CN111368338B - Data processing method and data processing system based on multi-party privacy protection - Google Patents
Data processing method and data processing system based on multi-party privacy protection Download PDFInfo
- Publication number
- CN111368338B CN111368338B CN202010462491.7A CN202010462491A CN111368338B CN 111368338 B CN111368338 B CN 111368338B CN 202010462491 A CN202010462491 A CN 202010462491A CN 111368338 B CN111368338 B CN 111368338B
- Authority
- CN
- China
- Prior art keywords
- data
- processing
- privacy
- center
- data processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
Embodiments of the present specification provide a data processing method and a data processing system based on multi-party privacy protection. The data processing system comprises at least one data center, at least one privacy processing device and a data application center, wherein each data center comprises at least one data storage device, each data storage device is arranged at different data owners, and each privacy processing device is connected with each data storage device in one data center and the data application center in a communication mode. The data application center decomposes the data processing task into at least one distributed data processing command and distributes the distributed data processing command to the corresponding privacy processing equipment. And each corresponding privacy processing device carries out privacy processing according to the received privacy processing logic and returns the privacy processing result to the data application center. And the data application center determines a data processing result of the data processing task according to the received privacy processing result.
Description
Technical Field
The embodiments of the present specification relate generally to the field of data processing, and in particular, to a data processing method and a data processing system based on multi-party privacy protection.
Background
A business system typically involves a plurality of business processing organizations, each of which is deployed with a data collection device to collect a large amount of business data, such as a mobile payment system including various merchant platforms, payment treasures, and banks, for example, an Internet of Things (IOT) business system including a large number of intelligent terminals or wearable devices, and so on. The service system uses the service data collected by each service processing mechanism to perform service analysis, service prediction and service processing. However, these service data are distributed among a plurality of different service processing means, and the data are not communicated with each other, and it is necessary for each service processing means to perform service data cooperative processing. The service data collected by each service processing mechanism is the privacy data of the service processing party, and is not allowed to be revealed to others, so that privacy protection is required when the service data is cooperatively processed. How to perform service data cooperative processing under the condition of protecting the security of private data of each service processing mechanism becomes a problem to be solved urgently.
Disclosure of Invention
In view of the foregoing, embodiments of the present specification provide a data processing method and a data processing system based on multi-party privacy protection. In the data processing system, a privacy processing device is maintained for each data center. In addition, a data application center is also deployed in the data processing system. The data application center decomposes the data processing task into at least one distributed data processing command, each distributed data processing command comprises processing data information and privacy processing logic of the privacy processing device, each distributed data processing command is distributed to the corresponding privacy processing device, and the privacy processing device carries out privacy processing according to the received privacy processing logic. And the data application center determines the processing result of the data processing task according to the privacy processing result of each privacy processing device. By utilizing the data processing system, data cooperative processing based on multi-party privacy protection can be realized.
According to an aspect of an embodiment of the present specification, there is provided a data processing system based on multi-party privacy protection, including: at least one data center, each data center comprising at least one data storage device, each data storage device deployed at a different data owner; at least one privacy processing device, each privacy processing device communicably connected to a respective data storage device in one data center; and the data application center is connected with each privacy processing device in a communication mode, the data application center decomposes the data processing task into at least one distributed data processing command, each distributed data processing command comprises processing data information and privacy processing logic of the privacy processing device, each distributed data processing command is distributed to the corresponding privacy processing device, the privacy processing device carries out privacy processing according to the received privacy processing logic, the obtained privacy processing result is returned to the data application center, and the data application center determines the data processing result of the data processing task according to the received privacy processing result.
Optionally, in an example of the above aspect, the data application center may include: the processing task decomposition module is used for decomposing the data processing task into at least one distributed data processing command, and each distributed data processing command comprises processing data information and privacy processing logic of the privacy processing equipment; the processing command distribution module is used for distributing each distributed data processing command to corresponding privacy processing equipment, and the privacy processing equipment carries out privacy processing according to the received privacy processing logic; the processing result receiving module is used for receiving the privacy processing result returned by the privacy processing equipment; and the processing result determining module is used for determining the data processing result of the data processing task according to the received privacy processing result.
Optionally, in an example of the above aspect, the data application center may further include: and the interface module is used for receiving the data processing task and outputting a data processing result of the data processing task.
Optionally, in an example of the above aspect, the data application center may further include: the interface module receives a data processing request and outputs a data processing result of the data processing task; and the processing request analysis module is used for analyzing the data processing request and determining the data processing task.
Optionally, in an example of the above aspect, the data processing request may include a data processing request implemented using an SQL statement.
Optionally, in an example of the above aspect, the data owners involved in the data center form a federation, when the data processing request is from a third party outside the federation, the processing request analysis module performs data usage right query on processing data required by the data processing request, and when the data usage right query result indicates that the required processing data has data usage right, determines the data processing task according to the data processing request.
Optionally, in an example of the above aspect, the data owners involved in the data center form a federation, and the data application center further includes a result scrambling module. When the data processing task or the data processing request comes from a third party outside the alliance, the result scrambling module scrambles the data processing result, and the interface module provides the scrambled data processing result to the third party.
Optionally, in an example of the above aspect, the data processing system may further include: and the data recording center records the data operation behavior information of each data in the data processing task to the block chain.
Optionally, in an example of the above aspect, the data application center may further include: the source tracing processing module is used for responding to a source tracing processing request of target data, generating a data operation behavior query request of the target data and sending the data operation behavior query request to the data recording center, and performing source tracing processing based on data operation behavior information of the target data returned by the data recording center, wherein the data operation behavior information is obtained by querying the data recording center on the block chain according to the data operation behavior query request.
According to another aspect of embodiments herein, there is provided a data application center based on multi-party privacy protection, including: the processing task decomposition module is used for decomposing the data processing task into at least one distributed data processing command, and each distributed data processing command comprises processing data information and privacy processing logic of the privacy processing equipment; the processing command distribution module is used for distributing each distributed data processing command to corresponding privacy processing equipment, and the privacy processing equipment carries out privacy processing according to the received privacy processing logic; the processing result receiving module is used for receiving the privacy processing result returned by the privacy processing equipment; and a processing result determining module for determining a data processing result of the data processing task according to the received privacy processing result, wherein the data application center, at least one data center and at least one privacy processing device form a data processing system, each data storage device is deployed at a different data owner, and each privacy processing device is communicably connected with each data storage device in one data center and the data application center.
According to another aspect of embodiments of the present specification, there is provided a method for data processing based on multi-party privacy protection for data in a data processing system, the data processing system including at least one data center, at least one privacy processing device, and a data application center, each data center including at least one data storage device, each data storage device being deployed at a different data owner, each privacy processing device being communicably connected to a respective data storage device in one data center and the data application center, the method being performed by the data application center, the method including: decomposing the data processing task into at least one distributed data processing command, wherein each distributed data processing command comprises processing data information and privacy processing logic of privacy processing equipment; distributing each distributed data processing command to corresponding privacy processing equipment, and carrying out privacy processing by the privacy processing equipment according to the received privacy processing logic; receiving a privacy processing result returned by the privacy processing equipment; and determining a data processing result of the data processing task according to the received privacy processing result.
Optionally, in an example of the above aspect, the method may further include: and receiving the data processing task, and outputting the data processing result after determining the data processing result of the data processing task.
Optionally, in an example of the above aspect, the method may further include: receiving a data processing request; analyzing the data processing request, determining the data processing task, and outputting the data processing result after determining the data processing result of the data processing task.
Optionally, in an example of the above aspect, the data owners involved in the data center form a federation, and analyzing the data processing request to determine the data processing task includes: and when the data processing request is from a third party except the alliance, performing data use permission query on data required to be processed by the data processing request, and when the data use permission query result indicates that the data required to be processed has the data use permission, determining the data processing task according to the data processing request.
Optionally, in an example of the above aspect, the data owners involved in the data center form a federation, and the method further includes: and when the data processing request comes from a third party outside the alliance, scrambling the data processing result.
Optionally, in an example of the above aspect, the data processing system further includes a data recording center, where the data recording center records data operation behavior information of each data in the data processing task to a blockchain. The method may further comprise: responding to a received source tracing processing request of target data, generating a data operation behavior query request of the target data and sending the data operation behavior query request to the data recording center, wherein the data recording center queries data operation behavior information of the target data on the block chain according to the data operation behavior query request; and performing source tracing processing based on the data operation behavior information of the target data returned by the data recording center.
According to another aspect of embodiments of the present specification, there is provided a data processing method based on multi-party privacy protection, the data processing method being performed by a data processing system, the data processing system including at least one data center, at least one privacy processing device, and a data application center, each data center including at least one data storage device, each data storage device being deployed at a different data owner, each privacy processing device being communicably connected to a respective data storage device in one data center and the data application center, the data processing method including: at the data application center, decomposing a data processing task into at least one distributed data processing command, each distributed data processing command comprising processing data information and privacy processing logic of a privacy processing device, and distributing each distributed data processing command to a corresponding privacy processing device; at each corresponding privacy processing device, performing privacy processing according to the received privacy processing logic, and returning the obtained privacy processing result to the data application center; determining, at the data application center, a data processing result of the data processing task according to the received privacy processing result.
Optionally, in an example of the above aspect, the data processing system further includes a data recording center, and the data processing method may further include: and the data recording center records the data operation behavior information of each data in the data processing task to a block chain.
Optionally, in an example of the above aspect, the data processing method may further include: in the data application center, responding to a received source tracing processing request of target data, generating a data operation behavior query request of the target data and sending the data operation behavior query request to the data recording center; querying, at the data recording center, data operation behavior information of the target data on the block chain according to the data operation behavior query request; and performing source tracing processing based on the data operation behavior information of the target data returned by the data recording center at the data application center.
According to another aspect of embodiments of the present specification, there is provided an electronic apparatus including: at least one processor, and a memory coupled with the at least one processor, the memory storing instructions that, when executed by the at least one processor, cause the at least one processor to perform a method performed at a data application center as described above.
According to another aspect of embodiments of the present specification, there is provided a machine-readable storage medium storing executable instructions that, when executed, cause the machine to perform a method performed at a data application center as described above.
Drawings
A further understanding of the nature and advantages of the present disclosure may be realized by reference to the following drawings. In the drawings, similar components or features may have the same reference numerals.
FIG. 1 shows an example architectural diagram of a data processing system according to embodiments of the present description.
FIG. 2 illustrates an example block diagram of a data application center in accordance with an embodiment of this specification.
Fig. 3 shows a flowchart of one example of a data processing method performed at a data application center according to an embodiment of the present description.
Fig. 4 shows a flowchart of another example of a data processing method performed at a data application center according to an embodiment of the present description.
FIG. 5 shows a flowchart of one example of a tracing process according to embodiments of the present specification.
FIG. 6 shows a schematic diagram of an electronic device for implementing data processing procedures at a data application center, in accordance with embodiments of the present description.
Detailed Description
The subject matter described herein will now be discussed with reference to example embodiments. It should be understood that these embodiments are discussed only to enable those skilled in the art to better understand and thereby implement the subject matter described herein, and are not intended to limit the scope, applicability, or examples set forth in the claims. Changes may be made in the function and arrangement of elements discussed without departing from the scope of the disclosure. Various examples may omit, substitute, or add various procedures or components as needed. For example, the described methods may be performed in an order different from that described, and various steps may be added, omitted, or combined. In addition, features described with respect to some examples may also be combined in other examples.
As used herein, the term "include" and its variants mean open-ended terms in the sense of "including, but not limited to. The term "based on" means "based at least in part on". The terms "one embodiment" and "an embodiment" mean "at least one embodiment". The term "another embodiment" means "at least one other embodiment". The terms "first," "second," and the like may refer to different or the same object. Other definitions, whether explicit or implicit, may be included below. The definition of a term is consistent throughout the specification unless the context clearly dictates otherwise.
FIG. 1 shows an example architectural diagram of a data processing system 100 according to embodiments of the present description.
As shown in FIG. 1, data processing system 100 includes at least one data center 110-1,110-2, and 110-3. Each data center includes at least one data storage device, each data storage device being deployed at a different data owner. For example, one data center may include data storage devices deployed at banks, data storage devices deployed at payment instrument providers, and data storage devices deployed at various merchants. Each data storage device stores private data collected locally by the respective data owner. For example, a data storage device at a bank stores business data collected by the bank, a data storage device at a provider of a payment treasure stores business data collected by the payment treasure, and a data storage device at each merchant stores business data collected by each merchant. It is noted that 3 data centers 110-1,110-2, and 110-3 are shown in FIG. 1. In other embodiments of the present description, more or fewer data centers may be included.
In this specification, the data center may be divided based on a region location of the data storage device, a data category attribute, a commodity category to which the data belongs, and the like. For example, data storage devices in the same region and location may be classified into the same data center, data storage devices for storing the same type of data may be classified into the same data center, or data storage devices for data related to the same product may be classified into the same data center.
The data processing system 100 also includes at least one privacy processing device 120-1,120-2, and 120-3. In one example of the present description, the number of privacy processing devices may coincide with the number of data centers. Each privacy processing device corresponds to a data center and is communicatively coupled to a respective data storage device at the data center.
The privacy processing device is configured to perform data privacy processing using private data of respective data storage devices communicably connected thereto. For example, the privacy processing device may perform data privacy processing and calculation under various privacy protection policies. Examples of the data privacy processing and computation include, but are not limited to: and multi-party privacy data processing and calculation are realized by adopting multi-party safety calculation technologies such as federal learning, MPC, SGX and the like. It should be noted that the above multi-party security computing technologies may be combined two by two, or switched arbitrarily. The data privacy processing result of the privacy processing device can be used for various business processes, such as business model joint training, business model joint prediction and the like. The business model joint prediction may include, for example, using private data of the respective data storage devices for business risk assessment, and the like.
In one example of the present description, individual privacy processing devices may be deployed at corresponding data centers. In another example of the present specification, the respective privacy processing devices may be deployed in separate privacy processing centers, and each privacy processing device is communicably connected with a respective data storage device at a corresponding data center for data communication of the privacy processing device with the respective data storage device.
Data processing system 100 also includes a data application center 130. The data application center 130 is communicably connected with the respective privacy processing devices. When data processing is performed, the data application center 130 decomposes a data processing task to be processed into at least one distributed data processing command and distributes the distributed data processing command to a corresponding privacy processing device for privacy processing. After receiving the privacy processing results returned by the respective privacy processing devices, the data application center 130 determines the data processing results of the data processing tasks according to the received privacy processing results. The structure and operation of the data application center will be described in detail below with reference to the accompanying drawings.
Fig. 2 illustrates an example block diagram of a data application center 200 in accordance with an embodiment of this description. As shown in fig. 2, the data application center 200 includes a processing task decomposition module 210, a processing command distribution module 220, a processing result reception module 230, and a processing result determination module 240.
The processing task decomposition module 210 decomposes the data processing task into at least one distributed data processing command (e.g., MPC computation API), each distributed data processing command including processing data information and privacy processing logic of the privacy processing device. Here, the processing data information of the privacy processing device may include, for example, source information of processing data used by the privacy processing device when executing the distributed data processing command, that is, data of which data storage devices in the corresponding data center. The privacy handling logic may for example comprise individual processing logic for handling data and/or relationships between individual processing logic, etc.
For example, the processing task decomposition module 210 may split the stand-alone processing logic of the data processing task into a plurality of distributed data processing commands, each of which is executed by a privacy processing device capable of executing corresponding processing, according to the processing data source and the data processing logic of the data processing task and the processing configuration information of the respective privacy processing devices. The privacy processes of the respective privacy processing apparatuses may be executed in parallel.
After the data processing task is decomposed into at least one distributed data processing command, the processing command distribution module 220 distributes each distributed data processing command to the corresponding privacy processing device. The privacy processing device performs privacy processing on the processing data according to the received privacy processing logic.
The processing result receiving module 230 receives the privacy processing results returned by the respective privacy processing apparatuses. The processing result determination module 240 determines a data processing result of the data processing task according to the received privacy processing result. For example, the processing result determining module 240 may integrate the privacy processing results of the privacy processing devices according to a result integration manner corresponding to a previous processing decomposition manner, so as to obtain a data processing result of the data processing task.
Alternatively, in one example, the data processing task may be input by a user from the outside. Accordingly, the data application center 200 may further include an interface module 250. The interface module 250 is configured to receive the data processing task and output a data processing result of the data processing task. In one example, the interface module 250 may be implemented using a communication module. In another example, interface module 250 may be implemented with an interface. For example, data application center 200 may provide a human-machine interface for a user. The user may input data processing tasks using a human-machine interface. After obtaining the data processing results, the data application center 200 may use the human-machine interaction interface to provide the data processing results to the user.
Optionally, in another example, the user provides a data processing request to the data application center 200 via the interface module 250. Accordingly, the data application center 200 further includes a processing request analysis module 260. The processing request analysis module 260 analyzes the data processing request to determine the data processing task.
In one example, assume that data owners involved in a data center in a data processing system form a federation. The federation allows federation members to have unlimited use rights for all data stored on all data centers, while for third parties outside the federation, limited data use rights can be set for data at the data centers. In this case, when the data processing request is from a third party outside the federation, the processing request analysis module 260 performs data usage permission query on the processing data required by the data processing request, and determines the data processing task according to the data processing request when the data usage permission query result indicates that the required processing data has the data usage permission.
For example, the data processing request may be a data processing request implemented using an SQL statement. The data application center 200 may provide an operation interface. Which data are available to external authorities are disclosed on the operator interface. The external mechanism can write SQL statements on the operation interface as data processing requests. After receiving the SQL statement, the processing request analysis device uses the SQL statement to perform a data usage permission query in the data center (part of data in the data center is not necessarily expected to be used by a third party outside the federation). And when the data use permission query result indicates that the data to be processed has the data use permission, determining the data processing task according to the SQL statement.
Further, alternatively, when the data processing task or the data processing request comes from a third party outside the federation, the data application center 200 does not want to provide the data processing result directly to the third party. In this case, the data application center 200 may further include a result scrambling module 270. When the data processing task or the data processing request comes from a third party outside the alliance, the result scrambling module 270 performs scrambling processing on the data processing result. Subsequently, the interface module 250 provides the scrambled data processing result to a third party.
Returning to FIG. 1, optionally, data processing system 100 may also include a data logging center 140. The data recording center 140 may be a data recording center implemented based on a block chain structure. Accordingly, the data recording center 140 records data operation behavior information of each data in the data processing task onto the blockchain. Here, the data operation behavior information of each data in the data processing task may include data operation behaviors of each privacy processing device, for example, which privacy processing devices the data is used by, which privacy processing operations are performed, to which devices the privacy processing results are output, and the like. In addition, the data recording center 140 can record a data format (data scheme) onto the blockchain. The data format may include, for example, how many columns the data has, the data type of each column of data, the physical meaning of the data, and so forth.
Where the data processing system 100 includes the data recording center 140, the data application center 200 may also include a provenance processing module 280. In response to receiving the source tracing request of the target data, the source tracing module 280 generates a data operation behavior query request of the target data based on the source tracing request, and sends the generated data operation behavior query request to the data recording center 140. The data recording center 140 queries the data operation behavior information of the target data on the blockchain according to the data operation behavior query request, and returns the data operation behavior information to the source tracing processing module 280 of the data application center 200. The tracing module 280 performs tracing based on the data operation behavior information of the target data. The traceability processing module 280 can be used, for example, to implement data auditing, data processing responsibility confirmation, and the like.
Further, it is noted that only an exemplary implementation embodiment of a data application center is shown in FIG. 2. In other embodiments of the present description, one or more of the interface module 250, the processing request analysis module 260, the result scrambling module 270, and the traceback processing module 280 may not be included.
A data processing method performed at a data application center according to an embodiment of the present specification will be described below with reference to fig. 3 to 5.
Fig. 3 shows a flowchart of one example of a data processing method performed at a data application center according to an embodiment of the present description.
As shown in fig. 3, at block 310, the data application center decomposes the data processing task into at least one distributed data processing command, each distributed data processing command including processed data information and privacy processing logic of the privacy processing device.
After resolving the at least one distributed data processing command, the data application center distributes each distributed data processing command to the corresponding privacy processing device at block 320. The privacy processing device performs privacy processing on the processing data according to the received privacy processing logic.
The data application center receives the obtained privacy processing results from the respective privacy processing devices at block 330, and determines a data processing result of the data processing task from the received privacy processing results at block 340.
With the data processing method shown in fig. 3, one privacy processing device is maintained for each data center, the data application center decomposes the data processing task into at least one distributed data processing command and distributes the distributed data processing command to the corresponding privacy processing device, and the privacy processing device performs privacy processing according to the received privacy processing logic. And the data application center determines the processing result of the data processing task according to the privacy processing result of each privacy processing device. In this way, data coprocessing based on multi-party privacy protection can be achieved.
Fig. 4 shows a flowchart of another example of a data processing method performed at a data application center according to an embodiment of the present description. In the example shown in fig. 4, the various data owners of the data center form a federation. The federation allows federation members to have unlimited use rights for all data stored on all data centers, while for third parties outside the federation, limited data use rights are set for data at the data centers.
At block 410, the data application center receives a data processing request. For example, in one example, the data application center may receive a data processing request input by a user via the interface unit. The data processing request may be, for example, a data processing request implemented using an SQL statement.
At block 415, the data application center determines whether the data processing request was made by a third party outside the federation. If the data processing request is issued by a third party outside the federation, at block 420, a data usage permission query is made for the data processing request for the desired processing data to query whether the third party has data usage permission for the desired processing data. For example, the data usage rights query may be made using SQL statements.
Further, in the case where the data processing system includes a data recording center, and the data recording center records the data usage authority of each data of the data storage device in the blockchain, it may be queried in the blockchain whether the data is allowed to be used by a third party.
And when the data use permission query result indicates that the data to be processed does not have the data use permission, the data processing is not carried out. When the data usage rights query result indicates that the data to be processed has data usage rights, at block 425, a data processing task is determined based on the data processing request.
After determining the data processing task, the data application center decomposes the data processing task into at least one distributed data processing command, each distributed data processing command including the processed data information and the privacy processing logic of the privacy processing device, at block 430.
After resolving the at least one distributed data processing command, the data application center distributes each distributed data processing command to the corresponding privacy processing device, at block 435. The privacy processing device performs privacy processing on the processing data according to the received privacy processing logic.
The data application center receives the resulting privacy processing results from the respective privacy processing devices at block 440, and determines a data processing result for the data processing task based on the received privacy processing results at block 445.
When the data processing request is made by a federation member, the data application center provides the data processing results directly to the data processing request originator at block 450. For example, the data processing request originator may be provided via an interface.
When the data processing request is issued by a third party outside the federation, the data application center scrambles the data processing result at block 455, and provides the scrambled data processing result to the data processing request originator at block 460.
It is noted that the illustration in FIG. 4 is merely one example implementation embodiment of a data processing process. In other embodiments of the present description, various modifications may be made to the embodiment shown in fig. 4. For example, some or all of the operations of blocks 415, 420, 455, and 460 may not be included. Furthermore, in a modified embodiment, the external mechanism input may be directly a data processing task.
With the data processing method shown in fig. 4, by performing data usage permission inquiry with respect to a data processing request issued by a third party other than the federation, data processing is performed only when data required to be processed by the data processing request has data usage permission, so that it is possible to prevent an erroneous operation from occurring without the data usage permission.
In addition, with the data processing method shown in fig. 4, by performing scrambling processing on the data processing result when the data processing request is issued by a third party other than the federation, and providing the data processing result after the scrambling processing to the third party, it is possible to prevent the data processing result from being directly provided to the third party, thereby further enhancing the privacy protection effect.
Furthermore, in the case where the data processing system includes a data recording center, and the data recording center records data operation behavior information of each data of the data processing task in the blockchain, the data tracing process may also be performed.
FIG. 5 shows a flowchart of one example of a tracing process according to embodiments of the present specification.
As shown in fig. 5, after the data application center receives the traceback processing request, a data operation behavior query request of the target data is generated based on the traceback processing request at block 510, and the generated data operation behavior query request is sent to the data recording center at block 520.
At block 530, the data recording center queries the data operation behavior information of the target data in the blockchain, and at block 540, transmits the queried data operation behavior information to the data application center.
At block 550, the data application center performs a tracing process based on the queried data operation behavior information.
As described above with reference to fig. 1 to 5, the data processing method, the data application center, and the data processing system according to the embodiment of the present specification are described. The above data application center may be implemented by hardware, or may be implemented by software, or a combination of hardware and software.
FIG. 6 shows a schematic diagram of an electronic device for implementing data processing procedures at a data application center, in accordance with embodiments of the present description. As shown in fig. 6, electronic device 600 may include at least one processor 610, storage (e.g., non-volatile storage) 620, memory 630, and communication interface 640, and at least one processor 610, storage 620, memory 630, and communication interface 640 are connected together via a bus 660. The at least one processor 610 executes at least one computer-readable instruction (i.e., the elements described above as being implemented in software) stored or encoded in memory.
In one embodiment, computer-executable instructions are stored in the memory that, when executed, cause the at least one processor 610 to: decomposing the data processing task into at least one distributed data processing command, wherein each distributed data processing command comprises processing data information and privacy processing logic of privacy processing equipment; distributing each distributed data processing command to corresponding privacy processing equipment, and carrying out privacy processing by the privacy processing equipment according to the received privacy processing logic; receiving privacy processing results returned by each privacy processing device; and determining a data processing result of the data processing task according to the received privacy processing result.
It should be appreciated that the computer-executable instructions stored in the memory, when executed, cause the at least one processor 610 to perform the various operations and functions described above in connection with fig. 1-5 in the various embodiments of the present description.
According to one embodiment, a program product, such as a machine-readable medium (e.g., a non-transitory machine-readable medium), is provided. A machine-readable medium may have instructions (i.e., elements described above as being implemented in software) that, when executed by a machine, cause the machine to perform various operations and functions described above in connection with fig. 1-5 in the various embodiments of the present specification. Specifically, a system or apparatus may be provided which is provided with a readable storage medium on which software program code implementing the functions of any of the above embodiments is stored, and causes a computer or processor of the system or apparatus to read out and execute instructions stored in the readable storage medium.
In this case, the program code itself read from the readable medium can realize the functions of any of the above-described embodiments, and thus the machine-readable code and the readable storage medium storing the machine-readable code form part of the present invention.
Examples of the readable storage medium include floppy disks, hard disks, magneto-optical disks, optical disks (e.g., CD-ROMs, CD-R, CD-RWs, DVD-ROMs, DVD-RAMs, DVD-RWs), magnetic tapes, nonvolatile memory cards, and ROMs. Alternatively, the program code may be downloaded from a server computer or from the cloud via a communications network.
It will be understood by those skilled in the art that various changes and modifications may be made in the above-disclosed embodiments without departing from the spirit of the invention. Accordingly, the scope of the invention should be determined from the following claims.
It should be noted that not all steps and units in the above flows and system structure diagrams are necessary, and some steps or units may be omitted according to actual needs. The execution order of the steps is not fixed, and can be determined as required. The apparatus structures described in the above embodiments may be physical structures or logical structures, that is, some units may be implemented by the same physical entity, or some units may be implemented by a plurality of physical entities, or some units may be implemented by some components in a plurality of independent devices.
In the above embodiments, the hardware units or modules may be implemented mechanically or electrically. For example, a hardware unit, module or processor may comprise permanently dedicated circuitry or logic (such as a dedicated processor, FPGA or ASIC) to perform the corresponding operations. The hardware units or processors may also include programmable logic or circuitry (e.g., a general purpose processor or other programmable processor) that may be temporarily configured by software to perform the corresponding operations. The specific implementation (mechanical, or dedicated permanent, or temporarily configured) may be determined based on cost and time considerations.
The detailed description set forth above in connection with the appended drawings describes exemplary embodiments but does not represent all embodiments that may be practiced or fall within the scope of the claims. The term "exemplary" used throughout this specification means "serving as an example, instance, or illustration," and does not mean "preferred" or "advantageous" over other embodiments. The detailed description includes specific details for the purpose of providing an understanding of the described technology. However, the techniques may be practiced without these specific details. In some instances, well-known structures and devices are shown in block diagram form in order to avoid obscuring the concepts of the described embodiments.
The previous description of the disclosure is provided to enable any person skilled in the art to make or use the disclosure. Various modifications to the disclosure will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other variations without departing from the scope of the disclosure. Thus, the disclosure is not intended to be limited to the examples and designs described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (21)
1. A data processing system based on multi-party privacy protection, comprising:
the data center comprises at least two data storage devices, and each data storage device is deployed at a different data owner;
at least two privacy processing devices, each privacy processing device corresponding to one data center and being communicably connected with a respective data storage device in the data center; and
a data application center communicably connected with the respective privacy processing devices,
the data application center decomposes the data processing task into at least one distributed data processing command according to a processing data source and a data processing logic of the data processing task and processing configuration information of each privacy processing device, each distributed data processing command comprises processing data information and a privacy processing logic of the privacy processing device, the processing data information comprises source information of each processing data used by the privacy processing device when the corresponding distributed data processing command is executed, the privacy processing logic comprises the processing logic of each processing data used and/or a relation between each processing logic, and each distributed data processing command is distributed to the corresponding privacy processing device, and the privacy processing device determines that the processing data used by the privacy processing device is originated from the privacy processing device according to the processing data information in the received distributed data processing command And the corresponding data storage equipment in the corresponding data center acquires corresponding processing data from the determined data storage equipment, and carries out privacy processing according to privacy processing logic in the received distributed data processing command, wherein the privacy processing is based on data privacy processing and calculation under a privacy protection strategy, the obtained privacy processing result is returned to the data application center, and the data application center determines the data processing result of the data processing task according to the received privacy processing result.
2. The data processing system of claim 1, wherein the data application center comprises:
the processing task decomposition module is used for decomposing the data processing task into at least one distributed data processing command according to a processing data source and a data processing logic of the data processing task and processing configuration information of each privacy processing device, wherein each distributed data processing command comprises processing data information and the privacy processing logic of the privacy processing device;
the processing command distribution module is used for distributing each distributed data processing command to corresponding privacy processing equipment, and the privacy processing equipment carries out privacy processing according to the received privacy processing logic;
the processing result receiving module is used for receiving the privacy processing result returned by the privacy processing equipment; and
and the processing result determining module is used for determining the data processing result of the data processing task according to the received privacy processing result.
3. The data processing system of claim 2, wherein the data application center further comprises:
and the interface module is used for receiving the data processing task and outputting a data processing result of the data processing task.
4. The data processing system of claim 2, wherein the data application center further comprises:
the interface module receives a data processing request and outputs a data processing result of the data processing task; and
and the processing request analysis module is used for analyzing the data processing request and determining the data processing task.
5. The data processing system of claim 4, wherein the data processing request comprises a data processing request implemented using an SQL statement.
6. The data processing system of claim 4, wherein the data owners involved in the data center form a federation, when the data processing request is from a third party outside the federation, the processing request analysis module performs data usage right query on the processing data required by the data processing request, and when the data usage right query result indicates that the required processing data has data usage right, determines the data processing task according to the data processing request.
7. The data processing system of claim 3 or 4, wherein the data owners involved in the data center form a federation, the data application center further comprising:
a result scrambling module for scrambling the data processing result when the data processing task or the data processing request comes from a third party outside the alliance,
and the interface module provides the scrambled data processing result to the third party.
8. The data processing system of claim 1, further comprising:
and the data recording center records the data operation behavior information of each data in the data processing task to the block chain.
9. The data processing system of claim 8, wherein the data application center further comprises:
the source tracing processing module is used for responding to a source tracing processing request of target data, generating a data operation behavior query request of the target data and sending the data operation behavior query request to the data recording center, and performing source tracing processing based on the data operation behavior information of the target data returned by the data recording center,
and the data operation behavior information is obtained by querying the data recording center on the block chain according to the data operation behavior query request.
10. A data application center based on multi-party privacy protection, comprising:
the processing task decomposition module is used for decomposing the data processing task into at least one distributed data processing command according to a processing data source and a data processing logic of the data processing task and processing configuration information of each privacy processing device, each distributed data processing command comprises processing data information and a privacy processing logic of the privacy processing device, the processing data information comprises source information of each processing data used by the privacy processing device when the corresponding distributed data processing command is executed, and the privacy processing logic comprises the processing logic of each used processing data and/or the relationship among the processing logics;
the processing command distribution module is used for distributing each distributed data processing command to corresponding privacy processing equipment, processing data information in each distributed data processing command is used by the corresponding privacy processing equipment to determine which data storage equipment in a data center corresponding to the privacy processing equipment the processing data used by the privacy processing equipment originates from and acquire the corresponding processing data from the determined data storage equipment, and the acquired processing data is used by the corresponding privacy processing equipment to perform privacy processing according to privacy processing logic in the distributed data processing command, wherein the privacy processing is based on data privacy processing and calculation under a privacy protection strategy;
the processing result receiving module is used for receiving the privacy processing results returned by the corresponding privacy processing equipment; and
a processing result determination module that determines a data processing result of the data processing task according to the received privacy processing result,
the data application center, at least two data centers and at least two privacy processing devices form a data processing system, each data center comprises at least two data storage devices, each data storage device is arranged at different data owners, and each privacy processing device corresponds to one data center and is connected with each data storage device in the data center and the data application center in a communication mode.
11. A method for data processing based on multi-party privacy protection for data in a data processing system, the data processing system including at least two data centers, at least two privacy processing devices, and a data application center, each data center including at least two data storage devices, each data storage device being deployed at a different data owner, each privacy processing device corresponding to one data center and being communicably connected to a respective data storage device and data application center in the data center, the method being performed by the data application center, the method comprising:
decomposing the data processing task into at least one distributed data processing command according to a processing data source and a data processing logic of the data processing task and processing configuration information of each privacy processing device, wherein each distributed data processing command comprises processing data information and a privacy processing logic of the privacy processing device, the processing data information comprises source information of each processing data used by the privacy processing device when the corresponding distributed data processing command is executed, and the privacy processing logic comprises the processing logic of each processing data used and/or a relation between each processing logic;
distributing each distributed data processing command to corresponding privacy processing equipment, wherein processing data information in each distributed data processing command is used by the corresponding privacy processing equipment to determine which data storage equipment in a data center corresponding to the privacy processing equipment the processing data used by the privacy processing equipment originates from and acquire the corresponding processing data from the determined data storage equipment, and the acquired processing data is used by the corresponding privacy processing equipment to perform privacy processing according to privacy processing logic in the distributed data processing command, wherein the privacy processing is based on data privacy processing and calculation under a privacy protection policy;
receiving privacy processing results returned by each corresponding privacy processing device; and
and determining a data processing result of the data processing task according to the received privacy processing result.
12. The method of claim 11, further comprising:
receiving said data processing task, an
And after the data processing result of the data processing task is determined, outputting the data processing result.
13. The method of claim 11, further comprising:
receiving a data processing request;
analyzing said data processing request, determining said data processing task, an
And after the data processing result of the data processing task is determined, outputting the data processing result.
14. The method of claim 13, wherein data owners involved in the data center comprise a federation,
analyzing the data processing request, and determining the data processing task comprises:
and when the data processing request is from a third party except the alliance, performing data use permission query on data required to be processed by the data processing request, and when the data use permission query result indicates that the data required to be processed has the data use permission, determining the data processing task according to the data processing request.
15. The method of claim 12 or 13, wherein the data owners involved in the data center form a federation, the method further comprising:
and when the data processing task or the data processing request comes from a third party outside the alliance, scrambling the data processing result.
16. The method of claim 11, wherein the data processing system further comprises a data logging center that logs data operation behavior information for each data in the data processing task to a blockchain, the method further comprising:
responding to a received source tracing processing request of target data, generating a data operation behavior query request of the target data and sending the data operation behavior query request to the data recording center, wherein the data operation behavior query request is used by the data recording center to query data operation behavior information of the target data on the block chain; and
and performing source tracing processing based on the data operation behavior information of the target data returned by the data recording center.
17. A data processing method based on multi-party privacy protection, the data processing method being performed by a data processing system, the data processing system including at least two data centers, at least two privacy processing devices, and a data application center, each data center including at least two data storage devices, each data storage device being deployed at a different data owner, each privacy processing device corresponding to one data center and being communicably connected with each data storage device in the data center and the data application center, the data processing method comprising:
at the data application center, decomposing the data processing task into at least one distributed data processing command according to a processing data source and a data processing logic of the data processing task and processing configuration information of each privacy processing device, wherein each distributed data processing command comprises processing data information and a privacy processing logic of the privacy processing device, the processing data information comprises source information of each processing data used by the privacy processing device when the corresponding distributed data processing command is executed, and the privacy processing logic comprises the processing logic of each processing data used and/or a relation between each processing logic, and distributes each distributed data processing command to the corresponding privacy processing device;
at each corresponding privacy processing device, determining which data storage devices in a data center corresponding to the privacy processing device the processing data used by the privacy processing device originates from according to the processing data information in the received distributed data processing command, acquiring the corresponding processing data from the determined data storage devices, and performing privacy processing according to the privacy processing logic in the received distributed data processing command, wherein the privacy processing is based on data privacy processing and calculation under a privacy protection policy, and returning the obtained privacy processing result to the data application center;
determining, at the data application center, a processing result of the data processing task from the received privacy processing result.
18. The data processing method of claim 17, the data processing system further comprising a data recording center, the data processing method further comprising:
and the data recording center records the data operation behavior information of each data in the data processing task to a block chain.
19. The data processing method of claim 18, further comprising:
in the data application center, responding to a received source tracing processing request of target data, generating a data operation behavior query request of the target data and sending the data operation behavior query request to the data recording center;
querying, at the data recording center, data operation behavior information of the target data on the block chain according to the data operation behavior query request; and
and at the data application center, performing source tracing processing based on the data operation behavior information of the target data returned by the data recording center.
20. An electronic device, comprising:
at least one processor, and
a memory coupled with the at least one processor, the memory storing instructions that, when executed by the at least one processor, cause the at least one processor to perform the method of any of claims 11 to 16.
21. A machine-readable storage medium storing executable instructions that, when executed, cause the machine to perform the method of any of claims 11 to 16.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010462491.7A CN111368338B (en) | 2020-05-27 | 2020-05-27 | Data processing method and data processing system based on multi-party privacy protection |
| PCT/CN2021/096165 WO2021239005A1 (en) | 2020-05-27 | 2021-05-26 | Data processing method and data processing system based on multi-party privacy protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010462491.7A CN111368338B (en) | 2020-05-27 | 2020-05-27 | Data processing method and data processing system based on multi-party privacy protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111368338A CN111368338A (en) | 2020-07-03 |
| CN111368338B true CN111368338B (en) | 2020-12-22 |
Family
ID=71211050
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010462491.7A Active CN111368338B (en) | 2020-05-27 | 2020-05-27 | Data processing method and data processing system based on multi-party privacy protection |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN111368338B (en) |
| WO (1) | WO2021239005A1 (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111368338B (en) * | 2020-05-27 | 2020-12-22 | 支付宝(杭州)信息技术有限公司 | Data processing method and data processing system based on multi-party privacy protection |
| CN111737767B (en) * | 2020-07-31 | 2020-11-17 | 支付宝(杭州)信息技术有限公司 | Method and device for performing secure operation on private data |
| CN114697113A (en) * | 2022-03-30 | 2022-07-01 | 医渡云(北京)技术有限公司 | Hardware accelerator card-based multi-party privacy calculation method, device and system |
| CN115051878B (en) * | 2022-08-16 | 2023-01-06 | 天聚地合(苏州)科技股份有限公司 | Interface-based privacy calculation method, system, storage medium and equipment |
| CN116055564A (en) * | 2022-12-28 | 2023-05-02 | 支付宝(杭州)信息技术有限公司 | Cross-platform task scheduling method, computing task executing method and device |
| CN115795556B (en) * | 2023-01-28 | 2023-05-09 | 北京火山引擎科技有限公司 | Data processing method, device, computer equipment and storage medium |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10242209B2 (en) * | 2015-08-27 | 2019-03-26 | International Business Machines Corporation | Task scheduling on hybrid clouds using anonymization |
| CN108268769A (en) * | 2016-12-31 | 2018-07-10 | ***通信集团四川有限公司 | The method and system of data access entitlement are performed to user |
| CN107800787B (en) * | 2017-10-23 | 2020-10-16 | 图斯崆南京科技有限公司 | Distributed big data real-time exchange sharing computer network system |
| CN110210246B (en) * | 2019-05-31 | 2022-01-07 | 创新先进技术有限公司 | Personal data service method and system based on safety calculation |
| CN110796267A (en) * | 2019-11-12 | 2020-02-14 | 支付宝(杭州)信息技术有限公司 | Machine learning method and machine learning device for data sharing |
| CN110889139B (en) * | 2019-11-26 | 2021-03-23 | 支付宝(杭州)信息技术有限公司 | Method and device for multi-party combined dimensionality reduction processing aiming at user privacy data |
| CN110992037A (en) * | 2020-03-03 | 2020-04-10 | 支付宝(杭州)信息技术有限公司 | Risk prevention and control method, device and system based on multi-party security calculation |
| CN111368338B (en) * | 2020-05-27 | 2020-12-22 | 支付宝(杭州)信息技术有限公司 | Data processing method and data processing system based on multi-party privacy protection |
-
2020
- 2020-05-27 CN CN202010462491.7A patent/CN111368338B/en active Active
-
2021
- 2021-05-26 WO PCT/CN2021/096165 patent/WO2021239005A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021239005A1 (en) | 2021-12-02 |
| CN111368338A (en) | 2020-07-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111368338B (en) | Data processing method and data processing system based on multi-party privacy protection | |
| US11810079B2 (en) | Systems and methods for tracking subdivided ownership of connected devices using block-chain ledgers | |
| US20240143833A1 (en) | System and method of filtering consumer data | |
| US20240022607A1 (en) | Automated and adaptive model-driven security system and method for operating the same | |
| JP6923228B2 (en) | Reliable vehicle telematics using blockchain data analysis | |
| CN109118214B (en) | Method and device for operating intelligent contract | |
| CN108463827B (en) | System and method for detecting sensitive information leakage while preserving privacy | |
| CA2948230C (en) | Systems and method for tracking subdivided ownership of connected devices using block-chain ledgers | |
| JP2020503579A (en) | Blockchain-based method and system for specifying recipients of electronic communication | |
| Chatzikokolakis et al. | Methods for location privacy: A comparative overview | |
| DE102016100494A1 (en) | Secure identity authentication in an electronic transaction | |
| US10319479B2 (en) | Remote monitoring and dynamic document management systems and methods | |
| CN103782293A (en) | Multidimension clusters for data partitioning | |
| US9716700B2 (en) | Code analysis for providing data privacy in ETL systems | |
| CN111914408B (en) | Threat modeling-oriented information processing method and system and electronic equipment | |
| CN110100423A (en) | The generation using licence list for machine | |
| Holmes et al. | A framework for live host-based Bitcoin wallet forensics and triage | |
| CA2948229C (en) | Systems and method for tracking enterprise events using hybrid public-private blockchain ledgers | |
| US10521601B2 (en) | System and method for data governance | |
| Saadiah | Consortium blockchain for military supply chain | |
| Park et al. | Data Privacy in Wearable IoT Devices: Anonymization and Deanonymization | |
| Alashjaee et al. | Forensic Requirements Specification for Mobile Device Malware Forensic Models | |
| Portillo-Dominguez et al. | Towards an efficient log data protection in software systems through data minimization and anonymization | |
| Sipior et al. | Cyberespionage goes mobile: Fasttrans company attacked | |
| Stetsenko et al. | Provision mechanism of authenticity of data origin in cloud environment based on Blockchain technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40032510 Country of ref document: HK |