CN114172958A - Private computing node, system, method, apparatus, and storage medium - Google Patents
Private computing node, system, method, apparatus, and storage medium Download PDFInfo
- Publication number
- CN114172958A CN114172958A CN202111409086.XA CN202111409086A CN114172958A CN 114172958 A CN114172958 A CN 114172958A CN 202111409086 A CN202111409086 A CN 202111409086A CN 114172958 A CN114172958 A CN 114172958A
- Authority
- CN
- China
- Prior art keywords
- privacy
- service
- communication
- privacy computing
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of privacy computation, in particular provides a privacy computation node, a system, a method, a device and a medium, and aims to solve the problems of improving the communication reliability between different computation nodes in the privacy computation and simplifying the computation logic of the privacy computation. The privacy computing nodes comprise business agency services and communication agency services, and the business agency services are configured to establish communication links with other privacy computing nodes through the communication agency services of the current privacy computing node and cooperatively execute the same privacy computing task with the business agency services of the other privacy computing nodes through the communication links. The communication tasks among different privacy computing nodes are completed through the special communication agent service, the communication reliability among the different privacy computing nodes can be obviously improved, and meanwhile, the service agent service does not relate to the communication tasks among the different privacy computing nodes at all, so that the computing logic of the service agent service in executing the privacy computing tasks can be obviously simplified.
Description
Technical Field
The invention relates to the technical field of privacy computation, and particularly provides a privacy computation node, a system, a method, a device and a storage medium.
Background
Privacy computing (Privacy computing) refers to a technique of performing joint analysis computation on data of multiple data sources without revealing the data. In the privacy calculation process, a plurality of data sources (calculation nodes) are required to perform communication interaction and cooperatively execute the same privacy calculation task, so that the privacy calculation can be completed. In the technical field of privacy computation, a point-to-point communication method is generally adopted to realize communication interaction among different computing nodes, and when the number of the computing nodes is large, the method will increase the complexity of the privacy computation logic and reduce the computation efficiency of the privacy computation.
Disclosure of Invention
In order to overcome the above-mentioned drawbacks, the present invention has been developed to provide a private computing node, a system, a method, an apparatus, and a storage medium that solve, or at least partially solve, the technical problem of how to improve the reliability of communication between different computing nodes in private computing and simplify the computing logic of private computing.
In a first aspect, the present invention provides a privacy computing node configured to perform the same privacy computing task in cooperation with other privacy computing nodes, each of the privacy computing nodes comprising a business agent service and a communication agent service;
the business agent service is configured to establish communication links with other privacy computing nodes through the communication agent service of the current privacy computing node, and execute the same privacy computing task in cooperation with the business agent services of other privacy computing nodes through the communication links.
In an aspect of the above privacy computing node, the communication proxy service includes a first communication processing module, and the first communication processing module is configured to:
receiving a communication request sent by a service agent service of a current privacy computing node, wherein the communication request comprises node information of a target privacy computing node needing to establish a communication link with the current privacy computing node and subtasks needing to be executed by the target privacy computing node when the same privacy computing task is cooperatively executed;
determining a service address of a target communication agent service of the target privacy computation node according to the node information;
sending a first TLS connection request for establishing bidirectional authentication to the target communication agent service according to the service address, wherein the first TLS connection request comprises a subtask in the communication request;
the target communication agent service is configured to send the subtask in the first TLS connection request to the service agent service of the target privacy computation node after the current privacy computation node and the target privacy computation node complete bidirectional authentication on the first TLS connection request, so that the service agent service can execute the subtask.
In an aspect of the above privacy computing node, the communication proxy service includes a second communication processing module, where the second communication processing module is configured to:
receiving a second TLS connection request for establishing bidirectional authentication, which is sent by a target communication agent service of a target privacy computing node establishing a communication link with a current privacy computing node, wherein the second TLS connection request comprises subtasks which need to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed;
and after the current privacy computing node and the target privacy computing node complete bidirectional authentication on the second TLS connection request, sending the subtask in the second TLS connection request to a service agent service of the current privacy computing node, so that the service agent service can execute the subtask.
In one technical solution of the privacy computing node, the first communication processing module includes a routing table, and the routing table stores node information of each privacy computing node and a service address of a communication agent service; the first communication processing module is further configured to query the routing table according to the node information of the target privacy computation node, and determine a service address of a target communication agent service of the target privacy computation node.
In a technical solution of the above privacy computing node, the second communication processing module is a communication processing module constructed based on a reverse proxy service technology.
In a second aspect, a privacy computing system is provided, the system comprising a plurality of privacy computing nodes according to any one of the above-described aspects of privacy computing nodes.
In a third aspect, a privacy computation method is provided, which is applied to a privacy computation node, where the privacy computation node includes a service agent service and a communication agent service, and the method includes:
and the business agent service controlling the current privacy computing node establishes a communication link with other privacy computing nodes through the communication agent service of the business agent service, and cooperatively executes the same privacy computing task with the business agent services of other privacy computing nodes through the communication link.
In an embodiment of the foregoing privacy computing method, the method further includes controlling a communication agent service of the current privacy computing node to send, to a target privacy computing node that needs to establish a communication link with the current privacy computing node, a subtask that needs to be executed by the target privacy computing node when the same privacy computing task is cooperatively executed, by performing the following steps:
receiving a communication request sent by a service agent service of a current privacy computing node, wherein the communication request comprises node information of a target privacy computing node and subtasks which need to be executed by the target privacy computing node when the same privacy computing task is cooperatively executed;
determining a service address of a target communication agent service of the target privacy computation node according to the node information;
sending a first TLS connection request for establishing bidirectional authentication to the target communication agent service according to the service address, wherein the first TLS connection request comprises a subtask in the communication request;
the target communication agent service is configured to send a subtask in the first TLS connection request to a service agent service of the target privacy computation node after the current privacy computation node and the target privacy computation node complete bidirectional authentication on the first TLS connection request, so that the service agent service executes the subtask;
and/or the presence of a gas in the gas,
the method also comprises the step of controlling the communication agent service of the current privacy computing node to receive subtasks which are sent by a target privacy computing node establishing a communication link with the current privacy computing node and need to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed, by executing the following steps:
receiving a second TLS connection request for establishing bidirectional authentication, which is sent by a target communication agent service of a target privacy computing node establishing a communication link with a current privacy computing node, wherein the second TLS connection request comprises subtasks which need to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed;
and after the current privacy computing node and the target privacy computing node complete bidirectional authentication on the second TLS connection request, sending the subtask in the second TLS connection request to a service agent service of the current privacy computing node, so that the service agent service can execute the subtask.
In one technical solution of the privacy computation method, the method further includes querying a routing table according to the node information of the target privacy computation node, and determining a service address of a target communication agent service of the target privacy computation node; and the routing table stores the node information of each privacy computing node and the service address of the communication agent service.
In one technical solution of the privacy computing method, the method further includes controlling, based on a reverse proxy service technology, a communication proxy service of the current privacy computing node to receive a subtask sent by a target privacy computing node that establishes a communication link with the current privacy computing node.
In a fourth aspect, a control device is provided, which comprises a processor and a storage device, wherein the storage device is adapted to store a plurality of program codes, and the program codes are adapted to be loaded and run by the processor to execute the privacy calculation method according to any one of the above-mentioned technical aspects of the privacy calculation method.
In a fifth aspect, a computer readable storage medium is provided, in which a plurality of program codes are stored, the program codes being adapted to be loaded and run by a processor to perform the privacy calculation method according to any one of the above-mentioned technical aspects of the privacy calculation method.
One or more technical schemes of the invention at least have one or more of the following beneficial effects:
in the technical scheme of implementing the invention, each privacy computing node can comprise a business agent service and a communication agent service, and the business agent service can be configured to establish a communication link with other privacy computing nodes through the communication agent service of the current privacy computing node and execute the same privacy computing task in cooperation with the business agent services of other privacy computing nodes through the communication link. Namely, the service agent service is responsible for completing privacy computation tasks in privacy computation, the communication agent service is responsible for completing communication tasks among different privacy computation nodes in the privacy computation, and the privacy computation tasks and the communication tasks in the privacy computation are completely decoupled and completed by different agent services. The communication tasks among different privacy computing nodes are completed through the special communication agent service, the communication reliability among the different privacy computing nodes can be obviously improved, and meanwhile, the business agent service does not relate to the communication tasks among the different privacy computing nodes at all, so that the computing logic of the business agent service in executing the privacy computing tasks can be obviously simplified.
Drawings
The disclosure of the present invention will become more readily understood with reference to the accompanying drawings. As is readily understood by those skilled in the art: these drawings are for illustrative purposes only and are not intended to constitute a limitation on the scope of the present invention. Moreover, in the drawings, like numerals are used to indicate like parts, and in which:
FIG. 1 is a block diagram representation of the main structure of a private compute node according to one embodiment of the present invention;
FIG. 2 is a schematic diagram of the main operational flow of a communication proxy service in a privacy computing node according to one embodiment of the present invention;
FIG. 3 is a block diagram illustrating the main architecture of a communication proxy service in a private computing node, according to one embodiment of the present invention;
fig. 4 is a flow chart illustrating the main steps of a privacy calculation method according to an embodiment of the present invention.
List of reference numerals:
11: a service agent service; 12: communication proxy service; 21: a route analysis module; 22: a network request module; 23: and a reverse proxy module.
Detailed Description
Some embodiments of the invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are only for explaining the technical principle of the present invention, and are not intended to limit the scope of the present invention.
In the description of the present invention, a "module" or "processor" may include hardware, software, or a combination of both. A module may comprise hardware circuitry, various suitable sensors, communication ports, memory, may comprise software components such as program code, or may be a combination of software and hardware. The processor may be a central processing unit, a microprocessor, a digital signal processor, or any other suitable processor. The processor has data and/or signal processing functionality. The processor may be implemented in software, hardware, or a combination thereof. Non-transitory computer readable storage media include any suitable medium that can store program code, such as magnetic disks, hard disks, optical disks, flash memory, read-only memory, random-access memory, and the like. The term "a and/or B" denotes all possible combinations of a and B, such as a alone, B alone or a and B. The term "at least one A or B" or "at least one of A and B" means similar to "A and/or B" and may include only A, only B, or both A and B. The singular forms "a", "an" and "the" may include the plural forms as well.
Some terms to which the present invention relates are explained first.
Privacy computing (Privacy computing) refers to a technology of performing joint analysis computation on data of multiple data sources without leakage of the data, and a Privacy computing node refers to a computer or other device capable of executing a Privacy computing method. Privacy computing methods include, but are not limited to: multi-party security computing, federal learning, etc. In an embodiment of the invention, the calculation object of the privacy calculation method may be data in the financial wind control technology field, for example, behavior data generated by different objects (such as individuals or enterprises) in the financial transaction in the financial wind control technology field, and the privacy calculation task of the privacy calculation method may be that a rating card model is trained by using a federal learning method and the behavior data, so as to obtain a credit score of the object to be rated by using the trained rating card model, and further determine whether the object to be rated has a default risk according to the credit score.
Transport Layer Security (TLS) refers to a conventional Security protocol in the field of communications technology, and may be divided into one-way TLS authentication and two-way TLS authentication according to different authentication methods, where the one-way TLS authentication refers to only one object checking the legitimacy of an opposite end, such as the client checking the legitimacy of a server (identity authentication), and the two-way TLS authentication refers to two objects checking the legitimacy of an opposite end, such as the client and the server checking the legitimacy of the opposite end. In the embodiment of the present invention, the first TLS connection request and the second TLS connection request are both connection requests generated when bidirectional TLS authentication is employed.
The reverse proxy service technology refers to a conventional proxy technology in the computer technology field, which refers to issuing requests to an internal server on behalf of external network users, forwarding the requests to the internal server, and then returning a response obtained from the internal server to the external network users.
Referring to FIG. 1, FIG. 1 is a block diagram of the main structure of a private computing node according to one embodiment of the invention. The privacy computing nodes may be configured to perform the same privacy computing task in cooperation with other privacy computing nodes, each of which may include a service broker service 11 and a correspondent broker service 12, as shown in fig. 1. The business agent service can be configured to establish communication links with other privacy computing nodes through the communication agent service of the current privacy computing node and execute the same privacy computing task in cooperation with the business agent services of other privacy computing nodes through the communication links.
The service agent service 11 refers to a functional module, a program, a routine or a process which is provided by the privacy computing node and can complete the privacy computing task in the privacy computing, and the communication agent service 12 refers to a functional module, a program, a routine or a process which is provided by the privacy computing node and can complete the communication task between different privacy computing nodes in the privacy computing.
The privacy computing task can be a task which is constructed according to actual requirements and needs to be cooperatively completed by jointly using data of different privacy computing nodes. For example, the privacy computation task may be to jointly use financial wind control data held by different privacy computation nodes to cooperatively train the same scoring card model, so as to determine credit scores of different objects by using the scoring card model, and classify each object according to the credit scores, wherein the classification categories may be objects with default risks and objects without default risks.
It should be noted that, in the embodiment of the present invention, a conventional privacy computing method in the technical field of privacy computing may be adopted to control a plurality of privacy computing nodes to cooperatively execute the same privacy computing task, for example, a multi-party security computing method or a federal learning method is adopted, and details are not repeated here.
The service agent service is only responsible for completing the privacy calculation task in the privacy calculation, and the communication tasks among different privacy calculation nodes are all completed by the communication agent service, so the privacy calculation task and the communication task in the privacy calculation can be completely decoupled. The communication tasks among different privacy computing nodes are completed through the special communication agent service, the communication reliability among the different privacy computing nodes can be obviously improved, and meanwhile, the business agent service does not relate to the communication tasks among the different privacy computing nodes at all, so that the computing logic of the business agent service in executing the privacy computing tasks can be obviously simplified.
The communication proxy service 12 is further described below.
In one embodiment according to the present invention, the communication proxy service 12 may include a first communication processing module, and the first communication processing module may be configured to perform the following steps:
step 11: and receiving a communication request sent by the service agent service of the current privacy computing node, wherein the communication request can comprise node information of a target privacy computing node needing to establish a communication link with the current privacy computing node and subtasks needing to be executed by the target privacy computing node when the same privacy computing task is cooperatively executed.
The node information refers to information that can uniquely indicate which node the private computing node is. In this embodiment, the service proxy service may be controlled to send a communication request to the communication proxy service by using the node information carried in the HTTP request packet. For example, when the node information is a URL address (Uniform Resource Locator) of the privacy computing node, the URL address of the target privacy computing node may be carried by the URL information in the HTTP request message.
The subtasks refer to tasks executed at different stages in the process of cooperatively completing the same privacy computation task, and the privacy computation task can be completed only after tasks in all stages are completed. For example, when a federal learning method is adopted to control all privacy computing nodes to cooperatively train the same scoring card model, each privacy computing node can obtain a model parameter owned by each privacy computing node after performing one-time iterative training on the scoring card model according to data owned by each privacy computing node, and at the moment, each privacy computing node needs to perform data exchange with other privacy computing nodes to obtain the model parameter of other privacy computing nodes, so that the final model parameter can be obtained. And the data exchange with other privacy computing nodes is carried out, and the model parameter obtained by obtaining other privacy computing nodes is a subtask of the privacy computing task.
