CN115021962A - Distributed trusted privacy computing system - Google Patents
Distributed trusted privacy computing system Download PDFInfo
- Publication number
- CN115021962A CN115021962A CN202210470744.4A CN202210470744A CN115021962A CN 115021962 A CN115021962 A CN 115021962A CN 202210470744 A CN202210470744 A CN 202210470744A CN 115021962 A CN115021962 A CN 115021962A
- Authority
- CN
- China
- Prior art keywords
- module
- node
- privacy
- data
- distributed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/46—Secure multiparty computation, e.g. millionaire problem
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a distributed trusted privacy computing system, which comprises a trusted privacy computing system and a distributed verification system; the distributed verification system comprises a node verification port module, a node identity verification module, an identity information storage module and an access record storage module, wherein the node verification port module is connected with the identity information storage module and the access record storage module through the node identity verification module. According to the trusted privacy computing system and the distributed verification system comprising the node verification port module, the node identity verification module, the identity information storage module and the access record storage module, before a visitor accesses the distributed verification system, the visitor accessing the privacy computing system is strictly supervised and recorded in the modes of node verification, node identity storage and node access record, so that the safety and the reliability of the distributed trusted privacy computing system are guaranteed.
Description
Technical Field
The invention belongs to the technical field of distributed trusted privacy computing systems, and particularly relates to a distributed trusted privacy computing system.
Background
Privacy computing (Privacy computing) refers to a technical set for realizing data analysis and computation on the premise of protecting data from being leaked outside, so that the purpose of 'availability and invisibility' of the data is achieved; under the premise of fully protecting data and privacy safety, the conversion and release of data value are realized. The privacy calculation is a calculation theory and a method facing privacy information full life cycle protection, and is a computable model and a rationalization system for privacy measurement, privacy leakage cost, privacy protection and privacy analysis complexity when ownership, management right and use right of privacy information are separated; compared with the traditional data use mode, the encryption mechanism of the Privacy computing (Privacy computer) can enhance the protection of data and reduce the data leakage risk. Thus, some countries and regions, including the european union, view this as one implementation of "data minimization". Meanwhile, the traditional data security means, such as data desensitization or anonymization, all need to sacrifice part of data dimensionality, so that data information cannot be effectively utilized, and privacy calculation provides another solution idea to ensure that the data value is maximized as much as possible on the premise of security. In the prior art, the security of private computing deployment in a technology related to the inside of a trusted private computing system is high, however, certain supervision problems exist for the access identity and the access record of the computing system accessing the trusted private computing system, and in order to strictly supervise the identity information and the access record of the visitor of the trusted private computing system and enhance the data security of the whole computing system, a distributed trusted private computing system is provided for solving the problems in the prior art.
Disclosure of Invention
The present invention is directed to provide a distributed trusted privacy computing system, wherein before accessing a distributed verification system, a visitor accessing the privacy computing system is strictly supervised and recorded by node verification, node identity storage and node access record, so as to solve the problems in the prior art set forth in the above background.
In order to achieve the purpose, the invention adopts the following technical scheme:
a distributed trusted privacy computing system comprises a trusted privacy computing system and a distributed verification system;
the distributed verification system comprises a node verification port module, a node identity verification module, an identity information storage module and an access record storage module, wherein the node verification port module is connected with the identity information storage module and the access record storage module through the node identity verification module;
the trusted privacy computing system comprises a node data acquisition module, a data function processing module, an objective function fitting module, a node distribution module, a relay node processing module, a distribution node docking module, a distribution piece integration module and a privacy computing result acquisition module, wherein the node data acquisition module, the data function processing module and the objective function fitting module are connected to the relay node processing module, the distribution node docking module, the distribution piece integration module and the privacy computing result acquisition module through the node distribution module.
Preferably, the identity information storage module is used for storing the identity data of the input node verification port module when a visitor of the trusted privacy computing system accesses the trusted privacy computing system, and the identity information stored in the identity information storage module can be modified and edited only by the identity information owner.
Preferably, the access record storage module is configured to store access records of all trusted privacy computing system visitors, and the access records in the access record storage module cannot be deleted.
Preferably, the access records in the access record storage module are stored in a distributed manner in a blockchain network of nodes, and the access records can be read through integration of multiple nodes.
Preferably, the node data obtaining module is configured to obtain distributed single-node data by a visitor, transmit the single-node data obtained by the node data obtaining module to the data function processing module, and the data function processing module is configured to process the data obtained by the node data obtaining module.
Preferably, the objective function fitting module is configured to perform objective function processing on data acquired by a single node, and transmit the data subjected to the objective function processing to the relay node processing module through the node allocation module.
Preferably, the node allocation module is configured to allocate data of single nodes, so that a certain number of single nodes correspond to the relay node, and the relay node processing module is provided with a plurality of modules, and performs docking with the corresponding number of single nodes and processing on the data of the single nodes, and transmits the processed data to the distribution node docking module.
Preferably, the distributed node docking module is configured to dock the plurality of relay node processing modules and acquire data processed by the plurality of relay nodes, the distributed node integration module is configured to integrate the plurality of relay node data acquired by the distributed node docking module and transmit the integrated data to the privacy calculation result acquisition module, and the privacy calculation result acquisition module is configured to directly display a data result of privacy calculation for an accessor.
Preferably, the privacy computation realizes the conversion and release of data value on the premise of fully protecting data and privacy safety, is a computation theory and method facing to the privacy information full life cycle protection, and is a computable model and a rationalization system for privacy measurement, privacy leakage cost, privacy protection and privacy analysis complexity when ownership, management right and use right of the privacy information are separated.
Preferably, the privacy computation is a cross fusion technology covering a plurality of disciplines, and currently, the mainstream privacy computation technologies are mainly classified into three types: the first is a cryptography-based privacy computing technique represented by multiparty secure computing; the second type is a technology derived by fusing artificial intelligence represented by federal learning and a privacy protection technology; the third category is trusted hardware-based private computing technologies typified by trusted execution environments; different technologies are often used in combination, so that the tasks of calculating and analyzing data are completed while the safety and privacy of the original data are ensured.
The invention has the technical effects and advantages that: compared with the prior art, the distributed trusted privacy computing system provided by the invention has the following advantages:
before the visitor accesses the distributed verification system, strict supervision and recording are carried out on the visitor accessing the privacy computing system in a node verification, node identity storage and node access record mode, so that the safety and reliability of the distributed credible privacy computing system are guaranteed; the distributed credible privacy computing system realizes the conversion and release of data value on the premise of fully protecting data and privacy safety, and the privacy computation is a computing theory and method facing to the privacy information full life cycle protection, and is a computable model and a rationalization system for privacy measurement, privacy leakage cost, privacy protection and privacy analysis complexity when ownership, management right and use right of the privacy information are separated.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and drawings.
Drawings
FIG. 1 is a system block diagram of a distributed trusted privacy computing system of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The specific embodiments described herein are merely illustrative of the invention and do not delimit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The present invention provides an embodiment as shown in fig. 1:
a distributed trusted privacy computing system comprises a trusted privacy computing system and a distributed verification system;
the distributed verification system comprises a node verification port module, a node identity verification module, an identity information storage module and an access record storage module, wherein the node verification port module is connected with the identity information storage module and the access record storage module through the node identity verification module;
the trusted privacy computing system comprises a node data acquisition module, a data function processing module, an objective function fitting module, a node distribution module, a relay node processing module, a distribution node docking module, a distribution part integration module and a privacy computing result acquisition module, wherein the node data acquisition module, the data function processing module and the objective function fitting module are connected to the relay node processing module, the distribution node docking module, the distribution part integration module and the privacy computing result acquisition module through the node distribution module.
