CN113569264A

CN113569264A - Data security processing method and device and electronic equipment

Info

Publication number: CN113569264A
Application number: CN202110873828.8A
Authority: CN
Inventors: 曾锡金; 王帅; 肖俊贤; 段夕华
Original assignee: Rajax Network Technology Co Ltd
Current assignee: Rajax Network Technology Co Ltd
Priority date: 2021-07-30
Filing date: 2021-07-30
Publication date: 2021-10-29

Abstract

The application discloses a data security processing method and device and electronic equipment, and relates to the technical field of data processing. The method comprises the following steps: firstly, respectively configuring trusted execution environments for trusted computing nodes of two parties participating in cooperation; when each trusted computing node is started, sending trusted hardware environment information of the trusted computing node to a server side for authentication; if each trusted computing node is successfully authenticated, establishing a point-to-point communication channel trusted by both parties; and finally, in a trusted execution environment, the communication between the trusted computing nodes of the two parties is carried out through the point-to-point communication channel, so that the associated behavior data generated by the same user in the private domain data of the two parties on the two parties is subjected to joint processing. The data privacy of both parties participating in the cooperation is protected based on the security of the trusted execution environment.

Description

Data security processing method and device and electronic equipment

Technical Field

The present application relates to the field of data processing technologies, and in particular, to a method and an apparatus for processing data safely, and an electronic device.

Background

An advertiser can place advertisements on the advertisement platform, and a user can enter the advertiser platform by clicking the placed advertisements, so that advertiser data are generated on the advertiser platform. And the advertiser data is returned to the advertisement platform to feed back the advertisement putting effect.

Currently, in the process of returning data of an advertiser to an advertisement platform, user association key information (such as a mobile phone number, a device fingerprint and the like) of the advertiser can be subjected to MD5 encryption processing based on a cryptology mode, and the information and other business behavior characteristics of the advertiser are returned to the advertisement platform.

However, this approach can reverse traverse or data reasoning the data logic of the advertiser through the mapping relationship on the advertising platform side, which is easy to cause the leakage of private data and business secrets, and even possible malicious misuse.

Disclosure of Invention

In view of this, the present application provides a data security processing method, an apparatus and an electronic device, and mainly aims to solve the technical problem that security of cooperative processing of advertisement data is affected due to leakage of privacy data and business secrets caused by leakage of advertiser data in the prior art.

According to an aspect of the present application, there is provided a data security processing method, including:

respectively configuring trusted execution environments for the trusted computing nodes of two parties participating in the cooperation;

when each trusted computing node is started, sending trusted hardware environment information of the trusted computing node to a server side for authentication;

if each trusted computing node is successfully authenticated, establishing a point-to-point communication channel trusted by both parties;

in a trusted execution environment, communication between the trusted computing nodes of the two parties is carried out through the point-to-point communication channel, so that associated behavior data generated by the same user in the private domain data of the two parties is subjected to joint processing.

Optionally, in the trusted execution environment, the communication between the trusted computing nodes of the two parties is performed through the peer-to-peer communication channel, so as to perform joint processing on associated behavior data, generated by the same user on the two parties, in private domain data of the two parties, specifically including:

acquiring first behavior data of a user from private domain data of one party and acquiring second behavior data of the same user from private domain data of the other party, wherein the first behavior data is associated with the second behavior data, the first behavior data comprises data for generating user conversion behavior, and the second behavior data comprises data for guiding the user to generate conversion behavior;

and performing joint processing on the first behavior data and the second behavior data.

Optionally, the performing the joint processing on the first behavior data and the second behavior data specifically includes:

performing data cleansing on the first behavior data and the second behavior data, including: missing value filling and feature screening;

and performing combined processing on the first behavior data and the second behavior data after data cleaning.

Optionally, the trusted hardware environment information includes: the method comprises the steps of current hardware information of trusted computing nodes, a private key of current communication between the nodes and a software version.

Optionally, the establishing a peer-to-peer trusted communication channel between two parties specifically includes:

establishing point-to-point communication through a TLS (transport layer Security) encryption channel, and sending a ciphertext through exchanging an RSA (rivest Shamir Adleman) key to verify the identity of the other party;

and if the ciphertext of the two parties is successfully signed, determining that the point-to-point communication channel is successfully established.

if the network is judged to be unreachable in the stage of establishing point-to-point communication through the TLS encrypted channel, continuously initiating retry, and terminating after the retry exceeds the preset times;

and if at least one party fails to verify the signature of the ciphertext, terminating the data cooperation of the two parties.

Optionally, the trusted computing nodes of the two parties participating in the cooperation are a first trusted computing node on the advertisement main side and a second trusted computing node on the advertisement platform side;

in the trusted execution environment, the communication between the trusted computing nodes of the two parties is performed through the point-to-point communication channel, so that associated behavior data generated by the same user on the two parties in private domain data of the two parties is subjected to joint processing, and the method specifically includes:

acquiring advertiser data of a user through the first trusted computing node and acquiring advertisement platform data of the user through the second trusted computing node;

and carrying out combined processing on the advertiser data and the advertisement platform data of the same user.

Optionally, the obtaining, by the first trusted computing node, advertiser data of a user specifically includes:

acquiring behavior data generated when a user enters an advertisement main system through an advertisement platform;

generating a user identifier, user behavior labels corresponding to the user identifier and a characteristic variable set corresponding to the user behavior labels according to behavior data generated in the advertising main system;

and determining advertiser data of the user according to the user identification, the user behavior labels corresponding to the user identification and the characteristic variable sets corresponding to the user behavior labels.

Optionally, the generating, according to the behavior data generated in the advertiser system, a user identifier, a user behavior tag corresponding to the user identifier, and a feature variable set corresponding to the user behavior tag includes:

extracting conversion behavior data from the behavior data;

and generating a user identifier, user behavior labels respectively corresponding to the user identifier and a characteristic variable set respectively corresponding to the user behavior labels based on the conversion behavior data.

Optionally, the determining, according to the user identifier, the user behavior tags corresponding to the user identifier, and the feature variable sets corresponding to the user behavior tags, advertiser data of the user specifically includes:

screening a target behavior tag matched with a preset behavior tag from the user behavior tags, wherein the preset behavior tag is a behavior tag strongly related to the advertising effect;

and determining advertiser data of the user according to the user identification with the target behavior label, the target behavior label and the characteristic variable set corresponding to the target behavior label.

Optionally, the joint processing of the advertiser data and the advertisement platform data of the same user specifically includes:

combining advertiser data and advertisement platform data with the same user identification to generate training set data;

iteratively training an advertisement putting model by using the training set data;

if the trained advertisement putting model is converged, determining that the advertisement putting model is updated;

determining delivery strategy information for delivering advertisements to the user to be recommended by using the updated advertisement delivery model based on the current advertisement platform data of the user to be recommended;

and advertising according to the advertising strategy information.

According to another aspect of the present application, there is provided a data security processing apparatus, including:

the configuration module is used for respectively configuring trusted execution environments for the trusted computing nodes of the two parties participating in the cooperation;

the sending module is used for sending the trusted hardware environment information of each trusted computing node to the server side for authentication when each trusted computing node is started;

the establishing module is used for establishing a point-to-point communication channel trusted by both parties if each trusted computing node is successfully authenticated;

and the processing module is used for carrying out communication between the trusted computing nodes of the two parties through the point-to-point communication channel in the trusted execution environment so as to carry out joint processing on the associated behavior data generated by the same user in the private domain data of the two parties.

According to yet another aspect of the present application, there is provided a storage medium having stored thereon a computer program which, when executed by a processor, implements the above-described data security processing method.

According to yet another aspect of the present application, there is provided an electronic device, including a storage medium, a processor, and a computer program stored on the storage medium and executable on the processor, wherein the processor implements the above-mentioned data security processing method when executing the program.

Compared with the prior art, the data security processing method, the data security processing device and the electronic equipment provided by the application protect the data privacy of both parties participating in the cooperation, especially the data privacy of an advertiser, based on the trusted execution environment security. And the privacy protection is based on a hardware environment and does not depend on a complex security algorithm and does not need a large amount of computing resources. Specifically, after the trusted execution environment is provided for the two parties, the two parties are authenticated through the server side when the trusted computing nodes of the two parties are started, and after the two parties are authenticated successfully, a point-to-point communication channel trusted by the two parties is established. And in a trusted execution environment, associated behavior data generated by the same user on both sides in private domain data of both sides is jointly processed through a communication channel trusted by both sides, so that the safe backflow of advertiser data to an advertisement platform is realized. According to the scheme, based on the remote authentication technology, the nodes in advertisement cooperation are guaranteed to be credible, the addition of malicious nodes can be effectively avoided, and data leakage is prevented, so that the safety of advertisement data cooperation processing is guaranteed.

The foregoing description is only an overview of the technical solutions of the present application, and the present application can be implemented according to the content of the description in order to make the technical means of the present application more clearly understood, and the following detailed description of the present application is given in order to make the above and other objects, features, and advantages of the present application more clearly understandable.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:

fig. 1 is a schematic flow chart illustrating a data security processing method provided in an embodiment of the present application;

fig. 2 is a flowchart illustrating an example of a method for securely processing advertisement data according to an embodiment of the present application;

fig. 3 is a flowchart illustrating another example of a method for securely processing advertisement data according to an embodiment of the present application;

FIG. 4 illustrates an example schema architecture diagram provided by an embodiment of the present application;

fig. 5 is a flowchart illustrating an example of an application scenario provided in an embodiment of the present application;

fig. 6 shows a schematic structural diagram of a data security processing apparatus according to an embodiment of the present application.

Detailed Description

The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.

The method aims to solve the technical problems that privacy data and business secrets are leaked and the processing safety of the advertisement data is affected due to the fact that data of an advertiser is easily leaked in the prior art. The present embodiment provides a data security processing method, as shown in fig. 1, the method includes:

and 101, respectively configuring trusted execution environments for the trusted computing nodes of the two parties participating in the cooperation.

A Trusted Execution Environment (TEE) is a hardware protection technology, and a processor can use space isolation, access control, or even encryption means to ensure that codes and running states running in the Environment cannot be accessed, peeped, interfered, attacked, and the like by other parts of codes. In this embodiment, trusted execution environments are provided for both the advertisement host node and the advertisement platform node in advance, that is, both the advertisement host node and the advertisement platform node may be equipped with hardware with the same trusted execution environment characteristics (the hardware provides services of the trusted execution environment), and both the advertisement host node and the advertisement platform node perform data processing in their respective trusted execution environments, so that security of advertisement data cooperation processing may be ensured.

And 102, when each trusted computing node is started, sending the trusted hardware environment information of the trusted computing node to the server side for authentication.

The server may specifically be a remote authentication center or a cloud for security authentication, such as a CA authentication center.

For example, when the trusted computing nodes of both parties are started, the trusted computing nodes need to send trusted hardware environment information of the trusted computing nodes with the CA authentication center of the third party, so as to authenticate the identities of the trusted computing nodes, and then subsequent cooperation can be initiated.

And 103, if each trusted computing node is successfully authenticated, establishing a trusted point-to-point communication channel of both parties.

And 104, in the trusted execution environment, performing communication between the trusted computing nodes of the two parties through the point-to-point communication channel so as to perform joint processing on associated behavior data generated by the same user on the two parties in the private domain data of the two parties.

The private domain data can be the secret data of the own party and cannot be directly transmitted to the opposite party.

The method is characterized in that the user target event is realized by cooperation of two parties, wherein the behavior data generated by the same user on each party has relevance, namely the relevant behavior data generated by the same user on the two parties. In this embodiment, the associated behavior data generated by the same user in the private domain data of both parties can be processed in a combined manner, so as to analyze the condition information favorable for generating the user target event, thereby promoting the realization of more user target events.

It should be noted that, by the method of the embodiment, the security problem of performing the joint processing on the private domain data of the two parties is effectively solved, and the method is not limited to the security processing of the advertisement data and is also applicable to more scenes.

Compared with the prior art, the data privacy of both parties participating in the cooperation, especially the data privacy of the advertiser, is protected based on the security of the trusted execution environment. And the privacy protection is based on a hardware environment and does not depend on a complex security algorithm and does not need a large amount of computing resources. Through the scheme of the embodiment, based on the remote authentication technology, the nodes for advertisement cooperation are guaranteed to be credible, the addition of malicious nodes can be effectively avoided, and data leakage is prevented, so that the safety of advertisement data cooperation processing is guaranteed.

Further, as a refinement and an extension of the specific implementation of the above embodiment, optionally, the trusted hardware environment information in step 102 may specifically include: the current hardware information (such as CPU information supporting hardware encryption) of the trusted computing node, a private key and a software version of current communication between the nodes, and the like. Accurate identity authentication can be realized through the trusted hardware environment information.

Optionally, the establishing a peer-to-peer trusted communication channel in step 103 specifically includes: establishing point-to-point communication through a Transport Layer protocol (TLS) encryption channel, and sending a ciphertext through exchanging an RSA key to verify the identity of the other party; and if the ciphertext of the two parties is successfully checked and signed, determining that the point-to-point communication channel is successfully established.

The point-to-point communication channels of the two parties established in the way can ensure the safe communication of the two parties, identify the identity characteristics of the two parties participating in the data cooperation processing, ensure that the nodes in cooperation are credible, effectively avoid the addition of malicious nodes and prevent the data leakage.

On the other hand, establishing a peer-to-peer trusted communication channel between the two parties may specifically include: if the network is judged to be unreachable in the stage of establishing point-to-point communication through the TLS encrypted channel, continuously initiating retry, and terminating after the retry exceeds the preset times; and if at least one party fails in ciphertext signature verification, terminating data cooperation of the two parties so as to prevent the data from being attacked or causing data leakage.

Optionally, step 104 may specifically include: firstly, acquiring first behavior data of a user from private domain data of one party and acquiring second behavior data of the same user from the private domain data of the other party, wherein the first behavior data is associated with the second behavior data, the first behavior data can contain data for generating user conversion behaviors, and the second behavior data can contain data for guiding the user to generate the conversion behaviors; and then, the first behavior data and the second behavior data are subjected to combined processing, so that condition information beneficial to generating user conversion events is analyzed, and the conversion events of more users are promoted to be realized.

In this embodiment, the first behavior data and the second behavior data that meet the requirements, such as data that generate a user transformation behavior and data that guide the user to generate the transformation behavior, can be screened out (i.e., returned to the cooperative processing system) from the private domain data of both parties by using the user identifier and the time range, and then joint processing is performed, while other data that guide the user to generate the transformation behavior but do not actually generate the corresponding transformation behavior may not be returned.

In the application scenario of the advertisement data, the advertisement data is characterized by a huge number of features and more features with missing values. If the user clicks the advertisement link to enter the advertiser platform, the information of the user is difficult to obtain comprehensively, and prediction needs to be carried out based on a large amount of data. Therefore, in order to accurately perform the secure joint processing of the advertisement data of both parties, optionally, the joint processing of the first behavior data and the second behavior data may specifically include: firstly, data cleaning is carried out on the first behavior data and the second behavior data, and the method comprises the following steps: missing value filling and feature screening; and then performing combined processing on the first behavior data and the second behavior data after data cleaning.

For example, the filling in of the feature missing value is realized by filling in 0 or a random number, or filling in a possible value (a value of a previous (next) piece of data, a mean value, a median, a mode, and the like), or by estimating by using existing data through a machine learning algorithm (such as a K-neighborhood algorithm, linear regression, bayesian estimation, and the like). And for the characteristic screening process, the characteristics with high correlation degree can be selected by using methods such as correlation coefficient, chi-square check and the like.

For example, the trusted computing nodes of the two parties participating in the collaboration may be specifically a first trusted computing node on the advertiser side and a second trusted computing node on the advertisement platform side. Step 104 may specifically include: acquiring advertiser data of a user through a first trusted computing node, and acquiring advertisement platform data of the user through a second trusted computing node; and then, carrying out combined processing on the advertiser data and the advertisement platform data of the same user.

The obtaining of the advertiser data of the user through the first trusted computing node may specifically include: firstly, acquiring behavior data generated when a user enters an advertisement main system through an advertisement platform; generating a user identifier, user behavior labels corresponding to the user identifier and a characteristic variable set corresponding to the user behavior labels according to behavior data generated in the advertising main system; and finally, determining advertiser data of the user according to the user identification, the user behavior labels corresponding to the user identification and the characteristic variable sets corresponding to the user behavior labels.

Optionally, generating the user identifier, the user behavior tags corresponding to the user identifier, and the feature variable sets corresponding to the user behavior tags according to behavior data generated in the advertiser system specifically include: extracting conversion behavior data from the behavior data; and generating a user identifier, user behavior labels respectively corresponding to the user identifier and a characteristic variable set respectively corresponding to the user behavior labels based on the conversion behavior data.

Optionally, determining advertiser data of the user according to the user identifier, the user behavior tags corresponding to the user identifier, and the feature variable sets corresponding to the user behavior tags, specifically includes: screening a target behavior tag matched with a preset behavior tag from the user behavior tags, wherein the preset behavior tag is a behavior tag strongly related to the advertising effect; and determining advertiser data of the user according to the user identification with the target behavior label, the target behavior label and the characteristic variable set corresponding to the target behavior label.

Based on the above manner, optionally, the joint processing of the advertiser data and the advertisement platform data of the same user may specifically include: firstly, combining advertiser data and advertisement platform data with the same user identification to generate training set data; then, iteratively training an advertisement putting model by using training set data; and if the trained advertisement putting model is converged, determining that the advertisement putting model is updated. The advertisement delivery model may be used to formulate policy information for delivering advertisements to users.

After determining that the advertisement delivery model is updated, the method of this embodiment further includes: determining delivery strategy information for delivering advertisements to the user to be recommended by using the updated advertisement delivery model based on the current advertisement platform data of the user to be recommended; and then, carrying out advertisement putting according to the putting strategy information.

By the method, the data of the advertiser can be safely returned to the advertisement platform, the advertisement putting model can be optimized, and better advertisement putting effect can be realized subsequently.

To illustrate the method of this embodiment in detail, taking an advertisement host node (a first trusted computing node on the advertiser side) and an advertisement platform node (a second trusted computing node on the advertisement platform side) as an example, a secure processing method of advertisement data is provided below, which is applicable to the advertisement host node, as shown in fig. 2, and the method includes:

step 201, the advertisement host node sends the trusted hardware environment information of the advertisement host node to the CA authentication center for authentication.

The advertisement main node and the advertisement platform node are both provided with a trusted execution environment in advance. A Trusted Execution Environment (TEE) is a hardware protection technology, and a processor can use space isolation, access control, or even encryption means to ensure that codes and running states running in the Environment cannot be accessed, peeped, interfered, attacked, and the like by other parts of codes. In this embodiment, trusted execution environments are provided for both the advertisement host node and the advertisement platform node in advance, that is, both the advertisement host node and the advertisement platform node may be equipped with hardware with the same trusted execution environment characteristics (the hardware provides services of the trusted execution environment), and both the advertisement host node and the advertisement platform node perform data processing in their respective trusted execution environments, so that security of advertisement data cooperation processing may be ensured.

In this embodiment, when both the advertisement host node and the advertisement platform node are started, the trusted hardware environment information of the advertisement host node and the advertisement platform node needs to be sent to the third-party CA authentication center, so that the identity of the advertisement host node and the advertisement platform node is authenticated, and subsequent cooperation can be initiated.

Step 202, the advertisement host node receives the authentication success information returned by the CA authentication center, and establishes a point-to-point communication channel trusted by both the advertisement host node and the advertisement platform node.

And after the two parties successfully authenticate, establishing a point-to-point communication channel trusted by the two parties. The embodiment is based on the remote authentication technology, ensures that the nodes in the advertisement cooperation are credible, can effectively avoid the addition of malicious nodes, and prevents data leakage, thereby ensuring the safety of the advertisement data cooperation processing.

And 203, in the trusted execution environment, the advertisement main node sends a data cooperation request to the advertisement platform node through the established point-to-point communication channel.

The data cooperation request carries advertiser data, and further enables the advertising platform nodes to store the advertiser data in the credible region and update the advertising model by combining user behavior data recorded correspondingly by the advertising platform.

The advertiser data may include user associated key information (e.g., mobile phone number, identification card, device fingerprint, etc.), and behavior information of the user in the advertiser platform (e.g., information about application of the advertiser, registration of a new user, activation of an account, etc.). The user behavior data recorded corresponding to the advertisement platform may include browsing behavior of the user in the advertisement platform, search keywords, and the like. The advertisement delivery model may be used to formulate policy information for delivering advertisements to users.

Compared with the prior art, the data privacy of both parties participating in the advertisement collaboration, especially the data privacy of the advertiser, is protected based on the security of the trusted execution environment. And the privacy protection is based on a hardware environment and does not depend on a complex security algorithm and does not need a large amount of computing resources. Specifically, both parties are authenticated through a CA authentication center, and after both parties successfully authenticate, a point-to-point communication channel trusted by both parties is established. And then in a trusted execution environment, the data of the advertiser is returned to the advertisement platform through a communication channel trusted by both parties, and an advertisement putting model can be optimized, so that better advertisement putting effect can be realized subsequently. Through the scheme of the embodiment, based on the remote authentication technology, the nodes for advertisement cooperation are guaranteed to be credible, the addition of malicious nodes can be effectively avoided, and data leakage is prevented, so that the safety of advertisement data cooperation processing is guaranteed.

Further, as a refinement and an extension of the specific implementation of the foregoing embodiment, optionally, the establishing a peer-to-peer communication channel trusted by both the advertisement host node and the advertisement platform node in step 202 may specifically include: establishing point-to-point communication through a Transport Layer protocol (TLS) encryption channel, and sending a ciphertext through exchanging an RSA key to verify the identity of the other party; and if the ciphertext transmitted by the advertisement platform node is successfully checked, determining that the point-to-point communication channel between the advertisement main node and the advertisement platform node is successfully established.

In this embodiment, hardware requiring trusted execution environment characteristics of both the advertisement host node and the advertisement platform node may be generally obtained by a cloud service provider, and both have trusted execution environments, which is the basis of trusted collaboration. When each party starts, the subsequent cooperation can be initiated only by authenticating the identity of each party through a third-party CA authentication center. The two parties establish communication through a TLS encryption channel, and send ciphertext through exchanging RSA secret keys to verify the identity of the other party. Specifically, point-to-point TLS communication transmits a ciphertext and checks the ciphertext by exchanging RSA secret keys; and if the signature verification is successful, the communication is established successfully, and the identity verification is completed.

The peer-to-peer communication channels of the two parties established in the way can ensure the safe communication of the two parties, identify the identity characteristics of the two parties participating in the advertisement data cooperation processing, ensure that the nodes of the advertisement cooperation are credible, effectively avoid the addition of malicious nodes and prevent the data leakage.

On the other hand, establishing a trusted peer-to-peer communication channel between the advertisement host node and the advertisement platform node may specifically further include: if the network is judged to be unreachable in the stage of establishing point-to-point communication through the TLS encrypted channel, continuously initiating retry, and terminating after the retry exceeds the preset times; and if the ciphertext signature check sent by the advertisement platform node fails, stopping performing data cooperation with the advertisement platform node.

If the two cooperative parties find out that the network is unreachable in the stage of establishing point-to-point TLS communication, retry can be continuously initiated, and the retry is terminated after a certain number of retries (the threshold value of the number of times is determined according to actual requirements) is exceeded; if the two cooperative parties enter the exchange of RSA secret keys after the point-to-point TLS communication stage is established, the failure in the signature verification ciphertext stage indicates that the trusted environment of the participating parties is probably suspicious or the ciphertext content is tampered to cause that the signature verification cannot pass, and under the condition, the system control should immediately terminate the whole cooperative process so as to avoid being attacked or causing data leakage.

In order to obtain advertiser data meeting the training requirement of the advertisement delivery model, optionally, the method of this embodiment may further include: acquiring behavior data generated when a user enters an advertisement main system through an advertisement platform; generating a user identifier, user behavior labels corresponding to the user identifier and a characteristic variable set corresponding to the user behavior labels according to behavior data generated in an advertising main system; and then determining advertiser data according to the user identification, the user behavior labels corresponding to the user identification and the characteristic variable sets corresponding to the user behavior labels. And further determines the advertiser data carried in the data collaboration request sent in step 103 according to the advertiser data.

The user identification can be a unique Identification (ID) appointed by both the advertisement main node and the advertisement platform node, and behavior data respectively corresponding to the same user in the advertisement main system and the advertisement platform can be inquired through the user identification. For example, the user behavior tags corresponding to the user identifications may be tags of the user's downloading, registering, activating, purchasing, and the like.

In practice, after the advertisement delivered by the user through the advertisement platform enters the advertiser system, it may be only a browsing action, and no conversion action (such as downloading, registering, activating, purchasing, etc.) is generated. Therefore, the behavior data generated by the user in the advertiser main system can be filtered, and the advertiser data with the conversion behavior can be screened out, so that the advertisement putting model can be optimized through the more valuable data, the advertisement putting effect is better, and the business requirements of the advertiser can be met. Correspondingly, the generating of the user identifier, the user behavior tag corresponding to the user identifier, and the feature variable set corresponding to the user behavior tag according to the behavior data generated in the advertisement host system may specifically include: firstly, extracting and converting behavior data from behavior data generated by a user in an advertisement main system; and then generating a user identifier, user behavior labels respectively corresponding to the user identifier and a characteristic variable set respectively corresponding to the user behavior labels based on the converted behavior data.

Further, in order to improve the advertisement delivery accuracy of the subsequent advertisement delivery model and improve the information recommendation accuracy, optionally, the determining advertiser data according to the user identifier, the user behavior tags corresponding to the user identifier, and the feature variable sets corresponding to the user behavior tags may specifically include: screening a target behavior tag matched with a preset behavior tag from the user behavior tags, wherein the preset behavior tag is a behavior tag which is strongly related to the advertising effect; and then determining advertiser data according to the user identification with the target behavior label, the target behavior label and the characteristic variable set corresponding to the target behavior label.

The behavior tag strongly related to the advertising effect can be determined according to the actual needs of the advertiser, for example, the purchasing behavior tag of the user in the advertiser system can be the behavior tag strongly related to the advertising effect; for another example, the new user registration behavior tag of the user in the advertiser system and the game behavior tag may be behavior tags that are strongly related to the advertisement effect, and the like.

By the alternative mode, more valuable advertiser data can be screened out to further optimize the advertisement putting model. The advertisement putting strategy formulated by the advertisement putting model is used for carrying out advertisement putting subsequently, the accuracy of advertisement putting can be improved, and the accuracy of information recommendation is further improved.

The content of the foregoing embodiment is a security processing procedure of advertisement data described at an advertisement host node side, and further, to fully illustrate an implementation manner of this embodiment, this embodiment further provides another security processing method of advertisement data, which can be applied to an advertisement platform node side, as shown in fig. 3, where the method includes:

step 301, the advertisement platform node sends the trusted hardware environment information of the advertisement platform node to the CA authentication center for authentication.

And the advertisement platform node and the advertisement main node are both preset with a trusted execution environment. The process of identity authentication of the advertisement platform node through the CA authentication center is similar to the authentication process of the advertisement main node, and is not repeated here.

Step 302, the advertisement platform node receives the authentication success information returned by the CA authentication center, and establishes a trusted point-to-point communication channel between the advertisement platform node and the advertisement host node.

The embodiment is based on the remote authentication technology, ensures that the nodes in the advertisement cooperation are credible, can effectively avoid the addition of malicious nodes, and prevents data leakage, thereby ensuring the safety of the advertisement data cooperation processing.

Step 303, in the trusted execution environment, the advertisement platform node receives a data cooperation request sent by the advertisement host node through the established point-to-point communication channel.

The data cooperation request carries advertiser data.

And 304, storing advertiser data carried in the data cooperation request in the trusted area, and updating an advertisement putting model by combining user behavior data correspondingly recorded by the advertisement platform.

For example, the initial establishment process of the advertisement delivery model includes: the advertisement platform user determines the label of the user according to the browsing behavior of the user and the like, and determines which contents the user may be interested in by the user according to the strategies of user layering and the like; for search platform advertisements, such as search engine websites, the corresponding associated advertiser content can be recommended according to the information of the GPS geographic position, the IP address, the search keywords and the like of the user; for a content platform, such as a news application, the associated advertiser content can be recommended according to the preferences of the user for viewing the contents of news, articles, short videos and the like; the advertisement delivery model may specifically use machine learning algorithms, such as logistic regression, neural network models, and the like.

The input data for the advertising model may be behavioral actions of the current user, such as searching keywords, such as viewing news, articles, small videos, etc.; the output data of the advertisement putting model can be the advertisement of the advertiser pushed in the current exposure field; the content predictable by the advertisement putting model may be content with a high degree of association with the user tag and the action, or may be randomly put content.

Further, as a refinement and an extension of the specific implementation of the foregoing embodiment, optionally, step 302 may specifically include: establishing point-to-point communication through a TLS encrypted channel, and sending a ciphertext to verify the identity of the other party through exchanging an RSA key; and if the ciphertext signature check sent by the advertisement main node is successful, determining that the point-to-point communication channel between the advertisement main node and the advertisement platform node is successfully established.

On the other hand, establishing a trusted peer-to-peer communication channel between the advertisement platform node and the advertisement host node may specifically further include: if the network is judged to be unreachable in the stage of establishing point-to-point communication through the TLS encrypted channel, continuously initiating retry, and terminating after the retry exceeds the preset times; and if the ciphertext signature check sent by the advertising main node fails, stopping performing data cooperation with the advertising main node.

In order to accurately optimize the advertisement placement model, step 304 may specifically include: combining the user behavior data with the same user identification with the advertiser data (i.e. completing the characteristic data required by model training according to the private domain data of both parties) to generate training set data; then, the training set data is used for iterative training of an advertisement putting model; and if the trained advertisement putting model is converged, determining that the advertisement putting model is updated.

Further optionally, after step 304, the method of this embodiment may further include: determining delivery strategy information for delivering advertisements to the user to be recommended by using the updated advertisement delivery model based on the current behavior data of the user to be recommended; and then, carrying out advertisement putting according to the putting strategy information.

The current behavior data of the user to be recommended may specifically include: one or more of the current GPS geographic position, the IP address, the search keyword, the browsed content and the like of the user to be recommended. Then, the current row can be processed into data to obtain data of an input model, and then the data is input into an advertisement putting model to be calculated, so that the advertisement information of the advertiser which can be pushed by the current exposure field of the user can be obtained.

In order to illustrate the specific implementation process of the above embodiments, the following application scenarios are given, but not limited to:

the advertiser may be an online takeaway ordering platform and the advertising platform may be a news-like application platform. In order to determine a suitable time for recommending the advertisement of the takeaway ordering platform to the user when the user browses the page of the news application platform, advertiser data needs to flow back to the advertisement platform. At present, a cryptography-based mode is mainly used, for example, user associated key information (a mobile phone number, a device fingerprint and the like) of an advertiser is encrypted in an MD5 and the like and is returned to an advertisement platform together with other business behavior characteristics of the advertiser, so that data of the advertiser is in a nude state, the advertisement platform can reversely traverse or infer data logic of the advertiser through a mapping relationship, so that private data and business secrets are leaked and even possibly abused maliciously, particularly under the condition that a competitive relationship exists, and meanwhile, a data backflow mechanism of an advertisement RTA (real-time API) platform also has a hidden risk of compliance.

In order to solve the data security problem of the advertisement data cooperation, based on the method of the embodiment, a novel solution is provided from technical means, so that the data privacy and security problems of an advertiser data reflux RTA platform are solved, and the advertisement platform is ensured to be more compliant.

As shown in fig. 4, hardware and software of a trusted multi-party computing platform (TMPC) may be pre-arranged in the advertisement host node and the advertisement platform node, so as to provide trusted execution environments for both parties of the cooperative processing and establish trusted communication, and further solve the technical problems of cross-private domain data fusion and cooperation by using the trusted multi-party computing platform.

And respectively loading the private domain data of the two parties to the corresponding local trusted regions through the trusted multi-party computing platform, and specifically loading the private domain data of the two parties to a trusted memory after the application service is started. The data in the trusted area can only be accessed by the trusted multi-party computing platform, other malicious nodes are not allowed to call, and the security of the private area data is guaranteed.

As shown in fig. 4, firstly, the advertisement platform makes an advertisement delivery policy in the current exposure domain of the user terminal through an advertisement delivery model, and performs advertisement delivery according to the delivery policy. The user clicks the advertisement link to enter the advertiser service system, and user behavior (ID, Y value) is generated in the advertiser service system, where the ID represents a user identifier (such as a mobile phone number, device fingerprint information, etc.), and the Y value is a behavior tag (which may be a set representing a series of behavior tags) of the user corresponding to the user identifier. And then find user conversion actions (e.g., download, register, activate, order placement …). User conversion behavior (ID, X value, Y value) is packaged as advertiser data. The value X may be a feature variable set corresponding to the label Y, such as an age label, an occupation label, a geographic location label, a purchasing preference label, an income ability label, a marriage/no-marriage label, a house/no-house label, a shopping frequency label, and the like of the user. And returning the advertiser data according to the actual requirement, and if so, only returning a part of labels which are strongly related to the advertising effect, namely returning the X value of the part.

And communicating the packaged advertiser data through the credible computing nodes deployed by the two parties, and performing joint training on the advertisement delivery model with the user behavior data corresponding to the user identification recorded by the advertisement platform side, thereby achieving the purpose of optimizing the advertisement delivery model. The specific model training process may be as shown in fig. 5, first, the advertiser data is prepared (ID, X value, Y value), the advertiser trusted computing node initiates a data cooperation request, and establishes secure computing encryption communication with the advertising platform trusted computing node. The advertisement Platform trusted computing node receives the Data cooperation request, Data Management Platform (DMP) Data loading (ID, X value and Y value) of the advertisement Platform, then an advertisement Platform RTA advertisement effect optimization model is loaded, and the advertisement Platform trusted computing node secure memory area protects the loaded advertiser Data. And then executing the training of the optimized advertisement putting model, optimizing the parameters until the advertisement putting model is converged, and updating the advertisement putting model by the advertisement platform.

Based on the scheme of the embodiment, the ground of the TMPC trusted computing technology base based cross-private domain data cooperation on the advertisement platform is provided, the problems of data security and privacy of the current advertisement industry are solved, and data security of both parties is protected. Different from the traditional cryptology-based data encryption, the method of one-way advertiser data backflow RTA platform; the identity characteristics of both parties participating in advertisement cooperation are identified, and the addition of malicious nodes is avoided; the advertisement platform data cooperation, model training, prediction and tuning are all ensured to run in a credible execution environment, so that the private data are ensured not to be leaked and abused, and the purpose of being available and invisible is realized; the business target of the cooperation of both parties aiming at the advertisement business is realized while the private data of the private area is protected. The following advantages can be achieved:

the data privacy of both parties participating in the advertisement collaboration, especially the data privacy of an advertiser, is protected based on the security of a trusted execution environment; the privacy protection is based on a hardware environment, does not depend on a complex security algorithm and does not need a large amount of computing resources; based on a remote authentication technology, the nodes for advertisement cooperation are guaranteed to be credible, and the risk of data leakage caused by the addition of malicious nodes is avoided; and data cooperation of the advertisement service is carried out in the trusted execution environment, so that a safer data cooperation execution environment is ensured.

Further, as a specific implementation of the method shown in fig. 1, this embodiment provides a data security processing apparatus, as shown in fig. 6, the apparatus includes: configuration module 41, sending module 42, establishing module 43, and processing module 44.

A configuration module 41, configured to configure trusted execution environments for the trusted computing nodes of both parties participating in the collaboration respectively;

the sending module 42 is configured to send trusted hardware environment information of each trusted computing node to the server for authentication when each trusted computing node is started;

an establishing module 43, configured to establish a peer-to-peer trusted communication channel between two parties if each trusted computing node succeeds in authentication;

and the processing module 44 is configured to perform communication between the trusted computing nodes of the two parties through the point-to-point communication channel in the trusted execution environment, so as to perform joint processing on associated behavior data generated by the same user in the private domain data of the two parties.

In a specific application scenario, the processing module 44 is specifically configured to obtain first behavior data of a user in private domain data of one party, and obtain second behavior data of the same user in private domain data of another party, where the first behavior data is associated with the second behavior data, the first behavior data includes data for generating a user conversion behavior, and the second behavior data includes data for guiding the user to generate the conversion behavior; and performing joint processing on the first behavior data and the second behavior data.

In a specific application scenario, the processing module 44 is further specifically configured to perform data cleansing on the first behavior data and the second behavior data, and includes: missing value filling and feature screening; and performing combined processing on the first behavior data and the second behavior data after data cleaning.

In a specific application scenario, optionally, the trusted hardware environment information includes: the method comprises the steps of current hardware information of trusted computing nodes, a private key of current communication between the nodes and a software version.

In a specific application scenario, the establishing module 43 is specifically configured to establish point-to-point communication through a security transport layer protocol TLS encrypted channel, and send a ciphertext through exchanging an RSA key to verify an identity of an opposite party; and if the ciphertext of the two parties is successfully signed, determining that the point-to-point communication channel is successfully established.

In a specific application scenario, the establishing module 43 is further configured to continue initiating retry if it is determined that the network is not reachable in the stage of establishing the peer-to-peer communication through the TLS encrypted channel, and terminate after the retry exceeds a preset number of times; and if at least one party fails to verify the signature of the ciphertext, terminating the data cooperation of the two parties.

In a specific application scenario, optionally, the trusted computing nodes of the two parties participating in the collaboration are a first trusted computing node on the advertisement main side and a second trusted computing node on the advertisement platform side;

the processing module 44 is specifically configured to obtain advertiser data of a user through the first trusted computing node, and obtain advertisement platform data of the user through the second trusted computing node; and carrying out combined processing on the advertiser data and the advertisement platform data of the same user.

In a specific application scenario, the processing module 44 is further configured to obtain behavior data generated when a user enters the advertisement main system through the advertisement platform; generating a user identifier, user behavior labels corresponding to the user identifier and a characteristic variable set corresponding to the user behavior labels according to behavior data generated in the advertising main system; and determining advertiser data of the user according to the user identification, the user behavior labels corresponding to the user identification and the characteristic variable sets corresponding to the user behavior labels.

In a specific application scenario, the processing module 44 is further configured to extract the conversion behavior data from the behavior data; and generating a user identifier, user behavior labels respectively corresponding to the user identifier and a characteristic variable set respectively corresponding to the user behavior labels based on the conversion behavior data.

In a specific application scenario, the processing module 44 is further configured to specifically screen a target behavior tag matching a preset behavior tag from the user behavior tags, where the preset behavior tag is a behavior tag strongly related to an advertisement effect; and determining advertiser data of the user according to the user identification with the target behavior label, the target behavior label and the characteristic variable set corresponding to the target behavior label.

In a specific application scenario, the processing module 44 is further configured to combine advertiser data and advertisement platform data with the same user identifier to generate training set data; iteratively training an advertisement putting model by using the training set data; and if the trained advertisement putting model is converged, determining that the advertisement putting model is updated.

In a specific application scenario, the apparatus further comprises: a determining module and a releasing module;

the determining module is used for determining the delivery strategy information of the advertisement delivered to the user to be recommended by utilizing the updated advertisement delivery model based on the current advertisement platform data of the user to be recommended after the determined advertisement delivery model is updated;

and the delivery module is used for delivering the advertisement according to the delivery strategy information.

It should be noted that other corresponding descriptions of the functional units related to the data security processing apparatus provided in this embodiment may refer to the corresponding descriptions in fig. 1, and are not described herein again.

Based on the method shown in fig. 1, correspondingly, the present application further provides a storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the method shown in fig. 1.

Based on such understanding, the technical solution of the present embodiment may be embodied in the form of a software product, where the software product may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, or the like), and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) to execute the method of each implementation scenario of the present embodiment.

Based on the method shown in fig. 1 and the virtual device embodiment shown in fig. 6, in order to achieve the above object, an embodiment of the present application further provides an electronic device, which may specifically be a personal computer, a server, a smart phone, or other network devices, and the device includes a storage medium and a processor; a storage medium for storing a computer program; a processor for executing a computer program for implementing the above-described method as shown in fig. 1.

Optionally, the entity device may further include a user interface, a network interface, a camera, a Radio Frequency (RF) circuit, a sensor, an audio circuit, a WI-FI module, and the like. The user interface may include a Display screen (Display), an input unit such as a keypad (Keyboard), etc., and the optional user interface may also include a USB interface, a card reader interface, etc. The network interface may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), etc.

It will be understood by those skilled in the art that the above-described physical device structure provided in the present embodiment is not limited to the physical device, and may include more or less components, or combine some components, or arrange different components.

The storage medium may further include an operating system and a network communication module. The operating system is a program that manages the hardware and software resources of the above-described physical devices, and supports the operation of the information processing program as well as other software and/or programs. The network communication module is used for realizing communication among components in the storage medium and communication with other hardware and software in the information processing entity device.

Based on the above, further, an embodiment of the present application further provides a system for safely processing advertisement data, where the system includes an advertisement master node device and an advertisement platform node device;

wherein the advertiser node device is operable to perform the method shown in fig. 2 and the advertising platform node device is operable to perform the method shown in fig. 3.

The advertisement main node equipment can be used for sending trusted hardware environment information of the advertisement main node equipment to a CA authentication center for authentication, and the advertisement main node equipment and the advertisement platform node equipment are both provided with trusted execution environments in advance; receiving authentication success information returned by a CA authentication center, and establishing a point-to-point communication channel trusted by both the advertisement main node equipment and the advertisement platform node equipment; in a trusted execution environment, sending a data cooperation request to the advertisement platform node equipment through the point-to-point communication channel, wherein the data cooperation request carries advertiser data, so that the advertisement platform node equipment stores the advertiser data in a trusted area and updates an advertisement delivery model by combining user behavior data recorded correspondingly by an advertisement platform;

the advertisement platform node equipment can be used for sending the trusted hardware environment information of the advertisement platform node equipment to the CA authentication center for authentication; receiving authentication success information returned by a CA authentication center, and establishing a point-to-point communication channel trusted by both advertisement platform node equipment and advertisement main node equipment; in a trusted execution environment, receiving a data cooperation request sent by the advertising main node equipment through the point-to-point communication channel, wherein the data cooperation request carries advertising main data; and storing the advertiser data in the trusted area, and updating an advertisement putting model by combining the user behavior data correspondingly recorded by the advertisement platform.

Through the above description of the embodiments, those skilled in the art will clearly understand that the present application can be implemented by software plus a necessary general hardware platform, and can also be implemented by hardware. By applying the technical scheme of the embodiment, the data privacy of both parties participating in the advertisement cooperation, especially the data privacy of an advertiser, is protected based on the security of the trusted execution environment. And the privacy protection is based on a hardware environment and does not depend on a complex security algorithm and does not need a large amount of computing resources. According to the scheme, based on the remote authentication technology, the nodes in advertisement cooperation are guaranteed to be credible, the addition of malicious nodes can be effectively avoided, and data leakage is prevented, so that the safety of advertisement data cooperation processing is guaranteed.

Those skilled in the art will appreciate that the figures are merely schematic representations of one preferred implementation scenario and that the blocks or flow diagrams in the figures are not necessarily required to practice the present application. Those skilled in the art will appreciate that the modules in the devices in the implementation scenario may be distributed in the devices in the implementation scenario according to the description of the implementation scenario, or may be located in one or more devices different from the present implementation scenario with corresponding changes. The modules of the implementation scenario may be combined into one module, or may be further split into a plurality of sub-modules.

The above application serial numbers are for description purposes only and do not represent the superiority or inferiority of the implementation scenarios. The above disclosure is only a few specific implementation scenarios of the present application, but the present application is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present application.

Claims

1. A data security processing method is characterized by comprising the following steps:

2. The method according to claim 1, wherein in the trusted execution environment, the communication between the trusted computing nodes of both parties is performed through the peer-to-peer communication channel, so as to jointly process associated behavior data, generated by the same user on both parties, in the private domain data of both parties, specifically comprising:

3. The method according to claim 2, wherein the jointly processing the first behavior data and the second behavior data specifically includes:

4. The method of claim 1, wherein the trusted hardware environment information comprises: the method comprises the steps of current hardware information of trusted computing nodes, a private key of current communication between the nodes and a software version.

5. The method according to claim 1, wherein the establishing a peer-to-peer trusted communication channel includes:

6. The method according to claim 5, wherein the establishing a peer-to-peer trusted communication channel between both parties further comprises:

7. The method of claim 1, wherein the trusted computing nodes of the two parties participating in the collaboration are a first trusted computing node on the advertiser side and a second trusted computing node on the advertising platform side;

8. A data security processing apparatus, comprising:

9. A storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the method of any of claims 1 to 7.

10. An electronic device comprising a storage medium, a processor and a computer program stored on the storage medium and executable on the processor, wherein the processor implements the method of any one of claims 1 to 7 when executing the computer program.