CN112073196A - Service data processing method and device, electronic equipment and storage medium - Google Patents

Service data processing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN112073196A
CN112073196A CN202011250355.8A CN202011250355A CN112073196A CN 112073196 A CN112073196 A CN 112073196A CN 202011250355 A CN202011250355 A CN 202011250355A CN 112073196 A CN112073196 A CN 112073196A
Authority
CN
China
Prior art keywords
service data
service
key information
parameter
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011250355.8A
Other languages
Chinese (zh)
Other versions
CN112073196B (en
Inventor
刘洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202011250355.8A priority Critical patent/CN112073196B/en
Publication of CN112073196A publication Critical patent/CN112073196A/en
Application granted granted Critical
Publication of CN112073196B publication Critical patent/CN112073196B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Abstract

The invention provides a business data processing method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring prime number parameters and a proportional coefficient matched with a service data processing system, and determining second parameters of first key information matched with a first service terminal based on the prime number parameters and the proportional coefficient; encrypting and transmitting first service data of the first service terminal, and encrypting and transmitting second service data of the second service terminal; and determining the intersection of the first service data of the first service terminal and the second service data of the second service terminal as the target service data of the service data processing system through the encrypted transmission of the first service data and the encrypted transmission of the second service data, thereby reducing the calculation cost, improving the efficiency of service data processing, realizing the processing of service data in the mobile terminal, and saving the waiting time of a user.

Description

Service data processing method and device, electronic equipment and storage medium
Technical Field
The present invention relates to data processing technologies in cloud networks, and in particular, to a method and an apparatus for processing service data, an electronic device, and a storage medium.
Background
When different business parties share part of business data, secure multi-party calculation needs to be ensured, namely, multiple parties calculate a function result together without revealing input data of each party of the function, and the calculated result is disclosed to one or more parties. For example, one typical application of secure multiparty computing is privacy trading. Privacy intersection (PSI Private set interaction), or collision bank, can be understood as determining the intersection between multiple parties on the premise of privacy protection. Privacy deals may be applied in business scenarios such as multi-headed debit and credit or multi-party information sharing. In this process, one or more parties should obtain a correct service data intersection, and any other data in the data sets of other parties except the intersection cannot be obtained. In the related art, due to the defect of encryption transmission, privacy data of a user can be frequently leaked, and meanwhile, when a large amount of service data to be processed is faced, the computation complexity of power-mode operation in a traditional exchange encryption function structure is high, the hardware overhead of an encryption process is high, so that the waiting time of the user is long, the hardware use cost is increased, and the realization of service data processing in a mobile terminal is not facilitated.
Disclosure of Invention
In view of this, embodiments of the present invention provide a service data processing method and apparatus, an electronic device, and a storage medium, which can determine an intersection of service data of different service terminals through encrypted transmission of the service data, and use the intersection as target service data of a service data processing system, thereby reducing computation cost, improving efficiency of service data processing, and being capable of implementing processing of service data in a mobile terminal, and saving waiting time of a user.
The technical scheme of the embodiment of the invention is realized as follows:
the embodiment of the invention provides a service data processing method, which comprises the following steps:
acquiring prime number parameters and a proportionality coefficient matched with a service data processing system, wherein the service data processing system at least comprises a first service terminal and a second service terminal;
determining first key information matched with the first service terminal and a first parameter of the first key information;
determining a second parameter of the first key information matched with the first service terminal based on the prime number parameter and the proportionality coefficient;
based on the first key information, the first parameter of the first key information and the second parameter of the first key information, performing encryption transmission on first service data of the first service terminal, and performing encryption transmission on received second service data of the second service terminal;
determining an intersection of the first service data of the first service terminal and the second service data of the second service terminal through encrypted transmission of the first service data and encrypted transmission of the second service data;
and determining target service data of the service data processing system based on the intersection of the first service data of the first service terminal and the second service data of the second service terminal.
The embodiment of the invention also provides a service data processing method, which comprises the following steps:
acquiring prime number parameters and a proportionality coefficient matched with a service data processing system, wherein the service data processing system at least comprises a first service terminal and a second service terminal;
determining second key information matched with the second service terminal and a first parameter of the second key information;
determining a second parameter of second key information matched with a second service terminal based on the prime number parameter and the proportionality coefficient;
based on the second key information, the first parameter of the second key information and the second parameter of the second key information, performing encryption transmission on second service data of the second service terminal, and performing encryption transmission on the received first service data of the first service terminal;
and determining the intersection of the first service data of the first service terminal and the second service data of the second service terminal as the target service data of the service data processing system through the encrypted transmission of the second service data and the encrypted transmission of the first service data.
The embodiment of the invention also provides a service data processing method, which comprises the following steps:
acquiring prime number parameters and a proportionality coefficient matched with a service data processing system, wherein the service data processing system at least comprises a first service terminal and a second service terminal;
determining first key information matched with the first service terminal and a first parameter of the first key information;
determining a second parameter of the first key information matched with the first service terminal based on the prime number parameter and the proportionality coefficient;
determining second key information matched with the second service terminal and a first parameter of the second key information;
determining a second parameter of second key information matched with a second service terminal based on the prime number parameter and the proportionality coefficient;
based on the first key information, the first parameter of the first key information and the second parameter of the first key information, performing encryption transmission on the first service data of the first service terminal;
encrypting and transmitting second service data of the second service terminal based on the second key information, the first parameter of the second key information and the second parameter of the second key information;
and determining the intersection of the first service data of the first service terminal and the second service data of the second service terminal as the target service data of the service data processing system through the encrypted transmission of the first service data and the encrypted transmission of the second service data.
An embodiment of the present invention further provides a service data processing apparatus, including:
the first information processing module is used for acquiring prime number parameters and proportional coefficients matched with a first service terminal and a second service terminal in a service data processing system;
the first information processing module is configured to determine first key information matched with the first service terminal and a first parameter of the first key information;
the first information processing module is used for determining a second parameter of the first key information matched with the first service terminal based on the prime number parameter and the proportionality coefficient;
the first information processing module is configured to perform processing based on the first key information, a first parameter of the first key information, and a second parameter of the first key information;
the first information transmission module is used for carrying out encryption transmission on the first service data of the first service terminal;
the first information processing module is configured to determine, through encrypted transmission of the first service data, an intersection of the first service data of the first service terminal and the second service data of the second service terminal, as target service data of the service data processing system.
An embodiment of the present invention further provides a service data processing apparatus, including:
the second information processing module is used for acquiring prime number parameters and proportional coefficients matched with the first service terminal and the second service terminal in the service data processing system;
the second information processing module is configured to determine second key information matched with the second service terminal and a first parameter of the second key information;
the second information processing module is used for determining a second parameter of second key information matched with a second service terminal based on the prime number parameter and the proportionality coefficient;
a second information transmission module, configured to perform encryption transmission on second service data of the second service terminal based on the second key information, the first parameter of the second key information, and the second parameter of the second key information;
the second information processing module is configured to determine, through encrypted transmission of the second service data, an intersection of the first service data of the first service terminal and the second service data of the second service terminal, as target service data of the service data processing system.
An embodiment of the present invention further provides an electronic device, where the electronic device includes:
a memory for storing executable instructions;
and the processor is used for realizing the business data processing method when the executable instructions stored in the memory are operated.
The embodiment of the invention also provides a computer-readable storage medium, which stores executable instructions, and the executable instructions are executed by a processor to realize the business data processing method.
The embodiment of the invention has the following beneficial effects:
the embodiment of the invention obtains prime number parameters and proportional coefficients matched with a first service terminal and a second service terminal in a service data processing system; determining first key information matched with the first service terminal and a first parameter of the first key information; determining a second parameter of the first key information matched with the first service terminal based on the prime number parameter and the proportionality coefficient; based on the first key information, the first parameter of the first key information and the second parameter of the first key information, performing encryption transmission on the first service data of the first service terminal; by means of encrypted transmission of the first service data, an intersection of the first service data of the first service terminal and the second service data of the second service terminal is determined to serve as target service data of the service data processing system, and therefore encrypted transmission of the service data can be achieved, intersection of service data of different service terminals can be determined to serve as the target service data of the service data processing system, calculation cost is reduced, service data processing efficiency is improved, service data can be processed in the mobile terminal, and waiting time of users is saved.
Drawings
Fig. 1 is a schematic diagram of a usage environment of a service data processing method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a service data processing apparatus according to an embodiment of the present invention;
fig. 3 is an optional flowchart of a service data processing method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a target object determining apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a blockchain in a blockchain network according to an embodiment of the present invention;
fig. 6 is a functional architecture diagram of a blockchain network according to an embodiment of the present invention;
fig. 7 is an optional flowchart of a service data processing method according to an embodiment of the present invention;
fig. 8 is a schematic view of a service data processing effect in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail with reference to the accompanying drawings, the described embodiments should not be construed as limiting the present invention, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or different subsets of all possible embodiments, and may be combined with each other without conflict.
Before further detailed description of the embodiments of the present invention, terms and expressions mentioned in the embodiments of the present invention are explained, and the terms and expressions mentioned in the embodiments of the present invention are applied to the following explanations.
1) Terminals, including but not limited to: the system comprises a common terminal and a special terminal, wherein the common terminal is in long connection and/or short connection with a sending channel, and the special terminal is in long connection with the sending channel.
2) The client, a carrier in the terminal for implementing a specific function, for example, a mobile client (APP) is a carrier of a specific function in the mobile terminal, for example, a function of performing live online broadcasting or a playing function of online video.
3) In response to the condition or state on which the performed operation depends, one or more of the performed operations may be in real-time or may have a set delay when the dependent condition or state is satisfied; there is no restriction on the order of execution of the operations performed unless otherwise specified.
4) Affine password: the symmetric cipher system is one single table enciphered cipher system, and all letters in the letter system are enciphered with one simple mathematical equation corresponding to the number or converted back to letter. Specifically, an affine password is an alternative password, and is one letter to one letter. The key is (a, b, n), where n is a large integer; where is the set of coprime groups with n in Zn.
5) Transactions (transactions), equivalent to the computer term "Transaction," include operations that need to be committed to a blockchain network for execution and do not refer solely to transactions in the context of commerce, which embodiments of the present invention follow in view of the convention colloquially used in blockchain technology.
For example, a deployment (deployment) transaction is used to install a specified smart contract to a node in a blockchain network and is ready to be invoked; the Invoke (Invoke) transaction is used to append records of the transaction in the blockchain by invoking the smart contract and to perform operations on the state database of the blockchain, including update operations (including adding, deleting, and modifying key-value pairs in the state database) and query operations (i.e., querying key-value pairs in the state database).
6) A Block chain (Block chain) is an encrypted, chained transaction storage structure formed of blocks (blocks).
For example, the header of each block may include hash values of all transactions in the block, and also include hash values of all transactions in the previous block, so as to achieve tamper resistance and forgery resistance of the transactions in the block based on the hash values; newly generated transactions, after being filled into the tiles and passing through the consensus of nodes in the blockchain network, are appended to the end of the blockchain to form a chain growth.
7) A Block chain Network (Block chain Network) incorporates new blocks into a set of nodes of a Block chain in a consensus manner.
8) Ledger (legger) is a general term for blockchains (also called Ledger data) and state databases synchronized with blockchains.
Wherein, the blockchain records the transaction in the form of a file in a file system; the state database records the transactions in the blockchain in the form of different types of Key (Key) Value pairs for supporting fast query of the transactions in the blockchain.
9) Intelligent Contracts (Smart Contracts), also known as Chain codes (Chain codes) or application codes, are programs deployed in nodes of a blockchain network, which execute intelligent Contracts called in received transactions to perform operations of updating or querying key-value data of the account database.
10) Consensus (Consensus), a process in a blockchain network, is used to agree on transactions in blocks among the nodes involved, the agreed blocks are to be appended to the end of the blockchain, and the mechanisms to achieve Consensus include Proof of workload (Po W), Proof of rights and interests (PoS, Proof of stamp), Proof of equity authorization (D PoS, released Proof of stamp), Proof of Elapsed Time (Po ET, Proof of Elapsed Time), etc.
Fig. 1 is a schematic view of a usage scenario of a service data method according to an embodiment of the present invention, and referring to fig. 1, a client capable of displaying software of corresponding resource transaction data is disposed on a terminal (including a terminal 10-1 and a terminal 10-2), such as a client or a plug-in for the virtual resource or the physical resource to perform financial activities or pay through the virtual resource, the user can obtain and display the resource transaction data through the corresponding client, and trigger corresponding fraud identification process (such as WeChat payment or WeChat program for financial loan process) in the virtual resource change process, wherein the risk of the user needs to be judged through a data processing device deployed in the server, and acquiring business data in other organizations for auxiliary processing so as to determine the risk level (whether to execute lending) of the target user according to the corresponding prediction result; the terminal is connected to the server 200 through the network 200, and the network 300 may be a wide area network or a local area network, or a combination of the two, and uses a wireless link to realize data transmission.
In some embodiments of the present invention, a privacy deal scenario is described as an example. As an example, in one particular scenario, when a user registers to use instant messaging software (e.g., WeChat, Whatsapp, etc.), to provide the user with a better experience, it may be determined from existing contacts in the user's address book which contacts are registered with the same instant messaging software. In the determining process, the contact information of the user is used as service data owned by a data party and is subjected to service data processing with an operator server of the instant messaging software through a mobile phone terminal, part of sharable service data (namely part of contact information in an address book) is determined, and the determined sharable service data is an intersection of the service data, so privacy intersection processing is required to be carried out, partial data sharing is realized between the user and a service provider of the instant messaging software, and one data party at least cannot acquire other service data except the intersection of the other data party.
In some embodiments of the invention, the privacy rendezvous process may be performed by a computing platform. The computing platform may be a platform provided in the trusted third party device, or may be a platform provided in one of the plurality of data parties or distributed among the plurality of data parties. The computing platform can perform data interaction with various data parties. The multiple terminals (different data parties) in fig. 1 may be data parties of the same data category, e.g., all bank category data parties, or all shopping platform data parties, etc. The multiple data parties may also be different categories of data parties, such as data party 10-1 being a shopping platform data party, data party 10-2 being a lending platform data party, or data party 10-1 being a data owner of contact information, data party 10-2 being a service provider, etc. in the above example. In the privacy deal scenario, the service data provided by these data parties is usually the same type of service data. For example, in the case where the data provider 10-1 is a shopping platform data provider and the data provider 10-2 is a lending platform data provider, if the shopping platform is bound with a payment bank card number and the lending platform is bound with a withdrawal and repayment bank card number, the service data provided by the two parties for privacy transaction may be the bank card number. If the shopping platform data side and the lending platform data side are registered with the telephone numbers of the users, the service data provided by the shopping platform data side and the lending platform data side for privacy transaction can also be the telephone numbers. In other service scenarios, the service data may also include other data, which is not listed here.
As an example, the server 200 or the terminal 10-1 may be configured to deploy a service data processing apparatus to implement the service data processing method provided by the present invention, so as to obtain a prime number parameter and a scaling factor that are matched with a first service terminal and a second service terminal in a service data processing system; determining first key information matched with the first service terminal and a first parameter of the first key information; determining a second parameter of the first key information matched with the first service terminal based on the prime number parameter and the proportionality coefficient; based on the first key information, the first parameter of the first key information and the second parameter of the first key information, performing encryption transmission on the first service data of the first service terminal; and determining the intersection of the first service data of the first service terminal and the second service data of the second service terminal through the encrypted transmission of the first service data, and using the intersection as the target service data of the service data processing system.
As will be described in detail below with respect to the structure of the service data processing apparatus according to the embodiment of the present invention, the service data processing apparatus may be implemented in various forms, such as a dedicated terminal with a processing function of the service data processing apparatus, or may be a server or a group of servers with a processing function of the service data processing apparatus, for example, a service information processing process deployed in the terminal 10-1, such as the server 200 in the foregoing fig. 1. Fig. 2 is a schematic diagram of a composition structure of a service data processing apparatus according to an embodiment of the present invention, and it can be understood that fig. 2 only shows an exemplary structure of the service data processing apparatus, and not a whole structure, and a part of the structure or a whole structure shown in fig. 2 may be implemented as needed.
The service data processing device provided by the embodiment of the invention comprises: at least one processor 201, memory 202, user interface 203, and at least one network interface 204. The various components in the business data processing apparatus are coupled together by a bus system 205. It will be appreciated that the bus system 205 is used to enable communications among the components. The bus system 205 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 205 in fig. 2.
The user interface 203 may include, among other things, a display, a keyboard, a mouse, a trackball, a click wheel, a key, a button, a touch pad, or a touch screen.
It will be appreciated that the memory 202 can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. The memory 202 in embodiments of the present invention is capable of storing data to support operation of the terminal (e.g., 10-1). Examples of such data include: any computer program, such as an operating system and application programs, for operating on a terminal (e.g., 10-1). The operating system includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, and is used for implementing various basic services and processing hardware-based tasks. The application program may include various application programs.
In some embodiments, the service data processing apparatus provided in the embodiments of the present invention may be implemented by a combination of hardware and software, and as an example, the service data processing apparatus provided in the embodiments of the present invention may be a processor in the form of a hardware decoding processor, which is programmed to execute the service data processing method provided in the embodiments of the present invention. For example, a processor in the form of a hardware decoding processor may employ one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), Field Programmable Gate Arrays (FPGAs), or other electronic components.
As an example that the service data processing apparatus provided by the embodiment of the present invention is implemented by combining software and hardware, the service data processing apparatus provided by the embodiment of the present invention may be directly embodied as a combination of software modules executed by the processor 201, where the software modules may be located in a storage medium, the storage medium is located in the memory 202, and the processor 201 reads executable instructions included in the software modules in the memory 202, and completes the service data processing method provided by the embodiment of the present invention in combination with necessary hardware (for example, including the processor 201 and other components connected to the bus 205).
By way of example, the Processor 201 may be an integrated circuit chip having Signal processing capabilities, such as a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the like, wherein the general purpose Processor may be a microprocessor or any conventional Processor or the like.
As an example of the service data processing apparatus provided by the embodiment of the present invention implemented by hardware, the apparatus provided by the embodiment of the present invention may be implemented by directly using the processor 201 in the form of a hardware decoding processor, for example, by being executed by one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), Field Programmable Gate Arrays (FPGAs), or other electronic components, to implement the service data processing method provided by the embodiment of the present invention.
The memory 202 in the embodiment of the present invention is used to store various types of data to support the operation of the business data processing apparatus. Examples of such data include: any executable instructions for operating on the business data processing apparatus, such as executable instructions, may be included in the executable instructions to implement the program for implementing the business data processing method of the embodiments of the present invention.
In other embodiments, the service data processing apparatus provided by the embodiment of the present invention may be implemented in software, and fig. 2 illustrates the service data processing apparatus stored in the memory 202, which may be software in the form of programs, plug-ins, and the like, and includes a series of modules, as an example of the program stored in the memory 202, the service data processing apparatus may include the following software modules:
a first information processing module 2081, a first information transmission module 2082, a second information processing module 2083, and a second information transmission module 2084. When the software module in the service data processing apparatus is read into the RAM by the processor 201 and executed, the service data processing method provided by the embodiment of the present invention is implemented, where the functions of each software module in the service data processing apparatus include:
the first information processing module 2081 is configured to determine first key information matched with the first service terminal and a first parameter of the first key information.
The first information processing module 2081 is configured to determine, based on the prime number parameter and the scaling factor, a second parameter of the first key information that matches the first service terminal.
The first information processing module 2081 is configured to perform encryption transmission on first service data of the first service terminal based on the first key information, a first parameter of the first key information, and a second parameter of the first key information.
The first information processing module 2081 is configured to determine, through encrypted transmission of the first service data, an intersection of the first service data of the first service terminal and the second service data of the second service terminal, and use the intersection as the target service data of the service data processing system.
And the second information processing module 2083, configured to obtain prime number parameters and scaling factors that are matched with the service data processing system.
The second information processing module 2083 is configured to determine second key information matched with the second service terminal, and a first parameter of the second key information.
The second information processing module 2083 is configured to determine, based on the prime number parameter and the scaling factor, a second parameter of second key information that matches a second service terminal.
A second information transmission module 2084, configured to perform encryption transmission on second service data of the second service terminal based on the second key information, the first parameter of the second key information, and the second parameter of the second key information.
The second information processing module 2083 is configured to determine, through encrypted transmission of the second service data, an intersection of the first service data of the first service terminal and the second service data of the second service terminal, and use the intersection as the target service data of the service data processing system.
According to the electronic device shown in fig. 2, in one aspect of the present application, the present application also provides a computer program product or a computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes different embodiments and combinations of embodiments provided in various alternative implementations of the business data processing method.
Before introducing the service data processing method provided by the present application, the service data processing method in the financial wind control scenario in the prior art is preferentially described, where a core idea of privacy intersection is that at the end of protocol interaction, one or more parties should obtain a correct intersection, and any other data in a data set of another party other than the intersection is not obtained. The prior art processing mode comprises:
1) the service terminal P1/P2 encodes the service data s1 and s2 by using the encoding modes of md5, sha-1 and the like to obtain a new set:
Figure 592495DEST_PATH_IMAGE001
then, p1 will react
Figure 938026DEST_PATH_IMAGE002
Given p2, p2 computes intersections locally
Figure 432592DEST_PATH_IMAGE003
. Because for each element
Figure 230784DEST_PATH_IMAGE004
P2 all know one
Figure 351056DEST_PATH_IMAGE005
Satisfy the requirement of
Figure 285514DEST_PATH_IMAGE006
So P2 can get the correct intersection S and share the result to P1. The disadvantage is that the random oracle effect of the Hash function is used, but the Hash function is not secure against collision attacks, i.e. when p2 is taken from p1
Figure 950981DEST_PATH_IMAGE002
Then, all possible plaintexts can be traversed, and md5 encoding is performed on each plaintexts to see whether the plaintexts belong to elements in md5(S1), so that the overall view of S1 is obtained, and privacy leakage is caused.
2) The Diffie-Hellman key agreement protocol is used, and specifically, the privacy negotiation algorithm may be an algorithm that performs a negotiation operation on privacy data, may be the Diffie-Hellman key agreement protocol, or may be another algorithm, which is not limited in this embodiment. The line number data of the original data table can be for one of the data tablesData, which is specific information of the number of rows or columns in the data table. It has the disadvantage that the encryption function EaHaving commutative properties, i.e. having any plaintext x
Figure 361103DEST_PATH_IMAGE007
. Due to the privacy of key a1a2, no matter which party can only obtain S as the final output, the other elements will be protected as privacy. However, the exchange encryption function structure based on Diffie-Hellman contains 'power mode' operation, i.e. first making power xaThen modulo mod p is taken. When a large amount of to-be-processed service data is faced, the computation complexity of the power-modulo operation is high, the encryption overhead is large, so that the waiting time of a user is long, and the hardware cost is increased.
To solve the above-mentioned drawback, referring to fig. 3, fig. 3 is an optional flowchart of a service data processing method provided in an embodiment of the present invention, and it can be understood that the steps shown in fig. 3 may be executed by various electronic devices operating a service data processing apparatus, for example, a server or a server group that may be used for service data, or a terminal of a service process. The method specifically comprises the following steps:
step 301: and the first service terminal acquires prime number parameters and a proportionality coefficient matched with the service data processing system.
The service data in the first service terminal is first service data, the data in the second service terminal is second service data, the specific type of the service terminal is not limited in the application, and the first service terminal can also communicate with a plurality of different second service terminals simultaneously according to different implementation environments, so that the service data processing method provided by the application is realized.
The service data processing device and the server can negotiate a public large prime number P and a proportional coefficient r belonging to a positive integer for two corresponding different data parties, namely P1, P2, P1 and P2. In particular, the prime parameter may be implemented by defining an primitive root of a prime p, for each power of which all integer roots from 1 to p-1 are generated, i.e. if a is an primitive root of a prime p, the value is then a1modp,a2modp, ..., ap-1modp is a distinct integer and constitutes all integers from 1 to p-1 in some permutation. For an integer b and an primitive root a of a prime number p, a unique exponent i can be found, such that b = ai modp where 0 ≦ i ≦ (p-1) exponent i refers to the discrete logarithm of the base a modulo p of b or the exponent. This value is denoted inda, p (b). Wherein, the constraint of service data processing between different service terminals can be realized through the proportionality coefficient r, that is, the constraint is carried out between different service terminals
Figure 629273DEST_PATH_IMAGE008
Therefore, stable data exchange among different service terminals is realized.
In some embodiments of the present invention, the number of the service terminals may be adapted to a usage environment, where each service terminal in the service data processing system may be used in a scenario where multiple data providers perform data query in coordination with each other for a multiparty joint query statement, such as a case where multiple data providers perform private data query in coordination with each other for a multiparty joint query statement. Specifically, data of each data provider is stored in a respective data storage system or cloud server, and original data information required to be disclosed by each provider may be different. The service data processing method provided by the application can exchange various privacy data processed by different service terminals, can acquire intersection in the service data of each provider through multiparty combined query, does not leak the original data of each service terminal in the process, and discloses a calculation result to each provider so as to ensure that each service terminal can accurately acquire corresponding target service data in time. When the number of the service terminals in the service data processing system exceeds three, data processing needs to be performed on different service terminals respectively through the service data processing method provided by the application, and the service data needs to be subjected to iterative encryption transmission.
Step 302, a first service terminal determines first key information matched with the first service terminal and a first parameter of the first key information.
Step 303: and the second service terminal determines a second parameter of second key information matched with the second service terminal based on the prime number parameter and the proportionality coefficient.
Wherein, P1 and P2 can respectively select a key, wherein, the key
Figure 824762DEST_PATH_IMAGE009
And calculates a key parameter by formula 1,
Figure 785765DEST_PATH_IMAGE010
in particular, the key information may be an affine password, or the key information may be an affine password. When the first key information is an affine password, the affine password comprises set cardinality of K sets, the first service terminal sequentially maps the first service data to the K sets by using the affine password to obtain target ciphertext data of the first encrypted service data, wherein the set cardinality of the K sets is sequentially increased. The key of the affine cipher is (a, b, n), wherein n is a large integer and can be adaptively adjusted according to the use environment; the method has the advantages that Zn is a plaintext space, the first service data are sequentially mapped to the set with the set base number of n, space complexity can be effectively reduced, calculation amount in service data processing is reduced, and the mobile terminal and old equipment with poor calculation capacity can conveniently execute the service data processing method provided by the application.
Step 304: and the first service terminal determines a second parameter of the first key information matched with the first service terminal based on the prime number parameter and the proportionality coefficient.
Wherein, the second parameter of the different key information can refer to equation 2,
Figure 948762DEST_PATH_IMAGE011
step 305: and the first service terminal carries out encryption transmission on the first service data of the first service terminal based on the first key information, the first parameter of the first key information and the second parameter of the first key information.
In some embodiments of the present invention, a service data processing system may add or delete the number of corresponding service terminals according to different usage requirements, and the following describes that the service data processing system includes two different service terminals, where encryption transmission is performed on first service data of the first service terminal based on the first key information, a first parameter of the first key information, and a second parameter of the first key information, and may be implemented in the following manner:
based on the first key information, the first parameter of the first key information and the second parameter of the first key information, encrypting the first to-be-processed service data in the first service terminal to form first encrypted service data; sending the first encrypted service data to the second service terminal; and receiving the first encrypted service data encrypted by the second service terminal. In order to achieve the effect of privacy intersection, each of P1 and P2 performs encryption and sends the encryption to different service terminals in the service data processing system, where the encryption process refers to formula 3:
Figure 630410DEST_PATH_IMAGE012
step 306: and the second service terminal carries out encryption transmission on second service data of the second service terminal based on the second key information, the first parameter of the second key information and the second parameter of the second key information.
Wherein, each of P1 and P2 may perform encryption processing and transmit encrypted service data to other service terminals, respectively, and the encryption refers to formula 4 (first encryption) and formula 5 (second encryption):
Figure 805040DEST_PATH_IMAGE013
step 307: and the first service terminal determines the intersection of the first service data of the first service terminal and the second service data of the second service terminal through the encrypted transmission of the first service data and the encrypted transmission of the second service data, and the intersection is used as the target service data of the service data processing system.
In some embodiments of the present invention, the first service terminal may determine a data intersection of the first encrypted service data and the second encrypted service data based on the first encrypted service data encrypted by the second service terminal and the second encrypted service data encrypted by the first service terminal; determining initial target service data by the data intersection of the first encrypted service data and the second encrypted service data, and sending the initial target service data to the second service terminal; and receiving target service data formed by decrypting the initial service data through the second service terminal.
Wherein, any one of P1 and P2 calculates the ciphertext intersection
Figure 795998DEST_PATH_IMAGE014
Decryption is then performed by the first service terminal P1 and transmitted to the second service terminal P2. Wherein, the decryption of the first service terminal refers to equation 6,
Figure 56078DEST_PATH_IMAGE015
wherein
Figure 806997DEST_PATH_IMAGE016
. The second service terminal P2 performs decryption to obtain a final result, and shares the final result with P1, where the decryption of the second service terminal P2 refers to equation 7:
Figure 836132DEST_PATH_IMAGE017
further, since affine cipher is used in the service data processing, the protocol constraint refers to equation 8
Figure 529151DEST_PATH_IMAGE018
Further, a can be deduced1b2+b1=a2b1+b2From this, it can be determined by formula derivation,
Figure 886314DEST_PATH_IMAGE019
therefore, the constrained affine passwords in the business data processing method have interchangeability, and the cipher texts generated after the same plaintext is successively encrypted in different sequences can be ensured to be the same.
In some embodiments of the present invention, when a service terminal (a service data holder) of a service data processing system migrates or reconfigures the system, a fast service data processing apparatus may be implemented by purchasing a blockchain network service to obtain information stored in a blockchain network, where first service data, second service data, and target service data may be sent to the blockchain network, so that a node of the blockchain network fills the first service data, the second service data, and the target service data into a new block, and when the new blocks are identified in common, the new block is appended to a tail of the blockchain.
The embodiment of the present invention may be implemented by combining a Cloud technology, where the Cloud technology (Cloud technology) is a hosting technology for unifying series resources such as hardware, software, and a network in a wide area network or a local area network to implement calculation, storage, processing, and sharing of data, and may also be understood as a generic term of a network technology, an information technology, an integration technology, a management platform technology, an application technology, and the like applied based on a Cloud computing business model. Background services of the technical network system require a large amount of computing and storage resources, such as video websites, photo-like websites and more portal websites, so cloud technology needs to be supported by cloud computing.
It should be noted that cloud computing is a computing mode, and distributes computing tasks on a resource pool formed by a large number of computers, so that various application systems can obtain computing power, storage space and information services as required. The network that provides the resources is referred to as the "cloud". Resources in the "cloud" appear to the user as being infinitely expandable and available at any time, available on demand, expandable at any time, and paid for on-demand. As a basic capability provider of cloud computing, a cloud computing resource pool platform, which is called an Infrastructure as a Service (IaaS) for short, is established, and multiple types of virtual resources are deployed in a resource pool and are used by external clients selectively. The cloud computing resource pool mainly comprises: a computing device (which may be a virtualized machine, including an operating system), a storage device, and a network device.
As shown in fig. 1, the data processing method provided in the embodiment of the present invention can be implemented by corresponding cloud devices, for example: the terminals (including the terminal 10-1 and the terminal 10-2) are connected to the server 200 located at the cloud end through a network 300, and the network 300 may be a wide area network or a local area network, or a combination of the two. It should be noted that the server 200 may be a physical device or a virtualized device.
In some embodiments of the present invention, when receiving a data synchronization request of other nodes in the blockchain network, the authority of the other nodes may be verified in response to the data synchronization request;
and when the authority of the other nodes passes the verification, controlling the current node and the other nodes to carry out data synchronization so as to realize that the other nodes acquire the first service data, the second service data and the target service data.
In some embodiments of the present invention, the query request may be further analyzed to obtain a corresponding object identifier in response to the query request; acquiring authority information in a target block in a block chain network according to the object identifier; checking the matching of the authority information and the object identification; when the authority information is matched with the object identification, acquiring corresponding first service data, second service data and target service data in the block chain network; and responding to the query instruction, and pushing the acquired corresponding first service data, second service data and target service data to corresponding clients.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a target object determining apparatus provided in an embodiment of the present invention, and includes a blockchain network 200 (exemplarily illustrating a consensus node 210-1 to a consensus node 210-3), an authentication center 300, a service agent 400, and a service agent 500, which are respectively described below.
The type of blockchain network 200 is flexible and may be, for example, any of a public chain, a private chain, or a federation chain. Taking a public link as an example, electronic devices such as user terminals and servers of any service entity can access the blockchain network 200 without authorization; taking a federation chain as an example, an electronic device (e.g., a terminal/server) under the jurisdiction of a service entity after obtaining authorization may access the blockchain network 200, and at this time, become a client node in the blockchain network 200.
In some embodiments, the client node may act as a mere watcher of the blockchain network 200, i.e., provides functionality to support a business entity to initiate a transaction (e.g., for uplink storage of data or querying of data on a chain), and may be implemented by default or selectively (e.g., depending on the specific business requirements of the business entity) with respect to the functions of the consensus node 210 of the blockchain network 200, such as a ranking function, a consensus service, and an accounting function, etc. Therefore, the data and the service processing logic of the service subject can be migrated into the block chain network 200 to the maximum extent, and the credibility and traceability of the data and service processing process are realized through the block chain network 200.
The consensus nodes in blockchain network 200 receive transactions submitted from client nodes (e.g., client node 410 attributed to business entity 400, and client node 510 attributed to business entity 500, shown in fig. 1) of different business entities (e.g., business entity 400 and business entity 500, shown in fig. 1), perform the transactions to update the ledger or query the ledger, and various intermediate or final results of performing the transactions may be returned for display in the business entity's client nodes.
For example, the client node 410/510 may subscribe to events of interest in the blockchain network 200, such as transactions occurring in a particular organization/channel in the blockchain network 200, and the corresponding transaction notifications are pushed by the consensus node 210 to the client node 410/510, thereby triggering the corresponding business logic in the client node 410/510.
An exemplary application of the blockchain network is described below, taking an example in which a plurality of service agents access the blockchain network to achieve management of a target object determination result.
Referring to fig. 4, a plurality of business entities involved in the management link, such as the business entity 400, may be target object determination devices based on artificial intelligence, the business entity 500 may be a display system with a target object determination function, and registers from the certificate authority 300 to obtain respective digital certificates, where the digital certificates include the public key of the business entity and the digital signature signed by the certificate authority 300 on the public key and the identity information of the business entity, and are used to be attached to the transaction together with the digital signature of the business entity for the transaction, and are sent to the blockchain network, so that the blockchain network takes out the digital certificate and the signature from the transaction, verifies the authenticity of the message (i.e. whether the message is not tampered) and the identity information of the business entity sending the message, and verifies the blockchain network according to the identity, for example, whether the blockchain network has the right to initiate the transaction. Clients running on electronic devices (e.g., terminals or servers) hosted by the business entity may request access from the blockchain network 200 to become client nodes.
The client node 410 of the service body 400 is used to obtain attack traffic attacking the target system; responding to the acquired attack traffic, and triggering a port multiplexing process to monitor the attack traffic forwarded by the target port; triggering an attack information classification model, and identifying the type of the attack traffic; triggering a port forwarding process based on the identification result of the attack information classification model, and forwarding the attack traffic so as to obtain corresponding attack traffic through honeypot systems of different types; the first service data, the second service data, and the target service data are transmitted to the blockchain network 200.
The first service data, the second service data, and the target service data are sent to the blockchain network 200, a service logic may be set in the client node 410 in advance, and when a corresponding target object determination result is formed, the client node 410 automatically sends the first service data, the second service data, and the target service data to the blockchain network 200, or a service person of the service agent 400 logs in the client node 410, manually packages the first service data, the second service data, and the target service data, and sends the first service data, the second service data, and the target service data to the blockchain network 200. During sending, the client node 410 generates a transaction corresponding to the update operation according to the first service data, the second service data and the target service data, specifies an intelligent contract that needs to be invoked to implement the update operation and parameters passed to the intelligent contract in the transaction, and also carries a digital certificate of the client node 410 and a signed digital signature (for example, a digest of the transaction is encrypted using a private key in the digital certificate of the client node 410), and broadcasts the transaction to the consensus node 210 in the blockchain network 200.
When the transaction is received in the consensus node 210 in the blockchain network 200, the digital certificate and the digital signature carried by the transaction are verified, after the verification is successful, whether the service agent 400 has the transaction right is determined according to the identity of the service agent 400 carried in the transaction, and the transaction fails due to any verification judgment of the digital signature and the right verification. After successful verification, node 210 signs its own digital signature (e.g., by encrypting the digest of the transaction using the private key of node 210-1) and continues to broadcast in blockchain network 200.
After receiving the transaction successfully verified, the consensus node 210 in the blockchain network 200 fills the transaction into a new block and broadcasts the new block. When a new block is broadcasted by the consensus node 210 in the block chain network 200, performing a consensus process on the new block, if the consensus is successful, adding the new block to the tail of the block chain stored in the new block, updating the state database according to a transaction result, and executing a transaction in the new block: and for the transaction of submitting and updating the first business data, the second business data and the target business data, adding key value pairs comprising the first business data, the second business data and the target business data in the state database.
The service person of the service agent 500 logs in the client node 510, inputs a target object determination result or a target object query request, the client node 510 generates a transaction corresponding to the update operation/query operation according to the target object determination result or the target object query request, specifies an intelligent contract that needs to be called to implement the update operation/query operation and parameters transferred to the intelligent contract in the transaction, and the transaction also carries a digital certificate of the client node 510 and a signed digital signature (for example, a digest of the transaction is encrypted by using a private key in the digital certificate of the client node 510), and broadcasts the transaction to the consensus node 210 in the blockchain network 200.
After receiving the transaction in the consensus node 210 in the blockchain network 200, verifying the transaction, filling the block and making the consensus consistent, adding the filled new block to the tail of the blockchain stored in the new block, updating the state database according to the transaction result, and executing the transaction in the new block: for the submitted transaction of updating a certain first service data, a certain second service data and the target service data, updating a key value pair corresponding to the target object determination result in the state database according to the manual identification result; and for the submitted transaction for inquiring a certain target object determination result, inquiring a key value pair corresponding to the target object determination result from the state database, and returning a transaction result.
It should be noted that fig. 4 exemplarily shows a process of directly linking the first service data, the second service data and the target service data, but in other embodiments, for a case that the data size of the target object determination result is large, the client node 410 may link the hash of the target object determination result and the corresponding hash of the target object determination result in pairs, and store the original target object determination result and the corresponding target object determination result in a distributed file system or a database. After obtaining the target object determination result and the corresponding target object determination result from the distributed file system or the database, the client node 510 may perform a check in combination with the corresponding hash in the blockchain network 200, thereby reducing the workload of uplink operations.
As an example of a block chain, referring to fig. 5, fig. 5 is a schematic structural diagram of a block chain in a block chain network provided in an embodiment of the present invention, where a header of each block may include hash values of all transactions in the block and also include hash values of all transactions in a previous block, a record of a newly generated transaction is filled in the block and is added to a tail of the block chain after being identified by nodes in the block chain network, so as to form a chain growth, and a chain structure based on hash values between blocks ensures tamper resistance and forgery prevention of transactions in the block.
An exemplary functional architecture of the blockchain network provided by the embodiment of the present invention is described below, referring to fig. 6, fig. 6 is a schematic functional architecture diagram of the blockchain network provided by the embodiment of the present invention, which includes an application layer 201, a consensus layer 202, a network layer 203, a data layer 204, and a resource layer 205, which are described below respectively.
The resource layer 205 encapsulates the computing, storage, and communication resources that implement each node 210 in the blockchain network 200.
The data layer 204 encapsulates various data structures that implement the ledger, including blockchains implemented in files in a file system, state databases of the key-value type, and presence certificates (e.g., hash trees of transactions in blocks).
The network layer 203 encapsulates the functions of a Point-to-Point (P2P) network protocol, a data propagation mechanism and a data verification mechanism, an access authentication mechanism and service agent identity management.
Wherein the P2P network protocol implements communication between nodes 210 in the blockchain network 200, the data propagation mechanism ensures propagation of transactions in the blockchain network 200, and the data verification mechanism implements reliability of data transmission between nodes 210 based on cryptography methods (e.g., digital certificates, digital signatures, public/private key pairs); the access authentication mechanism is used for authenticating the identity of the service subject added into the block chain network 200 according to an actual service scene, and endowing the service subject with the authority of accessing the block chain network 200 when the authentication is passed; the business entity identity management is used to store the identity of the business entity that is allowed to access blockchain network 200, as well as the permissions (e.g., the types of transactions that can be initiated).
The consensus layer 202 encapsulates the functions of the mechanism for the nodes 210 in the blockchain network 200 to agree on a block (i.e., a consensus mechanism), transaction management, and ledger management. The consensus mechanism comprises consensus algorithms such as POS, POW and DPOS, and the pluggable consensus algorithm is supported.
The transaction management is configured to verify a digital signature carried in the transaction received by the node 210, verify identity information of the service entity, and determine whether the node has an authority to perform the transaction (read related information from the identity management of the service entity) according to the identity information; for the service agents authorized to access the blockchain network 200, the service agents all have digital certificates issued by the certificate authority, and the service agents sign the submitted transactions by using private keys in the digital certificates of the service agents, so that the legal identities of the service agents are declared.
The ledger administration is used to maintain blockchains and state databases. For the block with the consensus, adding the block to the tail of the block chain; executing the transaction in the acquired consensus block, updating the key-value pairs in the state database when the transaction comprises an update operation, querying the key-value pairs in the state database when the transaction comprises a query operation and returning a query result to the client node of the business entity. Supporting query operations for multiple dimensions of a state database, comprising: querying the block based on the block vector number (e.g., hash value of the transaction); inquiring the block according to the block hash value; inquiring a block according to the transaction vector number; inquiring the transaction according to the transaction vector number; inquiring account data of a business main body according to an account (vector number) of the business main body; and inquiring the block chain in the channel according to the channel name.
The application layer 201 encapsulates various services that the blockchain network can implement, including tracing, crediting, and verifying transactions. Therefore, different service terminals can store the acquired target service data in the blockchain network, and the service data processing system is formed by the blockchain network and the different service terminals, so that the service data processing is realized, and different service data use scenes are adapted. For example, a scenario for implementing privacy negotiation by the service data processing method provided by the present application may include: the method comprises the steps of determining scenes of common loan users of a plurality of banks, determining a loan user in a WeChat financial applet, a loan user in a WeChat loan applet and the like. In the privacy intersection scenario, the same service data may be an intersection of some service data, but need not be identical. In general, the traffic data used to determine intersection may be generic, uniquely deterministic traffic data. For example, when determining the intersection between the contact and the service, the aforementioned determination may be performed through business data such as a telephone number, and it is not necessary that the remarked name of the contact, the user name in the service, and the like are completely consistent. The scene of the common loan users of a plurality of banks can be determined through business data such as the account opening identification numbers and the like without completely consistent bank card numbers, loan records and the like.
The business data processing method provided by the present application is further described below with reference to different real-time scenarios, wherein the cross-industry collaboration scenarios of the financial wind control scenario, such as the business terminals, are the credit company P1 and the bank, respectively
Figure 299978DEST_PATH_IMAGE020
. Among them, the credit company P1 receives the user's loan offer request shown in table 1:
Figure 308254DEST_PATH_IMAGE021
based on big data technology, credit company P1 primarily assigns ID numbers to collections according to its collected historical user performance data
Figure 47540DEST_PATH_IMAGE022
The user in (1) issues a cash loan.The cash-out request is rejected because the credit of the other users 1003, 1004 at company P1 is poor, see table 2 in particular.
Figure 891999DEST_PATH_IMAGE023
To further control risk, credit company P1 may wish to screen out those users whose deposit is low or unknown before the loan is formally issued, and the user's deposit information is content outside the business of credit company P1.
At the same time, bank P2 has a collection of user identification cards with a credit of more than ten thousand dollars, wherein,
Figure 843775DEST_PATH_IMAGE024
refer to table 3.
Figure 237716DEST_PATH_IMAGE025
The Cash Credit company P1 wants to make further risk control, i.e. calculation, by means of the data of the Bank P2
Figure 757690DEST_PATH_IMAGE026
And obtaining a final proposal. Referring to fig. 7 in particular, fig. 7 is an optional flowchart of the service data processing method provided in the embodiment of the present invention, which may include the following steps:
step 701: prime parameters and scaling factors are determined that match the first traffic terminal P1 and the second traffic terminal P2.
Step 702: first key information and first parameters of the key information matching the first service terminal P1, and second key information and first parameters of the second key information matching the second service terminal P2 are determined.
Step 703: second parameters of the first key information matching the first service terminal P1 and second parameters of the second key information matching the second service terminal P2 are determined.
Step 704: the first service terminal P1 and the second service terminal P2 exchange encryption information.
Step 705: the first service terminal P1 and the second service terminal P2 perform encryption and exchange.
Step 706: any service terminal determines the encryption intersection information.
Step 707: the first service terminal P1 performs decryption and transmits to the second service terminal P2.
Step 708: the second service terminal P2 performs decryption to obtain the final result, and shares the final result with P1.
After the P1 obtains the information of P2, the final opinion can be determined, specifically referring to table 4:
Figure 214079DEST_PATH_IMAGE027
meanwhile, in consideration of personal privacy of the user, the calculation process meets the following two constraints of data privacy protection:
1) any user ID held by the credit company P1, including the pseudo-consent-issuance set S1 and the denial-issuance set, i.e., the set that the bank P2 does not know, is not available
Figure 359758DEST_PATH_IMAGE028
2) The credit company P1 can not know the user ID card ID whose deposit is more than ten thousand yuan in the bank P2 but not in the list of the credit company P to agree to issue, namely S2\ S1= {10005 }; on the premise of meeting the two privacy protection constraints, the business data processing method provided by the application can enable the credit company P1 to acquire the user intersection which passes the credit detection of the credit company P1 and has sufficient deposit
Figure 952414DEST_PATH_IMAGE026
For final financial decision making.
In some embodiments of the present invention, two existing game companies P1 and P2 respectively have the following sets S1/S of account numbers bound to account numbers recorded in their respective game products, where the sets S include:
Figure 643289DEST_PATH_IMAGE029
however, many users with bad behavior records are only a casualty, or the result of being operated by others who have been briefly stolen a number in a game. Thus, if two companies perform a containment penalty based only on the adverse behavior that the user exposes in the game product under their respective flags, a wide range of false positives may be incurred, compromising business revenue and user interest.
P1/P2 can identify the malpractice players in the multi-game products of two parties at the same time and implement the blocking, i.e. calculation, by the business data processing method provided by the application
Figure 586974DEST_PATH_IMAGE030
(ii) a Meanwhile, in order to protect the privacy of the users, two companies want to protect the registered mobile phone numbers of the users who do not expose bad behaviors in all games from being known by the other party, namely
1) P1 wishes to protect a set of users exposed in P1 but not exposed to bad behaviour in the opposite company P2
Figure 536345DEST_PATH_IMAGE031
2) Company P2 wishes to protect a collection of users exposed in P2 but not exposed to adverse behavior in the opposite company P1
Figure 124452DEST_PATH_IMAGE032
On the premise of meeting the two privacy protection constraints, the business data processing method provided by the application enables two companies to obtain the user intersection which exposes bad behaviors in both game products
Figure 110863DEST_PATH_IMAGE026
As a reference for account blocking penalties.
The beneficial technical effects are as follows:
the embodiment of the invention obtains prime number parameters and proportional coefficients matched with a first service terminal and a second service terminal in a service data processing system; determining first key information matched with the first service terminal and a first parameter of the first key information; determining a second parameter of the first key information matched with the first service terminal based on the prime number parameter and the proportionality coefficient; based on the first key information, the first parameter of the first key information and the second parameter of the first key information, performing encryption transmission on the first service data of the first service terminal; and determining the intersection of the first service data of the first service terminal and the second service data of the second service terminal through the encrypted transmission of the first service data, and using the intersection as the target service data of the service data processing system.
Referring to fig. 8, fig. 8 is a schematic diagram of a service data processing effect in the present invention, a 100000 sample ID set S = \ 0, 1, …, 99999\ is generated, and the following encryption and decryption operations may be performed on S by using the service data processing method (a) provided by the conventional technology (B) and the invention, respectively: stage one: encrypting; and a second stage: carrying out secondary encryption; and a third stage: decrypting; and a fourth stage: and (5) secondary decryption. The abscissa is the running time, the ordinate is four stages, the legend 1 is the effect of the conventional technology, the legend 2 is the effect of the service data processing method provided by the present application, and the calculation time is as shown in table 5 below:
Figure 666478DEST_PATH_IMAGE033
in the whole process, compared with the traditional technology, the calculation time of the business data processing method is saved
Figure 763747DEST_PATH_IMAGE034
Therefore, the method can realize the encrypted transmission of the service data, determine the intersection of the service data of different service terminals and serve as the aim of a service data processing systemMarking the service data, reducing the calculation cost, improving the efficiency of processing the service data, realizing the processing of the service data in the mobile terminal and saving the waiting time of the user.
Continuing with the exemplary structure of the business data processing apparatus provided by the embodiments of the present application implemented as software modules, in some embodiments of the present application, as shown in fig. 2, the software modules stored in the business data processing apparatus of the memory 202 may include:
a first information processing module 2081, a first information transmission module 2082, a second information processing module 2083, and a second information transmission module 2084, wherein in some embodiments of the present invention, the first information processing module 2081 is configured to encrypt first to-be-processed service data in a first service terminal based on the first key information, a first parameter of the first key information, and a second parameter of the first key information, so as to form first encrypted service data; the first information transmission module 2082 is configured to send the first encrypted service data to the second service terminal; the first information processing module 2081 is configured to encrypt the second encrypted service data based on the first key information, the first parameter of the first key information, and the second parameter of the first key information, and send the second encrypted service data to the second service terminal.
In some embodiments of the present invention, the first information processing module 2081 is configured to determine a data intersection between the first encrypted service data and the second encrypted service data based on the first encrypted service data encrypted by the second service terminal and the second encrypted service data encrypted by the first service terminal; the first information transmission module 2082 determines initial target service data based on the data intersection of the first encrypted service data and the second encrypted service data, and sends the initial target service data to the second service terminal; and receiving target service data formed by decrypting the initial service data through the second service terminal.
In some embodiments of the present invention, the second information processing module 2083 is configured to determine second key information matched to the second service terminal, and a first parameter of the second key information; the second information processing module 2083 is configured to determine, based on the prime number parameter and the scaling factor, a second parameter of second key information that matches a second service terminal; the second information processing module 2083 is configured to perform processing based on the second key information, the first parameter of the second key information, and the second parameter of the second key information; the second information transmission module 2084 is configured to perform encryption transmission on the second service data of the second service terminal, and perform encryption transmission on the received first service data of the first service terminal;
the second information processing module 2083 is configured to determine, through encryption transmission of the second service data and encryption transmission of the first service data, an intersection of the first service data of the first service terminal and the second service data of the second service terminal, and use the intersection as target service data of the service data processing system.
In some embodiments of the present invention, the second information processing module 2083 is configured to perform encryption processing on second to-be-processed service data in a second service terminal based on the second key information, the first parameter of the second key information, and the second parameter of the second key information, so as to form second encrypted service data; the second information transmission module 2084 is configured to send the second encrypted service data to the first service terminal; receiving the second encrypted service data encrypted by the first service terminal; and receiving first encrypted service data, encrypting the first encrypted service data based on the second key information, the first parameter of the second key information and the second parameter of the second key information, and sending the first encrypted service data to the first service terminal.
In some embodiments of the present invention, the second information processing module 2083 is configured to determine a data intersection between the first encrypted service data and the second encrypted service data based on the first encrypted service data encrypted by the second service terminal and the second encrypted service data encrypted by the first service terminal; the second information processing module 2083 is configured to receive initial target service data sent by the first service terminal, and decrypt the initial target service data to form target service data; and sending the target service data to the first service terminal.
The above description is only exemplary of the present invention and should not be taken as limiting the scope of the present invention, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (15)

1. A method for processing service data, the method comprising:
acquiring prime number parameters and a proportionality coefficient matched with a service data processing system, wherein the service data processing system at least comprises a first service terminal and a second service terminal;
determining first key information matched with the first service terminal and a first parameter of the first key information;
determining a second parameter of the first key information matched with the first service terminal based on the prime number parameter and the proportionality coefficient;
based on the first key information, the first parameter of the first key information and the second parameter of the first key information, performing encryption transmission on first service data of the first service terminal, and performing encryption transmission on second service data of the second service terminal;
and determining the intersection of the first service data of the first service terminal and the second service data of the second service terminal as the target service data of the service data processing system through the encrypted transmission of the first service data and the encrypted transmission of the second service data.
2. The method of claim 1, wherein the performing encrypted transmission of first traffic data of the first traffic terminal and the received encrypted transmission of second traffic data of the second traffic terminal based on the first key information, a first parameter of the first key information, and a second parameter of the first key information comprises:
based on the first key information, the first parameter of the first key information and the second parameter of the first key information, encrypting the first to-be-processed service data in the first service terminal to form first encrypted service data;
sending the first encrypted service data to the second service terminal;
receiving the first encrypted service data encrypted by the second service terminal;
receiving second encrypted service data;
and encrypting the second encrypted service data based on the first key information, the first parameter of the first key information and the second parameter of the first key information, and sending the second encrypted service data to the second service terminal.
3. The method of claim 2, wherein the determining, through the encrypted transmission of the first service data and the encrypted transmission of the second service data, an intersection of the first service data of the first service terminal and the second service data of the second service terminal as the target service data of the service data processing system comprises:
determining a data intersection of the first encrypted service data and the second encrypted service data based on the first encrypted service data encrypted by the second service terminal and the second encrypted service data encrypted by the first service terminal;
determining initial target service data based on the data intersection of the first encrypted service data and the second encrypted service data, and sending the initial target service data to the second service terminal;
and receiving target service data formed by decrypting the initial service data through the second service terminal.
4. The method of claim 1, wherein the key information of the service data processing system is an affine cipher; alternatively, the first and second electrodes may be,
the first key information is an affine password.
5. The method of claim 4, further comprising:
when the first key information is an affine cipher, a set radix of K sets is included in the affine cipher,
and the first service terminal sequentially maps the first service data to the K sets by using the affine passwords to obtain first encrypted service data target ciphertext data, wherein the set cardinalities of the K sets are sequentially increased.
6. A method for processing service data, the method comprising:
acquiring prime number parameters and a proportionality coefficient matched with a service data processing system, wherein the service data processing system at least comprises a first service terminal and a second service terminal;
determining second key information matched with the second service terminal and a first parameter of the second key information;
determining a second parameter of second key information matched with a second service terminal based on the prime number parameter and the proportionality coefficient;
based on the second key information, the first parameter of the second key information and the second parameter of the second key information, performing encryption transmission on second service data of the second service terminal, and performing encryption transmission on the received first service data of the first service terminal;
and determining the intersection of the first service data of the first service terminal and the second service data of the second service terminal as the target service data of the service data processing system through the encrypted transmission of the second service data and the encrypted transmission of the first service data.
7. The method of claim 6, wherein the performing encrypted transmission of the second service data of the second service terminal and the received encrypted transmission of the first service data of the first service terminal based on the second key information, the first parameter of the second key information, and the second parameter of the second key information comprises:
encrypting second to-be-processed service data in a second service terminal based on the second key information, the first parameter of the second key information and the second parameter of the second key information to form second encrypted service data;
sending the second encrypted service data to the first service terminal;
receiving the second encrypted service data encrypted by the first service terminal;
and receiving first encrypted service data, encrypting the first encrypted service data based on the second key information, the first parameter of the second key information and the second parameter of the second key information, and sending the first encrypted service data to the first service terminal.
8. The method of claim 7, wherein the determining, through the encrypted transmission of the second service data and the encrypted transmission of the first service data, an intersection of the first service data of the first service terminal and the second service data of the second service terminal as the target service data of the service data processing system comprises:
determining a data intersection of the first encrypted service data and the second encrypted service data based on the first encrypted service data encrypted by the second service terminal and the second encrypted service data encrypted by the first service terminal;
the second service terminal receives the initial target service data sent by the first service terminal and decrypts the initial target service data to form target service data;
and sending the target service data to the first service terminal.
9. A method for processing service data, the method comprising:
acquiring prime number parameters and a proportionality coefficient matched with a service data processing system, wherein the service data processing system at least comprises a first service terminal and a second service terminal;
determining first key information matched with the first service terminal and a first parameter of the first key information;
determining a second parameter of the first key information matched with the first service terminal based on the prime number parameter and the proportionality coefficient;
determining second key information matched with the second service terminal and a first parameter of the second key information;
determining a second parameter of second key information matched with a second service terminal based on the prime number parameter and the proportionality coefficient;
based on the first key information, the first parameter of the first key information and the second parameter of the first key information, performing encryption transmission on the first service data of the first service terminal;
encrypting and transmitting second service data of the second service terminal based on the second key information, the first parameter of the second key information and the second parameter of the second key information;
and determining the intersection of the first service data of the first service terminal and the second service data of the second service terminal as the target service data of the service data processing system through the encrypted transmission of the first service data and the encrypted transmission of the second service data.
10. The method according to any one of claims 1-9, further comprising:
sending the first service data, the second service data and the target service data to the blockchain network so as to enable the first service data, the second service data and the target service data to be transmitted to the blockchain network
And the node of the block chain network fills the first service data, the second service data and the target service data into a new block, and when the new block is identified in a consistent manner, the new block is added to the tail part of the block chain.
11. The method of claim 10, further comprising:
receiving data synchronization requests of other nodes in the blockchain network;
responding to the data synchronization request, and verifying the authority of the other nodes;
and when the authority of the other nodes passes the verification, controlling the current node and the other nodes to carry out data synchronization so as to realize that the other nodes acquire the first service data, the second service data and the target service data.
12. A service data processing apparatus, characterized in that the apparatus comprises:
the system comprises a first information processing module, a second information processing module and a third information processing module, wherein the first information processing module is used for acquiring prime number parameters and a proportionality coefficient which are matched with a service data processing system, and the service data processing system at least comprises a first service terminal and a second service terminal;
the first information processing module is configured to determine first key information matched with the first service terminal and a first parameter of the first key information;
the first information processing module is used for determining a second parameter of the first key information matched with the first service terminal based on the prime number parameter and the proportionality coefficient;
the first information processing module is configured to perform processing based on the first key information, a first parameter of the first key information, and a second parameter of the first key information;
the first information transmission module is used for carrying out encryption transmission on the first service data of the first service terminal and carrying out encryption transmission on the received second service data of the second service terminal;
the first information processing module is configured to determine, through encrypted transmission of the first service data and encrypted transmission of the second service data, an intersection of the first service data of the first service terminal and the second service data of the second service terminal, as target service data of the service data processing system.
13. A service data processing apparatus, characterized in that the apparatus comprises:
the second information processing module is used for acquiring prime number parameters and a proportionality coefficient matched with a service data processing system, wherein the service data processing system at least comprises a first service terminal and a second service terminal;
the second information processing module is configured to determine second key information matched with the second service terminal and a first parameter of the second key information;
the second information processing module is used for determining a second parameter of second key information matched with a second service terminal based on the prime number parameter and the proportionality coefficient;
a second information transmission module, configured to perform encryption transmission on second service data of the second service terminal and perform encryption transmission on the received first service data of the first service terminal based on the second key information, the first parameter of the second key information, and the second parameter of the second key information;
the second information processing module is configured to determine, through encrypted transmission of the second service data and encrypted transmission of the first service data, an intersection of the first service data of the first service terminal and the second service data of the second service terminal, as target service data of the service data processing system.
14. An electronic device, characterized in that the electronic device comprises:
a memory for storing executable instructions;
a processor, configured to execute the executable instructions stored in the memory, to implement the service data processing method according to any one of claims 1 to 5, or to implement the service data processing method according to any one of claims 6 to 11.
15. A computer-readable storage medium storing executable instructions, wherein the executable instructions, when executed by a processor, implement the business data processing method of any one of claims 1 to 5 or implement the business data processing method of any one of claims 6 to 11.
CN202011250355.8A 2020-11-10 2020-11-10 Service data processing method and device, electronic equipment and storage medium Active CN112073196B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011250355.8A CN112073196B (en) 2020-11-10 2020-11-10 Service data processing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011250355.8A CN112073196B (en) 2020-11-10 2020-11-10 Service data processing method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112073196A true CN112073196A (en) 2020-12-11
CN112073196B CN112073196B (en) 2021-02-23

Family

ID=73655175

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011250355.8A Active CN112073196B (en) 2020-11-10 2020-11-10 Service data processing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112073196B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112836239A (en) * 2021-02-19 2021-05-25 支付宝(杭州)信息技术有限公司 Method and device for cooperatively determining target object data by two parties for protecting privacy
WO2022156594A1 (en) * 2021-01-21 2022-07-28 腾讯科技(深圳)有限公司 Federated model training method and apparatus, electronic device, computer program product, and computer-readable storage medium
WO2024027514A1 (en) * 2022-08-04 2024-02-08 腾讯科技(深圳)有限公司 Blockchain data processing method and apparatus, and computer device, medium and product

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0693836A1 (en) * 1994-06-10 1996-01-24 Sun Microsystems, Inc. Method and apparatus for a key-management scheme for internet protocols.
CN1272010A (en) * 1999-04-28 2000-11-01 富士软件Abc株式会社 Encryption/decryption method and identification method and device using multi affine cryptographic key system
CN106936572A (en) * 2017-04-01 2017-07-07 上海理深信息科技有限公司 A kind of safe data matching method and its system
CN108183785A (en) * 2018-01-10 2018-06-19 广东工业大学 A kind of method, system, device and readable storage medium storing program for executing for preventing from hitting library or dragging library
CN109951443A (en) * 2019-01-28 2019-06-28 湖北工业大学 The set intersection calculation method and system of secret protection under a kind of cloud environment
CN110275769A (en) * 2018-03-15 2019-09-24 财付通支付科技有限公司 Business data processing method and its equipment, storage medium, application server
CN110598427A (en) * 2019-08-14 2019-12-20 腾讯科技(深圳)有限公司 Data processing method, system and storage medium
CN110727960A (en) * 2019-10-16 2020-01-24 卓尔智联(武汉)研究院有限公司 Data intersection solving device and method based on privacy protection and readable storage medium
CN111404943A (en) * 2020-03-18 2020-07-10 腾讯科技(深圳)有限公司 Data processing method and device, electronic equipment and computer readable storage medium
CN111429254A (en) * 2020-03-19 2020-07-17 腾讯科技(深圳)有限公司 Business data processing method and device and readable storage medium
CN111447200A (en) * 2020-03-24 2020-07-24 湖南兴天电子科技有限公司 Data processing method, device, system, electronic equipment and storage medium
CN111460510A (en) * 2020-04-17 2020-07-28 支付宝(杭州)信息技术有限公司 Method and device for determining same service data based on privacy protection
CN111510281A (en) * 2020-06-29 2020-08-07 腾讯科技(深圳)有限公司 Homomorphic encryption method and device
CN111552978A (en) * 2020-04-21 2020-08-18 杭州趣链科技有限公司 Privacy protection set intersection solving method based on DH encryption and Hash table
CN111553447A (en) * 2020-04-26 2020-08-18 黄应明 Communication data conversion method and device and data processing terminal

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0693836A1 (en) * 1994-06-10 1996-01-24 Sun Microsystems, Inc. Method and apparatus for a key-management scheme for internet protocols.
CN1272010A (en) * 1999-04-28 2000-11-01 富士软件Abc株式会社 Encryption/decryption method and identification method and device using multi affine cryptographic key system
CN106936572A (en) * 2017-04-01 2017-07-07 上海理深信息科技有限公司 A kind of safe data matching method and its system
CN108183785A (en) * 2018-01-10 2018-06-19 广东工业大学 A kind of method, system, device and readable storage medium storing program for executing for preventing from hitting library or dragging library
CN110275769A (en) * 2018-03-15 2019-09-24 财付通支付科技有限公司 Business data processing method and its equipment, storage medium, application server
CN109951443A (en) * 2019-01-28 2019-06-28 湖北工业大学 The set intersection calculation method and system of secret protection under a kind of cloud environment
CN110598427A (en) * 2019-08-14 2019-12-20 腾讯科技(深圳)有限公司 Data processing method, system and storage medium
CN110727960A (en) * 2019-10-16 2020-01-24 卓尔智联(武汉)研究院有限公司 Data intersection solving device and method based on privacy protection and readable storage medium
CN111404943A (en) * 2020-03-18 2020-07-10 腾讯科技(深圳)有限公司 Data processing method and device, electronic equipment and computer readable storage medium
CN111429254A (en) * 2020-03-19 2020-07-17 腾讯科技(深圳)有限公司 Business data processing method and device and readable storage medium
CN111447200A (en) * 2020-03-24 2020-07-24 湖南兴天电子科技有限公司 Data processing method, device, system, electronic equipment and storage medium
CN111460510A (en) * 2020-04-17 2020-07-28 支付宝(杭州)信息技术有限公司 Method and device for determining same service data based on privacy protection
CN111552978A (en) * 2020-04-21 2020-08-18 杭州趣链科技有限公司 Privacy protection set intersection solving method based on DH encryption and Hash table
CN111553447A (en) * 2020-04-26 2020-08-18 黄应明 Communication data conversion method and device and data processing terminal
CN111510281A (en) * 2020-06-29 2020-08-07 腾讯科技(深圳)有限公司 Homomorphic encryption method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
蒋瀚等: ""实用安全多方计算协议关键技术研究进展"", 《计算机研究与发展》 *
蒋瀚等: ""隐私保护机器学习的密码学方法"", 《电子与信息学报》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022156594A1 (en) * 2021-01-21 2022-07-28 腾讯科技(深圳)有限公司 Federated model training method and apparatus, electronic device, computer program product, and computer-readable storage medium
CN112836239A (en) * 2021-02-19 2021-05-25 支付宝(杭州)信息技术有限公司 Method and device for cooperatively determining target object data by two parties for protecting privacy
WO2024027514A1 (en) * 2022-08-04 2024-02-08 腾讯科技(深圳)有限公司 Blockchain data processing method and apparatus, and computer device, medium and product

Also Published As

Publication number Publication date
CN112073196B (en) 2021-02-23

Similar Documents

Publication Publication Date Title
Zhao et al. Secure pub-sub: Blockchain-based fair payment with reputation for reliable cyber physical systems
CN112073196B (en) Service data processing method and device, electronic equipment and storage medium
CN112131316B (en) Data processing method and device applied to block chain system
CN110601816B (en) Lightweight node control method and device in block chain system
CN111797159A (en) Information management and access control in a database
KR20070037581A (en) Anonymous certificates with anonymous certificate show
CN111476573B (en) Account data processing method, device, equipment and storage medium
US11411742B2 (en) Private set calculation using private intersection and calculation, and applications thereof
CN111429138A (en) Block link point data safety interaction method and first interaction node
CN113393225B (en) Digital currency encryption payment method and system
CN112435020A (en) Block chain based supervised anonymous transaction system
CN114565386A (en) Block chain escrow transaction method and system with multi-party cooperative privacy protection
Qu et al. A electronic voting protocol based on blockchain and homomorphic signcryption
Homoliak et al. SmartOTPs: An air-gapped 2-factor authentication for smart-contract wallets
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN112600830B (en) Service data processing method and device, electronic equipment and storage medium
Homoliak et al. An air-gapped 2-factor authentication for smart-contract wallets
CN110572392A (en) Identity authentication method based on HyperLegger network
US20220286291A1 (en) Secure environment for cryptographic key generation
Wu et al. The survey on the development of secure multi-party computing in the blockchain
CN115913513B (en) Distributed trusted data transaction method, system and device supporting privacy protection
CN115409511B (en) Personal information protection system based on block chain
CN113746621B (en) Multi-chain architecture information sharing system based on block chain technology
CN116263834A (en) Multi-issuer anonymous credentials for licensed blockchains
US20230245111A1 (en) Systems and methods for requesting secure, encrypted communications across distributed computer networks for authorizing use of cryptography-based digital repositories in order to perform blockchain operations in decentralized applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40035793

Country of ref document: HK