A privacy-enhanced local vectorized knowledge base reasoning system and method

By employing privacy-enhanced semantic decomposition, encrypted vectorized knowledge base, zero-knowledge reasoning instruction generation, and model routing mechanisms, the privacy protection issue in large model inference systems is resolved, ensuring data security and compliance during use and guaranteeing that user data is not leaked.

CN122365571APending Publication Date: 2026-07-10HUNAN YOULI MEDICAL TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
HUNAN YOULI MEDICAL TECH
Filing Date
2026-04-14
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

Existing large-scale model inference systems suffer from privacy risks such as data upload risks, privacy leaks, insufficient model access control, and lack of encryption protection for data transmission, failing to effectively address the core issue of 'data being usable but not visible'.

Method used

A privacy-enhanced semantic decomposition module is used to perform semantic decomposition and anonymization of user information; an encrypted vectorized knowledge base module is used for encrypted data storage and retrieval; a zero-knowledge reasoning instruction generation module generates anonymized instructions; a privacy-first model routing mechanism is used for secure model invocation; a data lifecycle destruction module ensures data erasure; and a privacy compliance assessment module is used for auditing.

Benefits of technology

It achieves end-to-end privacy protection from data input to result output, prevents data leakage, ensures data sovereignty belongs to the user, complies with GDPR and other regulatory requirements, and is suitable for privacy-sensitive fields.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122365571A_ABST
    Figure CN122365571A_ABST
Patent Text Reader

Abstract

This invention discloses a privacy-enhanced local vectorized knowledge base reasoning system and method. It obtains user information to be protected for privacy purposes and performs semantic decomposition on the user information based on the user terminal to obtain personal identification information and question information. The personal identification information is stripped, and the question information is abstracted into a general intent tag. Homomorphic encryption technology is used to retrieve knowledge fragments matching the general intent tag, and the knowledge fragments are anonymized for user privacy. Reasoning instructions are generated based on the anonymized knowledge fragments and the general intent tag. The reasoning instructions are assigned to the target reasoning model for reasoning processing according to preset rules. Temporary data of the target reasoning model is cleared. The reasoning results are anonymized for privacy, and the behavior logs of the target reasoning model are audited for privacy. This achieves privacy-enhanced local vectorized reasoning that is data-usable but not visible, fully controllable and auditable, and compliant with privacy regulations.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of privacy computing technology, specifically to a privacy-enhanced local vectorized knowledge base reasoning system and method. Background Technology

[0002] With the rapid development of large language models, privacy-enhancing inference systems have been widely adopted. However, existing large-model inference systems still have significant shortcomings in terms of privacy protection.

[0003] Currently, the main shortcomings of existing large-scale model inference systems in terms of privacy protection are as follows: user raw data (such as medical records and transaction records) needs to be uploaded to the model server, which poses a risk of interception or misuse; user question intent may be used by model service providers for training or analysis, leading to privacy leaks; intermediate data generated during the inference process (such as semantic vectors and subtask decomposition results) may indirectly expose sensitive information; and there is a lack of access control over the inference model, which cannot prevent the model from storing or transmitting user data.

[0004] However, while the aforementioned existing technologies can partially mitigate the risk of data leakage through retrieval-enhanced generation and local model deployment techniques, they do not address the core issue of "data being usable but not visible": the vectorization process may retain original data characteristics, inference instructions may contain sensitive information, and data transmission lacks encryption protection during model routing. Therefore, a full-chain privacy protection mechanism is urgently needed, encompassing data input, processing, transmission, and destruction, to ensure that data is not leaked while it is being used effectively. Summary of the Invention

[0005] The purpose of this invention is to provide a privacy-enhanced local vectorized knowledge base reasoning system and method to solve the above-mentioned problems in the prior art, namely, the core problem of "data is available but not visible" that the prior art has not solved: the vectorization process may retain the original data features, the reasoning instructions may contain sensitive information, and the data transmission during the model routing process lacks encryption protection.

[0006] In a first aspect, this application provides a privacy-enhanced local vectorized knowledge base reasoning system, the system comprising: The privacy-enhanced semantic decomposition module is used to obtain user information to be protected by privacy, and to perform semantic decomposition processing on the user information based on the user terminal to obtain personal identification information and question information. The privacy-enhanced semantic decomposition module is further used to strip the personal identification information from the user information to obtain question information, and to abstract the question information into a general intent label, wherein the general intent label is used to indicate the label for abstracting the question into a general question type; The encrypted vectorized knowledge base module is used to retrieve knowledge fragments that match the general intent tag from the local encrypted vector library using homomorphic encryption technology, and to perform user privacy desensitization processing on the knowledge fragments. The zero-knowledge reasoning instruction generation module is used to generate reasoning instructions based on the desensitized knowledge fragments and the general intent tags; A privacy-first model routing mechanism module is used to allocate the inference instructions to the target inference model for inference processing according to preset rules, and obtain the inference result. The target inference model includes a local model and a cloud model. The data lifecycle destruction module is used to clear the temporary data of the target inference model; The privacy compliance assessment module is used to perform privacy desensitization processing on the inference results and to perform privacy audit processing on the behavior logs of the target inference model.

[0007] In one possible implementation, the privacy-enhanced semantic decomposition module includes: Local private parsing unit: used to deploy a lightweight semantic decomposition model on the user terminal to perform semantic decomposition processing on the user information to obtain personal identification information and question information.

[0008] Intent anonymization unit: used to strip the personal identification information from the user information to obtain question information, and map the question information to a general intent tag; The differential privacy subtask splitting unit is used to split the complex problem into multiple subtasks when the user information is a complex problem; The differential privacy subtask splitting unit is further configured to add Laplace noise to the plurality of subtasks to blur the dependencies of the subtasks, the dependencies being used to indicate the association between the subtasks and the user information.

[0009] In one possible implementation, the encrypted vectorized knowledge base module includes: A local encrypted storage unit is used to acquire user raw data, perform vectorization processing on the raw data using national cryptographic algorithms, and encrypt and store the generated vector data. The user raw data includes the user information. The homomorphic encryption retrieval unit is used to perform similarity calculation and matching processing on the encrypted vector data based on the general intent tag to obtain the knowledge fragment corresponding to the general intent tag; The knowledge fragment desensitization unit is used to perform user privacy desensitization processing on the knowledge fragment to obtain the desensitized knowledge fragment. The user privacy desensitization processing includes replacing user privacy fields with preset placeholders.

[0010] In one possible implementation, the zero-knowledge reasoning instruction generation module includes: A privacy isolation instruction construction unit is used to obtain the index corresponding to the desensitized knowledge fragment, and generate a reasoning instruction based on the anonymized intent tag, the index corresponding to the desensitized knowledge fragment, and the general reasoning steps. The anonymized intent tag is used to indicate the tag obtained by anonymizing and desensitizing the general intent tag. The intermediate token blinding unit is used to embed random noise strings when generating intermediate step prompts for guided reasoning, and to process the association between the intermediate token sequence in the reasoning process and the user information to make the target reasoning model not associate with the user information when based on the intermediate token features.

[0011] In one possible implementation, the privacy-preferred model routing mechanism module includes: The local model priority unit is used to obtain the local inference threshold. When the task complexity corresponding to the inference instruction is not higher than the local inference threshold, inference processing is performed based on the local model. An encrypted channel transmission unit is used to transmit the inference instructions through an encrypted communication channel based on the cloud model when the task complexity is higher than the local inference threshold. The model permission control unit is used to control the cloud model to execute the zero storage protocol. The execution of the zero storage protocol includes: using code auditing and sandbox isolation technology to control the cloud model to perform zero data storage processing, so that the cloud model does not retain data after inference.

[0012] In one possible implementation, the data lifecycle destruction module includes: The real-time destruction unit is used to perform real-time clearing of temporary data generated in the local model after the inference task is completed. The cloud session clearing unit is used to send a destruction command to the cloud model, so that the cloud will clear the inference session cache data based on the destruction command; The audit log encryption unit is used to encrypt and store the log files of the inference processing of the local model and the log files of the inference processing of the cloud model using a user key. The permissions of the log files are user-defined, and the logs do not contain data that can be associated with the user information.

[0013] In one possible implementation, the privacy compliance assessment module includes: The reasoning result desensitization check unit is used to perform privacy scanning processing on the reasoning result output by the target reasoning model. If the scanning result contains personal identification information, the reasoning result will not be output and an alarm log will be generated. The model behavior auditing unit is used to perform privacy detection processing on the operation logs of the local model and the cloud model according to a preset time period, and generate a privacy compliance report based on the detection processing results.

[0014] Secondly, this application provides a privacy-enhanced local vectorized knowledge base reasoning method, which includes: Obtain user information that needs to be protected for privacy, and perform semantic decomposition processing on the user information based on the user terminal to obtain personal identification information and question information; The personal identification information in the user information is stripped to obtain the problem information, and the problem information is abstracted into a general intent label. The general intent label is used to indicate the label that abstracts the problem into a general problem type. Homomorphic encryption technology is used to retrieve knowledge fragments that match the general intent tag from a local encrypted vector library, and the knowledge fragments are then anonymized for user privacy. Based on the desensitized knowledge fragments and the general intent tags, inference instructions are generated; According to preset rules, the inference instructions are assigned to the target inference model for inference processing to obtain inference results. The target inference model includes a local model and a cloud model. The temporary data of the target inference model is cleared. The inference results are anonymized for privacy, and the behavior logs of the target inference model are audited for privacy.

[0015] In one possible implementation, before stripping the personal identification information from the user information to obtain question information, and abstracting the question information into a generic intent tag, the method further includes: When the user information is a complex problem, the complex problem is broken down into multiple sub-tasks; Laplace noise is added to the multiple subtasks to blur the dependencies between the subtasks, and the dependencies are used to indicate the association between the subtasks and the user information.

[0016] In one possible implementation, the step of using homomorphic encryption to retrieve knowledge fragments matching the general intent tag from a local encrypted vector library, and then performing user privacy desensitization processing on the knowledge fragments, includes: The user's original data is obtained, and the original data is vectorized using a national cryptographic algorithm. The generated vector data is then encrypted and stored. The original user data includes the user information. Based on the general intent tag, similarity calculation and matching processing are performed on the encrypted stored vector data to obtain the knowledge fragment corresponding to the general intent tag; The knowledge fragment is subjected to user privacy desensitization processing to obtain a desensitized knowledge fragment. The user privacy desensitization processing includes replacing user privacy fields with preset placeholders.

[0017] In one possible implementation, generating the reasoning instruction based on the desensitized knowledge fragment and the general intent tag includes: Obtain the index corresponding to the desensitized knowledge fragment, and generate a reasoning instruction based on the anonymized intent tag, the index corresponding to the desensitized knowledge fragment, and the general reasoning steps. The anonymized intent tag is used to indicate the tag obtained by anonymizing and desensitizing the general intent tag. When generating intermediate step prompts for guided reasoning, random noise strings are embedded to de-associate the relationship between the intermediate token sequence in the reasoning process and the user information, so that the target reasoning model does not associate the user information when based on the intermediate token features.

[0018] In one possible implementation, the step of assigning the inference instructions to the target inference model for inference processing according to preset rules includes: Obtain the local inference threshold. If the task complexity corresponding to the inference instruction is not higher than the local inference threshold, then perform inference processing based on the local model. When the task complexity exceeds the local inference threshold, the inference instructions are transmitted through an encrypted communication channel based on the cloud model. Controlling the cloud model to execute a zero-storage protocol includes: using code auditing and sandbox isolation technology to control the cloud model to perform zero data storage processing, so that the cloud model does not retain data after inference.

[0019] In one possible implementation, the step of clearing the temporary data of the target inference model includes: After the inference task is completed, the temporary data generated in the local model is cleared in real time. Send a destruction command to the cloud model so that the cloud can clear the inference session cache data based on the destruction command; The log files for inference processing of the local model and the log files for inference processing of the cloud model are encrypted and stored using a user key. The permissions of the log files are limited to the user, and the logs do not contain data that can be associated with the user's information.

[0020] In one possible implementation, the privacy-desensitizing processing of the inference result and the privacy auditing processing of the behavior log of the target inference model include: The inference results output by the target inference model are subjected to privacy scanning. If the scanning results contain personal identification information, the inference results are not output and an alarm log is generated. Privacy detection processing is performed on the operation logs of the local model and the cloud model according to a preset time period, and a privacy compliance report is generated based on the detection processing results.

[0021] The beneficial effects of this invention are as follows: This application obtains user information subject to privacy protection and performs semantic decomposition processing on the user information based on the user terminal to obtain personal identification information and question information; it then removes the personal identification information from the user information to obtain question information, and abstracts the question information into a general intent label, which is used to indicate the label for abstracting the question into a general question type; it uses homomorphic encryption technology to retrieve knowledge fragments corresponding to the general intent labels from a local encrypted vector library, and performs user privacy desensitization processing on the knowledge fragments; it generates inference instructions based on the desensitized knowledge fragments and general intent labels; it assigns the inference instructions to the target inference model for inference processing according to preset rules to obtain inference results, the target inference model including a local model and a cloud model; it clears the temporary data of the target inference model; it performs privacy desensitization processing on the inference results, and performs privacy audit processing on the behavior logs of the target inference model.

[0022] By employing local processing, encrypted vectorization, and homomorphic encryption retrieval, the system ensures that raw data is not leaked and can be effectively utilized. From question input to result output, it covers the entire process of data parsing, knowledge retrieval, instruction generation, model invocation, and data lifecycle destruction, eliminating the risk of data interception. Through intent anonymization and intermediate token blinding, it prevents third parties from identifying or tracking users through question characteristics. Users possess data encryption keys, destruction permissions, and auditing rights, ensuring that data sovereignty belongs to the user. The built-in privacy compliance assessment mechanism complies with GDPR, Personal Information Protection Act, and other regulatory requirements, making it suitable for privacy-sensitive fields. Attached Figure Description

[0023] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.

[0024] Figure 1 This is a structural diagram of the privacy-enhanced local vectorized knowledge base reasoning system provided in this application; Figure 2 This is a flowchart of the privacy-enhanced local vectorized knowledge base reasoning method provided in this application; Figure 3 A schematic diagram illustrating the data lifecycle destruction sequence in the privacy-enhanced local vectorized knowledge base reasoning system and method provided in this application; Figure 4 This is an overall structural diagram of the privacy-enhanced local vectorized knowledge base reasoning system provided in this application. Detailed Implementation

[0025] To make the objectives, technical solutions, and advantages of this application clearer, the technical solutions of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0026] In this application, the terms "exemplary" or "for example" are used to indicate examples, illustrations, or descriptions. Any embodiment or design described as "exemplary" or "for example" in this application should not be construed as being more preferred or advantageous than other embodiments or designs. Specifically, the use of terms such as "exemplary" or "for example" is intended to present the relevant concepts in a specific manner.

[0027] First, let me explain the terms used in this application: Laplace noise is a random numerical value that follows a Laplace distribution. It is the most commonly used noise injection method in differential privacy. Compared with Gaussian noise, it is more efficient in protecting the privacy of one-dimensional data and can achieve the same privacy protection effect with less noise.

[0028] The national cryptographic algorithm (SM series algorithm) is an independent and controllable cryptographic technology standard system formulated by the State Cryptography Administration. Its core objective is to break the international cryptographic technology monopoly, safeguard national information security and data sovereignty, and it is widely used in key areas such as finance, government affairs, and privacy computing.

[0029] Cosine Similarity Retrieval Based on Fully Homomorphic Encryption (FHE): Fully Homomorphic Encryption (FHE) is a cryptographic technique that allows arbitrary computations (such as addition and multiplication) to be performed directly on encrypted data, with the decrypted output matching the plaintext computation result. Cosine similarity measures similarity by the ratio of the vector dot product to its magnitude. The combination of FHE and cosine similarity enables the calculation of vector similarity under encrypted conditions without exposing the original data, fundamentally protecting privacy.

[0030] The technical solution of this application and how the technical solution of this application solves the above-mentioned technical problems are described in detail below with specific embodiments. These specific embodiments can be combined with each other, and the same or similar concepts or processes may not be described again in some embodiments. The embodiments of this application will now be described with reference to the accompanying drawings.

[0031] Figure 1 This is a schematic diagram of the structure of a privacy-enhanced local vectorized knowledge base reasoning system provided in an embodiment of this application. For example... Figure 1 As shown in this embodiment, the privacy-enhanced local vectorized knowledge base reasoning system includes: The privacy-enhanced semantic decomposition module 101 is used to obtain user information to be protected by privacy, and to perform semantic decomposition processing on the user information based on the user terminal to obtain personal identification information and question information. Personal identification information may include, for example, name, ID number, and medical record number. Question information may include, for example, inquiries about diabetes medication.

[0032] The privacy-enhanced semantic decomposition module 101 is further configured to strip the personal identification information from the user information to obtain question information, and to abstract the question information into a general intent label, wherein the general intent label is used to indicate the label for abstracting the question into a general question type; Among them, the label that abstracts the problem into a general problem type can be, for example, abstracting "diabetes medication consultation" into "chronic disease treatment advice query".

[0033] The encrypted vectorized knowledge base module 102 is used to retrieve knowledge fragments that match the general intent tag in the local encrypted vector library using homomorphic encryption technology, and to perform user privacy desensitization processing on the knowledge fragments. The local encrypted vector library can be, for example, a vector database deployed on a local server. This database stores user's original data (such as documents, medical records, transaction records, etc.) after local vectorization processing, generating vector data. The vector data is then encrypted using a national cryptographic algorithm (such as SM4), with the key independently controlled by the user. This vector database supports retrieval by directly performing similarity calculations without decrypting the vectors using homomorphic encryption technology (such as cosine similarity retrieval based on fully homomorphic encryption FHE). This allows for the retrieval of relevant knowledge fragments without decryption, achieving "data available in an encrypted state."

[0034] The zero-knowledge reasoning instruction generation module 103 is used to generate reasoning instructions based on the desensitized knowledge fragments and the general intent tags; The privacy-first model routing mechanism module 104 is used to allocate the inference instructions to the target inference model for inference processing according to preset rules, and obtain the inference result. The target inference model includes a local model and a cloud model. The data lifecycle destruction module 105 is used to clear the temporary data of the target inference model; The privacy compliance assessment module 106 is used to perform privacy desensitization processing on the inference results and to perform privacy audit processing on the behavior logs of the target inference model.

[0035] In one possible implementation, the privacy-enhanced semantic decomposition module 101 includes: Local private parsing unit: used to deploy a lightweight semantic decomposition model on the user terminal to perform semantic decomposition processing on the user information to obtain personal identification information and question information.

[0036] The user information decomposition process needs to be performed on the local device.

[0037] Intent anonymization unit: used to strip the personal identification information from the user information to obtain question information, and map the question information to a general intent tag; The differential privacy subtask splitting unit is used to split the complex problem into multiple subtasks when the user information is a complex problem; The differential privacy subtask splitting unit is further configured to add Laplace noise to the plurality of subtasks to blur the dependencies of the subtasks, the dependencies being used to indicate the association between the subtasks and the user information.

[0038] It is understandable that the association between the subtasks and the user information is blurred in order to prevent the original user information or user issues from being deduced through the subtask chain.

[0039] In one possible implementation, the encrypted vectorized knowledge base module 102 includes: A local encrypted storage unit is used to acquire user raw data, perform vectorization processing on the raw data using national cryptographic algorithms, and encrypt and store the generated vector data. The user raw data includes the user information. Among them, the national cryptographic algorithm can be, for example, SM4. The user's original data (such as documents and medical records) is vectorized locally. The vector data is encrypted and stored using the national cryptographic algorithm (such as SM4). The key is independently controlled by the user. The user's original data can be, for example, original data information including user questions and user personal identification information.

[0040] The homomorphic encryption retrieval unit is used to perform similarity calculation and matching processing on the encrypted vector data based on the general intent tag to obtain the knowledge fragment corresponding to the general intent tag; This module supports performing similarity calculation and matching directly on encrypted vectors. For example, this similarity calculation and matching can be a cosine similarity retrieval based on fully homomorphic encryption (FHE), which can obtain relevant knowledge fragments without decryption, thus achieving "data available in encrypted form".

[0041] The knowledge fragment desensitization unit is used to perform user privacy desensitization processing on the knowledge fragment to obtain the desensitized knowledge fragment. The user privacy desensitization processing includes replacing user privacy fields with preset placeholders.

[0042] For example, user privacy desensitization can be achieved by automatically filtering sensitive fields from retrieved knowledge fragments (such as replacing real names with "[patient]") and retaining only the information necessary for reasoning.

[0043] In one possible implementation, the zero-knowledge reasoning instruction generation module 103 includes: A privacy isolation instruction construction unit is used to obtain the index corresponding to the desensitized knowledge fragment, and generate a reasoning instruction based on the anonymized intent tag, the index corresponding to the desensitized knowledge fragment, and the general reasoning steps. The anonymized intent tag is used to indicate the tag obtained by anonymizing and desensitizing the general intent tag. Anonymization and desensitization processes may include, for example, removing or obfuscating personally identifiable information from general intent tags, de-identifying, and generalizing them so that the intent tag cannot be associated with a specific user, removing information that can be located to an individual user, and ultimately generating an anonymized intent tag that cannot be traced back to a specific user.

[0044] Understandably, this module does not involve any raw data or user-identifiable information when generating inference instructions.

[0045] The intermediate token blinding unit is used to embed random noise strings when generating intermediate step prompts for guided reasoning, and to process the association between the intermediate token sequence in the reasoning process and the user information to make the target reasoning model not associate with the user information when based on the intermediate token features.

[0046] Understandably, embedding random noise strings to obfuscate the association between the intermediate token sequence and the user information during the inference process is intended to prevent the model from associating user identity through intermediate token features.

[0047] In one possible implementation, the privacy-preferred model routing mechanism module 104 includes: The local model priority unit is used to obtain the local inference threshold. When the task complexity corresponding to the inference instruction is not higher than the local inference threshold, inference processing is performed based on the local model. An encrypted channel transmission unit is used to transmit the inference instructions through an encrypted communication channel based on the cloud model when the task complexity is higher than the local inference threshold. The transmission of inference instructions via an encrypted communication channel based on the cloud model may include, for example, the transmission of inference instructions via quantum key distribution (QKD) or TLS 1.3 encrypted channels, and the transmitted content only includes encrypted vector indexes and anonymization instructions, without carrying the original data. The local inference threshold may be, for example, a system-preset task complexity judgment standard, that is, based on this complexity judgment standard, the local model and the cloud model are selected to complete the inference processing of the inference instructions.

[0048] The model permission control unit is used to control the cloud model to execute the zero storage protocol. The execution of the zero storage protocol includes: using code auditing and sandbox isolation technology to control the cloud model to perform zero data storage processing, so that the cloud model does not retain data after inference.

[0049] Understandably, simple tasks in this module (such as fact queries) are handled directly by the local model, while only complex tasks are allowed to be processed by the cloud model. Session memory is cleared immediately after inference is complete.

[0050] In one possible implementation, the data lifecycle destruction module 105 includes: The real-time destruction unit is used to perform real-time clearing of temporary data generated in the local model after the inference task is completed. Real-time cleanup processes may include, for example, automatically deleting locally processed temporary data (such as semantic decomposition results and intermediate vectors) after inference is complete, without writing them to persistent storage.

[0051] The cloud session clearing unit is used to send a destruction command to the cloud model, so that the cloud will clear the inference session cache data based on the destruction command; Specifically, the cloud-based process of clearing the cached data of the inference session based on the destruction command can be, for example, as follows: after the cloud model completes inference, the user terminal sends a "destruction command" to forcibly clear all cached data of the session and returns a destruction receipt.

[0052] The audit log encryption unit is used to encrypt and store the log files of the inference processing of the local model and the log files of the inference processing of the cloud model using a user key. The permissions of the log files are user-defined, and the logs do not contain data that can be associated with the user information.

[0053] Encryption storage using a user key can include, for example, log files that record data processing trajectories being encrypted with a user key, viewable only by the user, and containing no information that can be linked to specific data.

[0054] In one possible implementation, the privacy compliance assessment module 106 includes: The reasoning result desensitization check unit is used to perform privacy scanning processing on the reasoning result output by the target reasoning model. If the scanning result contains personal identification information, the reasoning result will not be output and an alarm log will be generated. The model behavior auditing unit is used to perform privacy detection processing on the operation logs of the local model and the cloud model according to a preset time period, and generate a privacy compliance report based on the detection processing results.

[0055] The preset time period can be flexibly selected according to actual conditions, and no specific restrictions are imposed here. Privacy detection processing of the operation logs of the local model and the cloud model can be, for example, by periodically checking the operation logs of the local and cloud models according to the preset time period to detect whether there is unauthorized data storage, transmission, or abnormal call behavior, and generating a privacy compliance report.

[0056] The first embodiment provided in this application is as follows: Medical consultation scenario: (1) In the privacy-enhanced semantic decomposition module, the user information is: "Personal identification information (Zhang San, ID number 3****************X), user question: the blood glucose value of diabetes medical record is 8.5mmol / L, medication consultation; (2) Semantic decomposition processing: locally remove the personal identification information "Zhang San" and "ID number", and abstract the intention of the blood glucose value of diabetes medical record and medication consultation as "diabetes blood glucose control medication consultation", and split the subtask "search for diabetes medication guide → match medication plan with blood glucose value of 8.5mmol / L" (subtask adds differential noise); (3) Encrypted vectorized knowledge base module: the local encrypted vector library stores the "diabetes diagnosis and treatment guide", and retrieves "blood glucose 7" through homomorphic encryption. Knowledge such as "Metformin can be used for blood glucose of 0-10.0 mmol / L" is returned after desensitization (without specific guideline source document); (4) Zero-knowledge reasoning instruction generation module: The reasoning instruction is "Based on the diabetes medication guideline, recommend a medication plan for patients with blood glucose of 8.5 mmol / L (step-by-step instructions)", without any personal information; (5) Privacy-first model routing mechanism module: The local model processes directly and generates the answer "Metformin is recommended, initial dose 500 mg / time, twice a day"; (6) Data lifecycle destruction module: Local temporary data (such as original questions, sub-task split results) are automatically deleted, and cloud models are not used for simple tasks; (7) Privacy compliance assessment module: The answer is checked to have no sensitive information, and the audit log records "diabetes medication consultation" (without user identification).

[0057] The second embodiment provided in this application is as follows: Financial transaction query scenario (1) Privacy-enhanced semantic decomposition module: User information: "The transaction record of bank card (last digit 8888) on August 1, 2025 shows a consumption of 1,000 yuan" Problem information: "Inquiry about the merchant information of this transaction"; (2) Local parsing: Strip the last digit of the card number, the abstract intent is "query the merchant of bank card consumption on a specific date", and split the subtask "retrieve the transaction record on August 1, 2025 → match the merchant information of consumption of 1,000 yuan"; (3) Encrypted vectorized knowledge base module: The local encrypted vector library stores the user transaction record (vector encryption), the homomorphic encryption retrieves the relevant record, and after desensitization processing, it returns "Merchant type: catering, consumption". "Amount 1000 yuan"; (4) Zero-knowledge reasoning instruction generation module: "Based on the transaction record of 1000 yuan consumption on August 1, 2025, query the merchant type"; (5) Privacy-first model routing mechanism module: Since it is necessary to call the bank API, it is necessary to select the cloud model to transmit the instruction (excluding card number) through the encrypted channel. After the bank cloud model processes it, it returns "XX restaurant" and the bank cloud model automatically clears the session data; (6) Data life cycle destruction module: The cloud model deletes the temporary data file and receives the "data destroyed" receipt returned by the bank; (7) Privacy compliance assessment module: The answer has no card number information, and the audit confirms that the bank model does not store the instruction.

[0058] The privacy-enhanced local vectorized knowledge base reasoning system provided in this embodiment achieves the protection of original data and its effective utilization through local processing, encrypted vectorization, and homomorphic encryption retrieval. From question input to result output, it covers the entire process of data parsing, knowledge retrieval, instruction generation, model invocation, and data lifecycle destruction, eliminating the risk of data interception. Through intent anonymization and intermediate token blinding, it prevents third parties from identifying or tracking users through question characteristics. Users possess data encryption keys, destruction permissions, and auditing rights, ensuring data sovereignty belongs to the user. The built-in privacy compliance assessment mechanism complies with GDPR, personal information protection laws, and other regulatory requirements, making it suitable for privacy-sensitive fields.

[0059] Figure 2 This is a flowchart illustrating the privacy-enhanced local vectorized knowledge base reasoning method provided in an embodiment of this application. Figure 2 As shown, this embodiment is... Figure 1 Based on the embodiments, a privacy-enhanced local vectorized knowledge base reasoning method is described in detail. The privacy-enhanced local vectorized knowledge base reasoning system and method shown in this embodiment include: S201: Obtain user information to be protected by privacy, and perform semantic decomposition processing on the user information based on the user terminal to obtain personal identification information and problem information.

[0060] S202: The personal identification information in the user information is stripped to obtain the problem information, and the problem information is abstracted into a general intent label.

[0061] The general intent label is used to indicate the label that abstracts the problem into a general problem type; S203: Use homomorphic encryption technology to retrieve knowledge fragments that match the general intent tag from the local encrypted vector library, and perform user privacy desensitization processing on the knowledge fragments.

[0062] S204: Generate reasoning instructions based on the desensitized knowledge fragments and the general intent tags.

[0063] S205: The inference instructions are assigned to the target inference model for inference processing according to preset rules to obtain the inference result.

[0064] The target inference model includes both a local model and a cloud model.

[0065] S206: Clear the temporary data of the target inference model.

[0066] S207: Perform privacy desensitization processing on the inference results and perform privacy auditing processing on the behavior logs of the target inference model.

[0067] In one possible implementation, before stripping the personal identification information from the user information to obtain question information, and abstracting the question information into a generic intent tag, the method further includes: When the user information is a complex problem, the complex problem is broken down into multiple sub-tasks; Laplace noise is added to the multiple subtasks to blur the dependencies between the subtasks, and the dependencies are used to indicate the association between the subtasks and the user information.

[0068] In one possible implementation, the step of using homomorphic encryption to retrieve knowledge fragments matching the general intent tag from a local encrypted vector library, and then performing user privacy desensitization processing on the knowledge fragments, includes: The user's original data is obtained, and the original data is vectorized using a national cryptographic algorithm. The generated vector data is then encrypted and stored. The original user data includes the user information. Based on the general intent tag, similarity calculation and matching processing are performed on the encrypted stored vector data to obtain the knowledge fragment corresponding to the general intent tag; The knowledge fragment is subjected to user privacy desensitization processing to obtain a desensitized knowledge fragment. The user privacy desensitization processing includes replacing user privacy fields with preset placeholders.

[0069] In one possible implementation, generating the reasoning instruction based on the desensitized knowledge fragment and the general intent tag includes: Obtain the index corresponding to the desensitized knowledge fragment, and generate a reasoning instruction based on the anonymized intent tag, the index corresponding to the desensitized knowledge fragment, and the general reasoning steps. The anonymized intent tag is used to indicate the tag obtained by anonymizing and desensitizing the general intent tag. Anonymization and desensitization processes may include, for example, removing or obfuscating personally identifiable information from general intent tags, desensitizing, de-identifying, and generalizing them so that the intent tag cannot be associated with a specific user, removing information that can be located to an individual user, and ultimately generating an anonymized intent tag that cannot be traced back to a specific user.

[0070] When generating intermediate step prompts for guided reasoning, random noise strings are embedded to de-associate the relationship between the intermediate token sequence in the reasoning process and the user information, so that the target reasoning model does not associate the user information when based on the intermediate token features.

[0071] In one possible implementation, the step of assigning the inference instructions to the target inference model for inference processing according to preset rules includes: Obtain the local inference threshold. If the task complexity corresponding to the inference instruction is not higher than the local inference threshold, then perform inference processing based on the local model. When the task complexity exceeds the local inference threshold, the inference instructions are transmitted through an encrypted communication channel based on the cloud model. Controlling the cloud model to execute a zero-storage protocol includes: using code auditing and sandbox isolation technology to control the cloud model to perform zero data storage processing, so that the cloud model does not retain data after inference.

[0072] In one possible implementation, the step of clearing the temporary data of the target inference model includes: After the inference task is completed, the temporary data generated in the local model is cleared in real time. Send a destruction command to the cloud model so that the cloud can clear the inference session cache data based on the destruction command; The log files for inference processing of the local model and the log files for inference processing of the cloud model are encrypted and stored using a user key. The permissions of the log files are limited to the user, and the logs do not contain data that can be associated with the user's information.

[0073] In one possible implementation, the privacy-desensitizing processing of the inference result and the privacy auditing processing of the behavior log of the target inference model include: The inference results output by the target inference model are subjected to privacy scanning. If the scanning results contain personal identification information, the inference results are not output and an alarm log is generated. Privacy detection processing is performed on the operation logs of the local model and the cloud model according to a preset time period, and a privacy compliance report is generated based on the detection processing results.

[0074] The privacy-enhanced local vectorized knowledge base reasoning system and method provided in this embodiment achieves the protection of original data and its effective utilization through local processing, encrypted vectorization, and homomorphic encryption retrieval. From question input to result output, it covers the entire process of data parsing, knowledge retrieval, instruction generation, model invocation, and data lifecycle destruction, eliminating the risk of data interception. Through intent anonymization and intermediate token blinding, it prevents third parties from identifying or tracking users through question features. Users possess data encryption keys, destruction permissions, and auditing rights, ensuring data sovereignty belongs to the user. A built-in privacy compliance assessment mechanism complies with GDPR, personal information protection laws, and other regulatory requirements, making it suitable for privacy-sensitive fields.

[0075] Figure 3 This is a schematic diagram illustrating the data lifecycle destruction sequence of the data lifecycle destruction module in a privacy-enhanced local vectorized knowledge base inference system provided in this application embodiment. (See attached diagram.) Figure 3 As shown, this embodiment is... Figure 1 Implementation examples or Figure 2 Based on the embodiments, the data lifecycle destruction sequence of the privacy-enhanced local vectorized knowledge base reasoning system and method is described in detail.

[0076] like Figure 3 As shown, Figure 3 The data lifecycle destruction sequence is as follows: at time T1, the inference task is executed and the local model generates temporary data; at time T2, the temporary data resides in memory during inference (not written to disk); at time T3, the inference is completed and the real-time destruction unit deletes the local temporary data; at time T4, the cloud model is called and a "destruction command" is sent; at time T5, the cloud session clearing unit clears the cache and returns a destruction receipt; at time T6, the audit log encryption unit generates encrypted logs.

[0077] Figure 4 This is a schematic diagram of the overall structure of the privacy-enhanced local vectorized knowledge base reasoning system provided in this application. Figure 4 As shown, this embodiment is... Figure 1 , Figure 2 or Figure 3 Based on the embodiments, the sub-modules included in each module of the privacy-enhanced local vectorized knowledge base reasoning system are described in detail. The privacy-enhanced local vectorized knowledge base reasoning system shown in this embodiment includes: The privacy-enhanced semantic decomposition module 101 includes: a local privatization parsing unit 1011, an intent anonymization unit 1012, and a differential privacy subtask splitting unit 1013.

[0078] The encrypted vectorized knowledge base module includes 102: a local encrypted storage unit 1021, a homomorphic encrypted retrieval unit 1022, and a knowledge fragment desensitization unit 1023.

[0079] The zero-knowledge reasoning instruction generation module 103 includes: a privacy-isolated instruction construction unit 1031 and an intermediate token blinding unit 1032.

[0080] The privacy-first model routing module 104 includes: a local model priority unit 1041, an encrypted channel transmission unit 1042, and a model permission control unit 1043.

[0081] The data lifecycle destruction module 105 includes: a real-time destruction unit 1051, a cloud session clearing unit 1052, and an audit log encryption unit 1053.

[0082] The privacy compliance assessment module 106 includes: reasoning result anonymization check unit 1061 and model behavior audit unit 1062.

[0083] It is understood that the above embodiments are merely exemplary implementations used to illustrate the principles of the present invention, and the present invention is not limited thereto. For those skilled in the art, various modifications and improvements can be made without departing from the spirit and essence of the present invention, and these modifications and improvements are also considered to be within the scope of protection of the present invention.

Claims

1. A privacy-enhanced local vectorized knowledge base reasoning system, characterized in that, The system includes: The privacy-enhanced semantic decomposition module is used to obtain user information to be protected by privacy, and to perform semantic decomposition processing on the user information based on the user terminal to obtain personal identification information and question information. The privacy-enhanced semantic decomposition module is further used to strip the personal identification information from the user information to obtain question information, and to abstract the question information into a general intent label, wherein the general intent label is used to indicate the label for abstracting the question into a general question type; The encrypted vectorized knowledge base module is used to retrieve knowledge fragments that match the general intent tag from the local encrypted vector library using homomorphic encryption technology, and to perform user privacy desensitization processing on the knowledge fragments; The zero-knowledge reasoning instruction generation module is used to generate reasoning instructions based on the desensitized knowledge fragments and the general intent tags; A privacy-first model routing mechanism module is used to allocate the inference instructions to the target inference model for inference processing according to preset rules, and obtain the inference result. The target inference model includes a local model and a cloud model. The data lifecycle destruction module is used to clear the temporary data of the target inference model; The privacy compliance assessment module is used to perform privacy desensitization processing on the inference results and to perform privacy audit processing on the behavior logs of the target inference model.

2. The system according to claim 1, characterized in that, The privacy-enhanced semantic decomposition module includes: Local private parsing unit: used to deploy a lightweight semantic decomposition model on the user terminal to perform semantic decomposition processing on the user information to obtain personal identification information and question information. Intent anonymization unit: used to strip the personal identification information from the user information to obtain question information, and map the question information to a general intent tag; The differential privacy subtask splitting unit is used to split the complex problem into multiple subtasks when the user information is a complex problem; The differential privacy subtask splitting unit is further configured to add Laplace noise to the plurality of subtasks to blur the dependencies of the subtasks, the dependencies being used to indicate the association between the subtasks and the user information.

3. The system according to claim 1, characterized in that, The encrypted vectorized knowledge base module includes: A local encrypted storage unit is used to acquire user raw data, perform vectorization processing on the raw data using national cryptographic algorithms, and encrypt and store the generated vector data. The user raw data includes the user information. The homomorphic encryption retrieval unit is used to perform similarity calculation and matching processing on the encrypted vector data based on the general intent tag to obtain the knowledge fragment corresponding to the general intent tag; The knowledge fragment desensitization unit is used to perform user privacy desensitization processing on the knowledge fragment to obtain the desensitized knowledge fragment. The user privacy desensitization processing includes replacing user privacy fields with preset placeholders.

4. The system according to claim 1, characterized in that, The zero-knowledge reasoning instruction generation module includes: A privacy isolation instruction construction unit is used to obtain the index corresponding to the desensitized knowledge fragment, and generate a reasoning instruction based on the anonymized intent tag, the index corresponding to the desensitized knowledge fragment, and the general reasoning steps. The anonymized intent tag is used to indicate the tag obtained by anonymizing and desensitizing the general intent tag. The intermediate token blinding unit is used to embed random noise strings when generating intermediate step prompts for guided reasoning, and to process the association between the intermediate token sequence in the reasoning process and the user information to make the target reasoning model not associate with the user information when based on the intermediate token features.

5. The system according to claim 1, characterized in that, The privacy-first model routing module includes: The local model priority unit is used to obtain the local inference threshold. When the task complexity corresponding to the inference instruction is not higher than the local inference threshold, inference processing is performed based on the local model. An encrypted channel transmission unit is used to transmit the inference instructions through an encrypted communication channel based on the cloud model when the task complexity is higher than the local inference threshold. The model permission control unit is used to control the cloud model to execute the zero storage protocol. The execution of the zero storage protocol includes: using code auditing and sandbox isolation technology to control the cloud model to perform zero data storage processing, so that the cloud model does not retain data after inference.

6. The system according to claim 5, characterized in that, The data lifecycle destruction module includes: The real-time destruction unit is used to perform real-time clearing of temporary data generated in the local model after the inference task is completed. The cloud session clearing unit is used to send a destruction command to the cloud model, so that the cloud will clear the inference session cache data based on the destruction command; The audit log encryption unit is used to encrypt and store the log files of the inference processing of the local model and the log files of the inference processing of the cloud model using a user key. The permissions of the log files are user-defined, and the logs do not contain data that can be associated with the user information.

7. The system according to claim 1, characterized in that, The privacy compliance assessment module includes: The reasoning result desensitization check unit is used to perform privacy scanning processing on the reasoning result output by the target reasoning model. If the scanning result contains personal identification information, the reasoning result will not be output and an alarm log will be generated. The model behavior auditing unit is used to perform privacy detection processing on the operation logs of the local model and the cloud model according to a preset time period, and generate a privacy compliance report based on the detection processing results.

8. A privacy-enhanced local knowledge base reasoning system and privacy protection method, characterized in that, The method, applied to the privacy-enhanced local vectorized knowledge base reasoning system according to any one of claims 1-7, comprises: Obtain user information that needs to be protected for privacy, and perform semantic decomposition processing on the user information based on the user terminal to obtain personal identification information and question information; The personal identification information in the user information is stripped to obtain the problem information, and the problem information is abstracted into a general intent label. The general intent label is used to indicate the label that abstracts the problem into a general problem type. Homomorphic encryption technology is used to retrieve knowledge fragments that match the general intent tag from a local encrypted vector library, and the knowledge fragments are then anonymized for user privacy. Based on the desensitized knowledge fragments and the general intent tags, inference instructions are generated; According to preset rules, the inference instructions are assigned to the target inference model for inference processing to obtain inference results. The target inference model includes a local model and a cloud model. The temporary data of the target inference model is cleared. The inference results are anonymized for privacy, and the behavior logs of the target inference model are audited for privacy.

9. The method according to claim 8, characterized in that, Before stripping the personal identification information from the user information to obtain the question information, and abstracting the question information into a general intent tag, the method further includes: When the user information is a complex problem, the complex problem is broken down into multiple sub-tasks; Laplace noise is added to the multiple subtasks to blur the dependencies between the subtasks, and the dependencies are used to indicate the association between the subtasks and the user information.

10. The method according to claim 8, characterized in that, The step of using homomorphic encryption technology to retrieve knowledge fragments matching the general intent tag from a local encrypted vector library, and then performing user privacy desensitization processing on the knowledge fragments, includes: The user's original data is obtained, and the original data is vectorized using a national cryptographic algorithm. The generated vector data is then encrypted and stored. The original user data includes the user information. Based on the general intent tag, similarity calculation and matching processing are performed on the encrypted stored vector data to obtain the knowledge fragment corresponding to the general intent tag; The knowledge fragment is subjected to user privacy desensitization processing to obtain a desensitized knowledge fragment. The user privacy desensitization processing includes replacing user privacy fields with preset placeholders.