CN114491570A - Data matching method and device, computing equipment and computer-readable storage medium - Google Patents

Data matching method and device, computing equipment and computer-readable storage medium Download PDF

Info

Publication number
CN114491570A
CN114491570A CN202011262347.5A CN202011262347A CN114491570A CN 114491570 A CN114491570 A CN 114491570A CN 202011262347 A CN202011262347 A CN 202011262347A CN 114491570 A CN114491570 A CN 114491570A
Authority
CN
China
Prior art keywords
data
homomorphic encryption
service end
matching
encryption method
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011262347.5A
Other languages
Chinese (zh)
Inventor
江志
徐澜
徐伟
郑婷
陶惠锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shanghai Co Ltd
Original Assignee
Tencent Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shanghai Co Ltd filed Critical Tencent Technology Shanghai Co Ltd
Priority to CN202011262347.5A priority Critical patent/CN114491570A/en
Publication of CN114491570A publication Critical patent/CN114491570A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present disclosure provides a data matching method for performing data matching between a first service end and a second service end. The method applies a homomorphic encryption method in a data matching stage, so that a single matching process needs to be completed through one-time interaction between a matching party and a data owner so as to jointly generate data to be matched; in addition, the method also processes the original data into nonresolvable characteristic data by utilizing a hash function set, and desensitization of the original data is realized. Therefore, the method enables original data owned by each party participating in matching not to be transmitted, but only encrypted data or characteristic data after further desensitization is transmitted, so that the method is beneficial to protecting the data security of each data owner and can protect attacks based on analysis of characteristic information such as distribution of the original data.

Description

Data matching method and device, computing equipment and computer-readable storage medium
Technical Field
The present disclosure relates to the field of internet, and in particular, to a data matching method and apparatus, a computing device, and a computer-readable storage medium.
Background
With the popularization of the internet and the development of network technology, more and more services are performed based on the internet. During the development of these services, each participant often needs to perform data matching and decide the action to be taken next based on the result of the data matching.
Taking as an example an advertisement selling system capable of providing an advertisement multimedia Platform and placing advertisements on the advertisement multimedia Platform for clients (i.e., advertisers) in a fee-charging manner, in the related art, such an advertisement selling system is currently based on an RTA/DSP Platform (RTA, i.e., Real time API); DSP, i.e., Demand-side Platform). The RTA/DSP platform combines the basic functions of data and model exploration of both media and advertisers, and issues a request to the advertisers in real time on the basis of the direct-casting mode of each media casting platform, the advertisers return decision information, and the casting platform combines the information of the advertisers to perform optimization so as to improve the advertisement casting effect.
In practical application, when an online request arrives, an RTA platform acquires user information of the current request, such as attributes of gender, age, region, occupation, interest and the like, equipment ID, Cookie information and the like, and when the user information of the current request is judged to meet the delivery requirement of an advertiser, the user information of the current request is sent to the advertiser at a DSP side, so that the advertiser judges whether to participate in bidding according to the request of the user; when the advertiser receives the current request information, the advertiser judges whether the user information corresponding to the current request belongs to the target user flow of the advertiser, and makes a corresponding online decision.
In the above service flow, in order to protect data privacy security on the RTA platform side, information with weak data privacy (for example, device ID, Cookie information, and the like) is generally used as an ID identifier of user traffic, and the DSP side generates a device ID/Cookie information blacklist based on a device ID set that covers a user to filter the ID identifier of the user traffic.
However, in general, the advertiser often manages the existing users not based on low-privacy information such as device IDs and Cookie information, but based on information with higher privacy and higher recognition such as mobile phone numbers and micro signals. And a certain mapping conversion error exists between the high-privacy information and the low-privacy information. For a user, there is a scenario where the user uses multiple devices, which also causes a conversion error when converting high-privacy information (such as a mobile phone number or a micro signal) of the user into low-privacy information (such as a device ID, Cookie information). In addition, the conversion from the high-privacy information to the low-privacy information often needs to be completed by cooperation of a plurality of platforms, which increases the data conversion difficulty and conversion failure rate of the data owner.
Therefore, for the existing advertisement selling system based on the RTA/DSP platform, the following problems may be caused due to the adoption of the low-privacy information as the ID identification of the user traffic: firstly, the conversion error, the conversion difficulty and the conversion failure rate can influence the identification accuracy of the user information; second, each participant (e.g., the RTA platform side and the DSP client side) usually has multi-dimensional user information, and using only low-privacy information as a data matching basis between the participants results in that the value of rich data features of the participants (especially, the RTA platform side) cannot be exerted, so that the DSP client side misses a large amount of high-value traffic. In addition, similar drawbacks exist in other internet-based services where each participant needs to perform data matching to identify user information.
Disclosure of Invention
In view of the above, the present disclosure provides a data matching method and apparatus that desirably overcomes some or all of the above-referenced deficiencies and possibly others.
According to an aspect of the present disclosure, a data matching method is provided, which is applied to a first service end, and the data matching method includes: acquiring first original data; encrypting the first original data by using a first homomorphic encryption method to generate first encrypted data; sending the first encrypted data to a second service end, and receiving double encrypted data from the second service end, wherein the double encrypted data is generated by encrypting the first encrypted data by using a second homomorphic encryption method by the second service end, and the first homomorphic encryption method and the second homomorphic encryption method are homomorphic encryption methods which have the same homomorphic characteristics but are different from each other; decrypting the doubly encrypted data by using a decryption method corresponding to the first homomorphic encryption method to generate first decrypted data; obtaining first feature data for the first original data based on the first decrypted data; and matching the first characteristic data with second characteristic data aiming at second original data, wherein the second characteristic data is generated by the second service terminal based on second encrypted data, and the second encrypted data is obtained by encrypting the second original data by the second service terminal by using the second homomorphic encryption method.
In some embodiments according to the disclosure, the second characteristic data is obtained by the second service end performing data desensitization processing on the second encrypted data, and wherein obtaining the first characteristic data for the first original data based on the first decrypted data comprises: the same data desensitization process is performed on the first decrypted data to obtain the first characteristic data.
In some embodiments according to the disclosure, performing the same data desensitization process on the first decrypted data to obtain the first characteristic data comprises: determining said first decrypted datanA data element; by usingkA hash function ofnEach of the individual data elements is mapped tokAn index value; will have a length ofmBit vector neutralization of bitskSetting the value of a bit corresponding to each index value to be 1, and setting the values of the rest bits to be 0 so as to obtain the first characteristic data; wherein the content of the first and second substances,kmandnis a positive integer and is a non-zero integer,mis greater thank×nAnd is greater thank×nThe maximum value of the index values.
In some embodiments according to the present disclosure, the obtaining first raw data comprises: acquiring flow data received by the first service end; determining directional flow data meeting the flow directional condition of the second service end from the flow data; and acquiring the first original data from the directional flow data.
In some embodiments according to the present disclosure, the traffic direction condition comprises a direction dimension and a threshold value corresponding to each direction dimension; the orientation dimension comprises at least one of: region, content, price, gender, age, occupation, interest, time, traffic source type, network environment.
In some embodiments according to the disclosure, the second encrypted data is determined to be the second characteristic data, and wherein deriving the first characteristic data for the first original data based on the first decrypted data comprises: determining the first decrypted data as the first characteristic data.
In some embodiments according to the disclosure, the first homomorphic encryption method and the second homomorphic encryption method are respectively RSA encryption methods that employ different keys.
In some embodiments according to the present disclosure, the first service end includes an information recommending end, the second service end includes a release decision end, the first original data includes terminal user identification data obtained by the information recommending end, and the second original data includes existing user identification data of the release decision end.
In some embodiments according to the disclosure, the first service end includes a network payment end, the second service end includes a financial service end, the first original data includes end user identification data obtained by the network payment end, and the second original data includes existing user identification data possessed by the financial service end.
According to another aspect of the present disclosure, there is provided a data matching apparatus for a first service end, the data matching apparatus including: a first raw data acquisition module configured to acquire first raw data; a first encrypted data generation module configured to encrypt the first original data using a first homomorphic encryption method to generate first encrypted data; a double encrypted data obtaining module configured to send the first encrypted data to a second service terminal and receive double encrypted data from the second service terminal, the double encrypted data being generated by the second service terminal encrypting the first encrypted data by using a second homomorphic encryption method, and the first homomorphic encryption method and the second homomorphic encryption method being homomorphic encryption methods having the same homomorphic characteristic but different from each other; a decryption module configured to decrypt the doubly encrypted data using a decryption method corresponding to the first homomorphic encryption method to generate the first decrypted data; a first feature data obtaining module configured to obtain first feature data for the first original data based on the first decrypted data; a matching module configured to match the first feature data with second feature data for second original data, the second feature data being generated by the second service end based on second encrypted data, and the second encrypted data being obtained by the second service end encrypting the second original data by using the second homomorphic encryption method.
According to yet another aspect of the present disclosure, there is provided a computing device comprising a processor and a memory configured to store computer-executable instructions configured to, when executed on the processor, cause the processor to perform the method as described above.
According to yet another aspect of the present disclosure, there is provided a computer-readable storage medium configured to store computer-executable instructions configured to, when executed on a processor, cause the processor to perform a method as described above.
The data matching method according to the present disclosure includes at least the following advantageous technical effects: firstly, by applying a homomorphic encryption method in a data matching stage, original data owned by each party participating in matching is not required to be transmitted, but only encrypted data or characteristic data after further desensitization is transmitted, so that the data security of each data owner is protected; secondly, the single matching process must be completed by performing one interaction between the matching party and the data owning party so as to generate the data to be matched together to complete the matching process, thereby avoiding one party cracking the encrypted data through violence.
Drawings
So that the manner in which the above recited features and advantages of the present disclosure can be more fully understood and appreciated, a particular embodiment of the present disclosure will be described in detail below with reference to the accompanying drawings, wherein:
FIG. 1 schematically illustrates a general application scenario of a business system according to some embodiments of the present disclosure;
FIG. 2 is a schematic diagram illustrating the business system shown in FIG. 1 as applied to an information recommendation scenario;
fig. 3 is a diagram schematically illustrating a basic principle of data matching in the service systems shown in fig. 1 and 2;
FIG. 4 is a flow chart that schematically illustrates a method of data matching, in accordance with some embodiments of the present disclosure;
FIG. 5 is a flow chart that schematically illustrates a method that may be used in the data matching method shown in FIG. 4 to obtain first feature data;
FIG. 6 is a flow chart that schematically illustrates a method that may be used for the data desensitization process shown in FIG. 5;
FIG. 7 is a flow chart that schematically illustrates a method that may be used in the data matching method shown in FIG. 4 to obtain first raw data;
FIG. 8 schematically illustrates a block diagram of a data matching apparatus, according to some embodiments of the present disclosure; and
fig. 9 schematically illustrates a block diagram of a computing device including the data matching apparatus described herein, such that the data matching methods described herein may be implemented, in accordance with some embodiments of the present disclosure.
It should be noted that the drawings are merely schematic in nature and, thus, are not necessarily drawn to scale. Moreover, throughout the drawings, like features are indicated by like reference numerals.
Detailed Description
The following description provides specific details of various embodiments of the disclosure so that those skilled in the art can fully understand and practice the various embodiments of the disclosure.
First, some terms related to the embodiments of the present disclosure are explained so that those skilled in the art can understand that:
the homomorphic encryption method comprises the following steps: the homomorphic encryption method is an encryption method that satisfies the condition that: the result of encrypting the plaintext and then performing an operation on the encrypted ciphertext is the same as the result of performing the same operation on the plaintext and then encrypting the operation result of the plaintext.
That is, an encryption methodx 1, x 2, …, x n → [x 1], [x 2], …, [x n]If the condition is satisfiedf([x 1], [x 2], …, [x n]) = [f(x 1, x 2, …, x n)]Wherein, the]Which means that the data is encrypted and,frepresenting an arithmetic operation, the encryption method is a homomorphic encryption method.
Homomorphic properties: homomorphic properties refer to the properties of a homomorphic encryption method that support what arithmetic operations are performed on a ciphertext. If the homomorphic encryption method supports multiplication operation on the ciphertext, the homomorphic characteristic of the homomorphic encryption method is multiplication homomorphism; if the homomorphic encryption method supports addition operation on the ciphertext, the homomorphic characteristic of the homomorphic encryption method is the addition homomorphism; if the homomorphic encryption method supports both multiplication and addition operations on the ciphertext, the homomorphic nature of the homomorphic encryption method is fully homomorphic.
For example, the RSA encryption method is a homomorphic encryption method with multiplicative homomorphism, and the Paillier encryption method is a homomorphic encryption algorithm with additive homomorphism.
Data desensitization: data desensitization refers to a data processing technique in which data containing some sensitive information is deformed by a certain desensitization rule, so that the sensitivity of the data is reduced. By properly using the data desensitization technology, the exposure of data in the links of acquisition, transmission, use and the like can be effectively reduced, and the risk of sensitive data leakage is reduced, so that the reliable protection of sensitive private data is realized.
Referring now to fig. 1, a general application scenario of a business system 100 according to some embodiments of the present disclosure is schematically illustrated. As shown in fig. 1, the service system 100 includes a first service end 110 and a second service end 120, wherein the first service end 110 and the second service end 120 can communicate through a network 140, and the first service end 110 can also communicate with one or more terminal devices 130 through the network 140. The first and second peers 110, 120 cooperate with each other to conduct business, including but not limited to advertising, making payments, etc., to users of one or more of the terminal devices 130.
The first and second business ends 110, 120 can accordingly store and execute computer instructions that can perform the various methods described in the present disclosure, each of which can be a single server or a cluster of servers or a cloud server. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, CDN, and a big data and artificial intelligence platform. The terminal may be, but is not limited to, a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, and the like. The terminal and the server may be directly or indirectly connected through wired or wireless communication, and the disclosure is not limited thereto.
The terminal device 130 may be any type of mobile device including, but not limited to: mobile computers (e.g., Microsoft Surface devices, Personal Digital Assistants (PDAs), laptop computers, notebook computers, tablet computers such as Apple iPad, netbooks, etc.), mobile telephones (e.g., cellular telephones, smart phones such as Microsoft Windows ® phones, Apple iPhone, phones implementing the Google Androdid operating system, Palm devices, Blackberry devices, etc.), wearable computing devices (e.g., smart watches, head mounted devices, including smart glasses, such as Google glass, etc.), or other types of mobile devices. In some embodiments, the terminal device 130 may also be a stationary device, such as a desktop computer, a game console, a smart television, a set-top box, an outdoor advertising display screen, an in-vehicle advertising display screen, and so forth.
Examples of network 140 may include any combination of a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), and/or a communication network such as the Internet. Each of the first service end 110, the second service end 120, and the one or more terminal devices 130 may include at least one communication interface (not shown) capable of communicating over a network. Such communication interfaces may be one or more of the following: any type of network interface (e.g., a Network Interface Card (NIC)), wired or wireless (such as IEEE 802.11 wireless lan (wlan)) wireless interface, a global microwave access interoperability (Wi-MAX) interface, an ethernet interface, a Universal Serial Bus (USB) interface, a cellular network interface, a bluetooth interface, a Near Field Communication (NFC) interface, and so forth.
In the scenario shown in fig. 1, a user may perform an operation through the terminal device 130, such as submitting a service request or opening an application, etc., the operation may generate traffic data including the request and user identity information through the terminal device 130, and the traffic data is sent to the first service end 110 by the terminal device 130 through the network 140. When receiving the traffic data, the first service end 110 may obtain service data that is required for performing a corresponding service and needs to be confirmed by the second service end 120, for example, user identification data representing the user identity of the terminal device 130, including but not limited to a device ID of the terminal device 130, Cookie information, a mobile phone number and/or a micro signal of the user, and the like. The first service end 110 and the second service end 120 interact to determine whether service data (for example, user identification data of the terminal device 130) acquired by the first service end 110 from the traffic data matches with service data existing at the second service end 120 (for example, existing user identification data meeting the service development requirement). Based on the matching result, the second service end 120 can make a decision and notify the first service end 110 to take corresponding measures.
It should be noted that the scenario shown in fig. 1 is a general application scenario of the business system 100. As will be described below, the first service end 110 and the second service end 120 will be able to be used in more specific scenarios depending on the specific functions they may implement.
Referring to fig. 2, a case where the business system 100 shown in fig. 1 is applied to an information recommendation scenario is schematically shown. In fig. 2, the business system is an information recommendation system 100a for information recommendation, which includes an information recommendation end 110a and a placement decision end 120a, wherein the information recommendation end 110a and the placement decision end 120a can communicate via a network 140, and the information recommendation end 110a can also communicate with one or more terminal devices 130 via the network 140.
In the embodiment shown in fig. 2, the information recommender 110a refers to a platform that provides a recommendation information presentation to the placement decision maker (e.g., advertiser) 120a for a fee. The charging method of the information recommendation terminal 110a may include, but is not limited to: CPM (Cost Per thousand), CPT (Cost Per Time period), CPC (Cost Per Click), etc. The CPM is a method of selling advertisements according to exposure traffic of thousands of people, for example, if the delivery decision-making end 120a purchases information recommendation traffic of 1 CPM, it indicates that the same piece of recommendation information of the delivery decision-making end 120a needs to be exposed 1 thousand times. The CPM is characterized in that the releasing decision-making terminal 120a needs to pay for the recommended information content of the releasing decision-making terminal 120a as long as the recommended information content is displayed to users with enough magnitude; the recommendation information released in the billing manner is generally based on brand exhibition and product release, such as GD (Guaranteed Delivery) information recommendation of a news client, and the exposure effect is generally good. CPT refers to a method of buying off at a fixed price for advertising space display within a period of time and charging according to the buying off time, such as screen-open information recommendation, application of pull-down keywords in the market, and the like. CPC is a charging mode according to the number of times that the advertisement is clicked, and a CPC charging mode is generally adopted for keyword bidding.
One form of information recommendation is video information recommendation, which may also be referred to as video tile advertising, which refers to a form of advertising that takes up the video viewer's video viewing time. According to the showing time and position of the advertisement, the advertisement can be divided into front paster video advertisement, back paster video advertisement, inter cut video advertisement and the like. The front paster video advertisement is an advertisement played before video showing, the rear paster video advertisement is an advertisement played after the video showing is finished, and the video advertisement insertion is an advertisement played in the video showing process.
The front-end platform of the information recommendation terminal 110a processes the traffic data containing the real-time request from the terminal device 130, and obtains the currently requested terminal user identification information (including but not limited to device ID, Cookie information, mobile phone number, micro signal, etc.), so that the information recommendation decision model of the back-end performs decision matching. The information recommendation terminal 110a may also use the obtained user information to portray the user of the terminal device, for example, based on information such as gender, age, region, occupation, and interest. The information is only available for the information recommending end 110a to use in internal encryption, so as to protect the privacy information of the user.
The information recommendation decision model of the information recommender 110a may match the user portrait and the user identity information transmitted by the front-end platform based on the release condition previously transmitted by the release decision terminal 120a, and transmit the matching result to the release decision terminal 120 a. The placement conditions may be determined by the placement decision-maker 120a based on existing user identification information.
After receiving the matching result, the information delivery decision model of the delivery decision terminal 120a may decide whether to participate in bidding for the user request traffic according to the matching result.
As shown in fig. 2, optionally, the information recommending terminal 110a may further include an information recommending user data accumulating and modeling module, which may be configured to update and refine the information recommending decision model based on the click rate and the exposure rate contained in the traffic data. Further optionally, the placement decision-making peer 120a may further include an information placement user data accumulation and modeling module that may be configured to update and refine the information placement decision model based on existing user specific data (e.g., without limitation, whether the user is active, registered, purchased, active, persisted, etc.).
Referring to FIG. 3, a schematic diagram illustrating the basic principles of data matching in the business system 100 shown in FIG. 1 and the media recommendation system 100a shown in FIG. 2 according to some embodiments of the present disclosure is shown.
As shown in fig. 3, the second service end 120 and the release decision end 120a may utilize a second homomorphic encryption methodfFor existing dataXPerforming encryption to generate encrypted dataf(X). For example, but not limited to, existing dataXMay include existing user identification data existing at the second service end 120 and the release decision end 120a and satisfying the relevant service targeting conditions and/or information recommendation rules. Such user identification data may contain highly private information such as cell phone numbers, micro-signals, etc., and may have multi-dimensional information, such as but not limited to dimensional information such as geographic, gender, age, occupation, interests, etc., to facilitate identification of existing users. Encrypting dataf(X)May also undergo data desensitization processing to generate a response to existing dataXSecond characteristic data ofFeature(X)
Optionally, a data desensitization processing method includes desensitizing data using a long binary vector (bitmap) and a series of random mapping functions (hash functions), including: for existing dataXDetermining that it hasnA data element; by usingkA hash function ofnEach of the individual data elements is mapped tokAn index value; will have a length ofmBit vector neutralization of bitskThe value of the bit corresponding to the index value is set to 1, and the values of the remaining bits are set to 0, thereby obtainingThe binary vector of (a) is formed corresponding to the existing dataXCharacteristic data of (a); wherein the content of the first and second substances,kmandnis a positive integer and is a non-zero integer,mis greater thank×nAnd is greater thank×nThe maximum of the index values. There is a certain misjudgment rate of the feature data obtained in this way. Assume a tolerable false positive rate ofpAnd the number of hash functions iskThe length of the binary vector ismThe number of data elements isnThen these parameters satisfy the following formula:
Figure DEST_PATH_IMAGE001
Figure 540737DEST_PATH_IMAGE002
Figure DEST_PATH_IMAGE003
further, as a non-limiting example, a Bloom Filter (Bloom Filter) may also be employed for data desensitization.
With continued reference to fig. 3, the second service end 120 and the release decision end 120a may transmit the second feature dataFeature(X)And sent to the first service end 110 and the information recommendation end 110a for use in subsequent data matching. In FIG. 3, the existing data is compared withXThe associated data flow is depicted by solid arrows.
When the first service end 110 and the information recommendation end 110a receive the traffic data containing the request sent from the terminal device 130, the first service end 110 and the information recommendation end 110a may obtain the original data from the traffic datax. For example, but not limited to, raw dataxEnd user identification data relating to traffic direction conditions and/or information recommendation rules may be included. The end user identification data may also contain highly private information such as cell phone numbers, micro-signals, and the like, and may likewise have multi-dimensional information such as, but not limited to, geographic, etc,Gender, age, occupation, interests, etc., to facilitate identification of the end user. The first service end 110 and the information recommending end 110a can utilize a first homomorphic encryption methodgFor the original dataxEncrypting to generate first encrypted datag(x). It should be noted that the first homomorphic encryption methodgAnd a second homomorphic encryption methodfAre different homomorphic encryption methods, but they have the same homomorphic properties, i.e. the first homomorphic encryption methodgAnd a second homomorphic encryption methodfMay all be multiplicative homomorphism, or a first homomorphic encryption methodgAnd a second homomorphic encryption methodfMay all be additively homomorphic. As a non-limiting example, a first homomorphic encryption methodgAnd a second homomorphic encryption methodfIt may be an RSA encryption method using different keys
The first service end 110 and the information recommending end 110a encrypt the first encrypted datag(x)And sent to the second service end 120 and the release decision end 120 a. The second service end 120 and the release decision end 120a receive the first encrypted datag(x)Then, a second homomorphic encryption method is utilizedfFor the first encrypted datag(x)Performing encryption to generate doubly encrypted dataf·g(x)And will doubly encrypt the dataf·g(x)And sending the information to the first service end 110 and the information recommendation end 110 a.
The first service end 110 and the information recommending end 110a receive the double encrypted dataf·g(x)Then, the first homomorphic encryption method is utilizedgCorresponding decryption methodg -1For double encrypted dataf·g(x)Performing decryption to generate a second homomorphic encryption methodfFor the original dataxEncrypted data to be encryptedf(x). Encrypting dataf(x)May be subjected to the same data desensitization process to generate data for the original dataxFirst characteristic data ofFeature(x). First characteristic dataFeature(x)For use in subsequent data matching. In FIG. 3, the data is compared with the original dataxThe associated data flows are all depicted with dashed arrows.
Then, the first service end 110 and the information recommending end 110a can perform the first feature dataFeature(x)And a secondCharacteristic dataFeature(X)And matching, and sending the matching result to the second service end 120 and the delivery decision end 120a, so that it can determine whether to develop the corresponding service, such as the information recommendation service.
Furthermore, according to some embodiments of the present disclosure, the first service end 110 in the service system 100 shown in fig. 1 may include a network payment system, and the second service end 120 may include a financial service end. Thus, the business system 100 can also be applied to data matching and corresponding business development between a network payment terminal and a financial service terminal such as a bank. In this application scenario, the first raw data may include end user identification data obtained from the traffic data, and the second raw data may include existing user identification data that the financial service has. In this scenario, the first service end 110 and the second service end 120 may conduct, for example, a payment service according to the matching result.
In the data matching and interaction process shown in fig. 3, by applying a homomorphic encryption method in the data matching stage, the original data owned by the parties participating in matching can be transmitted without being transmitted, but only the encrypted data after encryption and the feature data after further desensitization are transmitted, thereby being beneficial to protecting the data privacy. In addition, the single matching process must pass through one interaction between the matching executing party and the data owning party so as to generate the data to be matched together to complete the matching process, thereby avoiding that a single party cracks the encrypted data violently.
It is also noted that the application of a desensitization process to the data is also shown in fig. 3. With the data desensitization processing method described hereinbefore, the following advantages can be achieved: firstly, the characteristic data obtained after the data desensitization processing is irreversible, so that the characteristic data is desensitized with original data, the possibility of attack based on cracking of characteristic information such as distribution of the original data in a downstream processing link is avoided, and the data privacy can be further protected; secondly, the characteristic data obtained after the data desensitization processing is a bit vector, and compared with the original data before processing, the storage space required by the characteristic data isThe data transmission time and the data processing time consumption are greatly reduced. Of course, data desensitization processing is not necessary. Under the conditions of not high requirements on data privacy protection and low requirements on the size of matched data, data transmission time and data processing time consumption, the data desensitization processing can not be carried out, but the existing data can be directly usedXEncrypted data off(X)And raw dataxEncrypted data off(x)As characteristic data to be matched. In addition, other data desensitization processing approaches are possible, such as masking or partially masking the data according to certain desensitization rules or bloom filters.
Referring to fig. 4, a data matching method 400 according to some embodiments of the present disclosure is schematically illustrated in flow chart form. The data matching method 400 may be applied to the first service end 110 and may be applied to various scenarios described in the present disclosure.
At step 410, first raw data is obtained. The first service end 110 may determine whether to receive the traffic data from the terminal device 130, and obtain the first original data from the received traffic data. As described above, the traffic data may be data generated by the terminal device 130 containing the request when the user operates with the terminal device 130, and the data is transmitted to the first service end 110 through the network 140. The traffic data may contain any information related to the services of the first service end 110 and the second service end 120, depending on the specific functions implemented by the first service end 110 and the second service end 120. For example, but not limited to, the traffic data may include a device ID, Cookie information, etc. associated with the terminal device 130, and may also include information such as a mobile phone number, a micro signal, etc. associated with the user using the terminal device 130. In addition, the traffic data may include information such as location, gender, age, occupation, interests, content, price, time, traffic source type, network environment, audience attributes, etc., so that multi-dimensional user data may be created so that the user of the terminal device 130 may be portrayed.
At step 420, the first raw data is entered using a first homomorphic encryption methodThe line is encrypted to generate first encrypted data. As an example, the first homomorphic encryption method may be an RSA encryption method
In step 430, the first encrypted data is transmitted to the second service end 120, and the double encrypted data from the second service end 120 is received. The double-encrypted data is generated by the second service end 120 encrypting the first encrypted data by using the second homomorphic encryption method. The first homomorphic encryption method and the second homomorphic encryption method are different homomorphic encryption methods from each other, but both have the same homomorphic characteristics. That is, the first homomorphic encryption method and the second homomorphic encryption method both have multiplication homomorphism, or the first homomorphic encryption method and the second homomorphic encryption method both have addition homomorphism. As an example, the second homomorphic encryption method may be an RSA encryption method that uses a different key than the first homomorphic encryption method
In step 440, the doubly encrypted data is decrypted using a decryption method corresponding to the first homomorphic encryption method to generate first decrypted data. It should be understood that, since a homomorphic encryption method is employed, the first decrypted data herein actually means encrypted data obtained by encrypting the first original data by the second homomorphic encryption method. It can be seen that the first decrypted data, and thus the first feature data, are generated by both parties (e.g., the first service end 110 and the second service end 120) participating in the matching process.
In step 450, first characteristic data for the first original data is obtained based on the first decrypted data. Alternatively, the first service end 110 may use the first decrypted data as the first feature data, and may also process the first decrypted data to obtain the first feature data, as described with reference to fig. 5 below.
In step 460, the first characteristic data is matched with the pre-acquired second characteristic data. The second feature data is generated by the second service end 120 by encrypting the second original data that the second service end has already by using the second homomorphic encryption method, and is sent to the first service end 110 through the network 140. The second original data may be service data (e.g., existing user identification data) that is already at the second service end 120 and that satisfies the targeting condition of the related service (e.g., media recommendation service, payment service, etc.). Similarly, the second raw data may contain highly private information such as cell phone numbers, micro signals, etc., and may have multi-dimensional information such as, but not limited to, dimensional information such as region, gender, age, occupation, interest, etc., to increase the degree of identification.
Further optionally, the first service end 110 may send the matching result to the second service end 120, so that the second service end 120 makes a decision on the matching result.
The data matching method 400 shown in fig. 4 can enable original data owned by each party participating in matching to be transmitted without using a homomorphic encryption method in the data matching stage, but only encrypted data and further desensitized feature data are transmitted, thereby being beneficial to protecting data privacy. Moreover, the single matching process must pass through one interaction between the matching executing party and the data owning party so as to generate the data to be matched together to complete the matching process, thereby avoiding that a single party cracks the encrypted data violently.
Fig. 5 schematically illustrates, in flow chart form, a method of determining first characteristic data that may be used to implement step 450 of the data matching method 400 illustrated in fig. 4. As shown in FIG. 5, step 450 in the data matching method 400 shown in FIG. 4 includes steps 450a and 450 b:
at step 450a, performing data desensitization processing on the first decrypted data;
in step 450b, the result of the data desensitization process is taken as the first characterization data.
As already explained, the data desensitization process deforms, masks, or maps data containing certain sensitive information through certain desensitization rules, thereby desensitizing the processed data from the original data. Data after data desensitization processing cannot be reversely solved, so that the exposure of the data in the links of acquisition, transmission, use and the like can be effectively reduced, the risk of sensitive data leakage is reduced, and the reliable protection of sensitive private data can be realized.
Further, fig. 6 schematically illustrates, in flow chart form, a data desensitization processing method that may be used to implement step 450a shown in fig. 5.
As shown in FIG. 6, step 450 in the data matching method 400 shown in FIG. 5 includes steps 451, 452, and 450 b:
at step 451, the first decrypted data is determinednA data element;
at step 452, utilizingkA hash function ofnEach of the individual data elements is mapped tokAn index value;
at step 453, the length ismBit vector neutralization of bitskThe value of the bit corresponding to one index value is set to 1, and the values of the remaining bits are set to 0, to generate the first desensitization data.
The various parameters in the data desensitization process described above should satisfy:kmandnis a positive integer which is a multiple of,mis greater thank×nAnd is greater thank×nThe maximum of the index values.
In addition, other data desensitization processing approaches are possible, such as deformation or partial masking of the data according to certain desensitization rules, or the use of suitably constructed bloom filters.
The data desensitization processing method can realize the following advantages: firstly, the characteristic data obtained after the data desensitization processing is irreversible, so that the characteristic data is desensitized with original data, the possibility of attack based on cracking of characteristic information such as distribution of the original data in a downstream processing link is avoided, and the data privacy can be further protected; secondly, the characteristic data obtained after the data desensitization processing is a bit vector, and compared with the original data before processing, the storage space, the data transmission time and the data processing time consumption required by the characteristic data are greatly reduced.
Referring to FIG. 7, a method for obtaining first raw data is schematically illustrated in flow chart form, which may be applied to step 410 of the data matching method 400 illustrated in FIG. 4.
As shown in FIG. 7, step 410 in the data matching method 400 shown in FIG. 4 may include steps 410a, 410b, and 410 c:
in step 410a, acquiring traffic data received by the first service end 110;
in step 410b, directional traffic data satisfying the traffic directional condition of the second service end 120 is determined from the traffic data;
at step 410c, first raw data is obtained from the directional traffic data.
The traffic direction condition may include at least one direction dimension and a predetermined threshold for each direction dimension. The targeting dimension may be geographic, content, price, gender, age, occupation, interests, time, traffic source type, network environment, etc.
By way of non-limiting example, the second service end 120 may determine the directional dimension of the traffic direction condition as time, predetermine a threshold value at the directional dimension, e.g., 18:00 to 22:00 per day, and send the traffic direction condition to the first service end 110. Therefore, when the first service end 110 receives the traffic data, it will first filter the traffic data according to the traffic direction condition: if the traffic data is not generated in the time period from 18:00 to 22:00, the first service end 110 will not obtain the first original data from the traffic data; if the traffic data is generated in the time period from 18:00 to 22:00, the first service end 110 obtains the first original data from the traffic data.
The flow data are screened by using the preset flow directional condition of the second service end 120, and then the relevant user data are extracted from the directional flow data meeting the requirement to generate the first original data, so that the flow accuracy can be improved, and the matching accuracy is improved.
Fig. 8 illustrates a block diagram of a data matching apparatus 800 according to some embodiments of the present disclosure. The data matching device 800 may be used at the first service end 110 and may be applied to various scenarios described in the present disclosure. As shown in fig. 8, the data matching apparatus 800 includes: a first original data obtaining module 810, a first encrypted data generating module 820, a double encrypted data obtaining module 830, a decrypting module 840, a first feature data obtaining module 850, and a matching module 860.
The first raw data acquisition module 810 is configured to acquire first raw data. The first encrypted data generation module 820 is configured to encrypt the first original data using a first homomorphic encryption method to generate first encrypted data. The double encrypted data obtaining module 830 is configured to send the first encrypted data to the second service end 120 and receive the double encrypted data from the second service end 120. The dual encryption data is generated by the second service terminal 120 encrypting the first encryption data using the second homomorphic encryption method, and the first homomorphic encryption method and the second homomorphic encryption method are homomorphic encryption methods having the same homomorphic characteristic but different from each other. The decryption module 840 is configured to decrypt the doubly encrypted data using a decryption method corresponding to the first homomorphic encryption method to generate the first decrypted data. The first feature data obtaining module 850 is configured to obtain first feature data for the first original data based on the first decrypted data. The matching module 860 is configured to match the first feature data with second feature data for second original data, the second feature data being generated by the second service end 120 based on second encrypted data, and the second encrypted data being obtained by the second service end 120 encrypting the second original data by using a second homomorphic encryption method. The above modules relate to the operations of steps 410-460 described above with respect to FIG. 4, and thus are not described again here.
The various modules described above with respect to fig. 8 may each be implemented in hardware or in hardware in combination with software and/or firmware. For example, the modules may be implemented as computer-executable code/instructions configured to be executed in one or more processors and stored in a computer-readable storage medium. Alternatively, the modules may be implemented as hardware logic/circuitry. For example, in some embodiments, one or more of these modules may be implemented together in a system on a chip (SoC). The SoC may include an integrated circuit chip including one or more components of a processor (e.g., a Central Processing Unit (CPU), microcontroller, microprocessor, Digital Signal Processor (DSP), etc.), memory, one or more communication interfaces, and/or other circuitry, and may optionally execute received program code and/or include embedded firmware to perform functions.
Fig. 9 illustrates a schematic block diagram of an exemplary computing device 900, according to some embodiments of the present disclosure. The exemplary computing device 900 may represent the first business terminal 110 shown in fig. 1 and the information recommendation terminal 110a shown in fig. 2, and the exemplary computing device 900 may be used in various scenarios described in this disclosure.
Computing device 900 may include at least one processor 902, memory 904, communication interface(s) 906, display device 908, other input/output (I/O) devices 910, and one or more mass storage devices 912, which may be connected to communicate with each other, such as by a system bus 914 or other appropriate means.
The processor 902 may be a single processing unit or multiple processing units, all of which may include single or multiple computing units or multiple cores. The processor 902 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitry, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the processor 902 may be configured to retrieve and execute computer-readable instructions stored in the memory 904, mass storage device 912, or other computer-readable medium, such as program code for an operating system 916, program code for an application program 918, program code for other programs 920, and so forth.
Memory 904 and mass storage device 912 are examples of computer storage media for storing instructions that are executed by processor 902 to perform the various functions described above. By way of example, the memory 904 may generally include both volatile and nonvolatile memory (e.g., RAM, ROM, and the like). In addition, the mass storage device 912 may generally include a hard disk drive, solid state drive, removable media including external and removable drives, memory cards, flash memory, floppy disks, optical disks (e.g., CDs, DVDs), storage arrays, network attached storage, storage area networks, and the like. Memory 904 and mass storage device 912 may both be collectively referred to herein as memory or computer storage media, and may be non-transitory media capable of storing computer-readable, processor-executable program instructions as computer-executable code that may be executed by processor 902 as a particular machine configured to implement the operations and functions described in the examples of the disclosure.
A number of program modules may be stored on the mass storage device 912. These program modules include an operating system 916, one or more application programs 918, other programs 920, and program data 922, which can be executed by processor 902. Examples of such applications or program modules may include, for instance, computer program logic (e.g., computer-executable code or instructions) for implementing the following components/functions: a first original data obtaining module 810, a first encrypted data generating module 820, a double encrypted data obtaining module 830, a decrypting module 840, a first feature data obtaining module 850, and a matching module 860.
Although illustrated in fig. 9 as being stored in memory 904 of computing device 900, modules 916, 918, 920, and 922, or portions thereof, may be implemented using any form of computer-readable media that is accessible by computing device 900. As used herein, "computer-readable media" includes at least two types of computer-readable media, namely computer storage media and communication media.
Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information for access by a computing device.
In contrast, communication media may embody computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism. Computer storage media, as defined herein, does not include communication media.
Computing device 900 may also include one or more communication interfaces 906 for exchanging data with other devices, such as over a network, direct connection, or the like. Communication interface 906 may facilitate communications within a variety of networks and protocol types, including wired networks (e.g., LAN, cable, etc.) and wireless networks (e.g., WLAN, cellular, satellite, etc.), the Internet, and so forth. Communication interface 906 may also provide for communication with external storage devices (not shown), such as in storage arrays, network attached storage, storage area networks, and the like.
In some examples, computing device 900 may include a display device 908, such as a monitor, for displaying information and images. Other I/O devices 910 may be devices that receive various inputs from a user and provide various outputs to the user, including but not limited to touch input devices, gesture input devices, cameras, keyboards, remote controls, mice, printers, audio input/output devices, and so forth.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and "comprising," when used in this disclosure, specify the presence of stated features but do not preclude the presence or addition of one or more other features. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items. It will be understood that, although the terms "first," "second," "third," etc. may be used herein to describe various features, these features should not be limited by these terms. These terms are only used to distinguish one feature from another.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and/or the present specification and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
In the description of the present specification, the description of the terms "one embodiment," "some embodiments," "an example," "a specific example," or "some examples" or the like means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present disclosure. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Various techniques are described herein in the general context of software-hardware elements or program modules. Generally, these modules include routines, programs, objects, elements, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The terms "module," "functionality," and "component" as used herein generally represent software, firmware, hardware, or a combination thereof. The features of the techniques described herein are platform-independent, meaning that the techniques may be implemented on a variety of computing platforms having a variety of processors.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples of the computer readable medium may include the following: an electrical connection portion (electronic device) having one or more wires, a portable computer cartridge (magnetic device), a Random Access Memory (Random Access Memory), a Read Only Memory (Read Only Memory), an Erasable Programmable Read Only Memory (Erasable Programmable Read Only Memory) or a flash Memory, an optical fiber device, and a portable optical Disc Read Only Memory (Compact Disc Read Only Memory). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, any one or a combination of the following techniques, which are well known in the art, may be used: a discrete logic circuit having a logic Gate circuit for realizing a logic function for a data signal, an application specific integrated circuit having an appropriate combinational logic Gate circuit, a Programmable Gate Array (Programmable Gate Array), a Field Programmable Gate Array (Field Programmable Gate Array), or the like.
It will be understood by those skilled in the art that all or part of the steps of the method of the above embodiments may be performed by hardware associated with program instructions, and that the program may be stored in a computer readable storage medium, which when executed, includes performing one or a combination of the steps of the method embodiments.
Although the present disclosure has been described in detail in connection with some embodiments, it is not intended to be limited to the specific form set forth herein. Rather, the scope of the present disclosure is limited only by the accompanying claims.

Claims (12)

1. A data matching method is applied to a first service terminal, and comprises the following steps:
acquiring first original data;
encrypting the first original data by using a first homomorphic encryption method to generate first encrypted data;
sending the first encrypted data to a second service end, and receiving double encrypted data from the second service end, wherein the double encrypted data is generated by encrypting the first encrypted data by using a second homomorphic encryption method by the second service end, and the first homomorphic encryption method and the second homomorphic encryption method are homomorphic encryption methods which have the same homomorphic characteristics but are different from each other;
decrypting the doubly encrypted data by using a decryption method corresponding to the first homomorphic encryption method to generate first decrypted data;
obtaining first feature data for the first original data based on the first decrypted data;
and matching the first characteristic data with second characteristic data aiming at second original data, wherein the second characteristic data is generated by the second service terminal based on second encrypted data, and the second encrypted data is obtained by encrypting the second original data by the second service terminal by using the second homomorphic encryption method.
2. The data matching method according to claim 1, wherein the second feature data is obtained by the second service end performing data desensitization processing on the second encrypted data, and obtaining the first feature data for the first original data based on the first decrypted data includes:
the same data desensitization process is performed on the first decrypted data to obtain the first characteristic data.
3. The data matching method of claim 2, wherein performing the same data desensitization process on the first decrypted data to obtain the first feature data comprises:
determining said first decrypted datanA data element;
by usingkA hash function ofnEach of the individual data elements is mapped tokAn index value;
will have a length ofmBit vector neutralization of bitskSetting the value of a bit corresponding to each index value to be 1, and setting the values of the rest bits to be 0 so as to obtain the first characteristic data;
wherein the content of the first and second substances,kmandnis a positive integer which is a multiple of,mis greater thank×nAnd is greater thank×nThe maximum of the index values.
4. The data matching method of claim 1, wherein the obtaining first raw data comprises:
acquiring flow data received by the first service end;
determining directional flow data meeting the flow directional condition of the second service end from the flow data;
and acquiring the first original data from the directional flow data.
5. The data matching method of claim 4, wherein the traffic targeting condition includes a targeting dimension and a threshold value corresponding to the targeting dimension;
the orientation dimension comprises at least one of: region, content, price, gender, age, occupation, interest, time, traffic source type, network environment.
6. The data matching method according to claim 1, wherein the second encrypted data is determined as the second characteristic data, and
wherein deriving first characteristic data for the first original data based on the first decrypted data comprises:
determining the first decrypted data as the first characteristic data.
7. The data matching method as claimed in claim 1, wherein the first homomorphic encryption method and the second homomorphic encryption method are RSA encryption methods using different keys, respectively.
8. The data matching method of any one of claims 1 to 7, wherein:
the first service end comprises an information recommending end;
the second service end comprises a release decision end;
the first original data comprises terminal user identity identification data acquired by the information recommending terminal; and
the second original data comprises the existing user identification data of the release decision terminal.
9. The data matching method of any one of claims 1 to 7, wherein:
the first service end comprises a network payment end;
the second business end comprises a financial service end;
the first original data comprises terminal user identity identification data acquired by the network payment terminal; and
the second original data comprises the existing user identification data of the financial service terminal.
10. A data matching apparatus, which is used for a first service end, the data matching apparatus comprising:
a first raw data acquisition module configured to acquire first raw data;
a first encrypted data generation module configured to encrypt the first original data using a first homomorphic encryption method to generate first encrypted data;
a double encrypted data obtaining module configured to send the first encrypted data to a second service terminal and receive double encrypted data from the second service terminal, the double encrypted data being generated by the second service terminal encrypting the first encrypted data by using a second homomorphic encryption method, and the first homomorphic encryption method and the second homomorphic encryption method being homomorphic encryption methods having the same homomorphic characteristic but different from each other;
a decryption module configured to decrypt the doubly encrypted data using a decryption method corresponding to the first homomorphic encryption method to generate the first decrypted data;
a first feature data obtaining module configured to obtain first feature data for the first original data based on the first decrypted data;
a matching module configured to match the first feature data with second feature data for second original data, the second feature data being generated by the second service end based on second encrypted data, and the second encrypted data being obtained by the second service end encrypting the second original data by using the second homomorphic encryption method.
11. A computing device comprising a processor and a memory, the memory configured to store computer-executable instructions configured to, when executed on the processor, cause the processor to perform the method of any of claims 1 to 9.
12. A computer-readable storage medium configured to store computer-executable instructions configured to, when executed on a processor, cause the processor to perform the method of any of claims 1 to 9.
CN202011262347.5A 2020-11-12 2020-11-12 Data matching method and device, computing equipment and computer-readable storage medium Pending CN114491570A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011262347.5A CN114491570A (en) 2020-11-12 2020-11-12 Data matching method and device, computing equipment and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011262347.5A CN114491570A (en) 2020-11-12 2020-11-12 Data matching method and device, computing equipment and computer-readable storage medium

Publications (1)

Publication Number Publication Date
CN114491570A true CN114491570A (en) 2022-05-13

Family

ID=81489795

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011262347.5A Pending CN114491570A (en) 2020-11-12 2020-11-12 Data matching method and device, computing equipment and computer-readable storage medium

Country Status (1)

Country Link
CN (1) CN114491570A (en)

Similar Documents

Publication Publication Date Title
US11599901B2 (en) Methods and system for serving targeted advertisements to a consumer device
US20210383428A1 (en) Blockchain solution for an automated advertising marketplace
US10997632B2 (en) Advertisement campaign filtering while maintaining data privacy for an advertiser and a personal computing device
US8819425B2 (en) Privacy protected interactions with third parties
US10692115B2 (en) Systems and methods for protecting internet advertising data
CN102077182A (en) Data collection and targeted advertising systems and methods
KR20150070387A (en) Publication and removal of attributes in a multi-user computing system
US11470057B2 (en) Systems and methods for protecting internet advertising data
CN110719284A (en) Data sharing method and related equipment
CN113259353A (en) Information processing method and device and electronic equipment
CN114491570A (en) Data matching method and device, computing equipment and computer-readable storage medium
CN111131227B (en) Data processing method and device
CN114245234A (en) Virtual resource processing method and device, electronic equipment and storage medium
JP2023546131A (en) Client-side device bloom filter mapping
US20170041282A1 (en) Global Digital Mobile Publishing (GDMP) Method
US20240086897A1 (en) Hybrid organizational system for data management and tracking
US20230145257A1 (en) Patent licensing distributed ledger infrastructure and method thereof
KR20130112327A (en) Apparatus and computer-readable storage medium for providing sound source

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination