Search

CN-121234404-B - Data query method, system and storage medium

CN121234404BCN 121234404 BCN121234404 BCN 121234404BCN-121234404-B

Abstract

The application relates to the technical field of information processing, in particular to a data query method, a system and a storage medium, wherein the method comprises the steps that a data use end determines a plurality of target data providing ends corresponding to target product identifiers to obtain an encrypted information main body and generate query parameters; the method comprises the steps that an intermediate processing end sends out a data query request to each target data providing end, the data query request comprises query parameters, each target data providing end analyzes the query parameters, target data corresponding to an information main body and a target product identifier in the target data providing end are fed back to the intermediate processing end, the intermediate processing end processes the target data into target data products, and the target data products are fed back to a data using end. The application ensures that the intermediate processing end can not decrypt the information main body, only can obtain the target data, but can not identify the information main body of the target data, thereby realizing anonymous processing of the target data and further ensuring the data security.

Inventors

  • PENG QINGQI
  • Qu Manbo
  • XIAO YINGHUI
  • HUANG YE
  • YAN YAN
  • CHEN CHONGYANG
  • DING XUEXUE

Assignees

  • 鹏元征信有限公司

Dates

Publication Date
20260508
Application Date
20251128

Claims (6)

  1. 1. The data query method is applied to a data query system and is characterized by comprising a plurality of data providing ends, an intermediate processing end and a data using end, wherein the method comprises the following steps: the data using end determines a target product identifier and an information main body corresponding to a required target data product, and determines a plurality of target data providing ends corresponding to the target product identifier from a plurality of data providing ends; The data using end encrypts the information main body by using a random key to generate an encryption token, encrypts the random key according to a public key provided by each target data providing end to generate an encryption key, signs the information main body by using a private key of the data using end to generate a digital signature, obtains an encrypted information main body according to the encryption token, the encryption key and the digital signature, and generates a query parameter according to the target product identification and the encrypted information main body; The method comprises the steps that an intermediate processing end receives query parameters sent by a data using end, analyzes the query parameters to obtain target product identifiers and encrypted information main bodies, and sends data query requests to each target data providing end based on the target product identifiers, wherein the data query requests comprise the query parameters; Each target data providing end analyzes the query parameters to obtain a target product identifier and an encrypted information main body, decrypts the encrypted information main body based on identity authentication to obtain an information main body, and feeds back target data corresponding to the information main body and the target product identifier in the target data providing end to an intermediate processing end; The intermediate processing end processes the target data into a target data product, and feeds the target data product back to the data using end; if the intermediate processing end receives the target data of the plurality of data providing ends, integrating and processing the target data of the plurality of data providing ends to form a target data product; the data using terminal encrypts the information main body based on the identity authentication between the plurality of target data providing terminals and the data using terminal, and before obtaining the encrypted information main body, the method further comprises the following steps: The intermediate processing end determines the identification information of a plurality of data providing ends corresponding to each data product which the data using end is authorized to inquire, feeds the identification information back to the data using end, and sends the identification information of the data using end to the data providing end so that the data using end and the plurality of data providing ends respectively carry out identity authentication; The data use terminal and the data providing terminals respectively carry out identity authentication, and the method comprises the following steps: After the data using end confirms identities with a plurality of data providing ends respectively, generating asymmetric keys between the data using end and the plurality of data providing ends, wherein the asymmetric keys comprise a public key and a private key; The data use terminal exchanges public keys with a plurality of data providing terminals respectively.
  2. 2. The data query method of claim 1, wherein each target data provider parses the query parameters to obtain a target product identifier and an encrypted information body, decrypts the encrypted information body based on identity authentication to obtain an information body, and comprises: each target data providing end analyzes the query parameters to obtain a target product identifier, an encryption token, an encryption key and a digital signature; and each target data providing end processes the encryption token, the encryption key and the digital signature by using the public key and the private key provided by the data using end to obtain a decrypted information body.
  3. 3. The data query method according to claim 2, wherein each target data provider processes the encrypted token, the encrypted key, and the digital signature by using the public key and the private key thereof provided by the data consumer, to obtain the decrypted information body, comprising: each target data providing end uses the public key provided by the data using end to check the digital signature; If the verification passes, the target data providing end uses the private key of the target data providing end to decrypt the encryption key to obtain a random key; and the target data providing end decrypts the encrypted token according to the random key to obtain a decrypted information body.
  4. 4. The data query method according to claim 1, further comprising, before obtaining a plurality of target data providing ends corresponding to the target product identifiers: The intermediate processing end establishes a corresponding relation between the product identification of each data product and the data providing end, and sends the corresponding relation to the data using end.
  5. 5. The data query system is characterized by comprising a plurality of data providing ends, an intermediate processing end and a data using end; The data using end is used for determining a target product identifier and an information main body corresponding to a required target data product, and determining a plurality of target data providing ends corresponding to the target product identifier in a plurality of data providing ends; encrypting the information main body by using a random key to generate an encryption token, encrypting the random key according to a public key provided by each target data providing end to generate an encryption key, signing the information main body by using a private key of the information main body to generate a digital signature, obtaining an encrypted information main body according to the encryption token, the encryption key and the digital signature, and generating a query parameter according to the target product identifier and the encrypted information main body; The intermediate processing end is used for receiving the query parameters sent by the data using end, analyzing the query parameters to obtain target product identifiers and encrypted information main bodies, and sending data query requests to each target data providing end based on the target product identifiers, wherein the data query requests comprise the query parameters; The data providing end is used for analyzing the query parameters to obtain a target product identifier and an encrypted information main body, decrypting the encrypted information main body based on identity authentication to obtain an information main body, and feeding back target data corresponding to the information main body and the target product identifier in the target data providing end to the intermediate processing end; the intermediate processing end is also used for processing the target data into a target data product, feeding the target data product back to the data using end, and if the intermediate processing end receives the target data of the plurality of data providing ends, integrating and processing the target data of the plurality of data providing ends to form the target data product; The intermediate processing end determines the identification information of a plurality of data providing ends corresponding to each data product which the data using end is authorized to inquire, feeds the identification information back to the data using end, and sends the identification information of the data using end to the data providing end so that the data using end and the plurality of data providing ends respectively carry out identity authentication; The data using end and the data providing ends respectively carry out identity authentication, and the method comprises the steps of generating asymmetric keys between the data using end and the data providing ends after the data using end respectively confirms identities with the data providing ends, wherein the asymmetric keys comprise public keys and private keys, and exchanging the public keys between the data using end and the data providing ends respectively.
  6. 6. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program executable for implementing the steps of the data query method according to any one of claims 1 to 4.

Description

Data query method, system and storage medium Technical Field The present invention relates to the field of information processing technologies, and in particular, to a data query method, a system, and a storage medium. Background In the present digital age, data has become a core element for promoting innovation and development of various industries, and there are data development and utilization and sharing demands in many fields of finance, medical health, government affairs and public service, intelligent transportation, education, energy and public service, etc. By integrating and analyzing the multi-source data, each industry can mine the potential value of the data. For example, financial industry evaluates risk by data to make credit policy, medical health field uses data to develop disease research to provide accurate medical service, government department improves public service efficiency and prescribes making accuracy by data sharing. The existing data query system consists of a data consumer, an intermediate processing mechanism and a data provider. Currently, there are two main modes of data acquisition and processing. One mode is that a data user performs autonomous calculation and outputs a result based on data and a model held by the data user and data fields provided by each data provider after being transferred and processed by an intermediate processing mechanism (such as some trusted mechanisms subjected to supervision and approval). For example, in risk control, a financial institution performs autonomous scoring calculations in combination with its own data and data fields of other data providers in transit at the credit institution. The other mode is that the data user directly initiates a query request to the intermediate processing mechanism, the intermediate processing mechanism obtains relevant fields from each data provider according to the query condition and processes the relevant fields, and finally the generated result is returned to the data user. For example, the financial institution initiates a scoring query request directly to the credit institution to obtain the scoring result. However, no matter which data acquisition and processing mode is adopted, a significant security risk exists in the data sharing process, namely, the data transmitted through the intermediate data processing mechanism is detail data of the identifiable information main body, so that in the data transmission process, not only the data user can know the transmission data related to the information main body, but also the intermediate data processing mechanism can clearly know which information main body the transmission data specifically corresponds to. The information body refers to the identity of an owner, a generator or a associator of the information, the information body is closely associated with various sensitive data, once the information body is identified, an attacker or an improper user can accurately locate, acquire and abuse the related data, and a series of security risks are further caused. Accordingly, the prior art has drawbacks and needs to be improved and developed. Disclosure of Invention The application provides a data query method, a data query system and a storage medium, which are used for solving the technical problem that a data query mode in the related technology easily causes data security risks. In order to achieve the above purpose, the present application adopts the following technical scheme: The data query method is applied to a data query system, wherein the data query system comprises a plurality of data providing ends, an intermediate processing end and a data using end, and the method comprises the following steps: the data using end determines a target product identifier and an information main body corresponding to a required target data product, and determines a plurality of target data providing ends corresponding to the target product identifier from a plurality of data providing ends; The data using end encrypts the information main body based on the identity authentication between the plurality of target data providing ends and the data using end to obtain an encrypted information main body, and generates query parameters according to the target product identification and the encrypted information main body; The method comprises the steps that an intermediate processing end receives query parameters sent by a data using end, analyzes the query parameters to obtain target product identifiers and encrypted information main bodies, and sends data query requests to each target data providing end based on the target product identifiers, wherein the data query requests comprise the query parameters; Each target data providing end analyzes the query parameters to obtain a target product identifier and an encrypted information main body, decrypts the encrypted information main body based on identity authentication to obtain an information main body, and feeds b