XB) to the professional subsidiary company A;
3. the professional subsidiary company A encrypts a local private key (SKA) by using a temporary public key (PKt) to obtain an encrypted private key (XA), and multiplies the encrypted private key (XA) and the encrypted public key (XB) to obtain an encrypted secret key (Xr, k);
4. the data center C obtains the encryption key (Xr, k), and decrypts the encryption key (Xr, k) by using the temporary private key to obtain the re-encryption key (rk).
In the re-encryption protocol, the plain texts of the local private key SKA of the professional subsidiary company A, the local public key PKB of the data exchange center B and the re-encryption key rk of the data center C do not leave all parties, so that the data security of three parties is ensured, and the secure re-encryption calculation of one three party is completed.
The proxy re-encryption module 103 is configured to perform proxy re-encryption on the encrypted data in the encrypted data set by using the re-encryption key set to obtain a re-encrypted data set.
The proxy re-encryption is a key conversion mechanism among ciphertexts, in the proxy re-encryption, a semi-trusted agent (namely, a data center C) generates encrypted ciphertexts through a proxy authorizer (namely, a professional subsidiary company A) and converts the encrypted ciphertexts into ciphertexts encrypted by a public key of an authorized person (namely, a data exchange center B), and in the process, the agent cannot obtain plaintext information of data, so that the risk of data leakage is reduced.
In the embodiment of the invention, the proxy re-encryption can realize cloud ciphertext data sharing under the condition that decryption keys of data owners (namely data sources) are not leaked, and the ciphertext re-encrypted by the re-encryption key is equivalent to encryption by a public key of a data exchange system, so that the encrypted ciphertext can be unified.
Specifically, the proxy re-encryption module 103 obtains a re-encrypted data set by performing the following operations, including:
acquiring re-encryption keys corresponding to the plurality of data sources from the alliance chain by using the intelligent contract;
re-encrypting the encrypted data of each data source in the encrypted data set by using the re-encryption key to obtain a plurality of re-encrypted encryption tables;
and summarizing all the re-encryption ciphertext tables to obtain the re-encryption data set.
In the embodiment of the invention, the encrypted data of each data source is encrypted by using the corresponding re-encryption key to obtain the re-encrypted ciphertext table (namely the ciphertext space of each data source) of each data source, so that the data can be associated and matched in the ciphertext space, and the safety and the matching rate of the data are improved.
The data association module 104 is configured to associate the re-encrypted data with the same ciphertext in the re-encrypted data set to obtain associated data.
In the embodiment of the invention, because the data in the ciphertext space is the encrypted ciphertext obtained by re-encrypting the plurality of data sources, which is equivalent to unifying the ciphertext space of each data source by using the public key of the data exchange system, the complexity of data association matching is reduced by carrying out proxy re-encryption on the data of each data source.
Specifically, the data association module 104 obtains association data by performing the following operations, including:
associating the re-encrypted ciphertext table by using a preset association function to obtain an associated ciphertext table;
and searching data with the same ciphertext in the association ciphertext table based on the association function, and determining the searched data as the association data.
In the embodiment of the present invention, the associated data refers to the same data in different data sources, for example, client information of professional subsidiary 1 and professional subsidiary 2 is subjected to proxy re-encryption to obtain a re-encrypted ciphertext table a (i.e., ciphertext space of professional subsidiary 1) and a re-encrypted ciphertext table B (i.e., ciphertext space of professional subsidiary 2), where each table includes two fields: IDX and CDX, IDX refers to ciphertext encrypted by each professional subsidiary, CDX refers to ciphertext re-encrypted, and the re-encrypted ciphertext table a includes: IDX: XYZ, ZYX and XYZ; CDX1: ABC, CBA and ACB, wherein the re-encryption ciphertext table B comprises: IDX2: XYZ, ZYX and XYZ; CDX2: LMN, LNM, and ACB. The preset correlation function may be: SELECT a. Idx FROM a, B WHERE CDX1= CDX2, and the same ciphertext in the two tables is XYZ, it can be determined that the data corresponding to XYZ is the same customer information of two companies. The invention can use the ciphertext after proxy re-encryption to correlate the same data of different companies, and can improve the security of the data by correlating the same data of different companies.
In another optional embodiment of the present invention, the apparatus further includes a reverse re-encryption module, where the reverse re-encryption module is configured to:
carrying out reverse re-encryption protocol with the plurality of data sources and the pre-constructed data exchange system to obtain a reverse re-encryption key;
and re-encrypting the associated data by using the reverse re-encryption key, and storing the re-encrypted associated data to the data exchange system so that the data exchange system maps the re-encrypted associated data back to the plurality of data sources.
