A distributed multi-party asynchronous isolated secure retrieval method and device

By building a shared network on the front-end cluster nodes and utilizing network gateways and TEE trusted execution environments, efficient and secure data retrieval and statistics are achieved in a network-isolated environment, solving the problems of data leakage and privacy breaches, and improving the security and efficiency of cross-network collaboration.

CN117407424BActive Publication Date: 2026-06-23SHANDONG INSPUR SCI RES INST CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
SHANDONG INSPUR SCI RES INST CO LTD
Filing Date
2023-10-24
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

In a network-isolated environment, how can we achieve efficient and secure data retrieval and statistics, avoid data and privacy leaks, and ensure the efficient execution of query services?

Method used

By building a shared network on the front-end cluster nodes, using a network gateway to isolate internal and external network nodes, and combining a Trusted Execution Environment (TEE) and covert query methods, data anonymization, access control, and query intent anonymization are performed to ensure that data operations are carried out in a trusted and isolated environment.

Benefits of technology

It achieves data security and privacy protection, reduces the risk of data leakage, improves retrieval and processing efficiency, and ensures the security and privacy of cross-network collaboration.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN117407424B_ABST
    Figure CN117407424B_ABST
Patent Text Reader

Abstract

The present application relates to the technical field of privacy computing, and specifically provides a distributed multi-party asynchronous isolated secure retrieval method and device, wherein a shared network is formed by a data retrieval initiator and a data owner using a front-end machine cluster node, retrieval business is completed based on a front-end machine TEE (Trusted Execution Environment) and a hidden query method; a permission control unit is configured on remote authentication permission control of the TEE, permission monitoring at an instruction level is realized, and through sensitive data desensitization, open data and ciphertext query data confusion, query initiator anonymization and query condition fuzzification, query intention request collection, it is ensured that the entire life cycle of data query and statistical operation is carried out in a trusted isolated environment, and the security and privacy protection of data are strengthened. Compared with the prior art, the present application effectively prevents malicious operation and illegal access, thereby ensuring the security and privacy protection of data.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of privacy computing technology, specifically providing a distributed multi-party asynchronous isolated secure retrieval method and apparatus. Background Technology

[0002] In today's information age, the rapid development of technologies such as big data and cloud computing has brought new challenges to data processing and storage. Complex organizations such as government systems, financial systems, and large corporations often possess multiple physically isolated node clusters. These isolation measures aim to improve data security and privacy protection. However, the isolated environment also makes it difficult for data to be collaboratively processed across different clusters. Especially in scenarios involving joint analysis and queries, directly sharing raw data may lead to privacy breaches and data misuse risks, thus requiring a secure and efficient solution.

[0003] Currently, many organizations need to conduct cross-network collaborative queries and statistics while ensuring data security, which involves several complex issues. First, how to conduct asynchronous queries in different isolated environments to ensure data is not directly shared, thereby reducing the risk of data leakage. Second, how to guarantee the privacy of the query and statistical processes, ensuring that the sensitive information of both the querying party and the data owner is not leaked, thus reducing the scope of data breaches. Furthermore, ensuring the efficient execution of query operations is also a challenge.

[0004] In this context, how to effectively utilize Trusted Execution Environments (TEEs) and privacy-preserving technologies (such as Privacy Information Retrieval, PIR) to achieve efficient and secure data retrieval and statistics in a network-isolated environment has become an urgent problem to be solved. Summary of the Invention

[0005] This invention addresses the shortcomings of the prior art by providing a highly practical distributed multi-party asynchronous isolated secure retrieval method.

[0006] A further technical objective of this invention is to provide a reasonably designed, safe, and applicable distributed multi-party asynchronous isolated secure retrieval device.

[0007] The technical solution adopted by this invention to solve its technical problem is:

[0008] A distributed, multi-party asynchronous, isolated, and secure retrieval method is proposed. The data retrieval initiator and the data owner utilize a shared network composed of front-end machine cluster nodes. The network gateway enables isolation between internal and external network node clusters. The business intranet exchanges data with the front-end machine cluster through data anonymization and secure data transmission. The retrieval business is completed based on the front-end machine's TEE trusted execution environment and covert query method.

[0009] Configure an access control unit on the remote authentication and access control of the TEE Trusted Execution Environment to achieve instruction-level access monitoring. By anonymizing sensitive data, obfuscating open data with encrypted query data, anonymizing query initiators and blurring query conditions, and aggregating query intent requests, ensure that the entire lifecycle of data query and statistical operations is carried out in a trusted and isolated environment, thereby strengthening data security and privacy protection.

[0010] Furthermore, the data retrieval initiator is an external system or user, who initiates a retrieval request through a shared network composed of front-end machine cluster nodes, including submitting a query intent, submitting a query request, and receiving query results;

[0011] The data owner represents the organization or entity that owns the original data. It is responsible for providing the data for distributed, multi-party, asynchronous, isolated, and secure retrieval. It has a network that isolates the front-end cluster and the internal network business system, and achieves physical isolation of the network through a network gateway.

[0012] Furthermore, the front-end cluster serves as a resource node for the internal network business system to the outside world. It is physically isolated from the internal network system through a network gateway, providing functions such as organization registration, message queues, creation, operation and management of the TEE trusted execution environment, and storage of de-identified data.

[0013] Furthermore, the sensitive data desensitization involves encrypting and storing the desensitized data provided by the intranet business system in the aforementioned front-end cluster node;

[0014] The TEE (Trusted Execution Environment) runs on the front-end cluster nodes and is a secure, isolated hardware and software environment that provides a protected execution space to run retrieval services, ensuring that sensitive data and critical code remain secure even when subjected to malicious attacks or unauthorized access.

[0015] Furthermore, the creation, operation, and management of the TEE Trusted Execution Environment constitute the Trusted Execution Environment Lifecycle Management. When data queries and statistics are required, the TEE Trusted Execution Environment will be dynamically created and destroyed immediately after the query is completed, ensuring that the query operation is performed in a secure and isolated environment, and that the data is promptly cleared after the query is completed.

[0016] Furthermore, the following steps are involved in setting up the retrieval environment for the front-end network:

[0017] S1-1, Front-end machine cluster node construction: The data owner creates a front-end machine cluster node, which forms a shared network with other front-end machine clusters in the organization, providing resources for distributed, multi-party asynchronous isolated data security retrieval.

[0018] S1-2, Network Gateway Isolation: A network gateway is used to achieve physical isolation between the front-end server cluster nodes and the internal network cluster nodes running the business system;

[0019] S1-3, Organization Registration: Utilize centralized or distributed registration services within the organization to complete organization registration and data resource directory registration;

[0020] S1-4. Create a Trusted Execution Environment (TEE) for permission management: The data owner creates a trusted execution environment in the front-end cluster for storing permission rules.

[0021] S1-5, Permission Review: The data owner forms data permission rules for specific institutional users based on the institution's registration information, transmits them to the front-end cluster through the network gateway, and saves them in read-only state to the permission management TEE environment created in step S4.

[0022] S1-6. Create a Trusted Execution Environment (TEE) for de-identified public data: The data owner creates a trusted execution environment in the front-end cluster for storing shared de-identified public data.

[0023] S1-7. Shared and publicly de-identified data: The data owner uses the de-identification system to select shareable data within the organization, performs data de-identification operations, and stores the de-identified data in the de-identified public data TEE environment created in S7 through a network gateway.

[0024] S1-8. Start Message Queue: Start the message queue service in the front-end cluster to receive query intent requests from the data retrieval initiator;

[0025] S1-9. Start Trusted Execution Environment Management Service: Create a Trusted Execution Environment Management Service (TEE) in the front-end cluster for secure execution of data retrieval services.

[0026] Furthermore, the following steps are involved in conducting secure data retrieval:

[0027] S2-1, Search initiator initiates query intent request: Multiple legitimate search initiators create query intent requests and send them to the message queue of the specified front-end cluster according to the directory resources;

[0028] S2-2, Query Request Aggregation and Data Assembly: The front-end cluster creates TEE trusted execution environment images based on multiple intent request information, then anonymizes the query intents, and aggregates multiple sets of query intent requests to form query request groups.

[0029] S2-3, Asynchronous Transmission of the Network Gateway: The network gateway periodically transfers query request groups to the data processing module of the internal network business system;

[0030] S2-4. Preparing Retrieved Data: Based on the mixed query conditions, the intranet business system extracts the required data from the intranet cluster and processes the data according to the hidden query algorithm.

[0031] S2-5, Transmission to the front-end cluster: Create a trusted execution environment (TEE) for retrieval data in the front-end cluster. The data transmission module of the intranet business system uses a network gateway to directly transmit the data to the trusted execution environment for retrieval data TEE. Based on the estimated query business resources, multiple trusted execution environments for retrieval data TEE are copied, and the data retrieval initiator is notified that the data has been prepared.

[0032] S2-6, Remote Authentication and Access Control: The identity of each retrieval initiator is confirmed through remote authentication. An instance is created based on the TEE Trusted Execution Environment image created in S2-2, and the access control unit is loaded through the access management TEE environment.

[0033] S2-7. Securely execute the retrieval task: In the TEE Trusted Execution Environment instance created in S2-6, load the publicly de-identified data through the de-identified public data TEE environment, and perform a hidden query using the KeywordPIR protocol with the retrieval data TEE Trusted Execution Environment under the monitoring of the permission control unit, and ensure that the query business operation is performed within the specified time limit.

[0034] S2-8. Result Obfuscation and Query Result Return: The retrieval initiator will obfuscate the execution results in the TEE Trusted Execution Environment with the publicly de-identified data and return them to the retrieval initiator.

[0035] S2-9. Data Destruction: Destroy the TEE environment and related log data related to this retrieval in the front-end machine cluster to ensure that the data is not left in the execution environment.

[0036] A distributed multi-party asynchronous isolated secure retrieval device includes: at least one memory and at least one processor;

[0037] The at least one memory is used to store a machine-readable program;

[0038] The at least one processor is used to call the machine-readable program to execute a distributed multi-party asynchronous isolated secure retrieval method.

[0039] Compared with the prior art, the distributed multi-party asynchronous isolated secure retrieval method and apparatus of the present invention have the following outstanding advantages:

[0040] This invention introduces a Trusted Execution Environment (TEE) into the front-end machine to ensure that data querying and statistical operations are performed in a trusted and isolated environment. Sensitive data is loaded directly into the TEE through a network gateway, effectively preventing malicious operations and unauthorized access, thereby ensuring data security and privacy protection.

[0041] This method configures an access control unit on top of remote authentication permissions. Only authorized users who have passed authentication can use the TEE environment to perform query and statistical operations. At the same time, the access control unit restricts the execution of only specific instructions and specifies processing time limits to ensure the security of data query and processing. Furthermore, a registration mechanism is used to ensure that data providers can only create TEE environments with the authorization of the registration authority, preventing the establishment of unauthorized TEE environments.

[0042] Compared to traditional retrieval methods, this approach combines covert queries with a trusted execution environment to create dual privacy protection. By anonymizing sensitive data and obfuscating open data with encrypted query data, the overall data volume processed during execution in the trusted environment is increased, reducing the risk of data leakage. Simultaneously, by anonymizing the query initiator and obfuscating query conditions, requests with query intent are aggregated into a comprehensive query request group. This ensures that the data owner cannot know the specific query operation performed by the querying party, increasing the level of data privacy protection. Furthermore, the data assembled by the data owner reduces the data accessibility, eliminating the need to transmit the entire database to the front-end server, thus improving retrieval processing efficiency to some extent.

[0043] This method not only ensures the security of the computing environment platform, but also guarantees the data privacy and security of all parties involved in the retrieval business. It provides an efficient and reliable solution for secure cross-network collaborative querying and statistics with physical isolation, effectively solving data privacy and security issues, and has high practical value and broad application prospects. Attached Figure Description

[0044] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0045] Appendix Figure 1 This is a flowchart illustrating a distributed, multi-party, asynchronous, isolated, and secure retrieval method. Detailed Implementation

[0046] To enable those skilled in the art to better understand the present invention, the present invention will be further described in detail below with reference to specific embodiments. Obviously, the described embodiments are merely some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0047] The following is a preferred embodiment:

[0048] like Figure 1 As shown in this embodiment, a distributed multi-party asynchronous isolation security retrieval method is designed for the actual scenarios of physical isolation security retrieval and statistics in complex organizations such as government systems, financial systems, and large group companies. The data retrieval initiator and the data owner utilize a shared network composed of front-end machine cluster nodes, and achieve internal and external network node cluster isolation through a network gateway. The business intranet exchanges data with the front-end machine cluster through data anonymization and secure data transmission, and completes the retrieval business based on the front-end machine TEE trusted execution environment and covert query method.

[0049] On top of basic access control such as remote authentication permissions in the TEE Trusted Execution Environment, an access control unit is configured to achieve instruction-level access monitoring. Through sensitive data anonymization, obfuscation of open data and encrypted query data, anonymization of query initiators and fuzzification of query conditions, and aggregation of query intent requests, the entire lifecycle of data query and statistical operations is ensured to be carried out in a trusted and isolated environment, thereby strengthening data security and privacy protection.

[0050] Among them, the retrieval initiator is an external system or user, who initiates a retrieval request through a shared network composed of front-end machine cluster nodes, including submitting query intent, submitting query request, and receiving query results;

[0051] The data owner represents the organization or entity that owns the original data. It is responsible for providing the data for distributed, multi-party, asynchronous, isolated, and secure retrieval. It has a network that is isolated from the front-end cluster and the internal network business system, and achieves physical isolation of the network through a network gateway.

[0052] The intranet business system runs in an intranet node cluster and includes modules such as data storage, data masking, data processing, and data transmission. The data storage module is used to store the cleaned and cataloged business data. The data masking module implements the data masking function. The data processing module is mainly responsible for extracting the required data according to the query intent request. The data transmission module realizes secure data exchange through the network gateway.

[0053] The front-end cluster is a resource node for the internal network business systems of a complex organization to the outside world. It is physically isolated from the internal network system through a network gateway and provides functions such as organization registration, message queues, creation, operation and management of TEE trusted execution environment, and storage of de-identified data.

[0054] The organization registration function is a front-end cluster node that manages the registration information of different organizations and data owners. It can adopt a unified management method with a central node or a separate permission management method, and provides a metadata directory for data retrieval.

[0055] Sensitive data de-identification involves encrypting and storing de-identified data provided by the internal network business system in the front-end cluster nodes;

[0056] Message queues are used to receive and process query anonymization intents from retrieval initiators and are responsible for aggregating multiple sets of query requests into query request groups.

[0057] The Trusted Execution Environment (TEE) runs on the front-end node and is a secure, isolated hardware and software environment that provides a protected execution space to run retrieval services. This ensures that sensitive data and critical code remain secure even when subjected to malicious attacks or unauthorized access. It includes functional modules such as remote authentication, access control unit, and communication between TEE TEEs.

[0058] The remote authentication module is used to verify the legitimacy of the retrieval initiator's identity. The permission control unit is a read-only program running in the TEE trusted execution environment, used to implement instruction-level permission monitoring, restrict the operation of query business in TEE, allow only the execution of specific instructions, and specify the processing time limit.

[0059] The creation, operation, and management of the TEE (Trusted Execution Environment) is part of the Trusted Execution Environment lifecycle management. When data queries and statistics are required, the TEE is dynamically created and destroyed immediately after the query is completed, ensuring that the query operation is performed in a secure and isolated environment. Furthermore, the data is promptly cleared after the query is completed to prevent the risk of data retention and leakage.

[0060] The following steps are involved in setting up a front-end network for retrieval:

[0061] S1-1, Front-end machine cluster node construction: The data owner creates a front-end machine cluster node, which forms a shared network with other front-end machine clusters in the organization, providing resources for distributed, multi-party asynchronous isolated data security retrieval.

[0062] S1-2, Network Gateway Isolation: A network gateway is used to achieve physical isolation between the front-end server cluster nodes and the internal network cluster nodes running the business system;

[0063] S1-3, Organization Registration: Utilize centralized or distributed registration services within the organization to complete organization registration and data resource directory registration;

[0064] S1-4. Create a Trusted Execution Environment (TEE) for permission management: The data owner creates a trusted execution environment in the front-end cluster for storing permission rules.

[0065] S1-5, Permission Review: The data owner forms data permission rules for specific institutional users based on the institution's registration information, transmits them to the front-end cluster through the network gateway, and saves them in read-only state to the permission management TEE environment created in step S4.

[0066] S1-6. Create a Trusted Execution Environment (TEE) for de-identified public data: The data owner creates a trusted execution environment in the front-end cluster for storing shared de-identified public data.

[0067] S1-7. Shared and publicly de-identified data: The data owner uses the de-identification system to select shareable data within the organization, performs data de-identification operations, and stores the de-identified data in the de-identified public data TEE environment created in S7 through a network gateway.

[0068] S1-8. Start Message Queue: Start the message queue service in the front-end cluster to receive query intent requests from the data retrieval initiator;

[0069] S1-9. Start Trusted Execution Environment Management Service: Create a Trusted Execution Environment Management Service (TEE) in the front-end cluster for secure execution of data retrieval services.

[0070] The following steps are involved in performing secure data retrieval:

[0071] S2-1, Search initiator initiates query intent request: Multiple legitimate search initiators create query intent requests and send them to the message queue of the specified front-end cluster according to the directory resources;

[0072] S2-2, Query Request Aggregation and Data Assembly: The front-end cluster creates TEE trusted execution environment images based on multiple intent request information, then anonymizes the query intents, and aggregates multiple sets of query intent requests to form query request groups.

[0073] S2-3, Asynchronous Transmission of the Network Gateway: The network gateway periodically transfers query request groups to the data processing module of the internal network business system;

[0074] S2-4. Preparing Retrieved Data: Based on the mixed query conditions, the intranet business system extracts the required data from the intranet cluster and processes the data according to the hidden query algorithm.

[0075] S2-5, Transmission to the front-end cluster: Create a trusted execution environment (TEE) for retrieval data in the front-end cluster. The data transmission module of the intranet business system uses a network gateway to directly transmit the data to the trusted execution environment for retrieval data TEE. Based on the estimated query business resources, multiple trusted execution environments for retrieval data TEE are copied, and the data retrieval initiator is notified that the data has been prepared.

[0076] S2-6, Remote Authentication and Access Control: The identity of each retrieval initiator is confirmed through remote authentication. An instance is created based on the TEE Trusted Execution Environment image created in S2-2, and the access control unit is loaded through the access management TEE environment.

[0077] S2-7. Securely execute the retrieval task: In the TEE Trusted Execution Environment instance created in S2-6, load the publicly de-identified data through the de-identified public data TEE environment, and perform a hidden query using the KeywordPIR protocol with the retrieval data TEE Trusted Execution Environment under the monitoring of the permission control unit, and ensure that the query business operation is performed within the specified time limit.

[0078] S2-8. Result Obfuscation and Query Result Return: The retrieval initiator will obfuscate the execution results in the TEE Trusted Execution Environment with the publicly de-identified data and return them to the retrieval initiator.

[0079] S2-9. Data Destruction: Destroy the TEE environment and related log data related to this retrieval in the front-end machine cluster to ensure that the data is not left in the execution environment.

[0080] Based on the above method, a distributed multi-party asynchronous isolated secure retrieval device in this embodiment includes: at least one memory and at least one processor;

[0081] The at least one memory is used to store a machine-readable program;

[0082] The at least one processor is used to call the machine-readable program to execute a distributed multi-party asynchronous isolated secure retrieval method.

[0083] The specific embodiments described above are merely specific examples of the present invention. The patent protection scope of the present invention includes, but is not limited to, the specific embodiments described above. Any technical solution that conforms to the technical claims of the present invention and any appropriate changes or substitutions made by a person skilled in the art should fall within the patent protection scope of the present invention.

[0084] Although embodiments of the invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made to these embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the appended claims and their equivalents.

Claims

1. A distributed, multi-party asynchronous isolated secure retrieval method, characterized in that, The data retrieval initiator and the data owner utilize a shared network composed of front-end machine cluster nodes. Through a network gateway, they achieve internal and external network node cluster isolation. The business intranet exchanges data with the front-end machine cluster through data anonymization and secure data transmission. The retrieval business is completed based on the front-end machine's TEE trusted execution environment and covert query method. Configure an access control unit on the remote authentication and access control of the TEE Trusted Execution Environment to achieve instruction-level access monitoring. By desensitizing sensitive data, obfuscating open data with encrypted query data, anonymizing query initiators and blurring query conditions, and aggregating query intent requests, ensure that the entire lifecycle of data query and statistical operations is carried out in a trusted and isolated environment, thereby strengthening data security and privacy protection. The data retrieval initiator is an external system or user, who initiates a retrieval request through a shared network composed of front-end machine cluster nodes, including submitting query intent, submitting query request, and receiving query results; The data owner represents the organization or entity that owns the original data, is responsible for providing the data for distributed, multi-party, asynchronous, isolated, and secure retrieval, and has a network that isolates the front-end cluster and the internal network business system from each other, and achieves physical isolation of the network through a network gateway; The front-end cluster serves as the external resource node for the intranet business system. It is physically isolated from the intranet system through a network gateway, providing functions such as organization registration, message queues, creation, operation and management of the TEE trusted execution environment, and storage of de-identified data. The sensitive data desensitization involves encrypting and storing the desensitized data provided by the intranet business system in the aforementioned front-end cluster nodes; The TEE Trusted Execution Environment runs in the front-end cluster nodes. It is a secure and isolated hardware and software environment that provides a protected execution space to run retrieval services, ensuring that sensitive data and critical code remain secure even when subjected to malicious attacks or unauthorized access. The creation, operation, and management of the TEE Trusted Execution Environment is the lifecycle management of the Trusted Execution Environment. When data querying and statistics are required, the TEE Trusted Execution Environment will be dynamically created and destroyed immediately after the query is completed, ensuring that the query operation is performed in a secure and isolated environment, and that the data is cleared in a timely manner after the query is completed. The following steps are involved in setting up a front-end network for retrieval: S1-1, Front-end machine cluster node construction: The data owner creates a front-end machine cluster node, which forms a shared network with other front-end machine clusters in the organization, providing resources for distributed, multi-party asynchronous isolated data security retrieval. S1-2, Network Gateway Isolation: A network gateway is used to achieve physical isolation between the front-end server cluster nodes and the internal network cluster nodes running the business system; S1-3, Organization Registration: Utilize centralized or distributed registration services within the organization to complete organization registration and data resource directory registration; S1-4. Create a Trusted Execution Environment (TEE) for permission management: The data owner creates a trusted execution environment in the front-end cluster for storing permission rules. S1-5, Permission Review: The data owner forms data permission rules for specific institutional users based on the institution's registration information, transmits them to the front-end cluster through the network gateway, and saves them in read-only state to the permission management TEE environment created in step S4. S1-6. Create a Trusted Execution Environment (TEE) for de-identified public data: The data owner creates a trusted execution environment in the front-end cluster for storing shared de-identified public data. S1-7. Shared and publicly de-identified data: The data owner uses the de-identification system to select shareable data within the organization, performs data de-identification operations, and stores the de-identified data in the de-identified public data TEE environment created in S7 through a network gateway. S1-8. Start Message Queue: Start the message queue service in the front-end cluster to receive query intent requests from the data retrieval initiator; S1-9. Start Trusted Execution Environment Management Service: Create a Trusted Execution Environment Management Service (TEE) in the front-end cluster for secure execution of data retrieval services; The following steps are involved in performing secure data retrieval: S2-1, Search initiator initiates query intent request: Multiple legitimate search initiators create query intent requests and send them to the message queue of the specified front-end cluster according to the directory resources; S2-2, Query Request Aggregation and Data Assembly: The front-end cluster creates TEE trusted execution environment images based on multiple intent request information, then anonymizes the query intents, and aggregates multiple sets of query intent requests to form query request groups. S2-3, Asynchronous Transmission of the Network Gateway: The network gateway periodically transfers query request groups to the data processing module of the internal network business system; S2-4. Preparing Retrieved Data: Based on the mixed query conditions, the intranet business system extracts the required data from the intranet cluster and processes the data according to the hidden query algorithm. S2-5, Transmission to the front-end cluster: Create a trusted execution environment (TEE) for retrieval data in the front-end cluster. The data transmission module of the intranet business system uses a network gateway to directly transmit the data to the trusted execution environment for retrieval data TEE. Based on the estimated query business resources, multiple trusted execution environments for retrieval data TEE are copied, and the data retrieval initiator is notified that the data has been prepared. S2-6, Remote Authentication and Access Control: The identity of each retrieval initiator is confirmed through remote authentication. An instance is created based on the TEE Trusted Execution Environment image created in S2-2, and the access control unit is loaded through the access management TEE environment. S2-7. Securely execute the retrieval task: In the TEE Trusted Execution Environment instance created in S2-6, load the publicly de-identified data through the de-identified public data TEE environment, and perform a hidden query using the KeywordPIR protocol with the retrieval data TEE Trusted Execution Environment under the monitoring of the permission control unit, and ensure that the query business operation is performed within the specified time limit. S2-8. Result Obfuscation and Query Result Return: The retrieval initiator will obfuscate the execution results in the TEE Trusted Execution Environment with the publicly de-identified data and return them to the retrieval initiator. S2-9. Data Destruction: Destroy the TEE environment and related log data related to this retrieval in the front-end machine cluster to ensure that the data is not left in the execution environment.

2. A distributed multi-party asynchronous isolated secure retrieval device, characterized in that, include: At least one memory and at least one processor; The at least one memory is used to store a machine-readable program; The at least one processor is configured to invoke the machine-readable program to execute the method of claim 1.