阅读说明：本技术 一种面向大数据的安全认证的密文检索方法 (Big data oriented security authentication ciphertext retrieval method ) 是由 陈是君 赵晨翔 杨文华 于 2021-07-14 设计创作，主要内容包括：本申请提供的一种面向大数据的安全认证的密文检索方法,涉及数据处理技术领域。在本申请中,首先,分别对获取的多条待处理业务数据进行加密处理,并保存加密处理得到的多条加密业务数据；其次,分别基于每一条待处理业务数据的至少一个关键子数据生成每一条加密业务数据对应的检索索引数据,并将每一条加密业务数据与对应的检索索引数据建立目标对应关系,其中,每一个关键子数据属于对应的待处理业务数据的一部分；然后,确定出与接收到的检索请求数据匹配的目标检索索引数据,并基于目标对应关系确定出目标检索索引数据对应的加密业务数据。基于上述方法,可以改善现有技术中数据检索的效果不佳的问题。(The application provides a ciphertext retrieval method for big data oriented security authentication, and relates to the technical field of data processing. In the application, firstly, encryption processing is respectively carried out on a plurality of pieces of acquired service data to be processed, and a plurality of pieces of encrypted service data obtained through the encryption processing are stored; secondly, generating retrieval index data corresponding to each encrypted service data based on at least one key subdata of each piece of service data to be processed, and establishing a target corresponding relation between each piece of encrypted service data and the corresponding retrieval index data, wherein each key subdata belongs to one part of the corresponding service data to be processed; then, target retrieval index data matched with the received retrieval request data is determined, and encrypted service data corresponding to the target retrieval index data is determined based on the target corresponding relation. Based on the method, the problem of poor data retrieval effect in the prior art can be solved.)

1. A big data oriented ciphertext retrieval method for security authentication is applied to a background server, and comprises the following steps:

respectively encrypting the obtained multiple pieces of service data to be processed, and storing the multiple pieces of encrypted service data obtained through encryption;

generating retrieval index data corresponding to each encrypted service data based on at least one key subdata of each piece of service data to be processed, and establishing a target corresponding relation between each encrypted service data and the corresponding retrieval index data, wherein each key subdata belongs to a part of the corresponding service data to be processed;

and determining target retrieval index data matched with the received retrieval request data, and determining encrypted service data corresponding to the target retrieval index data based on the target corresponding relation.

2. The ciphertext retrieval method for big data oriented security authentication according to claim 1, wherein the step of generating the retrieval index data corresponding to each encrypted service data based on at least one key subdata of each piece of service data to be processed respectively comprises:

for each piece of the to-be-processed service data, performing data decomposition processing on the to-be-processed service data to obtain a plurality of corresponding service subdata, and determining at least one service subdata from the plurality of service subdata as key subdata corresponding to the to-be-processed service data;

and generating retrieval index data of corresponding encrypted service data based on the key subdata corresponding to each piece of the service data to be processed.

3. The ciphertext retrieval method of big data-oriented security authentication according to claim 2, wherein the step of, for each piece of to-be-processed service data, performing decomposition processing on the to-be-processed service data to obtain a plurality of corresponding service sub-data, and determining at least one service sub-data among the plurality of service sub-data as the key sub-data corresponding to the to-be-processed service data includes:

for each piece of the to-be-processed service data, performing decomposition processing on the to-be-processed service data to obtain a plurality of corresponding service subdata, and determining at least one service subdata as candidate subdata in the plurality of service subdata;

respectively determining the number of candidate subdata of each piece of the to-be-processed service data to obtain a first number corresponding to each piece of the to-be-processed service data;

determining whether the first number has the same value;

and if the first number with the same numerical value does not exist, determining the candidate subdata of each piece of the service data to be processed as key subdata.

4. The ciphertext retrieval method of big data-oriented security authentication according to claim 3, wherein the step of, for each piece of to-be-processed service data, performing decomposition processing on the to-be-processed service data to obtain a plurality of corresponding service sub-data, and determining at least one service sub-data among the plurality of service sub-data as the key sub-data corresponding to the to-be-processed service data further includes:

if the first number has the same value, determining candidate subdata of the to-be-processed service data corresponding to the first number as key subdata for each first number having a different value from other first numbers.

5. The ciphertext retrieval method of big data-oriented security authentication according to claim 3, wherein the step of, for each piece of to-be-processed service data, performing decomposition processing on the to-be-processed service data to obtain a plurality of corresponding service sub-data, and determining at least one service sub-data among the plurality of service sub-data as the key sub-data corresponding to the to-be-processed service data further includes:

if the first quantities have the same value, regarding each first quantity having the same value as the other first quantities and the other first quantities having the same value as the first quantities as a quantity group to obtain at least one quantity group;

respectively acquiring the data volumes of the to-be-processed service subdata corresponding to the first quantity in each quantity group, and determining the size relationship between the data volumes;

for each quantity group, determining an adjustment value of each first quantity in the quantity group based on a size relation between corresponding data quantities, wherein the adjustment values corresponding to any two first quantities belonging to the same quantity group are different;

respectively adjusting the corresponding first number based on the adjustment values to obtain a new first number, wherein the new first number is smaller than or equal to the first number;

and for each first quantity with the same value as other first quantities, determining the candidate subdata with the corresponding quantity based on the new first quantity corresponding to the first quantity, wherein the candidate subdata is used as the key subdata of the to-be-processed service data corresponding to the first quantity.

6. The ciphertext retrieval method of big data oriented security authentication according to claim 1, wherein the step of determining the target retrieval index data matching the received retrieval request data and determining the encrypted service data corresponding to the target retrieval index data based on the target correspondence relationship comprises:

judging whether retrieval request data sent by retrieval request equipment is received or not, wherein the retrieval request equipment is in communication connection with the background server;

if the retrieval request data sent by the retrieval request device is received, determining matched target retrieval index data in the retrieval index data;

and determining the encrypted service data corresponding to the target retrieval index data based on the target corresponding relation.

7. The ciphertext retrieval method of the big data oriented security authentication according to claim 6, wherein the step of determining, if the retrieval request data sent by the retrieval request device is received, a matching target retrieval index data among the plurality of pieces of retrieval index data comprises:

if the retrieval request data sent by the retrieval request device is received, calculating the matching degree between each piece of retrieval index data and the retrieval request data to obtain the data matching degree corresponding to each piece of retrieval index data;

and determining matched target retrieval index data in the retrieval index data based on the magnitude relation between the data matching degrees corresponding to the retrieval index data.

8. The ciphertext retrieval method facing big data security authentication according to claim 7, wherein the step of calculating a matching degree between each piece of retrieval index data and the retrieval request data if receiving the retrieval request data sent by the retrieval request device to obtain a data matching degree corresponding to each piece of retrieval index data includes:

if the retrieval request data sent by the retrieval request device is received, obtaining corresponding data matching degree for each piece of retrieval index data based on the repetition degree between the key subdata included in the retrieval index data and the key subdata in the retrieval request data;

wherein, the repetition degree between the key subdata included in the retrieval index data and the key subdata in the retrieval request data has positive correlation with the data matching degree.

9. The ciphertext retrieval method for big data oriented security authentication according to claim 7, wherein the step of determining a matching target retrieval index data from the plurality of pieces of retrieval index data based on a magnitude relationship between data matching degrees corresponding to each piece of retrieval index data comprises:

determining the size relationship between the data matching degree corresponding to each piece of retrieval index data and a predetermined matching degree threshold, wherein the matching degree threshold is generated based on the threshold configuration operation of the background server responding to the corresponding user;

and taking the retrieval index data corresponding to each data matching degree which is greater than the matching degree threshold value as target retrieval index data.

10. The big data-oriented security authentication ciphertext retrieval method according to any one of claims 1 to 9, wherein after the step of determining the encrypted service data corresponding to the target retrieval index data based on the target correspondence relationship is performed, the ciphertext retrieval method further comprises:

acquiring the quantity of the encrypted service data, and sending the quantity of the encrypted service data to retrieval request equipment corresponding to the retrieval request data, wherein the retrieval request equipment is used for determining whether to acquire all encrypted service data or not based on the quantity of the encrypted service data;

if all the encrypted service data need to be acquired, all the encrypted service data are sent to the retrieval request device;

and if the encrypted service data does not need to be acquired completely, sending part of the encrypted service data to the retrieval request device.

Technical Field

The application relates to the technical field of data processing, in particular to a ciphertext retrieval method for security authentication of big data.

Background

The application of big data provides great convenience for our life and work, so it is especially important for the corresponding retrieval after the storage of the collected mass data (such as business data, including monitoring business data, financial business data, etc.). However, the inventors have found that the conventional technique has a problem that the effect of data search is not good.

Disclosure of Invention

In view of the above, an object of the present application is to provide a ciphertext retrieval method for big data security authentication, so as to solve the problem of poor data retrieval effect in the prior art.

In order to achieve the above purpose, the embodiment of the present application adopts the following technical solutions:

a ciphertext retrieval method for big data-oriented security authentication is applied to a background server, and comprises the following steps:

respectively encrypting the obtained multiple pieces of service data to be processed, and storing the multiple pieces of encrypted service data obtained through encryption;

generating retrieval index data corresponding to each encrypted service data based on at least one key subdata of each piece of service data to be processed, and establishing a target corresponding relation between each encrypted service data and the corresponding retrieval index data, wherein each key subdata belongs to a part of the corresponding service data to be processed;

and determining target retrieval index data matched with the received retrieval request data, and determining encrypted service data corresponding to the target retrieval index data based on the target corresponding relation.

In a possible embodiment, in the ciphertext retrieval method for big-data-oriented security authentication, the step of generating, based on at least one piece of key sub-data of each piece of to-be-processed service data, retrieval index data corresponding to each piece of encrypted service data includes:

for each piece of the to-be-processed service data, performing data decomposition processing on the to-be-processed service data to obtain a plurality of corresponding service subdata, and determining at least one service subdata from the plurality of service subdata as key subdata corresponding to the to-be-processed service data;

and generating retrieval index data of corresponding encrypted service data based on the key subdata corresponding to each piece of the service data to be processed.

In a possible embodiment, in the ciphertext retrieval method of security authentication for big data, the step of, for each piece of to-be-processed service data, performing decomposition processing on the to-be-processed service data to obtain a plurality of corresponding service sub-data, and determining at least one service sub-data from the plurality of service sub-data as a key sub-data corresponding to the to-be-processed service data includes:

for each piece of the to-be-processed service data, performing decomposition processing on the to-be-processed service data to obtain a plurality of corresponding service subdata, and determining at least one service subdata as candidate subdata in the plurality of service subdata;

respectively determining the number of candidate subdata of each piece of the to-be-processed service data to obtain a first number corresponding to each piece of the to-be-processed service data;

determining whether the first number has the same value;

and if the first number with the same numerical value does not exist, determining the candidate subdata of each piece of the service data to be processed as key subdata.

In a possible embodiment, in the ciphertext retrieval method for security authentication for big data, the step of, for each piece of to-be-processed service data, performing decomposition processing on the to-be-processed service data to obtain a plurality of corresponding service sub-data, and determining at least one service sub-data from the plurality of service sub-data as a key sub-data corresponding to the to-be-processed service data further includes:

if the first number has the same value, determining candidate subdata of the to-be-processed service data corresponding to the first number as key subdata for each first number having a different value from other first numbers.

In a possible embodiment, in the ciphertext retrieval method for security authentication for big data, the step of, for each piece of to-be-processed service data, performing decomposition processing on the to-be-processed service data to obtain a plurality of corresponding service sub-data, and determining at least one service sub-data from the plurality of service sub-data as a key sub-data corresponding to the to-be-processed service data further includes:

if the first quantities have the same value, regarding each first quantity having the same value as the other first quantities and the other first quantities having the same value as the first quantities as a quantity group to obtain at least one quantity group;

respectively acquiring the data volumes of the to-be-processed service subdata corresponding to the first quantity in each quantity group, and determining the size relationship between the data volumes;

for each quantity group, determining an adjustment value of each first quantity in the quantity group based on a size relation between corresponding data quantities, wherein the adjustment values corresponding to any two first quantities belonging to the same quantity group are different;

respectively adjusting the corresponding first number based on the adjustment values to obtain a new first number, wherein the new first number is smaller than or equal to the first number;

and for each first quantity with the same value as other first quantities, determining the candidate subdata with the corresponding quantity based on the new first quantity corresponding to the first quantity, wherein the candidate subdata is used as the key subdata of the to-be-processed service data corresponding to the first quantity.

In a possible embodiment, in the above ciphertext retrieval method for big data-oriented security authentication, the determining target retrieval index data that matches the received retrieval request data, and determining encrypted service data corresponding to the target retrieval index data based on the target correspondence relationship includes:

judging whether retrieval request data sent by retrieval request equipment is received or not, wherein the retrieval request equipment is in communication connection with the background server;

if the retrieval request data sent by the retrieval request device is received, determining matched target retrieval index data in the retrieval index data;

and determining the encrypted service number corresponding to the target retrieval index data based on the target corresponding relation.

In a possible embodiment, in the above ciphertext retrieval method for big-data-oriented security authentication, the step of determining, if the retrieval request data sent by the retrieval requesting device is received, a matching target retrieval index data among the plurality of pieces of retrieval index data includes:

if the retrieval request data sent by the retrieval request device is received, calculating the matching degree between each piece of retrieval index data and the retrieval request data to obtain the data matching degree corresponding to each piece of retrieval index data;

and determining matched target retrieval index data in the retrieval index data based on the magnitude relation between the data matching degrees corresponding to the retrieval index data.

In a possible embodiment, in the ciphertext retrieval method for big-data-oriented security authentication, if the retrieval request data sent by the retrieval request device is received, the step of calculating a matching degree between each piece of retrieval index data and the retrieval request data to obtain a data matching degree corresponding to each piece of retrieval index data includes:

if the retrieval request data sent by the retrieval request device is received, obtaining corresponding data matching degree for each piece of retrieval index data based on the repetition degree between the key subdata included in the retrieval index data and the key subdata in the retrieval request data;

wherein, the repetition degree between the key subdata included in the retrieval index data and the key subdata in the retrieval request data has positive correlation with the data matching degree.

In a possible embodiment, in the ciphertext retrieval method for big-data-oriented security authentication, the step of determining, based on a magnitude relationship between data matching degrees corresponding to each piece of the retrieval index data, a matching target retrieval index data from among the plurality of pieces of retrieval index data includes:

determining the size relationship between the data matching degree corresponding to each piece of retrieval index data and a predetermined matching degree threshold, wherein the matching degree threshold is generated based on the threshold configuration operation of the background server responding to the corresponding user;

and taking the retrieval index data corresponding to each data matching degree which is greater than the matching degree threshold value as target retrieval index data.

In a possible embodiment, in the above ciphertext retrieval method for big data-oriented security authentication, after performing the step of determining, based on the target correspondence, encrypted service data corresponding to the target retrieval index data, the ciphertext retrieval method further includes:

acquiring the quantity of the encrypted service data, and sending the quantity of the encrypted service data to retrieval request equipment corresponding to the retrieval request data, wherein the retrieval request equipment is used for determining whether to acquire all encrypted service data or not based on the quantity of the encrypted service data;

if all the encrypted service data need to be acquired, all the encrypted service data are sent to the retrieval request device;

and if the encrypted service data does not need to be acquired completely, sending part of the encrypted service data to the retrieval request device.

According to the ciphertext retrieval method for the security authentication of the big data, after business data to be processed are encrypted to form encrypted business data, at least one key subdata is obtained by processing the business data to be processed, so that corresponding retrieval index data can be formed based on the key subdata, and a corresponding relation is established.

In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.

Drawings

Fig. 1 is a schematic flowchart illustrating steps of a ciphertext retrieval method for big data-oriented security authentication according to an embodiment of the present application.

Fig. 2 is a schematic flowchart illustrating other steps included in the ciphertext retrieval method for big data-oriented security authentication according to the embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.

Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The embodiment of the application provides a background server. Wherein the backend server may include a memory and a processor. In detail, the memory and the processor are electrically connected directly or indirectly to realize data transmission or interaction. For example, they may be electrically connected to each other via one or more communication buses or signal lines. The memory can have stored therein at least one software function (computer program) which can be present in the form of software or firmware. The processor may be configured to execute the executable computer program stored in the memory, so as to implement the ciphertext retrieval method for big data oriented security authentication provided in the embodiment of the present application.

For example, in an alternative example, the backend server may be configured to:

respectively encrypting the obtained multiple pieces of service data to be processed, and storing the multiple pieces of encrypted service data obtained through encryption;

generating retrieval index data corresponding to each encrypted service data based on at least one key subdata of each piece of service data to be processed, and establishing a target corresponding relation between each encrypted service data and the corresponding retrieval index data, wherein each key subdata belongs to a part of the corresponding service data to be processed;

and determining target retrieval index data matched with the received retrieval request data, and determining encrypted service data corresponding to the target retrieval index data based on the target corresponding relation.

As shown in fig. 1, an embodiment of the present application further provides a ciphertext retrieval method for big data-oriented security authentication, which is applicable to the background server. The method steps defined by the flow related to the ciphertext retrieval method for the big data-oriented security authentication can be realized by the background server.

The specific process shown in FIG. 1 will be described in detail below.

And step 110, respectively encrypting the acquired multiple pieces of service data to be processed, and storing the multiple pieces of encrypted service data obtained through encryption.

In this embodiment, the background server may first perform encryption processing on the obtained multiple pieces of service data to be processed, and store the multiple pieces of encrypted service data obtained through the encryption processing.

Step 120, generating retrieval index data corresponding to each encrypted service data based on at least one piece of key subdata of each piece of service data to be processed, and establishing a target corresponding relationship between each encrypted service data and the corresponding retrieval index data.

In this embodiment, after the plurality of pieces of encrypted service data are stored based on step 110, the background server may further generate, based on at least one piece of key subdata of each piece of the service data to be processed, retrieval index data corresponding to each piece of the encrypted service data, and establish a target correspondence between each piece of the encrypted service data and the corresponding retrieval index data.

Each key subdata belongs to a part of the corresponding service data to be processed. Thus, the effectiveness of data retrieval can be guaranteed.

Step 130, determining target retrieval index data matched with the received retrieval request data, and determining encrypted service data corresponding to the target retrieval index data based on the target correspondence.

In this embodiment, after the target correspondence relationship is established based on step 120, the background server may determine target retrieval index data that matches the received retrieval request data, and determine encrypted service data corresponding to the target retrieval index data based on the target correspondence relationship.

Based on the above steps, after the to-be-processed service data is encrypted to form encrypted service data, at least one key subdata is obtained by processing the to-be-processed service data, so that corresponding retrieval index data can be formed based on the key subdata, and a corresponding relationship is established.

In the first aspect, it should be noted that, for the step S110, the obtained pieces of service data to be processed may be encrypted respectively based on the following steps, and the encrypted pieces of service data obtained through the encryption processing may be saved, as in steps 111, 112, and 113.

Step 111, respectively acquiring a plurality of pieces of service data sent by a plurality of service processing devices.

In this embodiment, the background server may respectively obtain a plurality of pieces of service data sent by a plurality of service processing devices in communication connection. Each piece of service data is generated based on the corresponding service processing device (which may be a terminal device such as a mobile phone, or a server).

And 112, screening the plurality of pieces of service data to obtain a plurality of different pieces of service data to be processed.

In this embodiment, after the plurality of pieces of service data are obtained based on step 111, the background server may perform screening processing on the plurality of pieces of service data, so that a plurality of different pieces of service data to be processed may be obtained.

At least part of the data in any two pieces of service data to be processed are different.

And 113, respectively encrypting the plurality of pieces of service data to be processed to obtain encrypted service data corresponding to each piece of service data to be processed, and storing the plurality of pieces of encrypted service data.

In this embodiment, after obtaining the plurality of pieces of to-be-processed service data based on step 112, the background server may perform encryption processing on the plurality of pieces of to-be-processed service data, so that encrypted service data corresponding to each piece of to-be-processed service data may be obtained, and then the obtained plurality of pieces of encrypted service data may be stored.

Based on the steps, the acquired to-be-processed service data is encrypted and then stored, so that the safety of the data can be effectively improved, and the problem that the safety of the stored service data in the prior art is not high is solved. In addition, by screening, the data size of the storage can be larger to a certain extent, so that the problem of waste of storage resources is avoided.

It should be noted that, for step 111, the following steps may be performed to respectively acquire the pieces of service data sent by the plurality of service processing devices in communication connection:

step 1111, acquiring data transmission notification information sent by a plurality of service processing devices in communication connection, so as to obtain a plurality of data transmission notification information;

step 1112, analyzing each piece of the data transmission notification information to obtain a corresponding information analysis result, where the information analysis result indicates that the data transmission notification information includes target character string data or that the data transmission notification information does not include the target character string data;

step 1113, for each piece of data transmission notification information whose corresponding information analysis result is that the data transmission notification information includes target character string data, transmitting data transmission confirmation information to the corresponding service processing device, where the service processing device is configured to transmit generated service data to the background server based on the data transmission confirmation information;

step 1114, for each piece of data transmission notification information whose corresponding information analysis result is that the data transmission notification information does not include target string data, transmitting data transmission rejection information to the corresponding service processing device, where the service processing device is configured to not transmit the generated service data to the background server based on the data transmission rejection information;

step 1115, obtaining the service data sent by each service processing device based on the data sending confirmation information, and obtaining a plurality of pieces of service data.

It is understood that, in an alternative example, when step 1113 is executed, data transmission confirmation information may be sent to the corresponding service processing device based on the following steps:

firstly, determining corresponding service processing equipment for each piece of data transmission notification information of which the corresponding information analysis result is that the data transmission notification information comprises target character string data;

secondly, the generated data sending confirmation information is sent to each determined service processing device within a predetermined target time length, wherein the target time length is determined based on the number of the service processing devices in communication connection with the background server, and the target time length has a positive correlation with the determined number of the devices.

It should be noted that, for the step 112, the filtering process may be performed on the pieces of service data based on the following steps:

firstly, determining whether at least two pieces of same service data exist in the plurality of pieces of service data;

secondly, if at least two same service data exist, performing deduplication processing on the at least two same service data, reserving one of the service data, and reserving other service data except the at least two same service data;

then, if at least two pieces of same service data do not exist, reserving the plurality of pieces of service data;

and finally, taking each piece of reserved service data as service data to be processed.

It is understood that, in an alternative example, whether there are at least two pieces of same service data in the plurality of pieces of service data may be determined based on the following steps:

step one, respectively calculating the data volume of each piece of service data in the plurality of pieces of service data to obtain a first data volume corresponding to each piece of service data;

secondly, classifying the plurality of pieces of service data based on whether the corresponding first data volumes are the same or not to obtain a plurality of service data sets, and determining whether a target service data set exists or not, wherein each service data set comprises at least one piece of service data, each target service data set comprises a plurality of pieces of service data, and the first data volumes corresponding to the plurality of pieces of service data belonging to the same target service data set are the same;

step three, if the target service data set does not exist, determining that at least two identical service data do not exist in the plurality of pieces of service data;

step four, if the target service data set is determined to exist, comparing every two pieces of service data in the target service data set aiming at each target service data set so as to determine whether the two pieces of service data are the same;

step five, if at least one target service data set at least comprises two identical service data, determining that the at least two identical service data exist;

and sixthly, if the target service data set at least comprising two identical service data does not exist, determining that the identical at least two service data do not exist in the plurality of pieces of service data.

It is understood that, in an alternative example, each two pieces of service data in the target service data set may be compared to determine whether the two pieces of service data are the same based on the following steps:

firstly, if the target service data set is determined to exist, regarding each target service data set, taking one of every two pieces of service data in the target service data set as first service data and taking the other one of every two pieces of service data in the target service data set as corresponding second service data;

secondly, dividing the first service data and the second service data into a plurality of service subdata respectively based on a predetermined data volume threshold value to obtain a plurality of corresponding first service subdata and a plurality of corresponding second service subdata, wherein the size of the data volume threshold value can be configured according to the precision requirement, and if the precision requirement is higher, the data volume threshold value can be smaller;

then, traversing each first service subdata in the plurality of first service subdata, and comparing the currently traversed first service subdata with each second service subdata to determine whether the first service subdata is the same as the second service subdata;

and finally, determining whether the first service data and the second service data are the same based on a traversal result, and if each first service sub-data has the same second service sub-data, determining that the first service data and the second service data are the same.

It is understood that, in an alternative example, each of the pieces of service data that are reserved may be regarded as pending service data based on the following steps:

firstly, for each piece of the reserved service data, calculating the similarity between the service data and each piece of the other reserved service data (the similarity calculation method between the data can refer to the related prior art, and is not limited herein), and obtaining the corresponding data similarity;

secondly, determining the magnitude relation between each data similarity and a predetermined similarity threshold, wherein the similarity threshold can be generated based on the configuration operation of the background server responding to the corresponding user according to the actual requirement;

then, regarding each data similarity which is greater than or equal to the similarity threshold, taking one of two pieces of service data corresponding to the data similarity as service data to be processed;

and finally, regarding each data similarity smaller than the similarity threshold, taking two pieces of service data corresponding to the data similarity as service data to be processed.

It should be noted that, in step 113, the multiple pieces of service data to be processed may be encrypted respectively based on the following steps to obtain encrypted service data corresponding to each piece of service data to be processed, and store the obtained multiple pieces of encrypted service data:

step 1131, respectively determining target encryption key information corresponding to each piece of to-be-processed service data in multiple pieces of encryption key information, where the target encryption key information corresponding to different pieces of to-be-processed service data may be the same or different;

step 1132, encrypting the corresponding to-be-processed service data respectively based on the target encryption key information corresponding to each to-be-processed service data to obtain encrypted service data corresponding to each to-be-processed service data;

and step 1133, storing the obtained multiple pieces of encrypted service data.

It is understood that, in an alternative example, when the step 1131 is executed, the target encryption key information corresponding to each piece of the to-be-processed service data may be determined in the plurality of encryption key information based on the following steps:

firstly, for each piece of to-be-processed service data, sending a plurality of pieces of generated encryption key information to service processing devices corresponding to other to-be-processed service data except the to-be-processed service data, wherein each service processing device is configured to determine one piece of encryption key information as candidate encryption key information (for example, randomly or according to a certain security policy), from the plurality of pieces of obtained encryption key information, and send the candidate encryption key information to the background server;

secondly, for each piece of the to-be-processed service data, determining one piece of candidate encryption key information from a plurality of pieces of candidate encryption key information corresponding to the obtained to-be-processed service data, and using the candidate encryption key information as target encryption key information corresponding to the to-be-processed service data.

It is understood that, in an alternative example, one piece of candidate encryption key information may be determined as the target encryption key information among the acquired pieces of candidate encryption key information based on the following steps:

for each piece of to-be-processed service data, taking the to-be-processed service data as first to-be-processed service data, and performing target screening operation on the to-be-processed service data to determine one piece of candidate encryption key information from a plurality of pieces of candidate encryption key information corresponding to the to-be-processed service data, wherein the candidate encryption key information is used as target encryption key information corresponding to the to-be-processed service data;

wherein the target screening operation comprises:

firstly, determining the equipment relationship (such as whether the equipment belongs to the same local area network or not, or whether interactive information exists or not) between the service processing equipment corresponding to the first to-be-processed service data and the service processing equipment corresponding to other to-be-processed service data;

secondly, determining a piece of candidate encryption key information as target encryption key information corresponding to the first to-be-processed service data based on the device relationship in the obtained plurality of pieces of candidate encryption key information corresponding to the first to-be-processed service data.

It is understood that, in an alternative example, a candidate piece of encryption key information may be determined based on the device relationship based on the following steps as the target piece of encryption key information corresponding to the first to-be-processed service data:

step one, using the service processing device corresponding to the first to-be-processed service data as a first service processing device, and using the service processing device corresponding to each other to-be-processed service data as a second service processing device;

secondly, determining a target second service processing device in a plurality of second service processing devices based on the device relationship with the first service processing device (for example, the device relationship may refer to the association degree between the devices, and one with the minimum association degree may be selected, where the larger the interaction information is, the larger the association degree is, the same local area network belongs to, and the maximum association degree may be directly given);

thirdly, acquiring data type information (which may refer to a service type or a data type, such as audio, video, text, and the like) of each piece of historical service data corresponding to the target second service processing device to form a first type information set;

fourthly, in the plurality of second service processing devices, determining that the plurality of second service processing devices form a first device set based on the first type information set, wherein the data type information of the historical service data corresponding to each second service processing device in the first device set belongs to the first type information set and does not include the target second service processing device;

fifthly, based on each piece of historical service data corresponding to the target second service processing equipment, performing sequencing processing according to a predetermined data type sequence (the data type sequence can be generated based on configuration operation of a corresponding user) to obtain a corresponding first historical service data sequence;

sixthly, for each second service processing device in the first device set, based on each historical service data corresponding to the second service processing device, performing sequencing processing according to the data type sequence to obtain a corresponding second historical service data sequence;

seventhly, determining, for each second historical service data sequence, whether sequence similarity between the second historical service data sequence and the first historical service data sequence (for example, determining whether data types corresponding to historical service data at sequence positions in the two data sequences are the same, where the sequence similarity may be higher the larger the sequence position where the data types corresponding to the historical service data are the same) is greater than a predetermined similarity threshold (which may be generated based on configuration operation of a corresponding user);

eighthly, if the number of second historical service data sequences with the sequence similarity between the first historical service data sequence and the first historical service data sequence being greater than the similarity threshold is smaller than a preset number (which can be generated based on configuration operation of a corresponding user), using candidate encryption key information corresponding to the target second service device as target encryption key information corresponding to the first to-be-processed service data;

and a ninth step of, if the number of second historical service data sequences having a sequence similarity with the first historical service data sequence that is greater than the similarity threshold is greater than or equal to the preset number, re-determining a new target second service processing device among the plurality of second service processing devices based on the device relationship with the first service processing device, and performing the third to seventh steps again based on the new target second service processing device until the number of second historical service data sequences having a sequence similarity with the first historical service data sequence that is greater than the similarity threshold is less than the preset number, and using candidate encryption key information corresponding to the new target second service processing device as the target encryption key information corresponding to the first to-be-processed service data.

In the second aspect, it should be noted that, for the step S120, the retrieval index data corresponding to each piece of encrypted service data may be generated based on at least one piece of key sub data of each piece of service data to be processed, respectively, based on the following steps:

firstly, for each piece of service data to be processed, performing data decomposition processing on the service data to be processed to obtain a plurality of corresponding service subdata, and determining at least one service subdata from the plurality of service subdata as key subdata corresponding to the service data to be processed;

and secondly, generating retrieval index data of corresponding encrypted service data based on the key subdata corresponding to each piece of the service data to be processed.

It is understood that, in an alternative example, at least one service sub data may be determined as the key sub data corresponding to the to-be-processed service data from the plurality of service sub data based on the following steps:

firstly, for each piece of service data to be processed, performing decomposition processing on the service data to be processed to obtain a plurality of corresponding service subdata, and determining at least one service subdata as candidate subdata (such as random selection) in the plurality of service subdata;

secondly, respectively determining the number of candidate subdata of each piece of the to-be-processed service data to obtain a first number corresponding to each piece of the to-be-processed service data;

then, determining whether the first number has the same value;

and finally, if the first number with the same numerical value does not exist, determining the candidate subdata of each piece of the service data to be processed as key subdata.

It is understood that, in an alternative example, at least one service sub data may be determined as the key sub data corresponding to the service data to be processed from the plurality of service sub data based on the following steps:

if the first number has the same value, determining candidate subdata of the to-be-processed service data corresponding to the first number as key subdata for each first number having a different value from other first numbers.

It is understood that, in an alternative example, at least one service sub data may be determined as the key sub data corresponding to the service data to be processed from the plurality of service sub data based on the following steps:

a first step of, if the first quantities have the same value, regarding each of the first quantities having the same value as the other first quantities and the other first quantities having the same value as the first quantities as a quantity group to obtain at least one quantity group;

secondly, respectively acquiring the data volumes of the to-be-processed service subdata corresponding to the first quantity in each quantity group and determining the size relation among the data volumes aiming at each quantity group;

thirdly, determining an adjustment value of each first quantity in each quantity group based on the size relation between corresponding data quantities, wherein the adjustment values corresponding to any two first quantities in the same quantity group are different;

a fourth step of adjusting the corresponding first quantities based on the adjustment values to obtain new first quantities, wherein the new first quantities are smaller than or equal to the first quantities, for example, the adjustment values may have a negative correlation with corresponding data quantities, and then subtracting the corresponding adjustment values from the first quantities to obtain the new first quantities;

and fifthly, for each first quantity with the same value as the other first quantities, determining a corresponding quantity of candidate subdata (such as random, or considering the factor completely same as the key subdata of other to-be-processed service data as far as possible) based on the new first quantity corresponding to the first quantity, and taking the candidate subdata as the key subdata of the to-be-processed service data corresponding to the first quantity.

In the third aspect, it should be noted that, for the step S130, the target retrieval index data matching the received retrieval request data may be determined based on the following steps, and the encrypted service data corresponding to the target retrieval index data may be determined based on the target correspondence relationship:

firstly, judging whether retrieval request data sent by retrieval request equipment is received or not, wherein the retrieval request equipment is in communication connection with the background server;

secondly, if the retrieval request data sent by the retrieval request device is received, determining matched target retrieval index data in a plurality of pieces of retrieval index data;

and then, determining the encrypted service data corresponding to the target retrieval index data based on the target corresponding relation.

It is understood that, in an alternative example, the matching target retrieval index data may be determined among the plurality of pieces of retrieval index data based on the following steps:

firstly, if the retrieval request data sent by the retrieval request device is received, calculating the matching degree between each piece of retrieval index data and the retrieval request data to obtain the data matching degree corresponding to each piece of retrieval index data;

secondly, based on the magnitude relation between the data matching degrees corresponding to each piece of retrieval index data, matching target retrieval index data is determined in the retrieval index data.

It is understood that, in an alternative example, the data matching degree corresponding to each of the retrieval index data may be obtained based on the following steps:

if the retrieval request data sent by the retrieval request device is received, obtaining corresponding data matching degree for each piece of retrieval index data based on the repetition degree between the key subdata included in the retrieval index data and the key subdata in the retrieval request data;

wherein, the repetition degree between the key subdata included in the retrieval index data and the key subdata in the retrieval request data has positive correlation with the data matching degree.

It is understood that, in an alternative example, the matching target retrieval index data may be determined among the plurality of pieces of retrieval index data based on the following steps:

firstly, determining the magnitude relation between the data matching degree corresponding to each piece of retrieval index data and a predetermined matching degree threshold value, wherein the matching degree threshold value is generated based on the threshold value configuration operation of the background server responding to the corresponding user;

and secondly, taking the retrieval index data corresponding to each data matching degree which is greater than the matching degree threshold value as target retrieval index data.

On the basis of the above example, in an alternative example, the ciphertext retrieval method for big data oriented security authentication may further include the following steps:

step 140, obtaining the number of the encrypted service data (for example, obtaining 1 encrypted service data, 2 encrypted service data, etc.), and sending the number of the encrypted service data to a retrieval request device corresponding to the retrieval request data, where the retrieval request device is configured to determine whether to obtain all the encrypted service data based on the number of the encrypted service data (for example, display the number to a corresponding retrieval user, then determine whether to obtain all the encrypted service data based on an operation of the retrieval user, and obtain the number that needs to be obtained, for example, 10, 13, etc.);

step 150, if all the encrypted service data need to be acquired, sending all the encrypted service data to the retrieval request device;

step 160, if it is not necessary to obtain all the encrypted service data, sending part of the encrypted service data to the search request device (the specific number may be determined based on a default configuration, or may be determined based on information sent by the search request device).

In summary, according to the ciphertext retrieval method for security authentication of big data provided by the application, after business data to be processed is encrypted to form encrypted business data, at least one key subdata is obtained by processing the business data to be processed, so that corresponding retrieval index data can be formed based on the key subdata, and a corresponding relationship is established.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.

The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, an electronic device, or a network device) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.