In the embodiment of the present invention, the reverse re-encryption protocol is similar to the re-encryption protocol, and only the processing steps of the multiple data sources and the data exchange system are exchanged, which is not described herein again.
In the embodiment of the invention, after the corresponding associated data is obtained by using the ciphertext space, the ciphertext space of the corresponding professional subsidiary company can be restored by using the proxy re-encryption mode through the data exchange center, and the whole scheme completely accords with the principle that multi-party safety calculation can be used but is invisible, so that the data safety is improved.
According to the invention, by acquiring the encrypted data of each data source, the plaintext data and the encryption key of the encrypted data are not mastered in the data association process, so that the security of data transmission is improved. Meanwhile, the re-encryption keys corresponding to different data sources are obtained through a re-encryption protocol constructed by the multiple data sources and the data exchange system, the data in the encrypted data set is subjected to proxy re-encryption by using the re-encryption key set, the encrypted data of the multiple data sources can be unified, data association can be performed without decryption, and the security and the efficiency of data association are further improved. Therefore, the multi-source data association device provided by the invention can solve the problem of low data association security.
Fig. 3 is a schematic structural diagram of an electronic device for implementing an association method of multi-source data according to an embodiment of the present invention, and the electronic device includes a processor 111, a communication interface 112, a memory 113, and a communication bus 114, where the processor 111, the communication interface 112, and the memory 113 complete communication with each other through the communication bus 114.
The memory 113 is used for storing computer programs, such as the program of the correlation method of multi-source data.
In an embodiment of the present application, when the processor 111 is configured to execute the program stored in the memory 113, the method for associating multi-source data provided in any one of the foregoing method embodiments is implemented, including:
acquiring an encrypted data set sent by a plurality of data sources in a alliance chain;
based on a pre-constructed re-encryption protocol, performing key exchange with the plurality of data sources and the pre-constructed data exchange system by using temporary keys to obtain a re-encryption key set;
carrying out proxy re-encryption on the encrypted data in the encrypted data set by using the re-encryption key set to obtain a re-encrypted data set;
and associating the re-encrypted data with the same ciphertext in the re-encrypted data set to obtain associated data.
The communication bus 114 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus 114 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown, but this is not intended to represent only one bus or type of bus.
The communication interface 112 is used for communication between the above-described electronic apparatus and other apparatuses.
The memory 113 may include a Random Access Memory (RAM), and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory. Alternatively, the memory 113 may be at least one storage device located remotely from the processor 111.
The processor 111 may be a general-purpose processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the integrated circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, or discrete hardware components.
Further, the electronic device integrated module/unit, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in a computer readable storage medium. The computer readable medium may be non-volatile or volatile. The computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM).
The present invention also provides a computer-readable storage medium storing a computer program which, when executed by a processor of an electronic device, implements:
acquiring an encrypted data set sent by a plurality of data sources in a alliance chain;
based on a pre-constructed re-encryption protocol, performing key exchange with the plurality of data sources and the pre-constructed data exchange system by using temporary keys to obtain a re-encryption key set;
carrying out proxy re-encryption on the encrypted data in the encrypted data set by using the re-encryption key set to obtain a re-encrypted data set;
and associating the re-encrypted data with the same ciphertext in the re-encrypted data set to obtain associated data.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
The embodiment of the application can acquire and process related data based on an artificial intelligence technology. Among them, artificial Intelligence (AI) is a theory, method, technique and application system that simulates, extends and expands human Intelligence using a digital computer or a machine controlled by a digital computer, senses the environment, acquires knowledge and uses the knowledge to obtain the best result.
Furthermore, it will be obvious that the term "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not to denote any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (7)

1. A multi-source data association method is applied to a server and comprises the following steps:
acquiring an encrypted data set sent by a plurality of data sources in a alliance chain;
based on a pre-constructed re-encryption protocol, performing key exchange with the plurality of data sources and the pre-constructed data exchange system by using temporary keys to obtain a re-encryption key set;
carrying out proxy re-encryption on the encrypted data in the encrypted data set by using the re-encryption key set to obtain a re-encrypted data set;
correlating the re-encrypted data with the same ciphertext in the re-encrypted data set to obtain correlated data;
wherein:
the key exchange between the temporary keys and the plurality of data sources and the pre-constructed data exchange system is performed to obtain a re-encryption key set, and the method comprises the following steps: sequentially selecting one of the data sources as a data source to be selected, and generating a temporary public key and a temporary private key based on a preset encryption algorithm; sending the temporary public key to the data source to be selected and the data exchange system; receiving an encryption key sent by the data source to be selected, wherein the encryption key is obtained by homomorphic encryption of an encryption private key obtained by encrypting a local private key by the data source to be selected by using the temporary public key and an encryption public key obtained by encrypting the local public key by the data exchange system by using the temporary public key; decrypting the encrypted private key by using the temporary private key to obtain a re-encrypted private key corresponding to the data source to be selected; returning to the step of sequentially selecting one of the data sources as a data source to be selected, and summarizing all the re-encryption keys to obtain the re-encryption key set;
the performing proxy re-encryption on the encrypted data in the encrypted data set by using the re-encryption key set to obtain a re-encrypted data set, including: acquiring re-encryption keys corresponding to the plurality of data sources from the alliance chain by using an intelligent contract; re-encrypting the encrypted data of each data source in the encrypted data set by using the re-encryption key to obtain a plurality of re-encrypted encryption tables; summarizing all the re-encrypted ciphertext tables to obtain the re-encrypted data set;
associating the re-encrypted data with the same ciphertext in the re-encrypted data set to obtain associated data, comprising: associating the re-encrypted ciphertext table by using a preset association function to obtain an associated ciphertext table; and searching data with the same cipher text in the association cipher text table based on the association function, and determining the searched data as the association data.
2. The method for associating multi-source data according to claim 1, wherein before obtaining the encrypted data set sent by the plurality of data sources in the federation chain, the method further comprises:
acquiring identity certificate sets sent by the plurality of data sources;
determining the plurality of data sources as participants, and using each participant as a federation node of a blockchain;
negotiating a validation rule and an association rule with the plurality of data sources according to the identity certificate set;
constructing an intelligent contract by using the verification rule and the association rule, and storing the intelligent contract into the alliance node;
and summarizing all stored alliance nodes to obtain the alliance chain.
3. The method for associating multi-source data according to claim 2, wherein the obtaining of the encrypted data set sent by the plurality of data sources in the federation chain comprises:
acquiring multiple groups of encrypted data sent by multiple data sources, wherein the encrypted data is obtained by encrypting each data source by using a hash algorithm and a local public key;
authenticating a plurality of said data sources using said smart contracts;
and summarizing the encrypted data of all the data sources passing the identity authentication to obtain the encrypted data set.
4. The method for correlating multi-source data according to any one of claims 1 to 3, wherein after obtaining correlation data, the method further comprises:
carrying out reverse re-encryption protocol with the plurality of data sources and the pre-constructed data exchange system to obtain a reverse re-encryption key;
and re-encrypting the associated data by using the reverse re-encryption key, and storing the re-encrypted associated data to the data exchange system so that the data exchange system maps the re-encrypted associated data back to the plurality of data sources.
5. An apparatus for correlating multi-source data, the apparatus comprising:
the encrypted data acquisition module is used for acquiring encrypted data sets sent by a plurality of data sources in a alliance chain;
the re-encryption key construction module is used for performing key exchange with the plurality of data sources and the pre-constructed data exchange system by using temporary keys based on a pre-constructed re-encryption protocol to obtain a re-encryption key set;
the proxy re-encryption module is used for performing proxy re-encryption on the encrypted data in the encrypted data set by using the re-encryption key set to obtain a re-encrypted data set;
the data association module is used for associating the re-encrypted data with the same ciphertext in the re-encrypted data set to obtain associated data;
wherein:
the key exchange between the temporary keys and the plurality of data sources and the pre-constructed data exchange system is performed to obtain a re-encryption key set, and the method comprises the following steps: sequentially selecting one of the data sources as a data source to be selected, and generating a temporary public key and a temporary private key based on a preset encryption algorithm; sending the temporary public key to the data source to be selected and the data exchange system; receiving an encryption key sent by the data source to be selected, wherein the encryption key is obtained by homomorphic encryption of an encryption private key obtained by encrypting a local private key by the data source to be selected by using the temporary public key and an encryption public key obtained by encrypting the local public key by the data exchange system by using the temporary public key; decrypting the encrypted private key by using the temporary private key to obtain a re-encrypted key corresponding to the data source to be selected; returning to the step of sequentially selecting one of the data sources as a data source to be selected, and summarizing all the re-encryption keys to obtain the re-encryption key set;
the performing proxy re-encryption on the encrypted data in the encrypted data set by using the re-encryption key set to obtain a re-encrypted data set, including: acquiring re-encryption keys corresponding to the plurality of data sources from the alliance chain by using an intelligent contract; re-encrypting the encrypted data of each data source in the encrypted data set by using the re-encryption key to obtain a plurality of re-encrypted encryption tables; summarizing all the re-encrypted ciphertext tables to obtain the re-encrypted data set;
associating the re-encrypted data with the same ciphertext in the re-encrypted data set to obtain associated data, comprising: associating the re-encrypted ciphertext table by using a preset association function to obtain an associated ciphertext table; and searching data with the same cipher text in the association cipher text table based on the association function, and determining the searched data as the association data.
6. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform a method of correlating multi-source data according to any one of claims 1 to 4.
7. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, implements a method of correlating multi-source data according to any one of claims 1 to 4.
CN202111023429.9A 2021-08-31 2021-08-31 Multi-source data association method, device, equipment and storage medium Active CN113746829B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111023429.9A CN113746829B (en) 2021-08-31 2021-08-31 Multi-source data association method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111023429.9A CN113746829B (en) 2021-08-31 2021-08-31 Multi-source data association method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113746829A CN113746829A (en) 2021-12-03
CN113746829B true CN113746829B (en) 2023-03-24

Family

ID=78734795

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111023429.9A Active CN113746829B (en) 2021-08-31 2021-08-31 Multi-source data association method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113746829B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109347832A (en) * 2018-10-24 2019-02-15 中国银行股份有限公司 A kind of dynamic data sharing method, terminal device and proxy server
CN110400642A (en) * 2019-06-12 2019-11-01 梁胤豪 A kind of medical data shared system and design method based on block chain technology
CN110457926A (en) * 2019-08-13 2019-11-15 重庆邮电大学 It is a kind of industry Internet of Things in based on data encryption storage data sharing method
CN110610105B (en) * 2019-09-25 2020-07-24 郑州轻工业学院 Secret sharing-based authentication method for three-dimensional model file in cloud environment
CN111541678A (en) * 2020-04-17 2020-08-14 上海朝夕网络技术有限公司 Block chain-based proxy re-encryption method, system and storage medium
CN112632574A (en) * 2020-12-21 2021-04-09 深圳壹账通智能科技有限公司 Multi-mechanism data processing method and device based on alliance chain and related equipment

Also Published As

Publication number Publication date
CN113746829A (en) 2021-12-03

Similar Documents

Publication Publication Date Title
US11936774B2 (en) Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys
Timothy et al. A hybrid cryptography algorithm for cloud computing security
CN106961336A (en) A kind of key components trustship method and system based on SM2 algorithms
CN110414981B (en) Homomorphic encryption method supporting ZKPs and blockchain transaction amount encryption method
Yasin et al. Cryptography based e-commerce security: a review
CN113162752B (en) Data processing method and device based on hybrid homomorphic encryption
Olumide et al. A hybrid encryption model for secure cloud computing
CN116318696B (en) Proxy re-encryption digital asset authorization method under condition of no initial trust of two parties
Zhu et al. Outsourcing set intersection computation based on bloom filter for privacy preservation in multimedia processing
Cui et al. Towards Multi-User, Secure, and Verifiable $ k $ NN Query in Cloud Database
CN113746829B (en) Multi-source data association method, device, equipment and storage medium
Gasti et al. Privacy-preserving user matching
Take et al. E-certificate generation using blockchain for p2p network: An overview
Sumathy et al. Enhanced Public Integrity Auditing On Cloud Data Using Sha Algorithm
de Souza et al. SSICC: sharing sensitive information in a cloud-of-clouds
Zagade et al. Group user revocation and integrity auditing of shared data in cloud environment
SHITOLE et al. REDSC: RELIABLITY OF DATA SHARING IN CLOUD
Kamble et al. A Secured Homomorphic Encryption Technique in Cloud Computing
BINDU et al. Batch User Retraction and Integrity Auditing of Shared Data in Cloud Environment
Su et al. Analysis and improvement of privacy-preserving frequent item protocol for accountable computation framework
CN117708881A (en) Cross-mechanism blacklist sharing method and system based on reusable confusion circuit
Crocker et al. Applications of Identity Based Cryptography and Sticky Policies With Electronic Identity Cards
Dkgoi's et al. RFID authentication protocol for security and privacy maintenance in cloud based employee management system
Li Efficient cryptographic primitives: Secure comparison, binary decomposition and proxy re-encryption
Rasmussen Privacy− preserving User Matching

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant