Search

CN-116527335-B - Data and financial data security and credibility fusion method and device based on privacy protection

CN116527335BCN 116527335 BCN116527335 BCN 116527335BCN-116527335-B

Abstract

The embodiment of the invention relates to a data fusion method and a data fusion device based on privacy protection, wherein the method comprises the steps of sending a data conversion scheme and a secret key to at least two participant terminals from at least a first trusted execution environment; the method comprises the steps of receiving encryption submatrices sent by at least two participant terminals, matching the encryption submatrices sent by each participant terminal at least in a first trusted execution environment, classifying the encryption data in the encryption submatrices according to a matching result to obtain data to be supplemented, data to be fused and similar data, adding marks, sending the marks to each participant terminal, receiving updated submatrices sent by each participant terminal, processing the data of the updated submatrices, and generating a contribution matrix based on data fusion according to a data processing result. According to the technical scheme provided by the embodiment of the invention, the data is not exposed to other participants while the data fusion of the multiple participants is realized, so that the safety of the data is ensured.

Inventors

  • ZHENG HAO
  • WANG SHUANG
  • SUN QI
  • WANG SHUAI
  • LI ZHI

Assignees

  • 杭州锘崴信息科技有限公司

Dates

Publication Date
20260512
Application Date
20230407

Claims (8)

  1. 1. The data fusion method based on privacy protection is characterized by being applied to a server side and comprising the following steps: Transmitting a first data conversion scheme and a second data conversion scheme and a first key and a second key to at least two participant terminals from at least a first trusted execution environment, so that each participant terminal at least adopts the first data conversion scheme to perform data conversion on a local first sub-matrix and adopts the first key to encrypt the first sub-matrix to form a first encrypted sub-matrix, and adopts the second data conversion scheme to perform data conversion on a local second sub-matrix and adopts the second key to encrypt the second encrypted sub-matrix; receiving at least a first encryption sub-matrix and a second encryption sub-matrix sent by at least two participant terminals; Matching a first encryption submatrix sent by each participant terminal in at least a first trusted execution environment, classifying the encryption data in the first encryption submatrix according to a matching result to obtain data to be supplemented, data to be fused and similar data, adding a mark, matching a second encryption submatrix sent by each participant terminal in a second trusted execution environment, classifying the encryption data in the second encryption submatrix according to the matching result to obtain the data to be supplemented, the data to be fused and similar data, and adding the mark; Sending the marks to each participant terminal so that each participant terminal screens out data to be fused and data to be supplemented according to the marks to form an updated sub-matrix; receiving updated sub-matrixes sent by each participant terminal, and processing the data of the updated sub-matrixes according to the marks corresponding to the data; generating a contribution matrix based on data fusion according to the result of data processing so as to provide the contribution matrix for a participant terminal with a trusted execution environment; The first data conversion scheme and the second data conversion scheme respectively comprise the steps of reserving and not converting data with the data value of 0, converting the data with the data value of not 0 into an array comprising a plurality of data, wherein the difference value between each data value in the array and the data value of the data is smaller than a conversion threshold value; The marking comprises the steps of taking information with the data of 0 in each encryption submatrix as data to be supplemented and marking the data as a first type, taking information with the same number of the data with the same position in each encryption submatrix being greater than or equal to a first threshold value as similar data and marking the information as a second type, taking the information of the rest data in each encryption submatrix as data to be fused and marking the information as a third type; The method further comprises the steps of supplementing the data to be supplemented, marked as the first type, by adopting the data of other participants, fusing the data to be fused, marked as the third type, by adopting the data of a plurality of participants, and rejecting any participant terminal to fuse the data if the data to be supplemented by the participant terminal is greater than or equal to a second threshold value.
  2. 2. The method of claim 1, wherein processing the data of the updated sub-matrix according to the indicia corresponding to the data comprises: receiving at least two first matrix components respectively transmitted by at least a first participant side and a second participant side from a second trusted execution environment, wherein the first matrix components are generated by each participant side according to the local screening data of a full matrix transmitted by a server side; Establishing an intermediate matrix according to the first matrix component in a second trusted execution environment, determining a first mapping and a second mapping of the first matrix component of at least two participant terminals to the intermediate matrix, and transmitting the first mapping and the second mapping to the first trusted execution environment, so that the first trusted execution environment performs data supplementation and data fusion according to the first mapping and the second mapping; the method further comprises the steps of: receiving at least two second matrix components respectively transmitted by at least a first participant terminal and a second participant terminal from a first trusted execution environment, wherein the second matrix components are generated by each participant terminal according to the local screening data of a full matrix transmitted by a server terminal; And receiving the first mapping and the second mapping sent by the second trusted execution environment from the first trusted execution environment, and supplementing or fusing the data according to different data types.
  3. 3. The method of claim 2, further comprising, in the first trusted execution environment, Determining contribution matrixes of data of other participant terminals to data of the target participant terminal; Converting the contribution matrix into a first contribution matrix corresponding to the first matrix component of the first participant side and a second contribution matrix corresponding to the first matrix component of the second participant side according to the first mapping and the second mapping; The first contribution matrix and the second contribution matrix are stored for provision to a participant side having a trusted execution environment, where they are used in accordance with the first matrix component and the second contribution matrix.
  4. 4. The data fusion method based on privacy protection is characterized by being applied to a participant side and comprising the following steps: Generating an object feature matrix according to the data features of the local data; splitting the object feature matrix into at least a first sub-matrix and a second sub-matrix according to a predetermined data rule; Receiving at least a first data conversion scheme and a second data conversion scheme, and a first key and a second key sent by a server side; at least adopting a first data conversion scheme to perform data conversion on the first submatrix and encrypt the first submatrix by adopting a first key to obtain a first encrypted submatrix, adopting a second data conversion scheme to perform data conversion on the second submatrix and encrypt the second submatrix by adopting a second key to obtain a second encrypted submatrix; At least a first encryption sub-matrix and a second encryption sub-matrix are respectively sent to a first trusted execution environment and a second trusted execution environment of a server side, so that the server side carries out data processing on the corresponding encryption sub-matrix in the trusted execution environment; the method further comprises the steps of: receiving a full matrix sent by a server side; the corresponding data are screened locally according to the full matrix, and a matrix to be uploaded is formed; converting the matrix to be uploaded into a first matrix component and a second matrix component, and multiplying the first matrix component and the second matrix component to form the matrix to be uploaded; Uploading the first matrix component to a second trusted execution environment of the server side, and uploading the second matrix component to the first trusted execution environment of the server side, so that the server side determines a contribution matrix according to the first matrix component and the second matrix component; The first data conversion scheme and the second data conversion scheme respectively comprise the steps of reserving and not converting data with the data value of 0, converting the data with the data value of not 0 into an array comprising a plurality of data, wherein the difference value between each data value in the array and the data value of the data is smaller than a conversion threshold value, and encrypting the data in the converted submatrix respectively.
  5. 5. The method according to claim 4, wherein the method further comprises: the local data is format unified according to a predetermined data format rule before the object feature matrix is generated.
  6. 6. A method for recommending based on the data fusion method of any one of claims 1-3, applied to a server side, comprising: establishing a trusted execution environment; obtaining a first analysis result using the contribution matrix and the first matrix component in the trusted execution environment; Receiving a second analysis result sent by at least one participant terminal, wherein the second analysis result is obtained by the participant terminal locally adopting data of an unfused part in the submatrix; and generating a comprehensive recommendation result by adopting the first analysis result and the second analysis result.
  7. 7. The financial data fusion method based on privacy protection is characterized by being applied to a server side and comprising the following steps: Obtaining user permissions of all party terminals, wherein each party terminal locally comprises financial user preference portrait data; Transmitting a first data conversion scheme and a first key to at least two participant terminals from a first trusted execution environment, so that each participant terminal at least adopts the first data conversion scheme to perform data conversion on a local first sub-matrix and adopts the first key to encrypt, adopts a second data conversion scheme to perform data conversion on a local second sub-matrix and adopts the second key to encrypt; receiving at least a first encryption sub-matrix and a second encryption sub-matrix sent by at least two participant terminals; Matching the first encryption submatrices sent by each participant terminal in at least a first trusted execution environment, classifying the encryption data in the first encryption submatrices according to a matching result to obtain data to be supplemented, data to be fused and similar data, adding a mark, and marking the data in the second encryption submatrices sent by each participant terminal by adopting different data types in a second trusted execution environment; Sending the marks to each participant terminal so that each participant terminal screens out data to be fused and data to be supplemented according to the marks to form an updated sub-matrix; receiving updated sub-matrixes sent by each participant terminal, and processing the data of the updated sub-matrixes; generating a contribution matrix based on financial data fusion according to the data processing result so as to provide the contribution matrix for a participant terminal with a trusted execution environment; The first data conversion scheme and the second data conversion scheme respectively comprise the steps of reserving and not converting data with the data value of 0, converting the data with the data value of not 0 into an array comprising a plurality of data, wherein the difference value between each data value in the array and the data value of the data is smaller than a conversion threshold value; The marking comprises the steps of taking information with the data of 0 in each encryption submatrix as data to be supplemented and marking the data as a first type, taking information with the same number of the data with the same position in each encryption submatrix being greater than or equal to a first threshold value as similar data and marking the information as a second type, taking the information of the rest data in each encryption submatrix as data to be fused and marking the information as a third type; The method further comprises the steps of supplementing the data to be supplemented, marked as the first type, by adopting the data of other participants, fusing the data to be fused, marked as the third type, by adopting the data of a plurality of participants, and rejecting any participant terminal to fuse the data if the data to be supplemented by the participant terminal is greater than or equal to a second threshold value.
  8. 8. The data fusion device based on privacy protection is characterized by being applied to a server side and comprising: the system comprises a data conversion rule determining module, a data conversion rule generating module and a data processing module, wherein the data conversion rule determining module is used for at least transmitting a first data conversion scheme, a second data conversion scheme, a first key and a second key from a first trusted execution environment to at least two participant terminals, so that each participant terminal at least adopts the first data conversion scheme to perform data conversion on a local first sub-matrix and adopts the first key to encrypt the first sub-matrix to form a first encrypted sub-matrix, and adopts the second data conversion scheme to perform data conversion on a local second sub-matrix and adopts the second key to encrypt the second encrypted sub-matrix; The data marking module is used for receiving at least a first encryption submatrix and a second encryption submatrix which are sent by at least two participant terminals; matching a first encryption submatrix sent by each participant terminal in at least a first trusted execution environment, classifying the encryption data in the first encryption submatrix according to a matching result to obtain data to be supplemented, data to be fused and similar data, adding a mark, matching a second encryption submatrix sent by each participant terminal in a second trusted execution environment, classifying the encryption data in the second encryption submatrix according to the matching result to obtain the data to be supplemented, the data to be fused and similar data, and adding the mark; the data processing module is used for sending the marks to each participant terminal so that each participant terminal can screen out data to be fused and data to be supplemented according to the marks to form an updated submatrix, receiving the updated submatrix sent by each participant terminal, processing the data of the updated submatrix according to the marks corresponding to the data, and generating a contribution matrix based on data fusion according to the data processing result so as to be provided for the participant terminal with a trusted execution environment; The first data conversion scheme and the second data conversion scheme respectively comprise the steps of reserving and not converting data with the data value of 0, converting the data with the data value of not 0 into an array comprising a plurality of data, wherein the difference value between each data value in the array and the data value of the data is smaller than a conversion threshold value; The marking comprises the steps of taking information with the data of 0 in each encryption submatrix as data to be supplemented and marking the data as a first type, taking information with the same number of the data with the same position in each encryption submatrix being greater than or equal to a first threshold value as similar data and marking the information as a second type, taking the information of the rest data in each encryption submatrix as data to be fused and marking the information as a third type; The data processing module is used for supplementing the data to be supplemented, marked as the first type, by adopting the data of other participants, carrying out fusion processing on the data to be fused, marked as the third type, by adopting the data of a plurality of participants, and rejecting the participant terminal to carry out data fusion if the data to be supplemented of any participant terminal is greater than or equal to a second threshold value.

Description

Data and financial data security and credibility fusion method and device based on privacy protection Technical Field The embodiment of the invention relates to the technical field of privacy data processing, in particular to a data and financial data security and credibility fusion method and device based on privacy protection. Background The data fusion between the platforms of the same type can improve the utilization rate of the data, for example, preference portraits (such as like a certain commodity, like a certain color and the like) of a user in one e-commerce platform and the other e-commerce platform are subjected to data fusion, so that on one hand, the problem of incomplete data of a single platform can be solved, and on the other hand, extreme value (such as higher or lower) data can be smoother. In the prior art, in order to protect the security and privacy of own data, data fusion between different platforms is generally not performed. Resulting in an inaccurate representation of the end user and an inaccurate recommended object (e.g., merchandise or financial products of a financial scene, etc.). Disclosure of Invention Based on the above situation in the prior art, an object of the embodiments of the present invention is to provide a method and an apparatus for secure and trusted fusion of data and financial data based on privacy protection, which implement multi-party data fusion on the premise of ensuring data security and privacy by performing processes such as conversion, encryption, splitting, etc. on data of each party and then interacting with a server. In order to achieve the above object, according to a first aspect of the present invention, there is provided a data fusion method based on privacy protection, applied to a server, including: Transmitting a first data conversion scheme and a second data conversion scheme and a first key and a second key to at least two participant terminals from at least a first trusted execution environment, so that each participant terminal at least adopts the first data conversion scheme to perform data conversion on a local first sub-matrix and adopts the first key to encrypt the first sub-matrix to form a first encrypted sub-matrix, and adopts the second data conversion scheme to perform data conversion on a local second sub-matrix and adopts the second key to encrypt the second encrypted sub-matrix; receiving at least a first encryption sub-matrix and a second encryption sub-matrix sent by at least two participant terminals; Matching a first encryption submatrix sent by each participant terminal in at least a first trusted execution environment, classifying the encryption data in the first encryption submatrix according to a matching result to obtain data to be supplemented, data to be fused and similar data, adding a mark, matching a second encryption submatrix sent by each participant terminal in a second trusted execution environment, classifying the encryption data in the second encryption submatrix according to the matching result to obtain the data to be supplemented, the data to be fused and similar data, and adding the mark; Sending the marks to each participant terminal so that each participant terminal screens out data to be fused and data to be supplemented according to the marks to form an updated sub-matrix; receiving updated sub-matrixes sent by each participant terminal, and processing the data of the updated sub-matrixes according to the marks corresponding to the data; And generating a contribution matrix based on data fusion according to the result of the data processing so as to provide the contribution matrix for the participant terminal with a trusted execution environment. Further, the first data conversion scheme and the second data conversion scheme respectively comprise the steps of reserving and not converting the data with the data value of 0, converting the data with the data value of not 0 into an array comprising a plurality of data, wherein the difference value between each data value in the array and the data value of the data is smaller than a conversion threshold value; The marking includes: the information with the data of 0 in each encryption submatrix is used as the data to be supplemented and marked as a first type; the information with the same number of the data at the same position in each encryption sub-matrix being greater than or equal to a first threshold value is used as similar data and marked as a second type; And taking the information of the rest data in each encryption sub-matrix as data to be fused, and marking the information as a third type. Further, the method further comprises: supplementing the data to be supplemented marked as the first type by adopting the data of other participants; The data to be fused marked as the third type is fused by adopting the data of a plurality of participants; And if the data which is required to be supplemented by any participant terminal is greater than or