CN110400162B - Data processing method, device, server and system - Google Patents

Data processing method, device, server and system Download PDF

Info

Publication number
CN110400162B
CN110400162B CN201910285590.XA CN201910285590A CN110400162B CN 110400162 B CN110400162 B CN 110400162B CN 201910285590 A CN201910285590 A CN 201910285590A CN 110400162 B CN110400162 B CN 110400162B
Authority
CN
China
Prior art keywords
behavior
encryption
data
server
sum
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910285590.XA
Other languages
Chinese (zh)
Other versions
CN110400162A (en
Inventor
刘晓燕
冯琛
李锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201910285590.XA priority Critical patent/CN110400162B/en
Publication of CN110400162A publication Critical patent/CN110400162A/en
Application granted granted Critical
Publication of CN110400162B publication Critical patent/CN110400162B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0241Advertisements
    • G06Q30/0242Determining effectiveness of advertisements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0241Advertisements
    • G06Q30/0247Calculate past, present or future revenues

Landscapes

  • Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Finance (AREA)
  • Economics (AREA)
  • Game Theory and Decision Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Marketing (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a data processing method, a device, a server and a system, wherein the data processing method comprises the following steps: receiving a behavior encryption data set and a second identification encryption data set sent by a second server; determining an identification intersection dataset of a first identification encrypted dataset and the second identification encrypted dataset; determining a behavioural encryption dataset from the behavioural encryption dataset that matches the identified intersection dataset; calculating the sum of behavior encryption data in the matched behavior encryption data set; and sending the sum of the behavior encryption data to the second server so that the second server determines the sum of the first behavior data of the local user in the second server. According to the invention, on the premise of not revealing the user data in the two servers, the accurate data of the attribution post-action data sum is obtained, so that the accurate evaluation of exposure attribution is realized.

Description

Data processing method, device, server and system
Technical Field
The present invention relates to the field of internet applications, and in particular, to a data processing method, device, server and system.
Background
With the rapid development of computer networks, product sellers typically place advertisements for products on a network platform, thereby increasing sales of the products through exposure of the products. After the advertisement is put, the advertiser needs to evaluate the effect of advertisement exposure, namely exposure attribution, based on the putting platform; in evaluating exposure attribution, it is often necessary to calculate a sum of benefits after attribution;
in the prior art, based on data confidentiality of both the advertiser and the advertiser, the advertiser can only estimate the attribution profit sum; based on confidentiality of user data, advertisers cannot learn consumption data of an advertising master, and further cannot calculate attribution profit totals; it can be seen that the prior art cannot accurately calculate the attribution profit sum without revealing the advertising host user data.
Therefore, it is necessary to provide a new technical solution to accurately calculate the attribution profit sum without revealing the advertisement owner user data.
Disclosure of Invention
The invention provides a data processing method, a data processing device, a server and a data processing system, which can accurately calculate attribution profit sum on the premise of not revealing advertisement main user data.
In one aspect, the present invention provides a data processing method, the method including:
receiving a behavior encryption data set which is sent by a second server and is obtained by encrypting behavior data of a plurality of local users in the second server based on homomorphic encryption, and a second identification encryption data set which is generated according to identification information of the plurality of local users in the second server;
generating a first identification encryption data set according to the identification information of the plurality of local users;
determining an identification intersection dataset of the first identification encryption dataset and the second identification encryption dataset;
determining a behavioural encryption dataset from the behavioural encryption dataset that matches the identified intersection dataset;
calculating the sum of behavior encryption data in the matched behavior encryption data set;
and sending the sum of the behavior encryption data to the second server so that the second server determines the sum of the first behavior data of the local user in the second server.
Another aspect provides a data processing method, the method comprising:
encrypting behavior data of a plurality of local users based on homomorphic encryption to obtain a behavior encryption data set;
Generating a second identification encryption data set according to the identification information of the plurality of local users;
transmitting the behavior encryption dataset and the second identification encryption dataset to a first server, so that the first server determines an identification intersection dataset of the first identification encryption dataset and the second identification encryption dataset generated according to identification information of a plurality of local users in the first server, and determines a behavior encryption dataset matched with the identification intersection dataset in the behavior encryption dataset;
receiving a sum of behavior encryption data in the matched behavior encryption data set sent by the first server;
and determining the sum of first behavior data of the local user based on the sum of the behavior encryption data.
Another aspect provides a data processing apparatus, the apparatus comprising:
the system comprises an encrypted data set receiving module, a first identification encryption data set and a second identification encryption data set, wherein the encrypted data set receiving module is used for receiving a behavior encrypted data set which is sent by a second server and is obtained by encrypting behavior data of a plurality of local users in the second server based on homomorphic encryption, and the second identification encrypted data set is generated according to identification information of the plurality of local users in the second server;
The first identification encryption data set generation module is used for generating a first identification encryption data set according to the identification information of the plurality of local users;
an identification intersection data set determining module, configured to determine an identification intersection data set of the first identification encrypted data set and the second identification encrypted data set;
a matched behavior encryption dataset determination module for determining a behavior encryption dataset from the behavior encryption dataset that matches the identification intersection dataset;
the sum computing module is used for computing the sum of the behavior encryption data in the matched behavior encryption data set;
and the behavior encryption data sum sending module is used for sending the behavior encryption data sum to the second server so that the second server can determine the first behavior data sum of the local user in the second server.
Another aspect provides a data processing apparatus, the apparatus comprising:
the behavior encryption data set determining module is used for encrypting the behavior data of the plurality of local users based on homomorphic encryption to obtain a behavior encryption data set;
the second identification encryption data set generation module is used for generating a second identification encryption data set according to the identification information of the plurality of local users;
An encrypted data set sending module, configured to send the behavioural encrypted data set and the second identifier encrypted data set to a first server, so that the first server determines an identifier intersection data set of the first identifier encrypted data set and the second identifier encrypted data set, which are generated according to identifier information of a plurality of local users in the first server, and determines a behavioural encrypted data set in the behavioural encrypted data set that matches the identifier intersection data set;
the behavior encryption data sum receiving module is used for receiving the sum of the behavior encryption data in the matched behavior encryption data set sent by the first server;
and the first behavior data sum determining module is used for determining the sum of the first behavior data of the local user based on the sum of the behavior encryption data.
Another aspect provides a data processing system, the system comprising: a first server and a second server;
the first server is used for generating a first identification encryption data set according to the identification information of the plurality of local users; and determining an identification intersection dataset of the first identification encryption dataset and the second identification encryption dataset; and determining a behavioural encryption dataset from the behavioural encryption dataset that matches the identified intersection dataset; calculating the sum of the behavior encryption data in the matched behavior encryption data set; and sending the sum of the behavior encryption data to the second server;
The second server is used for encrypting the behavior data of the plurality of local users based on homomorphic encryption to obtain a behavior encryption data set; and generating the second identified encrypted data set according to the identification information of the plurality of local users; and sending the behavioral encryption dataset and the second identification encryption dataset to the first server; and determining a sum of first behavior data of the local user based on the sum of the behavior encryption data.
Another aspect provides a data processing server, the server comprising: a processor and a memory having stored therein at least one instruction, at least one program, a set of codes or a set of instructions, the at least one instruction, the at least one program, the set of codes or the set of instructions being loaded and executed by the processor to implement the data processing method as described above.
Another aspect provides a computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes or a set of instructions, the at least one instruction, the at least one program, the set of codes or the set of instructions being loaded and executed by a processor to implement a method of data processing as described above.
The data processing method, the device, the server and the system provided by the invention have the following technical effects:
according to the invention, on the premise of not revealing the user data in the two servers, the accurate data of the attribution post-action data sum is obtained, so that the accurate evaluation of exposure attribution is realized.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions and advantages of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a system provided by an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a data processing method according to an embodiment of the present invention;
FIG. 3 is a flow chart of a method for generating a second identification encrypted data set by a second server according to an embodiment of the present invention;
FIG. 4 is a flowchart of a method for generating a first identification encrypted data set by a first server according to an embodiment of the present invention;
FIG. 5 is a schematic flow chart of calculating a sum of behavior encryption data in the matched behavior encryption dataset by the first server according to the embodiment of the present invention;
FIG. 6 is a flow chart of a method for determining the sum of the first behavior data of the local user by the second server based on the sum of the behavior encryption data according to the embodiment of the invention;
FIG. 7 is a flow chart of a method for verifying the sum of the received behavior decryption data by the first server according to an embodiment of the present invention;
FIG. 8 is a flow chart of a method for verifying the received sum of the behavior encryption data by the second server according to the embodiment of the present invention;
FIG. 9 is a flowchart of another data processing method according to an embodiment of the present invention;
FIG. 10 is a flowchart of another data processing method according to an embodiment of the present invention;
FIG. 11 is a schematic flow chart of a data processing method according to an embodiment of the present invention;
FIG. 12 is a schematic diagram of a data processing apparatus according to an embodiment of the present invention;
fig. 13 is a schematic structural diagram of another data processing apparatus according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Referring to fig. 1, fig. 1 is a schematic diagram of a system according to an embodiment of the present invention, and as shown in fig. 1, the system may include at least a first server 01 and a second server 02.
Specifically, in the embodiment of the present disclosure, the first server 01 may include a server that operates independently, or a distributed server, or a server cluster that is formed by a plurality of servers. The first server 01 may comprise a network communication unit, a processor, a memory, etc.
The second server 02 may comprise a server running independently, or a distributed server, or a server cluster consisting of a plurality of servers. The second server 02 may comprise a network communication unit, a processor, a memory, etc.
The first server 01 and the second server 02 can perform data interaction and operation.
In the following, the data processing method according to the present invention based on the above system is described, and fig. 2 is a schematic flow chart of a data processing provided by an embodiment of the present invention, where the present specification provides the steps of the method according to the embodiment or the flowchart, but may include more or less steps based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one way of performing the order of steps and does not represent a unique order of execution. When implemented in a real system or server product, the methods illustrated in the embodiments or figures may be performed sequentially or in parallel (e.g., in a parallel processor or multithreaded environment). As shown in fig. 2, the method may include:
s201: and the second server encrypts behavior data of the plurality of local users based on homomorphic encryption to obtain a behavior encryption data set.
In particular, in the embodiments of the present description, the behavior data may include, but is not limited to, consumption data of a user.
In practical applications, the homomorphic encryption may be performed by using a homomorphic encryption function, and the algorithm of the homomorphic encryption function may include, but is not limited to, a paillier homomorphic encryption algorithm.
A homomorphic encryption scheme typically consists of four algorithms, key generation, encryption, decryption and evaluation epsilon= (KenGen, encrypt, decrypt, evaluation), given that a homomorphic encryption scheme is correct, given a circuit C of t inputs, a public key private key pair (sk, pk) generated by KenGen (λ) encrypts any t plaintext m 1 ,m 2 ,……,m t The ciphertext c thus obtained 1 ,c 2 ,…,c t ,Encrypt(pk,m i )→c i The method meets the following conditions:
Decrypt(sk,Evaluate(pk,C,c))=C(m 1 m 2 ,…,m t )
homomorphic encryption definition: a scheme epsilon= (KenGen, encrypt, decrypt, evaluation) if homomorphic, wherein a circuit class C exists, if all C epsilon C make the scheme epsilon correct. If all boolean circuits C are correct, then homomorphic encryption scheme epsilon is homomorphic encryption.
The above definition shows that isomorphic encryption can be implemented simply from any secure encryption scheme, through the evaluation algorithm and the Decrypt algorithm. The evaluation algorithm is attached to the description between the circuit C and the ciphertext tuple, and the Decrypt algorithm firstly decrypts all the ciphertexts and then evaluates whether the corresponding plaintext is equal in the circuit C. The security of a circuit can be described as that the ciphertext produced by the evaluation algorithm does not reveal any information about the circuit even if someone knows the key.
The Paillier homomorphic encryption algorithm comprises the following steps:
1. key generation (KenGen) p )
(1) Two large primes p and q are selected such that p, q satisfies gcd (pq, (p-1) ×q-1) =1;
(2) Calculating n=pq and λ=lcm (p-1, q-1);
(3) Randomly selecting an integer
(4) Finding μ so that it can satisfy μ= (L (g) λ mod n 2 )) -1 mod n, where L is a function L (μ) = (μ -1)/n. Further, the public key is (n, g), and the private key is (λ, μ).
2. Encryption (encrypter) p )
Assuming that the plaintext is x, a random number r is selected, and the ciphertext is calculated as c=g x *r n mod n 2
3. Decryption (Decrypt) p )
The decryption process is x=l (c λ mod n 2 )mod n。
4. Evaluation (evaluation) p )
Suppose c 1 And c 2 The Paillier encryption satisfies the following properties for two ciphertexts:
(1) Addition homomorphism, dec p (c 1 *c 2 )=Dec p (c 1 )+Dec p (c 2 );
(2) The same state of the multiplication is performed,
in the embodiment of the present disclosure, homomorphic encryption may enable the first server to complete the operation on the behavior encrypted data in the second server without revealing the data.
In practical applications, before step S201, the method may further include:
the first server detects the user data in the second server, and when a preset number of user data are detected, step S201 is executed.
The preset number may be a number agreed in advance between the first server and the second server.
S203: the second server generates a second identification encrypted data set according to the identification information of the plurality of local users.
In the embodiment of the present specification, the identification information of the user may include, but is not limited to, the ID of the user, the mobile phone number of the user, and the like, which may identify the unique identity of the user.
In this embodiment of the present disclosure, as shown in fig. 3, the generating, by the second server, a second encrypted data set of identification according to the identification information of the plurality of local users may include:
s2031: the second server encrypts the identification information of the plurality of local users based on a second private key to obtain a second private key encrypted data set;
s2033: the second server sends the second private key encrypted data set to the first server;
s2035: the first server encrypts the second private key encryption data set based on a first private key to obtain a second identification encryption data set;
s2037: the first server sends the second set of identification encrypted data to the second server.
In the embodiment of the specification, the second server encrypts the identification information of the local user by using the second private key and then sends the encrypted identification information to the first server, so that data transmission can be performed on the premise of not revealing plaintext data;
The first server further encrypts the second private key encryption data set by adopting the first private key after receiving the second private key encryption data set, and sends the data after secondary encryption to the second server, so that the first server and the second server can calculate the encryption data intersection respectively.
S205: the second server sends the behavior encryption data set and the second identification encryption data set to a first server;
in this embodiment of the present disclosure, the behavior data and the identification data in the second server have a mapping relationship, and are in one-to-one correspondence.
S207: the first server generates a first identification encrypted data set according to identification information of a plurality of local users.
In this embodiment of the present disclosure, the identification information in the first server and the identification information in the second server have the same meaning, for example, both may be the ID of the user or the device number of the user.
In this embodiment of the present disclosure, as shown in fig. 4, the generating, by the first server, a first encrypted data set of identification according to identification information of a plurality of local users may include:
s2071: the first server encrypts the identification information of the plurality of local users based on a first private key to obtain a first private key encrypted data set;
S2073: the first server sends the first private key encryption dataset to the second server;
s2075: the second server encrypts the first private key encryption data set based on a second private key to obtain a first identification encryption data set;
s2077: the second server sends the first identification encrypted data set to the first server.
In the embodiment of the specification, the first server encrypts the identification information of the local user by adopting the first private key and then sends the encrypted identification information to the second server, so that data transmission can be performed on the premise of not revealing plaintext data;
the second server further encrypts the first private key encryption data set by adopting the second private key after receiving the first private key encryption data set, and sends the data after secondary encryption to the first server, so that the first server and the second server can calculate encryption data intersections respectively.
S209: the first server determines an identification intersection dataset of the first identification encryption dataset and the second identification encryption dataset.
In a specific embodiment, the first and second sets of identification encrypted data comprise at least one identical identification encrypted data, at least one of the identification encrypted data being formed into an identification intersection data set.
S2011: the first server determining a behavioural encrypted data set from the behavioural encrypted data set that matches the identified intersection data set;
s2013: the first server calculates the sum of the behavior encryption data in the matched behavior encryption data set;
in one embodiment, as shown in fig. 5, the computing, by the first server, the sum of the behavior encryption data in the matched behavior encryption dataset includes:
s20131: the first server obtains behavior encryption data in the matched behavior encryption data set;
s20133: the first server encrypts a preset random number based on the homomorphic encryption to obtain an encrypted random number;
s20135: the first server calculates the sum of any behavior encryption data and the encryption random number to obtain behavior secondary encryption data;
s20137: the first server calculates a sum of the behavioural twice-encrypted data.
In the embodiment of the specification, the first server sets the random number and obtains the secondary encryption data, so that the sum of the secondary encryption data is calculated, and the security of the data in the transmission process is further improved.
S2015: the first server sends the sum of the behavior encryption data to the second server;
In an embodiment of the present disclosure, the sending, by the first server, the sum of the behavior encryption data to the second server may include:
the first server sends the sum of the behavior twice-encrypted data to the second server.
S2017: the second server determines a sum of first behavior data of the local user based on the sum of the behavior encryption data.
In an embodiment of the present disclosure, the determining, by the second server, the sum of the first behavior data of the local user based on the sum of the behavior encryption data may include:
the second server determines a sum of first behavior data of the local user based on the sum of behavior secondary encryption data.
In a specific embodiment, as shown in fig. 6, the determining, by the second server, the sum of the first behavior data of the local user based on the sum of the behavior encryption data may include:
s20171: the second server decrypts the sum of the behavior secondary encryption data to obtain the sum of behavior decryption data;
s20173: the second server sends the sum of the behavior decryption data to the first server;
s20175: the first server sends the preset random number to the second server;
S20177: and the second server determines the sum of the first behavior data of the local user based on the sum of the behavior decryption data and the preset random number.
In the embodiment of the present disclosure, in the decryption process, the second server needs to send the intermediate decryption result to the first server, and then obtain the random number of the first server, so as to obtain the final decryption result; therefore, on one hand, the safety of data transmission is improved, and on the other hand, the first server and the second server can acquire the sum of the behavior data on the premise of not revealing the clear text data of each other.
In other embodiments, the method may further comprise:
the first server determines the sum of second behavior data based on the sum of the behavior decryption data and the preset random number;
and the first server encrypts the sum of the second behavior data based on the homomorphic encryption to obtain the encrypted sum of the second behavior data.
In this embodiment of the present disclosure, the first server may calculate, based on homomorphic encryption and a preset random number, a sum of second behavior data encryption, so as to facilitate subsequent comparative verification of data.
In other embodiments, as shown in fig. 7, the method may further comprise:
S701: the first server encrypts the sum of the behavior encryption data based on a preset encryption function to obtain first encryption data;
in this embodiment of the present disclosure, the preset encryption function may be a hash function agreed between the first server and the second server.
S703: the first server encrypts the encrypted sum of the second behavior data based on the preset encryption function to obtain second encrypted data;
s705: when the first encrypted data is equal to the second encrypted data, the first server determines that the sum of the received behavior decryption data is a correct result. The step S705 may further include:
and judging whether the first encrypted data is equal to the second encrypted data.
In the embodiment of the specification, the first server can verify the sum of the behavior decryption data sent by the second server, so that whether the second server sends correct data or not is confirmed, and the false data sent by the opposite side can be effectively prevented.
In other embodiments, as shown in fig. 8, the method may further comprise:
s801: the first server sends the first identification encrypted data set to the second server;
S803: the second server determining the identification intersection dataset based on the first identification encryption dataset and the second identification encryption dataset;
s805: the second server determining from the behavioural encrypted data set the amount of behavioural encrypted data that matches the identified intersection data set;
s807: the second server calculates the sum of any number of behavior data of the local user to obtain a set of the sum of third behavior data;
s809: when the set of third behavior data includes the sum of the first behavior data, the second server determines that the received preset random number is a correct result.
The step S809 may further include:
determining whether the set of third behavior data sums includes the sum of the first behavior data.
In the embodiment of the specification, the second server can verify the sum of the obtained first behavior data, so that whether the first server sends correct data or not is confirmed, and the other party can be effectively prevented from sending false data.
Fig. 9 is a schematic flow chart of a data processing method provided in an embodiment of the present invention, and specifically, with reference to fig. 9, the method may include:
S901: receiving a behavior encryption data set which is sent by a second server and is obtained by encrypting behavior data of a plurality of local users in the second server based on homomorphic encryption, and a second identification encryption data set which is generated according to identification information of the plurality of local users in the second server;
in practical application, before step S901, the method further includes:
and detecting the user data in the second server, and executing step S901 when the preset number of user data is detected.
S903: generating a first identification encryption data set according to the identification information of the plurality of local users;
in an embodiment of the present disclosure, the generating the first encrypted data set according to the identification information of the plurality of local users may include:
encrypting the identification information of the plurality of local users based on the first private key to obtain a first private key encrypted data set;
transmitting the first private key encrypted data set to the second server;
and receiving a first identification encrypted data set which is transmitted by the second server and is obtained by encrypting the first private key encrypted data set based on a second private key.
In the embodiment of the specification, the first server encrypts the identification information of the local user by adopting the first private key and then sends the encrypted identification information to the second server, so that data transmission can be performed on the premise of not revealing plaintext data;
The first server then receives the first identified encrypted data set sent by the second server, thereby facilitating subsequent computation of the encrypted data intersection by the first server.
S905: determining an identification intersection dataset of the first identification encryption dataset and the second identification encryption dataset;
in this embodiment of the present disclosure, the identification information in the first server and the identification information in the second server have the same meaning, for example, both may be the ID of the user or the device number of the user.
S907: determining a behavioural encryption dataset from the behavioural encryption dataset that matches the identified intersection dataset;
s909: calculating the sum of behavior encryption data in the matched behavior encryption data set;
in an embodiment of the present disclosure, the calculating the sum of the behavior encryption data in the matched behavior encryption dataset may include:
acquiring behavior encryption data in the matched behavior encryption data set;
encrypting a preset random number based on the homomorphic encryption to obtain an encrypted random number;
calculating the sum of any behavior encryption data and the encryption random number to obtain behavior secondary encryption data;
And calculating the sum of the behavior secondary encryption data.
In the embodiment of the specification, the first server sets the random number and obtains the secondary encryption data, so that the sum of the secondary encryption data is calculated, and the security of the data in the transmission process is further improved.
S9011: and sending the sum of the behavior encryption data to the second server so that the second server determines the sum of the first behavior data of the local user in the second server.
In a specific embodiment, the sending the sum of the behavior encryption data to the second server may include:
and sending the sum of the behavior secondary encryption data to the second server.
In other embodiments, the method may further comprise:
receiving a sum of behavior decryption data obtained by decrypting the sum of behavior secondary encryption data sent by the second server;
determining a second behavior data sum based on the behavior decryption data sum and a preset random number;
and encrypting the sum of the second behavior data based on the homomorphic encryption to obtain the encrypted sum of the second behavior data.
In this embodiment of the present disclosure, the first server may calculate, based on homomorphic encryption and a preset random number, a sum of second behavior data encryption, so as to facilitate subsequent comparative verification of data.
In other embodiments, the method may further comprise:
encrypting the sum of the behavior encryption data based on a preset encryption function to obtain first encryption data;
in this embodiment of the present disclosure, the preset encryption function may be a hash function agreed between the first server and the second server.
Encrypting the sum of the second behavior data encryption based on the preset encryption function to obtain second encrypted data;
when the first encrypted data and the second encrypted data are equal, determining that the sum of the received behavior decryption data is a correct result.
In the embodiment of the specification, the first server can verify the sum of the behavior decryption data sent by the second server, so that whether the second server sends correct data or not is confirmed, and the false data sent by the opposite side can be effectively prevented.
The embodiment of the invention provides a data processing server, which comprises a processor and a memory, wherein at least one instruction, at least one section of program, a code set or an instruction set is stored in the memory, and the at least one instruction, the at least one section of program, the code set or the instruction set is loaded and executed by the processor to realize the data processing method provided by the embodiment of the method.
Fig. 10 is a schematic flow chart of a data processing method provided by the embodiment of the present invention, and specifically, with reference to fig. 10, the method may include:
s1001: encrypting behavior data of a plurality of local users based on homomorphic encryption to obtain a behavior encryption data set;
s1003: generating a second identification encryption data set according to the identification information of the plurality of local users;
in an embodiment of the present disclosure, the generating the second encrypted data set according to the identification information of the plurality of local users may include:
encrypting the identification information of the plurality of local users based on the second private key to obtain a second private key encrypted data set;
transmitting the second private key encrypted data set to the first server;
and receiving a second identification encrypted data set which is transmitted by the first server and is obtained by encrypting the second private key encrypted data set based on the first private key.
In the embodiment of the specification, the second server encrypts the identification information of the local user by using the second private key and then sends the encrypted identification information to the first server, so that data transmission can be performed on the premise of not revealing plaintext data;
The second server then receives the second identified encrypted data set sent by the first server, thereby facilitating subsequent computation of the encrypted data intersection by the second server.
S1005: transmitting the behavior encryption dataset and the second identification encryption dataset to a first server, so that the first server determines an identification intersection dataset of the first identification encryption dataset and the second identification encryption dataset generated according to identification information of a plurality of local users in the first server, and determines a behavior encryption dataset matched with the identification intersection dataset in the behavior encryption dataset;
in this embodiment of the present disclosure, the identification information in the first server and the identification information in the second server have the same meaning, for example, both may be the ID of the user or the device number of the user.
S1007: receiving a sum of behavior encryption data in the matched behavior encryption data set sent by the first server;
in an embodiment of the present disclosure, the receiving the sum of the behavior encryption data in the matched behavior encryption data set sent by the first server may include:
and receiving the sum of behavior secondary encryption data obtained by the behavior encryption data set based on the matching behavior encryption data and a preset random number sent by the first server.
S1009: and determining the sum of first behavior data of the local user based on the sum of the behavior encryption data.
In an embodiment of the present disclosure, the determining, based on the sum of the behavior encryption data, a sum of first behavior data of the local user includes:
decrypting the sum of the behavior secondary encryption data to obtain the sum of behavior decryption data;
transmitting the sum of the behavior decryption data to the first server;
receiving the preset random number sent by the first server;
and determining the sum of first behavior data of the local user based on the sum of the behavior decryption data and the preset random number.
In the embodiment of the present disclosure, in the decryption process, the second server needs to send the intermediate decryption result to the first server, and then obtain the random number of the first server, so as to obtain the final decryption result; therefore, on one hand, the safety of data transmission is improved, and on the other hand, the first server and the second server can acquire the sum of the behavior data on the premise of not revealing the clear text data of each other.
In other embodiments, the method may further comprise:
receiving the first identification encryption data set sent by the first server;
Determining the identification intersection dataset based on the first identification encryption dataset and the second identification encryption dataset;
determining from the behavioural encrypted data set a quantity of behavioural encrypted data matching the identified intersection data set;
calculating the sum of any number of behavior data of the local user to obtain a set of the sum of third behavior data;
when the set of third behavior data includes the sum of the first behavior data, determining that the received preset random number is a correct result.
In the embodiment of the specification, the second server can verify the sum of the obtained first behavior data, so that whether the first server sends correct data or not is confirmed, and the other party can be effectively prevented from sending false data.
The embodiment of the invention provides a data processing server, which comprises a processor and a memory, wherein at least one instruction, at least one section of program, a code set or an instruction set is stored in the memory, and the at least one instruction, the at least one section of program, the code set or the instruction set is loaded and executed by the processor to realize the data processing method provided by the embodiment of the method.
The application of the data processing method of the present invention in the advertisement exposure attribution evaluating method is described below, wherein the first server is a server of a system side (advertiser), and the second server is a server of an advertisement main side. The first server stores identification information of the system side user, and the second server stores identification information of the advertisement main side user and behavior data of the user.
In this embodiment of the present disclosure, the identification information of the user may include a device number used by the user, and the behavior data of the user may include a consumption amount of the user.
For example, assume that the system-side exposure population set is x= { X 1 ,…,x n The purchasing crowd set of the advertisement main side is Y= { Y } 1 ,…,y m N is much larger than m. For each of the Tencer x i Is the device number and for each y of Beijing Orient i =z i ||a i Wherein z is i Equipment number, a, representing Beijing Oriental i Representing the consumption corresponding to the device number. Finally, assuming that the set calculated by both sides is |x n y|=k, both sides need to share the sum of consumption a in addition to the intersection size k 1 +a 2 +…+a k
The system side exchange encryption function is f (x), the advertisement main side encryption function is g (z), and the advertisement main side has homomorphic encryption function p (a), and I is a connection symbol.
In the embodiment of the present disclosure, as shown in fig. 11, the data processing method may include the following steps:
1. the first server uses the encryption function f (X) to pair each X in the set X i Encrypt, and combine the encrypted set { f (x) 1 ),…,f(x n ) Transmitting to the second server;
2. the second server encrypts each z in the collection with the encryption function g (z) i Encrypting z with homomorphic encryption function p (a) i Corresponding a i And combine the set { g (z) 1 )||p(a 1 ),…,g(z m )||p(a m ) Transmitting to the first server;
3. the first server receives the set sent by the second server and acquires g (z) 1 ),…,g(z i ) For each of f (x)G (z) i ) Encryption to obtain { f (g (z) 1 )),…,f(g(z m ) -and sending to the second server;
4. the second server encrypts each f (x) with its own encryption function g (z) i ) To obtain a set { g (f (x) 1 )),…,g(f(x n ) -sending to the first server;
5. the second server and the first server simultaneously calculate the set { f (g (z) 1 )),…,f(g(z m ) (v) } and { g (f (x) 1 )),…,g(f(x n ) An intersection of }, wherein the number of data in the intersection is k;
6. the first server has a set { f (g (z) 1 ))||p(a 1 ),…,f(g(z m ))||p(a m ) And the calculated intersection is { f (g (z) 1 ))||p(a 1 ),…,f(g(z k ))||p(a k ) First server needs to match each p (a) i ) Adding to obtain
7. The first server and the second server agree on a hash function asFirst server calculates- >The hash value of (2) is regenerated into a random number r, and the second server homomorphic encryption public key is used for calculating +.>Transmitting the result to the second server;
8. the second server receivesDecrypting with its own private key to get +.>And will result->Transmitting to a first server;
9. the first server sends the random number r generated by the first server to the second server; the second server judges whether the data sent by the first server is correct or not by verifying the decryption result and the r value.
The authentication process of the first server is as follows:
the first server receivesFirstly subtracting the random number r generated by oneself, encrypting ++using the homomorphic encryption function public key of the second server>Recalculating->The first server judges the calculation resultAnd +.7 calculated in step 7 above>Whether equal, if equal, indicate that the second server sent the correct calculation result to the first server.
The authentication process of the second server is as follows:
for the second server, { a 1 ,…,a m All are data in the second server, and the final result is the sum of k numbers, not more thanAnd forming a data set by the result, judging whether the decryption result is data in the data set by the second server, and if so, determining that the first server transmits correct random number r data.
In the embodiment of the present disclosure, the data processing method may use a semi-honest model.
The security models defined by secure multiparty computing are divided into a semi-honest model and a malicious model. Both models are based on the mathematical definition of the secure multiparty calculation above. Under the semi-honest model, each of the data owners assumes that they are strictly following the protocol, but some data owners are honest and curious, they will record the input and output and the results in an attempt to obtain additional information from these data for other data owners. That is, under the semi-honest model, an attacker passively acquires information. In the malicious model, some malicious data owners do not completely adhere to the data owners or do not adhere to the protocol flow, and other party information is acquired by inputting incorrect information, interrupting operation and the like, so that other data owners information is acquired by adopting an active attack mode.
The mathematical definition of the semi-honest model is given below:
let f= (f 1 ,f 2 ) Is a function of the probability polynomial time, pi is the security protocol used by both parties to calculate f. view is the ith th The output that can be observed by the security protocol pi with the input of (x, y) and the security parameter n during execution of the party i epsilon {0,1}, is specifically expressed as Is the ith th The output of the party i e 0,1 during the execution of the protocol pi can be calculated by view.
For each x, y ε {0,1} * If |x|= |y| if there is a probability polynomial algorithm S 1 And S is 2 We consider the safe calculation function f of pi under static semi-honest model, the formula is as follows:
the above formula shows that the view of a party can obtain the input and output of the party through a probabilistic analog polynomial time algorithm. In one practical implementation, we can see S 1 The output generated by a given x and f (x, y) and the view of P1 are indistinguishable. We will note this as simulator S i By generating a string andindistinguishable is insufficient.
In the illustrated embodiment, the data stream that the first server may obtain during the entire interactive calculation is { g (z 1 )||p(a 1 ),…,g(z m )||p(a m ) Sum { g (f (x) 1 )),…,g(f(x n ) -j) j; while the data stream acquired by the second server is { f (x 1 ),…,f(x n ) Sum { f (g (z) 1 )),…,f(g(z m ))}。
Defining the view of the first server under the semi-honest model as formula (1), and defining the algorithm S as formula (2):
for the first server, view tx (X) and S are not statistically distinguishable, and after transformation by encryption functions g (y) and p (a), the first server cannot distinguish the encrypted z from the nature of the encryption algorithm i ' and z i And a i And a i '. And (3) taking the intermediate result which can be obtained in each step in the calculation process into two formulas, and if the formulas are all established, indicating the data security. The attestation to the second server is as above.
As can be seen from the technical solutions provided in the embodiments of the present disclosure, the second server encrypts behavior data of multiple local users based on homomorphic encryption, so as to obtain a behavior encryption data set; the second server generates a second identification encryption data set according to the identification information of the plurality of local users; the second server sends the behavior encryption data set and the second identification encryption data set to a first server; the first server generates a first identification encryption data set according to the identification information of a plurality of local users; the first server determining an identification intersection dataset of the first identification encrypted dataset and the second identification encrypted dataset; the first server determining a behavioural encrypted data set from the behavioural encrypted data set that matches the identified intersection data set; the first server calculates the sum of the behavior encryption data in the matched behavior encryption data set; the first server sends the sum of the behavior encryption data to the second server; the second server determines a sum of first behavior data of the local user based on the sum of the behavior encryption data. On the premise of not revealing the user data in the two-party servers, the accurate data of the attribution post-action data sum is obtained, and therefore accurate assessment of exposure attribution is realized.
The embodiment of the invention also provides a data processing device, as shown in fig. 12, which may include:
the encrypted data set receiving module 1201 may be configured to receive a behavioral encrypted data set obtained by encrypting behavioral data of a plurality of local users in a second server based on homomorphic encryption and a second identification encrypted data set generated according to identification information of the plurality of local users in the second server, where the behavioral encrypted data set is sent by the second server;
the first identifying encrypted data set generating module 1203 may be configured to generate a first identifying encrypted data set according to the identifying information of the plurality of local users;
an identification intersection data set determination module 1205 may be used to determine an identification intersection data set of the first identification encrypted data set and the second identification encrypted data set;
a matched behavioural encryption dataset determination module 1207 operable to determine a behavioural encryption dataset from the behavioural encryption dataset that matches the identified intersection dataset;
a sum computation module 1209 of the matched behavior encryption data, which can be used to compute the sum of the behavior encryption data in the matched behavior encryption data set;
the sum sending module 1211 of the behavior encrypted data may be configured to send the sum of the behavior encrypted data to the second server, so that the second server determines a sum of first behavior data of a local user in the second server.
In some embodiments, the sum computation module of the matched behavior encryption data may further include:
the behavior encryption data acquisition unit can be used for acquiring the behavior encryption data in the matched behavior encryption data set;
the encrypted random number acquisition unit can be used for encrypting the preset random number based on the homomorphic encryption to obtain an encrypted random number;
the behavior secondary encryption data acquisition unit can be used for calculating the sum of any behavior encryption data and the encryption random number to obtain behavior secondary encryption data;
and the calculating unit can be used for calculating the sum of the behavior secondary encryption data.
The sum sending module of the behavior encryption data can be further used for sending the sum of the behavior secondary encryption data to the second server.
In some embodiments, the apparatus may further comprise:
the behavior decryption data sum receiving module is used for receiving the behavior decryption data sum obtained by decrypting the behavior secondary encryption data sum sent by the second server;
the second behavior data sum determining module can be used for determining the second behavior data sum based on the behavior decryption data sum and a preset random number;
And the second behavior data encryption sum determining module can be used for encrypting the second behavior data sum based on the homomorphic encryption to obtain a second behavior data encryption sum.
In some embodiments, the apparatus may further comprise:
the first encryption data determining module can be used for encrypting the sum of the behavior encryption data based on a preset encryption function to obtain first encryption data;
the second encryption data determining module can be used for encrypting the sum of the second behavior data encryption based on the preset encryption function to obtain second encryption data;
the first result determining module may be configured to determine that the sum of the received behavior decryption data is a correct result when the first encryption data is equal to the second encryption data.
The first identification encrypted data set generation module may further include:
the first private key encryption data set determining unit may be configured to encrypt the identification information of the plurality of local users based on the first private key to obtain a first private key encryption data set;
a first private key encrypted data set transmitting unit operable to transmit the first private key encrypted data set to the second server;
The first identifier encrypted data set receiving unit may be configured to receive a first identifier encrypted data set sent by the second server and obtained by encrypting the first private key encrypted data set based on a second private key.
The embodiment of the invention also provides a data processing device, as shown in fig. 13, which comprises:
the behavior encryption data set determining module 1301 may be configured to encrypt behavior data of a plurality of local users based on homomorphic encryption, to obtain a behavior encryption data set;
the second identifying encrypted data set generating module 1303 may be configured to generate a second identifying encrypted data set according to the identifying information of the plurality of local users;
the encrypted data set sending module 1305 may be configured to send the behavioral encrypted data set and the second identified encrypted data set to a first server, so that the first server determines an identified intersection data set of the first identified encrypted data set and the second identified encrypted data set, which are generated according to identification information of a plurality of local users in the first server, and determines a behavioral encrypted data set of the behavioral encrypted data set that matches the identified intersection data set;
a sum of behavior encryption data receiving module 1307, configured to receive a sum of behavior encryption data in the matched behavior encryption data set sent by the first server;
The first behavior data sum determination module 1309 may be configured to determine a sum of first behavior data of the local user based on the sum of behavior encryption data.
In some embodiments, the sum of behavior encryption data receiving module may be further configured to receive a sum of behavior secondary encryption data obtained based on the behavior encryption data in the matched behavior encryption data set and a preset random number, where the sum of behavior secondary encryption data is sent by the first server.
In some embodiments, the sum determination module of the first behavior data may further include:
the sum determining unit of the behavior decryption data can be used for decrypting the sum of the behavior secondary encryption data to obtain the sum of the behavior decryption data;
a sum transmission unit of behavior decryption data, which may be used to transmit the sum of the behavior decryption data to the first server;
the preset random number receiving unit can be used for receiving the preset random number sent by the first server;
and the first behavior data sum determining unit can be used for determining the sum of the first behavior data of the local user based on the sum of the behavior decryption data and the preset random number.
In some embodiments, the apparatus may further comprise:
The first identification encryption data set receiving module can be used for receiving the first identification encryption data set sent by the first server;
an identification intersection dataset determination module operable to determine the identification intersection dataset based on the first identification encrypted dataset and the second identification encrypted dataset;
the quantity determining module of the matched behavior encryption data can be used for determining the quantity of the behavior encryption data matched with the identification intersection data set from the behavior encryption data set;
the third behavior data sum set determining module can be used for calculating the sum of any number of behavior data of the local user to obtain a third behavior data sum set;
the second result determining module may be configured to determine that the received preset random number is a correct result when the set of third behavior data sums includes the sum of the first behavior data.
In some embodiments, the second identification encryption dataset generation module may further include:
the second private key encryption data set determining unit may be configured to encrypt the identification information of the plurality of local users based on the second private key to obtain a second private key encryption data set;
A second private key encrypted data set transmitting unit operable to transmit the second private key encrypted data set to the first server;
the second identifier encrypted data set receiving unit may be configured to receive a second identifier encrypted data set sent by the first server and obtained by encrypting the second private key encrypted data set based on the first private key.
The device and method embodiments in the device embodiments described are based on the same inventive concept.
The embodiment of the invention also provides a data processing system, which comprises: a first server and a second server;
the first server is used for generating a first identification encryption data set according to the identification information of the plurality of local users; and determining an identification intersection dataset of the first identification encryption dataset and the second identification encryption dataset; and determining a behavioural encryption dataset from the behavioural encryption dataset that matches the identified intersection dataset; calculating the sum of the behavior encryption data in the matched behavior encryption data set; and sending the sum of the behavior encryption data to the second server;
the second server is used for encrypting the behavior data of the plurality of local users based on homomorphic encryption to obtain a behavior encryption data set; and generating the second identified encrypted data set according to the identification information of the plurality of local users; and sending the behavioral encryption dataset and the second identification encryption dataset to the first server; and determining a sum of first behavior data of the local user based on the sum of the behavior encryption data.
Embodiments of the present invention also provide a storage medium that may be disposed in a server to store at least one instruction, at least one program, a set of codes, or a set of instructions related to a method for implementing a data processing in a method embodiment, where the at least one instruction, the at least one program, the set of codes, or the set of instructions are loaded and executed by the processor to implement the method for data processing provided in the method embodiment.
Alternatively, in the present description embodiment, the storage medium may be located in at least one network server among a plurality of network servers of the computer network. Alternatively, in the present embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The memory according to the embodiments of the present disclosure may be used to store software programs and modules, and the processor executes the software programs and modules stored in the memory to perform various functional applications and data processing. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, application programs required for functions, and the like; the storage data area may store data created according to the use of the device, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory may also include a memory controller to provide access to the memory by the processor.
As can be seen from the embodiments of the data processing method, apparatus, server or storage medium provided by the present invention, in the embodiments of the present invention, the second server encrypts behavior data of multiple local users based on homomorphic encryption to obtain a behavior encrypted data set; the second server generates a second identification encryption data set according to the identification information of the plurality of local users; the second server sends the behavior encryption data set and the second identification encryption data set to a first server; the first server generates a first identification encryption data set according to the identification information of a plurality of local users; the first server determining an identification intersection dataset of the first identification encrypted dataset and the second identification encrypted dataset; the first server determining a behavioural encrypted data set from the behavioural encrypted data set that matches the identified intersection data set; the first server calculates the sum of the behavior encryption data in the matched behavior encryption data set; the first server sends the sum of the behavior encryption data to the second server; the second server determines a sum of first behavior data of the local user based on the sum of the behavior encryption data. On the premise of not revealing the user data in the two-party servers, the accurate data of the attribution post-action data sum is obtained, and therefore accurate assessment of exposure attribution is realized.
It should be noted that: the sequence of the embodiments of the present invention is only for description, and does not represent the advantages and disadvantages of the embodiments. And the foregoing description has been directed to specific embodiments of this specification. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device and server embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and references to the parts of the description of the method embodiments are only required.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims (15)

1. A method of data processing, the method comprising:
receiving a behavior encryption data set which is sent by a second server and is obtained by encrypting behavior data of a plurality of local users in the second server based on homomorphic encryption, and a second identification encryption data set which is generated according to identification information of the plurality of local users in the second server;
generating a first identification encryption data set according to the identification information of the plurality of local users;
determining an identification intersection dataset of the first identification encryption dataset and the second identification encryption dataset;
determining a behavioural encryption dataset from the behavioural encryption dataset that matches the identified intersection dataset;
calculating the sum of behavior encryption data in the matched behavior encryption data set;
and sending the sum of the behavior encryption data to the second server so that the second server determines the sum of the first behavior data of the local user in the second server.
2. The method of claim 1, wherein said calculating a sum of behavioural encryption data in said matched behavioural encryption dataset comprises:
acquiring behavior encryption data in the matched behavior encryption data set;
encrypting a preset random number based on the homomorphic encryption to obtain an encrypted random number;
calculating the sum of any behavior encryption data and the encryption random number to obtain behavior secondary encryption data;
calculating the sum of the behavior secondary encryption data;
correspondingly, the sending the sum of the behavior encryption data to the second server comprises:
and sending the sum of the behavior secondary encryption data to the second server.
3. The method according to claim 2, wherein the method further comprises:
receiving a sum of behavior decryption data obtained by decrypting the sum of behavior secondary encryption data sent by the second server;
determining a second behavior data sum based on the behavior decryption data sum and a preset random number;
and encrypting the sum of the second behavior data based on the homomorphic encryption to obtain the encrypted sum of the second behavior data.
4. The method according to claim 1, wherein the method further comprises:
Encrypting the sum of the behavior encryption data based on a preset encryption function to obtain first encryption data;
encrypting the sum of the second behavior data encryption based on the preset encryption function to obtain second encrypted data;
when the first encrypted data and the second encrypted data are equal, determining that the sum of the received behavior decryption data is a correct result.
5. The method of claim 1, wherein generating the first set of identification encrypted data based on identification information of the plurality of local users comprises:
encrypting the identification information of the plurality of local users based on the first private key to obtain a first private key encrypted data set;
transmitting the first private key encrypted data set to the second server;
and receiving a first identification encrypted data set which is transmitted by the second server and is obtained by encrypting the first private key encrypted data set based on a second private key.
6. A method of data processing, the method comprising:
encrypting behavior data of a plurality of local users based on homomorphic encryption to obtain a behavior encryption data set;
generating a second identification encryption data set according to the identification information of the plurality of local users;
Transmitting the behavior encryption dataset and the second identification encryption dataset to a first server, so that the first server determines an identification intersection dataset of the first identification encryption dataset and the second identification encryption dataset generated according to identification information of a plurality of local users in the first server, and determines a behavior encryption dataset matched with the identification intersection dataset in the behavior encryption dataset;
receiving a sum of behavior encryption data in the matched behavior encryption data set sent by the first server;
and determining the sum of first behavior data of the local user based on the sum of the behavior encryption data.
7. The method of claim 6, wherein said receiving the sum of the behavior encryption data in the matched behavior encryption data set transmitted by the first server comprises:
and receiving the sum of behavior secondary encryption data obtained by the behavior encryption data set based on the matching behavior encryption data and a preset random number sent by the first server.
8. The method of claim 7, wherein the determining the sum of the first behavioral data of the local user based on the sum of behavioral encryption data comprises:
Decrypting the sum of the behavior secondary encryption data to obtain the sum of behavior decryption data;
transmitting the sum of the behavior decryption data to the first server;
receiving the preset random number sent by the first server;
and determining the sum of first behavior data of the local user based on the sum of the behavior decryption data and the preset random number.
9. The method of claim 6, wherein the method further comprises:
receiving the first identification encryption data set sent by the first server;
determining the identification intersection dataset based on the first identification encryption dataset and the second identification encryption dataset;
determining from the behavioural encrypted data set a quantity of behavioural encrypted data matching the identified intersection data set;
calculating the sum of any number of behavior data of the local user to obtain a set of the sum of third behavior data;
when the set of third behavior data includes the sum of the first behavior data, determining that the received preset random number is a correct result.
10. The method of claim 6, wherein generating a second set of identification encrypted data from identification information of the plurality of local users comprises:
Encrypting the identification information of the plurality of local users based on the second private key to obtain a second private key encrypted data set;
transmitting the second private key encrypted data set to the first server;
and receiving a second identification encrypted data set which is transmitted by the first server and is obtained by encrypting the second private key encrypted data set based on the first private key.
11. A data processing apparatus, the apparatus comprising:
the system comprises an encrypted data set receiving module, a first identification encryption data set and a second identification encryption data set, wherein the encrypted data set receiving module is used for receiving a behavior encrypted data set which is sent by a second server and is obtained by encrypting behavior data of a plurality of local users in the second server based on homomorphic encryption, and the second identification encrypted data set is generated according to identification information of the plurality of local users in the second server;
the first identification encryption data set generation module is used for generating a first identification encryption data set according to the identification information of the plurality of local users;
an identification intersection data set determining module, configured to determine an identification intersection data set of the first identification encrypted data set and the second identification encrypted data set;
a matched behavior encryption dataset determination module for determining a behavior encryption dataset from the behavior encryption dataset that matches the identification intersection dataset;
The sum computing module is used for computing the sum of the behavior encryption data in the matched behavior encryption data set;
and the behavior encryption data sum sending module is used for sending the behavior encryption data sum to the second server so that the second server can determine the first behavior data sum of the local user in the second server.
12. A data processing apparatus, the apparatus comprising:
the behavior encryption data set determining module is used for encrypting the behavior data of the plurality of local users based on homomorphic encryption to obtain a behavior encryption data set;
the second identification encryption data set generation module is used for generating a second identification encryption data set according to the identification information of the plurality of local users;
an encrypted data set sending module, configured to send the behavioural encrypted data set and the second identifier encrypted data set to a first server, so that the first server determines an identifier intersection data set of the first identifier encrypted data set and the second identifier encrypted data set, which are generated according to identifier information of a plurality of local users in the first server, and determines a behavioural encrypted data set in the behavioural encrypted data set that matches the identifier intersection data set;
The behavior encryption data sum receiving module is used for receiving the sum of the behavior encryption data in the matched behavior encryption data set sent by the first server;
and the first behavior data sum determining module is used for determining the sum of the first behavior data of the local user based on the sum of the behavior encryption data.
13. A data processing system, the system comprising: a first server and a second server;
the first server is used for generating a first identification encryption data set according to the identification information of the plurality of local users; and determining an identification intersection dataset of the first identification encryption dataset and the second identification encryption dataset; and determining a behavioural encryption dataset from the behavioural encryption dataset that matches the identified intersection dataset; calculating the sum of the behavior encryption data in the matched behavior encryption data set; and sending the sum of the behavior encryption data to the second server;
the second server is used for encrypting the behavior data of the plurality of local users based on homomorphic encryption to obtain a behavior encryption data set; and generating the second identified encrypted data set according to the identification information of the plurality of local users; and sending the behavioral encryption dataset and the second identification encryption dataset to the first server; and determining a sum of first behavior data of the local user based on the sum of the behavior encryption data.
14. A data processing server, the server comprising: a processor and a memory having stored therein at least one instruction, at least one program, code set or instruction set, the at least one instruction, the at least one program, the code set or instruction set being loaded and executed by the processor to implement the data processing method of any of claims 1-5.
15. A data processing server, the server comprising: a processor and a memory having stored therein at least one instruction, at least one program, code set or instruction set, the at least one instruction, the at least one program, the code set or instruction set being loaded and executed by the processor to implement the data processing method of any of claims 6-10.
CN201910285590.XA 2019-04-10 2019-04-10 Data processing method, device, server and system Active CN110400162B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910285590.XA CN110400162B (en) 2019-04-10 2019-04-10 Data processing method, device, server and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910285590.XA CN110400162B (en) 2019-04-10 2019-04-10 Data processing method, device, server and system

Publications (2)

Publication Number Publication Date
CN110400162A CN110400162A (en) 2019-11-01
CN110400162B true CN110400162B (en) 2023-12-15

Family

ID=68322291

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910285590.XA Active CN110400162B (en) 2019-04-10 2019-04-10 Data processing method, device, server and system

Country Status (1)

Country Link
CN (1) CN110400162B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110851869B (en) * 2019-11-14 2023-09-19 深圳前海微众银行股份有限公司 Sensitive information processing method, device and readable storage medium
CN112907268A (en) * 2019-12-04 2021-06-04 北京京东尚科信息技术有限公司 Attribution method, apparatus, device and medium
CN112217639B (en) * 2020-09-30 2022-12-20 招商局金融科技有限公司 Data encryption sharing method and device, electronic equipment and computer storage medium
EP4105806A1 (en) * 2021-06-14 2022-12-21 Thales DIS France SA Method for privacy preserving retargeting of a user
CN113821810B (en) * 2021-08-26 2024-03-08 上海赢科信息技术有限公司 Data processing method and system, storage medium and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107196926A (en) * 2017-04-29 2017-09-22 河南师范大学 A kind of cloud outsourcing privacy set comparative approach and device
WO2018169584A1 (en) * 2017-03-16 2018-09-20 Google Llc Systems and methods for entropy balanced population measurement
CN109040076A (en) * 2018-08-09 2018-12-18 腾讯科技(深圳)有限公司 A kind of data processing method, system, device, equipment and medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060245587A1 (en) * 2005-04-28 2006-11-02 Binyamin Pinkas System and method for private information matching
US8526603B2 (en) * 2011-07-08 2013-09-03 Sap Ag Public-key encrypted bloom filters with applications to private set intersection
US9940477B2 (en) * 2014-12-11 2018-04-10 Agostino Sibillo Geolocation-based encryption method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018169584A1 (en) * 2017-03-16 2018-09-20 Google Llc Systems and methods for entropy balanced population measurement
CN107196926A (en) * 2017-04-29 2017-09-22 河南师范大学 A kind of cloud outsourcing privacy set comparative approach and device
CN109040076A (en) * 2018-08-09 2018-12-18 腾讯科技(深圳)有限公司 A kind of data processing method, system, device, equipment and medium

Also Published As

Publication number Publication date
CN110400162A (en) 2019-11-01

Similar Documents

Publication Publication Date Title
CN110400162B (en) Data processing method, device, server and system
Li et al. Privacy-preserving-outsourced association rule mining on vertically partitioned databases
Debnath et al. Secure and efficient private set intersection cardinality using bloom filter
CN110138802B (en) User characteristic information acquisition method, device, block chain node, network and storage medium
CN111523891B (en) Information encryption method, device, equipment and storage medium based on block chain
CA2983163C (en) Generating cryptographic function parameters from compact source code
JP5562687B2 (en) Securing communications sent by a first user to a second user
EP2547033B1 (en) Public-key encrypted bloom filters with applications to private set intersection
JP6016948B2 (en) Secret calculation system, arithmetic device, secret calculation method, and program
CN104038349A (en) Effective and verifiable public key searching encryption method based on KP-ABE
CN110120873B (en) Frequent item set mining method based on cloud outsourcing transaction data
Leontiadis et al. PUDA–privacy and unforgeability for data aggregation
JP2007501975A (en) Data processing system and method
CN114175028B (en) Cryptographic pseudonym mapping method, computer system, computer program and computer-readable medium
CN109120606B (en) Method and device for processing characteristic attribute with privacy protection
CN115461744A (en) Processing machine learning modeling data to improve accuracy of classification
CN104092686A (en) Privacy protection and data safety access method based on SVW classifier
CN111291122B (en) Bidding method and device based on block chain
Debnath et al. Efficient private set intersection cardinality in the presence of malicious adversaries
Boshrooyeh et al. Privado: Privacy-preserving group-based advertising using multiple independent social network providers
Chenli et al. Fairtrade: Efficient atomic exchange-based fair exchange protocol for digital data trading
CN111784337A (en) Authority verification method and system
Hu et al. Efficient privacy‐preserving dot‐product computation for mobile big data
CN115412259A (en) Searchable proxy signcryption method and product of cloud health system based on block chain
CN108011723A (en) Invade the undetachable digital signatures method of rebound

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TG01 Patent term adjustment