CN110213201B

CN110213201B - Data security processing method and device, computer equipment and storage medium

Info

Publication number: CN110213201B
Application number: CN201810171873.7A
Authority: CN
Inventors: 李锐; 何奮成; 罗征
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2018-03-01
Filing date: 2018-03-01
Publication date: 2021-09-10
Anticipated expiration: 2038-03-01
Also published as: CN110213201A

Abstract

The method comprises the steps of firstly, establishing an association relation between candidate target ciphertext information and candidate user identification, then encrypting original user identification by adopting a first encryption function to obtain first intermediate ciphertext information, sending the first intermediate ciphertext information to a detection party, indicating the detection party to encrypt the first intermediate ciphertext information by adopting a second encryption function to obtain the first target ciphertext information, obtaining a matching relation between the candidate target ciphertext information and the candidate user identification, searching a target user identification corresponding to the first target ciphertext information from the matching relation, wherein the target user identification is the original user identification, and the first encryption function and the second encryption function have interchangeability. The data security processing method avoids the situation that the encrypted user identification cannot be restored, and improves the data security. In addition, a data security processing system, a data security processing device, a computer device and a storage medium are also provided.

Description

Data security processing method and device, computer equipment and storage medium

Technical Field

The present application relates to the field of computer processing technologies, and in particular, to a data security processing method and apparatus, a computer device, and a storage medium.

Background

In order to protect the security of information, data is generally encrypted for transmission, but in a conventional encryption method, the information is encrypted by a generated key or password, but the information obtained by encrypting the data by the key can be decrypted to recover corresponding data, and if the key is leaked, the information is still leaked, so that the security is low.

Disclosure of Invention

In view of the above, it is necessary to provide a processing method, an apparatus, a computer device, and a storage medium for data security with high security.

A method of processing data securely, the method comprising:

receiving candidate intermediate ciphertext information sent by a detection party, wherein the candidate intermediate ciphertext information is obtained by encrypting a candidate user identifier by the detection party by adopting a second encryption function;

encrypting the candidate intermediate ciphertext information by adopting a first encryption function to obtain candidate target ciphertext information;

sending the candidate target ciphertext information to a detector, and indicating the detector to establish an association relation between the candidate target ciphertext information and a candidate user identifier;

acquiring an original user identifier;

encrypting the original user identification by adopting a first encryption function to obtain first intermediate ciphertext information;

and sending the first intermediate ciphertext information to a detection party, instructing the detection party to encrypt the first intermediate ciphertext information by adopting a second encryption function to obtain first target ciphertext information, obtaining a matching relation between the candidate target ciphertext information and a candidate user identifier, and searching a target user identifier corresponding to the first target ciphertext information from the matching relation, wherein the target user identifier is the original user identifier, and the first encryption function and the second encryption function have interchangeability.

A data-secure processing system, the system comprising:

the second server is used for encrypting the candidate user identification by adopting a second encryption function to obtain candidate intermediate ciphertext information and sending the candidate intermediate ciphertext information to the first server;

the first server is used for encrypting the received candidate intermediate ciphertext information by adopting a first encryption function to obtain candidate target ciphertext information and sending the candidate target ciphertext information to the second server;

the second server is also used for establishing an incidence relation between the candidate target ciphertext information and the candidate user identification according to the received candidate target ciphertext information;

the first server is further used for acquiring an original user identifier, encrypting the original user identifier by adopting a first encryption function to obtain first intermediate ciphertext information, and sending the first intermediate ciphertext information to a second server;

the second server is further configured to receive the first intermediate ciphertext information, encrypt the first intermediate ciphertext information by using a second encryption function to obtain first target ciphertext information, obtain a matching relationship between the candidate target ciphertext information and a candidate user identifier, and search for a target user identifier corresponding to the first target ciphertext information from the matching relationship, where the target user identifier is the original user identifier, and the first encryption function and the second encryption function have interchangeability.

A data-secure processing apparatus, the apparatus comprising:

the receiving module is used for receiving candidate intermediate ciphertext information sent by a detection party, wherein the candidate intermediate ciphertext information is obtained by encrypting a candidate user identifier by the detection party by adopting a second encryption function;

the encryption module is used for encrypting the candidate intermediate ciphertext information by adopting a first encryption function to obtain candidate target ciphertext information;

the sending module is used for sending the candidate target ciphertext information to a detecting party and indicating the detecting party to establish an incidence relation between the candidate target ciphertext information and a candidate user identifier;

the acquisition module is used for acquiring an original user identifier;

the encryption module is further used for encrypting the original user identification by adopting a first encryption function to obtain first intermediate ciphertext information;

the sending module is further configured to send the first intermediate ciphertext information to a detecting party, instruct the detecting party to encrypt the first intermediate ciphertext information by using a second encryption function to obtain first target ciphertext information, obtain a matching relationship between candidate target ciphertext information and a candidate user identifier, and search for a target user identifier corresponding to the first target ciphertext information from the matching relationship, where the target user identifier is the original user identifier, and the first encryption function and the second encryption function have interchangeability.

A computer device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of:

acquiring an original user identifier;

A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:

acquiring an original user identifier;

For the safety of the user identification, firstly, receiving candidate intermediate ciphertext information sent by a detection party, encrypting the candidate intermediate ciphertext information by adopting a first encryption function to obtain candidate target ciphertext information, then sending the candidate target ciphertext information to the detection party so as to enable the detection party to establish an association relation between the candidate target ciphertext information and the candidate user identification, then after obtaining the original user identification, encrypting the original user identification by adopting the first encryption function to obtain first intermediate ciphertext information, then sending the first intermediate ciphertext information to the detection party, encrypting the first intermediate ciphertext information by adopting a second encryption function by the detection party to obtain first target ciphertext information, and obtaining the matching relation between the candidate target ciphertext information and the candidate user identification, and then acquiring a target user identifier corresponding to the first target ciphertext information, wherein the target user identifier is the original user identifier. According to the data security processing method, under the condition that the user identification is not exposed, the detection party can obtain the corresponding original user identification according to the first target ciphertext information, the user identification is prevented from being directly transmitted on the network, the encrypted user identification cannot be restored, and the data security is improved. Furthermore, the original user identifier obtained by the detecting party must be the user identifier already existing in the detecting party, and if the detecting party does not have the corresponding user identifier, the detecting party cannot obtain the corresponding user identifier, so that the independence and the safety of data of the detecting party and the detecting party are ensured.

Drawings

FIG. 1 is a diagram of an application environment of a processing method for data security in one embodiment;

FIG. 2 is a flow diagram that illustrates a method for processing data security in one embodiment;

FIG. 3 is a timing diagram of a processing method for data security in one embodiment;

FIG. 4 is a flowchart of a processing method of data security in another embodiment;

FIG. 5 is a timing diagram of a processing method for data security in another embodiment;

FIG. 6 is a flowchart of a processing method of data security in still another embodiment;

FIG. 7 is a block diagram of a processing system for data security in one embodiment;

FIG. 8 is a block diagram showing the structure of a data security processing apparatus according to an embodiment;

FIG. 9 is a block diagram showing a configuration of a data security processing apparatus according to still another embodiment;

FIG. 10 is a block diagram showing a configuration of a data security processing apparatus according to still another embodiment;

FIG. 11 is a block diagram of a computer device in one embodiment.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.

Fig. 1 is an application environment diagram of a processing method of data security in one embodiment. Referring to fig. 1, the data security processing method is applied to a data security processing system. The data security processing system comprises a first server 110 and a second server 120, wherein the first server 110 and the second server 120 are connected through a network, and the first server 110 or the second server 120 can be implemented by an independent server or a server cluster consisting of a plurality of servers. Specifically, the second server 120 encrypts the candidate user identifier by using the second encryption function to obtain candidate intermediate ciphertext information, sends the candidate intermediate ciphertext information to the first server 110, the first server 110 encrypts the received candidate intermediate ciphertext information by using the first encryption function to obtain candidate target ciphertext information, and sends the candidate target ciphertext information to the second server 120, and the second server 120 is further configured to establish an association relationship between the candidate target ciphertext information and the candidate user identifier according to the received candidate target ciphertext information. The first server 110 obtains an original user identifier, encrypts the original user identifier by using a first encryption function to obtain first intermediate ciphertext information, sends the first intermediate ciphertext information to the second server 120, encrypts the first intermediate ciphertext information by using a second encryption function to obtain first target ciphertext information, obtains a matching relationship between candidate target ciphertext information and the candidate user identifier, and searches for a target user identifier corresponding to the first target ciphertext information from the matching relationship, wherein the target user identifier is the original user identifier, and the first encryption function and the second encryption function have interchangeability.

In one embodiment, as shown in FIG. 2, a data security processing method is provided. The present embodiment is exemplified by being applied to a server, and may also be applied to a terminal. The data security processing method specifically comprises the following steps:

step 202, receiving candidate intermediate ciphertext information sent by the detection party, wherein the candidate intermediate ciphertext information is obtained by encrypting the candidate user identifier by the detection party by using a second encryption function.

The candidate user identification refers to a user identification stored by the detection party. The candidate intermediate ciphertext information is obtained by encrypting the candidate user identifier by using a second encryption function. In order to find the corresponding user identifier according to the first target ciphertext information at the detecting party, the detecting party needs to establish an association relationship between the candidate target ciphertext information and the candidate user identifier in advance. In order to establish the incidence relation between the candidate target ciphertext information and the candidate user identification, the detection party firstly encrypts the stored candidate user identification by adopting a second encryption function to obtain candidate intermediate ciphertext information, and then sends the candidate intermediate ciphertext information to the detection party. For example, assuming that the second encryption function is g (x), x represents the plaintext to be encrypted, in this embodiment, the encrypted object is the candidate user identifier id2, and then the obtained candidate intermediate ciphertext information is g (id 2).

And step 204, encrypting the candidate intermediate ciphertext information by adopting a first encryption function to obtain candidate target ciphertext information.

And the candidate target ciphertext information is obtained by encrypting the candidate intermediate ciphertext information by adopting a first encryption function. That is, the candidate target ciphertext information is obtained by encrypting the candidate user identifier by using the second encryption function and then by using the first encryption function. Specifically, assuming that the candidate intermediate ciphertext information is g (id2), the candidate intermediate ciphertext information is g (id2) encrypted by using a first encryption function f (x) to obtain candidate target ciphertext information f (g (id 2)).

And step 206, sending the candidate target ciphertext information to the detection party, and instructing the detection party to establish an association relation between the candidate target ciphertext information and the candidate user identifier.

The candidate target ciphertext information is sent to the detection party, and after the detection party receives the candidate target ciphertext information, an association relation is established between the candidate target ciphertext information and the corresponding candidate user identification. After receiving first intermediate ciphertext information obtained by encrypting the user identifier by using a first encryption function, a subsequent detection party firstly encrypts the first intermediate ciphertext information again by using a second encryption function to obtain first target ciphertext information, and then determines candidate target ciphertext information identical to the first target ciphertext information according to the exchangeable relationship f (g (x)) between the first encryption function f (x) and the second encryption function g (x), so as to obtain the user identifier corresponding to the first target ciphertext information. In one embodiment, the detecting party further stores a corresponding relationship between the candidate user identifier and the candidate user information, and directly establishes an association relationship among the candidate target ciphertext information, the candidate user identifier and the candidate user information. The user information includes personal information such as age, sex, occupation, etc. of the user.

When a plurality of candidate user identifications are available, in order to mark which candidate user identification corresponds to the returned candidate target ciphertext information, the detection party sends the candidate intermediate ciphertext information and simultaneously sends the information identification corresponding to the candidate user identification.

In one embodiment, candidate intermediate ciphertext information and an information identifier sent by a detection party are received, the candidate intermediate ciphertext information is obtained by the detection party encrypting a candidate user identifier by using a second encryption function, then the candidate intermediate ciphertext information is encrypted by using a first encryption function to obtain candidate target ciphertext information, the candidate target ciphertext information and the corresponding information identifier are sent to the detection party, the detection party obtains the corresponding candidate user identifier according to the user information identifier, and the incidence relation between the candidate target ciphertext information and the candidate user identifier is established.

The information identifier is used for uniquely corresponding to one user identifier, a unique number can be allocated to each user identifier in a number allocation mode, and a one-to-one correspondence relationship between the information identifier and the candidate user identifiers is established. The method comprises the steps that a detection party obtains candidate intermediate ciphertext information by adopting a second encryption function for a candidate user identifier, then the information identifier and the candidate intermediate ciphertext information are sent to a first server together, the first server obtains candidate target ciphertext information by adopting a first encryption function for encrypting the candidate intermediate ciphertext information, then the candidate target ciphertext information and a corresponding information identifier are sent to the detection party together, the detection party obtains a corresponding candidate user identifier according to the information identifier, and then the incidence relation between the candidate target ciphertext information and the candidate user identifier is established.

In one embodiment, a user portrait corresponding to a candidate user identifier is obtained, the user portrait and the candidate user identifier are in a one-to-one correspondence relationship, after candidate intermediate ciphertext information is obtained by encrypting the candidate user identifier through a first function, the candidate intermediate ciphertext information and a corresponding user portrait are sent to a first server together, the first server encrypts the candidate intermediate ciphertext information through a first encryption function to obtain candidate target ciphertext information, then the candidate target ciphertext information and the corresponding user portrait are sent to a detecting party together, the detecting party searches the corresponding candidate user identifier according to the user portrait, and then an association relationship between the candidate target ciphertext information and the candidate user identifier is established.

Step 208, obtain the original user identification.

The user identifier may be an application account registered by the user, an equipment identifier of the user, a unique number assigned to the user, or the like, and may be an identifier that uniquely identifies one user. The original user identification refers to the obtained unencrypted user identification. Specifically, the first server obtains an original user identifier, the original user identifier can be set in a user-defined mode according to actual conditions, for example, the user identifier of a user portrait needing to be calculated can be used as the original user identifier, the user portrait is composed of a series of user tag information, such as age, gender, occupation and the like, and the original user identifier is an effective tool for delineating a target user and contacting user appeal and design directions.

In an application scenario, after recommendation information is pushed, in order to evaluate the value of information recommendation, a user identifier of the recommended information needs to be sent to a detecting party, then, a user portrait distribution corresponding to the recommendation information is obtained through calculation by the detecting party, the user portrait distribution comprises information such as age distribution, gender distribution and region distribution corresponding to the released recommendation information, and then, the value of information recommendation is evaluated according to the user portrait distribution.

Step 210, encrypting the original user identifier by using a first encryption function to obtain a first intermediate ciphertext message.

The first intermediate ciphertext information is ciphertext information obtained by encrypting the original user identifier by using a first encryption function. The first encryption function is an independent encryption algorithm. The first intermediate ciphertext information obtained by encryption is processed information which can not identify the user identifier and can not be recovered by the receiver. Due to the third of newly released national laws "the interpretation of the applied laws of the highest people's court and the highest people's inspection institute on handling infringement citizen's personal information criminal case," provided citizen's personal information "which belongs to one of the second hundred and fifty rules of the criminal law and is provided to others with legally collected citizen's personal information without the consent of the collectors", except that specific individuals cannot be identified and cannot be recovered after processing. The user identifier belongs to the collected citizen personal information, and in order to improve the safety of the user identifier and meet legal requirements, the user identifier cannot be directly transmitted on the network, and cannot be realized by using an encryption and decryption algorithm capable of recovering the user identifier. Assuming that the first encryption function is f (x), x represents the plaintext (object) to be encrypted, and if the encrypted object is the original user identifier id1, the resulting first intermediate ciphertext information is represented as f (id 1).

And step 212, sending the first intermediate ciphertext information to the detection party, instructing the detection party to encrypt the first intermediate ciphertext information by using a second encryption function to obtain first target ciphertext information, obtaining a matching relationship between the candidate target ciphertext information and a candidate user identifier, and searching for a target user identifier corresponding to the first target ciphertext information from the matching relationship, wherein the target user identifier is an original user identifier, and the first encryption function and the second encryption function have interchangeability.

The first encryption function and the second encryption function are independent encryption functions, and the first encryption function and the second encryption function have interchangeability. The interchangeability means that the same encryption sequence of the first encryption function and the second encryption function is interchanged to obtain the same result. For the same information, the first encryption function is used for encryption, and then the target ciphertext information obtained by using the second encryption function for encryption is the same as the target ciphertext information obtained by using the first encryption function for encryption. The first encryption function refers to an encryption function existing on the first server (i.e., the home terminal), and the second encryption function refers to an encryption function existing on the detecting party. The candidate target ciphertext information is obtained by encrypting the candidate user identifier through the second encryption function to obtain intermediate ciphertext information, and then encrypting the intermediate ciphertext information through the first encryption function. The first target ciphertext information is obtained by encrypting the user identifier through the first encryption function and then encrypting again through the second encryption function.

For example, assume that the first encryption function is f (x), and the second encryption function is g (x), where x represents a plaintext to be encrypted, and in this embodiment, x represents a user identifier to be encrypted. If the intermediate ciphertext information obtained by encrypting the candidate user identifier by using the second encryption function is g (x), then the intermediate ciphertext information g (x) is encrypted by using the first encryption function f (x) to obtain the candidate target ciphertext information f (g (x)). If the candidate user identification is encrypted by adopting the first encryption function, and then encrypted again by adopting the second encryption function, the obtained first target ciphertext information is g (f (x)). The first encryption function f (x) and the second encryption function g (x) belong to exchangeable encryption functions, and satisfy the relationship of f (g (x)) g (f (x)).

In one embodiment, the power function may be selected as the first cryptographic function f (x) and the second cryptographic function g (x), in particular f (x) x ^ S_A mod N，g(x)＝x^S_Bmod N, where ^ represents powers; mod denotes the remainder operation, N is a public large number, chosen within the range 2^2028, S_AAnd S_BIs a private key for both parties, and satisfies f (g (x)) x ^ (S)_A*S_B) mod N ═ g (f (x)) commutative law.

In another embodiment, to further reduce the risk of cracking, the first encryption function and the second encryption function are represented by the following discrete functions: c ═ m ^ a mod P; wherein m is a plaintext to be encrypted, C is ciphertext information obtained by encrypting the plaintext to be encrypted, a is a secret key, the secret keys a of the first encryption function and the second encryption function are independent and do not have the possibility of mutual cracking, P is an agreed prime number, and ^ represents power; mod denotes the remainder operation. In one embodiment, to further improve security, P may adopt a strong prime number, which means that not only P is a prime number, but also (P-1)/2 is a prime number, so as to enhance the strength against chosen-plaintext attack. Specifically, the first cryptographic function is denoted as f (m) ═ m a1 mod P, and the second cryptographic function is denoted as g (m) ^ m a2 mod P. It is found by calculation that f (g (m)) ((m ^ (a1 ^ a 2))% P ═ g (f (m))) satisfies the commutative law,% represents the remainder operation.

Specifically, the matching relationship between the candidate target ciphertext information and the candidate user identifier is stored in advance at the detecting party, and based on f (g (x)) or g (f (x)), the target user identifier corresponding to the first target ciphertext information may be searched from the matching relationship, where the target user identifier is the original user identifier. The original user identification is encrypted by adopting the first encryption function, the obtained first intermediate ciphertext information belongs to information which cannot be processed to identify a specific person and cannot be recovered, and the first intermediate ciphertext information is transmitted, so that the safety is improved, and the legality is realized. And the detecting party encrypts the first intermediate ciphertext information again to obtain first target ciphertext information, and then searches a target user identifier matched with the first target ciphertext information according to the first target ciphertext information, wherein the target user identifier is the original user identifier. The detection party can obtain the user identification by encrypting twice and then matching, and the premise that the detection party contains the user identification and corresponding candidate target ciphertext information is that the obtained user identification is not obtained by restoring the encrypted ciphertext information but is obtained by searching the candidate target ciphertext information obtained by encrypting twice, so that the independence and the safety of data of the two parties are ensured.

In order to ensure the safety of the user identification, the processing method for the data safety comprises the steps of firstly receiving candidate intermediate ciphertext information sent by a detection party, encrypting the candidate intermediate ciphertext information by adopting a first encryption function to obtain candidate target ciphertext information, then sending the candidate target ciphertext information to the detection party so that the detection party can establish the association relation between the candidate target ciphertext information and the candidate user identification, then after obtaining the original user identification, encrypting the original user identification by adopting a first encryption function to obtain the first intermediate ciphertext information, then sending the first intermediate ciphertext information to the detection party, encrypting the first intermediate ciphertext information by adopting a second encryption function by the detection party again to obtain the first target ciphertext information, obtaining the matching relation between the candidate target ciphertext information and the candidate user identification, and then obtaining the target user identification corresponding to the first target ciphertext information, the target user identification is the original user identification. According to the data security processing method, under the condition that the user identification is not exposed, the detection party can obtain the corresponding original user identification according to the first target ciphertext information, the user identification is prevented from being transmitted on the network, the data security is improved, the original user identification obtained by the detection party must be the user identification which is already existed by the detection party, if the detection party does not have the corresponding user identification, the detection party cannot obtain the corresponding user identification, and the independence and the security of the data of the detection party and the data of the detection party are guaranteed.

In one embodiment, the obtaining an original user identifier by using a candidate user identifier as a device identifier corresponding to a candidate terminal includes: sending the recommendation information to a first terminal; and acquiring the equipment identifier corresponding to the first terminal, and taking the equipment identifier as the original user identifier.

And the user identification selects the equipment identification corresponding to the terminal. In order to obtain a user portrait of a terminal user to which recommendation information is delivered, after the recommendation information is sent to a first terminal, a device identifier of the first terminal is obtained, and then the device identifier is sent as an original user identifier, so that the user portrait corresponding to the original user identifier and stored in a detection party is obtained according to the original user identifier.

In one embodiment, the data security processing method further includes: sending the recommendation information to a plurality of different target terminals; acquiring target user identifications corresponding to a plurality of different target terminals, taking the target user identifications as original user identifications, performing a step of encrypting the original user identifications by adopting a first encryption function to obtain the target user identifications, and acquiring user figures corresponding to the target user identifications; and receiving a user portrait report which is returned by the detector and corresponds to the recommendation information, wherein the user portrait report is obtained by counting the user portrait corresponding to each target user identification.

The recommendation information is sent to different target terminals respectively, a target user identifier corresponding to each target terminal is obtained, each target user identifier is used as an original user identifier, each target user identifier is encrypted by adopting a first encryption function respectively to obtain corresponding first intermediate ciphertext information, the first intermediate ciphertext information is sent to a detection party, the detection party encrypts each first intermediate ciphertext information by adopting a second encryption function to obtain first target ciphertext information, and then the corresponding target user identifier is found according to the first target ciphertext information. The corresponding relation between the user identification and the user portrait is stored in the detection party, so that the user portrait corresponding to each target user identification can be respectively obtained according to the target user identification, and each user portrait is counted to obtain a user portrait report. The user portrait report comprises the exposure number according to gender, the exposure number according to age, the exposure number according to region and the like, and the value of the recommendation information can be evaluated by checking the user portrait report.

In an advertisement putting scene, the advertisement is actually displayed at a user side once to enable the user to see the advertisement to be counted as exposure once, after the advertisement is put to a plurality of user terminals for display by the advertisement platform, in order to evaluate the effect of the advertisement delivered this time for the advertiser, the device identifier of the user terminal exposed to the advertisement is used as the original user identifier, then, after the original user identification is encrypted by adopting a first encryption function to obtain first intermediate ciphertext information, sending to the detecting party (third party), encrypting again by the detecting party with the second encryption function to obtain the first target ciphertext information, then searching the target candidate user identification corresponding to the first target ciphertext information, the target candidate user identification is the original user identification, and a user portrait report of the advertisement delivery is obtained by calculating according to a user portrait corresponding to the original user identification.

Fig. 3 is a timing diagram of a data security processing method in an embodiment, including: a first server 302 and a second server 304 (detector). The first part establishes a correspondence between the candidate target ciphertext information and the candidate user id in the second server 304. The second part is the process of sending the original subscriber identity. Specifically, the first part includes the following: the second server 304 stores candidate user id and corresponding user portrait in advance. Firstly, the second server 304 encrypts the candidate user identifier id by using a second encryption function g (x) to obtain candidate intermediate ciphertext information g (id), then sends the candidate intermediate ciphertext information g (id) and the corresponding user portrait to the first server, the first server 302 encrypts the candidate intermediate ciphertext information g (id) by using a first encryption function f (x) to obtain candidate target ciphertext information f (g (id)), then returns the candidate target ciphertext information f (g (id)) and the corresponding user portrait to the second server 304, the second server 304 receives the returned candidate target ciphertext information f (g (id)) and the corresponding user portrait, then obtains the corresponding candidate user identifier according to the user portrait, and then establishes the association relationship among the candidate target ciphertext information f (g (id), the candidate user identifier id and the user portrait, and forming a ciphertext image library.

The second part includes the following: the first server 302 obtains an original user identifier id1, then encrypts the original user identifier id1 by using a first encryption function f (x) to obtain first intermediate ciphertext information f (id1), then sends the first intermediate ciphertext information f (id1) to the second server 304, then the second server 304 encrypts the first intermediate ciphertext information f (id1) by using a second encryption function g (x) to obtain first target ciphertext information g (f (id1)), first, finds candidate target ciphertext information f (g (id2)) matching the first target ciphertext information g (f (id1)), and then finds a target user identifier id2 corresponding to the candidate target ciphertext information f (g (id2)), because f (x) and g (x) satisfy the following relationship: f (g (x)) g (f (x)), the found target user id2 is the original user id1, i.e., id1 ═ id 2. The corresponding user representation may then be retrieved based on the original user identification id 1.

As shown in fig. 4, in an embodiment, the processing method for data security further includes:

and 214, acquiring recommended user information corresponding to the information to be recommended, sending the recommended user information to the detection party, instructing the detection party to use a target candidate user identifier corresponding to the recommended user information as the recommended user identifier according to the corresponding relation between the candidate user identifier and the candidate user information, and encrypting the recommended user identifier by adopting a second encryption function to obtain second intermediate ciphertext information.

Before recommending information, in order to improve recommendation efficiency and save recommendation cost, information can be purposefully recommended to people interested in the recommendation information in a directional delivery mode. In order to implement the directional delivery, firstly, recommendation user information corresponding to information to be recommended needs to be acquired, where the recommendation user information refers to information corresponding to a user group to which the information to be recommended points, for example, if the recommendation information is of a beauty and make-up type, a woman aged 20-40 years can be used as the recommendation user group, that is, the corresponding recommendation user information can be set to a woman aged 20-40 years. The detection party stores the corresponding relation between the candidate user identification and the candidate user information, wherein the candidate user information comprises user information such as the age, the sex, the occupation and the like of the user. And taking the candidate user identifications which accord with the recommended user information as the recommended user identifications corresponding to the recommended user information, wherein generally speaking, a plurality of recommended user identifications are provided, and then encrypting the recommended user identifications by adopting a second encryption function to obtain second intermediate ciphertext information. And sending the second intermediate ciphertext information to the first server.

And step 216, receiving the second intermediate ciphertext information, encrypting the second intermediate ciphertext information by using the first encryption function to obtain second target ciphertext information, obtaining a corresponding relation between the platform target ciphertext information and the platform user identifier, and searching the target platform user identifier corresponding to the second target ciphertext information from the corresponding relation to obtain the recommended user identifier.

And the second intermediate ciphertext information is obtained by encrypting the recommended user identifier by adopting a second encryption function. The second target ciphertext information is obtained by encrypting the second intermediate ciphertext information by using the first encryption function. The platform target ciphertext information and the platform user identifier refer to target ciphertext information and a user identifier stored in the first server, and in order to distinguish the target ciphertext information and the user identifier stored in the detection party, the target ciphertext information and the user identifier stored in the first server are respectively referred to as "platform target ciphertext information" and "platform user identifier". The first server stores the corresponding relation between the platform target ciphertext information and the platform user identification, wherein the platform target ciphertext information is obtained by encrypting the platform user identification by adopting a first encryption function and then encrypting by adopting a second encryption function. Based on the first encryption function f (x) and the second encryption function g (x), the interchangeability f (g (x)) g (f (x)) is satisfied, so that the target platform user identifier can be obtained according to the second target ciphertext information, and the target platform user identifier is the recommended user identifier.

And step 218, pushing the information to be recommended to a terminal corresponding to the recommended user identifier.

After the user identification to be recommended is determined, the information to be recommended can be directionally sent to the terminal corresponding to the user identification to be recommended. Therefore, the efficiency of information recommendation is improved, and the recommendation cost is saved.

The data security processing method comprises the steps of firstly sending recommended user information to a detection party, obtaining a recommended user identifier which accords with the recommended user information by the detection party according to the recommended user information, encrypting the recommended user identifier by adopting a second encryption function to obtain second intermediate ciphertext information, then sending the second intermediate ciphertext information to a first server, encrypting the second intermediate ciphertext information by adopting a first encryption function by the first server to obtain second target ciphertext information, and then searching the recommended user identifier according to the second target ciphertext information, wherein in the process, the recommended user identifier is prevented from being directly transmitted on the network, and the corresponding recommended user identifier can be obtained only on the premise that the corresponding recommended user identifier is stored in the first server, namely the recommended user identifier is not obtained by reduction but is searched in the stored user identifier, the independence and the safety of data of two communication parties are ensured.

In one embodiment, the data security processing method further includes: acquiring a platform user identifier, encrypting the platform user identifier by adopting a first encryption function to obtain platform intermediate ciphertext information, sending the platform intermediate ciphertext information to a detection party, and instructing the detection party to encrypt the platform intermediate ciphertext information by adopting a second encryption function to obtain platform target ciphertext information; and receiving platform target ciphertext information, and establishing an association relation between the platform target ciphertext information and the platform user identifier.

Before the information is directionally pushed, an association relation between platform target ciphertext information and a platform user identifier needs to be established on a first server. Specifically, first, a first server obtains a platform user identifier, then encrypts the platform user identifier by using a first encryption function to obtain platform intermediate ciphertext information, sends the platform intermediate ciphertext information to a detection party, instructs the detection party to encrypt the platform intermediate ciphertext information by using a second encryption function to obtain platform target ciphertext information, then sends the platform target ciphertext information to the first server, and the first server receives returned platform target ciphertext information and establishes an association relationship between the platform target ciphertext information and the platform user identifier.

In another embodiment, when there are a plurality of platform user identifiers, in order to mark which platform user identifier the returned platform ciphertext information corresponds to, an information identifier is allocated to each platform user identifier, and a one-to-one correspondence relationship between the information identifier and the platform user identifier is established. After the platform user identification is encrypted to obtain platform intermediate ciphertext information, the platform intermediate ciphertext information and the information identification are sent to a detecting party together, the detecting party encrypts the platform intermediate ciphertext information by adopting a second encryption function to obtain platform target ciphertext information, then the platform target ciphertext information and the information identification are sent to a first server together, the first server obtains a corresponding platform user identification according to the information identification, and then an incidence relation between the platform target ciphertext information and the platform user identification is established.

In one embodiment, in order to protect user data security, after recommending information to a plurality of end users, the first server directly obtains user identifications corresponding to the plurality of end users, then obtains corresponding user portraits according to the user identifications, and calculates to obtain corresponding user portraits reports. This avoids the need to transmit the user identity.

Fig. 5 is a timing diagram illustrating a data security processing method according to an embodiment, which includes a first server 502 and a second server 504. The first part is to establish an association relationship between platform target ciphertext information and a platform user identifier in the first server 502. And the second part is to acquire the recommended user identification corresponding to the recommended user information. Specifically, the first part includes the following: the first server 502 stores platform user identifiers, first, a platform user identifier id is obtained, the platform user identifier id is encrypted by a first encryption function f (x) to obtain platform intermediate ciphertext information f (id), and then the platform intermediate ciphertext information f (id) and corresponding information numbers are sent to the second server 504, wherein the information numbers are used for marking the corresponding platform user identifiers, and the information numbers and the platform user identifiers are in a one-to-one correspondence relationship. The second server 504 encrypts the platform intermediate ciphertext information f (id) by using a second encryption function g (x) to obtain platform target ciphertext information g (f (id)). Then, the platform target ciphertext information g (f (id)) and the corresponding information number are sent to the first server 502, then the first server 502 obtains the corresponding platform user identification id according to the information number, and an association relation between the platform target ciphertext information g (f (id)) and the platform user identification id is established.

The second part includes the following:

the first server 502 acquires recommended user information corresponding to information to be recommended, the recommended user information is sent to the second server 504, the second server 504 uses a target candidate user identifier which accords with the recommended user information as the recommended user identifier according to a corresponding relation between the candidate user identifier and the candidate user information, then a second encryption function g (x) is used for encrypting the recommended user identifier ID1 to obtain second intermediate ciphertext information g (ID1), the second intermediate ciphertext information g (ID1) is sent to the first server 502, the first server 502 uses a first encryption function f (x) to encrypt the second intermediate ciphertext information g (ID1) to obtain second target ciphertext information f (g (ID1)), target platform target ciphertext information g (f (ID2)) with the same second target ciphertext information is acquired, and then target platform user identifier 2 corresponding to the target platform target ciphertext information g (f (ID2)) is acquired, based on f (g (x)) ═ g (f (x)), the target platform user ID2 is the recommended user ID 1. And then pushing the information to be recommended to the corresponding terminal according to the recommended user identification.

As shown in fig. 6, in an embodiment, a data security processing method is provided, which specifically includes the following steps:

step S601, receiving candidate intermediate ciphertext information sent by the detecting party, where the candidate intermediate ciphertext information is obtained by the detecting party encrypting the candidate user identifier by using a second encryption function.

Step S602, a first encryption function is adopted to encrypt the candidate intermediate ciphertext information to obtain candidate target ciphertext information.

And step S603, sending the candidate target ciphertext information to the detection party, and indicating the detection party to establish the association relationship between the candidate target ciphertext information and the candidate user identifier.

Step S604, sending the recommendation information to the first terminal.

Step S605, acquiring the device identifier corresponding to the first terminal, and using the device identifier as the original user identifier.

Step S606, the original user identifier is encrypted by using a first encryption function to obtain a first intermediate ciphertext information.

Step S607, sending the first intermediate ciphertext information to the detecting party, instructing the detecting party to encrypt the first intermediate ciphertext information by using the second encryption function to obtain first target ciphertext information, and obtaining a matching relationship between the candidate target ciphertext information and a candidate user identifier, and searching for a target user identifier corresponding to the first target ciphertext information from the matching relationship, where the target user identifier is an original user identifier, and the first encryption function f (x) and the second encryption function g (x) satisfy the following relationship: f (g (x)) is g (f (x)).

It should be understood that although the steps in the flowcharts of fig. 2 to 6 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-6 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performing the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least some of the sub-steps or stages of other steps.

As shown in fig. 7, in one embodiment, a data-secure processing system is proposed, the system comprising:

the second server 704 is configured to encrypt the candidate user identifier by using a second encryption function to obtain candidate intermediate ciphertext information, and send the candidate intermediate ciphertext information to the first server;

the first server 702 is configured to encrypt the received candidate intermediate ciphertext information by using a first encryption function to obtain candidate target ciphertext information, and send the candidate target ciphertext information to the second server;

the second server 704 is further configured to establish an association relationship between the candidate target ciphertext information and the candidate user identifier according to the received candidate target ciphertext information;

the first server 702 is further configured to obtain an original user identifier, encrypt the original user identifier by using a first encryption function to obtain first intermediate ciphertext information, and send the first intermediate ciphertext information to a second server.

The second server 704 is further configured to receive the first intermediate ciphertext information, encrypt the first intermediate ciphertext information by using a second encryption function to obtain first target ciphertext information, obtain a matching relationship between the candidate target ciphertext information and a candidate user identifier, and search for a target user identifier corresponding to the first target ciphertext information from the matching relationship, where the target user identifier is the original user identifier, and the first encryption function and the second encryption function have interchangeability.

In an embodiment, the candidate user identifier is an equipment identifier corresponding to a candidate terminal, and the first server 702 is further configured to send recommendation information to a first terminal, obtain an equipment identifier corresponding to the first terminal, and use the equipment identifier as the original user identifier.

In one embodiment, the first server 702 is further configured to send recommendation information to a plurality of different target terminals, obtain each target user identifier corresponding to the plurality of different target terminals, use each target user identifier as an original user identifier, encrypt the original user identifier by using a first encryption function to obtain first intermediate ciphertext information corresponding to each original user identifier, and send the first intermediate ciphertext information to a second server; the second server 704 is further configured to encrypt each first intermediate ciphertext information by using a second encryption function to obtain each first target ciphertext information, obtain each target user identifier according to each first target ciphertext information, obtain a user portrait corresponding to each target user identifier, and count the user portrait corresponding to each target user identifier to obtain a user portrait report; the first server 702 is also configured to receive the returned user representation report.

In an embodiment, the first server 702 is further configured to obtain recommended user information corresponding to information to be recommended, and send the recommended user information to a second server; the second server 704 is further configured to determine, according to a correspondence between candidate user information and candidate user identifiers, a target candidate user identifier corresponding to the recommended user information as a recommended user identifier, encrypt the recommended user identifier by using a second encryption function to obtain second intermediate ciphertext information, and return the second intermediate ciphertext information to the first server; the first server 702 is further configured to receive the second intermediate ciphertext information, encrypt the second intermediate ciphertext information by using the first encryption function to obtain second target ciphertext information, obtain a correspondence between platform target ciphertext information and a platform user identifier, search for a target platform user identifier corresponding to the second target ciphertext information from the correspondence, obtain the recommended user identifier, and push the information to be recommended to a terminal corresponding to the recommended user identifier.

In one embodiment, the first server 702 is further configured to obtain a platform user identifier, encrypt the platform user identifier by using a first encryption function to obtain platform intermediate ciphertext information, and send the platform intermediate ciphertext information to a second server; the second server 704 is further configured to encrypt the platform intermediate ciphertext information by using a second encryption function to obtain platform target ciphertext information; the first server 702 is further configured to receive the platform target ciphertext information, and establish an association relationship between the platform target ciphertext information and the platform user identifier.

As shown in fig. 8, in one embodiment, a data security processing apparatus is provided, the apparatus comprising:

a receiving module 802, configured to receive candidate intermediate ciphertext information sent by a detecting party, where the candidate intermediate ciphertext information is obtained by the detecting party encrypting a candidate user identifier by using a second encryption function.

The encrypting module 804 is configured to encrypt the candidate intermediate ciphertext information by using a first encryption function to obtain candidate target ciphertext information.

A sending module 806, configured to send the candidate target ciphertext information to a detecting party, and instruct the detecting party to establish an association relationship between the candidate target ciphertext information and a candidate user identifier.

An obtaining module 808, configured to obtain an original user identifier.

The encryption module 804 is further configured to encrypt the original user identifier by using a first encryption function to obtain first intermediate ciphertext information.

The sending module 806 is further configured to send the first intermediate ciphertext information to a detecting party, instruct the detecting party to encrypt the first intermediate ciphertext information by using a second encryption function to obtain first target ciphertext information, obtain a matching relationship between candidate target ciphertext information and a candidate user identifier, and search for a target user identifier corresponding to the first target ciphertext information from the matching relationship, where the target user identifier is the original user identifier, and the first encryption function and the second encryption function have interchangeability. In an embodiment, the candidate user identifier is an equipment identifier corresponding to a candidate terminal, and the obtaining module 808 is further configured to send recommendation information to a first terminal, obtain an equipment identifier corresponding to the first terminal, and use the equipment identifier as the original user identifier.

In one embodiment, the sending module 806 is further configured to send the recommendation information to a plurality of different target terminals; the obtaining module 808 is further configured to obtain each target user identifier corresponding to the multiple different target terminals, use each target user identifier as an original user identifier, notify the encryption module to encrypt the original user identifier by using a first encryption function to obtain first intermediate ciphertext information corresponding to each original user identifier, then notify the sending module to send the first intermediate ciphertext information to a detecting party, encrypt each first intermediate ciphertext information by using a second encryption function to obtain each first target ciphertext information, obtain each target user identifier according to each first target ciphertext information, obtain a user portrait corresponding to each target user identifier, and count the user portrait corresponding to each target user identifier to obtain a user portrait report; the receiving module 802 is further configured to receive a user portrait report corresponding to the recommended information, where the user portrait report is obtained by counting user portraits corresponding to the target user identifiers.

As shown in fig. 9, in one embodiment, a data security processing apparatus is provided, the apparatus comprising:

an information obtaining module 902, configured to obtain recommended user information corresponding to information to be recommended, send the recommended user information to a detecting party, instruct the detecting party to determine a target candidate user identifier corresponding to the recommended user information according to a correspondence between candidate user information and a candidate user identifier, use the target candidate user identifier as the recommended user identifier, and encrypt the recommended user identifier with a second encryption function to obtain second intermediate ciphertext information.

And an information encryption module 904, configured to receive the second intermediate ciphertext information, and encrypt the second intermediate ciphertext information by using the first encryption function to obtain a second target ciphertext information.

And an identifier searching module 906, configured to obtain a corresponding relationship between platform target ciphertext information and a platform user identifier, and search for a target platform user identifier corresponding to the second target ciphertext information from the corresponding relationship, where the target user identifier is the recommended user identifier.

An information pushing module 908, configured to push the information to be recommended to a terminal corresponding to the recommended user identifier.

As shown in fig. 10, in an embodiment, the data security processing apparatus further includes:

the information sending module 910 is configured to obtain a platform user identifier, encrypt the platform user identifier with a first encryption function to obtain platform intermediate ciphertext information, send the platform intermediate ciphertext information to a detection party, and instruct the detection party to encrypt the platform intermediate ciphertext information with a second encryption function to obtain platform target ciphertext information.

An establishing module 912, configured to receive the platform target ciphertext information, and establish a correspondence between the platform target ciphertext information and the platform user identifier.

FIG. 11 is a diagram illustrating an internal structure of a computer device in one embodiment. The computer device may specifically be a server. As shown in fig. 11, the computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the memory includes a non-volatile storage medium and an internal memory. The non-volatile storage medium of the computer device stores an operating system and may also store a computer program that, when executed by the processor, causes the processor to implement a processing method for data security. The internal memory may also have stored therein a computer program that, when executed by the processor, causes the processor to perform a data-safe processing method. Those skilled in the art will appreciate that the architecture shown in fig. 11 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.

In one embodiment, the data security processing method provided by the present application may be implemented in the form of a computer program, and the computer program may be run on a computer device as shown in fig. 11. The memory of the computer device may store various program modules constituting the data security processing apparatus, such as the receiving module 802, the encrypting module 804, the sending module 806, and the obtaining module 808 of fig. 8. The computer program constituted by the respective program modules causes the processor to execute the steps in the data security processing apparatus of the respective embodiments of the present application described in the present specification. For example, the computer device shown in fig. 11 may receive, through the receiving module 802 of the data security processing apparatus shown in fig. 8, candidate intermediate ciphertext information sent by the detecting party, where the candidate intermediate ciphertext information is obtained by the detecting party encrypting the candidate user identifier with the second encryption function. And encrypting the candidate intermediate ciphertext information by using a first encryption function through the encryption module 804 to obtain candidate target ciphertext information. The candidate target ciphertext information is sent to the detecting party through the sending module 806, and the detecting party is instructed to establish the association relationship between the candidate target ciphertext information and the candidate user id. The original user identification is obtained by the obtaining module 808. The original user identifier is further encrypted by the encryption module 804 using a first encryption function to obtain first intermediate ciphertext information. The sending module 806 further sends the first intermediate ciphertext information to a detecting party, instructs the detecting party to encrypt the first intermediate ciphertext information by using a second encryption function to obtain first target ciphertext information, obtains a matching relationship between candidate target ciphertext information and a candidate user identifier, and searches for a target user identifier corresponding to the first target ciphertext information from the matching relationship, where the target user identifier is the original user identifier, and the first encryption function and the second encryption function have interchangeability.

In one embodiment, a computer device is proposed, comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of: receiving candidate intermediate ciphertext information sent by a detection party, wherein the candidate intermediate ciphertext information is obtained by encrypting a candidate user identifier by the detection party by adopting a second encryption function; encrypting the candidate intermediate ciphertext information by adopting a first encryption function to obtain candidate target ciphertext information; sending the candidate target ciphertext information to a detector, and indicating the detector to establish an association relation between the candidate target ciphertext information and a candidate user identifier; acquiring an original user identifier; encrypting the original user identification by adopting a first encryption function to obtain first intermediate ciphertext information; and sending the first intermediate ciphertext information to a detection party, instructing the detection party to encrypt the first intermediate ciphertext information by adopting a second encryption function to obtain first target ciphertext information, obtaining a matching relation between the candidate target ciphertext information and a candidate user identifier, and searching a target user identifier corresponding to the first target ciphertext information from the matching relation, wherein the target user identifier is the original user identifier, and the first encryption function and the second encryption function have interchangeability.

In an embodiment, the obtaining the original user identifier includes: sending the recommendation information to a first terminal; and acquiring the equipment identifier corresponding to the first terminal, and taking the equipment identifier as the original user identifier.

In one embodiment, the computer program further causes the processor to perform the steps of: sending the recommendation information to a plurality of different target terminals; acquiring target user identifications corresponding to the different target terminals, taking the target user identifications as original user identifications, performing encryption on the original user identifications by adopting a first encryption function to obtain the target user identifications, and acquiring user figures corresponding to the target user identifications; and receiving a user portrait report which is returned by a detector and corresponds to the recommended information, wherein the user portrait report is obtained by counting the user portraits corresponding to all the target user identifications.

In one embodiment, the computer program further causes the processor to perform the steps of: acquiring recommended user information corresponding to information to be recommended, sending the recommended user information to a detection party, indicating the detection party to determine a target candidate user identifier corresponding to the recommended user information according to the corresponding relation between the candidate user information and the candidate user identifier, taking the target candidate user identifier as the recommended user identifier, and encrypting the recommended user identifier by adopting a second encryption function to obtain second intermediate ciphertext information; receiving the second intermediate ciphertext information, encrypting the second intermediate ciphertext information by using the first encryption function to obtain second target ciphertext information, obtaining a corresponding relation between the platform target ciphertext information and a platform user identifier, and searching a target platform user identifier corresponding to the second target ciphertext information from the corresponding relation, wherein the target user identifier is the recommended user identifier; and pushing the information to be recommended to a terminal corresponding to the recommended user identifier.

In one embodiment, the computer program further causes the processor to perform the steps of: acquiring a platform user identifier, encrypting the platform user identifier by adopting a first encryption function to obtain platform intermediate ciphertext information, sending the platform intermediate ciphertext information to a detection party, and instructing the detection party to encrypt the platform intermediate ciphertext information by adopting a second encryption function to obtain platform target ciphertext information; and receiving the platform target ciphertext information, and establishing a corresponding relation between the platform target ciphertext information and the platform user identifier.

In one embodiment, a computer-readable storage medium is proposed, in which a computer program is stored which, when executed by a processor, causes the processor to carry out the steps of:

receiving candidate intermediate ciphertext information sent by a detection party, wherein the candidate intermediate ciphertext information is obtained by encrypting a candidate user identifier by the detection party by adopting a second encryption function; encrypting the candidate intermediate ciphertext information by adopting a first encryption function to obtain candidate target ciphertext information; sending the candidate target ciphertext information to a detector, and indicating the detector to establish an association relation between the candidate target ciphertext information and a candidate user identifier; acquiring an original user identifier; encrypting the original user identification by adopting a first encryption function to obtain first intermediate ciphertext information; and sending the first intermediate ciphertext information to a detection party, instructing the detection party to encrypt the first intermediate ciphertext information by adopting a second encryption function to obtain first target ciphertext information, obtaining a matching relation between the candidate target ciphertext information and a candidate user identifier, and searching a target user identifier corresponding to the first target ciphertext information from the matching relation, wherein the target user identifier is the original user identifier, and the first encryption function and the second encryption function have interchangeability.

In one embodiment, prior to said obtaining the original user identification, the computer program further causes the processor to perform the steps of: receiving candidate intermediate ciphertext information sent by a detection party, wherein the candidate intermediate ciphertext information is obtained by encrypting a candidate user identifier by the detection party by adopting a second encryption function; encrypting the candidate intermediate ciphertext information by adopting a first encryption function to obtain candidate target ciphertext information; and sending the candidate target ciphertext information to a detector, and indicating the detector to establish an association relation between the candidate target ciphertext information and a candidate user identifier.

It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).

The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.

The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims

1. A processing method for data security is applied to a local terminal, and comprises the following steps:

receiving candidate intermediate ciphertext information sent by a detection party, wherein the candidate intermediate ciphertext information is obtained by encrypting a candidate user identifier by the detection party by adopting a second encryption function, and the candidate user identifier refers to a user identifier stored by the detection party;

acquiring an original user identifier;

and sending the first intermediate ciphertext information to a detection party, instructing the detection party to encrypt the first intermediate ciphertext information by adopting a second encryption function to obtain first target ciphertext information, obtaining a matching relation between the candidate target ciphertext information and a candidate user identifier, and searching a target user identifier corresponding to the first target ciphertext information from the matching relation, wherein the target user identifier is the original user identifier, the first encryption function and the second encryption function have interchangeability, and the first encryption function and the second encryption function are independent encryption functions.

2. The method according to claim 1, wherein the candidate user id is a device id corresponding to a candidate terminal, and the obtaining an original user id comprises:

sending the recommendation information to a first terminal;

and acquiring the equipment identifier corresponding to the first terminal, and taking the equipment identifier as the original user identifier.

3. The method of claim 1, further comprising:

sending the recommendation information to a plurality of different target terminals;

acquiring target user identifications corresponding to the different target terminals, taking the target user identifications as original user identifications, performing a step of encrypting the original user identifications by adopting a first encryption function to obtain the target user identifications, and acquiring user figures corresponding to the target user identifications;

and receiving a user portrait report which is returned by a detector and corresponds to the recommended information, wherein the user portrait report is obtained by counting the user portraits corresponding to all the target user identifications.

4. The method of claim 1, further comprising:

acquiring recommended user information corresponding to information to be recommended, sending the recommended user information to a detection party, indicating the detection party to determine a target candidate user identifier corresponding to the recommended user information according to the corresponding relation between the candidate user information and the candidate user identifier, taking the target candidate user identifier as the recommended user identifier, and encrypting the recommended user identifier by adopting a second encryption function to obtain second intermediate ciphertext information;

receiving the second intermediate ciphertext information, encrypting the second intermediate ciphertext information by using the first encryption function to obtain second target ciphertext information, obtaining a corresponding relation between the platform target ciphertext information and a platform user identifier, and searching a target platform user identifier corresponding to the second target ciphertext information from the corresponding relation, wherein the target user identifier is the recommended user identifier;

and pushing the information to be recommended to a terminal corresponding to the recommended user identifier.

5. The method of claim 4, further comprising:

acquiring a platform user identifier, encrypting the platform user identifier by adopting a first encryption function to obtain platform intermediate ciphertext information, sending the platform intermediate ciphertext information to a detection party, and instructing the detection party to encrypt the platform intermediate ciphertext information by adopting a second encryption function to obtain platform target ciphertext information;

and receiving the platform target ciphertext information, and establishing a corresponding relation between the platform target ciphertext information and the platform user identifier.

6. A data-secure processing system, the system comprising:

the second server is used for encrypting the candidate user identification by adopting a second encryption function to obtain candidate intermediate ciphertext information and sending the candidate intermediate ciphertext information to the first server, wherein the candidate user identification refers to the user identification stored by the detection party;

the second server is further configured to receive the first intermediate ciphertext information, encrypt the first intermediate ciphertext information by using a second encryption function to obtain first target ciphertext information, obtain a matching relationship between the candidate target ciphertext information and a candidate user identifier, and search a target user identifier corresponding to the first target ciphertext information from the matching relationship, where the target user identifier is the original user identifier, where the first encryption function and the second encryption function have interchangeability, and the first encryption function and the second encryption function are independent encryption functions.

7. The system according to claim 6, wherein the candidate user identifier is an equipment identifier corresponding to the candidate terminal, and the first server is further configured to send recommendation information to the first terminal, obtain the equipment identifier corresponding to the first terminal, and use the equipment identifier as the original user identifier.

8. The system according to claim 6, wherein the first server is further configured to send recommendation information to a plurality of different target terminals, obtain respective target user identifiers corresponding to the plurality of different target terminals, use the respective target user identifiers as original user identifiers, encrypt the original user identifiers by using a first encryption function to obtain first intermediate ciphertext information corresponding to each original user identifier, and send the first intermediate ciphertext information to the second server;

the second server is further used for encrypting each first intermediate ciphertext information by using a second encryption function to obtain each first target ciphertext information, obtaining each target user identifier according to each first target ciphertext information, obtaining a user portrait corresponding to each target user identifier, and counting the user portrait corresponding to each target user identifier to obtain a user portrait report;

the first server is further configured to receive the returned user representation report.

9. The system of claim 6, wherein the first server is further configured to obtain recommended user information corresponding to information to be recommended, and send the recommended user information to the second server;

the second server is further used for determining a target candidate user identifier corresponding to the recommended user information according to the corresponding relation between the candidate user information and the candidate user identifier, using the target candidate user identifier as the recommended user identifier, encrypting the recommended user identifier by adopting a second encryption function to obtain second intermediate ciphertext information, and returning the second intermediate ciphertext information to the first server;

the first server is further configured to receive the second intermediate ciphertext information, encrypt the second intermediate ciphertext information by using the first encryption function to obtain second target ciphertext information, obtain a corresponding relationship between platform target ciphertext information and a platform user identifier, search for the target platform user identifier corresponding to the second target ciphertext information from the corresponding relationship to obtain the recommended user identifier, and push the information to be recommended to a terminal corresponding to the recommended user identifier.

10. The system of claim 9, wherein the first server is further configured to obtain a platform user identifier, encrypt the platform user identifier using a first encryption function to obtain platform intermediate ciphertext information, and send the platform intermediate ciphertext information to the second server;

the second server is further used for encrypting the platform intermediate ciphertext information by adopting a second encryption function to obtain platform target ciphertext information;

and the first server is also used for receiving the platform target ciphertext information and establishing the corresponding relation between the platform target ciphertext information and the platform user identifier.

11. A data security processing device is applied to a local terminal, and comprises:

the receiving module is used for receiving candidate intermediate ciphertext information sent by a detecting party, wherein the candidate intermediate ciphertext information is obtained by encrypting a candidate user identifier by the detecting party by adopting a second encryption function, and the candidate user identifier refers to a user identifier stored by the detecting party;

the acquisition module is used for acquiring an original user identifier;

the sending module is further configured to send the first intermediate ciphertext information to a detecting party, instruct the detecting party to encrypt the first intermediate ciphertext information by using a second encryption function to obtain first target ciphertext information, obtain a matching relationship between candidate target ciphertext information and a candidate user identifier, and search for a target user identifier corresponding to the first target ciphertext information from the matching relationship, where the target user identifier is the original user identifier, where the first encryption function and the second encryption function have interchangeability, and the first encryption function and the second encryption function are independent encryption functions.

12. A computer-readable storage medium, storing a computer program which, when executed by a processor, causes the processor to carry out the steps of the method according to any one of claims 1 to 5.

13. A computer device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the method according to any one of claims 1 to 5.