Data query method, platform, device, system, medium and product

Abstract

Embodiments of the present application provide a data query method, platform, device, system, medium and product. The data query method comprises: obtaining a request message sent by a business party, the request message comprising a desensitization intersection field after desensitization processing and a query data field expected to be queried by the business party; sending the desensitization intersection field and the query data field to a corresponding target data source party, the target data source party being configured to query target information corresponding to the query data field according to the desensitization intersection field and the query data field; receiving the target information sent by the target data source party; and sending the target information to the business party. The embodiments of the present application can reduce the risk of data leakage and improve the security of data query and transmission.

Description

Technical Field

[0001] This application belongs to the field of information security technology, and in particular relates to a data query method, platform, device, system, medium and product. Background Technology

[0002] Various data sources, such as financial institutions, government departments, medical institutions, telecommunications operators, and e-commerce platform vendors, have accumulated massive amounts of user business data during their past informatization processes. Business entities, such as insurance companies and credit institutions, are limited by the insufficient characteristics of their own data and urgently need to obtain more multi-dimensional data from data sources to provide higher-quality services.

[0003] User business data provided by business parties or data source providers constitutes their core data assets. However, current data query methods require a third-party service platform (or intermediary) to access this data, posing a risk of data leakage through such platforms. Consequently, business parties and data source providers are unwilling, unable, and unwilling to provide this data externally, directly limiting the use of user business data and the development of data query services. Summary of the Invention

[0004] This application provides a data query method, platform, device, system, medium, and product that can reduce the risk of data leakage and improve the security of data query and transmission.

[0005] In a first aspect, embodiments of this application provide a data query method applied to a third-party service platform. The data query method includes: obtaining a request message sent by a business party, the request message including a de-identified intersection field after de-identification processing and a query data field that the business party expects to query; sending the de-identified intersection field and the query data field to the corresponding target data source party, the target data source party using the de-identified intersection field and the query data field to query target information corresponding to the query data field; receiving the target information sent by the target data source party; and sending the target information to the business party.

[0006] Secondly, embodiments of this application provide a data query method applied to a business entity. The data query method includes: generating a request message based on the anonymized intersection field after anonymization processing and the query data field that the business entity expects to query; sending the request message to a third-party service platform; the third-party service platform sending the anonymized intersection field and the query data field to the corresponding target data source; the target data source querying the target information corresponding to the query data field based on the anonymized intersection field and the query data field; and receiving the target information sent by the third-party service platform.

[0007] Thirdly, this application provides a data query method applied to a data source. The data query method includes: receiving anonymized intersection fields and query data fields expected to be queried by a business party from a third-party service platform; querying target information corresponding to the query data fields based on the anonymized intersection fields and the query data fields; sending the target information to the third-party service platform; and the third-party service platform responding to the received target information by sending the target information to the corresponding business party.

[0008] Fourthly, this application provides a third-party service platform, which includes: an acquisition module for acquiring a request message sent by a business party, the request message including a de-identified intersection field after de-identification processing and a query data field that the business party expects to query; a first sending module for sending the de-identified intersection field and the query data field to the corresponding target data source party, the target data source party for querying target information corresponding to the query data field based on the de-identified intersection field and the query data field; a first receiving module for receiving the target information sent by the target data source party; and a second sending module for sending the target information to the business party.

[0009] Fifthly, embodiments of this application provide a first electronic device, which is applied to a business party. The first electronic device includes: a generation module, used to generate a request message based on the de-identified intersection field after de-identification processing and the query data field that the business party expects to query; a third sending module, used to send the request message to a third-party service platform; the third-party service platform is used to send the de-identified intersection field and the query data field to the corresponding target data source party, and the target data source party is used to query the target information corresponding to the query data field based on the de-identified intersection field and the query data field; and a second receiving module, used to receive the target information sent by the third-party service platform.

[0010] Sixthly, embodiments of this application provide a second electronic device applied to a data source. The second electronic device includes: a third receiving module for receiving a de-identified intersection field and a query data field that the business party expects to query, sent by a third-party service platform; a query module for querying target information corresponding to the query data field based on the de-identified intersection field and the query data field; and a fourth sending module for sending the target information to the third-party service platform. The third-party service platform is used to respond to the received target information by sending the target information to the corresponding business party.

[0011] In a seventh aspect, embodiments of this application provide a third-party service platform, which includes: a processor and a memory storing computer program instructions; when the processor executes the computer program instructions, it implements the data query method provided in the first aspect.

[0012] Eighthly, embodiments of this application provide a first electronic device, the first electronic device comprising: a processor and a memory storing computer program instructions; the processor, when executing the computer program instructions, implements the data query method provided in the second aspect.

[0013] In a ninth aspect, embodiments of this application provide a second electronic device, the second electronic device comprising: a processor and a memory storing computer program instructions; the processor, when executing the computer program instructions, implements the data query method provided in the third aspect.

[0014] In a tenth aspect, embodiments of this application provide a data query system, which includes a third-party service platform as provided in the seventh aspect, a first electronic device as provided in the eighth aspect, and a second electronic device as provided in the ninth aspect.

[0015] In one aspect, embodiments of this application provide a computer-readable storage medium storing computer program instructions, which, when executed by a processor, implement the data query method provided in the first, second, or third aspects.

[0016] In a twelfth aspect, embodiments of this application provide a computer program product stored in a non-volatile storage medium, which, when executed by at least one processor, implements a data query method as provided in the first, second, or third aspect.

[0017] The data query method, platform, device, system, medium, and product in this application embodiment involve the business party performing anonymization processing on the intersection fields. Third-party service platforms can only view the anonymized intersection fields and therefore cannot access the privacy information within them. Furthermore, the data query (or intersection) process is handled by the target data source, eliminating the need for a third-party service platform. This ensures successful data query completion while preventing third-party service platforms from obtaining privacy information during the intersection process, thereby reducing the risk of data leakage and misuse and improving the security of data query and transmission. Attached Figure Description

[0018] To more clearly illustrate the technical solutions of the embodiments of this application, the accompanying drawings used in the embodiments of this application will be briefly introduced below. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0019] Figure 1 This is a flowchart illustrating a data query method in related technologies.

[0020] Figure 2A schematic diagram illustrating an application scenario of the data query method provided in this application embodiment;

[0021] Figure 3 A flowchart illustrating an embodiment of the data query method provided in the first aspect of this application;

[0022] Figure 4 A flowchart illustrating another embodiment of the data query method provided in the first aspect of this application;

[0023] Figure 5 A flowchart illustrating step S320 of the data query method provided in the first aspect of this application;

[0024] Figure 6 A flowchart illustrating another embodiment of the data query method provided in the first aspect of this application;

[0025] Figure 7 A flowchart illustrating another embodiment of the data query method provided in the first aspect of this application;

[0026] Figure 8 A flowchart illustrating step S340 in the data query method provided in the first aspect of this application;

[0027] Figure 9 A flowchart illustrating an embodiment of the data query method provided in the second aspect of this application;

[0028] Figure 10 A flowchart illustrating another embodiment of the data query method provided in the second aspect of this application;

[0029] Figure 11 A flowchart illustrating yet another embodiment of the data query method provided in the second aspect of this application;

[0030] Figure 12 A flowchart illustrating an embodiment of the data query method provided in the third aspect of this application;

[0031] Figure 13 A flowchart illustrating step S1220 of the data query method provided in the third aspect of this application;

[0032] Figure 14 A flowchart illustrating step S1220 of the data query method provided in the third aspect of this application;

[0033] Figure 15 A schematic diagram of communication interaction for an embodiment of the data query method provided in the fourth aspect of this application;

[0034] Figure 16A schematic diagram of communication interaction for another embodiment of the data query method provided in the fourth aspect of this application;

[0035] Figure 17 This is a schematic diagram of the structure of one embodiment of the third-party service platform described in this application.

[0036] Figure 18 This is a schematic diagram of the structure of one embodiment of the first electronic device according to this application;

[0037] Figure 19 This is a schematic diagram of the structure of one embodiment of the second electronic device according to this application;

[0038] Figure 20 A schematic diagram of the structure of an embodiment of the third-party service platform provided in the eighth aspect of this application. Detailed Implementation

[0039] The features and exemplary embodiments of various aspects of this application will be described in detail below. To make the objectives, technical solutions, and advantages of this application clearer, the application will be further described in detail below with reference to the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described herein are only intended to explain this application and not to limit it. For those skilled in the art, this application can be implemented without some of these specific details. The following description of the embodiments is merely to provide a better understanding of this application by illustrating examples.

[0040] It should be noted that, in this document, relational terms such as "first" and "second" are used merely to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising..." does not exclude the presence of additional identical elements in the process, method, article, or apparatus that includes said element.

[0041] It should be understood that the term "and / or" used in this article is merely a description of the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can represent: A existing alone, A and B existing simultaneously, and B existing alone. Additionally, the character " / " in this article generally indicates that the preceding and following related objects have an "or" relationship.

[0042] Various modifications and variations can be made to this application without departing from its spirit or scope, which will be apparent to those skilled in the art. Therefore, this application is intended to cover modifications and variations falling within the scope of the corresponding claims (the claimed technical solutions) and their equivalents. It should be noted that the embodiments provided in this application can be combined with each other without contradiction.

[0043] Before describing the technical solutions provided in the embodiments of this application, in order to facilitate understanding of the embodiments of this application, this application first specifically explains the problems existing in the related technologies:

[0044] Figure 1 This is a flowchart illustrating a data query method in related technologies. For example... Figure 1 As shown, in related technologies, detailed data from both the first dataset provided by the business party and the second dataset provided by the data source party are sent to an intermediary. The intermediary performs the intersection calculation and then returns the result to the business party. This means the intermediary party gains access to not only the detailed data provided by the business party (i.e., privacy information) but also the detailed data provided by the data source party (i.e., privacy information). There are potential risks of leakage and misuse during the use, storage, or transmission of this detailed data. Therefore, both the business party and the data source party are unwilling or hesitant to entrust their detailed data to the intermediary, directly limiting the use of detailed data and the development of data query services.

[0045] In view of the inventors’ above-mentioned research findings, the embodiments of this application provide a data query method, platform, device, system, medium and product that can solve the technical problems of data leakage and abuse in related technologies.

[0046] The technical concept of this application embodiment is as follows: the business party performs anonymization processing on the intersection fields, and the third-party service platform (i.e., the intermediary) can only view the anonymized intersection fields, thus being unable to obtain the privacy information contained therein. Furthermore, the data query (or intersection) is performed by the target data source party, without the need for a third-party service platform. This ensures the smooth completion of the data query while preventing the third-party service platform from obtaining privacy information during the intersection process, thereby reducing the risk of data leakage and misuse and improving the security of data query and transmission.

[0047] For ease of understanding, the following describes one architecture used in the embodiments of this application.

[0048] Figure 2 This is a schematic diagram illustrating an application scenario for the data query method provided in this application embodiment. For example... Figure 2As shown, the architecture of the data query method provided in this application embodiment may include a business party 21, a third-party service platform 22, and a data source party 23. Specifically, the business party 21 may include a hospital, insurance company, or credit institution, etc., that desires to query data. The data source party 23 may include a financial institution, government agency, medical institution, telecommunications operator, or e-commerce platform, etc., that provides data, i.e., an information provider. The third-party service platform 22 mainly acts as an information relay, i.e., an intermediary. The business party 21 can query data from the data source party 23 through the third-party service platform 22, and the data from the data source party 23 can be sent to the business party 21 through the third-party service platform 22, thereby realizing the data query process.

[0049] For example, in the scenario of a user registering for an appointment at a hospital, the hospital (the business entity) may need to obtain the user's basic information (such as name and ID number), social security card information, and travel history code information. This information may be stored by data sources such as government departments. In this case, it is necessary to query this information from these data sources.

[0050] It should be noted that the acquisition, storage, use, and processing of data in this application embodiment all comply with the relevant provisions of national laws and regulations.

[0051] Based on the above appendix Figure 2 The architecture provided by the embodiments of this application is shown below. The data query method provided by the embodiments of this application will be described in detail below.

[0052] The first aspect of this application provides a data query method that can be applied to a third-party service platform 22, meaning that the data query method can be executed by the third-party service platform 22. For details regarding the third-party service platform 22, please refer to the relevant descriptions in the above embodiments, which will not be repeated here.

[0053] Figure 3 This is a schematic flowchart of an embodiment of the data query method provided in the first aspect of this application. Figure 3 As shown, the data query method may include steps S310 to S340.

[0054] S310. Obtain the request message sent by the business party. The request message may include the de-identified intersection fields after de-identification processing and the query data fields that the business party expects to query.

[0055] Combination Figure 2As shown, business party 21 can send a request message to third-party service platform 22. Before sending the request message to third-party service platform 22, business party 21 can perform de-identification processing on the plaintext intersection field to obtain the de-identified intersection field. The specific de-identification strategy adopted by business party 21 can be flexibly adjusted according to the actual situation, and this application embodiment does not limit it, such as including but not limited to modification, replacement, or hiding operations. After de-identification processing, the detailed data (i.e., privacy information) in the de-identified intersection field is hidden.

[0056] The query data field refers to the data field that the business side expects to retrieve. For example, if business side 21 currently knows the target user's ID number and wants to retrieve the target user's mobile phone number, then the target user's ID number can be anonymized. That is, the anonymized intersection field can be the target user's anonymized ID number, and the query data field can be the data field corresponding to the mobile phone number.

[0057] S320. Send the anonymized intersection field and the query data field to the corresponding target data source. The target data source is used to query the target information corresponding to the query data field based on the anonymized intersection field and the query data field.

[0058] Combination Figure 2 As shown, after receiving the request message sent by the business party 21, the third-party service platform 22 can parse the request message to obtain the anonymized intersection fields and query data fields. Then, the third-party service platform 22 sends the anonymized intersection fields and query data fields to the corresponding target data source party. The target data source party can be one data source party 23 or multiple data source parties 23, depending on the number and / or category of query data fields that the business party expects to query.

[0059] After receiving the de-identified intersection field and the query data field, the target data source can query the target information corresponding to the query data field based on the de-identified intersection field and the query data field.

[0060] Specifically, in some embodiments, the target data source can first perform de-identification processing on the intersection fields in its corresponding data source, based on the same de-identification strategy adopted by the business side. That is, for the same plaintext intersection field, the business side and the target data source can obtain the same result by performing de-identification processing on the same plaintext intersection field, thus facilitating subsequent queries using the de-identified intersection field provided by the business side. For example, assuming the plaintext intersection field is "abc", the de-identification strategy adopted by both the business side and the target data source can be, for example, replacing "a" with "a'", resulting in the de-identified intersection field being "a'bc".

[0061] Then, the target data source provider can retrieve the target information that matches the anonymized intersection field and query data field provided by the business provider from the data source. For example, if the anonymized intersection field is the target user's anonymized ID number a'bc, and the query data field is the data field corresponding to the mobile phone number, then the target data source provider can retrieve the specific mobile phone number corresponding to the ID number a'bc from the data source.

[0062] In other embodiments, after receiving the de-identified intersection field and the query data field, the target data source can first copy the de-identified intersection field to obtain at least two identical de-identified intersection fields. Then, based on a preset reverse de-identification strategy, one of the de-identified intersection fields is subjected to reverse de-identification processing to obtain the reverse de-identified intersection field. Finally, based on the reverse de-identified intersection field and the query data field, target information matching the reverse de-identified intersection field and the query data field is queried from the data source corresponding to the target data source.

[0063] For example, if the de-identified intersection field is the target user's de-identified ID number a'bc, and the query data field is the data field corresponding to the mobile phone number, then the target data source can perform reverse de-identification on the ID number a'bc to obtain the ID number abc. Then, it can query the data source to find the specific mobile phone number corresponding to the ID number abc.

[0064] It should be noted that, in practical applications, the target data source can use the reverse anonymization query method as an alternative. In other words, in practical applications, the first query method listed above can be used, where both the business side and the target data source side anonymize the fields to be intersected to generate anonymized intersection fields, and both sides can directly compare and query using the anonymized intersection fields.

[0065] S330, Receive target information sent by the target data source.

[0066] After retrieving the target information corresponding to the queried data field, the target data source can send the target information to the third-party service platform 22. Specifically, after retrieving the target information corresponding to the queried data field, the target data source can generate a query result message based on the de-identified intersection field and the target information, and then send the query result message to the third-party service platform 22.

[0067] S340. Send the target information to the business party.

[0068] After receiving the query result message, the third-party service platform 22 parses the message to obtain the target information. Then, it sends the target information to the business party 21. In other words, it returns the query result to the business party 21.

[0069] In the data query method of this application embodiment, the business party performs anonymization processing on the intersection fields. The third-party service platform can only view the anonymized intersection fields and therefore cannot know the privacy information contained therein. Moreover, the data query (or intersection) work is completed by the target data source party, without the need for a third-party service platform. This ensures the smooth completion of the data query while preventing the third-party service platform from obtaining privacy information during the intersection process, thereby reducing the risk of data leakage and misuse and improving the security of data query and transmission.

[0070] like Figure 1 As shown, further research by the inventors of this application revealed that in related technologies, when the data source in S4 sends the detailed data of the second dataset to the intermediary, the data source encrypts the detailed data of the second dataset using its own encryption key, and then sends the encrypted detailed data of the second dataset to the intermediary. In other words, the data source encrypts the detailed data of the second dataset according to its own set encryption rules. However, this encryption method has the following drawbacks: if the detailed data of the second dataset changes, the encryption key for the detailed data of the second dataset will also change accordingly, and the decryption key of the business party will also change, causing the business party to need to repeatedly obtain the decryption key, increasing the burden on the business party.

[0071] In view of this, the embodiments of this application change the encryption method of the data source, so that the data source no longer uses its own encryption key to encrypt the data, but instead uses the encryption key provided by the business party. In this way, no matter how the data of the data source changes, the encryption key will not change, and correspondingly, the decryption key of the business party will not change, thereby reducing the burden on the business party.

[0072] Figure 4 This is a flowchart illustrating another embodiment of the data query method provided in the first aspect of this application. Figure 4 As shown, according to some embodiments of this application, optionally, the request message may also include a first encryption key provided by the service provider. Before receiving the target information sent by the target data source in S330, the data query method may further include step S410: sending the first encryption key to the target data source.

[0073] The target data source can also use the first encryption key to encrypt the target information. The business party, upon receiving the encrypted target information, can decrypt it using a pre-set first decryption key corresponding to the first encryption key. The first encryption key can be a public key, and the first decryption key can be a private key. The business party informs the target data source of the first encryption key (public key) and then uses its own reserved first decryption key (private key) to decrypt the information.

[0074] In this way, on the one hand, the target data source encrypts the target information based on the first encryption key. Since the third-party service platform does not know the first decryption key corresponding to the first encryption key, it cannot decrypt the target information and therefore cannot know the specific content of the target information, thus further preventing the leakage and misuse of the target information. On the other hand, since the target data source encrypts the target information based on the first encryption key provided by the business party, the first encryption key will not change no matter how the data source changes. Correspondingly, the first decryption key of the business party will also not change, thereby reducing the burden on the business party.

[0075] Further research by the inventors of this application revealed that, in related technologies, to ensure data transmission security, one party encrypts the data or message using its own encryption key before sending it to another. To enable the recipient to successfully decrypt the encrypted data or message, the corresponding decryption key is usually sent to the recipient as well. The recipient then uses the decryption key sent by the sender to decrypt the encrypted data or message. This approach easily leads to the risk of plaintext data leakage due to the leakage of the decryption key during transmission.

[0076] Therefore, this application proposes a method where the decryption key is stored at the receiving end, and the sender uses the encryption key provided by the receiving end to encrypt the data or messages. This achieves both encryption and decryption of transmitted data or messages while avoiding the risk of plaintext data leakage due to decryption key disclosure during transmission.

[0077] According to some embodiments of this application, optionally, the request message can be a request message encrypted using a second encryption key provided by a third-party service platform. That is, before sending the request message to the third-party service platform, the business party can encrypt the request message using the second encryption key provided by the third-party service platform.

[0078] Figure 5 This is a flowchart illustrating step S320 of the data query method provided in the first aspect of this application. Figure 5 As shown, correspondingly, S320 sends the desensitized intersection field and the query data field to the corresponding target data source, which may specifically include the following steps S510 to S530.

[0079] S510. Based on the preset second decryption key corresponding to the second encryption key, the encrypted request message is decrypted to obtain the de-identified intersection field and the query data field.

[0080] The second encryption key can be a public key, and the second decryption key can be a private key. The third-party service platform uses its own reserved second decryption key (i.e., private key) to decrypt the encrypted request message, thereby obtaining the anonymized intersection fields and query data fields provided by the business party.

[0081] S520. Generate the first relay message based on the de-identified intersection field and the query data field.

[0082] In S520, a message containing the de-identified intersection field and the query data field is generated. For ease of distinction, this is referred to as the first relay message.

[0083] S530. The first relay message is encrypted based on the third encryption key provided by the target data source, and the encrypted first relay message is sent to the corresponding target data source.

[0084] The third-party service platform can encrypt the first relay message using a third encryption key provided by the target data source. Then, the third-party service platform sends the encrypted first relay message to the corresponding target data source.

[0085] Accordingly, the target data source can decrypt the first relay message using a preset third decryption key corresponding to the third encryption key, obtaining the anonymized intersection field and the query data field. Then, the target data source can query the target information corresponding to the query data field based on the anonymized intersection field and the query data field, and generate a query result message based on the anonymized intersection field and the target information. That is, after retrieving the target information, the target data source can generate a message containing the anonymized intersection field and the target information. For ease of distinction, this is referred to as the query result message.

[0086] The query result message can be sent to a third-party service platform. The third-party service platform interprets the target information in the query result message and then feeds the target information back to the business party.

[0087] In this way, by keeping the decryption key at the receiver and having the sender use the encryption key provided by the receiver to encrypt the data or messages, both encryption and decryption of the transmitted data or messages can be achieved, while avoiding the risk of plaintext data leakage due to decryption key leakage during transmission, thus further improving the security of data transmission.

[0088] According to some embodiments of this application, optionally, the target data source can also be used to encrypt the query result message based on a fourth encryption key provided by a third-party service platform.

[0089] Figure 6 This is a flowchart illustrating another embodiment of the data query method provided in the first aspect of this application. Figure 6 As shown, correspondingly, S330, receiving the target information sent by the target data source, may specifically include the following steps: receiving the encrypted query result message sent by the target data source.

[0090] Following S330, the data query method may also include the following steps S610 and S620.

[0091] S610. Based on the preset fourth decryption key corresponding to the fourth encryption key, the encrypted query result message is decrypted to obtain the desensitized intersection field and target information.

[0092] The fourth encryption key can be a public key, and the fourth decryption key can be a private key. Third-party service platforms can decrypt the encrypted query result message using their own reserved fourth decryption key to obtain the anonymized intersection fields and target information.

[0093] S620. Generate a second relay message based on the desensitized intersection field and target information, and encrypt the second relay message based on the fifth encryption key provided by the business party.

[0094] A second relay message containing the de-identified intersection field and target information is generated, and the second relay message is encrypted based on the fifth encryption key provided by the business party.

[0095] Accordingly, S340 sends the target information to the business party, which may specifically include the following steps:

[0096] The encrypted second relay message is sent to the business party.

[0097] A third-party service platform can send the encrypted second relay message to the business party. The business party can then use its own reserved fifth decryption key to decrypt the second relay message and obtain the desired target information.

[0098] In this way, whether it is the business party, the third-party service platform, or the target data source party, they all use the encryption key of the next recipient to encrypt the data, and use their own reserved decryption key to decrypt the encrypted data. This can not only encrypt and decrypt the transmitted data or messages, but also avoid the risk of plaintext data leakage due to the leakage of decryption keys during transmission, thus further improving the security of data transmission.

[0099] This application recognizes that, in practice, business users may query more than one piece of data simultaneously. These different data sources may be provided by different data providers; therefore, when querying data, it is necessary to accurately determine the data source to which each desired piece of data belongs.

[0100] Specifically, according to some embodiments of this application, optionally, the query data field may include at least one subquery data field. For example, the query data field may include multiple subquery data fields. For instance, a business entity may want to query not only the target user's mobile phone number but also their bank card number. In this case, one subquery data field is the data field corresponding to the mobile phone number, and the other subquery data field is the data field corresponding to the bank card number.

[0101] Figure 7 This is a flowchart illustrating another embodiment of the data query method provided in the first aspect of this application. Figure 7 As shown, correspondingly, before generating the first relay message in S520 based on the desensitized intersection field and the query data field, the data query method may also include the following step S710: querying at least one target data source corresponding to each of the multiple data source parties stored in the third-party service platform.

[0102] A data source can include at least one data field. In specific examples, the data source may include data names, a data dictionary, sample data, and / or detailed data. The data name is also known as the name of the data field, such as "ID number" or "mobile phone number." The data dictionary is a collection of information describing the data, including descriptions of the data fields' translations, types, lengths, and value ranges. Sample data is artificially generated data provided to replace actual data. Detailed data refers to detailed data records.

[0103] Each data source provider can pre-register or store its corresponding data source on a third-party service platform to inform the platform what data it possesses. To avoid the leakage of detailed data, during registration, each data source provider can simply register the data source, including the data name, data dictionary, and sample data, on the third-party service platform; that is, it only needs to inform the platform of the specific types of data it can provide.

[0104] Similarly, business entities can pre-register or store their corresponding data sources on a third-party service platform to inform the platform of their available data or which data they need to query. For clarity, the data source corresponding to the business entity is referred to as the first data source, and the data source corresponding to the data source provider is referred to as the second data source. Unless otherwise specified, data sources in other locations in this embodiment are all second data sources, i.e., the data sources corresponding to the data source providers. To avoid leakage of detailed data, during registration, each business entity can register only the first data source, which includes the data name, data dictionary, and sample data, on the third-party service platform.

[0105] Taking mobile phone numbers and bank card numbers as examples, in S710, by querying the corresponding data sources of each data source, the target data source corresponding to the data field of the mobile phone number is determined to be data source a corresponding to data source A, and the target data source corresponding to the data field of the bank card number is determined to be data source b corresponding to data source B.

[0106] Accordingly, S520 generates a first relay message based on the de-identified intersection field and the query data field, which may include the following steps:

[0107] Based on the de-identified intersection fields and the subquery data fields corresponding to each target data source, generate the first relay message corresponding to each target data source.

[0108] For example, based on the anonymized intersection fields and the subquery data fields corresponding to data source a, a first relay message corresponding to data source A is generated. Based on the anonymized intersection fields and the subquery data fields corresponding to data source b, a first relay message corresponding to data source B is generated.

[0109] S530. Encrypt the first relay message based on the third encryption key provided by the target data source, and send the encrypted first relay message to the corresponding target data source. This may specifically include the following steps:

[0110] For any i-th target data source, the first relay message corresponding to the i-th target data source is encrypted based on the third encryption key provided by the i-th target data source, and the encrypted first relay message is sent to the i-th target data source, where i is a positive integer.

[0111] For example, for data source A, the first relay message corresponding to data source A is encrypted using the third encryption key provided by data source A, and the encrypted first relay message is sent to data source A. For data source B, the first relay message corresponding to data source B is encrypted using the third encryption key provided by data source B, and the encrypted first relay message is sent to data source B.

[0112] Thus, the embodiments of this application can realize the query of multiple sub-query data fields, meet the query needs of business users, and improve the efficiency of data query.

[0113] Optionally, when there are multiple target data sources, the third-party service platform can also aggregate the data or messages sent by each target data source and send them to the business party in a unified manner to reduce the disturbance to the business party and improve the user experience.

[0114] Specifically, according to some embodiments of this application, optionally, step S330, receiving the target information sent by the target data source, may include the following steps:

[0115] Receive query result messages from at least one target data source.

[0116] For example, if there are multiple target data sources, then query result messages sent by multiple target data sources can be received.

[0117] Figure 8 This is a flowchart illustrating step S340 of the data query method provided in the first aspect of this application. Figure 8 As shown, S340, sending the target information to the business party, may specifically include the following steps S810 to S830.

[0118] S810. Decrypt the query result messages sent by each target data source to obtain the de-identified intersection fields and the target information corresponding to each subquery data field.

[0119] S820. Summarize the target information of each subquery data field corresponding to the same de-identified intersection field and generate a second relay message.

[0120] The target information of multiple subquery data fields corresponding to the same de-identified intersection field can be summarized into a second relay message.

[0121] S830: Send the second relay message to the service provider.

[0122] In S830, the third-party service platform can directly send the second relay message to the business party. As mentioned earlier, the third-party service platform can also encrypt the second relay message before sending the encrypted second relay message to the business party.

[0123] In this way, the third-party service platform can aggregate the data or messages sent by various target data sources and send them to the business side in a unified manner, which can reduce the disturbance to the business side and improve the user experience.

[0124] The second aspect of this application provides a data query method that can be applied to business party 21, meaning that the data query method can be executed by business party 21. For details regarding business party 21, please refer to the relevant descriptions in the above embodiments, which will not be repeated here.

[0125] Figure 9 This is a schematic flowchart of an embodiment of the data query method provided in the second aspect of this application. Figure 9 As shown, the data query method may include steps S910 to S930.

[0126] S910. Generate a request message based on the de-identified intersection fields after de-identification processing and the query data fields that the business party expects to query.

[0127] Combination Figure 2 As shown, business party 21 can send a request message to third-party service platform 22. Before sending the request message to third-party service platform 22, business party 21 can perform de-identification processing on the plaintext intersection field to obtain the de-identified intersection field. The specific de-identification strategy adopted by business party 21 can be flexibly adjusted according to the actual situation, and this application embodiment does not limit it, such as including but not limited to modification, replacement, or hiding operations. After de-identification processing, the detailed data (i.e., privacy information) in the de-identified intersection field is hidden.

[0128] In some specific embodiments, optionally, prior to S910, the data query method may include the following steps:

[0129] Step 1: Obtain the plaintext intersection fields that have not been anonymized. Plaintext intersection fields are those intersection fields where private information can be viewed.

[0130] Step 2: Based on the de-identification strategy provided by the third-party service platform, the plaintext intersection field is de-identified to obtain the de-identified intersection field.

[0131] In some embodiments, the third-party service platform can provide the same data masking strategy to both the business party and the data source party. Both parties then mask the intersection fields in their respective data sources based on this same strategy. In other embodiments, the third-party service platform can provide the business party with a data masking strategy and the data source party with a corresponding reverse data masking strategy. The business party masks the plaintext intersection fields based on the masking strategy to obtain the masked intersection fields. The data source party then reverses the masked intersection fields based on the reverse data masking strategy to obtain the original plaintext intersection fields, thus facilitating querying.

[0132] S920: Send a request message to a third-party service platform.

[0133] Third-party service platforms can be used to send the anonymized intersection fields and query data fields to the corresponding target data source. The target data source can then use these fields to retrieve the target information corresponding to the query data fields.

[0134] Specifically, in some embodiments, the target data source can first perform de-identification processing on the intersection fields in its corresponding data source, based on the same de-identification strategy adopted by the business side. That is, for the same plaintext intersection field, the business side and the target data source can obtain the same result by performing de-identification processing on the same plaintext intersection field, thus facilitating subsequent queries using the de-identified intersection field provided by the business side. For example, assuming the plaintext intersection field is "abc", the de-identification strategy adopted by both the business side and the target data source can be, for example, replacing "a" with "a'", resulting in the de-identified intersection field being "a'bc".

[0135] Then, the target data source provider can retrieve the target information that matches the anonymized intersection field and query data field provided by the business provider from the data source. For example, if the anonymized intersection field is the target user's anonymized ID number a'bc, and the query data field is the data field corresponding to the mobile phone number, then the target data source provider can retrieve the specific mobile phone number corresponding to the ID number a'bc from the data source.

[0136] In other embodiments, after receiving the de-identified intersection field and the query data field, the target data source can first copy the de-identified intersection field to obtain at least two identical de-identified intersection fields. Then, based on a preset reverse de-identification strategy, one of the de-identified intersection fields is subjected to reverse de-identification processing to obtain the reverse de-identified intersection field. Finally, based on the reverse de-identified intersection field and the query data field, target information matching the reverse de-identified intersection field and the query data field is queried from the data source corresponding to the target data source.

[0137] For example, if the de-identified intersection field is the target user's de-identified ID number a'bc, and the query data field is the data field corresponding to the mobile phone number, then the target data source can perform reverse de-identification on the ID number a'bc to obtain the ID number abc. Then, it can query the data source to find the specific mobile phone number corresponding to the ID number abc.

[0138] S930: Receive target information sent by a third-party service platform.

[0139] After retrieving the target information corresponding to the queried data field, the target data source can send the target information to the third-party service platform 22. Specifically, after retrieving the target information corresponding to the queried data field, the target data source can generate a query result message based on the de-identified intersection field and the target information, and then send the query result message to the third-party service platform 22.

[0140] After receiving the query result message, the third-party service platform 22 parses the message to obtain the target information. Then, the third-party service platform 22 sends the target information to the business party 21, which receives the information.

[0141] In the data query method of this application embodiment, the business party performs anonymization processing on the intersection fields. The third-party service platform can only view the anonymized intersection fields and therefore cannot know the privacy information contained therein. Moreover, the data query (or intersection) work is completed by the target data source party, without the need for a third-party service platform. This ensures the smooth completion of the data query while preventing the third-party service platform from obtaining privacy information during the intersection process, thereby reducing the risk of data leakage and misuse and improving the security of data query and transmission.

[0142] Figure 10 A flowchart illustrating another embodiment of the data query method provided in the second aspect of this application. (See attached diagram.) Figure 10 As shown, according to some embodiments of this application, optionally, in step S910, a request message is generated based on the de-identified intersection fields after de-identification processing and the query data fields that the business party expects to query. Specifically, this may include the following steps:

[0143] A request message is generated based on the anonymized intersection field, the query data field, and the first encryption key.

[0144] The third-party service platform can also be used to send the first encryption key to the target data source, and the target data source can also use the first encryption key to encrypt the target information.

[0145] After receiving the target information sent by the third-party service platform in step S930, the data query method may further include step S1010:

[0146] The encrypted target information is decrypted based on the preset first decryption key corresponding to the first encryption key, and the decrypted target information is obtained.

[0147] The first encryption key can be the public key, and the first decryption key can be the private key. The business party informs the target data source party of the first encryption key (public key), and then uses its own reserved first decryption key (private key) to decrypt.

[0148] In this way, on the one hand, the target data source encrypts the target information based on the first encryption key. Since the third-party service platform does not know the first decryption key corresponding to the first encryption key, it cannot decrypt the target information and therefore cannot know the specific content of the target information, thus further preventing the leakage and misuse of the target information. On the other hand, since the target data source encrypts the target information based on the first encryption key provided by the business party, the first encryption key will not change no matter how the data source changes. Correspondingly, the first decryption key of the business party will also not change, thereby reducing the burden on the business party.

[0149] Figure 11 This is a flowchart illustrating another embodiment of the data query method provided in the second aspect of this application. Figure 11 As shown, according to some embodiments of this application, optionally, before sending a request message to the third-party service platform in S920, the data query method may further include step S1110:

[0150] The request message is encrypted using a second encryption key provided by a third-party service platform.

[0151] Accordingly, S920 sends a request message to a third-party service platform, which may specifically include the following steps: sending an encrypted request message to the third-party service platform.

[0152] Specifically, the third-party service platform can decrypt the encrypted request message based on a preset second decryption key corresponding to the second encryption key, obtaining the anonymized intersection field and the query data field. The third-party service platform can also generate a first relay message based on the anonymized intersection field and the query data field; and encrypt the first relay message based on a third encryption key provided by the target data source, and send the encrypted first relay message to the corresponding target data source.

[0153] Specifically, the target data source can decrypt the first relay message based on a preset third decryption key corresponding to the third encryption key, obtaining the anonymized intersection field and the query data field. The target data source can also use the anonymized intersection field and the query data field to query the target information corresponding to the query data field, and generate a query result message based on the anonymized intersection field and the target information.

[0154] In this way, by keeping the decryption key at the receiver and having the sender use the encryption key provided by the receiver to encrypt the data or messages, both encryption and decryption of the transmitted data or messages can be achieved, while avoiding the risk of plaintext data leakage due to decryption key leakage during transmission, thus further improving the security of data transmission.

[0155] According to some embodiments of this application, optionally, the target data source can also encrypt the query result message based on a fourth encryption key provided by a third-party service platform. The third-party service platform can also decrypt the encrypted query result message based on a preset fourth decryption key corresponding to the fourth encryption key to obtain the anonymized intersection field and target information; and generate a second relay message based on the anonymized intersection field and target information, and encrypt the second relay message based on a fifth encryption key provided by the service provider.

[0156] Accordingly, S930 receives target information sent by a third-party service platform, which may specifically include the following steps:

[0157] Step 1: Receive the second relay message sent by the third-party service platform;

[0158] Step 2: Decrypt the encrypted second relay message using the preset fifth decryption key corresponding to the fifth encryption key to obtain the target information.

[0159] In this way, whether it is the business party, the third-party service platform, or the target data source party, they all use the encryption key of the next recipient to encrypt the data, and use their own reserved decryption key to decrypt the encrypted data. This can not only encrypt and decrypt the transmitted data or messages, but also avoid the risk of plaintext data leakage due to the leakage of decryption keys during transmission, thus further improving the security of data transmission.

[0160] This application recognizes that, in practice, business users may query more than one piece of data simultaneously. These different data sources may be provided by different data providers; therefore, when querying data, it is necessary to accurately determine the data source to which each desired piece of data belongs.

[0161] According to some embodiments of this application, optionally, the query data field may include at least one subquery data field. A third-party service platform is used to send the anonymized intersection field and at least one subquery data field to the corresponding target data source. The target data source is used to query target information corresponding to the at least one subquery data field based on the anonymized intersection field and the at least one subquery data field.

[0162] The specific steps of the above query process have been described in detail when introducing the data query method provided in the first aspect, and will not be repeated here.

[0163] Accordingly, S930 receives target information sent by a third-party service platform, which may specifically include the following steps:

[0164] Receive target information sent by a third-party service platform that corresponds to at least one subquery data field.

[0165] Thus, the embodiments of this application can realize the query of multiple sub-query data fields, meet the query needs of business users, and improve the efficiency of data query.

[0166] A third aspect of this application provides a data query method that can be applied to the data source 23, meaning that the data query method can be executed by the data source 23. For details regarding the data source 23, please refer to the relevant descriptions in the above embodiments, which will not be repeated here.

[0167] Figure 12 This is a schematic flowchart of an embodiment of the data query method provided in the third aspect of this application. Figure 12 As shown, the data query method may include steps S1210 to S1230.

[0168] S1210 Receive the anonymized request fields sent by the third-party service platform and the query data fields that the business party expects to query.

[0169] Combination Figure 2 As shown, business party 21 can send a request message to third-party service platform 22. Before sending the request message to third-party service platform 22, business party 21 can perform de-identification processing on the plaintext intersection field to obtain the de-identified intersection field. The specific de-identification strategy adopted by business party 21 can be flexibly adjusted according to the actual situation, and this application embodiment does not limit it, such as including but not limited to modification, replacement, or hiding operations. After de-identification processing, the detailed data (i.e., privacy information) in the de-identified intersection field is hidden.

[0170] The query data field refers to the data field that the business side expects to retrieve. For example, if business side 21 currently knows the target user's ID number and wants to retrieve the target user's mobile phone number, then the target user's ID number can be anonymized. That is, the anonymized intersection field can be the target user's anonymized ID number, and the query data field can be the data field corresponding to the mobile phone number.

[0171] After receiving the request message from the business party 21, the third-party service platform 22 can parse the request message to obtain the anonymized intersection fields and query data fields. Then, the third-party service platform 22 sends the anonymized intersection fields and query data fields to the corresponding data source party.

[0172] S1220. Based on the desensitized intersection field and the query data field, query the target information corresponding to the query data field.

[0173] After receiving the de-identified intersection field and the query data field, the data source can query the target information corresponding to the query data field based on the de-identified intersection field and the query data field.

[0174] S1230, Send target information to a third-party service platform.

[0175] After retrieving the target information corresponding to the queried data field, the target data source can send the target information to the third-party service platform 22. Specifically, after retrieving the target information corresponding to the queried data field, the target data source can generate a query result message based on the de-identified intersection field and the target information, and then send the query result message to the third-party service platform 22. After receiving the query result message, the third-party service platform 22 parses the query result message to obtain the target information. Then, it sends the target information to the business party 21. That is, it feeds back the query result to the business party 21.

[0176] In the data query method of this application embodiment, the business party performs anonymization processing on the intersection fields. The third-party service platform can only view the anonymized intersection fields and therefore cannot know the privacy information contained therein. Moreover, the data query (or intersection) work is completed by the target data source party, without the need for a third-party service platform. This ensures the smooth completion of the data query while preventing the third-party service platform from obtaining privacy information during the intersection process, thereby reducing the risk of data leakage and misuse and improving the security of data query and transmission.

[0177] Figure 13 This is a flowchart illustrating step S1220 of the data query method provided in the third aspect of this application. Figure 13 As shown, according to some embodiments of this application, optionally, S1220, querying the target information corresponding to the query data field based on the desensitized intersection field and the query data field, may specifically include the following steps S1310 and S1320.

[0178] S1310. Based on the same desensitization strategy adopted by the business party, perform desensitization processing on the intersection fields in the data source corresponding to the data source party.

[0179] The target data source provider can first apply the same data masking strategy as the business provider to the intersection fields in its data source. In other words, for the same plaintext intersection field, both the business provider and the target data source provider will obtain the same result after masking, facilitating subsequent queries using the masked intersection field provided by the business provider. For example, assuming the plaintext intersection field is "abc", both the business provider and the target data source provider could use a masking strategy of replacing "a" with "a'", resulting in the same masked intersection field: "a'bc".

[0180] S1320. Based on the desensitized intersection field and the query data field, query the target information from the data source that matches the desensitized intersection field and the query data field.

[0181] The target data source provider can retrieve target information from the data source that matches the anonymized intersection fields and query data fields provided by the business side. For example, if the anonymized intersection field is the target user's anonymized ID number "a'bc", and the query data field is the data field corresponding to the mobile phone number, then the target data source provider can retrieve the specific mobile phone number corresponding to the ID number "a'bc" from the data source.

[0182] Figure 14 This is a flowchart illustrating step S1220 of the data query method provided in the third aspect of this application. Figure 14 As shown, according to some other embodiments of this application, optionally, S1220, querying the target information corresponding to the query data field based on the desensitized intersection field and the query data field, may specifically include the following steps S1410 and S1420.

[0183] S1410. Based on the preset reverse desensitization strategy, reverse desensitization processing is performed on the desensitized intersection field to obtain the reverse desensitized intersection field.

[0184] After receiving the anonymized intersection fields and the query data fields, the target data source can first copy the anonymized intersection fields to obtain at least two identical anonymized intersection fields. Then, based on a preset reverse anonymization strategy, one of the anonymized intersection fields is subjected to reverse anonymization processing to obtain the reverse anonymized intersection field.

[0185] For example, if the de-identified intersection field is the target user's de-identified ID number a'bc, and the query data field is the data field corresponding to the mobile phone number, then the target data source can perform reverse de-identification on the ID number a'bc to obtain the ID number abc.

[0186] S1420. Based on the intersection field of the reverse desensitization and the query data field, query the target information that matches the intersection field of the reverse desensitization and the query data field from the data source corresponding to the data source.

[0187] Based on the intersection fields of the inverse data masking algorithm and the query data fields, retrieve the target information from the data source corresponding to the target data source that matches the intersection fields of the inverse data masking algorithm and the query data fields. For example, retrieve the specific mobile phone number corresponding to the ID number "abc" from the data source.

[0188] In this way, the target information corresponding to the queried data field can be accurately retrieved.

[0189] Optionally, according to some embodiments of this application, before sending the target information to the third-party service platform in S1230, the data query method may further include the following steps:

[0190] Step 1: Receive the first encryption key sent by the third-party service platform. The first encryption key is provided by the business to the third-party service platform.

[0191] Step 2: Encrypt the target information based on the first encryption key.

[0192] Accordingly, S1230 sends the target information to the third-party service platform, which may specifically include the following steps:

[0193] Send encrypted target information to a third-party service platform.

[0194] Specifically, the business party can use the first encryption key to decrypt the encrypted target information based on a pre-set first decryption key corresponding to the first encryption key. The data source party can also use the first encryption key to encrypt the target information. After receiving the encrypted target information, the business party can use the pre-set first decryption key corresponding to the first encryption key to decrypt the encrypted target information. The first encryption key can be a public key, and the first decryption key can be a private key. The business party informs the data source party of the first encryption key (public key) and then uses its own reserved first decryption key (private key) to decrypt the information.

[0195] In this way, on the one hand, the data source encrypts the target information based on the first encryption key. Since the third-party service platform does not know the first decryption key corresponding to the first encryption key, it cannot decrypt the target information and therefore cannot know the specific content of the target information, thus further preventing the leakage and misuse of the target information. On the other hand, since the data source encrypts the target information based on the first encryption key provided by the business party, the first encryption key will not change no matter how the data source changes. Correspondingly, the first decryption key of the business party will also not change, thereby reducing the burden on the business party.

[0196] According to some embodiments of this application, optionally, the third-party service platform can be used to generate a first relay message based on the de-identified intersection field and the query data field, and to encrypt the first relay message based on a third encryption key provided by the data source.

[0197] S1210. Receive the anonymized intersection fields and the query data fields that the business party expects to query from the third-party service platform. This may specifically include the following steps:

[0198] Receive the encrypted first relay message sent by the third-party service platform;

[0199] The first relay message is decrypted based on the preset third decryption key corresponding to the third encryption key, resulting in the de-identified intersection field and the query data field.

[0200] In this way, by keeping the decryption key at the receiver and having the sender use the encryption key provided by the receiver to encrypt the data or messages, both encryption and decryption of the transmitted data or messages can be achieved, while avoiding the risk of plaintext data leakage due to decryption key leakage during transmission, thus further improving the security of data transmission.

[0201] According to some embodiments of this application, optionally, the query data field includes at least one subquery data field. A third-party service platform can be used to send the anonymized intersection field and at least one subquery data field to the corresponding data source.

[0202] S1220. Based on the de-identified intersection field and the query data field, query the target information corresponding to the query data field. This may specifically include the following steps:

[0203] Based on the de-identified intersection field and at least one subquery data field, query the target information corresponding to at least one subquery data field.

[0204] Thus, the embodiments of this application can realize the query of multiple sub-query data fields, meet the query needs of business users, and improve the efficiency of data query.

[0205] The fourth aspect of this application provides a data query method that can be applied to a data query system, i.e., the data query method can be executed by the data query system. Figure 15 This is a schematic diagram of communication interaction for an embodiment of the data query method provided in the fourth aspect of this application. Figure 15 As shown, the data query system may include a business party 21, a third-party service platform 22, and a data source party 23. The data query method may include the following steps S1510 to S1560.

[0206] S1510. The business party generates a request message based on the de-identified intersection fields after the de-identification process and the query data fields that the business party expects to query.

[0207] S1520, The business sends a request message to the third-party service platform.

[0208] S1530. The third-party service platform sends the anonymized request fields and query data fields to the corresponding data source.

[0209] S1540. The data source party queries the target information corresponding to the de-identified intersection field and the query data field.

[0210] S1550, The data source sends the target information to the third-party service platform.

[0211] S1560, The third-party service platform sends target information to the business party.

[0212] In the data query method of this application embodiment, the business party performs anonymization processing on the intersection fields. The third-party service platform can only view the anonymized intersection fields and therefore cannot know the privacy information contained therein. Moreover, the data query (or intersection) work is completed by the target data source party, without the need for a third-party service platform. This ensures the smooth completion of the data query while preventing the third-party service platform from obtaining privacy information during the intersection process, thereby reducing the risk of data leakage and misuse and improving the security of data query and transmission.

[0213] To facilitate understanding, the data query method of this application embodiment will be described in detail below with reference to some specific application examples.

[0214] Figure 16 This is a schematic diagram of communication interaction for another embodiment of the data query method provided in the fourth aspect of this application. (See diagram below.) Figure 16 As shown, according to some embodiments of this application, optionally, the data query method may include the following steps S1610 to S1660.

[0215] S1610. The business party encrypts the plaintext intersection field of the data to be queried using a desensitization method to generate a desensitized intersection field (unique identifier), and combines it with the query data field and the business party's asymmetric encryption key to form a message. The message is then encrypted with the encryption key provided by the third-party service platform and transmitted to the third-party service platform.

[0216] S1620 The third-party service platform decrypts the message using the corresponding decryption key and compares the query data fields with each second data source to find the data source that matches the query data fields.

[0217] S1630. For any data source found, the third-party service platform will combine the anonymized intersection field, the query data field to be queried from the data source, and the business party's asymmetric encryption key to form a message, and encrypt the message with the data source's encryption key and transmit it to the data source.

[0218] S1640. The data source decrypts the message using its decryption key, locates the data entry using the de-identified intersection field, and after finding the data corresponding to the queried data field, encrypts the data using the business party's asymmetric encryption key to form an encrypted query result. The de-identified intersection field and the encrypted query result are combined to form a message, which is then encrypted using the encryption key of the third-party service platform and transmitted to the third-party service platform.

[0219] S1650 The third-party service platform decrypts the messages returned by each data source using the decryption key, and summarizes the encrypted query results of the same de-identified intersection field.

[0220] S1660. The business party decrypts the message using the decryption key and decrypts the encrypted query results returned by each data source using the asymmetric decryption key, thus completing the entire data query process.

[0221] It should be noted that the above Figure 15 and Figure 16 The steps involved have been described in detail above and will not be repeated here.

[0222] Based on the data query method provided in the first aspect of this application, the fifth aspect of this application also provides a third-party service platform. Figure 17 This is a schematic diagram illustrating the structure of one embodiment of a third-party service platform according to an example of this application. Figure 17 As shown, the third-party service platform 22 may include:

[0223] The acquisition module 1701 is used to acquire the request message sent by the business party. The request message includes the de-identified intersection field after de-identification processing and the query data field that the business party expects to query.

[0224] The first sending module 1702 is used to send the de-identified intersection field and the query data field to the corresponding target data source, and the target data source is used to query the target information corresponding to the query data field based on the de-identified intersection field and the query data field.

[0225] The first receiving module 1703 is used to receive target information sent by the target data source.

[0226] The second sending module 1704 is used to send the target information to the business party.

[0227] In this embodiment of the application, the third-party service platform performs anonymization processing on the intersection fields. The third-party service platform can only view the anonymized intersection fields and therefore cannot know the privacy information contained therein. Furthermore, the data query (or intersection) is performed by the target data source, without the need for the third-party service platform. This ensures successful data querying while preventing the third-party service platform from obtaining privacy information during the intersection process, thereby reducing the risk of data leakage and misuse and improving the security of data querying and transmission.

[0228] In some embodiments, the request message further includes a first encryption key provided by the service provider. The first sending module 1702 is further configured to send the first encryption key to the target data source. The target data source is further configured to encrypt the target information based on the first encryption key. Upon receiving the encrypted target information, the service provider is configured to decrypt the encrypted target information based on a preset first decryption key corresponding to the first encryption key.

[0229] In some embodiments, the request message can be a request message encrypted using a second encryption key provided by a third-party service platform. The first sending module 1702 is specifically used to decrypt the encrypted request message using a preset second decryption key corresponding to the second encryption key, obtaining a de-identified intersection field and a query data field; generate a first relay message based on the de-identified intersection field and the query data field; encrypt the first relay message using a third encryption key provided by the target data source, and send the encrypted first relay message to the corresponding target data source. The target data source is specifically used to decrypt the first relay message using a preset third decryption key corresponding to the third encryption key, obtaining a de-identified intersection field and a query data field; query the target information corresponding to the query data field based on the de-identified intersection field and the query data field, and generate a query result message based on the de-identified intersection field and the target information.

[0230] In some embodiments, the target data source is further configured to encrypt the query result message based on a fourth encryption key provided by the third-party service platform. The first receiving module 1703 is specifically configured to receive the encrypted query result message sent by the target data source. The third-party service platform 22 further includes a first encryption module, configured to decrypt the encrypted query result message based on a preset fourth decryption key corresponding to the fourth encryption key, obtaining the de-identified intersection field and target information; generate a second relay message based on the de-identified intersection field and target information, and encrypt the second relay message based on a fifth encryption key provided by the service provider. The second sending module 1704 is specifically configured to send the encrypted second relay message to the service provider.

[0231] In some embodiments, the query data field includes at least one subquery data field. The third-party service platform 22 also includes a query module, used to query the target data source corresponding to at least one subquery data field from the data sources corresponding to each of the multiple data source providers stored in the third-party service platform. The data source includes at least one data field. The first sending module 1702 is specifically used to generate a first relay message corresponding to each target data source provider based on the de-identified intersection field and the subquery data fields corresponding to each target data source; for any i-th target data source provider, the first relay message corresponding to the i-th target data source provider is encrypted based on the third encryption key provided by the i-th target data source provider, and the encrypted first relay message is sent to the i-th target data source provider, where i is a positive integer.

[0232] In some embodiments, the first receiving module 1703 is specifically used to receive a query result message sent by at least one target data source.

[0233] The second sending module 1704 is specifically used to decrypt the query result messages sent by each target data source to obtain the target information corresponding to the de-identified intersection field and each sub-query data field; to summarize the target information of each sub-query data field corresponding to the same de-identified intersection field and generate a second relay message; and to send the second relay message to the business party.

[0234] Based on the data query method provided in the second aspect of this application, the sixth aspect of this application also provides a first electronic device, which is applied to the business party. Figure 18 This is a schematic diagram of the structure of one embodiment of the first electronic device according to this application. Figure 18 As shown, the first electronic device 1800 may include:

[0235] The generation module 1801 is used to generate a request message based on the de-identified intersection fields after the de-identification process and the query data fields that the business party expects to query.

[0236] The third sending module 1802 is used to send a request message to the third-party service platform; the third-party service platform is used to send the de-identified intersection field and the query data field to the corresponding target data source party; the target data source party is used to query the target information corresponding to the query data field based on the de-identified intersection field and the query data field.

[0237] The second receiving module 1803 is used to receive target information sent by a third-party service platform.

[0238] The first electronic device in this application embodiment performs anonymization processing on the intersection fields. Third-party service platforms can only view the anonymized intersection fields and therefore cannot access the privacy information within them. Furthermore, the data query (or intersection) is performed by the target data source, eliminating the need for a third-party service platform. This ensures successful data querying while preventing the third-party service platform from obtaining privacy information during the intersection process, thereby reducing the risk of data leakage and misuse and improving the security of data querying and transmission.

[0239] In some embodiments, the generation module 1801 is specifically used to generate a request message based on the de-identified intersection field, the query data field, and the first encryption key. The third-party service platform is also used to send the first encryption key to the target data source, which in turn is used to encrypt the target information based on the first encryption key. The second receiving module 1803 is further used to decrypt the encrypted target information based on a preset first decryption key corresponding to the first encryption key, thereby obtaining the decrypted target information.

[0240] In some embodiments, the first electronic device 1800 may further include a second encryption module, used to encrypt the request message based on a second encryption key provided by a third-party service platform. The third sending module 1802 is specifically used to send the encrypted request message to the third-party service platform. Specifically, the third-party service platform is used to decrypt the encrypted request message based on a preset second decryption key corresponding to the second encryption key, obtaining a de-identified intersection field and a query data field; generate a first relay message based on the de-identified intersection field and the query data field; encrypt the first relay message based on a third encryption key provided by the target data source, and send the encrypted first relay message to the corresponding target data source. The target data source is specifically used to decrypt the first relay message based on a preset third decryption key corresponding to the third encryption key, obtaining a de-identified intersection field and a query data field; query the target information corresponding to the query data field based on the de-identified intersection field and the query data field, and generate a query result message based on the de-identified intersection field and the target information.

[0241] In some embodiments, the target data source is further configured to encrypt the query result message based on a fourth encryption key provided by a third-party service platform. The third-party service platform is further configured to decrypt the encrypted query result message based on a preset fourth decryption key corresponding to the fourth encryption key, obtaining the anonymized intersection field and target information; generate a second relay message based on the anonymized intersection field and target information, and encrypt the second relay message based on a fifth encryption key provided by the business party. The second receiving module 1803 is specifically configured to: receive the second relay message sent by the third-party service platform; and decrypt the encrypted second relay message based on a preset fifth decryption key corresponding to the fifth encryption key, obtaining the target information.

[0242] In some embodiments, the query data field includes at least one subquery data field; the third-party service platform is used to send the de-identified intersection field and at least one subquery data field to the corresponding target data source, and the target data source is used to query the target information corresponding to at least one subquery data field based on the de-identified intersection field and at least one subquery data field; the second receiving module 1803 is specifically used to: receive the target information corresponding to at least one subquery data field sent by the third-party service platform.

[0243] In some embodiments, the first electronic device 1800 may further include a desensitization module, which is used to obtain the plaintext intersection field that has not been desensitized; and to desensitize the plaintext intersection field based on the desensitization strategy provided by a third-party service platform to obtain the desensitized intersection field.

[0244] Based on the data query method provided in the third aspect of this application, correspondingly, the seventh aspect of this application also provides a second electronic device, which is applied to the data source. Figure 19 This is a schematic diagram illustrating the structure of one embodiment of the second electronic device according to this application. Figure 19 As shown, the second electronic device 1900 may include:

[0245] The third receiving module 1901 is used to receive the de-identified intersection fields sent by the third-party service platform and the query data fields that the business party expects to query.

[0246] The query module 1902 is used to query the target information corresponding to the query data field based on the desensitized intersection field and the query data field;

[0247] The fourth sending module 1903 is used to send target information to a third-party service platform; the third-party service platform is used to respond to the received target information and send the target information to the corresponding business party.

[0248] The second electronic device in this application embodiment performs anonymization processing on the intersection fields of the first electronic device. The third-party service platform can only view the anonymized intersection fields and therefore cannot access the privacy information within them. Furthermore, the data query (or intersection) process is handled by the second electronic device, eliminating the need for a third-party service platform. This ensures successful data querying while preventing the third-party service platform from obtaining privacy information during the intersection process, thereby reducing the risk of data leakage and misuse and improving the security of data querying and transmission.

[0249] In some embodiments, the query module 1902 is specifically used to perform desensitization processing on the intersection fields in the data source corresponding to the data source party based on the same desensitization strategy adopted by the business party; and to query target information that matches the desensitized intersection fields and query data fields from the data source according to the desensitized intersection fields and query data fields.

[0250] In some embodiments, the query module 1902 is specifically used to perform reverse desensitization processing on the desensitized intersection field based on a preset reverse desensitization strategy to obtain the reverse desensitization intersection field; and to query target information that matches the reverse desensitization intersection field and the query data field from the data source corresponding to the data source.

[0251] In some embodiments, the second electronic device 1900 may further include a third encryption module, configured to receive a first encryption key sent by a third-party service platform, the first encryption key being provided by the business party to the third-party service platform; and to encrypt the target information based on the first encryption key. The fourth sending module 1903 is specifically configured to: send the encrypted target information to the third-party service platform, and the business party is configured to decrypt the encrypted target information based on a preset first decryption key corresponding to the first encryption key.

[0252] In some embodiments, the third-party service platform is specifically used to generate a first relay message based on the de-identified intersection field and the query data field, and to encrypt the first relay message based on a third encryption key provided by the data source. The third receiving module 1901 is specifically used to: receive the encrypted first relay message sent by the third-party service platform; and decrypt the first relay message based on a preset third decryption key corresponding to the third encryption key to obtain the de-identified intersection field and the query data field.

[0253] In some embodiments, the query data field includes at least one subquery data field; the third-party service platform is used to send the anonymized intersection field and at least one subquery data field to the corresponding data source. The query module 1902 is specifically used to: query the target information corresponding to at least one subquery data field based on the anonymized intersection field and at least one subquery data field.

[0254] The eighth aspect of this application also provides a third-party service platform. Figure 20 This is a schematic diagram of the structure of an embodiment of the third-party service platform provided in the eighth aspect of this application. Figure 20 As shown, the third-party service platform 22 includes a memory 2001, a processor 2002, and a computer program stored on the memory 2001 and executable on the processor 2002. When the processor 2002 executes the computer program instructions, it implements the data query method as provided in the first aspect.

[0255] In one example, the processor 2002 described above may include a central processing unit (CPU), or an application-specific integrated circuit (ASIC), or one or more integrated circuits that can be configured to implement the embodiments of this application.

[0256] The memory 2001 may include read-only memory (ROM), random access memory (RAM), disk storage media devices, optical storage media devices, flash memory devices, and electrical, optical, or other physical / tangible memory storage devices. Therefore, typically, the memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software including computer-executable instructions, and when the software is executed (e.g., by one or more processors), it is operable to perform the operations described with reference to the payment method in the embodiments according to the second aspect of this application.

[0257] The processor 2002 runs a computer program corresponding to the executable program code by reading the executable program code stored in the memory 2001, so as to implement the data query method in the first aspect embodiment above.

[0258] In some examples, the third-party service platform 22 may also include a communication interface 2003 and a bus 2004. For example, Figure 20 As shown, the memory 2001, processor 2002, and communication interface 2003 are connected through bus 2004 and complete communication with each other.

[0259] The communication interface 2003 is mainly used to enable communication between various modules, devices, units, and / or equipment in the embodiments of this application. Input devices and / or output devices can also be connected through the communication interface 2003.

[0260] Bus 2004 includes hardware, software, or both, that couples components of third-party service platform 22 together. For example, and not limited to, bus 2004 may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hyper Transport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an Infinite Bandwidth Interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-E) bus, a Serial Advanced Technology Attachment (SATA) bus, a Video Electronics Standards Association Local Bus (VLB) bus, or other suitable buses, or combinations of two or more of these. Where appropriate, bus 2004 may include one or more buses. Although specific buses are described and illustrated in the embodiments of this application, this application considers any suitable bus or interconnection.

[0261] A ninth aspect of this application provides a first electronic device, which may include a memory, a processor, and a computer program stored in the memory and executable on the processor. In some examples, the first electronic device may also include a communication interface and a bus. The memory, processor, and communication interface may be connected via the bus to communicate with each other.

[0262] The connection relationships and example descriptions of the memory, processor, communication interface, and bus can be found in the relevant descriptions in the above-described third-party service platform embodiments, and will not be repeated here. The difference between the first electronic device and the third-party service platform embodiments lies in that the processor runs a computer program corresponding to the executable program code stored in the memory, in order to implement the data query method in the second aspect embodiment described above. Specifically, the memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software including computer-executable instructions, and when the software is executed (e.g., by one or more processors), it is operable to perform the operations described with reference to the data query method in the second aspect embodiment of this application.

[0263] The tenth aspect of this application provides a second electronic device, which may include a memory, a processor, and a computer program stored in the memory and executable on the processor. In some examples, the second electronic device may also include a communication interface and a bus. The memory, processor, and communication interface may be connected via the bus to communicate with each other.

[0264] The connection relationships and example descriptions of the memory, processor, communication interface, and bus can be found in the relevant descriptions in the above-described third-party service platform embodiments, and will not be repeated here. The second electronic device differs from the third-party service platform embodiments in that the processor runs a computer program corresponding to the executable program code stored in the memory, in order to implement the data query method described in the third aspect embodiments above. Specifically, the memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software including computer-executable instructions, and when the software is executed (e.g., by one or more processors), it is operable to perform the operations described with reference to the data query method in the embodiments according to the third aspect of this application.

[0265] The eleventh aspect of this application provides a data query system, which may include the third-party service platform, the first electronic device, and the second electronic device described in the above embodiments. Specific details regarding the third-party service platform, the first electronic device, and the second electronic device can be found in the relevant descriptions in the above embodiments, and will not be repeated here.

[0266] The twelfth aspect of this application provides a computer-readable storage medium storing computer program instructions. When executed by a processor, these computer program instructions can implement the data query method described in the embodiments of this application and achieve the same technical effect. To avoid repetition, further details are omitted here. The aforementioned computer-readable storage medium may include non-transitory computer-readable storage media, such as read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks, etc., and is not limited thereto.

[0267] The thirteenth aspect of this application provides a computer program product in which the instructions are executed by the processor of an electronic device, causing the electronic device to perform the data query method described in the embodiments of this application. The specific content of the data query method can be found in the relevant descriptions in the above embodiments, and will not be repeated here. The electronic device may include the third-party service platform, the first electronic device, and the second electronic device as described in the above embodiments.

[0268] It should be clarified that this application is not limited to the specific configurations and processes described above and shown in the figures. For the sake of brevity, detailed descriptions of known methods are omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method process of this application is not limited to the specific steps described and shown. Those skilled in the art can make various changes, modifications, and additions, or change the order of steps, after understanding the spirit of this application.

[0269] The functional blocks shown in the above-described block diagram can be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, they can be, for example, electronic circuits, application-specific integrated circuits (ASICs), appropriate firmware, plug-ins, function cards, etc. When implemented in software, the elements of this application are programs or code segments used to perform the required tasks. Programs or code segments can be stored on a machine-readable medium or transmitted over a transmission medium or communication link via data signals carried on a carrier wave. "Machine-readable medium" can include any medium capable of storing or transmitting information. Examples of machine-readable media include electronic circuits, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio frequency (RF) links, etc. Code segments can be downloaded via computer networks such as the Internet, intranets, etc.

[0270] It should also be noted that the exemplary embodiments mentioned in this application describe methods or systems based on a series of steps or apparatus. However, this application is not limited to the order of the above steps; that is, the steps can be performed in the order mentioned in the embodiments, or in a different order, or several steps can be performed simultaneously.

[0271] The aspects of this application have been described above with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this application. It should be understood that each block in the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing apparatus to produce a machine such that these instructions, executable via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions / actions specified in one or more blocks of the flowchart illustrations and / or block diagrams. Such a processor can be, but is not limited to, a general-purpose processor, a special-purpose processor, a special application processor, or a field-programmable logic circuit. It is also understood that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can also be implemented by dedicated hardware performing the specified functions or actions, or can be implemented by a combination of dedicated hardware and computer instructions.

[0272] The above description is merely a specific implementation of this application. Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific working processes of the systems, modules, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here. It should be understood that the protection scope of this application is not limited thereto. Any person skilled in the art can easily conceive of various equivalent modifications or substitutions within the technical scope disclosed in this application, and these modifications or substitutions should all be covered within the protection scope of this application.

Claims

1. A data query method, characterized by, Applied to a third-party service platform, the method includes: The request message sent by the business party is obtained. The request message includes a de-identified intersection field after de-identification processing and a query data field that the business party expects to query. The de-identified intersection field is obtained by de-identifying the plaintext intersection field of the business party, and the detailed data in the de-identified intersection field is hidden. The de-identified intersection field and the query data field are sent to the corresponding target data source. The target data source is used to query the target information corresponding to the query data field based on the target field corresponding to the de-identified intersection field and the query data field. The target field is the reverse de-identified field of the de-identified intersection field or a field obtained by de-identifying the intersection field in the data source corresponding to the target data source based on the same de-identification strategy adopted by the business party. Receive the target information sent by the target data source; The target information is sent to the business party.

2. The method of claim 1, wherein, The request message also includes a first encryption key provided by the business party; Before receiving the target information sent by the target data source, the method further includes: The first encryption key is sent to the target data source, which is further configured to encrypt the target information based on the first encryption key. The service provider is configured to decrypt the encrypted target information based on a preset first decryption key corresponding to the first encryption key after receiving the encrypted target information.

3. The method of claim 1, wherein, The request message is a request message encrypted based on the second encryption key provided by the third-party service platform; Sending the de-identified intersection field and the query data field to the corresponding target data source specifically includes: The encrypted request message is decrypted based on the preset second decryption key corresponding to the second encryption key to obtain the de-identified intersection field and the query data field; A first relay message is generated based on the de-identified intersection field and the query data field; The first relay message is encrypted using the third encryption key provided by the target data source, and the encrypted first relay message is sent to the corresponding target data source. Specifically, the target data source is used to decrypt the first relay message using a preset third decryption key corresponding to the third encryption key to obtain the de-identified intersection field and the query data field; according to the de-identified intersection field and the query data field, the target information corresponding to the query data field is queried, and a query result message is generated based on the de-identified intersection field and the target information.

4. The method of claim 3, wherein, The target data source is also used to encrypt the query result message based on the fourth encryption key provided by the third-party service platform; The receipt of the target information sent by the target data source specifically includes: Receive the encrypted query result message sent by the target data source; The method further includes: Based on the preset fourth decryption key corresponding to the fourth encryption key, the encrypted query result message is decrypted to obtain the de-identified intersection field and the target information; A second relay message is generated based on the de-identified intersection field and the target information, and the second relay message is encrypted based on the fifth encryption key provided by the business party. Sending the target information to the business party specifically includes: The encrypted second relay message is sent to the business party.

5. The method of claim 3, wherein, The query data fields include at least one subquery data field; Before generating the first relay message based on the de-identified intersection field and the query data field, the method further includes: From the data sources corresponding to each of the multiple data sources stored in the third-party service platform, query the target data source corresponding to each of the at least one sub-query data fields, wherein the data source includes at least one data field; The step of generating a first relay message based on the de-identified intersection field and the query data field specifically includes: Based on the de-identified intersection field and the sub-query data field corresponding to each of the target data sources, generate the first relay message corresponding to each of the target data sources; The step of encrypting the first relay message based on the third encryption key provided by the target data source and sending the encrypted first relay message to the corresponding target data source specifically includes: For any i-th target data source, the first relay message corresponding to the i-th target data source is encrypted based on the third encryption key provided by the i-th target data source, and the encrypted first relay message is sent to the i-th target data source, where i is a positive integer.

6. The method of claim 5, wherein, The receipt of the target information sent by the target data source specifically includes: Receive at least one query result message sent by the target data source; Sending the target information to the business party specifically includes: The query result messages sent by each of the target data sources are decrypted to obtain the de-identified intersection field and the target information corresponding to each of the sub-query data fields; The target information of each of the sub-query data fields corresponding to the same de-identified intersection field is summarized to generate a second relay message; The second relay message is sent to the service provider.

7. A data query method, characterized in that, When applied to business users, the method includes: A request message is generated based on the anonymized intersection fields after anonymization and the query data fields that the business party expects to query. The anonymized intersection fields are obtained by anonymizing the plaintext intersection fields of the business party, and the detailed data in the anonymized intersection fields is hidden. The request message is sent to a third-party service platform; the third-party service platform sends the de-identified intersection field and the query data field to the corresponding target data source, and the target data source queries the target information corresponding to the query data field based on the target field corresponding to the de-identified intersection field and the query data field; the target field is the reverse de-identified field of the de-identified intersection field or a field obtained by de-identifying the intersection field in the data source corresponding to the target data source based on the same de-identification strategy adopted by the business party. Receive the target information sent by the third-party service platform.

8. The method according to claim 7, characterized in that, The step of generating a request message based on the de-identified intersection fields after de-identification processing and the query data fields that the business party expects to query specifically includes: The request message is generated based on the de-identified intersection field, the query data field, and the first encryption key; the third-party service platform is also used to send the first encryption key to the target data source, and the target data source is also used to encrypt the target information based on the first encryption key; After receiving the target information sent by the third-party service platform, the method further includes: The encrypted target information is decrypted based on a preset first decryption key corresponding to the first encryption key to obtain the decrypted target information.

9. The method according to claim 7, characterized in that, Before sending the request message to the third-party service platform, the method further includes: The request message is encrypted using the second encryption key provided by the third-party service platform. Sending the request message to the third-party service platform specifically includes: Send the encrypted request message to the third-party service platform; Specifically, the third-party service platform is used to decrypt the encrypted request message based on a preset second decryption key corresponding to the second encryption key, to obtain the de-identified intersection field and the query data field; generate a first relay message based on the de-identified intersection field and the query data field; encrypt the first relay message based on the third encryption key provided by the target data source, and send the encrypted first relay message to the corresponding target data source; The target data source is specifically used to decrypt the first relay message based on a preset third decryption key corresponding to the third encryption key, to obtain the de-identified intersection field and the query data field; according to the de-identified intersection field and the query data field, to query the target information corresponding to the query data field, and to generate a query result message based on the de-identified intersection field and the target information.

10. The method according to claim 9, characterized in that, The target data source is also used to encrypt the query result message based on the fourth encryption key provided by the third-party service platform; The third-party service platform is also used to decrypt the encrypted query result message based on a preset fourth decryption key corresponding to the fourth encryption key, to obtain the de-identified intersection field and the target information; A second relay message is generated based on the de-identified intersection field and the target information, and the second relay message is encrypted based on the fifth encryption key provided by the business party. Receiving the target information sent by the third-party service platform specifically includes: Receive the second relay message sent by the third-party service platform; The encrypted second relay message is decrypted using a preset fifth decryption key corresponding to the fifth encryption key to obtain the target information.

11. The method according to claim 9, characterized in that, The query data field includes at least one subquery data field; the third-party service platform is used to send the anonymized intersection field and the at least one subquery data field to the corresponding target data source, and the target data source is used to query the target information corresponding to the at least one subquery data field based on the anonymized intersection field and the at least one subquery data field; Receiving the target information sent by the third-party service platform specifically includes: Receive the target information sent by the third-party service platform that corresponds to the at least one sub-query data field.

12. The method according to claim 7, characterized in that, Before generating the request message based on the de-identified intersection fields and the query data fields expected by the business party, the method further includes: Retrieve the plaintext intersection field that has not undergone anonymization; Based on the desensitization strategy provided by the third-party service platform, the plaintext intersection field is desensitized to obtain the desensitized intersection field.

13. A data query method, characterized in that, Applied to the data source side, the method includes: The system receives de-identified intersection fields and query data fields that the business party expects to query from a third-party service platform. The de-identified intersection fields are obtained by the business party through de-identification processing of plaintext intersection fields, and the detailed data in the de-identified intersection fields is hidden. Based on the target field corresponding to the de-identified intersection field and the query data field, query the target information corresponding to the query data field; the target field is the reverse de-identified field of the de-identified intersection field or a field obtained by de-identifying the intersection field in the data source corresponding to the target data source based on the same de-identification strategy adopted by the business party. Send the target information to the third-party service platform; The third-party service platform is used to respond to the received target information by sending the target information to the corresponding business party.

14. The method according to claim 13, characterized in that, The step of querying the target information corresponding to the query data field based on the de-identified intersection field and the query data field specifically includes: Based on the same desensitization strategy adopted by the business party, the intersection field in the data source corresponding to the target data source party is desensitized; Based on the de-identified intersection field and the query data field, query the target information from the data source that matches the de-identified intersection field and the query data field.

15. The method according to claim 13, characterized in that, The step of querying the target information corresponding to the query data field based on the de-identified intersection field and the query data field specifically includes: Based on a preset reverse desensitization strategy, the desensitized intersection field is subjected to reverse desensitization processing to obtain the reverse desensitized intersection field; Based on the reverse desensitization intersection field and the query data field, query the target information that matches the reverse desensitization intersection field and the query data field from the data source corresponding to the target data source.

16. The method according to claim 13, characterized in that, Before sending the target information to the third-party service platform, the method further includes: The service provider receives a first encryption key sent by the third-party service platform, wherein the first encryption key is provided by the service provider to the third-party service platform. The target information is encrypted using the first encryption key; Sending the target information to the third-party service platform specifically includes: The encrypted target information is sent to the third-party service platform, and the business party decrypts the encrypted target information based on a preset first decryption key corresponding to the first encryption key.

17. The method according to claim 13, characterized in that, The third-party service platform is specifically used to generate a first relay message based on the de-identified intersection field and the query data field, and to encrypt the first relay message based on the third encryption key provided by the data source. The received anonymized intersection fields from the third-party service platform and the query data fields that the business party expects to query specifically include: Receive the encrypted first relay message sent by the third-party service platform; The first relay message is decrypted based on the preset third decryption key corresponding to the third encryption key to obtain the de-identified intersection field and the query data field.

18. The method according to claim 17, characterized in that, The query data fields include at least one subquery data field; The third-party service platform is used to send the de-identified intersection field and the at least one subquery data field to the corresponding data source. The step of querying the target information corresponding to the query data field based on the de-identified intersection field and the query data field specifically includes: Based on the desensitized intersection field and the at least one subquery data field, query the target information corresponding to the at least one subquery data field.

19. A third-party service platform, characterized in that, include: The acquisition module is used to acquire the request message sent by the business party. The request message includes the de-identified intersection field after de-identification processing and the query data field that the business party expects to query. The de-identified intersection field is obtained by the business party through de-identifying the plaintext intersection field, and the detailed data in the de-identified intersection field is hidden; The first sending module is used to send the de-identified intersection field and the query data field to the corresponding target data source. The target data source is used to query target information corresponding to the query data field based on the target field corresponding to the de-identified intersection field and the query data field. The target field is the reverse de-identified field of the de-identified intersection field or a field obtained by de-identifying the intersection field in the data source corresponding to the target data source based on the same de-identification strategy adopted by the business party. The first receiving module is used to receive the target information sent by the target data source. The second sending module is used to send the target information to the business party.

20. A first electronic device, characterized in that, The first electronic device is used by the business party and includes: The generation module is used to generate a request message based on the de-identified intersection field after de-identification processing and the query data field that the business party expects to query; the de-identified intersection field is obtained by the business party through de-identification processing of the plaintext intersection field, and the detailed data in the de-identified intersection field is hidden; The third sending module is used to send the request message to a third-party service platform; the third-party service platform is used to send the de-identified intersection field and the query data field to the corresponding target data source party; the target data source party is used to query the target information corresponding to the query data field based on the target field corresponding to the de-identified intersection field and the query data field; the target field is the reverse de-identified field of the de-identified intersection field or a field obtained by de-identifying the intersection field in the data source corresponding to the target data source party based on the same de-identification strategy adopted by the business party. The second receiving module is used to receive the target information sent by the third-party service platform.

21. A second electronic device, characterized in that, The second electronic device is used on the data source side and includes: The third receiving module is used to receive the de-identified intersection field and the query data field that the business party expects to query from the third-party service platform; the de-identified intersection field is obtained by the business party through de-identification processing of the plaintext intersection field, and the detailed data in the de-identified intersection field is hidden. The query module is used to query target information corresponding to the query data field based on the target field corresponding to the de-identified intersection field and the query data field; the target field is the reverse de-identified field of the de-identified intersection field or a field obtained by de-identifying the intersection field in the data source corresponding to the target data source based on the same de-identification strategy adopted by the business party. The fourth sending module is used to send the target information to the third-party service platform; the third-party service platform is used to respond to the received target information by sending the target information to the corresponding business party.

22. A third-party service platform, characterized in that, include: Processor and memory storing computer program instructions; When the processor executes the computer program instructions, it implements the data query method as described in any one of claims 1 to 6.

23. A first electronic device, characterized in that, include: Processor and memory storing computer program instructions; When the processor executes the computer program instructions, it implements the data query method as described in any one of claims 7 to 12.

24. A second electronic device, characterized in that, include: Processor and memory storing computer program instructions; When the processor executes the computer program instructions, it implements the data query method as described in any one of claims 13 to 18.

25. A data query system, characterized in that, It includes the third-party service platform as described in claim 22, the first electronic device as described in claim 23, and the second electronic device as described in claim 24.

26. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer program instructions that, when executed by a processor, implement the data query method as described in any one of claims 1 to 18.

27. A computer program product, characterized in that, The computer program product is stored in a non-volatile storage medium, and when executed by at least one processor, the computer program product implements the data query method as described in any one of claims 1 to 18.

Images