Data processing method and device, equipment and storage medium

Abstract

One or more embodiments of the specification provide a data processing method, device, equipment and storage medium, wherein the method is applied to a data processing device provided with a trusted execution environment (TEE), and the method comprises: obtaining, by a first application on the data processing device, first data in a ciphertext form sent by a data source; the first data is encrypted by using a first encryption mode; the first application is located in a non-TEE of the data processing device; transmitting, by the first application, the first data to the TEE, decrypting the first data in the TEE to obtain second data in a plaintext form; encrypting the second data in the TEE to obtain third data in a ciphertext form; the third data is encrypted by using a second encryption mode; receiving, by the first application, the third data returned by the TEE, and storing the third data into a database.

Description

Technical Field

[0001] This document relates to the field of data security, and in particular to a data processing method, apparatus, device, and storage medium. Background Technology

[0002] Data privacy queries refer to data queries performed without disclosing data content to third parties. To achieve data privacy queries, data must first be stored in a database, and the data content should not be exposed to third parties during storage. Data storage and data privacy queries are frequently used in risk control scenarios such as anti-fraud. Therefore, it is necessary to provide a technical solution to achieve data storage without disclosing data content to third parties, thus providing a data foundation for data privacy queries. Summary of the Invention

[0003] The purpose of one or more embodiments of this specification is to provide a data processing method applied to a data processing device equipped with a Trusted Execution Environment (TEE), comprising: acquiring first data in encrypted form sent by a data source through a first application on the data processing device. The first data is encrypted using a first encryption method. The first application is located in a non-TEE space of the data processing device. The first data is transmitted to the TEE through the first application. The first data is decrypted in the TEE to obtain second data in plaintext form. The second data is encrypted in the TEE to obtain third data in encrypted form. The third data is encrypted using a second encryption method. The third data is received by the first application from the TEE and stored in a database.

[0004] The purpose of one or more embodiments of this specification is to provide a data processing apparatus applied to a data processing device equipped with a Trusted Execution Environment (TEE), comprising: a data receiving unit, which acquires first data in encrypted form sent by a data source through a first application on the data processing device. The first data is encrypted using a first encryption method. The first application is located in a non-TEE of the data processing device. A data decryption unit, which transmits the first data to the TEE through the first application. The first data is decrypted in the TEE to obtain second data in plaintext form. A data encryption unit, which encrypts the second data in the TEE to obtain third data in encrypted form. The third data is encrypted using a second encryption method. A data storage unit, which receives the third data returned by the TEE through the first application and stores the third data in a database.

[0005] The purpose of one or more embodiments of this specification is to provide a data processing apparatus having a Trusted Execution Environment (TEE). The data processing apparatus includes: a processor; and a memory arranged to store computer-executable instructions. When executed, the executable instructions cause the processor to: acquire, via a first application on the data processing apparatus, first data in encrypted form sent by a data source. The first data is encrypted using a first encryption method. The first application is located outside the TEE of the data processing apparatus. The first data is transmitted to the TEE via the first application. The first data is decrypted in the TEE to obtain second data in plaintext form. The second data is encrypted in the TEE to obtain third data in encrypted form. The third data is encrypted using a second encryption method. The third data is received by the first application from the TEE and stored in a database.

[0006] The purpose of one or more embodiments of this specification is to provide a storage medium for storing computer-executable instructions that, when executed by a processor, implement the following method: Retrieving first data in encrypted form sent by a data source via a first application on a data processing device. The data processing device has a Trusted Execution Environment (TEE). The first data is encrypted using a first encryption method. The first application is located outside the TEE of the data processing device. The first data is transmitted to the TEE via the first application. The first data is decrypted in the TEE to obtain second data in plaintext form. The second data is encrypted in the TEE to obtain third data in encrypted form. The third data is encrypted using a second encryption method. The third data returned by the TEE is received by the first application, and the third data is stored in a database. Attached Figure Description

[0007] To more clearly illustrate the technical solutions in one or more embodiments of this specification or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments recorded in one or more of this specification. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0008] Figure 1 A schematic flowchart illustrating a data processing method provided in one embodiment of this specification;

[0009] Figure 2 A flowchart illustrating a data processing method provided in yet another embodiment of this specification;

[0010] Figure 3 This is a schematic diagram of the structure of a data processing apparatus provided in one embodiment of this specification;

[0011] Figure 4 This is a schematic diagram of the structure of a data processing apparatus provided in another embodiment of this specification;

[0012] Figure 5 This is a schematic diagram of the structure of a data processing device provided in one embodiment of this specification. Detailed Implementation

[0013] To enable those skilled in the art to better understand the technical solutions in one or more embodiments of this specification, the technical solutions in one or more embodiments of this specification will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are merely some embodiments of one or more embodiments of this specification, and not all embodiments. Based on the embodiments in one or more embodiments of this specification, all other embodiments obtained by those skilled in the art without creative effort should fall within the protection scope of this document. It should be noted that, unless otherwise specified, one or more embodiments in this specification and the features within them can be combined with each other. The one or more embodiments of this specification will now be described in detail with reference to the accompanying drawings and embodiments.

[0014] This specification provides one or more embodiments of a data processing method, apparatus, device, and storage medium that can achieve data storage without exposing data content to third parties, and provide a data foundation for data privacy queries. Figure 1 This is a flowchart illustrating a data processing method provided in one embodiment of this specification. The method is applied to a data processing device equipped with a TEE (Trusted Execution Environment), such as... Figure 1 As shown, the process includes:

[0015] Step S102: Obtain first data in encrypted form sent by the data source through the first application on the data processing device; the first data is encrypted using the first encryption method; the first application is located in the non-TEE of the data processing device.

[0016] Step S104: The first data is transmitted to the TEE through the first application, and the first data is decrypted in the TEE to obtain the second data in plaintext form.

[0017] Step S106: Encrypt the second data in the TEE to obtain the third data in ciphertext form; the third data is encrypted using the second encryption method.

[0018] Step S108: Receive the third data returned by the TEE through the first application and store the third data in the database.

[0019] In this embodiment, the data processing device has a Trusted Execution Environment (TEE) and a Non-Trusted Execution Environment (Non-TEE). A first application in the Non-TEE can obtain first data in encrypted form sent by the data source and transmit it to the TEE. In the TEE, the first data can be decrypted to obtain second data in plaintext form. The plaintext second data is then encrypted to obtain third data in encrypted form. The TEE also transmits the third data to the first application, which stores the third data in a database. Therefore, through this embodiment, after the data source transmits encrypted data, it can decrypt and re-encrypt the encrypted data in the TEE and store the re-encrypted data in the Non-TEE. This achieves encrypted data storage on the server side. The data decryption and re-encryption processes occur in the TEE, thus ensuring that the data content is not obtained by third parties. This satisfies the requirement of data storage without exposing the data content to third parties, providing a data foundation for data privacy queries. Since the encrypted third data is transmitted to the first application and stored in the database by the first application, the third data is actually stored in a non-TEE. The TEE only needs to complete the data reception, data decryption, and data encryption actions, without needing to store the data, thus saving storage space and computing resources in the TEE and reducing the system overhead of the TEE.

[0020] In this embodiment, the data processing device has a TEE and a non-TEE. It can be understood that the TEE is the trusted execution environment within the data processing device, while the non-TEE can be any working environment or mode within the data processing device other than the TEE. The non-TEE contains a first application. This first application communicates with the TEE, the data source, and the data queryer. It can receive the first data to be stored from the data source, receive data query requests from the data queryer, and return the queried data to the data queryer. The data source and the data queryer can be the same or different. Accordingly, the first application can have multiple modules such as data receiving, request receiving, and data returning.

[0021] In step S102 above, the first application located in the non-TEE of the data processing device obtains the first data sent by the data source. The first data is encrypted data, obtained by encrypting it using the first encryption method. The first data can be any data involving user privacy, such as the user's ID number, salary, etc. After the data source encrypts the first data using the first encryption method, it uploads it to the server for data storage. Therefore, the first application receives the first data in encrypted form.

[0022] In step S104 above, the first data is transmitted to the TEE via the first application. The first data is then decrypted in the TEE to obtain the second data in plaintext. The TEE and the data source have pre-agreed upon the specific procedures for the first encryption method and the corresponding decryption method. Therefore, after receiving the first data, the TEE can decrypt it using the pre-agreed decryption method to obtain the second data in plaintext. The second data can be, for example, the specific value of a user's ID number. Because the process of decrypting the second data occurs within the TEE, the second data is kept confidential, and its content will not be obtained by any third party.

[0023] In step S106 above, the second data is encrypted in the TEE to obtain the third data in ciphertext form. The third data is encrypted using the second encryption method. After the TEE decrypts the second data, it is then encrypted again using the second encryption method. The second encryption method can be a different encryption algorithm than the first encryption method, or it can be the same encryption algorithm but with a different key. After encrypting the second data using the second encryption method, the resulting third data has a different specific data value than the first data. Since the process of encrypting the third data occurs in the TEE, the encryption process of the third data is kept confidential, thus ensuring high security for the third data and preventing third parties from obtaining the encryption process.

[0024] In step S108 above, the TEE transmits the encrypted third data to the first application in the non-TEE. The first application receives the third data returned by the TEE and stores the third data in the database. The database is located in the non-TEE. By establishing the database and storing the encrypted data in the non-TEE, it is not necessary to occupy the internal memory space of the TEE to establish the database. This can reduce the internal system overhead of the TEE while meeting the data query requirements.

[0025] In one embodiment, when the TEE transmits the encrypted third data to the first application (not in the TEE) for storage, it may additionally transmit some forged, fake data to the first application. This fake data can be represented by specific data markers; for example, a single data item might be represented as...<id,field+tag> When the tag value is false, it indicates that the data is fake.<id,field+false> When the tag value is true, it indicates that the data is true.<id,field+true> Fake data can be generated by the TEE and encrypted by the TEE using a second encryption method. The encrypted fake data is stored on the non-TEE side. The data tags within the fake data are also encrypted, making it impossible for the non-TEE side to distinguish between real and fake data. When the TEE stores a sufficient amount of fake data on the non-TEE side—for example, if the amount of fake data is 1000 times the amount of third-party data—the first application, when querying data in the database as described later, will be unable to identify the true target of the query due to the interference of the large amount of fake data, and will also be unable to determine whether the data requested by the querying party has actually been found. This interferes with the non-TEE side, thus improving the security of data privacy queries.

[0026] Regarding the encryption of data tags in fake data, there are two cases: 1. The tag is treated as a separate data field, for example...<id1,field1,true1> ,<id2,field1,true2> In this case, to conceal the data pattern of tag values, the tag needs to be obfuscated and encrypted. 2. The tag is appended to other data fields and is not treated as a separate data field. An example of this is...<id1,field1+true1> ,<id2,field1+true2> In this case, the tag does not need to be obfuscated or encrypted.

[0027] The above describes the process of achieving encrypted data storage and saving TEE system overhead based on TEE and non-TEE. Figure 2 This is a flowchart illustrating another embodiment of a data processing method provided in this specification. The method is applied to a data processing device equipped with a TEE (Trusted Execution Environment), such as... Figure 2 As shown, this process is in Figure 1 In addition to this, it also includes:

[0028] Step S110: Obtain the first data query request for the target data sent by the data query party through the first application and transmit it to the TEE. The first data query request is in encrypted form.

[0029] Step S112: In the TEE, a second data query request is generated based on the first data query request for the target data in ciphertext form; the second data query request is in plaintext form; the target data in ciphertext form is encrypted using the second encryption method;

[0030] Step S1114: The first application queries the stored data in encrypted form according to the second data query request, and returns the query result to the TEE;

[0031] Step S1116: Process the query results in the TEE to obtain the target data encrypted using the third encryption method, and return the target data encrypted using the third encryption method to the data queryer through the first application.

[0032] In step S110 above, the data querying party sends a first data query request for the target data to the data processing device. The first application obtains the first data query request and sends it to the TEE. The target data to be queried in encrypted form is located in the aforementioned third data and is pre-stored in the database. The first data query request is in encrypted form to prevent third parties from knowing the data to be queried.

[0033] In step S112 above, a second data query request for the target data in encrypted form is generated in the TEE based on the first data query request in encrypted form. Specifically, the first data query request is in encrypted form, and after being restored to plaintext, the requested data is the target data in plaintext form. However, the database pre-stores the target data in encrypted form, so it is necessary to generate a second data query request for the target data in encrypted form based on the first data query request in encrypted form. The second data query request can be in plaintext form, which facilitates reading and data querying by the first application. The target data in encrypted form is located in the third data mentioned above, so the target data in encrypted form is pre-encrypted using the second encryption method.

[0034] For example, the first data query request is encrypted, and its plaintext is "select field1" (query data field 1). Here, field1 is the target data in plaintext form, while the database pre-stores the target data enc(field1) in encrypted form. Therefore, a second data query request select enc(field1) is generated for the target data enc(field1) in encrypted form, so that the target data in encrypted form can be retrieved from the third database.

[0035] In step S114 above, the first application queries the stored data in encrypted form according to the second data query request and returns the query result to the TEE. For example, the first application queries the database in encrypted form, `enc(field1)`, according to the second data query request in plaintext form, and returns the query result to the TEE.

[0036] In step S116 above, the query results are processed in the TEE to obtain target data encrypted using a third encryption method. For example, target data encrypted using a second encryption method is extracted from the query results, decrypted, and then re-encrypted to obtain target data encrypted using the third encryption method. The third encryption method is a data encryption method agreed upon between the data processing device and the data querying party. The third encryption method is different from the second encryption method and can be the same as or different from the first data encryption method. The TEE sends the target data encrypted using the third encryption method to the first application, and the first application returns the target data encrypted using the third encryption method to the data querying party, thereby satisfying the data querying party's query request for the target data.

[0037] The above describes the general process of data query. In different scenarios, the specific implementation of the data encryption process and data query process for the second data will also be different. The following will introduce them in different cases.

[0038] <Scenario 1>

[0039] In one scenario, after the TEE decrypts the first data sent by the data source, the resulting second data in plaintext form includes at least one plaintext data record, which contains multiple plaintext data items. In the above steps, the second data is encrypted in the TEE, specifically by: in the TEE, for each plaintext data record, packaging and encrypting the multiple plaintext data items in the plaintext data record.

[0040] For example: The second data defines the expression as follows<field1,field2,…> Multiple rows of data, where each row can be expressed as<field1,field2,…> .<field1,field2,…> This represents a plaintext data record, where field1, field2, ... are the individual plaintext data items. If the non-TEE side is not expected to know the existence of field1, field2, ... (i.e., the number of fields contained in a data item is not to be exposed), the TEE side can package field1, field2, ... into a single packet and encrypt it together. The encrypted result is then used as the field, requiring the non-TEE side to...<enc(field)> Import the database.

[0041] In this encryption method, each plaintext data record includes not only multiple plaintext data items, but also the plaintext index corresponding to these multiple plaintext data items. When encrypting the second data, for each plaintext data record, after packaging and encrypting the multiple plaintext data items in the plaintext data record, the plaintext index in each plaintext data record is also encrypted.

[0042] For example: The second data defines the expression as follows<id,field1,field2,…> Multiple rows of data, where each row can be expressed as<id,field1,field2,…> .<id,field1,field2,…> This represents a plaintext data record, where field1, field2, ... are the individual plaintext data items, and id is the plaintext index. If the non-TEE side is not expected to know the existence of field1, field2, ... (i.e., the number of fields contained in the data item is not to be exposed), the TEE side can package field1, field2, ... into a single packet and encrypt them together. The encrypted result is then used as the field, and the id is further encrypted. The non-TEE side is then required to...<enc(id),enc(field)> Import the database.

[0043] In the above scenario, the third data obtained by encrypting the second data in plaintext form using the TEE correspondingly includes at least one ciphertext data record. This ciphertext data record comprises ciphertext data items generated by packaging and encrypting multiple plaintext data items. The target data in plaintext form is located within these plaintext data items and is one of them. The target data in ciphertext form must also be located within a ciphertext data item of a certain ciphertext data record. In the above steps, generating a second data query request for the target data in ciphertext form within the TEE based on the first data query request specifically involves: decrypting the first data query request within the TEE, determining the target ciphertext data item containing the target's ciphertext form based on the decryption result, and generating a second data query request for that target ciphertext data item.

[0044] Specifically, the first data query request is in encrypted form. The first data query request is decrypted in the TEE. Based on the decryption result, the target encrypted data item containing the target data in encrypted form is determined. The target encrypted data item is located in the target encrypted data record. The target encrypted data record is one of the aforementioned at least one encrypted data record. A second data query request for the target encrypted data item is generated in the TEE.

[0045] Since the second data in plaintext form also includes plaintext indexes corresponding to multiple plaintext data items, the third data in ciphertext form also includes ciphertext indexes corresponding to the ciphertext data items (i.e., the encrypted id mentioned earlier). The first data query request also includes the ciphertext index of the target data. Based on this, after decrypting the first data query request, the target ciphertext data item containing the target data in ciphertext form is determined according to the decryption result, and a second data query request for the target ciphertext data item is generated. Specifically, the plaintext index corresponding to the target data in the decryption result is encrypted using the second encryption method to obtain the ciphertext index of the target ciphertext data item containing the target data in ciphertext form. Based on the determined ciphertext index, a second data query request for the target ciphertext data item is generated.

[0046] Specifically, the plaintext form of the first data query request necessarily includes the plaintext index corresponding to the target data. Therefore, the decryption result also contains the plaintext index corresponding to the target data. The plaintext index corresponding to the target data is encrypted using the second encryption method to obtain the ciphertext index of the target ciphertext data item where the target data is located in ciphertext form. Then, based on the ciphertext index, a second data query request is generated for the target ciphertext data item where the target data is located in ciphertext form.

[0047] In the above actions, the first application queries the stored data in encrypted form according to the second data query request, specifically: the first application queries the stored data in encrypted form for the target encrypted data item.

[0048] For example: The plaintext form of the first data query request is select field2 from table where id=3 (find the field2 column corresponding to id=3 in the table), where field2 is the target data and 3 is the plaintext index corresponding to the target data. The TEE will convert the SQL statement into select field from enc_table where id=enc(3) (find the column corresponding to enc(3) in the enc_table table created on the non-TEE side). Here, enc(3) is the ciphertext index of the target ciphertext data item where the ciphertext target data is located, and the target ciphertext data item is the column corresponding to enc(3). The converted statement is used to query enc(3) and its corresponding column in the data stored on the non-TEE side, that is, to query the target ciphertext data item where the ciphertext target data is located.

[0049] Since the query retrieves the target ciphertext data item containing the target data in ciphertext form, the query results need to be processed in the TEE to obtain the target data encrypted using a third encryption method. Specifically, the queried target ciphertext data item is decrypted in the TEE to obtain multiple plaintext data items, which include the target data in plaintext form. Then, the target data in plaintext form is extracted from the multiple plaintext data items obtained from the decryption, and the target data in plaintext form is encrypted again using the third encryption method to obtain the target data encrypted using the third encryption method.

[0050] For example, continuing from the previous example, after querying and obtaining the column corresponding to enc(3), it is decrypted to obtain multiple plaintext data items. The target data in plaintext form is selected from them and encrypted using the third encryption method. The target data encrypted using the third encryption method is obtained and returned to the data query party through the first application.

[0051] In one embodiment, extracting the target data in plaintext form from multiple plaintext data items obtained through decryption specifically involves: obtaining the identification rules for the target data in plaintext form pre-recorded in the TEE among the multiple data items obtained through decryption, and extracting the target data in plaintext form from the multiple plaintext data items obtained through decryption based on the identification rules.

[0052] The TEE pre-records the identification rules for plaintext target data among the multiple data items obtained after decryption. These rules can specify the length of each plaintext data item and its ending character. These rules can be implemented using a DSL (Domain Specific Language). For example, if the rules record that the first plaintext data item occupies 5 bytes, the second 3 bytes, and the third 1 byte, after determining which plaintext data item the target data belongs to, it can be extracted from the decrypted plaintext data items using a byte lookup method. Taking the previous example, after decrypting the multiple fields corresponding to id=3, since the target data is field2, field2 can be extracted based on the length of each field.

[0053] The previous section introduced the data encryption and query process in one scenario. The following section introduces the data encryption and query process in another scenario.

[0054] <Scenario 2>

[0055] In this case, the second data in plaintext form includes at least one plaintext data record, which contains multiple plaintext data items. The encryption of the second data in the TEE mentioned above is specifically as follows: if there are target plaintext data items with data distribution patterns to be hidden in each plaintext data record, then each target plaintext data item in each plaintext data record is obfuscated and encrypted in the TEE to obtain the corresponding target ciphertext data item, and then the other plaintext data items in each plaintext data record are encrypted one by one.

[0056] For example, the second data in plaintext form consists of three plaintext data records, each of which can be represented as...<field1,field2,…> In each plaintext data record, field1 represents the user's salary. The data distribution pattern of field1 should not be discovered by a third party; therefore, field1 is the target plaintext data item whose data distribution pattern needs to be hidden. In this case, the TEE (Time-Based Encryption) obfuscates and encrypts each field1 in each plaintext data record to obtain the corresponding target ciphertext data item for each field1. Then, it encrypts other plaintext data items such as field2 in each plaintext data record one by one. The encryption result can be represented as...<enc(field1),enc(field2),…> .

[0057] Specifically, the obfuscation and encryption of each target plaintext data item in each plaintext data record involves: sorting each plaintext data record, determining the obfuscation tag of the target plaintext data item in each plaintext data record based on the sequence number of each plaintext data record, rewriting each target plaintext data item in each plaintext data record based on the obfuscation tag, and encrypting the rewritten target plaintext data item.

[0058] For example, the second data in plaintext form consists of three plaintext data records, each of which can be represented as...<field1,field2,…> In this case, field1 in each plaintext data record represents the user's salary. The data distribution pattern in field1 is not intended to be discovered by a third party; therefore, field1 is the target plaintext data item whose data distribution pattern needs to be hidden. The three plaintext data records are sorted into sequences 1, 2, and 3. Then, based on the sequence number of each plaintext data record, an obfuscation marker is determined for the target plaintext data item in each record. This marker can be the same as its sequence number, such as 1, 2, or 3. Based on the obfuscation marker, each target plaintext data item is rewritten, changing its value to the sum of its obfuscation marker. The rewritten target plaintext data items are then encrypted using the second encryption method. Furthermore, all other plaintext data items in each plaintext data record are also encrypted using the second encryption method.

[0059] By first rewriting each target plaintext data item to change its size, and then encrypting the rewritten target plaintext data items, the values ​​of the encrypted target plaintext data items no longer have a data distribution pattern, thus hiding the data distribution pattern of the target plaintext data items.

[0060] In this scenario, the TEE generates a second data query request for the encrypted target data based on the first data query request. Specifically, the first data query request is decrypted within the TEE. If the decrypted request uses the aforementioned target plaintext data item as a query index to query the target data, the corresponding target encrypted data item is obtained. Based on this target encrypted data item, a second data query request for the encrypted target data is generated. In other words, a query index is required for data querying. The first data query request is decrypted within the TEE. If the decrypted request uses the aforementioned target plaintext data item as a query index to query the target data, the target encrypted data item corresponding to the aforementioned target plaintext data item is obtained. Based on this target encrypted data item, a second data query request is generated.

[0061] Accordingly, the first application queries the stored data in encrypted form based on the second data query request. Specifically, the first application queries the stored data in encrypted form based on the target encrypted data item as the query index, according to the second data query request. The encrypted target data must be located in the pre-stored third data.

[0062] For example, the second data in plaintext form consists of three plaintext data records, each of which can be represented as...<field1,field2,…> In each plaintext data record, field1 represents the user's salary. The data distribution pattern in field1 is not intended to be discovered by a third party; therefore, field1 is the target plaintext data item whose data distribution pattern needs to be hidden. In this case, the third-party data in ciphertext form can be represented as follows:<enc(field1+n),enc(field2),…> Since the field has been rewritten, there is a +n rewriting marker. The first data request is decrypted. If the decrypted request queries field2 based on field1, then enc(field1+n) is obtained. A second data query request for enc(field2) is generated based on enc(field1+n). Through the second data query request, enc(field2) is queried in the third data based on enc(field1+n).

[0063] In one embodiment, a second data query request for the target data in ciphertext form is generated based on the target ciphertext data item. Specifically, the second data query request is generated based on the maximum and minimum values ​​of the target ciphertext data item. The second data query request is used to query the target data with the maximum and minimum values ​​as conditions.

[0064] For example, the second data in plaintext form consists of three plaintext data records, each of which can be represented as...<field1,field2,…> In each plaintext data record, field1 represents the user's salary. The data distribution pattern in field1 is not intended to be discovered by a third party; therefore, field1 is the target plaintext data item whose data distribution pattern needs to be hidden. In this case, the third-party data in ciphertext form can be represented as follows:<enc(field1+1),enc(field2),…> ;<enc(field1+2),enc(field2),…> ;<enc(field1+3),enc(field2),…> Since the fields have been rewritten, there are rewrite markers of +1, +2, and +3. The first data request is decrypted. If the decrypted request queries for field2 in each plaintext data record based on field1, then enc(field1+1) and enc(field1+3) are obtained as query conditions. A second data query request is generated based on these conditions using a range query method. The second data query request is used to query enc(field2) of field1 between enc(field1+1) and enc(field1+3). enc(field1+1) and enc(field1+3) are the maximum and minimum values ​​of the target ciphertext data item, respectively.

[0065] In one implementation scenario, assuming the first data request is decrypted, if the decrypted request is used to request field2 in each plaintext data record where field1 takes a value between a and b, and a is less than b, then the process can be as follows: determine the plaintext data records where field1 takes a value of a, and determine the minimum rewritten value of field1 in these plaintext data records. Similarly, determine the plaintext data records where field1 takes a value of b, and determine the maximum rewritten value of field1 in these plaintext data records. Use the target ciphertext data items corresponding to the determined minimum and maximum values ​​as query conditions to query the database for the encrypted field2 between the minimum and maximum values.

[0066] In this implementation scenario, the plaintext data records can be sorted according to the size order of the target plaintext data items in each plaintext data record, and an obfuscation flag can be set for the target plaintext data items in each plaintext data record. The order-preserving encryption method is used to ensure that the size order of each value in the rewritten target plaintext data item is consistent with the size order of each value in the encrypted target ciphertext data item.

[0067] Furthermore, the query results are processed within the TEE to obtain target data encrypted using a third encryption method. Specifically, the ciphertext target data is decrypted within the TEE, and the decrypted data is then encrypted again using the third encryption method to obtain the target data encrypted using the third encryption method. Since the queried target data is encrypted using the second encryption method, the ciphertext target data is first decrypted within the TEE, and the decrypted data is then encrypted again using the third encryption method to obtain the target data encrypted using the third encryption method. The third encryption method is a pre-agreed data encryption method between the TEE and the data querying party. It differs from the second encryption method and can be the same as or different from the first encryption method. The first application returns the target data encrypted using the third encryption method to the data querying party.

[0068] Through this scenario 2, when there is a target plaintext data item with a data distribution pattern to be hidden, the target plaintext data item can be rewritten and stored to hide the data distribution pattern. Based on the maximum and / or minimum value of the target ciphertext data item, a second data query request is generated for the ciphertext target data. The second data query request is used to query the target data with the maximum and / or minimum value as a condition, thereby turning the data query into a range query and improving the query efficiency.

[0069] <Scenario 3>

[0070] In this case, the second data in plaintext form includes at least one plaintext data record, and the plaintext data record includes multiple plaintext data items. The second data is encrypted in the TEE, specifically: in the TEE, for each plaintext data record, each plaintext data item in each plaintext data record is encrypted separately, and the encryption method includes at least one of order-preserving encryption and obfuscation encryption.

[0071] In this case, the second data also includes plaintext indexes of multiple plaintext data items; encrypting the second data in the TEE also includes: in the TEE, for each plaintext data record, encrypting the plaintext indexes of multiple plaintext data items, with the encryption method including at least one of order-preserving encryption and obfuscation encryption.

[0072] In this scenario, obfuscating and encrypting the plaintext data items can mask their data distribution patterns, preventing third parties from knowing these patterns. By preserving the order of the plaintext index, the size pattern of the encrypted index remains consistent with the original index, satisfying the need to query data items by data range.

[0073] For example: the second data defines the expression as<id,field1,field2,…> Multiple rows of data, where each row can be expressed as<id,field1,field2,…> .<id,field1,field2,…> This represents a plaintext data record, where field1, field2, ... are the individual plaintext data items, and id is the plaintext index. In the TEE, the plaintext index and each plaintext data item in each record are encrypted. The encryption result can be represented as...<enc(id),enc(field1),enc(field2),…> TEE will<enc(id),enc(field1),enc(field2),…> Send the record to the non-TEE side and request that the other party import this record into the database.

[0074] Accordingly, the target data in plaintext form is located in the aforementioned plaintext data item; the target data in ciphertext form is located in the third data, specifically in the ciphertext data item; in the TEE, a second data query request for the target data in ciphertext form is generated based on the first data query request, specifically: the first data query request is decrypted in the TEE, and the ciphertext index for the target data is determined based on the plaintext index for the target data obtained from the decryption, and a second data query request for the target data in ciphertext form is generated based on the determined ciphertext index.

[0075] For example, suppose the first data query request is decrypted to obtain the plaintext index id3 for the target data, and the target data is field2 in id3. Then, id3 is encrypted using the second encryption method to obtain the ciphertext index enc(id3) for the target data. The second data query request is generated according to enc(id3) to query enc(field2).

[0076] Furthermore, the query results are processed within the TEE to obtain target data encrypted using a third encryption method. Specifically, the ciphertext target data is decrypted within the TEE, and the decrypted data is then encrypted again using the third encryption method to obtain the target data encrypted using the third encryption method. Since the queried target data is encrypted using the second encryption method, the ciphertext target data is first decrypted within the TEE, and the decrypted data is then encrypted again using the third encryption method to obtain the target data encrypted using the third encryption method. The third encryption method is a pre-agreed data encryption method between the TEE and the data querying party. It differs from the second encryption method and can be the same as or different from the first encryption method. The first application returns the target data encrypted using the third encryption method to the data querying party.

[0077] Figure 3 This is a schematic diagram of the structure of a data processing apparatus provided in one embodiment of this specification. This apparatus is applied to a data processing device equipped with a Trusted Execution Environment (TEE), such as... Figure 3 As shown, the device includes:

[0078] Data receiving unit 31 acquires first data in encrypted form sent by the data source through a first application on the data processing device; the first data is encrypted using a first encryption method; the first application is located in the non-TEE of the data processing device.

[0079] The data decryption unit 32 transmits the first data to the TEE through the first application, and decrypts the first data in the TEE to obtain the second data in plaintext form.

[0080] The data encryption unit 33 encrypts the second data in the TEE to obtain the third data in ciphertext form; the third data is encrypted using the second encryption method.

[0081] The data storage unit 34 receives the third data returned by the TEE through the first application and stores the third data in the database.

[0082] Figure 4 This is a schematic diagram of a data processing apparatus provided in another embodiment of this specification. The apparatus is applied to a data processing device equipped with a Trusted Execution Environment (TEE), such as... Figure 4 As shown, the device is in Figure 3 In addition to this, it also includes:

[0083] The request acquisition unit 41 acquires the first data query request for target data sent by the data query party through the first application and transmits it to the TEE. The first data query request is in encrypted form.

[0084] The request generation unit 42 generates a second data query request for the target data in ciphertext form based on the first data query request in the TEE; the second data query request is in plaintext form; the target data in ciphertext form is encrypted using the second encryption method.

[0085] Data query unit 43 queries the target data in encrypted form from the stored data according to the second data query request through the first application, and returns the query result to the TEE;

[0086] The data return unit 44 processes the query result in the TEE to obtain the target data encrypted using a third encryption method, and returns the target data encrypted using the third encryption method to the data queryer through the first application.

[0087] Optionally, the third data includes at least one ciphertext data record; the ciphertext data record includes ciphertext data items generated by packaging and encrypting multiple plaintext data items; the target data in ciphertext form is located in the ciphertext data item; the request generation unit: decrypts the first data query request in the TEE, determines the target ciphertext data item where the target data in ciphertext form is located based on the decryption result, and generates a second data query request for the target ciphertext data item; the data query unit: queries the target ciphertext data item in the stored data through the first application according to the second data query request.

[0088] Optionally, the first data query request further includes the ciphertext index of the target data; the request generation unit: encrypts the plaintext index corresponding to the target data in the decryption result using a second encryption method to obtain the ciphertext index of the target ciphertext data item where the ciphertext target data is located; and generates a second data query request for the target ciphertext data item based on the determined ciphertext index.

[0089] Optionally, the second data includes at least one plaintext data record, and the plaintext data record includes multiple plaintext data items; the data encryption unit: if there are target plaintext data items with data distribution patterns to be hidden in each of the plaintext data records, then the target plaintext data items in each of the plaintext data records are obfuscated and encrypted in the TEE to obtain the corresponding target ciphertext data items, and the other plaintext data items in each of the plaintext data records are encrypted one by one.

[0090] Optionally, the data encryption unit: sorts each of the plaintext data records, determines an obfuscation marker for the target plaintext data item in each of the plaintext data records according to the sequence number of each of the plaintext data records; rewrites each of the target plaintext data items in each of the plaintext data records based on the obfuscation marker, and encrypts the rewritten target plaintext data items.

[0091] Optionally, the second data includes at least one plaintext data record, and the plaintext data record includes multiple plaintext data items; the data encryption unit, in the TEE, encrypts each plaintext data item in each plaintext data record separately, and the encryption method includes at least one of order-preserving encryption and obfuscation encryption.

[0092] Optionally, the second data further includes a plaintext index of the plurality of plaintext data items; the data encryption unit, in the TEE, encrypts the plaintext index of the plurality of plaintext data items for each plaintext data record, the encryption method including at least one of order-preserving encryption and obfuscation encryption.

[0093] The data processing device provided in this embodiment can implement each process of the aforementioned data processing method and achieve the same effect and function, which will not be repeated here.

[0094] This specification also provides a data processing apparatus according to one or more embodiments, the apparatus being used to perform the data processing method described above. Figure 5 This is a schematic diagram of the structure of a data processing device provided in one embodiment of this specification, as shown below. Figure 5 As shown, data processing devices can vary significantly due to differences in configuration or performance. They may include one or more processors 1001 and memory 1002, with memory 1002 storing one or more application programs or data. Memory 1002 can be temporary or persistent storage. The application programs stored in memory 1002 may include one or more modules (not shown), each module including a series of computer-executable instructions for the data processing device. Furthermore, processor 1001 may be configured to communicate with memory 1002, executing the series of computer-executable instructions in memory 1002 on the data processing device. The data processing device may also include one or more power supplies 1003, one or more wired or wireless network interfaces 1004, one or more input / output interfaces 1005, one or more keyboards 1006, etc.

[0095] In one specific embodiment, the data processing device has a Trusted Execution Environment (TEE), the data processing device includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the data processing device, and is configured to be executed by one or more processors. The one or more programs include computer-executable instructions for performing the following:

[0096] The data processing device uses a first application to acquire first data in encrypted form sent by the data source; the first data is encrypted using a first encryption method; the first application is located in a non-TEE (Transmission Equipment Environment) of the data processing device.

[0097] The first data is transmitted to the TEE through the first application, and the first data is decrypted in the TEE to obtain the second data in plaintext form.

[0098] The second data is encrypted in the TEE to obtain the third data in ciphertext form; the third data is encrypted using the second encryption method.

[0099] The first application receives the third data returned by the TEE and stores the third data in the database.

[0100] The data processing device provided in this embodiment can implement each process of the aforementioned data processing method and achieve the same effect and function, which will not be repeated here.

[0101] Furthermore, one or more embodiments of this specification also provide a storage medium for storing computer-executable instructions. In one specific embodiment, the storage medium may be a USB flash drive, optical disc, hard disk, etc. When the computer-executable instructions stored in the storage medium are executed by a processor, they can achieve the following process:

[0102] The data processing device uses a first application to acquire first data in encrypted form sent by the data source; the first data is encrypted using a first encryption method; the first application is located in a non-TEE (Transmission Equipment Environment) of the data processing device.

[0103] The first data is transmitted to the TEE through the first application, and the first data is decrypted in the TEE to obtain the second data in plaintext form.

[0104] The second data is encrypted in the TEE to obtain the third data in ciphertext form; the third data is encrypted using the second encryption method.

[0105] The first application receives the third data returned by the TEE and stores the third data in the database.

[0106] When the computer-executable instructions in the storage medium provided in this embodiment are executed, they can implement the various processes of the aforementioned data processing method and achieve the same effect and function, which will not be repeated here.

[0107] The foregoing has described specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims may be performed in a different order than that shown in the embodiments and may still achieve the desired result. Furthermore, the processes depicted in the drawings do not necessarily require the specific or sequential order shown to achieve the desired result. In some embodiments, multitasking and parallel processing are possible or may be advantageous.

[0108] In the 1990s, improvements to a technology could be clearly distinguished as either hardware improvements (e.g., improvements to the circuit structure of diodes, transistors, switches, etc.) or software improvements (improvements to the methodology). However, with technological advancements, many methodological improvements today can be considered direct improvements to the hardware circuit structure. Designers almost always obtain the corresponding hardware circuit structure by programming the improved methodology into the hardware circuit. Therefore, it cannot be said that a methodological improvement cannot be implemented using a hardware physical module. For example, a Programmable Logic Device (PLD) (e.g., a Field Programmable Gate Array (FPGA)) is such an integrated circuit whose logic function is determined by the user programming the device. Designers can program a digital system themselves to "integrate" it onto a PLD, without needing chip manufacturers to design and manufacture dedicated integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing integrated circuit chips, this programming is mostly implemented using "logic compiler" software. Similar to the software compiler used in program development, the original code before compilation must be written in a specific programming language, called a Hardware Description Language (HDL). There are many HDLs, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, and RHDL (Ruby Hardware Description Language). Currently, the most commonly used are VHDL (Very-High-Speed ​​Integrated Circuit Hardware Description Language) and Verilog. Those skilled in the art should understand that by simply performing some logic programming on the method flow using one of these hardware description languages ​​and programming it into an integrated circuit, the hardware circuit implementing the logical method flow can be easily obtained.

[0109] The controller can be implemented in any suitable manner. For example, it can take the form of a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro)processor, logic gates, switches, application-specific integrated circuits (ASICs), programmable logic controllers, and embedded microcontrollers. Examples of controllers include, but are not limited to, the following microcontrollers: ARC625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicon Labs C8051F320. A memory controller can also be implemented as part of the control logic of the memory. Those skilled in the art will also recognize that, in addition to implementing the controller in purely computer-readable program code form, the same functionality can be achieved by logically programming the method steps to make the controller take the form of logic gates, switches, ASICs, programmable logic controllers, and embedded microcontrollers. Therefore, such a controller can be considered a hardware component, and the means included therein for implementing various functions can also be considered as structures within the hardware component. Alternatively, the means for implementing various functions can be considered as both software modules implementing the method and structures within the hardware component.

[0110] The systems, devices, modules, or units described in the above embodiments can be implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a computer. Specifically, a computer can be, for example, a personal computer, laptop computer, cellular phone, camera phone, smartphone, personal digital assistant, media player, navigation device, email device, game console, tablet computer, wearable device, or any combination of these devices.

[0111] For ease of description, the above devices are described in terms of function, divided into various units. Of course, when implementing one or more of these specifications, the functions of each unit can be implemented in one or more software and / or hardware.

[0112] Those skilled in the art will understand that one or more embodiments of this specification can be provided as a method, system, or computer program product. Therefore, one or more of this specification may take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, one or more of this specification may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0113] This specification, one or more, is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to one or more embodiments of this specification. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create a machine for implementing the flowchart illustrations and / or block diagrams. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0114] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0115] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0116] In a typical configuration, a computing device includes one or more processors (CPU), input / output interfaces, network interfaces, and memory.

[0117] Memory may include non-persistent storage in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM. Memory is an example of computer-readable media.

[0118] Computer-readable media includes both permanent and non-permanent, removable and non-removable media that can store information using any method or technology. Information can be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transferable medium that can be used to store information accessible by a computing device. As defined herein, computer-readable media does not include transient computer-readable media, such as modulated data signals and carrier waves.

[0119] It should also be noted that the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.

[0120] Those skilled in the art will understand that one or more embodiments of this specification can be provided as a method, system, or computer program product. Therefore, one or more of this specification may take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, one or more of this specification may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0121] This specification, one or more, can be described in the general context of computer-executable instructions, such as program modules, that are executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform a specific task or implement a specific abstract data type. This specification, one or more, can also be practiced in distributed computing environments where tasks are performed by remote processing devices connected via a communication network. In distributed computing environments, program modules can reside in local and remote computer storage media, including storage devices.

[0122] The various embodiments in this specification are described in a progressive manner. Similar or identical parts between embodiments can be referred to interchangeably. Each embodiment focuses on describing the differences from other embodiments. In particular, the system embodiments are basically similar to the method embodiments, so the description is relatively simple; relevant parts can be referred to the descriptions in the method embodiments.

[0123] The above description is merely an embodiment of one or more embodiments of this specification and is not intended to limit this specification. Various modifications and variations can be made to this specification by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this specification should be included within the scope of the claims of this specification.

Claims

1. A data processing method, applied to a data processing device equipped with a Trusted Execution Environment (TEE), comprising: The first application on the data processing device acquires the first data in encrypted form sent by the data source. The first data is encrypted using the first encryption method; The first application is located in the non-TEE of the data processing device; The first data is transmitted to the TEE through the first application, and the first data is decrypted in the TEE to obtain the second data in plaintext form. The second data is encrypted in the TEE to obtain the third data in ciphertext form; the third data is encrypted using the second encryption method. The first application receives the third data returned by the TEE and stores the third data in the database. The first application obtains and transmits a first data query request for target data sent by the data query party to the TEE. The first data query request is in encrypted form. In the TEE, a second data query request for the target data in encrypted form is generated based on the first data query request; The second data query request is in plaintext form; the target data in ciphertext form is encrypted using the second encryption method. The first application queries the target data in encrypted form from the stored data according to the second data query request, and returns the query result to the TEE. The query results are processed in the TEE to obtain the target data encrypted using a third encryption method. The target data encrypted using the third encryption method is then returned to the data querying party through the first application.

2. The method according to claim 1, wherein the third data includes at least one ciphertext data record; the ciphertext data record includes ciphertext data items generated by packaging and encrypting multiple plaintext data items; The target data in ciphertext form is located in the ciphertext data item; In the TEE, a second data query request is generated based on the first data query request for the target data in encrypted form, including: The first data query request is decrypted in the TEE, and the target ciphertext data item containing the target data in the ciphertext form is determined based on the decryption result, and a second data query request is generated for the target ciphertext data item. The first application queries the stored data in encrypted form according to the second data query request, including: The first application queries the stored data for the target encrypted data item based on the second data query request.

3. The method according to claim 2, wherein the first data query request further includes a ciphertext index of the target data; Based on the decryption result, determine the target ciphertext data item containing the target data in the ciphertext form, and generate a second data query request for the target ciphertext data item, including: The plaintext index corresponding to the target data in the decryption result is encrypted using the second encryption method to obtain the ciphertext index of the target ciphertext data item where the ciphertext target data is located; Based on the determined ciphertext index, a second data query request is generated for the target ciphertext data item.

4. The method according to claim 2, wherein the query result is processed in the TEE to obtain the target data encrypted using a third encryption method, comprising: The target ciphertext data item retrieved is decrypted in the TEE; Extract the target data in plaintext form from the multiple plaintext data items obtained through decryption, and then encrypt the target data in plaintext form again using a third encryption method to obtain the target data encrypted using the third encryption method.

5. The method according to claim 4, extracting the target data in plaintext form from a plurality of decrypted plaintext data items, comprising: Obtain the identification rules of the target data in plaintext form pre-recorded in the TEE among multiple data items obtained after decryption; Based on the identification rules, the target data in plaintext form is extracted from the multiple data items obtained through decryption.

6. The method according to claim 2, wherein the second data comprises at least one plaintext data record, the plaintext data record comprising multiple plaintext data items; encrypting the second data in the TEE comprises: In the TEE, for each plaintext data record, multiple plaintext data items in the plaintext data record are packaged and encrypted.

7. The method according to claim 1, wherein the second data comprises at least one plaintext data record, the plaintext data record comprising multiple plaintext data items; encrypting the second data in the TEE comprises: If there are target plaintext data items with a data distribution pattern to be hidden in each of the plaintext data records, then each target plaintext data item in each of the plaintext data records is obfuscated and encrypted in the TEE to obtain the corresponding target ciphertext data item, and other plaintext data items in each of the plaintext data records are encrypted one by one.

8. The method according to claim 7, wherein obfuscating and encrypting each of the target plaintext data items in each of the plaintext data records comprises: The plaintext data records are sorted, and the obfuscation marker of the target plaintext data item in each plaintext data record is determined according to the sequence number of each plaintext data record. Based on the obfuscation marker, each target plaintext data item in each plaintext data record is rewritten, and the rewritten target plaintext data item is encrypted.

9. The method according to claim 7, In the TEE, a second data query request is generated based on the first data query request for the target data in encrypted form, including: In the TEE, the first data query request is decrypted. If the decrypted request queries the target data based on the target plaintext data item as the query index, the corresponding target ciphertext data item is obtained. Based on the target ciphertext data item, a second data query request for the target data in ciphertext form is generated. The first application queries the stored data in encrypted form according to the second data query request, including: The first application queries the stored data in encrypted form based on the target encrypted data item according to the second data query request.

10. The method according to claim 9, wherein generating a second data query request for the target data in ciphertext form based on the target ciphertext data item includes: Based on the maximum and minimum values ​​of the target ciphertext data item, a second data query request is generated for the target data in ciphertext form. The second data query request is used to query the target data using the maximum and minimum values ​​as conditions.

11. The method according to claim 1, wherein the second data comprises at least one plaintext data record, the plaintext data record comprising a plurality of plaintext data items; encrypting the second data in the TEE comprises: In the TEE, for each plaintext data record, each plaintext data item in the plaintext data record is encrypted separately, and the encryption method includes at least one of order-preserving encryption and obfuscation encryption.

12. The method according to claim 11, wherein the second data further includes a plaintext index of the plurality of plaintext data items; encrypting the second data in the TEE further includes: In the TEE, for each plaintext data record, the plaintext index of the plurality of plaintext data items is encrypted, and the encryption method includes at least one of order-preserving encryption and obfuscation encryption.

13. The method of claim 12, wherein the target data in plaintext form is located in the plaintext data item; In the TEE, a second data query request is generated based on the first data query request for the target data in encrypted form, including: The first data query request is decrypted in the TEE, and the ciphertext index for the target data is determined based on the plaintext index for the target data obtained from the decryption. Based on the determined ciphertext index, a second data query request is generated for the target data in ciphertext form.

14. The method according to claim 7 or 11, wherein the query result is processed in the TEE to obtain the target data encrypted using a third encryption method, comprising: The target data in ciphertext form is decrypted in the TEE, and the decrypted data is then encrypted again using a third encryption method to obtain the target data encrypted using the third encryption method.

15. A data processing apparatus, applied to a data processing device equipped with a Trusted Execution Environment (TEE), comprising: The data receiving unit acquires first data in encrypted form sent by the data source through a first application on the data processing device; The first data is encrypted using a first encryption method; the first application is located in the non-TEE of the data processing device; The data decryption unit transmits the first data to the TEE through the first application, and decrypts the first data in the TEE to obtain the second data in plaintext form. A data encryption unit encrypts the second data within the TEE to obtain third data in ciphertext form; the third data is encrypted using a second encryption method. The data storage unit receives the third data returned by the TEE through the first application and stores the third data in the database; The request acquisition unit acquires a first data query request for target data sent by the data query party through the first application and transmits it to the TEE. The first data query request is in encrypted form. The request generation unit generates a second data query request for the target data in ciphertext form based on the first data query request in the TEE; the second data query request is in plaintext form; the target data in ciphertext form is encrypted using the second encryption method; The data query unit queries the target data in encrypted form from the stored data according to the second data query request through the first application, and returns the query result to the TEE. The data return unit processes the query results in the TEE to obtain the target data encrypted using a third encryption method, and returns the target data encrypted using the third encryption method to the data querying party through the first application.

16. The apparatus of claim 15, wherein the third data comprises at least one ciphertext data record; the ciphertext data record comprises a ciphertext data item generated by encrypting multiple plaintext data items; The target data in ciphertext form is located in the ciphertext data item; The request generation unit: decrypts the first data query request in the TEE, determines the target ciphertext data item where the target data in the ciphertext form is located based on the decryption result, and generates a second data query request for the target ciphertext data item; The data query unit: queries the target encrypted data item in the stored data according to the second data query request through the first application.

17. The apparatus according to claim 16, wherein the first data query request further includes a ciphertext index of the target data; the request generation unit, wherein: The plaintext index corresponding to the target data in the decryption result is encrypted using the second encryption method to obtain the ciphertext index of the target ciphertext data item where the ciphertext target data is located; Based on the determined ciphertext index, a second data query request is generated for the target ciphertext data item.

18. The apparatus according to claim 16, wherein the second data includes at least one plaintext data record, the plaintext data record including a plurality of plaintext data items; the data encryption unit, wherein: If there are target plaintext data items with a data distribution pattern to be hidden in each of the plaintext data records, then each target plaintext data item in each of the plaintext data records is obfuscated and encrypted in the TEE to obtain the corresponding target ciphertext data item, and other plaintext data items in each of the plaintext data records are encrypted one by one.

19. The apparatus according to claim 18, wherein the data encryption unit: The plaintext data records are sorted, and the obfuscation marker of the target plaintext data item in each plaintext data record is determined according to the sequence number of each plaintext data record. Based on the obfuscation marker, each target plaintext data item in each plaintext data record is rewritten, and the rewritten target plaintext data item is encrypted.

20. The apparatus according to claim 15, wherein the second data includes at least one plaintext data record, the plaintext data record including a plurality of plaintext data items; the data encryption unit, wherein: In the TEE, for each plaintext data record, each plaintext data item in the plaintext data record is encrypted separately, and the encryption method includes at least one of order-preserving encryption and obfuscation encryption.

21. The apparatus according to claim 20, wherein the second data further includes a plaintext index of the plurality of plaintext data items; the data encryption unit, wherein: In the TEE, for each plaintext data record, the plaintext index of the plurality of plaintext data items is encrypted, and the encryption method includes at least one of order-preserving encryption and obfuscation encryption.

22. A data processing apparatus having a Trusted Execution Environment (TEE), the data processing apparatus comprising: processor; and a memory configured to store computer-executable instructions, which, when executed, cause the processor to: The data processing device uses a first application to acquire first data in encrypted form sent by the data source; the first data is encrypted using a first encryption method; the first application is located in a non-TEE (Transmission Equipment Environment) of the data processing device. The first data is transmitted to the TEE through the first application, and the first data is decrypted in the TEE to obtain the second data in plaintext form. The second data is encrypted in the TEE to obtain the third data in ciphertext form; the third data is encrypted using the second encryption method. The first application receives the third data returned by the TEE and stores the third data in the database. The first application obtains and transmits a first data query request for target data sent by the data query party to the TEE. The first data query request is in encrypted form. In the TEE, a second data query request for the target data in encrypted form is generated based on the first data query request; The second data query request is in plaintext form; the target data in ciphertext form is encrypted using the second encryption method. The first application queries the target data in encrypted form from the stored data according to the second data query request, and returns the query result to the TEE. The query results are processed in the TEE to obtain the target data encrypted using a third encryption method. The target data encrypted using the third encryption method is then returned to the data querying party through the first application.

23. A storage medium for storing computer-executable instructions, which, when executed by a processor, implement the following methods: The data processing device acquires first data in encrypted form sent by the data source through a first application on the data processing device; the data processing device has a Trusted Execution Environment (TEE); the first data is encrypted using a first encryption method; the first application is located in a non-TEE environment of the data processing device. The first data is transmitted to the TEE through the first application, and the first data is decrypted in the TEE to obtain the second data in plaintext form. The second data is encrypted in the TEE to obtain the third data in ciphertext form; the third data is encrypted using the second encryption method. The first application receives the third data returned by the TEE and stores the third data in the database. The first application obtains and transmits a first data query request for target data sent by the data query party to the TEE. The first data query request is in encrypted form. In the TEE, a second data query request for the target data in encrypted form is generated based on the first data query request; The second data query request is in plaintext form; the target data in ciphertext form is encrypted using the second encryption method. The first application queries the target data in encrypted form from the stored data according to the second data query request, and returns the query result to the TEE. The query results are processed in the TEE to obtain the target data encrypted using a third encryption method. The target data encrypted using the third encryption method is then returned to the data querying party through the first application.

Images