Step 12: and determining the service address of the target communication agent service of the target privacy computing node according to the node information.
In this embodiment, a service address of a corresponding communication proxy service may be preset for each node information, so that the corresponding service address may be directly queried according to the node information.
In one embodiment, the node information of each privacy computing node and the service address of the correspondent agent service may be stored in a routing table, and the first communication processing module may be further configured to query the routing table according to the node information of the target privacy computing node and determine the service address of the target correspondent agent service of the target privacy computing node. The format of the routing table includes, but is not limited to: yaml format, json format, scv format, and databases, among others.
Step 13: and sending a first TLS connection request for establishing the bidirectional authentication to the target communication agent service according to the service address, wherein the first TLS connection request can comprise a subtask in the communication request. After receiving the first TLS connection request, the target communication proxy service may send the subtask in the first TLS connection request to the service proxy service of the target privacy computing node after the current privacy computing node and the target privacy computing node perform bidirectional authentication on the first TLS connection request, so that the service proxy service executes the subtask.
In this embodiment, a conventional TLS method in the field of communications technology may be used to control the communication proxy service to send a first TLS connection request for establishing bidirectional authentication to the target communication proxy service according to the service address, and the working principle of the TLS method is not described herein again.
The operation flow of the communication agent service is further described with reference to fig. 2, taking the current privacy computing node as the privacy computing node a and the target privacy computing node as the privacy computing node B. Referring to fig. 2, the specific process of the privacy computing node a sending the communication request to the privacy computing node B through its communication proxy service is as described in steps S101 to S106 below.
Step S101: the business agency service of the privacy computing node A sends a communication request to the communication agency service of the privacy computing node A. The communication request comprises subtasks which need to be executed by the private computing node B when cooperatively executing the same private computing task.
Step S102: and acquiring a routing table.
Step S103: and resolving the communication request to determine the service address.
The communication agent service of the privacy computation node A analyzes the communication request to obtain the node information of the privacy computation node B, and the routing table is inquired according to the node information to obtain the service address of the communication agent service of the privacy computation node B.
Step S104: the TLS client key is configured.
And establishing a first TLS connection request of bidirectional authentication for the communication agent service of the privacy computing node B after the TLS client key is configured. The first TLS connection request includes the subtask included in the communication request in step S101.
Step S105: the reverse proxy service configures the TLS server side key.
The reverse proxy service (i.e., the second communication processing module in the communication proxy service, which is specifically described in another embodiment) in the communication proxy service of the privacy computing node B configures the TLS server key, so that the privacy computing node a and the privacy computing node B can complete bidirectional authentication according to the TLS client key and the TLS server key, respectively. Meanwhile, after the bidirectional authentication is passed, the communication proxy service of the privacy computing node B sends the subtask in the first TLS connection request to the service proxy service of the privacy computing node B, so that the service proxy service of the privacy computing node B executes the subtask.
Step S106: the service agent service of the privacy computing node B receives the communication request.
The service agent service of the privacy computation node B receives the subtask sent by the communication agent service, namely, the service agent service of the privacy computation node A receives the communication request sent by the communication agent service. Meanwhile, after the subtask is received, the subtask can be executed.
In another embodiment according to the present invention, the communication proxy service 12 may include a second communication processing module, and the second communication processing module may be a communication processing module constructed based on a reverse proxy service technology, and the second communication processing module may be configured to perform the following steps:
step 21: and receiving a second TLS connection request for establishing bidirectional authentication sent by a target communication agent service of a target privacy computing node for establishing a communication link with the current privacy computing node, wherein the second TLS connection request can comprise subtasks which need to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed.
It should be noted that the second TLS connection request and the subtask are similar to the first TLS connection request and the subtask in the foregoing embodiment, and are not described herein again.
Step 22: and after the current privacy computing node and the target privacy computing node complete bidirectional authentication on the second TLS connection request, sending the subtask in the second TLS connection request to the service agent service of the current privacy computing node so that the service agent service can execute the subtask.
Continuing with fig. 2, assuming that the current privacy computing node is the privacy computing node B and the target privacy computing node is the privacy computing node a, the privacy computing node a may send a second TLS connection request for establishing bidirectional authentication to the communication proxy service of the privacy computing node B through its communication proxy service (step S104), and after the privacy computing node a and the privacy computing node B complete bidirectional authentication on the second TLS connection request, the privacy computing node B may send a subtask in the second TLS connection request to the service proxy service of the privacy computing node B (step S105), so that the service proxy service performs the subtask.
Referring to fig. 3, in still another embodiment according to an embodiment of the present invention, the communication proxy service may include a route resolution module 21, a network request module 22, and a reverse proxy module 23. The module function of the route analyzing module 21 is similar to the functions in step 11 to step 12 that can be executed by the first communication processing module in the foregoing embodiment, the module function of the network request module 22 is similar to the function in step 13 that can be executed by the first communication processing module in the foregoing embodiment, and the module function of the reverse proxy module 23 is similar to the function in step 21 to step 22 that can be executed by the second communication processing module in the foregoing embodiment, which is not described again.
Further, the invention also provides a privacy computing system.
In an embodiment of a privacy computing system according to the invention, the privacy computing system may comprise a plurality of privacy computing nodes as described in the aforementioned privacy computing node embodiments. For convenience of explanation, only the parts related to the embodiments of the present invention are shown, and details of the specific technologies are not disclosed.
Further, the invention also provides a privacy calculation method.
In an embodiment of a privacy computation method according to the present invention, the privacy computation method may be applied to a privacy computation node, and the privacy computation node may include a service agent service and a communication agent service. Referring to fig. 4, the privacy calculation method in the embodiment of the present invention may include the following steps S201 to S202.
Step S201: and controlling the business agent service of the current privacy computing node to establish communication links with other privacy computing nodes through the communication agent service.
It should be noted that the meanings of the privacy computing node, the service agent service, and the communication agent service are similar to the meanings of the privacy computing node, the service agent service, and the communication agent service in the foregoing privacy computing node embodiment, and are not described herein again.
Step S202: and the same privacy calculation task is executed by the communication link and the service agent services of other privacy calculation nodes.
It should be noted that the meaning of the privacy computation task is similar to that of the privacy computation task in the foregoing privacy computation node embodiments, and is not described herein again.
The service agent service is only responsible for completing the privacy calculation task in the privacy calculation, and the communication tasks among different privacy calculation nodes are all completed by the communication agent service, so that the privacy calculation task and the communication task in the privacy calculation can be completely decoupled, the communication reliability among different privacy calculation nodes can be obviously improved, and the calculation logic of the service agent service in executing the privacy calculation task can be obviously simplified.
Further, in an implementation manner according to the embodiment of the present invention, the communication agent service of the current privacy computing node may be controlled to send the sub-tasks that need to be executed by the target privacy computing node when cooperatively executing the same privacy computing task, to the target privacy computing node that needs to establish a communication link with the current privacy computing node by performing the following steps 31 to 33:
step 31: and receiving a communication request sent by the service agent service of the current privacy computing node, wherein the communication request can comprise node information of the target privacy computing node and subtasks which need to be executed by the target privacy computing node when the same privacy computing task is cooperatively executed. Step 32: and determining the service address of the target communication agent service of the target privacy computing node according to the node information. Step 33: sending a first TLS connection request for establishing bidirectional authentication to a target communication agent service according to the service address, wherein the first TLS connection request can comprise a subtask in the communication request; after the current privacy computing node and the target privacy computing node perform bidirectional authentication on the first TLS connection request, the target communication agent service may be configured to send a subtask in the first TLS connection request to the service agent service of the target privacy computing node, so that the service agent service executes the subtask.
It should be noted that steps 31 to 33 are similar to steps 11 to 13 in the foregoing privacy computing node embodiment, and are not described again here.
Further, in an implementation manner according to the embodiment of the present invention, the communication agent service of the current privacy computing node may be controlled to receive the sub-tasks, which are sent by the target privacy computing node that establishes a communication link with the current privacy computing node and are required to be executed by the current privacy computing node when cooperatively executing the same privacy computing task, by performing the following steps 41 to 42:
step 41: and receiving a second TLS connection request for establishing bidirectional authentication sent by a target communication agent service of a target privacy computing node for establishing a communication link with the current privacy computing node, wherein the second TLS connection request can comprise subtasks which need to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed. Step 42: and after the current privacy computing node and the target privacy computing node complete bidirectional authentication on the second TLS connection request, sending the subtask in the second TLS connection request to the service agent service of the current privacy computing node so that the service agent service can execute the subtask. In addition, in the embodiment, the communication proxy service of the current privacy computing node may be controlled to receive the subtask sent by the target privacy computing node that establishes the communication link with the current privacy computing node based on the reverse proxy service technology.
It should be noted that steps 41 to 42 are similar to steps 21 to 22 in the foregoing privacy computing node embodiment, and are not described again here.
Further, in an implementation manner according to the embodiment of the present invention, the routing table may be queried according to node information of the target privacy computation node, and a service address of a target communication agent service of the target privacy computation node may be determined; the routing table stores node information of each privacy computation node and a service address of the communication agent service.
It should be noted that, although the foregoing embodiments describe each step in a specific sequence, those skilled in the art will understand that, in order to achieve the effect of the present invention, different steps do not necessarily need to be executed in such a sequence, and they may be executed simultaneously (in parallel) or in other sequences, and these changes are all within the protection scope of the present invention.
It will be understood by those skilled in the art that all or part of the flow of the method according to the above-described embodiment may be implemented by a computer program, which may be stored in a computer-readable storage medium and used to implement the steps of the above-described embodiments of the method when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable storage medium may include: any entity or device capable of carrying said computer program code, media, usb disk, removable hard disk, magnetic diskette, optical disk, computer memory, read-only memory, random access memory, electrical carrier wave signals, telecommunication signals, software distribution media, etc. It should be noted that the computer readable storage medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable storage media that does not include electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
Furthermore, the invention also provides a control device. In an embodiment of the control device according to the present invention, the control device comprises a processor and a storage device, the storage device may be configured to store a program for executing the privacy calculation method of the above-mentioned method embodiment, and the processor may be configured to execute the program in the storage device, the program including but not limited to the program for executing the privacy calculation method of the above-mentioned method embodiment. For convenience of explanation, only the parts related to the embodiments of the present invention are shown, and details of the specific techniques are not disclosed. The control device may be a control device apparatus formed including various electronic apparatuses.
Further, the invention also provides a computer readable storage medium. In one computer-readable storage medium embodiment according to the present invention, a computer-readable storage medium may be configured to store a program that executes the privacy computing method of the above-described method embodiment, and the program may be loaded and executed by a processor to implement the above-described privacy computing method. For convenience of explanation, only the parts related to the embodiments of the present invention are shown, and details of the specific techniques are not disclosed. The computer readable storage medium may be a storage device formed by including various electronic devices, and optionally, the computer readable storage medium is a non-transitory computer readable storage medium in the embodiment of the present invention.
Further, it should be understood that, since the configuration of each module is only for explaining the functional units of the apparatus of the present invention, the corresponding physical devices of the modules may be the processor itself, or a part of software, a part of hardware, or a part of a combination of software and hardware in the processor. Thus, the number of individual modules in the figures is merely illustrative.
Those skilled in the art will appreciate that the various modules in the apparatus may be adaptively split or combined. Such splitting or combining of specific modules does not cause the technical solutions to deviate from the principle of the present invention, and therefore, the technical solutions after splitting or combining will fall within the protection scope of the present invention.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of the present invention is obviously not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.
Claims (12)
1. A privacy compute node configured to perform the same privacy compute task in cooperation with other privacy compute nodes, each comprising a business proxy service and a communication proxy service;
the business agent service is configured to establish communication links with other privacy computing nodes through the communication agent service of the current privacy computing node, and execute the same privacy computing task in cooperation with the business agent services of other privacy computing nodes through the communication links.
2. The privacy computing node of claim 1, wherein the communication proxy service comprises a first communication processing module configured to:
receiving a communication request sent by a service agent service of a current privacy computing node, wherein the communication request comprises node information of a target privacy computing node needing to establish a communication link with the current privacy computing node and subtasks needing to be executed by the target privacy computing node when the same privacy computing task is cooperatively executed;
determining a service address of a target communication agent service of the target privacy computation node according to the node information;
sending a first TLS connection request for establishing bidirectional authentication to the target communication agent service according to the service address, wherein the first TLS connection request comprises a subtask in the communication request;
the target communication agent service is configured to send the subtask in the first TLS connection request to the service agent service of the target privacy computation node after the current privacy computation node and the target privacy computation node complete bidirectional authentication on the first TLS connection request, so that the service agent service can execute the subtask.
3. The privacy computing node of claim 1, wherein the communication proxy service comprises a second communication processing module configured to:
receiving a second TLS connection request for establishing bidirectional authentication, which is sent by a target communication agent service of a target privacy computing node establishing a communication link with a current privacy computing node, wherein the second TLS connection request comprises subtasks which need to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed;
and after the current privacy computing node and the target privacy computing node complete bidirectional authentication on the second TLS connection request, sending the subtask in the second TLS connection request to a service agent service of the current privacy computing node, so that the service agent service can execute the subtask.
4. The privacy computing node of claim 2, wherein the first communication processing module comprises a routing table, and the routing table stores node information of each privacy computing node and a service address of a communication proxy service; the first communication processing module is further configured to query the routing table according to the node information of the target privacy computation node, and determine a service address of a target communication agent service of the target privacy computation node.
5. The privacy computing node of claim 3, wherein the second communication processing module is a communication processing module constructed based on reverse proxy service technology.
6. A private computing system, characterized in that the system comprises a plurality of private computing nodes according to any of claims 1 to 5.
7. A privacy computation method is applied to a privacy computation node, wherein the privacy computation node comprises a business agent service and a communication agent service, and the method comprises the following steps:
and the business agent service controlling the current privacy computing node establishes a communication link with other privacy computing nodes through the communication agent service of the business agent service, and cooperatively executes the same privacy computing task with the business agent services of other privacy computing nodes through the communication link.
8. The privacy computing method of claim 7, further comprising controlling a communication agent service of the current privacy computing node to send a sub-task to a target privacy computing node that requires a communication link with the current privacy computing node to be executed when cooperatively executing the same privacy computing task, by performing the following steps:
receiving a communication request sent by a service agent service of a current privacy computing node, wherein the communication request comprises node information of a target privacy computing node and subtasks which need to be executed by the target privacy computing node when the same privacy computing task is cooperatively executed;
determining a service address of a target communication agent service of the target privacy computation node according to the node information;
sending a first TLS connection request for establishing bidirectional authentication to the target communication agent service according to the service address, wherein the first TLS connection request comprises a subtask in the communication request;
the target communication agent service is configured to send a subtask in the first TLS connection request to a service agent service of the target privacy computation node after the current privacy computation node and the target privacy computation node complete bidirectional authentication on the first TLS connection request, so that the service agent service executes the subtask;
and/or the presence of a gas in the gas,
the method also comprises the step of controlling the communication agent service of the current privacy computing node to receive subtasks which are sent by a target privacy computing node establishing a communication link with the current privacy computing node and need to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed, by executing the following steps:
receiving a second TLS connection request for establishing bidirectional authentication, which is sent by a target communication agent service of a target privacy computing node establishing a communication link with a current privacy computing node, wherein the second TLS connection request comprises subtasks which need to be executed by the current privacy computing node when the same privacy computing task is cooperatively executed;
and after the current privacy computing node and the target privacy computing node complete bidirectional authentication on the second TLS connection request, sending the subtask in the second TLS connection request to a service agent service of the current privacy computing node, so that the service agent service can execute the subtask.
9. The privacy computation method of claim 8, further comprising querying a routing table according to the node information of the target privacy computation node, and determining a service address of a target communication agent service of the target privacy computation node; and the routing table stores the node information of each privacy computing node and the service address of the communication agent service.
10. The privacy computation method of claim 8, further comprising controlling a communication proxy service of the current privacy computation node to receive a subtask sent by a target privacy computation node that establishes a communication link with the current privacy computation node based on a reverse proxy service technique.
11. A control apparatus comprising a processor and a storage device adapted to store a plurality of program codes, characterized in that the program codes are adapted to be loaded and run by the processor to perform the privacy calculation method of any one of claims 7 to 10.
12. A computer readable storage medium having stored therein a plurality of program codes, characterized in that said program codes are adapted to be loaded and run by a processor to perform the privacy computing method of any one of claims 7 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111409086.XA CN114172958B (en) | 2021-11-19 | 2021-11-19 | Privacy computing node, system, method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111409086.XA CN114172958B (en) | 2021-11-19 | 2021-11-19 | Privacy computing node, system, method, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114172958A true CN114172958A (en) | 2022-03-11 |
| CN114172958B CN114172958B (en) | 2023-10-20 |
Family
ID=80480566
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111409086.XA Active CN114172958B (en) | 2021-11-19 | 2021-11-19 | Privacy computing node, system, method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114172958B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024011826A1 (en) * | 2022-07-15 | 2024-01-18 | ***股份有限公司 | Privacy computing device, method and system, and electronic device and medium |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291467A (en) * | 2011-09-15 | 2011-12-21 | 电子科技大学 | Communication platform and method suitable for private cloud environment |
| CN103685175A (en) * | 2012-09-11 | 2014-03-26 | 腾讯科技(深圳)有限公司 | Method, proxy server and system for sharing logging status between application platform and application |
| CN104917782A (en) * | 2014-03-10 | 2015-09-16 | 上海奇博自动化科技有限公司 | Decentralized charging settlement method in cloud computing environment |
| CN105893158A (en) * | 2016-06-08 | 2016-08-24 | 北京工业大学 | Big data hybrid scheduling model on private cloud condition |
| CN108604202A (en) * | 2016-05-12 | 2018-09-28 | 华为技术有限公司 | The working node of parallel processing system (PPS) is rebuild |
| CN110213230A (en) * | 2019-04-26 | 2019-09-06 | 特斯联(北京)科技有限公司 | A kind of network security verification method and device for distributed communication |
| CN110401696A (en) * | 2019-06-18 | 2019-11-01 | 华为技术有限公司 | A kind of method, communication agent, host and the storage medium of decentralization processing |
| CN110673950A (en) * | 2019-08-23 | 2020-01-10 | 广东大杉网络科技有限公司 | Cloud computing task allocation method, device, equipment and storage medium |
| CN111047450A (en) * | 2020-03-18 | 2020-04-21 | 支付宝(杭州)信息技术有限公司 | Method and device for calculating down-link privacy of on-link data |
| CN112199734A (en) * | 2020-09-24 | 2021-01-08 | 北京冲量在线科技有限公司 | Multi-party data circulation system |
| CN112287380A (en) * | 2020-12-24 | 2021-01-29 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
| CN112395642A (en) * | 2020-11-20 | 2021-02-23 | 湖南智慧政务区块链科技有限公司 | Secure multi-party privacy calculation method, device, equipment and storage medium |
| CN112839065A (en) * | 2019-11-22 | 2021-05-25 | 北京小米移动软件有限公司 | Information processing method and device, first equipment and storage medium |
| CN112910870A (en) * | 2021-01-22 | 2021-06-04 | 西安电子科技大学 | Collaborative privacy computation data communication method based on block chain |
| US20210216902A1 (en) * | 2020-01-09 | 2021-07-15 | International Business Machines Corporation | Hyperparameter determination for a differentially private federated learning process |
| CN113434284A (en) * | 2021-08-27 | 2021-09-24 | 华控清交信息科技(北京)有限公司 | Privacy computation server side equipment, system and task scheduling method |
| CN113434269A (en) * | 2021-06-10 | 2021-09-24 | 湖南天河国云科技有限公司 | Block chain-based distributed privacy calculation method and device |
| CN113591113A (en) * | 2021-07-29 | 2021-11-02 | 华控清交信息科技(北京)有限公司 | Privacy calculation method, device and system and electronic equipment |
-
2021
- 2021-11-19 CN CN202111409086.XA patent/CN114172958B/en active Active
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291467A (en) * | 2011-09-15 | 2011-12-21 | 电子科技大学 | Communication platform and method suitable for private cloud environment |
| CN103685175A (en) * | 2012-09-11 | 2014-03-26 | 腾讯科技(深圳)有限公司 | Method, proxy server and system for sharing logging status between application platform and application |
| CN104917782A (en) * | 2014-03-10 | 2015-09-16 | 上海奇博自动化科技有限公司 | Decentralized charging settlement method in cloud computing environment |
| CN108604202A (en) * | 2016-05-12 | 2018-09-28 | 华为技术有限公司 | The working node of parallel processing system (PPS) is rebuild |
| CN105893158A (en) * | 2016-06-08 | 2016-08-24 | 北京工业大学 | Big data hybrid scheduling model on private cloud condition |
| CN110213230A (en) * | 2019-04-26 | 2019-09-06 | 特斯联(北京)科技有限公司 | A kind of network security verification method and device for distributed communication |
| CN110401696A (en) * | 2019-06-18 | 2019-11-01 | 华为技术有限公司 | A kind of method, communication agent, host and the storage medium of decentralization processing |
| CN110673950A (en) * | 2019-08-23 | 2020-01-10 | 广东大杉网络科技有限公司 | Cloud computing task allocation method, device, equipment and storage medium |
| CN112839065A (en) * | 2019-11-22 | 2021-05-25 | 北京小米移动软件有限公司 | Information processing method and device, first equipment and storage medium |
| US20210216902A1 (en) * | 2020-01-09 | 2021-07-15 | International Business Machines Corporation | Hyperparameter determination for a differentially private federated learning process |
| CN111047450A (en) * | 2020-03-18 | 2020-04-21 | 支付宝(杭州)信息技术有限公司 | Method and device for calculating down-link privacy of on-link data |
| CN112199734A (en) * | 2020-09-24 | 2021-01-08 | 北京冲量在线科技有限公司 | Multi-party data circulation system |
| CN112395642A (en) * | 2020-11-20 | 2021-02-23 | 湖南智慧政务区块链科技有限公司 | Secure multi-party privacy calculation method, device, equipment and storage medium |
| CN112287380A (en) * | 2020-12-24 | 2021-01-29 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
| CN112910870A (en) * | 2021-01-22 | 2021-06-04 | 西安电子科技大学 | Collaborative privacy computation data communication method based on block chain |
| CN113434269A (en) * | 2021-06-10 | 2021-09-24 | 湖南天河国云科技有限公司 | Block chain-based distributed privacy calculation method and device |
| CN113591113A (en) * | 2021-07-29 | 2021-11-02 | 华控清交信息科技(北京)有限公司 | Privacy calculation method, device and system and electronic equipment |
| CN113434284A (en) * | 2021-08-27 | 2021-09-24 | 华控清交信息科技(北京)有限公司 | Privacy computation server side equipment, system and task scheduling method |
Non-Patent Citations (2)
| Title |
|---|
| 余智欣;黄天戍;杨乃扩;汪阳;: "一种新型的分布式隐私保护计算模型及其应用", 西安交通大学学报, no. 08 * |
| 李凤华;李晖;贾焰;俞能海;翁健;: "隐私计算研究范畴及发展趋势", 通信学报, no. 04 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024011826A1 (en) * | 2022-07-15 | 2024-01-18 | ***股份有限公司 | Privacy computing device, method and system, and electronic device and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114172958B (en) | 2023-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11088854B2 (en) | Securing blockchain access through a gateway on behalf of a communication device | |
| CN110417558B (en) | Signature verification method and device, storage medium and electronic device | |
| CN108540536B (en) | Block chain-based network mass service processing method, equipment and storage medium | |
| KR102566892B1 (en) | Blockchain consensus method, device and system | |
| CA2716544C (en) | Method and system for providing network services | |
| CN108305170A (en) | External service access method, system, equipment and storage medium based on block chain | |
| CN110430288B (en) | Node access method, node access device, computer equipment and storage medium | |
| CN109669986A (en) | Blacklist sharing method, device, equipment and storage medium based on block chain | |
| CN112087502B (en) | Method, device and equipment for processing request and storage medium | |
| CN102792264A (en) | Routing requests for duplex applications | |
| CN109767200B (en) | Electronic payment method, device, system and storage medium | |
| US20170142111A1 (en) | Accessing local information based on a browser session | |
| CN114567643B (en) | Cross-blockchain data transfer method, device and related equipment | |
| CN110458559A (en) | Transaction data processing method, device, server and storage medium | |
| CN102143131B (en) | User logout method and authentication server | |
| CN110198265A (en) | Information processing method, system, device, equipment and medium | |
| CN1595890B (en) | Virtual connectivity with subscribe-notify service | |
| US11431800B2 (en) | Systems and methods for recording an indeterministic transaction on a distributed ledger network | |
| CN110096511B (en) | Data consistency verification method, device, equipment and medium based on private chain | |
| CN113452778B (en) | Session holding method, device, equipment, system and storage medium | |
| CN114172958A (en) | Private computing node, system, method, apparatus, and storage medium | |
| CN106874371A (en) | A kind of data processing method and device | |
| CN112860805A (en) | Block chain data interaction method and system | |
| da Costa et al. | Securing light clients in blockchain with DLCP | |
| WO2020004252A1 (en) | Number management system, number management method, and number management device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |