CN110166423B - User credit determination method, device and system and data processing method - Google Patents

User credit determination method, device and system and data processing method Download PDF

Info

Publication number
CN110166423B
CN110166423B CN201910260260.5A CN201910260260A CN110166423B CN 110166423 B CN110166423 B CN 110166423B CN 201910260260 A CN201910260260 A CN 201910260260A CN 110166423 B CN110166423 B CN 110166423B
Authority
CN
China
Prior art keywords
identity information
encrypted
data
key
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910260260.5A
Other languages
Chinese (zh)
Other versions
CN110166423A (en
Inventor
徐峰
杨陆毅
陈弢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Advanced New Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Advanced New Technologies Co Ltd filed Critical Advanced New Technologies Co Ltd
Priority to CN201910260260.5A priority Critical patent/CN110166423B/en
Publication of CN110166423A publication Critical patent/CN110166423A/en
Application granted granted Critical
Publication of CN110166423B publication Critical patent/CN110166423B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0609Buyer or seller confidence or verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Abstract

The specification provides a user credit determination method, a user credit determination device, a user credit determination system and a data processing method. The method for determining the user credit comprises the following steps: acquiring identity information of a user for indicating credit to be determined, and initiating an operation request; responding to the operation request, generating a first key, a second key and an intermediary function; the first secret key is used for encrypting to obtain encrypted identity information, the second secret key, the encrypted identity information and the media function are sent to the second server, so that the second server can solve the media function by using the preset list data encrypted based on the second secret key and the encrypted identity information under the condition that the second server cannot know the identity information, an operation result is obtained, and the first server determines user credit according to the fed-back operation result. Therefore, the credit condition of the user can be accurately and efficiently determined under the condition that the information data owned by the user is not leaked to the other party or other third parties.

Description

User credit determination method, device and system and data processing method
Technical Field
The present specification belongs to the field of internet technology, and in particular, relates to a method, an apparatus, a system for determining user credit, and a method for processing data.
Background
In application scenarios such as internet transaction and finance, it is often necessary to query user data owned by a partner (e.g., account data of a user) by using list data of the partner, and evaluate the credit condition of the user according to the query result.
For example, a network payment platform a may want to evaluate the credit status of a user X on the payment platform, so as to determine that the user may enjoy the payment right according to the credit status of the user. The bank B of the partner has a large amount of credit data of the users on the network payment platform A in a plurality of fields, and the bank B also evaluates the credit condition of each user regularly according to the credit data and screens accounts with relatively low credit evaluation according to the evaluation result to generate a corresponding blacklist.
When evaluating the credit condition of the user X, the payment platform a hopes to inquire whether the user X is in the blacklist of the bank B, and further can evaluate the credit condition of the user X more accurately by using the inquiry result as a reference basis for evaluation. However, considering data security and privacy of user data, neither the network payment platform a nor the bank B would want the data owned by each to be known or leaked by the other. For example, the payment platform a does not want data such as identity information of the user X, or data such as a specific consumption record of the user X on the network payment platform to be known by the bank B; bank B does not want the information data of other users contained in the blacklist owned by bank B to be known by the payment platform a. Therefore, a method for determining user credit with higher security and capable of protecting data privacy is needed.
Disclosure of Invention
The present specification aims to provide a method, an apparatus, a system for determining user credit and a data processing method, so as to solve the technical problems that data owned by a self party is easy to leak, and potential safety hazards such as data leakage exist in the process of determining user credit.
The method, the device and the system for determining the user credit and the data processing method provided by the specification are realized as follows:
a method for determining user credit, comprising: acquiring identity information, wherein the identity information is used for indicating a user; initiating an operation request to a second server, wherein the second server stores preset list data; responding to the operation request, generating a first key, a second key and a media function; encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server; the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and determines an operation result according to the encrypted identity information, the encrypted preset list data and the media function; and receiving the operation result, and determining the user credit according to the operation result.
A method for determining user credit, comprising: receiving an operation request, encrypted identity information, a second secret key and a media function; responding to the operation request, and encrypting preset list data by using the second secret key to obtain the encrypted preset list data; solving the media function according to the encrypted identity information and the encrypted preset list data to obtain an operation result; and sending the operation result to the first server.
A method for determining user credit, comprising: the method comprises the steps that a first server obtains identity information and initiates a calculation request, wherein the identity information is used for indicating a user; the first server responds to the operation request and generates a first key, a second key and a media function; encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server; the second server receives and responds to the operation request, and encrypts preset list data by using the second secret key to obtain the encrypted preset list data; solving the media function according to the encrypted identity information and the encrypted preset list data to obtain an operation result, and sending the operation result to a first server; and the first server receives and determines the user credit according to the operation result.
A method of processing data, comprising: acquiring first data; initiating an operation request to a second server, wherein the second server stores second data; responding to the operation request, generating a first key, a second key and a media function; encrypting the first data by using a first key to obtain encrypted first data, and sending the encrypted first data, the second key and the media function to a second server; the second server encrypts the second data by using the second key to obtain encrypted second data, and determines an operation result according to the encrypted first data, the encrypted second data and the media data; and receiving the operation result, and determining whether the first data and the second data meet a preset incidence relation according to the operation result.
An account data query method comprises the following steps: acquiring target account data; initiating an operation request to a second server, wherein the second server stores preset list data; responding to the operation request, generating a first key, a second key and a media function; encrypting the target account data by using a first key to obtain encrypted target account data, and sending the encrypted target account data, the second key and the media function to a second server; the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and determines an operation result according to the encrypted target account data, the encrypted preset list data and the media function; and receiving the operation result, and determining whether the target account data is located in the preset list data according to the operation result.
An apparatus for determining user credit, comprising: the system comprises an acquisition module, a processing module and a display module, wherein the acquisition module is used for acquiring identity information, and the identity information is used for indicating a user; the initiating module is used for initiating an operation request to a second server, wherein the second server stores preset list data; the generating module is used for responding to the operation request, generating a first key, a second key and a media function; the processing module is used for encrypting the identity information by using the first secret key to obtain encrypted identity information and sending the encrypted identity information, the second secret key and the media function to the second server; the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and determines an operation result according to the encrypted identity information, the encrypted preset list data and the media function; and the determining module is used for receiving the operation result and determining the credit of the user according to the operation result.
An apparatus for determining user credit, comprising: the receiving module is used for receiving the operation request, the encrypted identity information, the second secret key and the media function; the encryption module is used for responding to the operation request and encrypting preset list data by using the second secret key to obtain the encrypted preset list data; the operation module is used for solving the media function according to the encrypted identity information and the encrypted preset list data to obtain an operation result; and the sending module is used for sending the operation result to the first server.
A system for determining user credit, comprising: the system comprises a first server and a second server, wherein the first server stores identity information which is used for indicating a user, and the second server stores preset list data; the method comprises the steps that a first server obtains identity information and initiates a calculation request, wherein the identity information is used for indicating a user; the first server responds to the operation request and generates a first key, a second key and a media function; encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server; the second server receives and responds to the operation request, and encrypts preset list data by using the second secret key to obtain the encrypted preset list data; solving the media function according to the encrypted identity information and the encrypted preset list data to obtain an operation result, and sending the operation result to a first server; and the first server receives and determines the user credit according to the operation result.
A server comprising a processor and a memory for storing processor-executable instructions, the instructions when executed by the processor enabling obtaining identity information, wherein the identity information is indicative of a user; initiating an operation request to a second server, wherein the second server stores preset list data; responding to the operation request, generating a first key, a second key and a media function; encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server; the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and determines an operation result according to the encrypted identity information, the encrypted preset list data and the media function; and receiving the operation result, and determining the user credit according to the operation result.
A computer readable storage medium having stored thereon computer instructions that, when executed, enable obtaining identity information, wherein the identity information is indicative of a user; initiating an operation request to a second server, wherein the second server stores preset list data; responding to the operation request, generating a first key, a second key and a media function; encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server; the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and determines an operation result according to the encrypted identity information, the encrypted preset list data and the media function; and receiving the operation result, and determining the user credit according to the operation result.
The method, the device and the system for determining the user credit and the data processing method provided by the specification are characterized in that a first key, a second key and a media function are generated firstly, the identity information of a user to be determined credit is encrypted by using the first key, and then the encrypted identity information, the second key and the media function are sent to a second server, so that the information data owned by the first server, such as the identity information of the user, is prevented from being known by the second server; the second server encrypts the stored preset list data by using a second key, and solves a corresponding media function by using the encrypted identity information and the encrypted preset list data to obtain result data which is fed back to the first server, so that the stored preset list data is prevented from being leaked in the operation processing process; the first server can determine whether the user indicated by the identity information is in the preset list data according to the result data under the condition that the preset list data is not known, and then determines the credit condition of the user. Therefore, the technical problems that information data owned by the own party is easy to leak, potential safety hazards such as data leakage exist in the data processing process of determining the credit of the user in the existing method are solved, whether the user is in the preset list data or not can be accurately and efficiently determined under the condition that the information data owned by the own party is not leaked to the opposite party or the third party, the credit condition of the user is further determined, the safety degree of the data in the data processing process is improved, and the data privacy is protected.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
FIG. 1 is a schematic diagram of one embodiment of a process for user credit determination using existing methods;
FIG. 2 is a diagram illustrating an embodiment of a structural component of a system for determining user credit provided by an embodiment of the present disclosure;
FIG. 3 is a diagram illustrating an embodiment of a method for determining user credit provided by an embodiment of the present specification, in an example scenario;
FIG. 4 is a diagram illustrating an embodiment of a process of a method for determining user credit provided by embodiments of the present description;
FIG. 5 is a diagram illustrating an embodiment of a process of a method for determining user credit provided by embodiments of the present description;
FIG. 6 is a diagram illustrating an embodiment of a process of a method for determining user credit provided by embodiments of the present description;
FIG. 7 is a diagram illustrating an embodiment of a structure of a server provided by an embodiment of the present specification;
fig. 8 is a schematic diagram of an embodiment of a structure of a device for determining user credit provided in an embodiment of the present specification;
fig. 9 is a schematic diagram of an embodiment of a structure of a user credit determination apparatus provided in an embodiment of the present specification.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
Considering that the existing method for determining the user credit generally needs to evaluate the user credit by inquiring whether the user to be determined the credit is in the preset list data owned by the other party, such as a blacklist, the inquiry process mostly introduces a third party trusted by both parties between the inquiring party and the inquired party as an intermediate party. As shown in fig. 1, in a specific implementation, the querying party needs to first send user data to be queried to a third-party server, and the queried party needs to send the owned preset list data to the third-party server; the third-party server can simultaneously have the user data to be inquired and the preset list data, determine whether the user data to be inquired is located in the preset list data through data comparison, obtain an inquiry result, and feed the inquiry result back to the inquiring party, so that the inquiring party can judge the credit condition of the user according to the inquiry result.
Although the method can avoid the inquiring party from directly acquiring the preset list data owned by the inquired party, the inquired party can avoid directly acquiring the user data to be inquired owned by the inquiring party; however, a third party other than the inquiring party and the inquired party can simultaneously master the two data, namely the user data to be inquired and the preset list data, and relatively high data security risks exist. In addition, based on the above method, a third party that both the inquiring party and the inquired party can trust needs to be found as an intermediate party. In the implementation process, it is often difficult to find the trusting and trusting third party, and the data processing cost must be increased, so that the processing process is more complicated.
Aiming at the root cause of the problems, the specification considers that a decentralized query mode can be designed on the premise of not introducing a third party, and a first operation node and a second operation node which are related are respectively distributed on two sides of a query party and a queried party; in implementation, the first operation node may use user data to be queried owned by a querying party as input, and the second operation node may use preset list data owned by a queried party as input, and participate in a common operation according to a preset rule, so as to calculate an operation result for representing whether the user data to be queried is located in the preset list data. Specifically, a server on the inquiring party side may serve as a first operation node to generate a first key for the identity information of the user, a second key for the preset list data, and a corresponding intermediate function; and then the encrypted identity information which is encrypted by the first key and can not be directly read by the inquired party is sent to a server at one side of the inquired party together with the second key and the media function. The server on the inquired side serving as a second operation node can encrypt the preset list data by using a second key to obtain the encrypted preset list data, leakage of the preset list data in a subsequent operation process is avoided, the encrypted preset list data and the encrypted identity information are used for solving the medium function to obtain an operation result, and the operation result is fed back to the inquirer, so that the inquirer can determine the credit condition of the user according to the operation result. Therefore, on the premise of not introducing a third party, the information data owned by the third party can not be leaked to the other party, whether the user to be inquired is located in the preset list data or not is accurately and efficiently determined, and then the specific credit condition of the user can be judged, so that the safety of the data in the processing process is improved, and the data privacy is protected.
The embodiment of the present specification provides a system for determining user credit by applying a method for determining user credit, which may specifically refer to fig. 2.
The query system of the user data may specifically include: a first server applied to the inquirer side, and a second server applied to the inquired side. The first server and the second server are coupled and can perform data interaction with each other. And the second server stores preset list data of the inquired party.
In specific implementation, the first server may initiate an operation request after receiving the identity information indicating the user whose credit is to be determined; responding to the operation request, and generating a first secret key aiming at the identity information, a second secret key aiming at the preset list data and a corresponding media function obtained based on a preset comparison function; and then, the first secret key is used for encrypting the identity information, and the encrypted identity information, the second secret key and the media function are sent to a second server. After receiving the data, the second server may encrypt the preset list data by using the second key to obtain the encrypted preset list data; and solving the media function by using the encrypted identity information and the encrypted preset list data to obtain an operation result, and feeding the operation result back to the first server. The first server can determine the credit of the user according to the operation result.
In this embodiment, the first server and the second server may be background service servers that are applied to a service platform side and can implement functions such as data transmission and data processing. Specifically, the first server and the second server may be an electronic device having data operation, storage function and network interaction function; or a software program running in the electronic device to support data processing, storage and network interaction. In this embodiment, the number of the servers included in the first server and the second server is not specifically limited. The first server and the second server may be specifically one server, or several servers, or a server cluster formed by several servers.
In an example scenario, referring to fig. 3, a network payment platform a may efficiently and safely determine whether user data x to be queried is located in blacklist data of a bank B through the user credit determination method provided in the embodiment of the present specification.
In this scenario example, the network payment platform a as an inquiring party wants to inquire whether the user X on the platform is located in the blacklist of the partner bank B (i.e. inquired party), so as to evaluate the credit status of the user X according to the inquiry result, determine the credit status of the user X, and further determine the consumption right that the user can enjoy according to the credit status of the user X.
Specifically, identity information indicating user X to be credited, and a credit determination request for the user may be sent to a first server in the data processing system of the network payment platform a responsible for user credit determination.
The identity information may be specifically understood as information data for indicating a user whose credit is to be determined. For example, the information data may be information data such as a telephone number, a provincial license number, and a registration mailbox used when the user registers, or information data such as a user name, a user code, and an identity number used by the user on the platform. The specific content and data form of the above-mentioned identity information are not limited in this specification. It is necessary to supplement that the identity information of the user is information data which is owned by the payment platform and relates to the privacy of the user. Therefore, the payment platform does not want the identity information of the user to be leaked or known by others.
After receiving the identity information of the user x and the credit determination request for the user, the first server may respond to the credit determination request for the user and initiate an operation request for the identity information of the user x in the user credit determination system.
In the system for determining the user credit, a second server arranged at one side of the bank B and used for inquiring whether the user is in a preset list can respond to the operation request after receiving the operation request and take a blacklist of the bank owned and kept by a data processing system of the bank B as input data; and the identity information of the user X owned and kept by the data processing system of the network payment platform A is taken as input data together with the first server, and the input data and the identity information participate in common encryption operation according to a preset rule to obtain a corresponding operation result.
The first server is used as an operation node arranged on one side of the network payment platform A and is coupled with an operation node arranged on one side of the bank B in a wired or wireless mode, interaction of intermediate data can be carried out according to preset rules, related operations can be participated in together, and user X identity information and blacklist data stored in the first server can be prevented from being directly leaked to the other side.
The preset rule may be understood as a rule that is predetermined by the first server and the second server and used for representing a specific data processing mode in the operation process. In a specific data operation, the first server and the second server may respectively use data owned by the first server and the second server as input data according to the data processing mode represented by the preset rule, perform corresponding operation processing, and participate in a common operation according to the processed data to obtain a final operation result.
Specifically, according to a preset rule, the first server may respond to the operation request and generate a first key for the identity information of the user X to be determined, a second key for the blacklist provided to the second server, and a third key for the operation result.
The first key, the second key, and the third key may be specifically understood as parameter data for data encryption, and the identity information of the corresponding user, the blacklist of the bank, and the operation result data may be converted from a plaintext to a ciphertext (i.e., encryption processing), or from the ciphertext to the plaintext (i.e., decryption processing) by using the first key, the second key, and the third key, respectively.
Specifically, for example, the first server may generate a first group of random numbers as a first key for the identity information of the user, generate a second group of random numbers as a second key for the blacklist, and generate a third group of random numbers as a third key for a subsequent operation result. Of course, it should be noted that the generation of the first group of random numbers, the second group of random numbers, and the third group of random numbers as the corresponding first key, the second key, and the third key is only an illustrative example. In specific implementation, other types of key data, such as a random character string, may be generated according to a specific application scenario and a preset rule as the key. The present specification is not limited to these.
In this scenario example, after the first server generates the plurality of keys, the first server may further generate an intermediary function according to a preset comparison function, the first key, the second key, and the third key.
The preset comparison function may be specifically understood as a function for comparing whether the identity information of the user whose credit is to be determined is the same as the identity information of the user included in the blacklist. For example, based on the function, if a difference value between the identity number of the user whose credit is to be determined and the identity number of at least one user in the identity numbers of the plurality of users included in the blacklist is less than or equal to a preset difference threshold value, a value of 1 is output to indicate that the user is in the blacklist; if the difference value between the identity number of the user whose credit is to be determined and the identity numbers of the plurality of users included in the blacklist is greater than the preset difference threshold value, a value 0 is output to indicate that the user is not in the blacklist.
The above-mentioned media function may be specifically understood as a processing function for performing similarity comparison between the encrypted identity information of the user whose credit is to be determined and the identity information of a plurality of encrypted users included in the encrypted blacklist. Based on the above medium function, the identity information of the user who acquires the credit to be determined that participates in the comparison and the identity information of the user included in the blacklist cannot be directly known, and only one final operation result can be obtained.
In specific implementation, the first server may convert the comparison function into a logic expression similar to circuit logic according to a preset rule; and generating the media function according to the first key, the second key, the third key and the logic expression obtained after conversion. It should be noted that the intermediate function is generated at least according to the first key and the second key, so that during the subsequent specific comparison, the intermediate function can be used to perform the operation to obtain the operation result without decrypting the identity information of the user encrypted based on the first key and on the premise of obtaining the blacklist encrypted based on the second key.
For example, suppose that the identity information X of the user X whose credit is to be determined is a relatively simple binary number containing only one bit, i.e. 0 or 1. The first server may generate two different random numbers for the identity information of the type of user, which are: k _0x (e.g., 1234) and k _1x (e.g., 3215) are used as the first key. The k _0x may be a key corresponding to a binary number 0, and the k _1x may be a key corresponding to a binary number 1. Similarly, two different random numbers may be generated for the identity information Y of the user included in the black list (for simplicity, the black list includes only one user Y), which are: k _0y and k _1y as the second key. Likewise, two different random numbers may also be generated for the operation result z, noted as: k _0z and k _1z as the third key. Of course, the above listed keys are only illustrative. This is not a limitation of the present specification.
Considering that in this example the identity information x of the user is relatively simple and comprises only a binary number of one digit, the corresponding function structure of the predetermined comparison function with respect to the identity information x of the user and the black list is relatively simple and involves only a comparison of one digit. The first server may convert the comparison function between the identity information x about the user and the blacklist into a corresponding logical expression according to a preset rule. In particular, see table 1, where z is the output, i.e. the operation result obtained by using different x and y combinations as inputs.
TABLE 1
x y z
0 0 1
0 1 0
1 0 0
1 1 1
And then, according to the first key, the second key and the third key, respectively expressing and performing multi-layer encryption processing on multiple comparison conditions contained in the logic expression to obtain the following four functional forms:
E_k_0x(E_k_0y(k_1z))
E_k_0x(E_k_1y(k_0z))
E_k_1x(E_k_0y(k_0z))
E_k_1x(E_k_1y(k_1z))
in the above equation, E (i.e., Enc) may be specifically characterized as encryption processing logic.
In order to further improve the security of the data, the sequence of the plurality of function forms may be randomly changed, for example, the following four randomly ordered function forms may be obtained as a medium function by changing:
E_k_0x(E_k_0y(k_1z))
E_k_1x(E_k_0y(k_0z))
E_k_1x(E_k_1y(k_1z))
E_k_0x(E_k_1y(k_0z))
thereby generating the above-mentioned medium function according to a preset rule. Of course, it should be noted that the above listed medium functions are only schematic illustrations. In particular, other types of media functions can be generated and used according to specific situations. The present specification is not limited to these.
Further, the first server may encrypt the identity information X of the user X whose credit is to be determined according to the first key. For example, if the binary value of the identity information x of the user is 1, the corresponding random number k _1x may be used to replace the identity information x of the user as the encrypted identity information x of the user whose credit is to be determined, that is, the encrypted identity information x. Of course, the above-listed encryption method is only an exemplary one. In specific implementation, according to a specific application scenario and a security requirement, other encryption manners may also be used to encrypt the identity information of the user whose credit is to be determined by using the first key, so as to obtain the encrypted corresponding identity information of the user whose credit is to be determined. The present specification is not limited to these.
And the first server may send the encrypted user identity information x, the second key, and the media function to the second server according to a preset rule.
Although the second server receives the encrypted user identity information X, the second server does not have the first key for decrypting the encrypted user identity information X, so that the second server cannot decrypt to obtain the real numerical value in the user identity information X, that is, cannot know the specific information of the user X for obtaining the credit determined by the network payment platform a, thereby avoiding the leakage of personal related data of the user of the network payment platform a to the bank B, and protecting the privacy of the user data on the payment platform.
After receiving the second key, the second server may encrypt the identity information x of the user included in the blacklist by using the second key, in a manner similar to the manner in which the first server encrypts the identity information x of the user, to obtain an encrypted blacklist. Therefore, the data used for participating in the common operation by the second server is actually the encrypted blacklist, the data safety degree is relatively high, and specific information in the blacklist is not worried about being leaked in the subsequent processing process.
Specifically, for example, the black list y includes only the identity information y1 of one user, and the identity information y1 of the user is also a relatively simple binary number including only one bit. Therefore, the second server may choose to replace the user's identity information y1 with a random number (e.g., k _0y) corresponding to the binary number of bits to obtain encrypted data, i.e., k _0 y.
Furthermore, the second server may perform analysis operation on four function forms included in the intermediate function respectively according to the encrypted data (i.e., k _0y) in the blacklist and the encrypted user identity information x (i.e., k _1x) as two keys for the intermediate function. Only one of the four functional forms can be analyzed by the second server by using the k _0y and the k _1x, and then an operation result can be generated according to the analyzed functional form. Since the intermediate function is obtained by processing with the third key for encrypting the operation result, the operation result obtained by the second server after analysis is actually the encrypted operation result. At this time, if the second server does not possess the corresponding third key, the second server cannot determine the specific numerical value represented by the encrypted operation result.
The second server performs the operation solving on the media function according to the encrypted identity information and the encrypted preset list data to obtain the encrypted operation result, and then feeds the encrypted operation result back to the first server according to a preset rule.
The first server may decrypt the encrypted operation result by using a third key (e.g., k _0z or k _1z) to obtain a decrypted operation result (e.g., a numerical result z corresponding to a specific numerical value); and detecting whether the operation result z is equal to a preset value or not according to a logic expression of a preset comparison function. For example, it is detected whether the operation result is equal to 1. If the result of the operation z is equal to 1, it can be determined that the identity information X of the user X who is credited is in the blacklist of the bank B. If the result z is not equal to 1, for example, equal to 0 or other value other than 1, it may be determined that the identity information X of the user X whose credit is to be determined is not in the blacklist of the bank B. Therefore, under the condition that a third party is not introduced, on the premise that data owned by the two parties are not known by the other party and the privacy and safety of the respective data are ensured (namely the network payment platform A does not leak specific information data of the user on the platform to the bank B, and the bank B does not leak information data of other users contained in the blacklist to the network payment platform), the inquiry and the determination of whether the user X is located in the blacklist of the bank B can be efficiently and accurately finished.
Further, the first server may evaluate the credit condition of the user according to whether the identity information X of the user X is located in the blacklist determined in the above manner. For example, if it is determined that the identity information X of the user X is not located in the blacklist, it may be determined that the credit of the user is better, there is a lower risk of default, and the user may be given more consumption rights. If the identity information X of the X is determined to be in the blacklist, the credit of the user is judged to be poor, a high default risk exists, the consumption right provided for the user can be controlled, risk marking is carried out on the user, the default record of the user is monitored in time, and corresponding reminding is carried out on the user.
It should be noted that the above listed identity information of the user to be determined, the preset comparison function, and the black list are only for better illustrating the simplified examples adopted in the embodiments of the present specification. In particular, the identity information of the user whose credit is to be determined may not simply include a binary number of one bit, and similarly, the blacklist may also include a plurality of more complex identity information of the user, and accordingly, the comparison function between the identity information of the user whose credit is to be determined and the blacklist may also be more complex. Therefore, in specific implementation, according to specific content forms of the identity information of the user to be credited, the blacklist, the preset comparison function and the like involved in a specific scene, the corresponding identity information of the user to be credited, the preset comparison function and the blacklist can be respectively and correspondingly processed by referring to the above manner. The present specification is not limited to these.
For example, in specific implementation, according to specific conditions, the first server may convert, according to a preset rule, the identity information of a user with a more complex credit to be determined (for example, a character string representing a user account number "01131") into a binary number group including a multi-bit binary number; and selecting corresponding first keys according to the binary numbers on all digits in the binary number group to perform encryption processing respectively to obtain the encrypted identity information of the user with the credit to be determined. Because the binary number group corresponding to the identity information of the user whose credit is to be determined includes a plurality of digits, correspondingly, the first server may select a comparison function including a comparison of the plurality of digits as a preset comparison function, and then, according to a preset rule (for example, a rule based on a garbled circuit protocol), use the first key, the second key, and the third key to express and encrypt a more complex comparison condition included in the preset comparison function, so as to obtain a corresponding media function.
Similarly, the second server may split the identity information of the plurality of users from the blacklist, and then encrypt the identity information of each user in the blacklist by using the second key with reference to the manner that the first server encrypts the identity information of the user whose credit is to be determined by using the first key, so as to obtain the encrypted blacklist. And then, the encrypted identity information of each user in the encrypted blacklist and the encrypted identity information of the user to be credited are used as keys to perform analysis operation on the media function to obtain an encrypted operation result, and whether the identity information of the user to be credited is located in the blacklist can be determined according to the operation result. Of course, it should be noted that, the above listed various ways of obtaining the operation result by using the first server and the blacklist as input data and using the identity information of the user whose credit is to be determined as input data and the second server and performing analysis operation on the media function according to the preset rule are only schematic illustrations. In specific implementation, the above manner may be appropriately adjusted and modified according to specific application scenarios and processing requirements. For example, according to a preset rule, the first server may also send a third key for the operation result to the second server, allowing the second server to determine a specific numerical value corresponding to the specific operation result according to the third key, and so on. The present specification is not limited to these.
As can be seen from the above scenario example, in the method for determining a user credit provided in this specification, since the first key, the second key, and the mediation function are generated first, the first key is used to encrypt the identity information of the user whose credit is to be determined, and then the encrypted identity information, the second key, and the mediation function are sent to the second server, it is avoided that the information data owned by the first server, such as the identity information of the user, is known by the second server; the second server encrypts the stored preset list data by using a second secret key, and solves a corresponding media function by using the encrypted identity information and the encrypted preset list data to obtain result data which are fed back to the first server, so that the stored preset list data are prevented from being leaked in the operation processing process; the first server can determine whether the user indicated by the identity information is in the preset list data according to the result data under the condition that the preset list data is not known, and then determines the credit condition of the user. The technical problems that information data owned by the own party is easy to leak and potential safety hazards such as data leakage exist in the data processing process of determining the credit of the user in the existing method are solved, whether the user is in the preset list data or not can be accurately and efficiently determined under the condition that the information data owned by the own party is not leaked to the opposite party or a third party, the credit condition of the user is further determined, the safety degree of the data in the data processing process is improved, and the data privacy of the user is protected.
In another scenario example, the network payment platform a has a cooperative relationship with both bank B and bank C. The bank B and the bank C respectively have a blacklist C and a blacklist B which are obtained based on own data sources. At this time, the network payment platform a wants to simultaneously query whether the identity information X of the user X whose credit is to be determined is located in the blacklist c or the blacklist b.
In a specific implementation, the first server located on the network payment platform a side may obtain the identity information X of the user X whose credit is to be determined, and initiate an operation request for the identity information of the user in a system for determining the user credit including the first server, the second server (located on the bank B side), and the third server (located on the bank C side). In response to the operation request, the first server may use the identity information X of the user X whose credit is to be determined as input data, the second server may use the owned blacklist b as input data, and the third server may use the owned blacklist c as input data to participate in a common operation according to the corresponding preset rule in the manner described above, so as to obtain an operation result and feed the operation result back to the first server. And the first server may determine, according to the operation result, whether the identity information X of the user X whose credit is to be determined is located in the blacklist b or the blacklist c, to determine the credit condition of the user.
As can be seen from the above scenario example, the method for determining user credit provided in this specification may be further extended to be applied to an application scenario including 3, 4, or even more queried parties, so that data owned by other parties cannot be acquired and known between a querying party and multiple querying parties, and on the premise of protecting privacy and security of data of each party, the query of the identity information X of the user X to be determined credit is efficiently completed, thereby determining the specific condition of the user credit.
Referring to fig. 4, an embodiment of the present disclosure provides a method for determining user credit, where the method determines the user credit by querying whether identity information to be determined for the user is located in preset list data owned by a queried party. In particular, the method may be applied to the first server side of the querying party. In specific implementation, the method may include the following:
s41: identity information is obtained, wherein the identity information is used for indicating a user.
In this embodiment, the identity information may be specifically understood as information data for indicating a user whose credit is to be determined. For example, the information data may be information data such as a telephone number, a provincial license number, and a registration mailbox used when the user registers, or information data such as a user name, a user code, and an identity number used by the user on the platform. The specific content and data form of the above-mentioned identity information are not limited in this specification. It is necessary to supplement that the identity information of the user is information data which is owned by the payment platform and relates to the privacy of the user. Therefore, the payment platform does not want the identity information of the user to be leaked or known by others.
In this embodiment, at the same time of acquiring the identity information, a credit inquiry request for the user indicated by the identity information may also be acquired. The credit inquiry request for the user with the credit to be determined may be specifically understood as request data for indicating whether the identity information of the user inquiring the credit to be determined is located in preset list data. The preset list data is stored and managed by the inquired party. Due to the consideration of data privacy and safety, the inquired party is not willing to disclose the specific information contained in the preset list data to the inquiring party or other third parties.
In this embodiment, the preset list data may be specifically understood as a data list that is obtained by the inquired party based on its own data source and contains the identity information of users with a certain common characteristic attribute (e.g. low credit or high credit). The preset list data may specifically include identity information of one or more users having the characteristic attribute. Specifically, the preset list data may be a black list, a white list, or a member list, such as a VIP list. The specific content of the preset list data is not limited in the present specification.
In this embodiment, in a specific implementation, when an inquiring party wants to determine a credit condition of a certain user, the specific credit of the user may be determined by inquiring whether identity information of the user whose credit is to be determined is located in preset list data stored by the inquired party. In the inquiry, the identity information of the user whose credit is to be determined and a credit inquiry request aiming at the user whose credit is to be determined can be sent to a first server arranged on the side of the inquirer.
In this embodiment, the first server is a server deployed on the inquiring party side, and is also a server in the system for determining the user credit. The system for determining the user credit further comprises a second server. The second server is a server deployed at one side of the inquired party, and the second server can be used for acquiring, or storing and managing preset list data owned by the inquired party. The first server and the second server may be coupled in a wired or wireless manner to perform specific data interaction.
S43: and initiating an operation request to a second server, wherein the second server stores preset list data.
In this embodiment, in a specific implementation, the first server may initiate, in response to the query request, an operation request in the system for determining user credit including the first server and the second server according to the identity information of the user whose credit is to be determined.
In this embodiment, the operation request may be specifically understood as an operation invitation for requesting the first server and the second server in the system to participate in a common operation of determining whether the user identity information to be determined is located in the preset list data based on the preset rule, so as to determine the specific credit condition of the user.
In this embodiment, the first server and the second server may perform interaction of intermediate data according to a preset rule, and may not directly transmit the identity information of the user whose credit is to be determined or preset list data. Therefore, the security risk that the data is leaked or stolen due to the fact that the identity information of the user to be determined or the preset list data is directly transmitted in the existing method can be effectively avoided.
In this embodiment, the preset rule may be specifically understood as a rule that is predetermined by the first server and the second server and used for characterizing a specific data processing manner in the operation process. In a specific data operation, the first server and the second server may respectively use data owned by the first server and the second server as input data according to the data processing mode represented by the preset rule, perform corresponding operation processing, and participate in a common operation according to the processed data to obtain a final operation result.
S45: and generating a first key, a second key and a media function in response to the operation request.
S47: encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server; and the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and determines an operation result according to the encrypted identity information, the encrypted preset list data and the media function.
In this embodiment, in specific implementation, the first server in the system may use, according to the operation request, the user identity information of the credit to be determined as input data; the data are taken as input data together with a second server in the system by using preset list data; and participating in common operation according to a preset rule to obtain an operation result. Therefore, the first server and the second server cannot directly leak the information data owned by the own party to the server of the opposite party in the operation process, the operation result to be obtained can be obtained, the problem that the data of the own party is known and obtained by the opposite party under the condition of not allowing in the operation process is avoided, and the data privacy of the both parties is protected.
In this embodiment, the above-mentioned obtaining an operation result by using the first server and the second server as input data and using the preset list data as input data and performing an operation according to a preset rule by using the identity information of the user whose credit is to be determined as described above may include the following contents in specific implementation: the first server responds to the operation request and respectively generates a first secret key aiming at the identity information of the user with the credit to be determined, a second secret key aiming at the preset list data and a third secret key aiming at the operation result; generating a medium function according to a preset comparison function, the first key, the second key and the third key; encrypting the identity information of the user with the credit to be determined by using the first key to obtain the encrypted identity information of the user with the credit to be determined; sending the media function, the encrypted identity information of the user with the credit to be determined and the second secret key to a second server; receiving an encrypted operation result, wherein the encrypted operation result is generated by the second server according to the media function, the encrypted identity information of the user whose credit is to be determined, the second key, and the preset list data (that is, the preset list data is encrypted by using the second key to obtain the encrypted preset list data, and then the encrypted operation result is determined according to the encrypted identity information, the encrypted preset list data, and the media function); and decrypting the encrypted operation result by using the third key to obtain the operation result.
In this embodiment, the first key, the second key, and the third key may be specifically understood as parameter data used for data encryption, and the identity information of the user whose credit is to be determined, the preset list data, and the operation result data may be respectively converted from a plaintext to a ciphertext (i.e., encryption processing) or from the ciphertext to the plaintext (i.e., decryption processing) by using the first key, the second key, and the third key.
In this embodiment, the preset comparison function may be specifically understood as a function for comparing whether the identity information of the user whose credit is to be determined is the same as the identity information of the user included in the blacklist. For example, based on the function, if a difference value between the identity number of the user whose credit is to be determined and the identity number of at least one user in the identity numbers of the plurality of users included in the blacklist is less than or equal to a preset difference threshold value, a value of 1 is output to indicate that the user is in the blacklist; if the difference value between the identity number of the user whose credit is to be determined and the identity numbers of the plurality of users included in the blacklist is greater than the preset difference threshold value, a value 0 is output to indicate that the user is not in the blacklist.
In this embodiment, the media function may be specifically understood as a processing function for performing similarity comparison between the encrypted identity information of the user whose credit is to be determined and the encrypted identity information of the plurality of encrypted users included in the encrypted blacklist. Based on the above medium function, the identity information of the user who acquires the credit to be determined that participates in the comparison and the identity information of the user included in the blacklist cannot be directly known, and only one final operation result can be obtained.
In this embodiment, the first server sends the encrypted identification information of the user whose credit is to be determined to the second server. The second server cannot decrypt the specific content contained in the encrypted identity information because the second server does not have the first key, so that the first server can effectively avoid the leakage of owned user data to the inquired party in the operation processing process, and the data privacy safety of the inquired party is protected.
In this embodiment, when the inquiring party allows, the first server may also send the encrypted identity information of the user with the credit to be determined, the mediation function, and the second key to the second server, and at the same time, send the first key or the unencrypted identity information of the user with the credit to be determined, so as to allow the inquired party to obtain the identity information of the user with the credit to be determined.
In this embodiment, after receiving the media function, the encrypted identity information of the user whose credit is to be determined, and the second key, and when implementing the method specifically, the second server may encrypt the owned preset list data by using the second key to obtain the encrypted preset list data; and performing solution operation on the media function according to the encrypted preset list data and the encrypted identity information of the user with the credit to be determined to obtain an encrypted operation result. Therefore, the second server does not leak the preset list data owned by the inquired party in the process of solving the media function, and the data privacy safety of the inquired party is protected.
S49: and receiving the operation result, and determining the user credit according to the operation result.
In this embodiment, the first server may receive, in a wired or wireless manner, an operation result fed back by the second server, determine whether the identity information of the user whose credit is to be determined is located in the preset list data according to the operation result, and determine the credit condition of the user according to whether the identity information of the user whose credit is to be determined is located in the preset list data.
In this embodiment, when the preset list data includes blacklist data (for example, a blacklist or a wind-controlled list, etc.), correspondingly, when it is determined that the identity information of the user whose credit is to be determined is located in the blacklist, it is determined that the credit of the user whose credit is to be determined is low, and there is a credit risk. And under the condition that the identity information of the user with the credit to be determined is not located in the blacklist, determining that the credit of the user with the credit to be determined is higher and the risk is lower.
In specific implementation, the determining whether the identity information of the user whose credit is to be determined is located in the preset list data may include the following: the first server detects whether the operation result is equal to a preset value or not; and under the condition that the operation result is determined to be equal to the preset numerical value, determining that the user data to be inquired is located in the preset list data.
In this embodiment, the preset value may be a data value obtained based on a preset comparison function, and may indicate that the identity information of the user whose credit is to be determined is the same as the identity information of at least one user of the identity information of the plurality of users included in the preset list data.
For example, the preset value may be 1. The first server may determine that the identity information of the user whose credit is to be determined is the same as the identity information of the at least one user included in the preset list data when the data value of the detection operation result is equal to 1, and then determine that the identity information of the user whose credit is to be determined is located in the preset list data. On the contrary, when the data value of the detection operation result is not equal to 1, for example, 0, the first server may determine that the identity information of the user whose credit is to be determined is different from the identity information of the user included in the preset list data, and may further determine that the identity information of the user whose credit is to be determined is not included in the preset list data. Of course, it should be noted that the preset values listed above are only an illustrative example. In specific implementation, the data value of the preset numerical value can be flexibly set according to specific conditions and the used preset comparison function. The present specification is not limited to these.
In this embodiment, the first server and the second server, which are respectively deployed on the two sides of the inquiring party and the inquired party in advance, jointly respond to the operation request, and respectively take own data as input to participate in the joint operation according to a preset rule to obtain an operation result, so as to determine whether the identity information of the user to be credited is located in the preset list data, and further determine the credit of the user. Specifically, a first key, a second key and a media function are generated, the first key is used for encrypting the identity information of a user to be determined with credit, and then the encrypted identity information, the second key and the media function are sent to a second server, so that the information data owned by the first server, such as the identity information of the user, is prevented from being known by the second server; the second server encrypts the stored preset list data by using a second secret key, and solves a corresponding media function by using the encrypted identity information and the encrypted preset list data to obtain result data which are fed back to the first server, so that the stored preset list data are prevented from being leaked in the operation processing process; the first server can determine whether the user indicated by the identity information is in the preset list data according to the result data under the condition that the preset list data is not known, and then determines the credit condition of the user. The technical problems that information data owned by the own party is easy to leak and potential safety hazards such as data leakage exist in the data processing process of determining the credit of the user in the existing method are solved, whether the user is in the preset list data or not can be accurately and efficiently determined under the condition that the information data owned by the own party is not leaked to the opposite party or a third party, the credit condition of the user is further determined, the safety degree of the data in the data processing process is improved, and the data privacy of the user is protected.
In an embodiment, the above-mentioned performing, by using the first server and the second server, the operation according to a preset rule by using the identity information of the user whose credit is to be determined as input data and using the preset list data as input data to obtain an operation result may include the following steps: the first server generates a first secret key aiming at the identity information of a user with credit to be determined, a second secret key aiming at preset list data and a third secret key aiming at an operation result; simultaneously acquiring and generating a corresponding intermediate function according to a preset comparison function, the first key, the second key and the third key; encrypting the identity information of the user with the credit to be determined by using the first key to obtain encrypted identity information (namely the encrypted identity information of the user with the credit to be determined); sending the media function, the encrypted identity information and the second secret key to a second server; receiving an encrypted operation result, wherein the encrypted operation result is generated by the second server according to the media function, the encrypted identity information of the user with the credit to be determined, the second key and the preset list data; and decrypting the encrypted operation result by using the third key to obtain the operation result.
In this embodiment, the first server generates a first key for the identity information of the user whose credit is to be determined, a second key for the preset list data, and a third key for the operation result, and the specific implementation may include the following contents: the first server may generate a first set of random numbers as a first key for identity information of a user for whom credit is to be determined, a second set of random numbers as a second key for the blacklist, and a third set of random numbers as a third key for a subsequently obtained operation result. The first, second and third groups of random numbers may respectively include one or more different random numbers. Of course, it should be noted that the generation of the first group of random numbers, the second group of random numbers, and the third group of random numbers as the corresponding first key, the second key, and the third key is only an illustrative example. In specific implementation, other types of data, such as a random character string, may also be generated as the key according to a specific application scenario and a preset rule. The present specification is not limited to these.
In this embodiment, the encrypting the identity information by using the first key to obtain the encrypted identity information may include the following contents in specific implementation: converting the identity information into a binary number group, wherein the binary number group comprises a plurality of binary numbers; and respectively encrypting a plurality of binary numbers in the binary number array by using the first key to obtain an encrypted binary number array which is used as the encrypted identity information of the user to be determined with credit.
In this embodiment, the encrypting the multiple binary numbers in the binary number group by using the first key respectively to obtain the encrypted binary number group may include the following contents in specific implementation: and the first server selects and uses the corresponding random number in the first key to replace according to the binary number on each digit in the binary number group. For example, for a binary number 0 on a digit in the binary number group, a random number k _0x corresponding to 0 in the first key is used for replacement; for a binary number with a digit 1 in the binary number group, a random number k _1x corresponding to 1 in the first key is used for replacement. And replacing the binary number on each digit in the binary number array according to the mode to obtain a replaced array as the encrypted binary number array, namely the encrypted identity information of the user to be credited. It should be noted that the above listed method for encrypting the identity information of the user whose credit is to be determined is only an exemplary one. In specific implementation, other suitable manners may be adopted for encryption processing according to specific situations and processing requirements. The present specification is not limited to these.
In this embodiment, the generating the intermediate function according to the preset comparison function, the first key, the second key, and the third key may include the following steps: the first server may convert the preset comparison function with circuit logic (e.g., an and gate, a not gate, or a gate, etc.) according to a preset rule, based on a preset rule, for example, based on a rule such as a GC protocol, etc., to obtain a corresponding logic expression; and obtaining a corresponding media function according to the first key, the second key, the third key and the logic expression.
In this embodiment, in a specific implementation, the first key, the second key, and the third key may be used to respectively express and encrypt a plurality of comparison conditions included in the logic expression, so as to obtain a plurality of encrypted function forms as the intermediate function.
In this embodiment, the first server may perform decryption processing on the encrypted operation result by using the third key in the encrypted operation result fed back by the second server, so as to obtain the operation result, for example, a data value corresponding to the encrypted operation result.
In an embodiment, when the inquiring party allows the inquired party to know the operation result, the first server uses the identity information of the user whose credit is to be determined as input data, and the second server uses the preset list data as input data, and performs the operation according to a preset rule to obtain the operation result, in a specific implementation, the following contents may be further included: the first server generates a first key aiming at user data to be inquired and a second key aiming at preset list data, namely a third key is not generated; generating a medium function according to a preset comparison function, the first secret key and the second secret key; encrypting the identity information of the user with the credit to be determined by using the first key to obtain encrypted identity information; sending the media function, the encrypted identity information and the second secret key to a second server; and receiving an operation result, wherein the operation result is generated by the second server according to the media function, the encrypted identity information, the second key and the preset list data.
In this embodiment, the operation result obtained based on the above-mentioned manner is not encrypted by the intermediary function, so that the operation result obtained by the second server solving the intermediary function is also an unencrypted operation result, and the inquirer can interpret and know the specific value corresponding to the operation result. Therefore, the application scene that the inquirer allows the inquired party to know the operation result can be met. Of course, the above method may be referred to, and the corresponding third key for the calculation result may be transmitted to the second server. The present specification is not limited to these.
In an embodiment, in a case that the preset list data includes the blacklist data, the determining the user credit according to the operation result may include the following steps: detecting whether the operation result is equal to a preset value or not; determining that the user is located in blacklist data under the condition that the operation result is equal to the preset numerical value, and further determining that the user credit is low and a high risk exists; and under the condition that the operation result is not equal to the preset numerical value, determining that the user is not located in blacklist data, and further determining that the user credit is higher and the risk is lower.
In an embodiment, the preset list data may specifically include at least one of the following: blacklist data (e.g., a list including users with poor credit), whitelist data (e.g., a list including users with good credit), membership list data (e.g., a list including users who enjoy membership in the VIP), and so on. Of course, it should be noted that the preset list data listed above is only an exemplary illustration. In specific implementation, other types of list data may be included according to specific application scenarios and processing requirements. The present specification is not limited to these.
In an embodiment, the encrypting the identity information by using the first key to obtain the encrypted identity information may include the following steps: converting the identity information into a binary number group, wherein the binary number group comprises a plurality of binary numbers; and respectively encrypting a plurality of binary numbers in the binary number group by using the first key to obtain an encrypted binary number group as the encrypted identity information (namely the encrypted identity information of the user to be credited).
In this embodiment, it should be noted that the above listed method for encrypting the identity information is only an exemplary illustration. In specific implementation, according to specific situations, the identification information of the user whose credit is to be determined may be directly encrypted without being converted. Of course, the identity of the user whose credit is to be determined may also be converted into other types of character group data besides the binary group, and then the corresponding encryption processing is performed on the character group data. The present specification is not limited to these.
In an embodiment, in a specific implementation, the corresponding preset rule may be generated according to a GC (Garbled Circuit) protocol, in combination with an OT (Oblivious Transfer) protocol and other related protocols. Of course, it should be noted that the above listed protocols for generating the preset rules are only for better illustration of the embodiments of the present disclosure. In specific implementation, according to specific situations, other types of protocols can be introduced to generate the preset rule. The present specification is not limited to these.
In this embodiment, the preset rule may specifically be a rule generated in advance according to a garbled circuit protocol. The Garbled Circuit (GC) protocol may be specifically understood as a secure computing protocol designed for two-party common operation rather than one-party operation. Based on the protocol, the operation can be protected by random encryption, circuit logic and the like, so that the two parties participating in the operation complete the operation on the premise of not knowing the input data of the other party to obtain an operation result. It should be noted that the above listed garbled circuit protocol is only an exemplary illustration. In particular, other types of suitable secure computing protocols may be used depending on the particular application scenario and processing requirements. Such as a multi-party secure computing protocol (MPC), etc. The present specification is not limited to these.
In this embodiment, in specific implementation, the first server may use the identity information of the user whose credit is to be determined as input data, and the second server may use the preset list data as input data, and perform an operation according to the preset rule based on the garbled circuit protocol determined in the above manner, so as to obtain an operation result.
As can be seen from the above, in the method for determining a user credit provided in the embodiment of the present specification, since the first key, the second key, and the mediation function are generated first, the first key is used to encrypt the identity information of the user whose credit is to be determined, and then the encrypted identity information, the second key, and the mediation function are sent to the second server, the information data owned by the first server, such as the identity information of the user, is prevented from being known by the second server; the second server encrypts the stored preset list data by using a second secret key, and solves a corresponding media function by using the encrypted identity information and the encrypted preset list data to obtain result data which are fed back to the first server, so that the stored preset list data are prevented from being leaked in the operation processing process; the first server can determine whether the user indicated by the identity information is in the preset list data according to the result data under the condition that the preset list data is not known, and then determines the credit condition of the user. The technical problems that information data owned by the own party is easy to leak, potential safety hazards such as data leakage exist and the like in the data processing process of determining the credit of the user in the existing method are solved, whether the user is in the preset list data or not can be accurately and efficiently determined under the condition that the information data owned by the own party is not leaked to the opposite party or a third party, the credit condition of the user is further determined, the safety degree of the data in the data processing process is improved, and the data privacy of the user is protected; and a first key, a second key and a third key which respectively aim at the identity information, the preset list data and the operation result are generated by the first server, and then the mutual operation processing between the first server and the second server is encrypted and protected based on the key data, so that the safety degree of data in the data processing process is further improved, and the data privacy of the user is further protected.
Referring to fig. 5, the present specification further provides a method for determining user credit, where the method is specifically applied to the second server side of the inquired party. In specific implementation, the method may include the following:
s51: receiving an operation request, encrypted identity information, a second secret key and a media function;
s53: responding to the operation request, and encrypting preset list data by using the second secret key to obtain the encrypted preset list data;
s55: solving the media function according to the encrypted identity information and the encrypted preset list data to obtain an operation result;
s57: and sending the operation result to the first server.
In this embodiment, the second server may be specifically understood as a server that is pre-deployed on the queried party side, and that can be acquired by a user, or store and manage preset list data owned by the queried party.
In this embodiment, after receiving the operation request, the second key, the encrypted identity information, and the media function generated by the first server, the second server may respond to and use the stored preset list data as input data according to the operation request; together with a first server in the system, using the identity information of the user whose credit is to be determined as input data; performing common operation according to a preset rule; and obtaining an operation result; and then the operation result is sent to the first server, so that the first server can determine whether the identity information of the user to be determined with credit is located in the preset list data according to the operation result, and further determine the credit condition of the user according to the identity information.
In an embodiment, the second server uses the preset list data as input data, and the first server uses the identity information of the user whose credit is to be determined as input data, and performs an operation according to a preset rule to obtain an operation result, which may include the following contents in specific implementation: receiving the media function, the encrypted identity information of the user to be credited and the second secret key; encrypting the preset list data by using the second key to obtain the encrypted preset list data; and solving the media function according to the encrypted preset list data and the encrypted identity information of the user with the credit to be determined to obtain an operation result.
In this embodiment, in specific implementation, the second server may perform analysis operation processing on a plurality of function forms included in the media function by using the obtained encrypted identity information of the user whose credit is to be determined and the encrypted preset list data as a key. Wherein, the media function comprises a plurality of function forms corresponding to a comparison condition. According to a preset rule, at least one function form in the plurality of function forms can be unlocked through the encrypted identity information of the user with the credit to be determined and the encrypted preset list data; and determining an encrypted operation result according to the solved function form.
It should be noted that, since the intermediate function is obtained by the first server according to the first key, the second key, the third key, and the preset comparison function, the operation result obtained by solving based on the intermediate function may be encrypted result data, that is, an encrypted operation result. For the encrypted operation result, if the second server does not have the third key for the operation result, the specific numerical value included in the encrypted operation result cannot be directly read. Therefore, specific numerical values contained in the operation result can be prevented from being leaked, and the data safety of the operation result is protected.
Of course, according to a specific application scenario and a processing requirement, in a case that the inquirer allows the inquired party to know a specific value of the inquiry result, the first server may also generate the corresponding media function according to the first key, the second key and the preset comparison function. In this case, the operation result obtained by the second server solving the media function obtained in the above manner may be an operation result which is not encrypted and from which the second operation node can directly read the value. Of course, the first server may also generate the corresponding intermediate function according to the first key, the second key, the third key, and the preset comparison function, and then send the intermediate function, the encrypted identity information, and the second key to the second operation node, while sending the third key to the second server. Therefore, after the second server solves the media function to obtain the encrypted operation result, the encrypted operation result can be decrypted by using the third key, and further the specific value contained in the obtained operation result can be read. The present specification is not limited to these.
In an embodiment, the encrypting the preset list data by using the second key to obtain the encrypted preset list data may include the following contents in specific implementation: and respectively encrypting a plurality of identity information contained in the preset list data by using the second key to obtain a plurality of encrypted identity information which is used as the encrypted preset list data.
In this embodiment, when encrypting each user data (for example, the identity information of the user in the list data) included in the preset list data, the second server may specifically convert the identity information of the user into a binary number group, where the binary number group includes a plurality of binary numbers; and then, the second secret key is utilized to respectively encrypt a plurality of binary numbers in the binary number array to obtain an encrypted binary number array which is used as encrypted user identity information corresponding to the identity information of the user. According to the above manner, the identity information of each user included in the preset list data can be encrypted respectively, so as to obtain the encrypted preset list data. It should be noted that the above listed manner of encrypting the preset list data is only an exemplary illustration. In specific implementation, according to specific situations, other suitable encryption manners may also be adopted to encrypt the preset list data. The present specification is not limited to these.
In an embodiment, in specific implementation, the second server may further use preset list data as input data, and the first server uses the identity information of the user whose credit is to be determined as input data, and performs an operation according to a preset rule determined based on a garbled circuit protocol, so as to obtain an operation result.
As can be seen from the above, in the method for determining a user credit provided in the embodiment of the present specification, a first key, a second key, and an intermediary function are generated by a first server, identity information of a user whose credit is to be determined is encrypted by using the first key, and then the encrypted identity information, the second key, and the intermediary function are sent to a second server, so that information data owned by the first server, such as the identity information of the user, is prevented from being known by the second server; the second server encrypts the stored preset list data by using a second secret key, and solves a corresponding media function by using the encrypted identity information and the encrypted preset list data to obtain result data which are fed back to the first server, so that the stored preset list data are prevented from being leaked in the operation processing process; the first server can determine whether the user indicated by the identity information is in the preset list data according to the result data under the condition that the preset list data is not known, and then determines the credit condition of the user. The technical problems that information data owned by the own party is easy to leak and potential safety hazards such as data leakage exist in the data processing process of determining the credit of the user in the existing method are solved, whether the user is in the preset list data or not can be accurately and efficiently determined under the condition that the information data owned by the own party is not leaked to the opposite party or a third party, the credit condition of the user is further determined, the safety degree of the data in the data processing process is improved, and the data privacy of the user is protected.
Referring to fig. 6, the present specification further provides a method for determining user credit, where the method is specifically applied to a system for determining user credit including a first server and a second server. When the method is implemented, the following contents can be included:
s61: the method comprises the steps that a first server obtains identity information and initiates a calculation request, wherein the identity information is used for indicating a user;
s63: the first server responds to the operation request and generates a first key, a second key and a media function; encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server;
s65: the second server receives and responds to the operation request, and encrypts preset list data by using the second secret key to obtain the encrypted preset list data; solving the media function according to the encrypted identity information and the encrypted preset list data to obtain an operation result, and sending the operation result to a first server;
s67: and the first server receives and determines the user credit according to the operation result.
In this embodiment, the first server is a server pre-deployed on the inquiring party side, and is capable of acquiring, or saving, and managing identity information of a user with a credit to be determined, owned by the inquiring party. The second server is a server which is deployed on one side of the inquired party in advance and can acquire or store and manage preset list data owned by the inquired party.
As can be seen from the above, in the method for determining a user credit provided in the embodiment of the present specification, since the first server generates the first key, the second key, and the mediation function, and encrypts the identity information of the user whose credit is to be determined by using the first key, and then sends the encrypted identity information, the second key, and the mediation function to the second server, the information data owned by the first server, such as the identity information of the user, is prevented from being known by the second server; the second server encrypts the stored preset list data by using a second secret key, and solves a corresponding media function by using the encrypted identity information and the encrypted preset list data to obtain result data which are fed back to the first server, so that the stored preset list data are prevented from being leaked in the operation processing process; the first server can determine whether the user indicated by the identity information is in the preset list data according to the result data under the condition that the preset list data is not known, and then determines the credit condition of the user. The technical problems that information data owned by the own party is easy to leak and potential safety hazards such as data leakage exist in the data processing process of determining the credit of the user in the existing method are solved, whether the user is in the preset list data or not can be accurately and efficiently determined under the condition that the information data owned by the own party is not leaked to the opposite party or a third party, the credit condition of the user is further determined, the safety degree of the data in the data processing process is improved, and the data privacy of the user is protected.
The embodiment of the specification further provides a method for determining user credit, which is particularly applied to a first server in a system for determining user credit comprising the first server, a second server and a third server. The first server is a server on the side of the inquiring party, and the method can include the following contents when being implemented:
s1: acquiring identity information of a user with a credit to be determined, wherein the identity information is used for indicating the user;
s3: initiating an operation request in the system for determining the user credit;
s5: according to the operation request, the identity information of the user with the credit to be determined is used as input data, the second server uses first preset list data as the input data, and the third server uses second preset list data as the input data, and operation is carried out according to preset rules to obtain an operation result;
s7: and determining whether the user with the credit to be determined is located in the first preset list data and/or the second preset list data according to the operation result, so as to determine the credit condition of the user.
In this embodiment, the first server is a server pre-deployed on the inquiring party side, and is capable of acquiring, or saving, and managing identity information of a user with a credit to be determined, owned by the inquiring party. The second server is a server which is deployed on one side of the first inquired party in advance and can acquire or store and manage first preset list data owned by the first inquired party. The third server is a server which is deployed on the second inquired party side in advance, and can acquire or store and manage second preset list data owned by the second inquired party. Thus, by the method, the inquiring party can inquire whether the identity information of the owned user to be determined with credit is located in the first preset list data owned by the first inquired party and whether the identity information of the owned user to be determined with credit is located in the second preset list data owned by the second inquired party; and then the specific credit condition of the user is judged according to the query result.
It should be noted that the above listed second server deployed on the first inquired party and the third server deployed on the second inquired party are only an illustrative illustration. In specific implementation, the method for determining the user credit can be popularized and applied to the determination of the user credit containing a larger number of inquired party servers according to specific situations. The present specification is not limited to these.
An embodiment of the present specification further provides a data processing method, and when the method is implemented specifically, the method may include the following steps:
s1: acquiring first data;
s2: initiating an operation request to a second server, wherein the second server stores second data;
s3: responding to the operation request, generating a first key, a second key and a media function;
s4: encrypting the first data by using a first key to obtain encrypted first data, and sending the encrypted first data, the second key and the media function to a second server; the second server encrypts the second data by using the second key to obtain encrypted second data, and determines an operation result according to the encrypted first data, the encrypted second data and the media data;
s5: and receiving the operation result, and determining whether the first data and the second data meet a preset incidence relation according to the operation result.
In this embodiment, the first data may specifically be data to be queried or processed owned by a querying party. For example, identity information of the user for whom credit is to be determined, transaction data to be processed, measurement data to be evaluated, and the like. The present specification does not limit the specific content of the first data.
In this embodiment, the second data may specifically be data owned by the inquirer. Such as preset listing data, preset transaction credential data, preset index data, and the like. The specific content of the second data is not limited in the present specification.
In this embodiment, correspondingly, whether the first data to be queried and the preset second data satisfy the preset association relationship may specifically refer to whether the first data to be queried is located in the second data, or may refer to whether the first data to be queried conforms to a threshold range calibrated by the second data, and so on. In a specific implementation, whether the first data and the second data satisfy a preset association relationship may be determined by using the data processing method according to a specific application scenario and a processing requirement. The present specification is not limited to these.
The embodiment of the specification further provides an account data query method, and based on the account data query method, the first server can query and determine whether the owned target account data is located in the preset list data owned by the second server. Specifically, the method is applied to the first server side, and may include the following:
s1: acquiring target account data;
s2: initiating an operation request to a second server, wherein the second server stores preset list data;
s3: responding to the operation request, generating a first key, a second key and a media function;
s4: encrypting the target account data by using a first key to obtain encrypted target account data, and sending the encrypted target account data, the second key and the media function to a second server; the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and determines an operation result according to the encrypted target account data, the encrypted preset list data and the media function;
s5: and receiving the operation result, and determining whether the target account data is located in the preset list data according to the operation result.
Embodiments of the present specification further provide a server, including a processor and a memory for storing processor-executable instructions, where the processor, when implemented, may perform the following steps according to the instructions: acquiring identity information, wherein the identity information is used for indicating a user; initiating an operation request to a second server, wherein the second server stores preset list data; responding to the operation request, generating a first key, a second key and a media function; encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server; the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and determines an operation result according to the encrypted identity information, the encrypted preset list data and the media function; and receiving the operation result, and determining the user credit according to the operation result.
In order to complete the above instructions more accurately, referring to fig. 7, the present specification further provides another specific server, wherein the server includes a network communication port 701, a processor 702 and a memory 703, and the above structures are connected by an internal cable, so that the structures can perform specific data interaction.
The network communication port 701 may be specifically configured to acquire identity information, where the identity information is used to indicate a user.
The processor 702 may be specifically configured to initiate an operation request to a second server, where the second server stores preset list data; responding to the operation request, generating a first key, a second key and a media function; encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server; the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and determines an operation result according to the encrypted identity information, the encrypted preset list data and the media function; and receiving the operation result, and determining the user credit according to the operation result.
The memory 703 may be specifically configured to store a corresponding instruction program based on which the processor 702 is configured.
In this embodiment, the network communication port 701 may be a virtual port that is bound to different communication protocols, so that different data can be sent or received. For example, the network communication port may be port No. 80 responsible for web data communication, port No. 21 responsible for FTP data communication, or port No. 25 responsible for mail data communication. In addition, the network communication port can also be a communication interface or a communication chip of an entity. For example, it may be a wireless mobile network communication chip, such as GSM, CDMA, etc.; it can also be a Wifi chip; it may also be a bluetooth chip.
In this embodiment, the processor 702 may be implemented in any suitable manner. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, an embedded microcontroller, and so forth. The description is not intended to be limiting.
In this embodiment, the memory 703 may include multiple layers, and in a digital system, the memory may be any memory as long as it can store binary data; in an integrated circuit, a circuit without a physical form and with a storage function is also called a memory, such as a RAM, a FIFO and the like; in the system, the storage device in physical form is also called a memory, such as a memory bank, a TF card and the like.
The present specification further provides a computer storage medium based on the above method for determining user credit, where the computer storage medium stores computer program instructions, and when the computer program instructions are executed, the computer program instructions implement: acquiring identity information, wherein the identity information is used for indicating a user; initiating an operation request to a second server, wherein the second server stores preset list data; responding to the operation request, generating a first key, a second key and a media function; encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server; the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and determines an operation result according to the encrypted identity information, the encrypted preset list data and the media function; and receiving the operation result, and determining the user credit according to the operation result.
In this embodiment, the storage medium includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard Disk Drive (HDD), or a Memory Card (Memory Card). The memory may be used to store computer program instructions. The network communication unit may be an interface for performing network connection communication, which is set in accordance with a standard prescribed by a communication protocol.
In this embodiment, the functions and effects specifically realized by the program instructions stored in the computer storage medium can be explained by comparing with other embodiments, and are not described herein again.
Referring to fig. 8, in a software level, an embodiment of the present specification further provides an apparatus for determining a user credit, where the apparatus may be specifically applied to a querying party side, and specifically the apparatus may include the following structural modules:
an obtaining module 801, which may be specifically configured to obtain identity information, where the identity information is used to indicate a user;
the initiating module 802 may be specifically configured to initiate an operation request to a second server, where the second server stores preset list data;
a generating module 803, specifically configured to generate a first key, a second key, and an intermediary function in response to the operation request;
the processing module 804 may be specifically configured to encrypt the identity information with a first key to obtain encrypted identity information, and send the encrypted identity information, the second key, and the media function to a second server; the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and determines an operation result according to the encrypted identity information, the encrypted preset list data and the media function;
the determining module 805 may be specifically configured to receive the operation result, and determine the user credit according to the operation result.
In an embodiment, the preset list data may specifically include at least one of the following: blacklist data, whitelist data, member list data, and the like.
In an embodiment, when the preset list data includes blacklist data, the determining module 805 may specifically include the following structural units:
the detection unit may be specifically configured to detect whether the operation result is equal to a preset value;
the first determining unit may be specifically configured to determine that the user is located in blacklist data and determine that the user credit is at risk when the operation result is determined to be equal to the preset numerical value.
In one embodiment, the generating module 803 may specifically include the following structural units:
the first generating unit may be specifically configured to generate a first key for the identity information and a second key for the preset list data;
the acquiring unit may be specifically configured to acquire a preset comparison function;
the second generating unit may be specifically configured to generate the intermediate function according to the first key, the second key, and the preset comparison function.
In an embodiment, the processing module 804 may specifically include the following structural units:
the conversion unit may be specifically configured to convert the identity information into a binary number group, where the binary number group includes a plurality of binary numbers;
the encryption unit may be specifically configured to encrypt, by using the first key, each of the multiple binary numbers in the binary number group to obtain an encrypted binary number group, where the encrypted binary number group is used as the encrypted identity information.
In an embodiment, the received operation result further includes an encrypted operation result, and correspondingly, the determining module may further include: a decryption unit for generating a third key; and decrypting the encrypted operation result by using the third key to obtain the operation result.
In an embodiment, the identity information may specifically include at least one of: account data for the user, the user's identification number, the user's name, and so forth.
It should be noted that, the units, devices, modules, etc. illustrated in the above embodiments may be implemented by a computer chip or an entity, or implemented by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. It is to be understood that, in implementing the present specification, functions of each module may be implemented in one or more pieces of software and/or hardware, or a module that implements the same function may be implemented by a combination of a plurality of sub-modules or sub-units, or the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
In the device for determining a user credit provided in the embodiment of the present specification, the generation module generates the first key, the second key, and the mediation function, the processing module encrypts the identity information of the user whose credit is to be determined by using the first key, and then sends the encrypted identity information, the second key, and the mediation function to the second server, so as to prevent the information data owned by the first server, such as the identity information of the user, from being known by the second server; the second server encrypts the stored preset list data by using a second secret key through the encryption module, and solves a corresponding media function by using the encrypted identity information and the encrypted preset list data through the operation module, and the obtained result data is fed back to the first server through the sending module, so that the stored preset list data is prevented from being leaked in the operation processing process; the first server can determine whether the user indicated by the identity information is in the preset list data or not through the determination module according to the result data under the condition that the preset list data is not known, and then determines the credit condition of the user. The technical problems that information data owned by the own party is easy to leak and potential safety hazards such as data leakage exist in the data processing process of determining the credit of the user in the existing method are solved, whether the user is in the preset list data or not can be accurately and efficiently determined under the condition that the information data owned by the own party is not leaked to the opposite party or a third party, the credit condition of the user is further determined, the safety degree of the data in the data processing process is improved, and the data privacy of the user is protected.
Referring to fig. 9, in a software level, an embodiment of the present specification further provides a device for determining a user credit, where the device may be specifically applied to a queried party side, and specifically includes the following structural modules:
the receiving module 901 may be specifically configured to receive an operation request, encrypted identity information, a second key, and a media function;
the encryption module 902 may be specifically configured to respond to the operation request, and encrypt preset list data by using the second key to obtain encrypted preset list data;
the operation module 903 may be specifically configured to solve the media function according to the encrypted identity information and the encrypted preset list data to obtain an operation result;
the sending module 904 may be specifically configured to send the operation result to the first server.
In an embodiment, the encryption module 902 may specifically include: the encryption unit may be specifically configured to encrypt, by using the second key, the plurality of identity information included in the preset list data respectively to obtain a plurality of encrypted identity information, which is used as the encrypted preset list data.
In the device for determining a user credit provided in the embodiment of the present specification, the generation module generates the first key, the second key, and the mediation function, the processing module encrypts the identity information of the user whose credit is to be determined by using the first key, and then sends the encrypted identity information, the second key, and the mediation function to the second server, so as to prevent the information data owned by the first server, such as the identity information of the user, from being known by the second server; the second server encrypts the stored preset list data by using a second secret key through the encryption module, and solves a corresponding media function by using the encrypted identity information and the encrypted preset list data through the operation module, and the obtained result data is fed back to the first server through the sending module, so that the stored preset list data is prevented from being leaked in the operation processing process; the first server can determine whether the user indicated by the identity information is in the preset list data or not through the determination module according to the result data under the condition that the preset list data is not known, and then determines the credit condition of the user. The technical problems that information data owned by the own party is easy to leak and potential safety hazards such as data leakage exist in the data processing process of determining the credit of the user in the existing method are solved, whether the user is in the preset list data or not can be accurately and efficiently determined under the condition that the information data owned by the own party is not leaked to the opposite party or a third party, the credit condition of the user is further determined, the safety degree of the data in the data processing process is improved, and the data privacy of the user is protected.
An embodiment of the present specification further provides a system for determining a user credit, which may specifically include: the system comprises a first server and a second server, wherein the first server stores identity information which is used for indicating a user, and the second server stores preset list data; the method comprises the steps that a first server obtains identity information and initiates a calculation request, wherein the identity information is used for indicating a user; the first server responds to the operation request and generates a first key, a second key and a media function; encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server; the second server receives and responds to the operation request, and encrypts preset list data by using the second secret key to obtain the encrypted preset list data; solving the media function according to the encrypted identity information and the encrypted preset list data to obtain an operation result, and sending the operation result to a first server; and the first server receives and determines the user credit according to the operation result.
Although the present specification provides method steps as described in the examples or flowcharts, additional or fewer steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an apparatus or client product in practice executes, it may execute sequentially or in parallel (e.g., in a parallel processor or multithreaded processing environment, or even in a distributed data processing environment) according to the embodiments or methods shown in the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. The terms first, second, etc. are used to denote names, but not any particular order.
Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
From the above description of the embodiments, it is clear to those skilled in the art that the present specification can be implemented by software plus a necessary general hardware platform. Based on such understanding, the technical solutions of the present specification may be embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, or the like, and includes instructions for causing a computer device (which may be a personal computer, a mobile terminal, a server, or a network device) to execute the method according to the embodiments or some parts of the embodiments of the present specification.
The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The description is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
While the specification has been described with examples, those skilled in the art will appreciate that there are numerous variations and permutations of the specification that do not depart from the spirit of the specification, and it is intended that the appended claims include such variations and modifications that do not depart from the spirit of the specification.

Claims (24)

1. A method for determining user credit, comprising:
acquiring identity information, wherein the identity information is used for indicating a user;
initiating an operation request to a second server, wherein the second server stores preset list data;
responding to the operation request, generating a first key, a second key and a media function; the media function comprises a function for comparing the similarity of the encrypted identity information and the identity information in the encrypted preset list data;
encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server; the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and solves the media function by using the encrypted identity information and the encrypted preset list data to obtain an operation result;
and receiving the operation result, and determining the user credit according to the operation result.
2. The method of claim 1, the preset list data comprising at least one of: blacklist data, whitelist data, member list data.
3. The method of claim 2, wherein determining a user credit according to the operation result in a case that the preset list data includes blacklist data comprises:
detecting whether the operation result is equal to a preset value or not;
and under the condition that the operation result is determined to be equal to the preset numerical value, determining that the user is located in blacklist data, and determining that the credit of the user has risk.
4. The method of claim 1, generating a first key and a second key, and an intermediary function, comprising:
generating a first key aiming at the identity information and a second key aiming at the preset list data;
acquiring a preset comparison function;
and generating the intermediate function according to the first secret key, the second secret key and the preset comparison function.
5. The method of claim 1, encrypting the identity information using a first key to obtain encrypted identity information, comprising:
converting the identity information into a binary number group, wherein the binary number group comprises a plurality of binary numbers;
and respectively encrypting a plurality of binary numbers in the binary number array by using the first key to obtain an encrypted binary number array as the encrypted identity information.
6. The method of claim 1, wherein the received operation result further comprises an encrypted operation result, and wherein the method further comprises:
generating a third key, and generating the intermediate function according to the first key, the second key, the third key and a preset comparison function;
and decrypting the encrypted operation result by using the third key to obtain the operation result.
7. The method of claim 1, the identity information comprising at least one of: account data of the user, an identity number of the user, and a name of the user.
8. A method for determining user credit, comprising:
receiving an operation request, encrypted identity information, a second secret key and a media function; the media function comprises a function for comparing the similarity of the encrypted identity information and the identity information in the encrypted preset list data;
responding to the operation request, and encrypting preset list data by using the second secret key to obtain the encrypted preset list data;
solving the medium function by using the encrypted identity information and the encrypted preset list data to obtain an operation result; the media function comprises a function for comparing the similarity of the encrypted identity information and the identity information in the encrypted preset list data;
and sending the operation result to the first server.
9. The method of claim 8, encrypting the predetermined list data using the second key to obtain the encrypted predetermined list data, comprising:
and respectively encrypting a plurality of identity information contained in the preset list data by using the second key to obtain a plurality of encrypted identity information which is used as the encrypted preset list data.
10. A method for determining user credit, comprising:
the method comprises the steps that a first server obtains identity information and initiates a calculation request, wherein the identity information is used for indicating a user;
the first server responds to the operation request and generates a first key, a second key and a media function; encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server; the media function comprises a function for comparing the similarity of the encrypted identity information and the identity information in the encrypted preset list data;
the second server receives and responds to the operation request, and encrypts preset list data by using the second secret key to obtain the encrypted preset list data; solving the media function by using the encrypted identity information and the encrypted preset list data to obtain an operation result, and sending the operation result to a first server;
and the first server receives and determines the user credit according to the operation result.
11. A method of processing data, comprising:
acquiring first data;
initiating an operation request to a second server, wherein the second server stores second data;
responding to the operation request, generating a first key, a second key and a media function; wherein the media function comprises a function for similarity comparison of the encrypted first data and the encrypted second data;
encrypting the first data by using a first key to obtain encrypted first data, and sending the encrypted first data, the second key and the media function to a second server; the second server encrypts the second data by using the second key to obtain encrypted second data, and solves the media function by using the encrypted first data and the encrypted second data to obtain an operation result;
and receiving the operation result, and determining whether the first data and the second data meet a preset incidence relation according to the operation result.
12. An account data query method comprises the following steps:
acquiring target account data;
initiating an operation request to a second server, wherein the second server stores preset list data;
responding to the operation request, generating a first key, a second key and a media function; the media function comprises a function for comparing similarity of encrypted target account data and account data in encrypted preset list data;
encrypting the target account data by using a first key to obtain encrypted target account data, and sending the encrypted target account data, the second key and the media function to a second server; the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and solves the media function by using the encrypted identity information and the encrypted preset list data to obtain an operation result;
and receiving the operation result, and determining whether the target account data is located in the preset list data according to the operation result.
13. An apparatus for determining user credit, comprising:
the system comprises an acquisition module, a processing module and a display module, wherein the acquisition module is used for acquiring identity information, and the identity information is used for indicating a user;
the initiating module is used for initiating an operation request to a second server, wherein the second server stores preset list data;
the generating module is used for responding to the operation request, generating a first key, a second key and a media function; the media function comprises a function for comparing the similarity of the encrypted identity information and the identity information in the encrypted preset list data;
the processing module is used for encrypting the identity information by using the first secret key to obtain encrypted identity information and sending the encrypted identity information, the second secret key and the media function to the second server; the second server encrypts the preset list data by using the second key to obtain encrypted preset list data, and solves the media function by using the encrypted identity information and the encrypted preset list data to obtain an operation result;
and the determining module is used for receiving the operation result and determining the credit of the user according to the operation result.
14. The apparatus of claim 13, the predetermined roster data comprising at least one of: blacklist data, whitelist data, member list data.
15. The apparatus of claim 14, in the case that the pre-set listing data comprises blacklist data, the determining means comprising:
the detection unit is used for detecting whether the operation result is equal to a preset value or not;
and the first determining unit is used for determining that the user is positioned in blacklist data and determining that the credit of the user has risk under the condition that the operation result is determined to be equal to the preset numerical value.
16. The apparatus of claim 15, the generating means comprising:
the first generating unit is used for generating a first secret key aiming at the identity information and a second secret key aiming at the preset list data;
an obtaining unit, configured to obtain a preset comparison function;
and the second generating unit is used for generating the intermediate function according to the first secret key, the second secret key and the preset comparison function.
17. The apparatus of claim 13, the processing module comprising:
the conversion unit is used for converting the identity information into a binary number group, wherein the binary number group comprises a plurality of binary numbers;
and the encryption unit is used for respectively encrypting a plurality of binary numbers in the binary number group by using the first secret key to obtain an encrypted binary number group as the encrypted identity information.
18. The apparatus of claim 13, the received operation further comprising an encrypted operation, and the determining module further comprises: a decryption unit for generating a third key; and decrypting the encrypted operation result by using the third key to obtain the operation result.
19. The apparatus of claim 13, the identity information comprising at least one of: account data of the user, an identity number of the user, and a name of the user.
20. An apparatus for determining user credit, comprising:
the receiving module is used for receiving the operation request, the encrypted identity information, the second secret key and the media function; the media function comprises a function for comparing the similarity of the encrypted identity information and the identity information in the encrypted preset list data;
the encryption module is used for responding to the operation request and encrypting preset list data by using the second secret key to obtain the encrypted preset list data;
the operation module is used for solving the media function by using the encrypted identity information and the encrypted preset list data to obtain an operation result;
and the sending module is used for sending the operation result to the first server.
21. The apparatus of claim 20, the encryption module comprising: and the encryption unit is used for respectively encrypting the plurality of identity information contained in the preset list data by using the second key to obtain a plurality of encrypted identity information which is used as the encrypted preset list data.
22. A system for determining user credit, comprising: the system comprises a first server and a second server, wherein the first server stores identity information which is used for indicating a user, and the second server stores preset list data;
the method comprises the steps that a first server obtains identity information and initiates a calculation request, wherein the identity information is used for indicating a user;
the first server responds to the operation request and generates a first key, a second key and a media function; encrypting the identity information by using a first secret key to obtain encrypted identity information, and sending the encrypted identity information, the second secret key and the media function to a second server; the media function comprises a function for comparing the similarity of the encrypted identity information and the identity information in the encrypted preset list data;
the second server receives and responds to the operation request, and encrypts preset list data by using the second secret key to obtain the encrypted preset list data; solving the media function by using the encrypted identity information and the encrypted preset list data to obtain an operation result, and sending the operation result to a first server;
and the first server receives and determines the user credit according to the operation result.
23. A server comprising a processor and a memory for storing processor-executable instructions which, when executed by the processor, implement the steps of the method of any one of claims 1 to 7.
24. A computer readable storage medium having stored thereon computer instructions which, when executed, implement the steps of the method of any one of claims 1 to 7.
CN201910260260.5A 2019-04-02 2019-04-02 User credit determination method, device and system and data processing method Active CN110166423B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910260260.5A CN110166423B (en) 2019-04-02 2019-04-02 User credit determination method, device and system and data processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910260260.5A CN110166423B (en) 2019-04-02 2019-04-02 User credit determination method, device and system and data processing method

Publications (2)

Publication Number Publication Date
CN110166423A CN110166423A (en) 2019-08-23
CN110166423B true CN110166423B (en) 2021-09-10

Family

ID=67638877

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910260260.5A Active CN110166423B (en) 2019-04-02 2019-04-02 User credit determination method, device and system and data processing method

Country Status (1)

Country Link
CN (1) CN110166423B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111683035A (en) * 2020-02-12 2020-09-18 华东师范大学 Vehicle-mounted ECU intrusion detection method and system based on CAN bus differential signal level characteristics
CN111291231B (en) * 2020-02-14 2023-09-15 支付宝(杭州)信息技术有限公司 Method and system for storing data processing result
CN111445336A (en) * 2020-04-16 2020-07-24 中国银行股份有限公司 Data processing method and data processing system
CN112989386B (en) * 2021-03-31 2023-09-22 苏州黑云智能科技有限公司 Blacklist sharing method and system based on careless transmission
CN113190584B (en) * 2021-04-07 2022-06-21 四川新网银行股份有限公司 Concealed trace query method based on oblivious transmission protocol
CN114024674A (en) * 2021-11-23 2022-02-08 支付宝(杭州)信息技术有限公司 Method and system for comparing two parties safely

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0803053D0 (en) * 2008-02-20 2008-03-26 Hewlett Packard Development Co Revocation for direct anonymous attestation
CN101888415A (en) * 2010-06-30 2010-11-17 创想空间软件技术(北京)有限公司 Peer-to-peer network user credit system
CN107566367A (en) * 2017-09-02 2018-01-09 刘兴丹 A kind of shared method, apparatus of cloud storage information network certification
CN108154038A (en) * 2016-12-06 2018-06-12 北京京东尚科信息技术有限公司 Data processing method and device
CN109344583A (en) * 2018-08-22 2019-02-15 阿里巴巴集团控股有限公司 Threshold value determination and core body method, apparatus, electronic equipment and storage medium
CN109359691A (en) * 2018-10-24 2019-02-19 全链通有限公司 Auth method and system based on block chain

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104065652B (en) * 2014-06-09 2015-10-14 北京石盾科技有限公司 A kind of auth method, device, system and relevant device
US9565020B1 (en) * 2016-02-02 2017-02-07 International Business Machines Corporation System and method for generating a server-assisted strong password from a weak secret
CN107508796B (en) * 2017-07-28 2019-01-04 北京明朝万达科技股份有限公司 A kind of data communications method and device
CN108959911A (en) * 2018-06-14 2018-12-07 联动优势科技有限公司 A kind of key chain generates, verification method and its device
CN109359471B (en) * 2018-08-20 2021-02-26 北京中测安华科技有限公司 Encryption method, device, system, equipment and medium based on user identity

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0803053D0 (en) * 2008-02-20 2008-03-26 Hewlett Packard Development Co Revocation for direct anonymous attestation
CN101888415A (en) * 2010-06-30 2010-11-17 创想空间软件技术(北京)有限公司 Peer-to-peer network user credit system
CN108154038A (en) * 2016-12-06 2018-06-12 北京京东尚科信息技术有限公司 Data processing method and device
CN107566367A (en) * 2017-09-02 2018-01-09 刘兴丹 A kind of shared method, apparatus of cloud storage information network certification
CN109344583A (en) * 2018-08-22 2019-02-15 阿里巴巴集团控股有限公司 Threshold value determination and core body method, apparatus, electronic equipment and storage medium
CN109359691A (en) * 2018-10-24 2019-02-19 全链通有限公司 Auth method and system based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《财务报账管理系统的设计与实现》;李元成;《中国硕士学位论文全文数据库 信息技术辑》;20170601;全文 *

Also Published As

Publication number Publication date
CN110166423A (en) 2019-08-23

Similar Documents

Publication Publication Date Title
CN110166423B (en) User credit determination method, device and system and data processing method
CN109033855B (en) Data transmission method and device based on block chain and storage medium
Yu et al. A blockchain-based shamir’s threshold cryptography scheme for data protection in industrial internet of things settings
Gao et al. Privacy-preserving auction for big data trading using homomorphic encryption
Harbi et al. A review of security in internet of things
Atiewi et al. Scalable and secure big data IoT system based on multifactor authentication and lightweight cryptography
CN111079128B (en) Data processing method and device, electronic equipment and storage medium
KR101843340B1 (en) Privacy-preserving collaborative filtering
EP3367290A1 (en) Systems, methods and computer program products for combining privacy enhancing technologies
CN112073444B (en) Data set processing method and device and server
CN111400728A (en) Data encryption and decryption method and device applied to block chain
CN107196840B (en) Data processing method, device and equipment
CN105635131A (en) Data transmission method and device and server
CN111741268B (en) Video transmission method, device, server, equipment and medium
CN102222188A (en) Information system user password generation method
US11018857B2 (en) Encryption scheme using multiple parties
CN111078649A (en) Block chain-based on-cloud file storage method and device and electronic equipment
KR101812311B1 (en) User terminal and data sharing method of user terminal based on attributed re-encryption
Barni et al. Parallel implementation of GC-based MPC protocols in the semi-honest setting
Kumar Advanced RSA cryptographic algorithm for improving data security
CN106067875B (en) Intelligent terminal encryption method and system
WO2019179313A1 (en) Method and apparatus for managing passwords, and computer storage medium
CN114363013B (en) Supervision-friendly blockchain content privacy protection system, message sending and query method
CN112491904B (en) Big data privacy protection sharing method and system
Begum et al. IMPLEMENTATION OF A NOVEL TECHNIQUE FOR SIGNATURE VERIFICATION AND KEY COMPUTING FOR SECURE DATA SHARING IN CLOUD

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200927

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200927

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: Greater Cayman, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant