Data usage method and server for privacy protection

By providing a data transfer interface in the data usage platform and using encryption algorithms to process data, the problem of privacy leakage during secure data transfer is solved, achieving more efficient data management and security.

CN117272376BActive Publication Date: 2026-07-14ANT BLOCKCHAIN TECHNOLOGY (SHANGHAI) CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ANT BLOCKCHAIN TECHNOLOGY (SHANGHAI) CO LTD
Filing Date
2023-09-19
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

Existing technologies pose a risk of privacy leaks during secure data transfer, and data management is difficult to control effectively.

Method used

By providing a data transfer interface in the data usage platform, using encryption algorithms to process data, restricting user usage patterns, and securely transferring data between different domains.

Benefits of technology

It improves the security and management efficiency of data transfer, ensures that the privacy information of data owners is not leaked, and enhances the management functions of data.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN117272376B_ABST
    Figure CN117272376B_ABST
Patent Text Reader

Abstract

A data use method for privacy protection is executed by a first server, the first server is deployed in a first domain, the first domain further includes a first database corresponding to a first user, the first database stores first data of the first user, and the method comprises the following steps: receiving use application information of the first data sent by a second user; sending an identifier of the first data to a first device of the first user according to the use application information; receiving authorization information from the first device, wherein the authorization information comprises use restriction information of the first data; configuring a first interface according to the use application information and the use restriction information; reading the first data from the first database by executing the first interface, encrypting the first data, generating ciphertext of the first data, and storing the ciphertext of the first data for providing to the second user.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The embodiments in this specification belong to the field of computer technology, and in particular relate to a data usage method and server for privacy protection. Background Technology

[0002] Data generally refers to a valuable, measurable, and readable electronic resource belonging to a business or individual. When using data provided by the data owner, businesses or individuals need to use technical processing to ensure the secure transfer of the data, thereby protecting the data owner's privacy. Summary of the Invention

[0003] The purpose of this invention is to provide a method for using data with privacy protection in order to improve data management.

[0004] This specification provides, in a first aspect, a method for using data with privacy protection, executed by a first server deployed within a first domain. The first domain further includes a first database corresponding to a first user, the first database storing first data of the first user. The method includes:

[0005] Receive a request from a second user to use the first data;

[0006] Based on the usage application information, the identifier of the first data is sent to the first user's first device;

[0007] Receive authorization information from the first device, the authorization information including usage restriction information on the first data;

[0008] Configure the first interface in the first server according to the usage application information and the usage restriction information;

[0009] By executing the first interface, the first data is read from the first database, the first data is encrypted, ciphertext of the first data is generated, and the ciphertext of the first data is stored for provision to the second user.

[0010] In one embodiment, the first interface includes a conversion plugin, and configuring the first interface according to the usage application information and the usage restriction information includes: configuring the conversion plugin with an encryption algorithm corresponding to the usage restriction information according to the usage restriction information.

[0011] In one embodiment, the conversion plugin includes at least one of the following encryption algorithms: a searchable encryption algorithm that supports equality queries, a searchable encryption algorithm that supports fuzzy queries, a fully homomorphic encryption algorithm, and the Chinese national cryptographic algorithm SM4.

[0012] In one implementation, storing the ciphertext of the first data includes storing the ciphertext of the first data in a second database within the first domain.

[0013] In one implementation, configuring the first interface based on the usage application information and the usage restriction information includes:

[0014] In response to the authorization information, a first task is generated, the first task including at least a portion of the usage application information and the usage restriction information;

[0015] Execute the first task to generate configuration information for the first interface;

[0016] Based on the triggering of the first task, a second task is generated, and the second task includes the configuration information;

[0017] Perform the second task: configure the first interface.

[0018] In one implementation, performing the second task further includes:

[0019] The first interface is executed according to its configuration.

[0020] In one implementation, the method further includes: receiving a domain identifier corresponding to the second user; the first task and the second task further include a domain identifier corresponding to the second user, and the execution of the second task further includes:

[0021] Based on the domain identifier corresponding to the second user, when it is determined that the second user corresponds to a second domain different from the first user, a third task is triggered to generate. The third task includes the identifier of the encrypted first data, the identifier of the second database, and the domain identifier of the second domain.

[0022] The third task is to retrieve the ciphertext of the first data from the second database and send the ciphertext of the first data to the second server in the second domain.

[0023] In one implementation, performing the second task further includes:

[0024] Based on the domain identifier corresponding to the second user, when it is determined that the second user corresponds to the same domain as the first user, a fourth task is triggered to generate. The fourth task includes the identifier of the encrypted first data, the identifier of the second database, and the identifier of the third database in the first domain, which corresponds to the second user.

[0025] The fourth task is to retrieve the ciphertext of the first data from the second database and store the ciphertext of the first data in the third database.

[0026] In one implementation, performing the fourth task further includes:

[0027] Trigger the generation of a fifth task, which includes the identifier of the second database and the identifier of the encrypted first data;

[0028] The fifth task is performed to delete the encrypted version of the first data in the second database according to preset conditions.

[0029] In one embodiment, the method further includes: receiving a processing request for the ciphertext of the first data from the device of the second user; reading the ciphertext of the first data from the third database according to the processing request; processing the ciphertext of the first data to obtain a second ciphertext; and returning the second ciphertext to the device of the second user.

[0030] A second aspect of this specification provides a server deployed within a first domain, the first domain further including a first database corresponding to a first user, the first database storing first data of the first user, the server comprising:

[0031] The receiving unit is configured to receive a usage request for the first data sent by the second user;

[0032] A sending unit is configured to send the identifier of the first data to the first user's first device based on the usage application information;

[0033] The receiving unit is further configured to: receive authorization information from the first device, the authorization information including usage restriction information on the first data;

[0034] A configuration unit is configured to configure a preset first interface in the server according to the usage application information and the usage restriction information;

[0035] An execution unit is configured to read the first data from the first database by executing the first interface, encrypt the first data, generate ciphertext of the first data, and store the ciphertext of the first data for provision to a second user.

[0036] A third aspect of this specification provides a computer-readable storage medium having a computer program stored thereon, which, when executed in a computer, causes the computer to perform the method described in the first aspect.

[0037] A fourth aspect of this specification provides a computing device including a memory and a processor, wherein the memory stores executable code, and the processor executes the executable code to implement the method described in the first aspect.

[0038] The data usage method provided in the embodiments of this specification allows data to be encrypted using a corresponding encryption algorithm based on the usage restriction information specified by the data owner, by calling a preset data transfer interface, for use by the data applicant. This provides data owners with better data management capabilities and further enhances data security, avoiding the risk of data leakage. Attached Figure Description

[0039] To more clearly illustrate the technical solutions of the embodiments in this specification, the drawings used in the description of the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments recorded in this specification. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0040] Figure 1 This is a system architecture diagram of an embodiment of this specification;

[0041] Figure 2 This is a flowchart illustrating a method for using data within a domain in one embodiment of this specification;

[0042] Figure 3 This is a flowchart illustrating a method for using cross-domain data in an embodiment of this specification;

[0043] Figure 4 This is an architecture diagram of a server as described in one of the embodiments of this specification. Detailed Implementation

[0044] To enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this specification, and not all embodiments. Based on the embodiments in this specification, all other embodiments obtained by those skilled in the art without creative effort should fall within the scope of protection of this specification.

[0045] Currently, with the development of internet technology, the amount of data generated is increasing daily. Data refers to a resource in electronic form that belongs to an enterprise or individual, possesses data ownership, is valuable, measurable, and readable. Data ownership includes exploration rights, usage rights, and ownership. The electronic resource refers to resources formed using electronic technologies such as computer applications, communication, and modern management techniques, including text, graphics, symbols, numbers, and letters. Data may have at least one of the following attributes: name, instance ID, unique identifier ID, on-chain ID, participating node identifier, dataset identifier, evidence hash, source path, encryption key, approval process ID, whether it is encrypted, whether it is sensitive data, and status.

[0046] In related technologies, when enterprises or individuals use data provided by other enterprises or individuals, they need to use technical processing to ensure secure transfer and prevent the leakage of other enterprises' or individuals' private data. However, this technical processing is quite complex. Servers typically call data processing interfaces provided by other computing platforms to process the data (e.g., encryption), which can easily lead to the risk of data leakage.

[0047] Therefore, embodiments of this specification provide a data usage platform that includes a data transfer interface. Through this interface, data can be securely transferred between users, allowing one user's data to be provided to another. The interface also allows for restrictions on how users use the data, enhancing data management capabilities, improving the security of data transfer, and increasing the execution efficiency of the data usage platform.

[0048] Figure 1 This is a system architecture diagram of an embodiment of this specification. Figure 1 As shown, the system may include multiple domains ( Figure 1 The diagram illustrates domains D1 and D2. Each domain includes a server cluster and storage devices, supports user registration and login, and can store user data. Servers in different domains have different access domain names. For example, domain D1 includes server S1. User U1 can register on server S1 through device U1, and user U2 can register on server S1 through device U2. In addition, domain D1 may include database DB1 corresponding to user U1, database DB2 corresponding to user U2, and an intermediate database DB. m1 Domain D2 includes server S2. User U3 can register on server S2 through device U3. Domain D2 may include database DB3 corresponding to user U3, and intermediate database DB. m2 .

[0049] In the embodiments described in this specification, secure data transfer can be achieved by providing data transfer interfaces to servers in each domain. This allows user data to be protected while, for example, allowing user U2 to access user U1's data. Furthermore, server S1 in domain D1 and server S2 in domain D2 are interconnected via a network. Server S2 can send encrypted data from domain D2 to server S1, enabling user U1, registered in domain D1, to access user data in domain D2.

[0050] Figure 2 This is a flowchart illustrating a method for using data within a domain according to one embodiment of this specification. This method can be executed by the device of user U1 corresponding to domain D1, the device of user U2, and server S1. Figure 1 As shown, both user U1 and user U2 are registered on server S1, and therefore each has a corresponding database in domain D1. For example, when user U2 wants to use user U1's data, server S1 can provide the data to user U1 within domain D1.

[0051] Specifically, see reference Figure 2 First, in step S201, user U2 device sends a request for use of user U1's data to server S1.

[0052] User U1 can send its data Data1 and associated information to server S1 via its U1 device. The associated information includes, for example, the data ID of data1, the user ID to which data1 belongs, the domain of the user to which data1 belongs, the authorization information of data1, and a description of the content of data1. After receiving data Data1 and its associated information, server S1 can store the plaintext data Data1 and its associated information in the database DB1 corresponding to user U1 in domain D1. Then, user U1 can send the data usage rules and data usage approval process for data Data1 to server S1 and publish data Data1 and its publication information on server S1. This publication information includes, for example, at least some of the aforementioned associated information. In one embodiment, the publication information may also include information such as the identifier of the database DB1 in domain D1 where data Data1 is stored. After user U1 publishes data Data1, other users can view the publication information of data Data1 from server S1.

[0053] After receiving the data usage rules for Data1, server S1 can store these rules for future use in determining usage restrictions for other users. After receiving the data usage approval process for Data1, server S1 can generate configuration information for the data usage approval code based on this process. This configuration information is then used to execute the data usage approval code when a user requests to use Data1.

[0054] For example, after user U2 views the publication information of data Data1 on server S1, and determines that they need to use data Data1, user U2 can send a request to server S1 to use data Data1. This request may include, for example, the identifier of the data owner, the domain of the data owner, the data identifier, and the data user identifier. In one embodiment, the request may also include the identifier of the database where the data is stored, and the identifier of the database that the data user will use to store the data.

[0055] In step S203, if the server S1 determines that the domain of the data owner in the data usage application information is the domain where the server S1 is located, the server S1 sends the identifier of the data Data1 to the user U1's device.

[0056] After receiving the identifier for data Data1, server S1 executes the aforementioned data usage approval code to initiate the approval process. Server S1 can determine the authorization information for data Data1 based on the data itself. This authorization information includes usage restrictions on data Data1. These restrictions may include, for example, restrictions on usage patterns, restrictions on the number of times the data can be used, and data anonymization strategies.

[0057] In one implementation, server S1 retrieves user U2's identity information from a database storing user identity information based on user U2's identifier, and sends the identifier of data Data1 and user U2's identity information to user U1's device. Upon receiving the identifier of data Data1 and user U2's identity information, user U1 generates authorization information for user U2. This authorization information indicates whether authorization is granted to user U2. If authorized, the authorization information also includes restrictions on user U2's use of data Data1. These restrictions may include, for example, restrictions on usage patterns, restrictions on the number of times the data can be used, and data anonymization strategies.

[0058] The usage mode can include at least one of the following: equality query, fuzzy query, string concatenation, string length adjustment, substring extraction, string to lowercase, string to uppercase, etc. The usage mode restriction can specify at least one of the above usage modes, thereby limiting the user's data usage mode. Server S1 can encrypt the target data and provide it to the applicant by selecting an encryption algorithm corresponding to the mode restriction in the authorization information, thereby restricting the data usage mode. For example, server S1 can select a searchable encryption algorithm (SSE) that supports equality queries to restrict users from using data in the equality query mode; it can select an SSE that supports fuzzy queries to allow users to use data in the fuzzy query mode; or it can select a fully homomorphic encryption algorithm to restrict users from performing operations such as string concatenation, obtaining string length, substring extraction, string to lowercase, and string to uppercase on the data.

[0059] Usage limits can specify the total number of times a user can use the data and / or the number of times a user can use the data per day. Server S1 can configure the gateway according to the usage limit to implement the usage limit.

[0060] Data masking strategies specify how data is masked, such as hash masking, overlay masking, and pseudonym masking. When server S1 receives plaintext data, it can mask the plaintext data based on this masking strategy.

[0061] In step S205, user U1 device sends authorization information to server S1.

[0062] In step S207, server S1 configures the data transfer interface based on the application information and authorization information.

[0063] In server S1, the data transfer process can be driven by tasks. After receiving the application information and authorization information, server S1 can generate a data access task Task1 and add Task1 to the task list. Task1 is executable code that includes at least part of the information in the application and authorization information. Specifically, Task1 may include data identifier, data source connection information, and data transfer target information.

[0064] Server S1 can then execute Task1. By executing Task1, the complete information required for this data transfer is extracted from Task1 and the database, and Task2 is triggered. Task2 is used to initialize the data transfer interface based on the information obtained from Task1, and then perform the data transfer by executing the data transfer interface.

[0065] The data transfer interface may include a reader, a transformer, and a writer.

[0066] The data transfer interface can be used as a data synchronization framework, abstracting the synchronization of different data sources into a Reader plugin that reads data from the source data source, a Writer plugin that writes data to the target end, and a custom Transformer plugin for data processing. The Reader reads raw data from the source database, the Transformer performs the data processing required for various encryption methods, and the Writer writes the processed ciphertext data to the target database. By calling this data transfer interface during the encryption transfer execution flow, no external computing engine is needed, avoiding the risks of data leakage and replacement of the actual execution method when data flows into an external computing engine for encryption.

[0067] When executing Task2, server S1 can generate configuration information for the read plugin based on the data owner information in the application information. This configuration information may include, for example, the identifier of the database DB1 storing data Data1. Server S1 configures the read plugin using this configuration information, and can then read data Data1 from database DB1 by running the read plugin.

[0068] Server S1 can configure the conversion plugin based on the authorization information. The conversion plugin is pre-configured with encryption algorithms corresponding to various usage modes.

[0069] The searchable encryption that supports equal search includes the following process: (1) Parameter preparation: Generate the data encryption key secretKey, deduce the searchable encryption key subKey using secretKey and additional information (data unique identifier id), and randomly generate the initial vector iv. (2) Base point calculation: encrypt the plaintext data to be encrypted using sm3 to obtain the ciphertext hm, take the subgroup base point G from the ECDSA (Elliptic Curve Digital Signature Algorithm) curve according to the cryptographic standard Secp256k1 parameter definition, and calculate the modulo of the horizontal coordinate of subKey and hm with respect to G to obtain hmTimesK1. (3) Point encoding: perform addition and multiplication operations on hmTimesK1 and G, calculate another point ecMes on the curve, perform uncompressed encoding on ecMes, truncate part of the middle segment encoding, and take the front segment encoding and the back segment encoding as the equal search index.

[0070] The searchable encryption that supports fuzzy search includes the following process: (1) Parameter preparation: Generate the data encryption key secretKey, deduce the searchable encryption key subKey using secretKey and additional information (data unique identifier id), randomly generate the initial vector iv, and segment the data to be encrypted according to the segment length numSearchIndexNum (customizable, default is 3). (2) Constructing bloom filter: If the length of the data to be encrypted is less than numSearchIndexNum, construct it directly; if the length of the data to be encrypted is greater than numSearchIndexNum, construct it only for the specified length, and after construction, populate the bloom filter in parallel, and use the bloom filter as the index for fuzzy search (like Search Index).

[0071] Fully homomorphic encryption includes the following steps: Based on the field type, (1) for String type fields, use the BFV algorithm for encryption. (2) for Date type fields, use the SM4 algorithm for encryption. (3) for Byte, Short, Integer, Long, Float, and Double type fields, use the CKKS algorithm for encryption.

[0072] Server S1 can select an encryption algorithm corresponding to the specified usage mode included in the authorization information. For example, if the authorization information includes support for strict equality queries, server S1 can select a searchable encryption algorithm (SSE) that supports strict equality queries in the conversion plugin. If the authorization information includes support for fuzzy queries, server S1 can select a searchable encryption algorithm (SSE) that supports fuzzy queries in the conversion plugin. If the authorization information includes support for strict equality queries, server S1 can select a searchable encryption algorithm (SSE) that supports strict equality queries in the conversion plugin. If the authorization information includes support for usage modes such as string concatenation, string length adjustment, substring extraction, string conversion to lowercase, and string conversion to university level, server S1 can select a fully homomorphic encryption algorithm in the conversion plugin. Additionally, if the authorization information does not specify a usage mode, server S1 can select the Chinese national cryptographic algorithm SM4 in the conversion plugin for data encryption.

[0073] Server S1 can also generate configuration information for the write plugin based on the identifiers of intermediate databases included in domain D1. For example, this configuration information includes the database DB. m1 The identifier allows the write plugin to write data Data1 to the database DB. m1 .

[0074] In step S209, server S1 reads data from database DB1 by executing the data transfer interface, encrypts the data, and stores the ciphertext data in database DB1. m1 .

[0075] After configuring the data transfer interface, server S1 executes the interface according to task Task2 to complete the data transfer. Specifically, the reader plugin reads data Data1 from database DB1, the transformer plugin encrypts Data1 to obtain ciphertext data, and the writer plugin stores the ciphertext data in database DB1. m1 middle.

[0076] When the transformer plugin is executed, based on the configuration information, an encryption algorithm corresponding to the user-specified usage mode is selected to encrypt the data Data1, thereby limiting the usage mode of the data applicant (i.e., user U2 who applies to use data Data1). The encryption key for the data in server S1 is provided by user U1, or the encryption / decryption key is generated by server S1 and then provided to user U1, so that user U1 can decrypt the encrypted data, or authorize other users to decrypt the encrypted data.

[0077] In step S211, server S1, upon determining that user U2 corresponds to server S1, retrieves data from database DB. m1 Read the encrypted data and store it in the database DB2.

[0078] After completing Task 2, if server S1 determines that the data recipient (i.e., user U2) corresponds to server S1 (i.e., user U2 is also registered with server S1), it generates Task 3. Task 3 includes the aforementioned application information and is used to call the data transfer interface based on the application information to transfer encrypted data from database DB. m1 Transfer to database DB2 corresponding to user U2.

[0079] Specifically, server S1 configures the reader plugin for the data transfer interface by executing task Task3, for use in transferring data from the database DB. m1 Read the encrypted data from Data1, configure the writer plugin to write the read encrypted data to database DB2. Then, server S1 executes the configured reader and writer plugins to read the data from database DB2. m1 Read the encrypted data and store it in the database DB2.

[0080] After completing Task 3, server S1 can trigger the generation of Task 4, thereby executing Task 4 to modify the database DB. m1Delete encrypted data stored in the system. For example, you can set it to delete encrypted data after it has been stored for more than 24 hours.

[0081] In step S213, user U2 device sends processing information for encrypted data to server S1.

[0082] For example, for ciphertext data obtained by performing searchable encryption on data Data1, user device U2 can encrypt search keywords based on, for example, an encryption key to obtain ciphertext keywords, and send the ciphertext keywords to server S1.

[0083] For ciphertext data obtained through fully homomorphic encryption, the user U2 device can send processing mode information to the server S1. The processing mode may include at least one of the following: converting the ciphertext to uppercase or lowercase, taking the absolute value, calculating the average value, performing addition, subtraction, multiplication, division, exponential and logarithmic operations, etc.

[0084] In step S215, server S1 reads encrypted data from database DB2 according to the processing information, processes the encrypted data, and obtains the processing result.

[0085] Specifically, for ciphertext data obtained through searchable encryption, server S1 can search the ciphertext data based on ciphertext keywords to obtain search results.

[0086] For ciphertext data obtained through full-state encryption, server S1 can process the ciphertext data according to the processing mode information to obtain the processing result.

[0087] In step S217, server S1 returns the processing result to user U2 device.

[0088] After receiving the processing result, user U2 device can send the ciphertext processing result to user U1 device. After decrypting the processing result, user U1 device will return the plaintext processing result to user U2 device, so that user U2 can obtain the plaintext processing result.

[0089] Figure 2 The diagram shown is a flowchart of a data usage method for data transfer within a domain. The solutions provided in the embodiments of this specification can also transfer data between domains, so that users can use other users' data across domains.

[0090] Figure 3 This is a flowchart illustrating a cross-domain data usage method as described in an embodiment of this specification. This method can be executed by the device of user U1 corresponding to domain D1, the device of user U3 corresponding to domain D2, server S1, and server S2. Figure 1As shown, users U1 and U3 are registered on different servers. Therefore, user U1 has a corresponding database DB1 in domain D1, and user U3 has a corresponding database DB3 in domain D2. When user U3 wants to use user U1's data, the data can be transferred from domain D1 to domain D2 through servers S2 and S1 to be provided to user U3.

[0091] like Figure 3 As shown, firstly, in step S301, user U3 device sends a request for the use of user U1's data to server S2.

[0092] After user U1 publishes data Data1 in domain D1 as described above, server S1 can provide the publication information of the data published in domain D1 to other domains for publication in those other domains, thereby making it available to users in those domains. In one implementation, servers in each domain are connected to a blockchain, allowing them to upload publication information of data from their own domain to the blockchain and retrieve publication information of data from other domains from the blockchain. For example, server S2 in domain D2 can retrieve the publication information of data Data1 from domain D1 from the blockchain and publish the publication information of data Data1 in its own domain.

[0093] After viewing the publication information of data Data1 from server S2, user U3 in domain D2 determines that they need to use data Data1. Therefore, user U3 can send a request to server S2 to use data Data1. This request may include, for example, the identifier of the data owner (i.e., user U1's identifier), the domain of the data owner, the data identifier, and the identifier of the data user (i.e., user U3's identifier). In one embodiment, the request may also include the identifier of the database where the data is stored and the identifier of the database that the data user will use to store the data.

[0094] In step S303, server S2 sends a request to server S1 for the use of data Data1 of user U1.

[0095] Server S2 can determine the domain D1 where the data owner resides based on the usage request information, and can also determine that the data owner and the data requester are in different domains. In one implementation, the usage request information may include a Uniform Resource Locator (URL) for data Data1. If the server determines that any one of the protocol, domain name, or port of the URL differs from the data URL in domain D1, it considers the usage request information to be a cross-domain request. After confirming that the usage request information is a cross-domain request, server S2 can send the usage request information to server S1 corresponding to domain D1. Server S2 may add the identifier "D2" of the domain to which user U3 belongs to the usage request information and send the updated usage request information to server S1.

[0096] Server S2 stores the identity information uploaded by user U3 during registration. The server can read user U3's identity information and then send user U3's identity information along with the usage application information to server S1 in domain D1.

[0097] In step S305, server S1 sends the data identifier to user U1 device.

[0098] In step S307, user U1 sends authorization information to server S1.

[0099] Steps S305 and S307 can be referred to the description of steps S203 and S205 above, and will not be repeated here.

[0100] In step S309, server S1 configures the data transfer interface based on the application information and authorization information.

[0101] In step S311, server S1 reads data from database DB1 by executing the data transfer interface, encrypts the data, and stores the ciphertext data in database DB1. m1 .

[0102] Steps S309 and S311 are similar to the descriptions of steps S207 and S209 above, and will not be repeated here. It is understood that although the above description refers to storing the encrypted ciphertext data in a database within domain D1, this specification is not limited to this. For example, server S1 can execute a write plugin to store the ciphertext data in a pre-defined database outside domain D1 for use by user U3. In this case, server S2 can directly read the ciphertext data from the database outside domain D1 and make it available to user U3.

[0103] In step S313, server S1, upon determining that user U3 corresponds to domain D2, retrieves data from database DB. m1 Read the encrypted data and send the encrypted data to server S2.

[0104] Server S1 can determine, for example, that user U3 corresponds to domain D2 by using the identifier of the domain sending the user in the application information. After determining that user U3 is in a different domain, server S1 retrieves the information from database DB. m1 Read the encrypted data and send it to server S2. Specifically, server S1 can also generate the aforementioned Task1 in step S309, and trigger the generation of Task2 based on the completion of Task1. After completing Task2 and determining that user U3 corresponds to domain D2, server S1 triggers the generation of Task5, which includes the identifier of the encrypted data of Data1 and the database DB. m1 The identifier and the identifier of domain D2 are used to retrieve data from the database DB. m1 Read the encrypted data and send it to server S2 in domain D2.

[0105] In step S315, server S2 stores the received ciphertext data into database DB. m2 In this process, a data transfer interface is configured based on the application information.

[0106] Specifically, after receiving the encrypted data of Data1, server S2 can trigger the generation of Task6, which includes the aforementioned application information for configuring the data transfer interface and transferring the encrypted data by executing the data transfer interface.

[0107] Server S2 can use a pre-set database DB for storing cross-domain data. m2 The configuration information for the reader plugin is configured based on the identifier of user U3 in the application information or the identifier of the database corresponding to user U3.

[0108] In step S317, server S2 executes the data transfer interface to transfer data from database DB. m2 Read the encrypted data and store it in the database DB3.

[0109] After configuring the data transfer interface, server S2 can execute the data transfer interface to transfer data from database DB. m2 Read the encrypted data and store it in database DB3. After completing Task 6, trigger the generation of Task 7 to retrieve data from database DB3 at a preset time. m2 Delete encrypted data.

[0110] In step S319, user U3 device sends data processing information to server S2.

[0111] In step S321, server S2 reads encrypted data from database DB3 according to data processing information, processes the encrypted data, and obtains the processing result.

[0112] In step S323, server S2 returns the processing result to user U3 device.

[0113] Steps S319-S323 can be referred to the description of steps S213-S217 above, and will not be repeated here.

[0114] Figure 4 This is an architecture diagram of a server according to an embodiment of this specification. The server is deployed in a first domain, which also includes a first database corresponding to a first user. The first database stores the first user's first data. The server is used to perform actions such as... Figure 2 or Figure 3 The method shown includes:

[0115] Receiving unit 41 is used to receive usage application information for the first data sent by the second user;

[0116] The sending unit 42 is configured to send the identifier of the first data to the first user's first device according to the usage application information;

[0117] The receiving unit 41 is further configured to: receive authorization information from the first device, the authorization information including usage restriction information on the first data;

[0118] Configuration unit 43 is configured to configure the first interface according to the usage application information and the usage restriction information;

[0119] The execution unit 44 is configured to read the first data from the first database by executing the first interface, encrypt the first data, generate ciphertext of the first data, and store the ciphertext of the first data in the second database in the first domain for provision to the second user.

[0120] This specification also provides a computer-readable storage medium having a computer program stored thereon, which, when executed in a computer, causes the computer to perform actions such as... Figure 2 or Figure 3 The method shown.

[0121] This specification also provides a computing device, including a memory and a processor, wherein the memory stores executable code, and when the processor executes the executable code, it implements, as described above. Figure 2 or Figure 3 The method shown.

[0122] In the 1990s, improvements to a technology could be clearly distinguished as either hardware improvements (e.g., improvements to the circuit structure of diodes, transistors, switches, etc.) or software improvements (improvements to the methodology). However, with technological advancements, many methodological improvements today can be considered direct improvements to the hardware circuit structure. Designers almost always obtain the corresponding hardware circuit structure by programming the improved methodology into the hardware circuit. Therefore, it cannot be said that a methodological improvement cannot be implemented using hardware physical modules. For example, a Programmable Logic Device (PLD) (such as a Field Programmable Gate Array (FPGA)) is such an integrated circuit whose logic function is determined by the user programming the device. Designers can program and "integrate" a digital system onto a PLD themselves, without needing chip manufacturers to design and manufacture dedicated integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing integrated circuit chips, this programming is mostly implemented using "logic compiler" software. Similar to the software compiler used in program development, the original code before compilation must be written in a specific programming language, called a Hardware Description Language (HDL). There are many HDLs, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, and RHDL (Ruby Hardware Description Language). Currently, the most commonly used are VHDL (Very-High-Speed ​​Integrated Circuit Hardware Description Language) and Verilog. Those skilled in the art should understand that by simply performing some logic programming on the method flow using one of these hardware description languages ​​and programming it into an integrated circuit, the hardware circuit implementing the logical method flow can be easily obtained.

[0123] The controller can be implemented in any suitable manner. For example, it can take the form of a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro)processor, logic gates, switches, application-specific integrated circuits (ASICs), programmable logic controllers, and embedded microcontrollers. Examples of controllers include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicon Labs C8051F320. A memory controller can also be implemented as part of the control logic of the memory. Those skilled in the art will also recognize that, in addition to implementing the controller in purely computer-readable program code form, the same functionality can be achieved by logically programming the method steps to make the controller take the form of logic gates, switches, application-specific integrated circuits, programmable logic controllers, and embedded microcontrollers. Therefore, such a controller can be considered a hardware component, and the means included therein for implementing various functions can also be considered as structures within the hardware component. Alternatively, the means for implementing various functions can be considered as both software modules implementing the method and structures within the hardware component.

[0124] The systems, devices, modules, or units described in the above embodiments can be implemented by computer chips or physical entities, or by products with certain functions. A typical implementation device is a server system. Of course, this application does not exclude the possibility that, with the future development of computer technology, the computer implementing the functions of the above embodiments can be, for example, a personal computer, a laptop computer, an in-vehicle human-machine interaction device, a cellular phone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or any combination of these devices.

[0125] While one or more embodiments of this specification provide the operational steps of the methods described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive means. The order of steps listed in the embodiments is merely one possible order of execution among many steps and does not represent the only possible order. In actual device or end product execution, the methods shown in the embodiments or drawings may be executed sequentially or in parallel (e.g., in a parallel processor or multi-threaded processing environment, or even a distributed data processing environment). The terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, product, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, product, or apparatus. Without further limitations, the presence of other identical or equivalent elements in the process, method, product, or apparatus that includes the elements is not excluded. For example, the use of terms such as "first," "second," etc., is to denote names and does not indicate any particular order.

[0126] For ease of description, the above devices are described in terms of function, divided into various modules. Of course, when implementing one or more of these specifications, the functions of each module can be implemented in one or more software and / or hardware components, or a module that performs the same function can be implemented by a combination of multiple sub-modules or sub-units. The device embodiments described above are merely illustrative. For example, the division of units is only a logical functional division; in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces, indirect coupling or communication connection between devices or units, and may be electrical, mechanical, or other forms.

[0127] This invention is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart... Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0128] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0129] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0130] In a typical configuration, a computing device includes one or more processors (CPU), input / output interfaces, network interfaces, and memory.

[0131] Memory may include non-persistent storage in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM. Memory is an example of computer-readable media.

[0132] Computer-readable media includes both permanent and non-permanent, removable and non-removable media that can store information by any method or technology. Information can be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, magnetic disk storage, graphene storage or other magnetic storage devices, or any other non-transferable medium that can be used to store information accessible by a computing device. As defined herein, computer-readable media does not include transient computer-readable media, such as modulated data signals and carrier waves.

[0133] Those skilled in the art will understand that one or more embodiments of this specification can be provided as a method, system, or computer program product. Therefore, one or more embodiments of this specification may take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of this specification may take the form of a computer program product implemented on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0134] One or more embodiments of this specification can be described in the general context of computer-executable instructions, such as program modules, that are executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform a particular task or implement a particular abstract data type. One or more embodiments of this specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices connected via a communication network. In distributed computing environments, program modules can reside in local and remote computer storage media, including storage devices.

[0135] The various embodiments in this specification are described in a progressive manner. Similar or identical parts between embodiments can be referred to mutually. Each embodiment focuses on describing the differences from other embodiments. In particular, system embodiments are basically similar to method embodiments, so the description is relatively simple; relevant parts can be referred to the descriptions in the method embodiments. In the description of this specification, the terms "one embodiment," "some embodiments," "example," "specific example," or "some examples," etc., refer to specific features, structures, materials, or characteristics described in connection with that embodiment or example, which are included in at least one embodiment or example of this specification. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described can be combined in any suitable manner in one or more embodiments or examples. Moreover, without contradiction, those skilled in the art can combine and integrate the different embodiments or examples described in this specification and the features of different embodiments or examples.

[0136] The above description is merely an embodiment of one or more embodiments of this specification and is not intended to limit the scope of these embodiments. Various modifications and variations can be made to these embodiments by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this specification should be included within the scope of the claims.

Claims

1. A method for using data with privacy protection, executed by a first server deployed in a first domain, the first domain further including a first database corresponding to a first user, the first database storing first data of the first user, the method comprising: Receive a request from a second user to use the first data; Based on the usage application information, the identifier of the first data is sent to the first user's first device; Receive authorization information from the first device, the authorization information including usage restriction information on the first data; Configure the preset first interface in the first server according to the usage application information and the usage restriction information; By executing the first interface, the first data is read from the first database, the first data is encrypted, ciphertext of the first data is generated, and the ciphertext of the first data is stored for provision to the second user; The first interface includes a conversion plugin; The step of configuring the first interface based on the usage application information and the usage restriction information includes: Based on the usage restriction information, configure the conversion plugin with an encryption algorithm corresponding to the usage restriction information.

2. The method according to claim 1, wherein the conversion plugin includes at least one of the following encryption algorithms: a searchable encryption algorithm that supports equality queries, a searchable encryption algorithm that supports fuzzy queries, a fully homomorphic encryption algorithm, and the Chinese national cryptographic algorithm SM4.

3. The method according to claim 1, wherein the ciphertext storing the first data comprises: The encrypted version of the first data is stored in the second database within the first domain.

4. The method according to claim 3, wherein configuring the first interface based on the usage application information and the usage restriction information comprises: In response to the authorization information, a first task is generated, the first task including at least a portion of the usage application information and the usage restriction information; Execute the first task to generate configuration information for the first interface; Based on the triggering of the first task, a second task is generated, and the second task includes the configuration information; Perform the second task: configure the first interface.

5. The method according to claim 4, wherein performing the second task further comprises: The first interface is executed according to the configuration of the first interface.

6. The method according to claim 5, further comprising: Receive the domain identifier corresponding to the second user; The first task and the second task also include a domain identifier corresponding to the second user, and executing the second task further includes: Based on the domain identifier corresponding to the second user, when it is determined that the second user corresponds to a second domain different from the first user, a third task is triggered to generate. The third task includes the identifier of the encrypted first data, the identifier of the second database, and the domain identifier of the second domain. The third task is to retrieve the ciphertext of the first data from the second database and send the ciphertext of the first data to the second server in the second domain.

7. The method according to claim 6, wherein performing the second task further comprises: Based on the domain identifier corresponding to the second user, when it is determined that the second user corresponds to the same domain as the first user, a fourth task is triggered to generate. The fourth task includes the identifier of the encrypted first data, the identifier of the second database, and the identifier of the third database in the first domain, which corresponds to the second user. The fourth task is to retrieve the ciphertext of the first data from the second database and store the ciphertext of the first data in the third database.

8. The method according to claim 7, wherein performing the fourth task further comprises: Trigger the generation of a fifth task, which includes the identifier of the second database and the identifier of the encrypted first data; The fifth task is performed to delete the encrypted version of the first data in the second database according to preset conditions.

9. The method according to claim 7, further comprising: The device receives a request to process the ciphertext of the first data from the second user's device. Based on the processing request, the device reads the ciphertext of the first data from the third database, processes the ciphertext of the first data to obtain the second ciphertext, and returns the second ciphertext to the second user's device.

10. A server deployed within a first domain, the first domain further comprising a first database corresponding to a first user, the first database storing first data of the first user, the server comprising: The receiving unit is configured to receive a usage request for the first data sent by the second user; A sending unit is configured to send the identifier of the first data to the first user's first device based on the usage application information; The receiving unit is further configured to: receive authorization information from the first device, the authorization information including usage restriction information on the first data; A configuration unit is configured to configure a preset first interface in the server according to the usage application information and the usage restriction information; An execution unit is configured to read the first data from the first database by executing the first interface, encrypt the first data, generate ciphertext of the first data, and store the ciphertext of the first data for provision to a second user. The first interface includes a conversion plugin; The configuration unit is specifically used to configure the conversion plugin with an encryption algorithm corresponding to the usage restriction information based on the usage restriction information.

11. A server comprising a memory and a processor, the memory storing executable code, wherein the processor, when executing the executable code, implements the method of any one of claims 1-9.