CN115913790A - Data transmission method based on private computing network, electronic equipment and storage medium - Google Patents
Data transmission method based on private computing network, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115913790A CN115913790A CN202310194031.4A CN202310194031A CN115913790A CN 115913790 A CN115913790 A CN 115913790A CN 202310194031 A CN202310194031 A CN 202310194031A CN 115913790 A CN115913790 A CN 115913790A
- Authority
- CN
- China
- Prior art keywords
- privacy
- data
- node
- encrypted data
- calculation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 230000005540 biological transmission Effects 0.000 title abstract description 10
- 238000004364 calculation method Methods 0.000 claims abstract description 79
- 238000004422 calculation algorithm Methods 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 7
- 230000008569 process Effects 0.000 description 11
- 230000003993 interaction Effects 0.000 description 10
- 230000006870 function Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses a data transmission method based on a private computing network, electronic equipment and a storage medium. In the method, when a privacy computation task exists, a local data source corresponding to the privacy computation task and required data description information aiming at a second privacy computation node are determined; performing privacy calculation based on a local data source to obtain first encrypted data, and generating a privacy calculation request according to the required data description information; sending a privacy calculation request to the platform server, so that the platform server forwards the privacy calculation request to a second privacy calculation node; acquiring second encrypted data fed back by a second privacy computing node aiming at the required data description information; based on the first encrypted data and the second encrypted data, a privacy calculation is performed. Therefore, the privacy computing node performs data sharing through the ciphertext data, and the plaintext data stored by the node does not flow out of the privacy computing node, so that the aim that the original data cannot be out of the domain on the premise of meeting the data sharing is achieved.
Description
Technical Field
The application belongs to the technical field of privacy computing, and particularly relates to a data transmission method based on a privacy computing network, electronic equipment and a storage medium.
Background
With the continuous development and expansion of internet technology, the security requirements and attention of the whole society on data privacy are gradually improved. Particularly, public data generated by some organization entities in the process of providing public services needs to be provided to the outside in the forms of products and services such as models, verification and the like according to the requirements that original data cannot be displayed and data cannot be used and seen on the premise of protecting personal privacy and ensuring public security.
Currently, data is generally classified into normal data and secret data according to a secret level.
For ordinary data, when data flow transaction is performed, the original data is generally directly transmitted through a plaintext API request.
For confidential data, the original data cannot be used directly, and a method by privacy calculation is required. One set of privacy computing platform is deployed between two parties with data, and networking is completed by the two sets of privacy computing platforms. When the A party uses the B data of the other party, a privacy calculation task needs to be initiated, and during the task operation, the data of the B party needs to be dragged into the privacy calculation platform of the A party for encryption calculation, so that the requirements of ' data is available and invisible ' but original data is not out of field ' can be met.
In view of the above problems, no better technical solution has been proposed in the industry at present.
Disclosure of Invention
An embodiment of the present application provides a privacy computing method, an electronic device, and a storage medium based on a privacy computing node, which are used to solve at least one of the above technical problems.
In a first aspect, an embodiment of the present application provides a privacy computation method, which is applied to a first privacy computation node, and the method includes: when a privacy calculation task exists, determining a local data source corresponding to the privacy calculation task and required data description information aiming at a second privacy calculation node; performing privacy calculation based on the local data source to obtain first encrypted data, and generating a privacy calculation request according to the required data description information; sending the privacy computation request to a platform server, such that the platform server forwards the privacy computation request to the second privacy computation node; acquiring second encrypted data fed back by the second private computing node aiming at the required data description information; performing a privacy calculation based on the first encrypted data and the second encrypted data.
In a second aspect, an embodiment of the present application provides a privacy computation method, which is applied to a platform server, and the method includes: obtaining a privacy calculation request from a first privacy calculation node; forwarding the privacy calculation request to a second privacy calculation node, so that the second privacy calculation node performs privacy calculation based on the required data description information in the privacy calculation request to obtain second encrypted data; acquiring the second encrypted data fed back by the second privacy computing node; and sending the second encrypted data to the first privacy calculation node, so that the first privacy calculation node performs privacy calculation based on first encrypted data and the second encrypted data, wherein the first encrypted data is obtained by performing privacy calculation based on a local data source corresponding to a privacy calculation task by the first privacy calculation node.
In a third aspect, an embodiment of the present application provides an electronic device, which includes: the computer-readable medium includes at least one processor, and a memory communicatively coupled to the at least one processor, wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the steps of the above-described method.
In a fourth aspect, the present application provides a storage medium, in which one or more programs including execution instructions are stored, where the execution instructions can be read and executed by an electronic device (including but not limited to a computer, a server, or a network device, etc.) to perform the steps of the above-mentioned method of the present application.
In a fifth aspect, the present application also provides a computer program product, which includes a computer program stored on a storage medium, the computer program including program instructions, which when executed by a computer, cause the computer to perform the steps of the above method.
The embodiment of the application has the beneficial effects that:
when the first privacy computing node needs to use data of the second privacy computing node, a privacy computing request is generated according to the required data description information aiming at the second privacy computing node, the privacy computing request is sent to the platform server, the platform server directs to the second privacy computing node, the second privacy computing node is enabled to prepare and feed back second encrypted data required by the second privacy computing node according to the required data description information, and then the first privacy computing node utilizes the first encrypted data and the second encrypted data of the first privacy computing node to perform privacy computing. Therefore, data sharing and interaction are carried out among different privacy computing nodes through ciphertext data, plaintext data stored by the nodes do not flow out of the privacy computing nodes, and the aim that original data cannot be out of the domain on the premise of meeting the data sharing is achieved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 illustrates a flow diagram of an example of a privacy computing node-based privacy computing method according to an embodiment of the present application;
FIG. 2 is a flow chart illustrating an example of a platform server based privacy computation method according to an embodiment of the present application;
FIG. 3 is a flow chart illustrating an example of a data transmission method based on a private computing network according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an embodiment of an electronic device of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
In this application, "module," "system," and the like refer to a related entity, either hardware, a combination of hardware and software, or software in execution, that is applied to a computer. In particular, for example, an element may be, but is not limited to being, a process running on a processor, an object, an executable, a thread of execution, a program, and/or a computer. Also, an application or script running on a server, or a server, may be an element. One or more elements may be in a process and/or thread of execution and an element may be localized on one computer and/or distributed between two or more computers and can be operated by various computer-readable media. The elements may also communicate by way of local and/or remote processes based on a signal having one or more data packets, e.g., from a data packet interacting with another element in a local system, distributed system, and/or across a network in the internet with other systems by way of the signal.
Finally, it should be further noted that the terms "comprises" and "comprising," when used herein, include not only those elements but also other elements not expressly listed or inherent to such processes, methods, articles, or devices. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
It should be noted that, in the related art, when performing a privacy computation task, a privacy node in a privacy computation network often uses resource or function data in other nodes, and it is necessary to open a network (e.g., a network white list, a firewall white list, etc.) between the privacy nodes and perform direct node data communication. Although the private computing network realizes ' data is not available and visible ', the data of the demanded party still flows out from the node, and the requirement that the original data is not out of the domain ' in a high-privacy data transmission environment is not met.
In view of this, fig. 1 shows a flowchart of an example of a privacy computing method based on a privacy computing node according to an embodiment of the present application.
With respect to the execution subject of the present method embodiment, it may be the first privacy computing node in the privacy computing system. It should be understood that the privacy computing system includes a plurality of privacy computing nodes, and the first privacy computing node may be any node in the system, and should not be limited thereto.
As shown in fig. 1, in S110, when the private computation task exists, a local data source corresponding to the private computation task and required data description information for the second private computation node are determined.
It should be appreciated that in processing a private computing task, a first private computing node would need to use resource data or functional data of other private computing nodes (i.e., a second private computing node). At this time, the first privacy computing node may find a local data source related to the privacy computing task from the local resource library, and parse the node information where the required data resource is located and the related data description.
In S120, a privacy calculation is performed based on the local data source to obtain first encrypted data, and a privacy calculation request is generated according to the demand data description information. Here, the requirement data source information and the feedback data format may be defined in the requirement data description information, so that the data fed back by the second privacy computation node can satisfy the privacy computation requirement of the first privacy computation node.
In S130, the privacy computation request is sent to the platform server, so that the platform server forwards the privacy computation request to the second privacy computation node. Here, traffic transit is performed based on the platform server, so that the second privacy computation node can timely acquire the required data resources.
In S140, second encrypted data fed back by the second private computing node for the requirement data description information is acquired. Here, the second privacy computation node may encrypt the required data resource and feed back the encrypted data.
In some embodiments, the network between the first privacy computing node and the second privacy computing node is interworking, at which time the first privacy computing node may receive the second encrypted data directly from the second privacy computing node. Optionally, the second privacy computing node may send the fed back second encrypted data to the platform server, so that the platform server forwards the second encrypted data to the first privacy computing node.
In S150, privacy calculation is performed based on the first encrypted data and the second encrypted data.
In the embodiment of the application, data transmitted between privacy computing nodes is encrypted, the computing process is based on ciphertext computing, and each node performs isolation computing respectively, so that the security of original data in the nodes is fully guaranteed, and the aim of 'the original data cannot be out of the domain' on the premise of meeting data sharing is fulfilled.
It should be noted that, for different privacy computation service scenarios, different privacy computation operations may be respectively adopted. Specifically, regarding step S150 above, in some embodiments, the first privacy computing node may obtain a service type corresponding to the privacy computing task, and perform privacy computation on the first encrypted data and the second encrypted data based on a privacy computing algorithm corresponding to the service type. Here, the privacy computation algorithm includes one or more of: a privacy intersection algorithm, a covert query algorithm, and a federal learning algorithm.
For example, in the scenario of advertisement delivery, if there is a data set for each of node a and node B when delivering the advertisement for wine, the two data sets are intersected (i.e. privacy intersection) to obtain the customers who may need to buy wine. At this time, the first privacy calculation node may perform intersection calculation on the first encrypted data and the second encrypted data according to a privacy intersection algorithm according to a service requirement. At the moment, the intersection is calculated by using the privacy calculation, only encrypted data flows out of the node, and plaintext data cannot go out, so that 'data cannot go out of the domain' is realized.
In some embodiments, the first encryption algorithm and the second encryption algorithm are determined based on an asymmetric encryption algorithm. Illustratively, when performing the privacy negotiation operation between node a and node B, first node a and node B negotiate a key, and node B cannot solve the resource data of node a encrypted by the key. And vice versa, the node A can not solve the resource data of the node B encrypted by the key, and the security of the original data in the node can be fully guaranteed. For example, in the privacy intersection algorithm, node B encrypts data and sends the encrypted data to node a, and then node a encrypts its own data and compares the two encrypted data to directly find the intersection. The whole process is encrypted, the calculation is also ciphertext calculation, decryption is not needed, and the privacy security of shared data is improved to a great extent.
In some business scenarios, the first privacy computing node is intended to provide a specific business application service to the outside by performing privacy computing tasks. Specifically, after the first privacy computing node performs privacy computation by using first encrypted data and second encrypted data, the first privacy computing node generates an application service interface according to a privacy computation result of the first encrypted data and the second encrypted data, and then the first privacy computing node sends registration configuration information of the application service interface to the platform server, so that the platform server can route a received traffic request for the registered application service interface to the first privacy computing node.
In some embodiments, the platform server may generate corresponding interaction controls for each application service interface, and when a user accesses the platform server, the platform server may generate a traffic request by operating an interested interaction control, and then the platform server may route the generated traffic request to a specific private computing node in the private computing system, thereby implementing external security data transmission service of the private node.
Fig. 2 is a flowchart illustrating an example of a platform server based privacy computation method according to an embodiment of the present application.
As shown in fig. 2, in step 210, a privacy computation request from a first privacy computation node is obtained. Here, the first privacy computing node is an initiator of the privacy computation.
In step 220, the privacy computation request is forwarded to the second privacy computation node, so that the second privacy computation node performs privacy computation based on the required data description information in the privacy computation request to obtain second encrypted data. Here, the second privacy computation node is a partner of the privacy computation. Through the flow transfer of the platform server, the data required by the privacy calculation can be informed to the second privacy calculation node in time, so that the second privacy calculation node carries out encryption calculation on the required data, and the data outflow of a plaintext is avoided.
In step 230, second encrypted data fed back by the second privacy computing node is obtained.
In step 240, the second encrypted data is sent to the first privacy computing node, so that the first privacy computing node performs privacy computation based on the first encrypted data and the second encrypted data, wherein the first encrypted data is obtained by the first privacy computing node performing privacy computation based on a local data source corresponding to the privacy computation task.
In the embodiment of the application, the privacy computing nodes are communicated through the platform server, and data interaction between the isolation nodes is realized. In addition, before the requester initiates formal privacy computation to the partner, the data description required by the requester is transmitted to the partner in advance, and the partner prepares data in advance and encrypts the data, so that the data adopted during node outflow and encryption computation are both ciphertext data, and the secure transmission of the data is realized.
In some examples of embodiments of the present application, each private computing node is configured to have unique node identification information. Furthermore, when forwarding traffic, the platform server may parse target node identification information in the privacy computation request, and forward the privacy computation request to a second privacy computation node according to the target node identification information. Therefore, each privacy computation node corresponds to unique node identification information, and flow forwarding can be accurately completed by analyzing the node identification carried in the flow request, and the flow cannot be forwarded to the wrong flow node.
In some examples of embodiments of the application, the platform server may obtain registration configuration information of an application service interface of the first privacy computing node, the application service interface being generated according to privacy computation results of the first encrypted data and the second encrypted data. Further, the platform server deploys the application service interface according to the registration configuration information, and when a traffic request for the application service interface is detected, the platform server routes the traffic request to the first privacy computing node.
Fig. 3 is a flowchart illustrating an example of a data transmission method based on a private computing network according to an embodiment of the present application.
It should be noted that, in order to meet the requirement of "original data is out of domain, data is not visible", the embodiment of the present application makes improvements to the original private computing system network, including the following: 1) A privatization deployment link: and deploying the private nodes at the data provider, and deploying the data nodes and the computing nodes in the private nodes. The data node provides data access service and accesses data of a data party; the compute nodes provide computing services. 2) Configuring a tenant ID link: a respective tenant ID (also referred to as a node identification) is assigned for each private computing node such that the tenant ID to which the node corresponds is unique. 3) A request forwarding service link: based on a request forwarding service (also called as a platform server), traffic requests can be routed according to tenant IDs, and the fact that various private computing nodes are available and can interact with each other is achieved.
In the privatization deployment link, on the data provider side, a privatization node (also referred to as a privacy computing node) is deployed. The privatization node comprises a computing node and a data node, wherein the privatization data node provides data access service, and the access data can be in a file form, a MySQL form, a Hive form and the like, and can be adapted to various data formats to access data. The privatized computing node provides computing service, accesses data of a system, provides service to the outside, and provides external calling service in the form of API after computing is finished, wherein computing capacity is provided by the privatized deployed computing node through a large amount of encryption computing.
In the process of configuring the tenant ID, a large amount of interaction exists among privacy computing nodes, and the tenant ID is introduced for distinguishing the nodes. One tenant ID corresponds to one privatized node, and the tenant ID is globally unique.
In the request forwarding service link, a large amount of interaction exists among privacy computing nodes, and a request forwarding service is needed for facilitating the interaction. Illustratively, when there are two private computing nodes a and B, and node a wants to request data in node B, node a only needs to construct a request, provide the source tenant ID, the destination tenant ID, and then submit the request to the request forwarding service, so that the result returned by node B can be obtained. Since the tenant ID of each node is unique, the request forwarding service is not forwarded to the wrong node.
Fig. 3 shows a signal interaction flow between privacy computing nodes. The data providing node a, the data providing node B, and the data providing node N are configured with respective tenant IDs, and each tenant ID is unique. After the tenant ID is configured, a privacy calculation service is created at the node A, the service is supposed to only relate to the data of the data side A and the data side B, and the whole process is as follows: the node A takes own data and processes the own data through the own computing node A; after the processing is finished and when the data of the node B is needed, the node A sends a request to the node B through a request forwarding service, and the data encrypted by the node B is taken out through a privacy calculation method. After the encrypted data of the node B is taken, the node A obtains an application service through calculation and provides calling for the outside. Therefore, the data is ciphertext data when flowing out of the node and during encryption calculation, the safety transmission of the data is realized, and the requirement that the data cannot be out of the domain is met.
Note that there are different data services in each private computing node (e.g., nodes a, B, N). When an external user wants to call, the exposed API is requested from the platform, and the API can automatically forward to the corresponding private node through the request forwarding service, so that the external service of the private node is realized.
In the embodiment of the application, through the private deployment and privacy calculation method, the 'original data cannot be out of the domain, data is visible and cannot be used', and the target of data compliance sharing and use is guaranteed.
It should be noted that for simplicity of description, the above-mentioned method embodiments are described as a series of acts, but those skilled in the art should understand that the present application is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application. In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In some embodiments, the present application provides a non-transitory computer-readable storage medium, in which one or more programs including execution instructions are stored, where the execution instructions can be read and executed by an electronic device (including but not limited to a computer, a server, or a network device, etc.) to perform the privacy computing method based on a privacy computing node described in the present application.
In some embodiments, the present application further provides a computer program product including a computer program stored on a non-volatile computer-readable storage medium, the computer program including program instructions that, when executed by a computer, cause the computer to perform the above-mentioned privacy computing method based on a privacy computing node.
In some embodiments, the present application further provides an electronic device, which includes: at least one processor, and a memory communicatively coupled to the at least one processor, wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a privacy computation method based on a privacy compute node.
Fig. 4 is a schematic hardware structural diagram of an electronic device for executing a privacy computing method based on a privacy computing node according to another embodiment of the present application, and as shown in fig. 4, the device includes:
one or more processors 410 and a memory 420, with one processor 410 being an example in fig. 4.
The apparatus for executing the privacy computing method based on the privacy computing node may further include: an input device 430 and an output device 440.
The processor 410, the memory 420, the input device 430, and the output device 440 may be connected by a bus or other means, such as the bus connection in fig. 4.
The memory 420 is a non-volatile computer-readable storage medium, and can be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as program instructions/modules corresponding to the privacy computing method based on the privacy computing node in the embodiments of the present application. The processor 410 executes various functional applications of the server and data processing by running nonvolatile software programs, instructions and modules stored in the memory 420, so as to implement the privacy computing method based on the privacy computing node according to the above method embodiment.
The memory 420 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the voice interactive apparatus, and the like. Further, the memory 420 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, memory 420 may optionally include memory located remotely from processor 410, which may be connected to the voice interaction device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input means 430 may receive input numeric or character information and generate signals related to user settings and function control of the voice interactive apparatus. The output device 440 may include a display device such as a display screen.
The one or more modules are stored in the memory 420 and, when executed by the one or more processors 410, perform the privacy computing method based on a privacy computing node in any of the method embodiments described above.
The product can execute the method provided by the embodiment of the application, and has the corresponding functional modules and beneficial effects of the execution method. For technical details that are not described in detail in this embodiment, reference may be made to the methods provided in the embodiments of the present application.
The electronic device of the embodiments of the present application exists in various forms, including but not limited to:
(1) Mobile communication devices, which are characterized by mobile communication capabilities and are primarily targeted at providing voice and data communications. Such terminals include smart phones, multimedia phones, functional phones, and low-end phones, among others.
(2) The ultra-mobile personal computer equipment belongs to the category of personal computers, has the functions of calculation and processing, and generally has the mobile internet access characteristic. Such terminals include PDA, MID, and UMPC devices, among others.
(3) Portable entertainment devices such devices may display and play multimedia content. The devices comprise audio and video players, handheld game consoles, electronic books, intelligent toys and portable vehicle-mounted navigation devices.
(4) Other onboard electronic devices with data interaction functions, such as a vehicle-mounted device mounted on a vehicle.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a general hardware platform, and certainly can also be implemented by hardware. Based on such understanding, the above technical solutions substantially or contributing to the related art may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present application.
Claims (10)
1. A privacy computation method is applied to a first privacy computation node, and comprises the following steps:
when a privacy calculation task exists, determining a local data source corresponding to the privacy calculation task and required data description information aiming at a second privacy calculation node;
performing privacy calculation based on the local data source to obtain first encrypted data, and generating a privacy calculation request according to the required data description information;
sending the privacy computation request to a platform server, such that the platform server forwards the privacy computation request to the second privacy computation node;
acquiring second encrypted data fed back by the second private computing node aiming at the required data description information;
performing a privacy calculation based on the first encrypted data and the second encrypted data.
2. The method of claim 1, wherein the performing a privacy calculation based on the first encrypted data and the second encrypted data comprises:
acquiring a service type corresponding to a privacy calculation task;
based on a privacy calculation algorithm corresponding to the service type, carrying out privacy calculation on the first encrypted data and the second encrypted data; wherein the privacy computation algorithm comprises one or more of: a privacy intersection algorithm, a covert query algorithm, and a federal learning algorithm.
3. The method of claim 1 or 2, wherein the first and second encryption algorithms are determined based on an asymmetric encryption algorithm.
4. The method of claim 1, wherein after performing privacy calculations based on the first encrypted data and the second encrypted data, the method further comprises:
generating an application service interface according to the privacy calculation results of the first encrypted data and the second encrypted data;
sending registration configuration information for the application service interface to the platform server, such that the platform server is capable of routing received traffic requests for the registered application service interface to the first privacy computing node.
5. The method of claim 1, wherein the obtaining second encrypted data fed back by the second private computing node for the demand data description information comprises:
receiving second encrypted data from a second private computing node; or,
second encrypted data is received from the platform server.
6. A privacy calculation method is applied to a platform server and comprises the following steps:
obtaining a privacy computation request from a first privacy computation node;
forwarding the privacy calculation request to a second privacy calculation node, so that the second privacy calculation node performs privacy calculation based on the required data description information in the privacy calculation request to obtain second encrypted data;
acquiring the second encrypted data fed back by the second privacy calculation node;
and sending the second encrypted data to the first privacy computing node, so that the first privacy computing node performs privacy computation based on first encrypted data and the second encrypted data, wherein the first encrypted data is obtained by performing privacy computation based on a local data source corresponding to a privacy computation task by the first privacy computing node.
7. The method of claim 6, wherein each privacy computing node is configured with unique node identification information, respectively, wherein the forwarding the privacy computing request to a second privacy computing node comprises:
analyzing the target node identification information in the privacy calculation request;
and forwarding the privacy calculation request to a second privacy calculation node according to the target node identification information.
8. The method of claim 6, wherein after sending the second encrypted data to the first privacy computing node, the method further comprises:
acquiring registration configuration information of an application service interface of a first privacy computing node; wherein the application service interface is generated from a privacy calculation result of the first encrypted data and the second encrypted data;
deploying the application service interface according to the registration configuration information;
when a traffic request for the application service interface is detected, routing the traffic request to the first privacy compute node.
9. An electronic device, comprising: at least one processor, and a memory communicatively coupled to the at least one processor, wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the steps of the method of any one of claims 1-8.
10. A storage medium on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310194031.4A CN115913790B (en) | 2023-03-03 | 2023-03-03 | Data transmission method based on privacy computing network, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310194031.4A CN115913790B (en) | 2023-03-03 | 2023-03-03 | Data transmission method based on privacy computing network, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115913790A true CN115913790A (en) | 2023-04-04 |
| CN115913790B CN115913790B (en) | 2023-06-27 |
Family
ID=86496479
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310194031.4A Active CN115913790B (en) | 2023-03-03 | 2023-03-03 | Data transmission method based on privacy computing network, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115913790B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116248255A (en) * | 2023-05-12 | 2023-06-09 | 杭州大鱼网络科技有限公司 | Privacy protection method and system based on network security |
| CN116390063A (en) * | 2023-05-18 | 2023-07-04 | 北京集度科技有限公司 | Data processing method, privacy analysis system, device and vehicle |
| CN116702207A (en) * | 2023-06-20 | 2023-09-05 | 煋辰数梦(杭州)科技有限公司 | Data exchange method based on privacy computing platform |
| CN118278052A (en) * | 2024-06-03 | 2024-07-02 | 蓝象智联(杭州)科技有限公司 | Edge privacy computing method and system based on browser |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180124060A1 (en) * | 2016-10-31 | 2018-05-03 | Mark Aram Dildilian | Method to notify entities to preserve privacy and track compliance |
| US20200169387A1 (en) * | 2019-07-31 | 2020-05-28 | Alibaba Group Holding Limited | Blockchain-based data authorization method and apparatus |
| CN112347391A (en) * | 2020-09-28 | 2021-02-09 | 杭州安恒信息安全技术有限公司 | Method and device for protecting API (application program interface) privacy parameters |
| CN114944936A (en) * | 2022-04-24 | 2022-08-26 | 华控清交信息科技(北京)有限公司 | Privacy routing server, encryption protocol conversion method and machine readable storage medium |
| CN114944935A (en) * | 2022-04-24 | 2022-08-26 | 华控清交信息科技(北京)有限公司 | Multi-party fusion computing system, multi-party fusion computing method and readable storage medium |
| CN114969722A (en) * | 2022-05-16 | 2022-08-30 | 浪潮云信息技术股份公司 | Government affair data privacy calculation system supporting multiple data types |
| CN115495768A (en) * | 2022-11-15 | 2022-12-20 | 金网络(北京)电子商务有限公司 | Secret-related information processing method and system based on block chain and multi-party security calculation |
-
2023
- 2023-03-03 CN CN202310194031.4A patent/CN115913790B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180124060A1 (en) * | 2016-10-31 | 2018-05-03 | Mark Aram Dildilian | Method to notify entities to preserve privacy and track compliance |
| US20200169387A1 (en) * | 2019-07-31 | 2020-05-28 | Alibaba Group Holding Limited | Blockchain-based data authorization method and apparatus |
| CN112347391A (en) * | 2020-09-28 | 2021-02-09 | 杭州安恒信息安全技术有限公司 | Method and device for protecting API (application program interface) privacy parameters |
| CN114944936A (en) * | 2022-04-24 | 2022-08-26 | 华控清交信息科技(北京)有限公司 | Privacy routing server, encryption protocol conversion method and machine readable storage medium |
| CN114944935A (en) * | 2022-04-24 | 2022-08-26 | 华控清交信息科技(北京)有限公司 | Multi-party fusion computing system, multi-party fusion computing method and readable storage medium |
| CN114969722A (en) * | 2022-05-16 | 2022-08-30 | 浪潮云信息技术股份公司 | Government affair data privacy calculation system supporting multiple data types |
| CN115495768A (en) * | 2022-11-15 | 2022-12-20 | 金网络(北京)电子商务有限公司 | Secret-related information processing method and system based on block chain and multi-party security calculation |
Non-Patent Citations (2)
| Title |
|---|
| MENGNAN BI: "A privacy-preserving mechanism based on local differential privacy in edge computing", 《CHINA COMMUNICATIONS》 * |
| 李凤华;李晖;贾焰;俞能海;翁健;: "隐私计算研究范畴及发展趋势", 通信学报 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116248255A (en) * | 2023-05-12 | 2023-06-09 | 杭州大鱼网络科技有限公司 | Privacy protection method and system based on network security |
| CN116390063A (en) * | 2023-05-18 | 2023-07-04 | 北京集度科技有限公司 | Data processing method, privacy analysis system, device and vehicle |
| CN116390063B (en) * | 2023-05-18 | 2023-11-10 | 北京集度科技有限公司 | Data processing method, privacy analysis system, device and vehicle |
| CN116702207A (en) * | 2023-06-20 | 2023-09-05 | 煋辰数梦(杭州)科技有限公司 | Data exchange method based on privacy computing platform |
| CN116702207B (en) * | 2023-06-20 | 2024-03-22 | 煋辰数梦(杭州)科技有限公司 | Data exchange method based on privacy computing platform |
| CN118278052A (en) * | 2024-06-03 | 2024-07-02 | 蓝象智联(杭州)科技有限公司 | Edge privacy computing method and system based on browser |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115913790B (en) | 2023-06-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115913790B (en) | Data transmission method based on privacy computing network, electronic equipment and storage medium | |
| Mendiboure et al. | Survey on blockchain-based applications in internet of vehicles | |
| CN110147994B (en) | Instant execution method of block chain based on homomorphic encryption | |
| Zhou et al. | A fine-grained access control and security approach for intelligent vehicular transport in 6G communication system | |
| US9591064B2 (en) | Method and apparatus for dynamic provisioning of communication services | |
| CN109314661B (en) | Communication system | |
| CN101356773B (en) | Ad-hoc creation of group based on contextual information | |
| US9960918B2 (en) | Method and apparatus for providing identity based encryption in distributed computations | |
| JP6882924B2 (en) | Service interlocking method, system and computer program between servers that identify registered users using different user identification systems | |
| CN113129149A (en) | Transaction risk identification method and device based on block chain and safe multi-party calculation | |
| CN103546369B (en) | A kind of collaboration method, server, client and system | |
| CN112600830B (en) | Service data processing method and device, electronic equipment and storage medium | |
| JP6335978B2 (en) | System and method for providing a virtual communication session for some participants on a communication session | |
| CN114244525A (en) | Request data processing method, device, equipment and storage medium | |
| CN114329565A (en) | Data sharing method, device and storage medium | |
| CN115865537B (en) | Privacy computing method based on centralized system management, electronic equipment and storage medium | |
| US9749224B2 (en) | Method and apparatus for cloud provisioning of communication services | |
| US20190139025A1 (en) | Securing a social engagement via a shared transaction | |
| US11637819B2 (en) | Establishing connectivity between user devices | |
| CN104378411A (en) | Service exchange system | |
| CN115955360A (en) | Privacy calculation method based on resource virtual domain name, electronic equipment and storage medium | |
| CN116894727A (en) | Data processing method and device based on block chain and related equipment | |
| CN114677138A (en) | Data processing method, data processing equipment and computer readable storage medium | |
| CN113761513A (en) | Data processing method, device, equipment and computer readable storage medium | |
| CN112367192B (en) | Method, device and system for automatically establishing virtual networking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |