Nothing Special   »   [go: up one dir, main page]

CN112966168B - Business label query method and device for realizing privacy protection - Google Patents

Business label query method and device for realizing privacy protection Download PDF

Info

Publication number
CN112966168B
CN112966168B CN202110264607.0A CN202110264607A CN112966168B CN 112966168 B CN112966168 B CN 112966168B CN 202110264607 A CN202110264607 A CN 202110264607A CN 112966168 B CN112966168 B CN 112966168B
Authority
CN
China
Prior art keywords
platform
user
hash
identification
encryption information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110264607.0A
Other languages
Chinese (zh)
Other versions
CN112966168A (en
Inventor
李�灿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202110264607.0A priority Critical patent/CN112966168B/en
Publication of CN112966168A publication Critical patent/CN112966168A/en
Application granted granted Critical
Publication of CN112966168B publication Critical patent/CN112966168B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the specification provides a service tag query method for realizing privacy protection. In the method, two platforms respectively use a held private key to encrypt local user information, exchange encryption information with each other and then encrypt the encryption information, and send the double encryption information obtained by the two platforms respectively to a central node; the central node matches the dual encryption information received from the two platforms, and establishes an identification hash mapping relation between a first identification hash and a second identification hash based on a matching result, wherein the first identification hash corresponds to a user identification distributed to a first user by the first platform, and the second identification hash corresponds to a user identification distributed to a second user by the second platform; after receiving a service label query request aiming at a target user from the second platform, the central platform feeds back the service label of the target user to the second platform based on the second identification hash of the target user, the identification hash mapping relation and the service label of the first user provided by the first platform.

Description

Business label query method and device for realizing privacy protection
Technical Field
One or more embodiments of the present disclosure relate to the field of computer technologies, and in particular, to a method and an apparatus for querying a service tag to protect privacy.
Background
In many scenarios, the service tag of the user needs to be known. For example, in a content recommendation scenario, a user's interest domain tags, specifically, sports, entertainment, etc., need to be known to provide the user with content of the corresponding domain. For another example, in a risk prevention and control scenario, a risk level label of a user, specifically, a high risk, a low risk, etc., needs to be obtained to perform risk control on a user operation behavior.
Currently, service tags are typically determined based on historical behavioral data of the user. However, the service platform may lack the user's historical behavior data for various reasons, such as new online or user inactivity, and thus it may be difficult to determine the user's business label.
Therefore, a scheme is urgently needed, so that the platform can acquire the service tag of the target user, and further, service processing can be completed better.
Disclosure of Invention
One or more embodiments of the present specification describe a method and an apparatus for querying a service tag to implement privacy protection, by which a service tag of the same user on another platform can be obtained on the premise of ensuring security of data privacy, thereby assisting service processing of a current platform.
According to a first aspect, a method for querying a service tag for implementing privacy protection is provided, the method involving a first platform, a second platform, and a central node, and the method applied to the second platform includes: encrypting the user information of the second user locally stored by the second platform by using a second private key to obtain second single encrypted information; sending the second single encryption information to the first platform so as to encrypt the second single encryption information by using a first private key to obtain second double encryption information; receiving first single encryption information from the first platform, wherein the first single encryption information is obtained by encrypting user information of a first user locally stored in the first platform by using the first private key; encrypting the first single encrypted information by using a second private key to obtain first double encrypted information; sending the first double-encryption information to the central node so that the central node matches the first double-encryption information with the second double-encryption information, and establishing an identification hash mapping relation between a first identification hash and a second identification hash based on a matching result, wherein the first identification hash corresponds to a user identification distributed to a first user by the first platform, and the second identification hash corresponds to a user identification distributed to a second user by the second platform; sending a label query request to the central node, wherein the label query request comprises a user identification hash of a target user; receiving a first service label of the target user from the central node, which is determined by the central node based on the user identification hash, the identification hash mapping relationship, and a correspondence between a first identification hash provided by the first platform and the first service label.
In one embodiment, the user information comprises at least one of: identification number, cell phone number, and passport number.
In an embodiment, the first service label is obtained by the first platform inputting a user sample characteristic corresponding to the first user into a service prediction model issued by the central node.
In one embodiment, the first service tag is obtained by the first platform inputting a user sample feature corresponding to the first user into a service prediction model deployed locally.
In a specific embodiment, the feature items corresponding to the user sample features are issued by the central node.
In one embodiment, before sending the tag query request to the central node, the method further comprises: calculating a second identifier hash corresponding to the second user identifier; and sending the second identification hash to the central node so as to enable the central node to perform associated storage on the second identification hash and second double-encryption information, and establishing an identification hash mapping relation.
According to a second aspect, a method for querying a service tag for privacy protection is provided, the method involving a first platform, a second platform, and a central node, and the method applied to the central node includes: receiving second double-encryption information obtained by encrypting the second single-encryption information by using a first private key from the first platform; the second single encrypted information is obtained by encrypting second user information by a second platform by using a second private key; receiving first double-encryption information obtained by encrypting first single-encryption information by using the second private key from a second platform; the first single encryption information is obtained by encrypting the first user information by the first platform by using the first private key; matching the first double-encryption information and the second double-encryption information, and establishing an identification hash mapping relation between a first identification hash and a second identification hash based on a matching result, wherein the first identification hash corresponds to a user identification distributed to a first user by the first platform, and the second identification hash corresponds to a user identification distributed to a second user by the second platform; receiving a tag query request from the second platform that includes a user identification hash of a target user; and determining a first service label of the target user based on the user identification hash, the identification hash mapping relation and the corresponding relation between the first identification hash and the first service label provided by the first platform, and sending the first service label to the second platform.
In one embodiment, prior to matching the first dual encryption information and the second dual encryption information, the method further comprises: receiving the first identification hash from the first platform, and establishing a first mapping relation between the first identification hash and first double-encryption information; receiving the second identification hash from the second platform, and establishing a second mapping relation between the second identification hash and second double-encryption information; wherein, establishing an identifier hash mapping relationship between the first identifier hash and the second identifier hash based on the matching result comprises: and under the condition that the first double-encryption information and the second double-encryption information are successfully matched, determining a corresponding first identification hash and a corresponding second identification hash based on the first mapping relation and the second mapping relation respectively, and establishing the mapping relation between the first identification hash and the second identification hash.
In one embodiment, before determining the first service label of the target user, the method further comprises: and receiving the first identification hash and the first service label from the first platform, and establishing the corresponding relation.
In one embodiment, determining the first service label of the target user based on the second identification hash, the identification hash mapping relationship, and the correspondence between the first identification hash provided by the first platform and the first service label includes: determining a cross-platform mapping relationship between the second hash identifier and the first service label based on the identifier hash mapping relationship and the corresponding relationship; and determining a first service label corresponding to the target user based on the cross-platform mapping relation.
According to a third aspect, there is provided a service tag query apparatus for implementing privacy protection, the apparatus being integrated in the second platform, including: the first encryption unit is configured to encrypt user information of a second user locally stored in the second platform by using a second private key to obtain second single encryption information; the first sending unit is configured to send the second single encrypted information to a first platform so as to encrypt the second single encrypted information by using a first private key to obtain second double encrypted information; a first receiving unit configured to receive first single encrypted information, which is obtained by encrypting user information of a first user locally stored in the first platform by using the first private key, from the first platform; the second encryption unit is configured to encrypt the first single encryption information by using a second private key to obtain first double encryption information; a second sending unit, configured to send the first dual encryption information to a central node, so that the central node matches the first dual encryption information with the second dual encryption information, and establishes an identifier hash mapping relationship between a first identifier hash and a second identifier hash based on a matching result, where the first identifier hash corresponds to a user identifier allocated to a first user by the first platform, and the second identifier hash corresponds to a user identifier allocated to a second user by the second platform; a third sending unit, configured to send a tag query request to the central node, where the tag query request includes a user identification hash of a target user; a second receiving unit configured to receive, from the central node, the first service label of the target user, which is determined by the central node based on the user identification hash, the identification hash mapping relationship, and a correspondence between the first identification hash provided by the first platform and the first service label.
According to a fourth aspect, there is provided a service tag query apparatus for implementing privacy protection, the apparatus being integrated in the central node, including: a first receiving unit configured to receive second double encryption information obtained by encrypting second single encryption information with a first private key from a first platform; the second single encrypted information is obtained by encrypting second user information by a second platform by using a second private key; a second receiving unit configured to receive, from a second platform, first double-encrypted information obtained by encrypting first single-encrypted information with the second private key; the first single encryption information is obtained by encrypting the first user information by the first platform by using the first private key; a matching unit configured to match the first dual encryption information and the second dual encryption information; a first establishing unit configured to establish an identifier hash mapping relationship between a first identifier hash and a second identifier hash based on a matching result, where the first identifier hash corresponds to a user identifier allocated to a first user by the first platform, and the second identifier hash corresponds to a user identifier allocated to a second user by the second platform; a third receiving unit configured to receive a tag query request including a user identification hash of a target user from the second platform; a determining unit, configured to determine a first service label of the target user based on the user identifier hash, the identifier hash mapping relationship, and a correspondence between a first identifier hash provided by the first platform and the first service label; and the sending unit is configured to send the first service tag of the target user to the second platform.
According to a fifth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of the first or second aspect.
According to a sixth aspect, there is provided a computing device comprising a memory and a processor, wherein the memory has stored therein executable code, and wherein the processor, when executing the executable code, implements the method of the first or second aspect.
According to the method and the device provided by the embodiment of the specification, the data privacy and safety are ensured, and meanwhile, the current platform can acquire the service labels of the same user on other platforms, so that the local service processing of the current platform is assisted.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 illustrates an implementation architecture diagram for determining an identified inter-hash mapping relationship, according to one embodiment;
FIG. 2 is a diagram illustrating the interaction steps of a business tag query method according to one embodiment;
FIG. 3 illustrates an apparatus diagram of a business tag query, according to one embodiment;
fig. 4 is a schematic structural diagram of a service tag inquiry apparatus according to another embodiment.
Detailed Description
The scheme provided by the specification is described below with reference to the accompanying drawings.
As previously mentioned, in many scenarios, newly registered users or inactive users, platforms or organizations often lack user data to make service tag determinations, and thus are not well suited for further service processing.
In view of this, the inventor proposes that if the same user has historical data in other platforms or organizations, the business processing can be assisted through the historical behaviors of the user in other platforms. For example, in a risk prevention and control scenario, for a newly registered user of the first payment platform, the first payment platform cannot perform risk analysis using historical data of the user, but in reality, if the risk that the user can make some kind of illegal action (such as gambling) in the second payment platform in relation to the user is high, the first payment platform can be assisted in performing risk prevention and control in the some kind of illegal action.
Further, the user data association between platforms needs to satisfy the requirements of data security, invisibility and the like for protecting the privacy of users. In view of the above, the inventor proposes a scheme for establishing an association relationship between user identities on different platforms. Fig. 1 is a diagram illustrating an implementation architecture for determining a mapping relationship between identification hashes according to an embodiment, as shown in fig. 1, a first platform stores user identifications and user information of P first users, a second platform stores user identifications and user information of Q second users, a central node may be a network node independent from the first platform and the second platform, where P and Q are positive integers, the user identifications are allocated by corresponding platforms, and the user information may include identity medium information strongly related to the user's individual, such as an identification number, a mobile phone number, and the like; the 1 st stage comprises steps 1.1 and 1.2, in step 1.1, the first platform sends P pieces of first single encryption information obtained by encrypting the user information of P first users by using a first private key to the second platform, and in step 1.2, the second platform sends Q pieces of second single encryption information obtained by encrypting the user information of Q second users by using a second private key to the second platform; the 2 nd stage includes steps 2.1 and 2.2, in step 2.1, the first platform sends Q pieces of second double encryption information obtained by re-encrypting Q pieces of second single encryption information by using the first private key, and P pieces of first identification hashes corresponding to the user identifications of the P pieces of first users to the central node, and in step 2.2, the second platform sends P pieces of first double encryption information obtained by re-encrypting the P pieces of first single encryption information by using the second private key, and Q pieces of second identification hashes corresponding to the user identifications of the Q pieces of second users to the central node. Therefore, the central node can match the Q pieces of received second double-encryption information with the P pieces of first double-encryption information, and obtains M pairs of identification hashes according to the matching result, wherein the M pairs of identification hashes reflect the mapping relation between the M first identification hashes and the M second identification hashes, and M is less than or equal to Q and M is less than or equal to P.
Therefore, the mapping relation between the user identification hashes among different platforms can be established, and the cross-platform sharing of the service label is further carried out based on the mapping relation.
In the following, steps of a service tag query method for implementing privacy protection disclosed in the embodiments of the present specification are described with reference to specific embodiments. Fig. 2 is a schematic diagram illustrating interaction steps of a service tag query method according to an embodiment, where an interaction subject involved in the method includes a first platform, a second platform, and a central node. It should be noted that any of the interaction partners may be implemented as any server or cluster of devices having computing and processing capabilities, etc. In one embodiment, in a wind control scenario, the first platform and the second platform may be service platforms and the central node may be a wind control center. In a particular embodiment, the service platform may be a payment platform. In another embodiment, in a content recommendation scenario, the first platform and the second platform may be content platforms and the central node may be a content recommendation center.
It should be noted that the terms "first" in the "first platform" and "second" in the "second platform" and the like are used herein to distinguish the same kind of things, and do not have other limitations such as ordering.
As shown in fig. 2, the method comprises the steps of:
step S201, the first platform encrypts the locally stored user information of the first user by using the first private key to obtain first single encrypted information. In one embodiment, a first private key held in a first platform and a second private key held in a second platform satisfy the interchangeability of encryption. That is, for the same data, the first private key is used for encryption first, and then the second private key is used for re-encryption, and the obtained double encryption result is consistent with the double encryption result obtained by using the second private key for encryption first, and then the first private key is used for re-encryption. In a specific embodiment, the first Private key may be generated by the first platform based on a Privacy Set Interaction (PSI) protocol, and similarly, the second Private key may be generated by the second platform based on the same PSI protocol.
In one embodiment, the user information may include media information strongly related to the personal identity of the user, such as an identification number, a mobile phone number, a passport number, and the like. Therefore, two associated users with the same user information in different platforms can be guaranteed to be the same user substantially. In a particular embodiment, the user information includes information in a single dimension, such as an identification number. In another specific embodiment, the user information includes a splicing result of information of multiple dimensions, for example, splicing information obtained by sequentially splicing a mobile phone number and a passport number.
In one embodiment, the first user may be one or more. In a specific embodiment, a plurality of pieces of user information corresponding to a plurality of first users are encrypted by using a first private key, so that a plurality of pieces of first single encrypted information can be obtained.
In the above, the first platform encrypts the user information of the local user by using the first private key held by the first platform, so as to obtain the first single encrypted information. Based on this, the first platform sends the first single encryption information to the second platform in step S203. In one embodiment, the first single encrypted message is a plurality of first encrypted messages, and accordingly, the first platform may transmit the plurality of first single encrypted messages arranged in a predetermined first order to the second platform.
In step S205, the second platform encrypts the first single encrypted message with the second private key to obtain a first double encrypted message. It should be noted that for the generation of the second private key, reference may be made to the foregoing related description. In one embodiment, the second platform encrypts the plurality of pieces of first single encryption information respectively by using a second private key to obtain a plurality of corresponding pieces of first double encryption information. Further, in step S207, the second platform sends the first dual encryption information to the central node. In one embodiment, the first dual encryption information is a plurality of pieces of first dual encryption information, and accordingly, the first platform may send the plurality of pieces of first dual encryption information arranged in the first order to the central node.
In this way, the central node can obtain the first dual encryption information generated by performing dual encryption on the user information of the first user in the first platform by using the first private key and the second private key. On the other hand, in step S209, the second platform encrypts the locally stored user information of the second user by using the second private key, to obtain second single encrypted information. In one embodiment, the second platform encrypts the user information of the plurality of second users respectively by using the second private key to obtain a plurality of pieces of second single encrypted information. In step S211, the second platform sends the second single encryption information to the first platform. In one embodiment, the second platform sends a plurality of pieces of second single encryption information arranged in a predetermined second order to the first platform. In step S213, the first platform encrypts the second single encrypted message with the first private key to obtain a second double encrypted message. In one embodiment, the first platform encrypts the plurality of pieces of second single encryption information respectively by using the first private key to obtain a plurality of corresponding pieces of second double encryption information. Further, in step S215, the first platform sends the second dual encryption information to the central node. In one embodiment, the first platform may send a plurality of pieces of second double-encryption information arranged in the second order to the central node. Note that, for the description of step S209, step S211, step S213, and step S215, reference may also be made to the description of the foregoing steps. In this way, the central node can obtain second double-encryption information generated by double-encrypting the user information of the second user in the second platform by using the first private key and the second private key.
After receiving the first dual encryption information and the second dual encryption information, the central node matches the first dual encryption information and the second dual encryption information in step S217. In one embodiment, the first dual encryption information and the second dual encryption information are both single pieces of information, and accordingly, whether the two pieces of information are the same or not can be judged. In another embodiment, the first double encryption information or the second double encryption information is a plurality of pieces of information, and accordingly, the same first double encryption information and second double encryption information can be determined therefrom.
Step S219, the central node establishes an identifier hash mapping relationship between the first identifier hash and the second identifier hash based on the matching result. In an embodiment, the first dual encryption information and the second dual encryption information are both single pieces, and accordingly, the matching result may be a matching success (the two pieces of encryption information are the same), or a matching failure (the two pieces of encryption information are different), and further, in case of a matching success, an identifier hash mapping relationship between the first identifier hash and the second identifier hash is established; and under the condition of failed matching, matching again after receiving more double-encryption information subsequently.
In another embodiment, the first dual encryption information or the second dual encryption information is a plurality of pieces of information, and accordingly, the matching result may include a plurality of pairs of successfully matched dual encryption information, and the identifier hash mapping relationship between the first identifier hash and the second identifier hash is established based on the plurality of pairs of dual encryption information.
The first identifier hash corresponds to a user identifier distributed to a first user by a first platform, and the second identifier hash corresponds to a user identifier distributed to a second user by a second platform. In a specific embodiment, the first platform calculates a hash value of a user identifier of the first user by using a hash algorithm to obtain a first identifier hash; and the second platform calculates the hash value represented by the user of the second user by using a hash algorithm to obtain a second representation hash. In another specific embodiment, the first platform calculates a hash value of the user identifier of the first user by using a hash algorithm, and further calculates a hash value of a sum between the hash value and a first sequence of values generated randomly as the first identifier hash; the second platform calculates the hash value of the user identifier of the second user by using a hash algorithm, and further calculates the hash value of the sum between the hash value and a second sequence value generated randomly as the second identifier hash. Thus, even if the first identifier hash and the second identifier hash stored in the central node are leaked, a lawbreaker cannot violently break the corresponding user identifier.
In one embodiment, before step S219, the method may further include: the central node receives the first identification hash from the first platform and establishes a first mapping relation between the first identification hash and the first double-encryption information; and the central node receives the second identification hash from the second platform and establishes a second mapping relation between the second identification hash and the second double-encryption information. In one embodiment, the central node receives a plurality of first identification hashes arranged in the first order, and thus, a first mapping relationship between the first identification hashes and the first double-encrypted information may be established based on a plurality of first double-encrypted information arranged in the first order. Similarly, the central node receives a plurality of second identification hashes arranged according to the second order, so that a first mapping relation between the second identification hashes and the second double-encryption information can be established based on a plurality of second double-encryption information arranged according to the second order. It should be understood that the identification hash associated with the mapping and the dual encryption information correspond to the same user.
Further, in a specific embodiment, the step may include: and under the condition that the first double-encryption information and the second double-encryption information are successfully matched, determining a corresponding first identification hash and a corresponding second identification hash based on the first mapping relation and the second mapping relation respectively, and establishing a mapping relation between the first identification hash and the second identification hash.
In the above way, the central node may establish an identifier hash mapping relationship between the first identifier hash and the second identifier hash, and further be used for cross-platform query of the service label.
In step S221, the second platform sends a tag query request to the central node, which includes the user identification hash of the target user. In one embodiment, the target user may be any one of the plurality of second users in the second platform. In a specific embodiment, the second platform stores the plurality of user identifiers of the plurality of second users in association with the plurality of second identifier hashes calculated correspondingly, and based on this, the corresponding second identifier hashes can be determined according to the user identifier of the target user, and are used as the user identifier hashes of the target user.
In step S223, the central node determines the first service label of the target user based on the user identifier hash, the identifier hash mapping relationship, and the corresponding relationship between the first identifier hash provided by the first platform and the first service label.
The generation mode of the first service label in the first platform can be obtained through a manual marking mode or a machine learning mode. In one embodiment, the first platform inputs a plurality of user sample features corresponding to a plurality of first users into a trained service prediction model respectively to obtain a plurality of first service labels corresponding to the plurality of first users. In a specific embodiment, the feature item corresponding to the user sample feature may be issued by the central node. In a more specific embodiment, the characteristic items may include gender, age, occupation, frequent residence, transaction amount, platform liveness (average daily on-line duration, average daily login number), and the like. In a specific embodiment, the model structure or algorithm used by the business prediction model may be obtained by the first platform selecting autonomously and then training with local training data. In another specific embodiment, the central node may directly issue the trained service prediction model to the first platform for use. In yet another specific embodiment, the business prediction model may be obtained by performing federal learning on a plurality of platforms by using a multi-party security computing MPC technique based on local training data. Thus, the first platform can obtain a plurality of first service labels corresponding to a plurality of first users, and further establish a corresponding relation between a plurality of first identification hashes and the plurality of first service labels.
Further, the central node may determine, based on the correspondence and the identifier hash mapping relationship, a first service label corresponding to the user identifier hash of the target user on the second platform.
In one embodiment, the central node may determine, based on an identifier hash mapping relationship between the first identifier hash and the second identifier hash, a first identifier hash corresponding to the user identifier hash of the target user on the second platform, and then determine the first service label of the target user according to a correspondence relationship between the first identifier hash and the first service label provided by the first platform. Regarding the correspondence between the first identifier hash and the first service label, wherein multiple first identifier hashes and multiple first service labels may be involved, in a specific embodiment, the first identifier hash and the multiple first service labels may be sent from the first platform to the central node before step S223, and in another specific embodiment, in step S223, after determining the first identifier hash corresponding to the user identifier hash, the central node sends the first identifier hash to the first platform, and then receives the first service label from the first platform, and establishes the correspondence between the first identifier hash and the first service label.
In another embodiment, this step may include: the central node determines a cross-platform mapping relation between the second hash identification and the first service label based on the identification hash mapping relation and the corresponding relation; and further determining a first service label corresponding to the user identification hash of the target user on the second platform based on the cross-platform mapping relation.
In the above, the central node may determine the first service label of the target user on the first platform. Further, in step S225, the central node sends the first service tag of the target user to the second platform. Thus, the second platform can acquire the first service label of the target user on the first platform and use the first service label to assist local service processing for the target user.
It should be noted that, according to another embodiment, the step S207 may be replaced by: the second platform sends the first double-encryption information to the first platform, and the first platform further sends the first double-encryption information and a first identification hash which also corresponds to the first user to the central node together, so that the central node performs associated storage on the first double-encryption information and the first identification hash, and a first mapping relation between the first double-encryption information and the first identification hash is established. Likewise, the step S215 may be replaced with: and the second platform sends the second double-encryption information and a second identification hash which also corresponds to a second user to the central node together, so that the central node performs associated storage on the second double-encryption information and the second identification hash, and a second mapping relation between the second double-encryption information and the second identification hash is established.
In addition, the second platform may also provide the central node with a mapping relationship between the second identification hash and the second service label, so that the central node may process the query request of the cross-platform service label from the first platform. In addition, the execution order of the steps is not limited uniquely, and any order that can ensure the smooth implementation of the recipe can be used.
In summary, by using the service tag query method disclosed in this specification, the current platform can acquire the service tags of the same user on other platforms on the premise of ensuring data privacy and security, thereby assisting the local service processing of the current platform.
Corresponding to the service inquiry method, the embodiment of the specification also discloses a service inquiry device. The method comprises the following specific steps:
fig. 3 is a schematic structural diagram of a device for service tag query according to an embodiment, the device being integrated in the second platform. As shown in fig. 3, the apparatus 300 includes:
a first encryption unit 302, configured to encrypt, by using a second private key, user information of a second user locally stored by the second platform, to obtain second single encrypted information; a first sending unit 304, configured to send the second single encrypted information to a first platform, so that the first platform encrypts the second single encrypted information by using a first private key to obtain second double encrypted information; a first receiving unit 306, configured to receive first single encrypted information from the first platform, where the first single encrypted information is obtained by encrypting, by using the first private key, user information of a first user locally stored in the first platform; a second encryption unit 308 configured to encrypt the first single encrypted information with a second private key to obtain a first double encrypted information; a second sending unit 310, configured to send the first dual encryption information to a central node, so that the central node matches the first dual encryption information with the second dual encryption information, and establishes an identifier hash mapping relationship between a first identifier hash and a second identifier hash based on a matching result, where the first identifier hash corresponds to a user identifier allocated to the first user by the first platform, and the second identifier hash corresponds to a user identifier allocated to the second user by the second platform; a third sending unit 312, configured to send a tag query request to the central node, where the tag query request includes a user identification hash of a target user; a second receiving unit 314 configured to receive, from the central node, the first service label of the target user, which is determined by the central node based on the user identification hash, the identification hash mapping relationship, and a correspondence between the first identification hash provided by the first platform and the first service label.
In one embodiment, the user information comprises at least one of: identification number, cell phone number, and passport number.
In an embodiment, the first service label is obtained by the first platform inputting a user sample characteristic corresponding to the first user into a service prediction model issued by the central node.
In one embodiment, the first service tag is obtained by the first platform inputting a user sample feature corresponding to the first user into a service prediction model deployed locally.
In a specific embodiment, the feature items corresponding to the user sample features are issued by the central node.
In one embodiment, the apparatus further comprises: a calculating unit 316 configured to calculate a second identifier hash corresponding to the second user identifier; a fourth sending unit 318, configured to send the second identifier hash to the central node, so that the central node performs associated storage on the second identifier hash and the second dual encryption information, so as to establish the identifier hash mapping relationship.
Fig. 4 is a schematic structural diagram of a service tag query device according to another embodiment, which is integrated in the central node. As shown in fig. 4, the apparatus 400 includes:
a first receiving unit 401 configured to receive, from the first platform, second double-encrypted information obtained by encrypting second single-encrypted information with a first private key; the second single encrypted information is obtained by encrypting second user information by a second platform by using a second private key; a second receiving unit 403 configured to receive, from the second platform, first double-encrypted information obtained by encrypting the first single-encrypted information with the second private key; the first single encryption information is obtained by encrypting the first user information by the first platform by using the first private key; a matching unit 405 configured to match the first dual encryption information and the second dual encryption information; a first establishing unit 407 configured to establish an identifier hash mapping relationship between a first identifier hash and a second identifier hash based on the matching result, where the first identifier hash corresponds to the user identifier allocated by the first platform to the first user, and the second identifier hash corresponds to the user identifier allocated by the second platform to the second user; a third receiving unit 409 configured to receive a tag query request from the second platform, which includes a user identification hash of a target user; a determining unit 411, configured to determine a first service label of the target user based on the user identifier hash, the identifier hash mapping relationship, and a correspondence between a first identifier hash provided by the first platform and the first service label; a sending unit 413 configured to send the first service label of the target user to the second platform.
In one embodiment, the apparatus 400 further comprises: a third receiving unit 415 configured to receive the first identification hash from the first platform; a second establishing unit 417 configured to establish a first mapping relationship between the first identification hash and first double encryption information; a fourth receiving unit 419 configured to receive the second identification hash from the second platform; the second establishing unit 417 is further configured to establish a second mapping relationship between the second identification hash and second double encryption information; the first establishing unit 407 is specifically configured to: and under the condition that the first double-encryption information and the second double-encryption information are successfully matched, determining a corresponding first identification hash and a corresponding second identification hash based on the first mapping relation and the second mapping relation respectively, and establishing the mapping relation between the first identification hash and the second identification hash.
In one embodiment, the apparatus 400 further comprises: a fifth receiving unit 419 configured to receive the first identification hash and the first traffic label from the first platform; a third establishing unit 421 configured to establish the corresponding relationship.
In an embodiment, the determining unit 411 is specifically configured to: determining a cross-platform mapping relationship between the second hash identifier and the first service label based on the identifier hash mapping relationship and the corresponding relationship; and determining a first service label corresponding to the target user based on the cross-platform mapping relation.
According to an embodiment of another aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method described in connection with fig. 2.
According to an embodiment of yet another aspect, there is also provided a computing device comprising a memory having stored therein executable code, and a processor that, when executing the executable code, implements the method described in connection with fig. 2.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.

Claims (22)

1. A business label query method for realizing privacy protection relates to a first platform, a second platform and a central node, and the method is applied to the second platform and comprises the following steps:
encrypting the user information of the second user locally stored by the second platform by using a second private key to obtain second single encrypted information;
sending the second single encryption information to the first platform so as to encrypt the second single encryption information by using a first private key to obtain second double encryption information;
receiving first single encryption information from the first platform, wherein the first single encryption information is obtained by encrypting user information of a first user locally stored in the first platform by using the first private key;
encrypting the first single encrypted information by using a second private key to obtain first double encrypted information;
sending the first double-encryption information to the central node so that the central node matches the first double-encryption information with the second double-encryption information, and establishing an identification hash mapping relation between a first identification hash and a second identification hash based on a matching result, wherein the first identification hash corresponds to a user identification distributed to a first user by the first platform, and the second identification hash corresponds to a user identification distributed to a second user by the second platform;
sending a label query request to the central node, wherein the label query request comprises a user identification hash of a target user;
receiving a first service label of the target user from the central node, which is determined by the central node based on the user identification hash, the identification hash mapping relationship, and a correspondence between a first identification hash provided by the first platform and the first service label.
2. The method of claim 1, wherein the user information comprises at least one of: identification number, cell phone number, and passport number.
3. The method of claim 1, wherein the first service label is obtained by the first platform inputting a user sample characteristic corresponding to the first user into a service prediction model delivered by the central node.
4. The method of claim 1, wherein the first service label is obtained by the first platform inputting a user sample feature corresponding to the first user into a locally deployed service prediction model.
5. The method of claim 4, wherein the feature items corresponding to the user sample features are issued by the central node.
6. The method of claim 1, wherein prior to sending a tag query request to the central node, the method further comprises:
calculating a second identifier hash corresponding to the second user identifier;
and sending the second identification hash to the central node so as to enable the central node to perform associated storage on the second identification hash and second double-encryption information, and establishing an identification hash mapping relation.
7. A business label query method for realizing privacy protection relates to a first platform, a second platform and a central node, and the method is applied to the central node and comprises the following steps:
receiving second double-encryption information obtained by encrypting the second single-encryption information by using a first private key from the first platform; the second single encrypted information is obtained by encrypting second user information by a second platform by using a second private key;
receiving first double-encryption information obtained by encrypting first single-encryption information by using the second private key from a second platform; the first single encryption information is obtained by encrypting the first user information by the first platform by using the first private key;
matching the first double-encryption information and the second double-encryption information, and establishing an identification hash mapping relation between a first identification hash and a second identification hash based on a matching result, wherein the first identification hash corresponds to a user identification distributed to a first user by the first platform, and the second identification hash corresponds to a user identification distributed to a second user by the second platform;
receiving a tag query request from the second platform that includes a user identification hash of a target user;
and determining a first service label of the target user based on the user identification hash, the identification hash mapping relation and the corresponding relation between the first identification hash and the first service label provided by the first platform, and sending the first service label to the second platform.
8. The method of claim 7, wherein prior to matching the first dual encryption information and the second dual encryption information, the method further comprises:
receiving the first identification hash from the first platform, and establishing a first mapping relation between the first identification hash and first double-encryption information;
receiving the second identification hash from the second platform, and establishing a second mapping relation between the second identification hash and second double-encryption information;
wherein, establishing an identifier hash mapping relationship between the first identifier hash and the second identifier hash based on the matching result comprises:
and under the condition that the first double-encryption information and the second double-encryption information are successfully matched, determining a corresponding first identification hash and a corresponding second identification hash based on the first mapping relation and the second mapping relation respectively, and establishing the mapping relation between the first identification hash and the second identification hash.
9. The method of claim 7, wherein prior to determining the first business label of the target user, the method further comprises:
and receiving the first identification hash and the first service label from the first platform, and establishing the corresponding relation.
10. The method of claim 7, wherein determining the first service label of the target user based on the second identification hash, the identification hash mapping relationship, and the correspondence between the first identification hash provided by the first platform and the first service label comprises:
determining a cross-platform mapping relationship between the second hash identifier and the first service label based on the identifier hash mapping relationship and the corresponding relationship;
and determining a first service label corresponding to the target user based on the cross-platform mapping relation.
11. A service tag query device for implementing privacy protection, the device being integrated in a second platform, comprising:
the first encryption unit is configured to encrypt user information of a second user locally stored in the second platform by using a second private key to obtain second single encryption information;
the first sending unit is configured to send the second single encrypted information to a first platform so as to encrypt the second single encrypted information by using a first private key to obtain second double encrypted information;
a first receiving unit configured to receive first single encrypted information, which is obtained by encrypting user information of a first user locally stored in the first platform by using the first private key, from the first platform;
the second encryption unit is configured to encrypt the first single encryption information by using a second private key to obtain first double encryption information;
a second sending unit, configured to send the first dual encryption information to a central node, so that the central node matches the first dual encryption information with the second dual encryption information, and establishes an identifier hash mapping relationship between a first identifier hash and a second identifier hash based on a matching result, where the first identifier hash corresponds to a user identifier allocated to a first user by the first platform, and the second identifier hash corresponds to a user identifier allocated to a second user by the second platform;
a third sending unit, configured to send a tag query request to the central node, where the tag query request includes a user identification hash of a target user;
a second receiving unit configured to receive, from the central node, the first service label of the target user, which is determined by the central node based on the user identification hash, the identification hash mapping relationship, and a correspondence between the first identification hash provided by the first platform and the first service label.
12. The apparatus of claim 11, wherein the user information comprises at least one of: identification number, cell phone number, and passport number.
13. The apparatus of claim 11, wherein the first service label is obtained by the first platform inputting a user sample characteristic corresponding to the first user into a service prediction model delivered by the central node.
14. The apparatus of claim 11, wherein the first service label is derived by the first platform inputting a user sample feature corresponding to the first user into a locally deployed service prediction model.
15. The apparatus of claim 14, wherein the feature items corresponding to the user sample features are issued by the central node.
16. The apparatus of claim 11, wherein the apparatus further comprises:
the calculating unit is configured to calculate a second identifier hash corresponding to the second user identifier;
and the fourth sending unit is configured to send the second identifier hash to the central node, so that the central node performs associated storage on the second identifier hash and second double-encryption information, and is used for establishing the identifier hash mapping relationship.
17. A service tag query device for implementing privacy protection, the device being integrated in a central node, comprising:
a first receiving unit configured to receive second double encryption information obtained by encrypting second single encryption information with a first private key from a first platform; the second single encrypted information is obtained by encrypting second user information by a second platform by using a second private key;
a second receiving unit configured to receive, from a second platform, first double-encrypted information obtained by encrypting first single-encrypted information with the second private key; the first single encryption information is obtained by encrypting the first user information by the first platform by using the first private key;
a matching unit configured to match the first dual encryption information and the second dual encryption information;
a first establishing unit configured to establish an identifier hash mapping relationship between a first identifier hash and a second identifier hash based on a matching result, where the first identifier hash corresponds to a user identifier allocated to a first user by the first platform, and the second identifier hash corresponds to a user identifier allocated to a second user by the second platform;
a third receiving unit configured to receive a tag query request including a user identification hash of a target user from the second platform;
a determining unit, configured to determine a first service label of the target user based on the user identifier hash, the identifier hash mapping relationship, and a correspondence between a first identifier hash provided by the first platform and the first service label;
and the sending unit is configured to send the first service tag of the target user to the second platform.
18. The apparatus of claim 17, wherein the apparatus further comprises:
a third receiving unit configured to receive the first identification hash from the first platform;
the second establishing unit is configured to establish a first mapping relation between the first identification hash and the first double-encryption information;
a fourth receiving unit configured to receive the second identification hash from the second platform;
the second establishing unit is further configured to establish a second mapping relationship between the second identification hash and second double encryption information;
wherein the first establishing unit is specifically configured to:
and under the condition that the first double-encryption information and the second double-encryption information are successfully matched, determining a corresponding first identification hash and a corresponding second identification hash based on the first mapping relation and the second mapping relation respectively, and establishing the mapping relation between the first identification hash and the second identification hash.
19. The apparatus of claim 17, wherein the apparatus further comprises:
a fifth receiving unit configured to receive the first identification hash and the first service label from the first platform;
and the third establishing unit is configured to establish the corresponding relation.
20. The apparatus according to claim 17, wherein the determining unit is specifically configured to:
determining a cross-platform mapping relationship between the second hash identifier and the first service label based on the identifier hash mapping relationship and the corresponding relationship;
and determining a first service label corresponding to the target user based on the cross-platform mapping relation.
21. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-10.
22. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code that when executed by the processor implements the method of any of claims 1-10.
CN202110264607.0A 2021-03-11 2021-03-11 Business label query method and device for realizing privacy protection Active CN112966168B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110264607.0A CN112966168B (en) 2021-03-11 2021-03-11 Business label query method and device for realizing privacy protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110264607.0A CN112966168B (en) 2021-03-11 2021-03-11 Business label query method and device for realizing privacy protection

Publications (2)

Publication Number Publication Date
CN112966168A CN112966168A (en) 2021-06-15
CN112966168B true CN112966168B (en) 2022-05-17

Family

ID=76277232

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110264607.0A Active CN112966168B (en) 2021-03-11 2021-03-11 Business label query method and device for realizing privacy protection

Country Status (1)

Country Link
CN (1) CN112966168B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113542247B (en) * 2021-07-06 2022-11-29 建信金融科技有限责任公司 Service pushing method, device and equipment based on data encryption
US11943354B2 (en) 2021-07-20 2024-03-26 Snap Inc. Privacy safe joint identification protocol
CN113627085B (en) * 2021-08-20 2024-01-09 深圳前海微众银行股份有限公司 Transverse federal learning modeling optimization method, equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9378382B1 (en) * 2013-10-31 2016-06-28 Washington University Methods and systems for encrypting private datasets using cryptosets
CN110096899A (en) * 2019-04-29 2019-08-06 腾讯科技(深圳)有限公司 A kind of data query method and device
CN110263575A (en) * 2019-06-21 2019-09-20 上海富数科技有限公司 The method for realizing data fusion and data-privacy protection based on hash algorithm and session control
CN110309668A (en) * 2019-05-16 2019-10-08 深圳市白唇鹿科技有限公司 Multi-platform data managing method, device, computer equipment and storage medium
CN111935163A (en) * 2020-08-14 2020-11-13 支付宝(杭州)信息技术有限公司 Data joint processing method and device for protecting privacy

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10229285B2 (en) * 2016-03-22 2019-03-12 International Business Machines Corporation Privacy enhanced central data storage
US10581808B2 (en) * 2017-03-23 2020-03-03 Microsoft Technology Licensing, Llc Keyed hash contact table
WO2020100118A1 (en) * 2018-11-15 2020-05-22 Ravel Technologies SARL Cryptographic anonymization for zero-knowledge advertising methods, apparatus, and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9378382B1 (en) * 2013-10-31 2016-06-28 Washington University Methods and systems for encrypting private datasets using cryptosets
CN110096899A (en) * 2019-04-29 2019-08-06 腾讯科技(深圳)有限公司 A kind of data query method and device
CN110309668A (en) * 2019-05-16 2019-10-08 深圳市白唇鹿科技有限公司 Multi-platform data managing method, device, computer equipment and storage medium
CN110263575A (en) * 2019-06-21 2019-09-20 上海富数科技有限公司 The method for realizing data fusion and data-privacy protection based on hash algorithm and session control
CN111935163A (en) * 2020-08-14 2020-11-13 支付宝(杭州)信息技术有限公司 Data joint processing method and device for protecting privacy

Also Published As

Publication number Publication date
CN112966168A (en) 2021-06-15

Similar Documents

Publication Publication Date Title
CN112966168B (en) Business label query method and device for realizing privacy protection
CN109886417B (en) Model parameter training method, device, equipment and medium based on federal learning
CN109257342B (en) Block chain cross-chain authentication method, system, server and readable storage medium
CN111178884B (en) Information processing method, device, equipment and readable storage medium
CN111130798B (en) Request authentication method and related equipment
CN111612167B (en) Combined training method, device, equipment and storage medium of machine learning model
CA2958433C (en) Private data management system and method therefor
CN107666470B (en) Verification information processing method and device
CN106548338B (en) Method and system for transferring resource numerical value
CN105262773A (en) A verification method and apparatus for an IOT system
CN117349895B (en) Block chain-based automobile financial digital archive management method and device
CN113569263A (en) Secure processing method and device for cross-private-domain data and electronic equipment
CN105553942B (en) Using the method and system jumped
CN110213202B (en) Identification encryption matching method and device, and identification processing method and device
CN113609147B (en) Data sharing method and device and electronic equipment
CN111585995A (en) Method and device for transmitting and processing safety wind control information, computer equipment and storage medium
CN106921557B (en) Mail sending method and equipment
CN113420230B (en) Group chat-based matching consultation pushing method, related device, equipment and medium
US20170244753A1 (en) Establishing a secure data exchange channel
CN116647345A (en) Method and device for generating permission token, storage medium and computer equipment
CN113051585B (en) Data verification method and device, electronic equipment and storage medium
CN108513272A (en) Method for processing short messages and device
CN113973508B (en) Preventing data manipulation and protecting user privacy in telecommunications network measurements
CN112291712B (en) Data processing method and system
CN111754233A (en) Electronic payment method and system based on multi-party signature

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant