CN-115408716-B - Risk data query method, system, trusted unit and server

Abstract

A risk data query method, a system, a trusted unit and a server comprise that first organization equipment sends ciphertext query data to the server, the server provides the ciphertext query data and first ciphertext data obtained in advance to the trusted unit for privacy data processing, a TEE decrypts the ciphertext query data and the first ciphertext data to obtain query data and first data, when the first data comprise a first user identifier, the first user identifier and a corresponding first risk tag set are written in second data according to the first data, the second data are encrypted to obtain second ciphertext data, the second ciphertext data are provided to the server, the server provides the second ciphertext data to the first organization equipment, and the first organization equipment decrypts the second ciphertext data to obtain the first risk tag set corresponding to the first user identifier.

Inventors

• CHEN YUAN
• GUO QIANTING
• WANG XINMIN
• LI SHUBO
• SUN SHANLU
• YANG RENHUI
• YANG WENYU
• QIAN FENG

Assignees

• 蚂蚁区块链科技(上海)有限公司
• 蚂蚁区块链科技(上海)有限公司

Dates

Publication Date

20260421

Application Date

20220831

Priority Date

20220831

Claims (15)

1. 1. A risk data query method, comprising: the plurality of institution equipment sends ciphertext risk data of the institution to which the plurality of institution equipment belongs to the server; The method comprises the steps that a trusted unit obtains a plurality of ciphertext risk data of a plurality of institutions from a server, decrypts the ciphertext risk data respectively to obtain a plurality of risk data, wherein the risk data comprises user identifications and risk labels of a plurality of users in the institutions corresponding to the risk data, generates first data based on the risk data, encrypts the first data to obtain first ciphertext data, and provides the first ciphertext data to the server, the first data comprises a plurality of rows, the rows correspond to all risk users included in the institutions respectively, each row comprises a user ID, a risk label set and an institution set, the risk label set is obtained from the risk data, and the institution set comprises the institution identifications of the institutions providing the risk labels; the method comprises the steps that first mechanism equipment sends ciphertext query data to a server, wherein the ciphertext query data are obtained by encrypting the query data, the query data comprise first user identifiers of first users to be queried, and the first mechanism equipment belongs to a first mechanism; the server provides the ciphertext query data and pre-acquired first ciphertext data to a trusted unit for privacy data processing, the first ciphertext data is obtained by encrypting first data, the first data comprises risk information of n users, and the risk information of each user comprises a user identifier and a risk tag set of the user; The trusted unit decrypts the ciphertext query data and the first ciphertext data to obtain the query data and the first data, writes a first risk tag set corresponding to the first user identifier in the first data into second data when the first data is determined to comprise the first user identifier; The server providing the second ciphertext data to the first institution device; and the first mechanism equipment decrypts the second ciphertext data to obtain a first risk tag set corresponding to the first user identifier.
2. 2. The method of claim 1, wherein the first user identification comprises a digest value obtained by hashing one or more items of information of the first user.
3. 3. The method of claim 2, further comprising the first institution device calculating a first hash value of one or more items of information of a first user, the first hash value being sent to the server; The server calculates a second hash value of the first hash value and a preset value as a first user identification of the first user, and returns the first user identification to the first mechanism equipment; the first institution device stores a correspondence of the first user identification and one or more items of information of the first user.
4. 4. The method of claim 3, wherein the first institution equipment decrypting the second ciphertext data to obtain a first risk tag set corresponding to the first user identification comprises the first institution equipment decrypting the second ciphertext data to obtain the second data, and generating third data according to a pre-stored correspondence between the first user identification and one or more items of information of the first user, wherein the third data comprises the one or more items of information of the first user and the first risk tag set.
5. 5. The method of claim 1, further comprising the server, upon receiving the plurality of ciphertext risk data from the plurality of facility devices, storing ciphertext risk data for each facility in association with a facility identification of each facility, providing a storage address for each ciphertext risk data to the trusted unit, The trusted unit obtaining, via the server, a plurality of ciphertext risk data for the plurality of institutions includes the trusted unit obtaining the plurality of ciphertext risk data based on respective storage addresses.
6. 6. The method of claim 1, further comprising the server providing a public key of the first organization to the trusted unit, the trusted unit encrypting the second data comprising the trusted unit encrypting the second data using the public key of the first organization.
7. 7. The method of claim 6, further comprising the trusted unit, after receiving the public key of the first organization from the server, authenticating the public key of the first organization received from the server to a blockchain.
8. 8. The method of claim 6, wherein the public key of the first organization is a public key of a DID of the first organization, the method further comprising the server obtaining the public key of the DID of the first organization from a blockchain.
9. 9. The method of claim 1, wherein the risk information of the user further comprises a set of organization identifications including organization identifications of organizations providing risk labels of the user, the method further comprising the trusted unit decreasing a score of the first organization after generating the second ciphertext data, increasing a score of each second organization in the set of organization identifications corresponding to the first user identification, and providing the score information of the first organization and each second organization to the server, and the server updating the scores of the first organization and each second organization based on the score information.
10. 10. A risk data query method performed by a trusted unit, comprising: Obtaining a plurality of ciphertext risk data of a plurality of institutions from a server, respectively decrypting the ciphertext risk data to obtain a plurality of risk data, wherein the risk data comprises user identifications and risk labels of a plurality of users in the institutions corresponding to the risk data, generating first data based on the risk data, encrypting the first data to obtain first ciphertext data, and providing the first ciphertext data to the server, wherein the first data comprises a plurality of rows, the plurality of rows respectively correspond to all risk users included in the institutions, each row comprises a user ID, a risk label set and an institution set, the risk label set is obtained from the risk data, and the institution set comprises the institution identifications of the institutions providing the risk labels; obtaining ciphertext query data and first ciphertext data from a server, wherein the ciphertext query data are obtained by encrypting the query data, the query data comprise first user identifiers of first users to be queried of a first mechanism, the first ciphertext data are obtained by encrypting the first data, the first data comprise risk information of n users, and the risk information of each user comprises user identifiers and risk tag sets of the user; decrypting the ciphertext query data and the first ciphertext data to obtain the query data and the first data; When the first data comprises a first user identifier, writing a first risk tag set corresponding to the first user identifier in the first data into second data, encrypting the second data to obtain second ciphertext data, and providing the second ciphertext data to the server.
11. 11. A risk data query method performed by a server, the method comprising: The method comprises the steps of receiving ciphertext risk data of a mechanism which is transmitted by a plurality of mechanism devices and belongs to the mechanism, acquiring first ciphertext data provided by a trusted unit, encrypting the first ciphertext data to obtain the first data, wherein the first data is generated based on the plurality of risk data, the plurality of risk data are obtained by decrypting the plurality of ciphertext risk data of the plurality of mechanisms by the trusted unit, the risk data comprise user identifiers and risk tags of a plurality of users in the mechanism corresponding to the risk data, the first data comprise a plurality of rows, the plurality of rows respectively correspond to all risk users included in the plurality of mechanisms, each row comprises a user ID, a risk tag set and a mechanism set, the risk tag set is acquired from the plurality of risk data, and the mechanism set comprises the mechanism identifiers of the mechanism providing the risk tags; Receiving ciphertext query data from first organization equipment, wherein the ciphertext query data is obtained by encrypting the query data, the query data comprises a first user identifier of a first user to be queried, and the first organization equipment belongs to a first organization; Providing the ciphertext query data and pre-acquired first ciphertext data to a trusted unit, wherein the first ciphertext data is obtained by encrypting first data by using a public key of the trusted unit, the first data comprises risk information of n users, and the risk information of each user comprises a user identifier and a risk tag set of the user; Receiving second ciphertext data from the trusted unit, wherein the second ciphertext data is obtained by encrypting second data, the second data comprises the first user identifier and a first risk tag set corresponding to the first user identifier, and the first risk tag set is obtained from the first data; the second ciphertext data is provided to the first institution device.
12. 12. A risk data query system comprises a first institution device, a server and a trusted unit, The server is used for receiving ciphertext risk data of the affiliated institution, which are sent by the plurality of institution devices; The trusted unit is used for acquiring a plurality of ciphertext risk data of the plurality of institutions from the server, decrypting the plurality of ciphertext risk data respectively to obtain a plurality of risk data, wherein the risk data comprises user identifications and risk tags of a plurality of users in the institutions corresponding to the risk data, generating first data based on the plurality of risk data, encrypting the first data to obtain first ciphertext data, and providing the first ciphertext data to the server, wherein the first data comprises a plurality of rows, the plurality of rows respectively correspond to all risk users included in the plurality of institutions, each row comprises a user ID, a risk tag set and an institution set, the risk tag set is acquired from the plurality of risk data, and the institution set comprises the institution identifications of the institutions providing the risk tags; The first mechanism equipment is used for sending ciphertext query data to the server, the ciphertext query data are obtained by encrypting the query data, the query data comprise a first user identifier of a first user to be queried, and the first mechanism equipment belongs to a first mechanism; The server is further configured to provide the ciphertext query data and first ciphertext data obtained in advance to the trusted unit, where the first ciphertext data is obtained by encrypting first data, the first data includes risk information of n users, and risk information of each user includes a user identifier and a risk tag set of the user; The trusted unit is also used for decrypting the ciphertext query data and the first ciphertext data to obtain the query data and the first data, writing a first risk tag set corresponding to the first user identifier in the first data into second data when the first data is determined to comprise the first user identifier; the server is further configured to provide the second ciphertext data to the first institution device; The first organization device is further configured to decrypt the second ciphertext data to obtain a first risk tag set corresponding to the first user identifier.
13. 13. A trusted unit comprising: The system comprises a server, a summarizing unit, a first data generation unit, a first cryptograph generation unit and a second cryptograph generation unit, wherein the server is used for acquiring a plurality of cryptograph risk data of a plurality of institutions, decrypting the plurality of cryptograph risk data respectively to obtain a plurality of risk data, the risk data comprises user identifications and risk labels of a plurality of users in the institutions corresponding to the risk data; The system comprises an acquisition unit, a first encryption unit and a second encryption unit, wherein the acquisition unit is used for acquiring ciphertext query data and first ciphertext data from a server, the ciphertext query data are obtained by encrypting the query data, the query data comprise first user identifiers of first users to be queried of a first mechanism, the first ciphertext data are obtained by encrypting the first data, the first data comprise risk information of n users, and the risk information of each user comprises user identifiers and risk tag sets of the user; The decryption unit is used for decrypting the ciphertext query data and the first ciphertext data to obtain the query data and the first data; a writing unit, configured to write, in second data, a first risk tag set corresponding to a first user identifier in the first data when it is determined that the first data includes the first user identifier; the encryption unit is used for encrypting the second data to obtain second ciphertext data; And the providing unit is used for providing the second ciphertext data to the server.
14. 14. A server, comprising: An acquisition unit, configured to receive ciphertext risk data of an affiliated institution sent by a plurality of institution devices; the method comprises the steps of obtaining first ciphertext data provided by a trusted unit, wherein the first ciphertext data is obtained by encrypting the first data, the first data is generated based on a plurality of risk data, the plurality of risk data are obtained by decrypting a plurality of ciphertext risk data of a plurality of mechanisms by the trusted unit, the risk data comprise user identifiers and risk labels of a plurality of users in the mechanisms corresponding to the risk data, the first data comprise a plurality of rows, the plurality of rows respectively correspond to all risk users included in the plurality of mechanisms, each row comprises a user ID, a risk label set and a mechanism set, the risk label set is obtained from the plurality of risk data, and the mechanism set comprises mechanism identifiers of the mechanisms providing the risk labels; The receiving unit is used for receiving ciphertext query data from first mechanism equipment, wherein the ciphertext query data is obtained by encrypting the query data, the query data comprises a first user identifier of a first user to be queried, and the first mechanism equipment belongs to a first mechanism; The providing unit is used for providing the ciphertext query data and the first ciphertext data acquired in advance for the trusted unit, wherein the first ciphertext data is obtained by encrypting first data by using a public key of the trusted unit, the first data comprises risk information of n users, and the risk information of each user comprises a user identifier and a risk tag set of the user; The receiving unit is further configured to receive second ciphertext data from the trusted unit, where the second ciphertext data is obtained by encrypting second data, the second data includes the first user identifier and a first risk tag set corresponding to the first user identifier, and the first risk tag set is obtained from the first data; The providing unit is further configured to provide the second ciphertext data to the first institution device.
15. 15. A computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of claim 10 or 11.

Description

Risk data query method, system, trusted unit and server Technical Field The embodiment of the specification belongs to the technical field of computers, and particularly relates to a risk data query method, a risk data query system, a trusted unit and a server. Background Currently, regulatory authorities often require that institutions involved in significant transactions fulfill the obligation to back-money laundering. That is, the transaction data of the large-amount transaction and the suspicious transaction are analyzed and reported. However, information between institutions is isolated from each other to form information islands, and in the case of insufficient information, it is difficult for institutions to identify suspicious users. How multiple institutions share risk information while protecting users' private data is a problem that needs to be addressed in current back-money schemes. Disclosure of Invention The invention aims to provide a risk data query scheme, which combines a server and a trusted unit to process risk data in the trusted unit, so that the calculation and storage resources of the trusted unit are saved. A first aspect of the present specification provides a risk data query method, including: the method comprises the steps that first mechanism equipment sends ciphertext query data to a server, wherein the ciphertext query data are obtained by encrypting the query data, the query data comprise first user identifiers of first users to be queried, and the first mechanism equipment belongs to a first mechanism; the server provides the ciphertext query data and pre-acquired first ciphertext data to a trusted unit for privacy data processing, the first ciphertext data is obtained by encrypting first data, the first data comprises risk information of n users, and the risk information of each user comprises a user identifier and a risk tag set of the user; The trusted unit decrypts the ciphertext query data and the first ciphertext data to obtain the query data and the first data, writes a first risk tag set corresponding to the first user identifier in the first data into second data when the first data is determined to comprise the first user identifier; The server providing the second ciphertext data to the first institution device; and the first mechanism equipment decrypts the second ciphertext data to obtain a first risk tag set corresponding to the first user identifier. A second aspect of the present specification provides a risk data query method, performed by a trusted unit, comprising: obtaining ciphertext query data and first ciphertext data from a server, wherein the ciphertext query data are obtained by encrypting the query data, the query data comprise first user identifiers of first users to be queried of a first mechanism, the first ciphertext data are obtained by encrypting the first data, the first data comprise risk information of n users, and the risk information of each user comprises user identifiers and risk tag sets of the user; decrypting the ciphertext query data and the first ciphertext data to obtain the query data and the first data; When the first data comprises a first user identifier, writing a first risk tag set corresponding to the first user identifier in the first data into second data, encrypting the second data to obtain second ciphertext data, and providing the second ciphertext data to the server. A third aspect of the present specification provides a risk data query method, performed by a server, the method comprising: Receiving ciphertext query data from first organization equipment, wherein the ciphertext query data is obtained by encrypting the query data, the query data comprises a first user identifier of a first user to be queried, and the first organization equipment belongs to a first organization; Providing the ciphertext query data and pre-acquired first ciphertext data to a trusted unit, wherein the first ciphertext data is obtained by encrypting first data by using a public key of the trusted unit, the first data comprises risk information of n users, and the risk information of each user comprises a user identifier and a risk tag set of the user; Receiving second ciphertext data from the trusted unit, wherein the second ciphertext data is obtained by encrypting second data, the second data comprises the first user identifier and a first risk tag set corresponding to the first user identifier, and the first risk tag set is obtained from the first data; the second ciphertext data is provided to the first institution device. A fourth aspect of the present description provides a risk data query system, comprising a first institution device and a server, The first mechanism equipment is used for sending ciphertext query data to the server, the ciphertext query data are obtained by encrypting the query data, the query data comprise a first user identifier of a first user to be queried, and the first mechanism equipment belongs to a first