CN114676169A - Data query method and device - Google Patents

Data query method and device Download PDF

Info

Publication number
CN114676169A
CN114676169A CN202210583913.5A CN202210583913A CN114676169A CN 114676169 A CN114676169 A CN 114676169A CN 202210583913 A CN202210583913 A CN 202210583913A CN 114676169 A CN114676169 A CN 114676169A
Authority
CN
China
Prior art keywords
data
sequence
service provider
index
fragmented
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210583913.5A
Other languages
Chinese (zh)
Other versions
CN114676169B (en
Inventor
陈立峰
卞阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fucun Technology Shanghai Co ltd
Original Assignee
Fucun Technology Shanghai Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fucun Technology Shanghai Co ltd filed Critical Fucun Technology Shanghai Co ltd
Priority to CN202210583913.5A priority Critical patent/CN114676169B/en
Publication of CN114676169A publication Critical patent/CN114676169A/en
Application granted granted Critical
Publication of CN114676169B publication Critical patent/CN114676169B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2457Query processing with adaptation to user needs
    • G06F16/24573Query processing with adaptation to user needs using data annotations, e.g. user-defined metadata
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Library & Information Science (AREA)
  • Computational Linguistics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application provides a data query method and a data query device, which are applied to the field of data security, and the method comprises the following steps: blind signature is carried out on the data to be inquired and the service provider to obtain a position index of the data to be inquired in the data set of the service provider; determining an index sequence corresponding to the data to be queried according to the position index; determining data to be queried according to the index sequence and an intermediate data sequence sent by a model holder; wherein the intermediate data sequence is determined from the initial data sequence in the service provider and the weight sequence in the model holder. Therefore, the inquiring party can receive the intermediate data sequence sent by the model holder, wherein the intermediate data sequence can be data processed by the model holder and the weight sequence on the initial data sequence provided by the service provider. That is, in the embodiment of the present application, the data of the query can be processed by the model holder, so that the technical problem that the data of the query cannot be processed in the process of hiding the trace query is solved.

Description

Data query method and device
Technical Field
The application relates to the field of data security, in particular to a data query method and device.
Background
The confidential query technology, also called private information retrieval, refers to that a data querying party querying data hides a keyword of a queried object or Identity Document (ID) information of a queried client, so that a service provider providing data provides a matched query result but cannot know which query object specifically corresponds to.
In the prior art, the currently common introspection query technology is generally that a data inquirer directly communicates with a service provider, the data inquirer inquires data of an inquired object from the service provider, and the service provider provides data corresponding to the inquired data to the data inquirer. Therefore, the existing technology of the hiding trace query can solve the problem that the ID of the data inquirer is not exposed when the data inquirer inquires the data of the service provider. However, in the process of the above-described confidential query, the data queried by the data querying party cannot be processed.
Disclosure of Invention
The embodiment of the application aims to provide a data query method and a data query device, which are used for solving the technical problem that query data cannot be processed in the process of hiding trace queries.
In a first aspect, an embodiment of the present application provides a data query method, which is applied to a data querying party, and includes: blind signature is carried out on the data to be inquired and the service provider, and a position index of the data to be inquired in the data set of the service provider is obtained; determining an index sequence corresponding to the data to be queried according to the position index; determining the data to be queried according to the index sequence and an intermediate data sequence sent by a model holder; wherein the intermediate data sequence is determined from an initial data sequence in the service provider and a weight sequence in the model holder. In the above scheme, the data querying party may receive the intermediate data sequence sent by the model holder, where the intermediate data sequence may be data obtained by processing the initial data sequence provided by the service provider for the model holder and the weight sequence. That is, in the embodiment of the present application, the data of the query can be processed by the model holder, so that the technical problem that the data of the query cannot be processed in the process of hiding the trace query is solved.
In an optional embodiment, the determining the data to be queried according to the index sequence and an intermediate data sequence sent by a model holder includes: fragmenting the index sequence, and receiving a first weight sequence fragmented by the model holder and a first initial data sequence fragmented by the service provider; determining fragmented data according to the fragmented index sequence and the intermediate data sequence; wherein the intermediate data sequence is determined according to the fragmented second initial data sequence and the fragmented second weight sequence; and determining the data to be queried according to the fragmented data, the first weight sequence and the first initial data sequence. In the above scheme, the data querying party may perform fragmentation on the index sequence, the model holding party may perform fragmentation on the weight sequence, and the service provider may perform fragmentation on the initial data sequence. The data are fragmented by three parties, so that a model holder and a service provider cannot know the complete data of the inquired data in the data transmission process; and the data inquiring party can restore the data based on the fragmented data to obtain the complete inquired data. Therefore, in the embodiment of the application, the security of data query can be further improved on the basis of processing the queried data.
In an optional embodiment, the determining fragmented data according to the fragmented index sequence and the intermediate data sequence includes: aiming at the ith numerical value in the fragmented index sequence, multiplying the ith numerical value in the fragmented index sequence with the ith numerical value in the intermediate data sequence to obtain an ith product result; wherein i is more than or equal to 1 and less than or equal to n, and n is the number of data in the data set; and adding the n product results to obtain the data to be inquired. In the above scheme, the data querying party may perform fragmentation on the index sequence, the model holding party may perform fragmentation on the weight sequence, and the service provider may perform fragmentation on the initial data sequence. The data are fragmented by three parties, so that a model holder and a service provider cannot know the complete data of the inquired data in the data transmission process; and the data inquiring party can restore the data based on the fragmented data to obtain the complete inquired data. Therefore, in the embodiment of the application, the security of data query can be further improved on the basis of processing the queried data.
In an optional embodiment, the determining the data to be queried according to the index sequence and an intermediate data sequence sent by a model holder includes: aiming at the jth numerical value in the index sequence, multiplying the jth numerical value in the index sequence with the jth numerical value in the intermediate data sequence to obtain a jth product result; wherein j is more than or equal to 1 and less than or equal to m, and m is the number of data in the data set; and adding the m product results to obtain the data to be inquired. In the above scheme, the data querying party can determine the data to be queried according to the index sequence and the intermediate data sequence sent by the model holder, and the model holder and the service provider do not know which data the data querying party specifically queries, so that the security of data query can be ensured on the basis of processing the queried data.
In an optional embodiment, the determining, according to the position index, an index sequence corresponding to the data to be queried includes: setting the numerical value of the position corresponding to the position index in the sequence as 1, and setting the numerical values of other positions in the sequence as 0 to obtain the index sequence; wherein the number of values in the index sequence is the same as the number of data in the data set. In the above scheme, the data querying party can determine the data to be queried according to the index sequence and the intermediate data sequence sent by the model holder, and the model holder and the service provider do not know which data the data querying party specifically queries, so that the security of data query can be ensured on the basis of processing the queried data.
In an optional embodiment, the blindly signing with the service provider to obtain a position index of the data to be queried in the data set of the service provider includes: receiving a public key sent by the service provider; blinding the first ID of the local terminal according to the public key to obtain a second ID; sending the second ID to the service provider so that the service provider signs the second ID to obtain a third ID; receiving the third ID and the fourth ID sent by the service provider; the fourth ID is obtained by the service provider signing the ID of the service provider; and performing blind removal on the third ID, and performing dense state text searching based on the blind-removed ID and the fourth ID to obtain the position index.
In a second aspect, an embodiment of the present application provides a data query apparatus, which is applied to a data query party, and includes: the blind signature module is used for carrying out blind signature with a service provider to obtain a position index of the data to be queried in a data set of the service provider; the first determining module is used for determining an index sequence corresponding to the data to be queried according to the position index; the second determining module is used for determining the data to be inquired according to the index sequence and an intermediate data sequence sent by a model holder; wherein the intermediate data sequence is determined from an initial data sequence in the service provider and a weight sequence in the model holder. In the above scheme, the data querying party may receive the intermediate data sequence sent by the model holder, where the intermediate data sequence may be data obtained by processing the initial data sequence provided by the service provider for the model holder and the weight sequence. That is, in the embodiment of the present application, the data of the query can be processed by the model holder, so that the technical problem that the data of the query cannot be processed in the process of hiding the trace query is solved.
In an optional embodiment, the second determining module is specifically configured to: fragmenting the index sequence, and receiving a first weight sequence fragmented by the model holder and a first initial data sequence fragmented by the service provider; determining fragmented data according to the fragmented index sequence and the intermediate data sequence; wherein the intermediate data sequence is determined according to the fragmented second initial data sequence and the fragmented second weight sequence; and determining the data to be queried according to the fragmented data, the first weight sequence and the first initial data sequence. In the above scheme, the data querying party may perform fragmentation on the index sequence, the model holding party may perform fragmentation on the weight sequence, and the service provider may perform fragmentation on the initial data sequence. The data are fragmented by three parties, so that a model holder and a service provider cannot know the complete data of the inquired data in the data transmission process; and the data inquiring party can restore the data based on the fragmented data to obtain the complete inquired data. Therefore, in the embodiment of the application, the security of data query can be further improved on the basis of processing the queried data.
In an optional embodiment, the second determining module is further configured to: aiming at the ith numerical value in the fragmented index sequence, multiplying the ith numerical value in the fragmented index sequence with the ith numerical value in the intermediate data sequence to obtain an ith product result; wherein i is more than or equal to 1 and less than or equal to n, and n is the number of data in the data set; and adding the n product results to obtain the data to be inquired. In the above scheme, the data querying party may perform fragmentation on the index sequence, the model holding party may perform fragmentation on the weight sequence, and the service provider may perform fragmentation on the initial data sequence. The data are fragmented by three parties, so that a model holder and a service provider cannot know the complete data of the inquired data in the data transmission process; and the data inquiring party can restore the data based on the fragmented data to obtain the complete inquired data. Therefore, in the embodiment of the application, the safety of data query can be further improved on the basis of processing the queried data.
In an optional embodiment, the second determining module is specifically configured to: aiming at the jth numerical value in the index sequence, multiplying the jth numerical value in the index sequence with the jth numerical value in the intermediate data sequence to obtain a jth product result; j is more than or equal to 1 and less than or equal to m, and m is the number of data in the data set; and adding the m product results to obtain the data to be inquired. In the above scheme, the data querying party can determine the data to be queried according to the index sequence and the intermediate data sequence sent by the model holder, and the model holder and the service provider do not know which data the data querying party specifically queries, so that the security of data query can be ensured on the basis of processing the queried data.
In an optional embodiment, the first determining module is specifically configured to: setting the numerical value of the position corresponding to the position index in the sequence as 1, and setting the numerical values of other positions in the sequence as 0 to obtain the index sequence; wherein the number of values in the index sequence is the same as the number of data in the data set. In the above scheme, the data querying party can determine the data to be queried according to the index sequence and the intermediate data sequence sent by the model holder, and the model holder and the service provider do not know which data the data querying party specifically queries, so that the security of data query can be ensured on the basis of processing the queried data.
In an optional embodiment, the blind signature module is specifically configured to: receiving a public key sent by the service provider; blinding the first ID of the local terminal according to the public key to obtain a second ID; sending the second ID to the service provider so that the service provider signs the second ID to obtain a third ID; receiving the third ID and the fourth ID sent by the service provider; the fourth ID is obtained by the service provider signing the ID of the service provider; and performing blind removal on the third ID, and performing dense state text searching based on the blind-removed ID and the fourth ID to obtain the position index.
In a third aspect, embodiments of the present application provide a computer program product comprising computer program instructions, which when read and executed by a processor, perform the method according to the first aspect.
In a fourth aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory, and a bus; the processor and the memory are communicated with each other through the bus; the memory stores computer program instructions executable by the processor, the processor invoking the computer program instructions to perform the method of the first aspect.
In a fifth aspect, embodiments of the present application provide a computer-readable storage medium storing computer program instructions, which, when executed by a computer, cause the computer to perform the method according to the first aspect.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a block diagram of a data query system according to an embodiment of the present application;
fig. 2 is a flowchart of a data query method applied to a data query party according to an embodiment of the present application;
fig. 3 is a block diagram of a data query apparatus applied to a data query party according to an embodiment of the present application;
fig. 4 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Referring to fig. 1, fig. 1 is a block diagram illustrating a data query system according to an embodiment of the present application, where the data query system 100 may include: data inquirer 101, model holder 102, and service provider 103.
Specifically, data inquirer 101 and service provider 103 are both connected with model holder 102 in communication. The data inquirer 101 is configured to inquire data to be inquired, the service provider 103 is configured to provide the data to be inquired, and the model holder 102 is configured to process the data provided by the service provider 103 and then send the processed data to the data inquirer 101. As an embodiment, the model holder 102 may be a third-party device, which may perform model security inference integration on the data provided by the service provider 103 and then return the data to the data inquirer 101.
It should be noted that, in the embodiment of the present application, the number of the service providers 103 is not specifically limited, and according to different actual situations, a person skilled in the art may flexibly adjust the number of the service providers 103, for example: the number of service providers 103 may be 3, may be 10, may be 50, etc.
It is understood that the data inquirer 101, the model holder 102 and the service provider 103 can be implemented by electronic devices, and the specific implementation of the electronic devices will be described in detail in the following embodiments and will not be described here for the moment.
Based on the data inquiry party in the data inquiry system, the embodiment of the application also provides a data inquiry method. Referring to fig. 2, fig. 2 is a flowchart of a data query method applied to a data query party according to an embodiment of the present application, where the data query method includes the following steps:
step S201: and blind signing with the service provider to obtain the position index of the data to be inquired in the data set of the service provider.
Step S202: and determining an index sequence corresponding to the data to be queried according to the position index.
Step S203: and determining the data to be queried according to the index sequence and the intermediate data sequence sent by the model holder.
Specifically, when there are a plurality of service providers, each service provider may have a part of the data to be queried. Taking a service provider as an example, there exists a data set in the service provider, and the data set includes an initial data sequence, and the initial data sequence includes a plurality of data, each data corresponding to a position in the data set. The model holder may also include a plurality of weight sequences, each weight sequence corresponding to an initial data sequence of one service provider.
For example, assuming that the number of service providers is N, and each data set of the service providers includes N data, the first data of the first service provider, the first data of the second service provider, … …, and the first data of the nth service provider together form one data; similarly, the nth data of the first service provider, the nth data of the second service provider, … … and the nth data of the nth service provider together form one data.
First, in step S201, the data querying party may obtain a position index of the data to be queried in the data set of the service provider by performing blind signature with the service provider. For example, assuming that the number of the service providers is N, and each data set of the service providers includes N data, the data inquirer can obtain the 2 nd data of the data to be inquired from the first service provider to the nth service provider by performing blind signature with the service provider.
It should be noted that, the specific implementation of the blind signature performed by the data inquirer and the service provider will be described in detail in the following embodiments, and will not be described here for the time being.
Next, after obtaining the position index of the data to be queried, the data querying party may determine an index sequence corresponding to the data to be queried according to the position index. The specific implementation manner of the data querying party determining the index sequence corresponding to the data to be queried according to the position index may include the following contents:
and setting the numerical value of the position corresponding to the position index in the sequence as 1, and setting the numerical values of other positions in the sequence as 0 to obtain an index sequence.
The data inquirer can determine the data to be inquired according to the index sequence and the intermediate data sequence sent by the model holder, and the model holder and the service provider do not know which data the data inquirer inquires specifically, so that the safety of data inquiry can be ensured on the basis of processing the inquired data.
And finally, the data inquiring party can determine the data to be inquired according to the index sequence and the intermediate data sequence sent by the model holding party. Wherein the intermediate data sequence is determined from the initial data sequence in the service provider and the weight sequence in the model holder.
In the above scheme, the querying party may receive the intermediate data sequence sent by the model holder, where the intermediate data sequence may be data obtained by processing the initial data sequence provided by the service provider for the model holder and the weight sequence. That is, in the embodiment of the present application, the data of the query can be processed by the model holder, so that the technical problem that the data of the query cannot be processed in the process of hiding the trace query is solved.
Further, on the basis of the foregoing embodiment, the step S203 may specifically include the following steps:
step 1), fragmenting the index sequence, and receiving a first weight sequence fragmented by the model holder and a first initial data sequence fragmented by the service provider.
And 2) determining fragmented data according to the fragmented index sequence and the intermediate data sequence.
And 3) determining data to be queried according to the fragmented data, the first weight sequence and the first initial data sequence.
Specifically, the data querying party can fragment the index sequence to obtain a fragmented index sequence; the model holder can fragment the weight sequence to obtain a first weight sequence and a second weight sequence; the service provider may fragment the initial data sequence to obtain a first initial data sequence and a second initial data sequence.
After fragmentation is completed, the model holder and the service provider can send the first weight sequence and the first initial data sequence to the data inquirer; and the data inquiring party can determine fragmented data according to the fragmented index sequence and the intermediate data sequence.
It is to be understood that, in the embodiment of the present application, the intermediate data sequence may be determined according to the fragmented second initial data sequence and the fragmented second weight sequence. In this way, in the data transmission process, the model holder and the service provider do not know the complete data of the queried data, and the data querier can restore the data to be queried based on the fragmented data, the first weight sequence and the first initial data sequence to obtain the complete data to be queried.
In the above scheme, the data querying party may perform fragmentation on the index sequence, the model holding party may perform fragmentation on the weight sequence, and the service provider may perform fragmentation on the initial data sequence. Because the data are fragmented by three parties, the model holder and the service provider do not know the complete data of the queried data in the data transmission process. And the data inquiring party can restore the data based on the fragmented data to obtain the complete inquired data. Therefore, in the embodiment of the application, the security of data query can be further improved on the basis of processing the queried data.
Further, on the basis of the above embodiment, the step of determining fragmented data according to the fragmented index sequence and the intermediate data sequence may specifically include the following steps:
step 1), aiming at the ith numerical value in the fragmented index sequence, multiplying the ith numerical value in the fragmented index sequence by the ith numerical value in the intermediate data sequence to obtain an ith product result.
And 2) adding the n product results to obtain the data to be inquired.
Specifically, assume that the number of service providers is N, and each service isThe provider's data set comprises n data, the second initial data sequence in the ith service provider
Figure M_220414140024622_622548001
Can be expressed as (1. ltoreq. i. ltoreq. n):
Figure M_220414140024676_676739001
wherein the content of the first and second substances,
Figure M_220414140024739_739241001
is the nth data in the second initial data sequence in the ith service provider.
Ith second weight sequence in model holder
Figure M_220414140024770_770500001
Can be expressed as:
Figure M_220414140024801_801764001
wherein the content of the first and second substances,
Figure M_220414140024832_832996001
is the nth weight in the ith second weight sequence in the model holder.
Thus, the intermediate data sequence
Figure M_220414140024865_865721001
Can be expressed as:
Figure M_220414140024896_896973001
index sequence
Figure M_220414140024959_959475001
Can be expressed as:
Figure M_220414140024975_975076001
thus, the data to be queried can be represented as:
Figure M_220414140025022_022009001
=
Figure M_220414140025070_070799001
in the above scheme, the data querying party may perform fragmentation on the index sequence, the model holding party may perform fragmentation on the weight sequence, and the service provider may perform fragmentation on the initial data sequence. Since the data are fragmented by three parties, the model holder and the service provider do not know the complete data of the queried data in the data transmission process. And the data inquiring party can restore the data based on the fragmented data to obtain the complete inquired data. Therefore, in the embodiment of the application, the security of data query can be further improved on the basis of processing the queried data.
Further, on the basis of the foregoing embodiment, the step S203 may specifically include the following steps:
and step 1), aiming at the jth numerical value in the index sequence, multiplying the jth numerical value in the index sequence and the jth numerical value in the intermediate data sequence to obtain a jth product result.
And step 2), adding the m product results to obtain the data to be queried.
Specifically, assuming that the number of service providers is M, each service provider data set includes M data, and the second initial data sequence in the jth service provider
Figure M_220414140025102_102043001
Can be expressed as (1. ltoreq. j. ltoreq.m):
Figure M_220414140025117_117688001
wherein the content of the first and second substances,
Figure M_220414140025164_164573001
for the nm-th data in the second initial data sequence in the jth service provider.
Jth second weight sequence in model holder
Figure M_220414140025195_195805001
Can be expressed as:
Figure M_220414140025211_211427001
wherein the content of the first and second substances,
Figure M_220414140025259_259740001
is the nth weight in the ith second weight sequence in the model holder.
Thus, the intermediate data sequence
Figure M_220414140025291_291005001
Can be expressed as:
Figure M_220414140025322_322244001
index sequence
Figure M_220414140025369_369133001
Can be expressed as:
Figure M_220414140025400_400422001
thus, the data to be queried may be represented as:
Figure M_220414140025416_416008001
=
Figure M_220414140025486_486327001
in the above scheme, the data querying party can determine the data to be queried according to the index sequence and the intermediate data sequence sent by the model holder, and the model holder and the service provider do not know which data the data querying party specifically queries, so that the security of data query can be ensured on the basis of processing the queried data.
Further, on the basis of the foregoing embodiment, the step S201 may specifically include the following steps:
step 1), the service provider generates a secret key and a public key
Figure M_220414140025517_517568001
And will public key
Figure M_220414140025548_548838002
And sending the data to a data inquirer.
Step 2), after the data inquiring party receives the public key, the first ID of the data inquiring party is blinded according to the public key to obtain a second ID:
Figure M_220414140025580_580085001
wherein, in the process,
Figure M_220414140025626_626959002
is the second ID of the first ID, and,
Figure M_220414140025663_663566003
in order to be the public key,
Figure M_220414140025679_679249004
is a first ID of the first group of the mobile terminal,
Figure M_220414140025710_710453005
is one of the first IDs.
And step 3), the data inquiry party sends a second ID to the service provider.
Step 4), after receiving the second ID, the service provider signs the second ID to obtain a third ID:
Figure M_220414140025726_726047001
wherein, in the step (A),
Figure M_220414140025788_788598002
is the third ID, n is the public key, and the signature is carried out on the self ID to obtain the fourth ID:
Figure M_220414140025804_804218003
wherein, in the step (A),
Figure M_220414140025852_852508004
in order to be the fourth ID, the ID,
Figure M_220414140025884_884304005
is the ID of the service provider.
And step 5), the data inquirer receives the third ID and the fourth ID sent by the service provider.
And 6), the data inquiry party performs blindness removal on the third ID, and performs dense state text searching based on the blindness-removed ID and the fourth ID to obtain the position index.
Wherein the third ID can be blinded using the following formula:
Figure M_220414140025899_899949001
the dense state formulation can be performed using the following equation:
Figure M_220414140025962_962412001
referring to fig. 3, fig. 3 is a block diagram illustrating a data query apparatus applied to a data query party according to an embodiment of the present application, where the data query apparatus 300 may include: the blind signature module 301 is configured to perform blind signature with a service provider to obtain a position index of data to be queried in a data set of the service provider; a first determining module 302, configured to determine, according to the position index, an index sequence corresponding to the data to be queried; a second determining module 303, configured to determine the data to be queried according to the index sequence and an intermediate data sequence sent by a model holder; wherein the intermediate data sequence is determined from an initial data sequence in the service provider and a weight sequence in the model holder.
In this embodiment of the present application, the data querying party may receive the intermediate data sequence sent by the model holder, where the intermediate data sequence may be data obtained by processing the initial data sequence provided by the service provider for the model holder and the weight sequence. That is, in the embodiment of the present application, the data of the query can be processed by the model holder, so that the technical problem that the data of the query cannot be processed in the process of hiding the trace query is solved.
Further, the second determining module 303 is specifically configured to: fragmenting the index sequence, and receiving a first weight sequence fragmented by the model holder and a first initial data sequence fragmented by the service provider; determining fragmented data according to the fragmented index sequence and the intermediate data sequence; wherein the intermediate data sequence is determined according to the fragmented second initial data sequence and the fragmented second weight sequence; and determining the data to be queried according to the fragmented data, the first weight sequence and the first initial data sequence.
In the embodiment of the application, a data inquirer can fragment an index sequence, a model holder can fragment a weight sequence, and a service provider can fragment an initial data sequence. The data are fragmented by three parties, so that a model holder and a service provider cannot know the complete data of the inquired data in the data transmission process; and the data inquiring party can restore the data based on the fragmented data to obtain the complete inquired data. Therefore, in the embodiment of the application, the security of data query can be further improved on the basis of processing the queried data.
Further, the second determining module 303 is further configured to: aiming at the ith numerical value in the fragmented index sequence, multiplying the ith numerical value in the fragmented index sequence with the ith numerical value in the intermediate data sequence to obtain an ith product result; wherein i is more than or equal to 1 and less than or equal to n, and n is the number of data in the data set; and adding the n product results to obtain the data to be inquired.
In the embodiment of the application, a data inquirer can fragment an index sequence, a model holder can fragment a weight sequence, and a service provider can fragment an initial data sequence. The data are fragmented by three parties, so that a model holder and a service provider cannot know the complete data of the inquired data in the data transmission process; and the data inquiring party can restore the data based on the fragmented data to obtain the complete inquired data. Therefore, in the embodiment of the application, the safety of data query can be further improved on the basis of processing the queried data.
Further, the second determining module 303 is specifically configured to: aiming at the jth numerical value in the index sequence, multiplying the jth numerical value in the index sequence with the jth numerical value in the intermediate data sequence to obtain a jth product result; j is more than or equal to 1 and less than or equal to m, and m is the number of data in the data set; and adding the m product results to obtain the data to be inquired.
In the embodiment of the application, the data query party can determine the data to be queried according to the index sequence and the intermediate data sequence sent by the model holder, and the model holder and the service provider do not know which data is specifically queried by the data query party, so that the security of data query can be ensured on the basis of processing the query data.
Further, the first determining module 302 is specifically configured to: setting the numerical value of the position corresponding to the position index in the sequence as 1, and setting the numerical values of other positions in the sequence as 0 to obtain the index sequence; wherein the number of values in the index sequence is the same as the number of data in the data set.
In the embodiment of the application, the data inquirer can determine the data to be inquired according to the index sequence and the intermediate data sequence sent by the model holder, and the model holder and the service provider do not know which data the data inquirer specifically inquires, so that the safety of data inquiry can be ensured on the basis of processing the inquired data.
Further, the blind signature module 301 is specifically configured to: receiving a public key sent by the service provider; blinding the first ID of the local terminal according to the public key to obtain a second ID; sending the second ID to the service provider so that the service provider signs the second ID to obtain a third ID; receiving the third ID and the fourth ID sent by the service provider; the fourth ID is obtained by the service provider signing the ID of the service provider; and performing blind removal on the third ID, and performing dense state text searching based on the blind-removed ID and the fourth ID to obtain the position index.
Referring to fig. 4, fig. 4 is a block diagram of an electronic device according to an embodiment of the present disclosure, where the electronic device 400 includes: at least one processor 401, at least one communication interface 402, at least one memory 403 and at least one communication bus 404. Wherein the communication bus 404 is used for implementing direct connection communication of these components, the communication interface 402 is used for communicating signaling or data with other node devices, and the memory 403 stores machine-readable instructions executable by the processor 401. When the electronic device 400 is in operation, the processor 401 communicates with the memory 403 via the communication bus 404, and the machine-readable instructions, when called by the processor 401, perform the data query method described above.
For example, the processor 401 of the embodiment of the present application may read the computer program from the memory 403 through the communication bus 404 and execute the computer program to implement the following method: blind signature is carried out on the data to be inquired and the service provider, and a position index of the data to be inquired in the data set of the service provider is obtained; determining an index sequence corresponding to the data to be queried according to the position index; determining the data to be queried according to the index sequence and an intermediate data sequence sent by a model holder; wherein the intermediate data sequence is determined from an initial data sequence in the service provider and a weight sequence in the model holder.
The processor 401 may include one or more integrated circuit chips, which may have signal processing capabilities. The Processor 401 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Micro Control Unit (MCU), a Network Processor (NP), or other conventional processors; the Processor may also be a dedicated Processor, including a Neural-Network Processing Unit (NPU), a Graphics Processing Unit (GPU), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, and a discrete hardware component. Also, when there are a plurality of processors 401, some of them may be general-purpose processors, and the other may be special-purpose processors.
The Memory 403 includes one or more of, but not limited to, Random Access Memory (RAM), Read Only Memory (ROM), Programmable Read-Only Memory (PROM), Erasable Programmable Read-Only Memory (EPROM), electrically Erasable Programmable Read-Only Memory (EEPROM), and the like.
It will be appreciated that the configuration shown in fig. 4 is merely illustrative and that electronic device 400 may include more or fewer components than shown in fig. 4 or may have a different configuration than shown in fig. 4. The components shown in fig. 4 may be implemented in hardware, software, or a combination thereof. In the embodiment of the present application, the electronic device 400 may be, but is not limited to, an entity device such as a desktop, a laptop, a smart phone, an intelligent wearable device, and a vehicle-mounted device, and may also be a virtual device such as a virtual machine. In addition, the electronic device 400 is not necessarily a single device, but may be a combination of multiple devices, such as a server cluster, and the like.
Embodiments of the present application further provide a computer program product, including a computer program stored on a computer-readable storage medium, where the computer program includes computer program instructions, and when the computer program instructions are executed by a computer, the computer can perform the steps of the data query method in the foregoing embodiments, for example, including: blind signature is carried out on the data to be inquired and the service provider, and a position index of the data to be inquired in the data set of the service provider is obtained; determining an index sequence corresponding to the data to be queried according to the position index; determining the data to be queried according to the index sequence and an intermediate data sequence sent by a model holder; wherein the intermediate data sequence is determined from an initial data sequence in the service provider and a weight sequence in the model holder.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
It should be noted that the functions, if implemented in the form of software functional modules and sold or used as independent products, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. A data query method, applied to a data query party, comprising:
blind signature is carried out on the data to be inquired and the service provider, and a position index of the data to be inquired in the data set of the service provider is obtained;
determining an index sequence corresponding to the data to be queried according to the position index;
determining the data to be queried according to the index sequence and an intermediate data sequence sent by a model holder; wherein the intermediate data sequence is determined from an initial data sequence in the service provider and a weight sequence in the model holder.
2. The method according to claim 1, wherein the determining the data to be queried according to the index sequence and an intermediate data sequence sent by a model holder comprises:
fragmenting the index sequence, and receiving a first weight sequence fragmented by the model holder and a first initial data sequence fragmented by the service provider;
determining fragmented data according to the fragmented index sequence and the intermediate data sequence; wherein the intermediate data sequence is determined according to the fragmented second initial data sequence and the fragmented second weight sequence;
and determining the data to be queried according to the fragmented data, the first weight sequence and the first initial data sequence.
3. The method of claim 2, wherein determining fragmented data from the fragmented index sequence and the intermediate data sequence comprises:
aiming at the ith numerical value in the fragmented index sequence, multiplying the ith numerical value in the fragmented index sequence with the ith numerical value in the intermediate data sequence to obtain an ith product result; wherein i is more than or equal to 1 and less than or equal to n, and n is the number of data in the data set;
and adding the n product results to obtain the data to be inquired.
4. The method according to claim 1, wherein the determining the data to be queried according to the index sequence and an intermediate data sequence sent by a model holder comprises:
aiming at the jth numerical value in the index sequence, multiplying the jth numerical value in the index sequence with the jth numerical value in the intermediate data sequence to obtain a jth product result; wherein j is more than or equal to 1 and less than or equal to m, and m is the number of data in the data set;
and adding the m product results to obtain the data to be inquired.
5. The data query method according to claim 1, wherein the determining an index sequence corresponding to the data to be queried according to the position index includes:
setting the numerical value of the position corresponding to the position index in the sequence as 1, and setting the numerical values of other positions in the sequence as 0 to obtain the index sequence; wherein the number of values in the index sequence is the same as the number of data in the data set.
6. The data query method according to any one of claims 1 to 5, wherein blind signing with the service provider to obtain a location index of the data to be queried in the data set of the service provider comprises:
receiving a public key sent by the service provider;
blinding the first ID of the local terminal according to the public key to obtain a second ID;
sending the second ID to the service provider so that the service provider signs the second ID to obtain a third ID;
receiving the third ID and the fourth ID sent by the service provider; the fourth ID is obtained by the service provider signing the ID of the service provider;
and performing blind removal on the third ID, and performing dense state text searching based on the blind-removed ID and the fourth ID to obtain the position index.
7. A data query apparatus, applied to a data query party, comprising:
the blind signature module is used for carrying out blind signature with a service provider to obtain a position index of the data to be inquired in a data set of the service provider;
the first determining module is used for determining an index sequence corresponding to the data to be queried according to the position index;
the second determining module is used for determining the data to be inquired according to the index sequence and an intermediate data sequence sent by a model holder; wherein the intermediate data sequence is determined from an initial data sequence in the service provider and a weight sequence in the model holder.
8. A computer program product comprising computer program instructions which, when read and executed by a processor, perform the method of any one of claims 1 to 6.
9. An electronic device, comprising: a processor, memory, and a bus;
the processor and the memory are communicated with each other through the bus;
the memory stores computer program instructions executable by the processor, the processor invoking the computer program instructions to perform the method of any of claims 1-6.
10. A computer-readable storage medium, storing computer program instructions which, when executed by a computer, cause the computer to perform the method of any one of claims 1-6.
CN202210583913.5A 2022-05-27 2022-05-27 Data query method and device Active CN114676169B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210583913.5A CN114676169B (en) 2022-05-27 2022-05-27 Data query method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210583913.5A CN114676169B (en) 2022-05-27 2022-05-27 Data query method and device

Publications (2)

Publication Number Publication Date
CN114676169A true CN114676169A (en) 2022-06-28
CN114676169B CN114676169B (en) 2022-08-26

Family

ID=82080318

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210583913.5A Active CN114676169B (en) 2022-05-27 2022-05-27 Data query method and device

Country Status (1)

Country Link
CN (1) CN114676169B (en)

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110047146A1 (en) * 2009-08-20 2011-02-24 Richard Craig Scott Systems, Methods, and Computer Program Product for Mobile Service Data Browser
US20140074811A1 (en) * 2012-09-07 2014-03-13 Microsoft Corporation Query ranking models
US20170262651A1 (en) * 2012-10-25 2017-09-14 Verisign, Inc. Privacy - Preserving Data Querying with Authenticated Denial of Existence
CN110730167A (en) * 2019-09-26 2020-01-24 支付宝(杭州)信息技术有限公司 Data sending method, data query method, device, electronic equipment and system
CN111046249A (en) * 2019-12-26 2020-04-21 广州信天翁信息科技有限公司 Data storage, positioning and application method and related device
CN111523003A (en) * 2020-04-27 2020-08-11 北京图特摩斯科技有限公司 Data application method and platform with time sequence dynamic map as core
WO2021224376A1 (en) * 2020-05-06 2021-11-11 Inria Institut National De Recherche En Informatique Et En Automatique Improved computer implemented method for anonymous proximity tracing
CN113836569A (en) * 2020-06-08 2021-12-24 ***通信有限公司研究院 Data query method and related equipment
CN114036565A (en) * 2021-11-19 2022-02-11 上海勃池信息技术有限公司 Private information retrieval system and private information retrieval method
CN114139204A (en) * 2021-12-03 2022-03-04 杭州安恒信息技术股份有限公司 Method, device and medium for inquiring hiding trace
CN114372291A (en) * 2022-01-13 2022-04-19 平安科技(深圳)有限公司 Privacy joint reasoning method, device, equipment and storage medium
CN114416910A (en) * 2022-01-20 2022-04-29 京东方科技集团股份有限公司 Data processing method and device based on machine learning
CN114428972A (en) * 2022-01-21 2022-05-03 深圳市洞见智慧科技有限公司 Privacy protection query method and device supporting outsourcing calculation and related equipment
WO2022088876A1 (en) * 2020-10-26 2022-05-05 中兴通讯股份有限公司 Communication data processing method and apparatus, device, and storage medium

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110047146A1 (en) * 2009-08-20 2011-02-24 Richard Craig Scott Systems, Methods, and Computer Program Product for Mobile Service Data Browser
US20140074811A1 (en) * 2012-09-07 2014-03-13 Microsoft Corporation Query ranking models
US20170262651A1 (en) * 2012-10-25 2017-09-14 Verisign, Inc. Privacy - Preserving Data Querying with Authenticated Denial of Existence
CN110730167A (en) * 2019-09-26 2020-01-24 支付宝(杭州)信息技术有限公司 Data sending method, data query method, device, electronic equipment and system
CN111046249A (en) * 2019-12-26 2020-04-21 广州信天翁信息科技有限公司 Data storage, positioning and application method and related device
CN111523003A (en) * 2020-04-27 2020-08-11 北京图特摩斯科技有限公司 Data application method and platform with time sequence dynamic map as core
WO2021224376A1 (en) * 2020-05-06 2021-11-11 Inria Institut National De Recherche En Informatique Et En Automatique Improved computer implemented method for anonymous proximity tracing
CN113836569A (en) * 2020-06-08 2021-12-24 ***通信有限公司研究院 Data query method and related equipment
WO2022088876A1 (en) * 2020-10-26 2022-05-05 中兴通讯股份有限公司 Communication data processing method and apparatus, device, and storage medium
CN114036565A (en) * 2021-11-19 2022-02-11 上海勃池信息技术有限公司 Private information retrieval system and private information retrieval method
CN114139204A (en) * 2021-12-03 2022-03-04 杭州安恒信息技术股份有限公司 Method, device and medium for inquiring hiding trace
CN114372291A (en) * 2022-01-13 2022-04-19 平安科技(深圳)有限公司 Privacy joint reasoning method, device, equipment and storage medium
CN114416910A (en) * 2022-01-20 2022-04-29 京东方科技集团股份有限公司 Data processing method and device based on machine learning
CN114428972A (en) * 2022-01-21 2022-05-03 深圳市洞见智慧科技有限公司 Privacy protection query method and device supporting outsourcing calculation and related equipment

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
KUI REN ET AL.: "HybrIDX: New Hybrid Index for Volume-hiding Range Queries in Data Outsourcing Services", 《2020 IEEE 40TH INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS (ICDCS)》 *
倪巍伟等: "基于Voronoi-R~*的隐私保护路网k近邻查询方法", 《软件学报》 *
李征宇 等: "针对隐藏Web数据库的Skyline查询方法研究", 《计算机科学与探索》 *

Also Published As

Publication number Publication date
CN114676169B (en) 2022-08-26

Similar Documents

Publication Publication Date Title
CN108846753B (en) Method and apparatus for processing data
CN110532799B (en) Data desensitization control method, electronic device and computer readable storage medium
WO2021003979A1 (en) Data entry method and system, device and storage medium
TWI686705B (en) Paging query method and device and electronic equipment
CN114818000B (en) Privacy protection set confusion intersection method, system and related equipment
CN111737300A (en) Service processing method, device, equipment and computer readable storage medium
CN110909022A (en) Data query method and device
CN115544579B (en) Double-random data confusion query method, device and system
CN110795432A (en) Characteristic data retrieval method and device and storage medium
CN114138781A (en) Policy data updating method and device, computer equipment and readable storage medium
CN110619204A (en) Invitation code generation method and device, terminal equipment and storage medium
CN114676169B (en) Data query method and device
CN117633835A (en) Data processing method, device, equipment and storage medium
CN116233253A (en) Service processing method, device, computer equipment and storage medium
CN111200645A (en) Service request processing method, device, equipment and readable storage medium
CN114490719A (en) Data query method and device, electronic equipment and storage medium
CN107977381B (en) Data configuration method, index management method, related device and computing equipment
CN114006819A (en) Detection strategy generation and device, and data transmission method and device
CN113961600A (en) Data query method and device, computer equipment and storage medium
CN112291241A (en) Firewall wall opening method, firewall wall opening device and terminal equipment
CN111539728A (en) Method for realizing anonymization identity verification based on computer software
EP4022844B1 (en) Requesting and transmitting data for related accounts
US11983713B2 (en) Blockchain transaction privacy protection method and blockchain node device
CN115987683B (en) Node access control method, device, equipment and medium in block chain network
CN108256989B (en) Data display method and system of fund preparation system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant