Method and apparatus for comparing mobile paths based on homomorphic encryption
By using homomorphic encryption technology to encrypt and compare the movement path information of individuals and targets on the server side, the privacy infringement problem of centralized models and the path identification problem of decentralized models are solved, achieving secure and accurate contact history identification.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SAMSUNG ELECTRONICS CO LTD
- Filing Date
- 2021-06-28
- Publication Date
- 2026-06-09
Smart Images

Figure CN113873507B_ABST
Abstract
Description
[0001] Cross-references to related applications
[0002] This application claims the benefit of Korean Patent Application No. 10-2020-0080454, filed on June 30, 2020, and Korean Patent Application No. 10-2021-0036046, filed on March 19, 2021, the entire disclosure of which is incorporated herein by reference for all purposes. Technical Field
[0003] The following description relates to methods and apparatus for comparing mobile paths based on homomorphic encryption. Background Technology
[0004] Centralized and decentralized models can be used in epidemiological investigations to identify contacts with confirmed individuals. Centralized models can easily identify movement paths, but may pose a high risk of privacy violations. Decentralized models can prevent this privacy violation by verifying only whether contact with confirmed individuals has occurred without disclosing individuals' movement path information. However, decentralized models may not be able to easily identify the movement paths of confirmed individuals. Summary of the Invention
[0005] The present invention is provided to introduce, in a simplified form, the selection of concepts further described in the following detailed description. The present invention is not intended to identify key or essential features of the claimed subject matter, nor is it intended to be used to help determine the scope of the claimed subject matter.
[0006] In one general aspect, a server is provided, comprising: a processor configured to: acquire encrypted first mobility path information of a comparison target encrypted with a public key; receive encrypted second mobility path information of a user of a user equipment encrypted with a private key; compare the encrypted first mobility path information and the encrypted second mobility path information; decrypt a portion of the comparison result using a public key to generate a partially decrypted comparison result; and provide the partially decrypted comparison result to a user.
[0007] The encrypted first movement path information and the encrypted second movement path information may each include encrypted information associated with the arrival location and time of the comparison target and the user.
[0008] The encrypted first movement path information and the encrypted second movement path information may include homomorphically encrypted information.
[0009] The processor can be configured to verify whether the movement path information included in the encrypted second movement path information matches any movement path information included in the encrypted first movement path information.
[0010] The processor can be configured to decrypt the partially decrypted comparison result using a private key to verify whether there has been contact between the user and the comparison target.
[0011] The partial decryption comparison result can be decrypted by an external device configured to manage the public key.
[0012] The private key can only be accessed by the user.
[0013] Servers can be deployed in the cloud and configured to communicate with user devices and external devices.
[0014] In another general aspect, an electronic device is provided, comprising: a processor configured to: receive from a server encrypted first mobility path information of a comparison target, encrypted with a public key; compare the encrypted first mobility path information with encrypted second mobility path information of a user, encrypted with a private key; send the comparison result to the server; and receive from the server a partially decrypted comparison result, including a portion of the comparison result decrypted with the public key.
[0015] The encrypted first movement path information and the encrypted second movement path information may each include encrypted information associated with the arrival location and time of the comparison target and the user.
[0016] The encrypted first movement path information and the encrypted second movement path information may include homomorphically encrypted information.
[0017] The processor can be configured to verify whether the movement path information included in the encrypted second movement path information matches any set of movement path information included in the encrypted first movement path information.
[0018] The processor can be configured to: decrypt the partially decrypted comparison result using a private key and verify whether there has been contact between the user and the comparison target.
[0019] The partial decryption comparison result can be decrypted by an external device configured to manage the public key.
[0020] The processor can be configured to obtain from the user a verification result of whether the user has accessed the comparison target.
[0021] In another general aspect, a server is provided, comprising: a processor configured to: receive encrypted mobility path information of an individual collected by one or more institutions and encrypted with a private key corresponding to each of the one or more institutions; generate an encrypted first contact list based on the encrypted mobility path information; send an encrypted second contact list to the one or more institutions, which is encrypted with a public key over the encrypted first contact list; receive a partially decrypted contact list, which is decrypted with the private key of the one or more institutions over the encrypted second contact list; and obtain a final contact list by decrypting the partially decrypted contact list with a public key.
[0022] Encrypted movement path information may include homomorphically encrypted information.
[0023] Encrypted movement path information may include encrypted information associated with the location and time of an individual visiting one or more institutions.
[0024] An encrypted first contact list can be generated by searching for contacts with movement paths that match the movement path of the comparison target based on encrypted movement path information.
[0025] The list of contacts to be partially decrypted is decrypted by an external device configured to manage the public key.
[0026] Other features and aspects will become clear from the following detailed description, drawings and claims. Attached Figure Description
[0027] Figure 1 An example of a movement path comparison method based on homomorphic encryption is shown.
[0028] Figure 2 An example of a motion path comparison device based on homomorphic encryption is shown.
[0029] Figure 3 Show Figure 2 An example of the operation of the movement path comparison device is shown.
[0030] Figure 4 Show Figure 2 Another example of the operation of the movement path comparison device shown.
[0031] Figure 5 Another example of a movement path comparison device based on homomorphic encryption is shown.
[0032] Figure 6A and Figure 6B Show Figure 5 An example of the operation of the movement path comparison device is shown.
[0033] Throughout the accompanying drawings and detailed embodiments, unless otherwise described or provided, the same reference numerals will be understood to refer to the same elements, features, and structures. The drawings may not be drawn to scale, and for clarity, illustration, and convenience, the relative dimensions, proportions, and depictions of elements in the drawings may be exaggerated. Detailed Implementation
[0034] The following detailed description is provided to aid the reader in gaining a comprehensive understanding of the methods, apparatus, and / or systems described herein. However, after understanding the disclosure of this application, various changes, modifications, and equivalents of the methods, apparatus, and / or systems described herein will become clear. For example, the order of operations described herein is merely illustrative and is not limited to those orders set forth herein, but can be significantly altered after understanding the disclosure of this application, except for operations that must be performed in a certain order. Furthermore, for clarity and conciseness, descriptions of known features may be omitted.
[0035] The features described herein may be implemented in various forms and are not to be construed as limited to the examples described herein. Rather, the examples described herein are provided merely to illustrate some of the many feasible ways of implementing the methods, apparatus, and / or systems described herein, which will become clear upon understanding the disclosure of this application.
[0036] The terminology used herein is for the purpose of describing particular examples only and is not intended to limit this disclosure. The singular forms “a,” “an,” and “described” as used herein are intended to also include the plural forms unless the context clearly indicates otherwise. The term “and / or” as used herein includes any one and any combination of any two or more of the listed items. The terms “comprising,” “including,” and “having” as used herein indicate the presence of the stated features, number, operation, element, component, and / or combinations thereof, but do not preclude the presence or addition of one or more other features, number, operation, element, component, and / or combinations thereof.
[0037] Furthermore, terms such as first, second, A, B, (a), (b), etc., may be used herein to describe components. Each of these terms is not used to define the nature, order, or sequence of the corresponding component, but only to distinguish the corresponding component from other components. For example, within the scope of the concept according to this disclosure, a "first" component may be referred to as a "second" component, or similarly, a "second" component may be referred to as a "first" component.
[0038] Throughout this specification, when an element such as a layer, region, or substrate is described as being "on," "connected to," or "coupled to" another element, it may be directly "on," "connected to," or "coupled to" that other element, or one or more other elements may be present in between. Conversely, when an element is described as being "directly on," "directly connected to," or "directly coupled to" another element, no other elements may be present in between. Similarly, expressions such as "between" and "directly between," and "adjacent to" and "immediately adjacent to" should be interpreted as described above.
[0039] Furthermore, in the description of the exemplary embodiments, such descriptions will be omitted when it is believed that a detailed description of structures or functions known therefrom after understanding the disclosure of this application would lead to a vague interpretation of the exemplary embodiments.
[0040] In the following description, examples will be illustrated with reference to the accompanying drawings, and the same reference numerals in the drawings will always denote the same elements.
[0041] Figure 1 An example of a movement path comparison method based on homomorphic encryption is shown.
[0042] The homomorphic encryption-based movement path comparison method 100 (hereinafter referred to as movement path comparison method 100) can encrypt the movement path of an individual in 101 and encrypt the movement path of a comparison target (e.g., a person identified as having an infectious disease) in 102. In 103, the movement path comparison method 100 can compare the encrypted movement paths. Because the movement path information of the individual and the comparison target is encrypted, the privacy of the individual or the comparison target is not violated. The comparison target may also be referred to herein as an identified person or an identified case.
[0043] Using mobility path comparison method 100, an individual's mobility path can be encrypted using a private key, and the mobility path of the comparison target can be encrypted using a managed public key. The encrypted mobility path information for each of the individuals and comparison targets can be homomorphically encrypted information that encrypts mobility path information associated with when and where each of the individuals and comparison targets visited. The private key can be accessed only by the individual, and the public key can be managed by a trusted organization.
[0044] Using the movement path comparison method 100, the corresponding movement paths of individuals and comparison targets included in encrypted movement path information can be compared without decrypting the encrypted movement path information. For example, the result of the encrypted movement path comparison (hereinafter referred to as the comparison result) can be obtained by determining whether there is matching movement path information in the encrypted movement path information of individuals and comparison targets.
[0045] In step 104, using the mobile path comparison method 100, a portion of the comparison result can be decrypted using the public key. This decrypted portion of the comparison result (hereinafter referred to as the partially decrypted comparison result) can be sent to the individual. In step 105, the individual can perform decryption and then verify the final comparison result by decrypting the partially decrypted comparison result using the private key.
[0046] Figure 2 An example of a motion path comparison device based on homomorphic encryption is shown.
[0047] The homomorphic encryption-based mobile path comparison device 200 (hereinafter referred to as mobile path comparison device 200) can perform reference... Figure 1 The homomorphic encryption-based movement path comparison method 100 described above. (Reference) Figure 2 The mobile path comparison device 200 may include user equipment 230 and server 250.
[0048] User equipment 230 may be an electronic device, such as a computer, smartphone, tablet PC, smart device, smart wearable device, etc. User equipment 230 may include a processor 233 and a memory 235.
[0049] Server 250 may be a cloud server configured to communicate with user equipment 230. Server 250 may include processor 253 and memory 255.
[0050] The memory (e.g., memory 235 and memory 255) may store instructions (or programs) executed by the processor (e.g., processor 233 and processor 253). For example, the instructions may include instructions for performing operations of the processor and / or instructions for performing operations of each component of the processor. The memory may be implemented in a volatile memory device or a non-volatile memory device.
[0051] Volatile memory devices can be implemented as dynamic random access memory (DRAM), static RAM (SRAM), thyristor RAM (T-RAM), zero-capacitor RAM (Z-RAM), or dual-transistor RAM (TTRAM).
[0052] Non-volatile memory devices can be implemented as electrically erasable programmable read-only memory (EEPROM), flash memory, magnetic RAM (MRAM), spin-transfer torque MRAM (STT-MRAM), conductive bridged RAM (CBRAM), ferroelectric RAM (FeRAM), phase-change RAM (PRAM), resistive RAM (RRAM), nanotube RRAM, polymer RAM (PoRAM), nanofloating gate memory (NFGM), holographic memory, molecular electronic memory devices, or insulator resistance-changing memory. Further descriptions of memory 235 and memory 255 are given below.
[0053] Processor 253 can process data stored in memory. The processor can execute computer-readable code (e.g., software) or instructions generated by the processor stored in memory.
[0054] The processor 253 may be a hardware-implemented data processing device having circuitry physically constructed for performing a desired operation. For example, the desired operation may include instructions or code in a program.
[0055] For example, hardware-implemented data processing devices may include, for example, microprocessors, single processors, discrete processors, parallel processors, central processing units (CPUs), single-instruction single-data (SISD) multiprocessors, single-instruction multiple-data (SIMD) multiprocessors, multiple-instruction single-data (MISD) multiprocessors, multiple-instruction multiple-data (MIMD) multiprocessors, controllers and arithmetic logic units (ALUs), DSPs, microcomputers, processor cores, multi-core processors, and multiprocessors, programmable logic units (PLUs), graphics processing units (GPUs), neural processing units (NPUs), multi-core processors, multiprocessors, application-specific integrated circuits (ASICs), and field-programmable gate arrays (FPGAs), or any other device capable of responding to and executing instructions in a defined manner. Further descriptions of processors 233 and 253 are given below.
[0056] Figure 3 Show Figure 2 An example of the operation of the movement path comparison device 200 shown.
[0057] Server 250 can collect encrypted movement path information of a comparison target (e.g., an identified person). The encrypted movement path information of the comparison target may refer to movement path information encrypted using public key 213. Server 250 can store the collected encrypted movement path information of the comparison target.
[0058] User equipment 230 can obtain the user's movement path by collecting the user's location information. User equipment 230 can send the user's movement path information encrypted based on private key 211 to server 250. The user's encrypted movement path information can be obtained through private key 211, which can only be accessed by the user, and therefore cannot be decrypted by others.
[0059] Server 250 can compare received encrypted movement path information of a user with stored encrypted movement path information of a comparison target. Server 250 can compare the encrypted movement path information without decrypting the encrypted movement path information of both the user and the comparison target, and generate a comparison result obtained by comparing the encrypted movement path information. The comparison result may include whether there is a movement path that the user and the comparison target have already encountered.
[0060] Server 250 can obtain a partially decrypted comparison result by decrypting a portion of the comparison result using public key 213. Public key 213 can be managed by trusted institution 350, and this operation of decrypting a portion of the comparison result can also be performed by an external device (e.g., a device of trusted institution 350) instead of server 250.
[0061] Server 250 can send a partially decrypted comparison result to user device 230. User device 230 can then generate the final comparison result by decrypting the partially decrypted comparison result using private key 211. The user can then use the final comparison result to verify whether he / she has been in contact with the comparison target.
[0062] Figure 4 Show Figure 2 Another example of the operation of the movement path comparison device 200 shown.
[0063] References above Figure 3 Compared to the described operation, the movement path comparison device 200 can perform the operation of comparing movement paths through the user equipment 230.
[0064] Server 250 can collect movement path information of a comparison target (e.g., an identified person) encrypted with public key 213. Server 250 can store the collected encrypted movement path information of the comparison target.
[0065] User equipment 230 can obtain the user's movement path by collecting the user's location information. User equipment 230 can generate encrypted movement path information for the user, which is encrypted using a private key 211 that can only be accessed by the user.
[0066] User equipment 230 can receive encrypted mobility path information of the comparison target from server 250. The encrypted mobility path information of the comparison target can be obtained through public key 213 which is not accessible to individuals, and therefore can be decrypted without being stored in user equipment 230.
[0067] User equipment 230 can compare the user's encrypted mobility path information with the encrypted mobility path information of the comparison target received from server 250. In one example, user equipment 230 can compare the encrypted mobility path information without decrypting the encrypted mobility path information of both the user and the comparison target, and generate a comparison result of the encrypted mobility path information. The comparison result may include whether there is a mobility path that the user and the comparison target have already encountered.
[0068] User equipment 230 can send the comparison result to server 250 to request partial decryption. Server 250 can obtain the partially decrypted comparison result by decrypting a portion of the comparison result using public key 213. Public key 213 can be managed by trusted institution 350, and this operation of partially decrypting the comparison result can also be performed by an external device (e.g., a device of trusted institution 350) instead of server 250.
[0069] Server 250 can send a partially decrypted comparison result to user device 230. User device 230 can then generate the final comparison result by decrypting the partially decrypted comparison result using private key 211. The user can then use the final comparison result to verify whether he / she has been in contact with the comparison target.
[0070] Figure 5 An example of a motion path comparison device based on homomorphic encryption is shown.
[0071] The homomorphic encryption-based path comparison device 500 can perform the above reference. Figure 1 The described mobility path comparison method 100. Mobility path comparison apparatus 200 may include a server 550 and an organization 530 that collects individuals' mobility paths (e.g., a communications or payment service operator). The server 550 may receive encrypted mobility path information of individuals from the organization 530, track the mobility path of the comparison target, and identify individuals who have already been in contact with the comparison target.
[0072] Server 550 may be a cloud server configured to communicate with agency 530. Server 550 may include processor 553 and memory 555.
[0073] Memory 555 may store instructions (or programs) executable by processor 553. For example, the instructions may include instructions for performing operations of processor 553 and / or instructions for performing operations of each component of processor 553. Memory 555 may be implemented in a volatile memory device or a non-volatile memory device.
[0074] Volatile memory devices can be implemented as DRAM, SRAM, T-RAM, Z-RAM, or TTRAM.
[0075] Non-volatile memory devices can be implemented as EEPROM, flash memory, MRAM, STT-MRAM, CBRAM, FeRAM, PRAM, RRAM, nanotube RRAM, PoRAM, NFGM, holographic memory, molecular electronic memory devices, or insulator resistance variation memory. A further description of the 555 memory is given below.
[0076] Processor 553 can process data stored in memory 555. Processor 553 can execute computer-readable code (e.g., software) or instructions caused by processor 553 stored in memory 555.
[0077] The processor 553 may be a hardware-implemented data processing device having circuitry physically constructed for performing desired operations. For example, the desired operations may include instructions or code in a program.
[0078] For example, a hardware-implemented data processing device may include, for example, a microprocessor, a single processor, a discrete processor, a parallel processor, a CPU, a SISD multiprocessor, a SIMD multiprocessor, a MISD multiprocessor, a MIMD multiprocessor, an ALU, a DSP, a microcomputer, a processor core, a multi-core processor, and a multiprocessor, a PLU, a GPU, an NPU, a multi-core processor, a multiprocessor ASIC, and an FPGA, or any other device capable of responding to and executing instructions in a defined manner. Further description of processor 553 is given below.
[0079] Figure 6A and Figure 6B Show Figure 5 An example of the operation of the movement path comparison device 500 shown.
[0080] Server 550 can receive movement path information of individuals, including comparison targets, from organization 530. This movement path information is encrypted using a private key 613. The private key 613 may be a key managed by each of the organizations 530 and accessible only to that organization itself, and the encrypted movement path information may be homomorphically encrypted.
[0081] Server 550 can generate an encrypted first contact list based on encrypted movement path information received from agency 530. Server 550 can analyze the encrypted movement path information in an encrypted state, identify individuals who have already been in contact with the comparison target, and generate an encrypted first contact list.
[0082] Server 550 can obtain an encrypted second contact list encrypted with public key 611, which is used to encrypt the encrypted first contact list. Public key 611 can be managed by trusted institution 650, and the operation of decrypting a portion of the comparison result of comparing the encrypted movement path information can be performed by an external device (e.g., a device of trusted institution 650) instead of server 550.
[0083] Server 550 may send an encrypted second list of contacts to agency 530. For example, server 550 may send an encrypted second list of contacts to agency 530. The server may receive a partially decrypted list of contacts from agency 530, obtained by decrypting a portion of the encrypted second list of contacts using agency 530's private key 613. In one example, server 550 may send a partially decrypted list of contacts to another agency 530, allowing that other agency 530 to partially decrypt the list using its private key 613, and then receive a second partially decrypted list of contacts from that other agency 530. In one example, server 550 may allow agency 530 to partially decrypt the encrypted list of contacts in sequence, and may obtain a partially decrypted list of contacts decrypted using agency 530's private key 613.
[0084] Server 550 can use public key 611 to finally decrypt the partially decrypted contact list decrypted via private key 613 of all agencies 530, thereby identifying the movement path of the comparison target and / or individuals who have been in contact with the comparison target.
[0085] In this article Figure 2 and Figure 5The described movement path comparison device, the homomorphic encryption-based movement path comparison device 200, the homomorphic encryption-based movement path comparison device 500, and other devices, equipment, units, modules, and components are implemented by hardware components. Examples of hardware components that can be used to perform the operations described in this application, where appropriate, include controllers, sensors, generators, drivers, memories, comparators, arithmetic logic units, adders, subtractors, multipliers, dividers, integrators, and any other electronic components configured to perform the operations described in this application. In other examples, one or more of the hardware components used to perform the operations described in this application are implemented by computing hardware (e.g., by one or more processors or computers). The processor or computer may be implemented by one or more processing elements (e.g., logic gate arrays, controllers and arithmetic logic units, digital signal processors, microcomputers, programmable logic controllers, field-programmable gate arrays, programmable logic arrays, microprocessors, or any other device or combination of devices configured to respond to and execute instructions in a defined manner to achieve a desired result). In one example, the processor or computer includes, or is connected to, one or more memories storing, instructions or software executed by the processor or computer. Hardware components implemented by the processor or computer can execute instructions or software, such as an operating system (OS) and one or more software applications running on the OS, to perform the operations described in this application. The hardware components can also access, manipulate, process, create, and store data in response to the execution of instructions or software. For brevity, the singular terms “processor” or “computer” may be used in the description of the examples described in this application, but in other examples multiple processors or computers may be used, or a processor or computer may include multiple processing elements, or multiple types of processing elements, or both. For example, a single hardware component or two or more hardware components may be implemented by a single processor, or two or more processors, or a processor and a controller. One or more hardware components may be implemented by one or more processors, or a processor and a controller, and one or more other hardware components may be implemented by one or more other processors, or another processor and another controller. One or more processors or a processor and a controller may implement a single hardware component, or two or more hardware components.The hardware components can be any one or more of different processing configurations, examples of which include a single processor, a standalone processor, a parallel processor, a single-instruction single-data (SISD) multiprocessor, a single-instruction multiple-data (SIMD) multiprocessor, a multiple-instruction single-data (MISD) multiprocessor, a multiple-instruction multiple-data (MIMD) multiprocessor, a controller and arithmetic logic unit (ALU), a DSP, a microcomputer, an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), a programmable logic unit (PLU), a central processing unit (CPU), a graphics processing unit (GPU), a neural processing unit (NPU), or any other device capable of responding to and executing instructions in a defined manner.
[0086] Perform the operations described in this application Figures 1 to 6B The methods described are performed by computing hardware (e.g., one or more processors or computers implemented as described above, executing instructions or software to perform the operations performed by the methods described in this application). For example, a single operation or two or more operations may be performed by a single processor, or two or more processors, or a processor and a controller. One or more operations may be performed by one or more processors or a processor and a controller, and one or more other operations may be performed by one or more other processors or another processor and another controller. One or more processors or a processor and a controller may perform a single operation or two or more operations.
[0087] Instructions or software for controlling a processor or computer to implement hardware components as described above and to execute the methods described above are written as computer programs, code segments, instructions, or any combination thereof, for individually or collectively instructing or configuring the processor or computer to operate as a machine or special-purpose computer to perform the operations performed by the hardware components and the methods described above. In one example, the instructions or software include machine code that is directly executed by the processor or computer, such as machine code generated by a compiler. In one example, the instructions or software include at least one of the following: applets, dynamic link libraries (DLLs), middleware, firmware, device drivers, or applications that store methods for comparing movement paths. In another example, the instructions or software include high-level code that is executed by the processor or computer using an interpreter. The instructions or software can be written using any programming language based on the block diagrams and flowcharts shown in the accompanying drawings and the corresponding descriptions in the specification, wherein algorithms for performing the operations performed by the hardware components and the methods described above are disclosed.
[0088] Instructions or software for controlling computing hardware (e.g., one or more processors or computers) to implement hardware components and perform the methods described above, as well as any associated data, data files and data structures, may be recorded, stored or fixed in or on one or more non-transitory computer-readable storage media. Examples of non-transitory computer-readable storage media include read-only memory (ROM), random access programmable read-only memory (PROM), electrically erasable programmable read-only memory (EEPROM), random access memory (RAM), magnetic RAM (MRAM), spin-transfer torque (STT)-MRAM, static random access memory (SRAM), thyristor RAM (T-RAM), zero-capacitor RAM (Z-RAM), dual-transistor RAM (TTRAM), conductive bridged RAM (CBRAM), ferroelectric RAM (FeRAM), phase-change RAM (PRAM), resistive RAM (RRAM), nanotube RRAM, polymer RAM (PoRAM), nanofloating gate memory (NFGM), holographic memory, molecular electronic memory devices, insulator resistance variation memory, dynamic random access memory (DRAM), static random access memory (SRAM), flash memory, non-volatile memory, CD-ROM, CD-R, CD+R, CD-RW, CD+RW, DVD-ROM, DVD-R, DVD+R, DVD-RW, DVD+RW, DVD-RAM, BD-ROM, BD-R, BD-R LTH, BD-RE, Blu-ray or optical disc storage devices, hard disk drives (HDDs), solid-state drives (SSDs), flash memory, card-type memory (e.g., multimedia cards or microcards (e.g., Secure Digital (SD) or Extreme Digital (XD))), magnetic tape, floppy disks, magneto-optical data storage devices, optical data storage devices, hard disks, solid-state drives, and any other devices configured to: store instructions or software and any associated data, data files, and data structures in a non-transitory manner, and provide instructions or software and any associated data, data files, and data structures to a processor or computer such that the processor or computer can execute the instructions.
[0089] Although this disclosure includes specific examples, it will be clear upon understanding the disclosure of this application that various changes in form and detail may be made to these examples without departing from the spirit and scope of the claims and their equivalents. The examples described herein should be considered descriptive only and not for limiting purposes. The description of features or aspects in each example is intended to apply to similar features or aspects in other examples. Suitable results may be achieved if the described techniques are performed in a different order and / or if components in the described system, architecture, device, or circuit are combined in a different manner and / or replaced or supplemented by other components or their equivalents.
[0090] Therefore, the scope of this disclosure is not defined by the specific embodiments, but by the claims and their equivalents, and all variations within the scope of the claims and their equivalents are to be included in this disclosure.
Claims
1. A server, comprising: The processor is configured as follows: Collect encrypted first movement path information of the comparison target, wherein the encrypted first movement path information is generated by homomorphically encrypting the movement path information of the comparison target using a public key; Receive encrypted second mobility path information of the user equipment from the user equipment, wherein the encrypted second mobility path information is generated by homomorphically encrypting the user's mobility path information using a private key; Compare the encrypted first movement path information and the encrypted second movement path information; Decrypting a portion of the comparison result using the public key to generate a partially decrypted comparison result; and The comparison results of the partially decrypted part are provided to the user.
2. The server of claim 1, wherein, The encrypted first movement path information and the encrypted second movement path information respectively include encrypted information associated with the arrival location and time of the comparison target and the user.
3. The server of claim 1, wherein, The encrypted first movement path information and the encrypted second movement path information include information that has been homomorphically encrypted.
4. The server of claim 1, wherein, The processor is also configured to: Verify whether the movement path information included in the encrypted second movement path information matches any movement path information included in the encrypted first movement path information.
5. The server of claim 1, wherein, The processor is also configured to: The user equipment decrypts the partially decrypted comparison result using the private key to verify that there is contact between the user and the comparison target.
6. The server of claim 1, wherein, The comparison result of the partial decryption is decrypted by an external device configured to manage the public key.
7. The server of claim 1, wherein, The private key is accessible only to the user.
8. The server of claim 6, wherein, The server is deployed in the cloud and configured to communicate with the user equipment and the external devices.
9. An electronic device, comprising: The processor is configured as follows: Receive encrypted first movement path information of the comparison target from the server, wherein the encrypted first movement path information is generated by homomorphically encrypting the movement path information of the comparison target using a public key; The encrypted first mobility path information and the user's encrypted second mobility path information are compared, wherein the encrypted second mobility path information is generated by homomorphically encrypting the user's mobility path information using a private key; Send the comparison results to the server; and Receive from the server a partially decrypted comparison result, including a portion of the comparison result decrypted using the public key.
10. The electronic device of claim 9, wherein, The encrypted first movement path information and the encrypted second movement path information respectively include encrypted information associated with the arrival location and time of the comparison target and the user.
11. The electronic device according to claim 9, wherein, The encrypted first movement path information and the encrypted second movement path information include information that has been homomorphically encrypted.
12. The electronic device according to claim 9, wherein, The processor is also configured to: Verify whether the movement path information included in the encrypted second movement path information matches any set of movement path information included in the encrypted first movement path information.
13. The electronic device according to claim 9, wherein, The processor is also configured to: The private key is used to decrypt the partially decrypted comparison result and verify whether there has been contact between the user and the comparison target.
14. The electronic device according to claim 9, wherein, The comparison result of the partial decryption is decrypted by an external device configured to manage the public key.
15. The electronic device according to claim 13, wherein, The processor is also configured to: The verification results obtained from the user confirm whether the user has contacted the comparison target.
16. A server, comprising: The processor is configured as follows: Receive encrypted mobility path information of an individual collected by one or more institutions, wherein the encrypted mobility path information is generated by homomorphically encrypting the mobility path information of the individual using a private key corresponding to each of the one or more institutions; An encrypted first contact list is generated based on the encrypted movement path information. Send an encrypted second contact list to the one or more institutions, wherein the encrypted second contact list is generated by homomorphically encrypting the encrypted first contact list using a public key; Receive a partially decrypted list of contacts, which is generated by homomorphically decrypting the encrypted second list of contacts using the private keys of the one or more institutions; and The final contact list is obtained by homomorphically decrypting the partially decrypted contact list using the public key.
17. The server according to claim 16, wherein, The encrypted mobile path information includes information that has been homomorphically encrypted.
18. The server according to claim 16, wherein, The encrypted movement path information includes encrypted information associated with the location and time of an individual accessing the one or more institutions.
19. The server according to claim 16, wherein, The encrypted first contact list is generated by searching for contacts with movement paths that match the movement path of the comparison target based on the encrypted movement path information.
20. The server according to claim 16, wherein, The list of contacts for partial decryption is decrypted by an external device configured to manage the public key.