Search

CN-122020704-A - Query protection method and device for offline data and privacy protection method and device

CN122020704ACN 122020704 ACN122020704 ACN 122020704ACN-122020704-A

Abstract

The invention discloses a query protection method and device for offline data and a privacy protection method and device, and relates to the technical field of data privacy processing. In the interaction process of a data provider and a data query party, offline data provided by the data provider comprises two data sets and is sent to the data query party to serve as queriable offline data, wherein hidden contents of a second data set comprise 'mapping relations between different query conditions and decryption data required by decrypting encrypted query records', 'original text data corresponding to each query condition' and 'original text data corresponding to each decryption data', and any query request initiated by the data query party side, if any item in the second data set targets the original text of the query condition, the 'decryption data' original text required by the encrypted query records is determined based on the hidden mapping relations in the second data set, and further subsequent decryption operation is completed to obtain query results.

Inventors

  • GUO HONGGANG
  • ZUO HONGLIANG
  • CHEN HEWEI

Assignees

  • 百融至信(北京)科技有限公司

Dates

Publication Date
20260512
Application Date
20251230

Claims (12)

  1. 1. A method for protecting an offline data query, applied to a data querying party, the method comprising: Obtaining offline data provided by a data provider, wherein the offline data at least comprises a first data set and a second data set, the first data set comprises one or more encrypted query records after encryption processing, each encrypted query record corresponds to a unique query condition one by one, the second data set at least comprises hidden information of data information, and the data information comprises first original text data corresponding to each query condition, second original text data corresponding to decryption data used by the encrypted query record and a mapping relation between the first original text data and the second original text data; Responding to a query request received by the data querying party, if a target query condition carried in the query request hits any one target first original text data in the first original text data hidden by the second data set, outputting target second original text data corresponding to the first target original text data based on hidden information of the data information in the second data set; Searching a target encryption query record matched with the target query condition in the first data set by utilizing the target query condition corresponding to the target first original text data; and executing decryption operation on the target encrypted query record by using the decryption data determined by the target second original text data to obtain a query result corresponding to the target query condition.
  2. 2. The method of claim 1, wherein if the second set of data in the offline data is pre-encrypted by the data provider, the method further comprises, prior to responding to a query request received by the data querying party: Sending a query authentication request to the data provider, wherein the query authentication request is used for acquiring authentication information from the data provider, and the authentication information at least comprises a secret key required by decrypting the second data set, an effective period corresponding to an authorized query operation, an allowable preset query frequency upper limit corresponding to the authorized query operation and an allowable preset query data volume upper limit corresponding to the authorized query operation; And after the data query passes the authentication of the data provider, executing decryption operation on the second data set by using the secret key contained in the authentication information issued by the data provider.
  3. 3. The method of claim 2, wherein in responding to a query request received by the data querying party, if the query request is at least one, the method further comprises: Accumulating data query amounts corresponding to at least one query request; And if the data query quantity exceeds the preset query data quantity upper limit contained in the authentication information, rejecting the current query request.
  4. 4. The method of claim 2, wherein in responding to a query request received by the data querying party, if the query request is at least one, the method further comprises: accumulating the query times corresponding to at least one query request; if the number of queries exceeds the preset upper limit of the number of queries contained in the authentication information, rejecting the last initiated query request in the at least one query request, and/or, And if the query time corresponding to the query request exceeds the validity period corresponding to the query operation contained in the authentication information, rejecting the query request.
  5. 5. The method according to any of claims 2 to 4, wherein the authentication information further comprises a new key to be used for a next round of querying, the new key being used for decrypting the second data set at the next round of querying, the method further comprising: After the round of inquiry operation is completed based on the authentication information, re-encrypting the second data set by using the new key so as to update the encryption operation on the second data set in the offline data; When a next round of inquiry authentication request is sent to the data provider, after the authentication of the data provider passes, new authentication information issued by the data provider is received, wherein the new authentication information at least comprises a new key required by the next round of inquiry operation and a new key set for the next round of inquiry operation, and the new key is used for iteratively executing encryption operation for updating the second data set in the offline data after the next round of inquiry operation is completed based on the new authentication information.
  6. 6. A method of privacy protection for offline data, applied to a data provider, the method comprising: acquiring one or more query conditions and query records corresponding to the query conditions; Performing encryption processing on the plaintext information of the query record by using a first key and a random number to obtain an encrypted query record corresponding to each query condition, so as to construct a first data set; for any one of the encrypted query records, the first key, the plaintext length of the plaintext information contained in the encrypted query record and the data offset parameter corresponding to the random number are utilized to construct decryption data of the encrypted query record; Constructing a second data set by hiding the first original text data corresponding to the query condition, the second original text data corresponding to the encrypted query record and the mapping relation between the first original text data and the second original text data; And sending the first data set and the second data set to a data inquirer, wherein the first data set and the second data set are used as offline data which is used as a data source corresponding to the data inquirer when the data inquirer receives an inquiry request and then executes inquiry operation.
  7. 7. The method of claim 6, wherein the step of providing the first layer comprises, Performing an encryption operation on the second data set using a second key prior to sending the first data set and the second data set to a data querying party; Setting a valid period, a preset upper limit of query times and a preset upper limit of query data volume corresponding to each round of query operation; the validity period, the preset upper limit of the query times, the preset upper limit of the query data volume and the second secret key corresponding to each round of query operation are formed into authentication information of each round of query operation; and responding to a query authentication request sent by a data query party to the data provider, and sending the authentication information to the data query party.
  8. 8. The method according to claim 7, wherein the authentication information further includes a third key corresponding to a next round of querying operation, the third key being used for updating, at a data querying party, the encryption operation on the second data set in the offline data; When the data inquiring party initiates the inquiring authentication request corresponding to the next round of inquiring operation, after verifying that the authority of the data inquiring party passes, issuing new authentication information to the data inquiring party, wherein the new authentication information at least comprises the third key required by the next round of inquiring operation and a fourth key set for the next round of inquiring operation, and the fourth key is used for iteratively executing the encrypting operation for updating the second data set in the offline data.
  9. 9. A query protection device for offline data, for application to a data querying party, said device comprising: The first acquisition unit is used for acquiring offline data provided by a data provider, wherein the offline data at least comprises a first data set and a second data set, the first data set comprises one or more encrypted query records subjected to encryption processing, each encrypted query record corresponds to a unique query condition one by one, the second data set at least comprises hidden information of data information, and the data information comprises first original text data corresponding to each query condition, second original text data corresponding to decryption data used by the encrypted query record and a mapping relation between the first original text data and the second original text data; The processing unit is used for responding to a query request received by a data query party, judging whether target query conditions carried in the query request can hit any target first original data in the first original data hidden by the second data set; the output unit is used for outputting pseudo-random data with the format consistent with the second original text data if any target first original text data in the first original text data hidden by the second data set is missed under the target query condition carried in the query request; the output unit is further configured to, if the target query condition carried in the query request hits any one of the first original text data hidden by the second data set, output target second original text data corresponding to the first target original text data based on the hidden information of the data information in the second data set; The searching unit is used for searching a target encryption query record matched with the target query condition in the first data set by utilizing the target query condition corresponding to the target first original text data; And the first decryption unit is used for executing decryption operation on the target encrypted query record by using the decryption data determined by the target second original text data to obtain a query result corresponding to the target query condition.
  10. 10. A privacy preserving apparatus for offline data, for application to a data provider, the apparatus comprising: The second acquisition unit is used for acquiring one or more query conditions and query records corresponding to the query conditions; The first encryption unit is used for performing encryption processing on the plaintext information of the query records by using a first key and a random number to obtain encrypted query records corresponding to each query condition so as to construct a first data set; the first construction unit is used for constructing decryption data of the encryption inquiry record by using the first key, the plaintext length of the plaintext information contained in the encryption inquiry record and the data offset parameter corresponding to the random number for any encryption inquiry record; The second construction unit is used for constructing a second data set by hiding the first original text data corresponding to the query condition, the second original text data corresponding to the decryption data used by the encryption query record and the mapping relation between the first original text data and the second original text data; The determining unit is used for sending the first data set and the second data set to the data querying party, wherein the first data set and the second data set are used as offline data which is used as data sources corresponding to the data querying party when receiving the query request and then executing the query operation.
  11. 11. A computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, which when executed by a processor, implements the query protection method for offline data according to any of claims 1-5; or which when executed by a processor implements a method of privacy protection of offline data as claimed in any one of claims 6-8.
  12. 12. An electronic device comprising at least one processor, and at least one memory, bus, coupled to the processor; the processor and the memory complete communication with each other through the bus; The processor is configured to invoke program instructions in the memory to perform the query protection method for offline data as claimed in any of claims 1-5 or to perform the privacy protection method for offline data as claimed in any of claims 6-8.

Description

Query protection method and device for offline data and privacy protection method and device Technical Field The disclosure relates to the technical field of data privacy security, and in particular relates to a method and a device for inquiring and protecting offline data, and a method and a device for protecting privacy. Background In the background of rapid development of digital economy, data is taken as a key production element, the value of the data is increasingly prominent, and the data becomes a new engine for promoting high-quality development of economy society. However, the problems of privacy disclosure, abuse and the like accompanying the wide application of data are increasingly prominent, and the healthy and orderly development of the data element market is severely restricted. Therefore, the country is continuously out of the platform and continuously perfects the related policy of data compliance, so that a safety lock is constructed for data circulation and utilization, and the data is ensured to be used efficiently on the premise of legal and compliance. With the continuous improvement of data compliance requirements, enterprises face higher privacy security standards in the cross-organization data interaction process, and meanwhile, the requirements of the business on high-performance query still need to be met. At present, a common cross-enterprise data query mode is based on localized query of offline data, namely, on the basis of security agreement between two parties, a data provider transmits a large amount of data to a data querying party as an offline data set, so that the latter can perform efficient query operation locally to support diversified business scenes. However, there are double privacy protection requirements in this process that, on the one hand, the data provider does not want the data querying party to obtain the original plaintext data, and on the other hand, the data querying party does not want to expose its specific query intent (such as a search condition) to the data provider. Therefore, it is needed to construct a bidirectional privacy protection mechanism that combines security and efficiency to effectively support compliance, credibility, and high-efficiency inter-enterprise data collaboration. Disclosure of Invention The present disclosure provides a method and an apparatus for protecting query of offline data, and a method and an apparatus for protecting privacy, which mainly aim to protect the security of offline data and the privacy interests of the data provider, which are delivered in advance, while satisfying the requirement of high-performance query, and protect the privacy of query intention of the data query provider while supporting local efficient query, thereby providing an effective solution that combines query efficiency and data query protection. In order to achieve the above purpose, the present disclosure mainly provides the following technical solutions: the first aspect of the present disclosure provides a query protection method for offline data, applied to a data querying party, the method comprising: Obtaining offline data provided by a data provider, wherein the offline data at least comprises a first data set and a second data set, the first data set comprises one or more encrypted query records after encryption processing, each encrypted query record corresponds to a unique query condition one by one, the second data set at least comprises hidden information of data information, and the data information comprises first original text data corresponding to each query condition, second original text data corresponding to decryption data used by the encrypted query record and a mapping relation between the first original text data and the second original text data; Responding to a query request received by the data querying party, if a target query condition carried in the query request hits any one target first original text data in the first original text data hidden by the second data set, outputting target second original text data corresponding to the first target original text data based on hidden information of the data information in the second data set; Searching a target encryption query record matched with the target query condition in the first data set by utilizing the target query condition corresponding to the target first original text data; and executing decryption operation on the target encrypted query record by using the decryption data determined by the target second original text data to obtain a query result corresponding to the target query condition. A second aspect of the present disclosure provides a method for protecting privacy of offline data, applied to a data provider, the method comprising: acquiring one or more query conditions and query records corresponding to the query conditions; Performing encryption processing on the plaintext information of the query record by using a first key and a random num