The node data acquisition module is used for an accessor to acquire distributed single-node data, the single-node data acquired by the node data acquisition module is transmitted to the data function processing module, and the data function processing module is used for processing the data acquired by the node data acquisition module; the target function fitting module is used for carrying out target function processing on the data acquired by the single node, and meanwhile, the data processed by the target function is transmitted to the relay node processing module through the node distribution module.
The node distribution module is used for distributing the data of the single nodes to enable a certain number of the single nodes to correspond to the relay nodes, the relay node processing module is provided with a plurality of modules which are butted with the corresponding number of the single nodes and process the data of the single nodes, and the processed data are transmitted to the distribution node butting module.
The distributed node docking module is used for docking the relay node processing modules and acquiring data processed by the relay nodes, the distributed node integration module is used for integrating the relay node data acquired by the distributed node docking module and transmitting the integrated data to the privacy calculation result acquisition module, and the privacy calculation result acquisition module is used for directly displaying the data result of privacy calculation for the visitor.
The identity information storage module is used for storing the identity data of the input node verification port module when a visitor of the trusted privacy computing system accesses the trusted privacy computing system, and only identity information stored in the identity information storage module can be modified and edited by the identity information owner.
The access record storage module is used for storing the access records of all the credible privacy computing system visitors, and the access records in the access record storage module cannot be deleted.
The access records in the access record storage module are stored in a block chain network of nodes in a distributed mode, and can be read through multi-node integration.
The privacy calculation realizes the conversion and release of data value on the premise of fully protecting data and privacy safety, is a calculation theory and method facing to the privacy information full life cycle protection, and is a calculable model and a rationalization system for privacy measurement, privacy leakage cost, privacy protection and privacy analysis complexity when the ownership, management right and use right of the privacy information are separated; the privacy computation is a cross fusion technology covering a plurality of disciplines, and the current mainstream privacy computation technologies are mainly divided into three categories: the first is a cryptography-based privacy computing technique represented by multiparty secure computing; the second type is a technology derived by fusing artificial intelligence represented by federal learning and a privacy protection technology; the third category is trusted hardware-based private computing technologies typified by trusted execution environments; different technologies are often used in combination, so that the tasks of calculating and analyzing data are completed while the safety and privacy of the original data are ensured.
In summary, the trusted privacy computing system and the distributed verification system comprising the node verification port module, the node identity verification module, the identity information storage module and the access record storage module perform strict supervision and record on the visitor accessing the privacy computing system in the modes of node verification, node identity storage and node access record before the visitor accesses the distributed verification system, so that the safety and reliability of the distributed trusted privacy computing system are ensured; the distributed credible privacy computing system realizes the conversion and release of data value on the premise of fully protecting data and privacy safety, and the privacy computation is a computing theory and method facing to the privacy information full life cycle protection, and is a computable model and a rationalization system for privacy measurement, privacy leakage cost, privacy protection and privacy analysis complexity when ownership, management right and use right of the privacy information are separated.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments or portions thereof without departing from the spirit and scope of the invention.
Claims (10)
1. A distributed trusted privacy computing system, comprising:
a trusted privacy computing system and a distributed verification system;
the distributed verification system comprises a node verification port module, a node identity verification module, an identity information storage module and an access record storage module, wherein the node verification port module is connected with the identity information storage module and the access record storage module through the node identity verification module;
the trusted privacy computing system comprises a node data acquisition module, a data function processing module, an objective function fitting module, a node distribution module, a relay node processing module, a distribution node docking module, a distribution part integration module and a privacy computing result acquisition module, wherein the node data acquisition module, the data function processing module and the objective function fitting module are connected to the relay node processing module, the distribution node docking module, the distribution part integration module and the privacy computing result acquisition module through the node distribution module.
2. A distributed trusted privacy computing system as claimed in claim 1, wherein: the identity information storage module is used for storing the identity data of the input node verification port module when a visitor of the trusted privacy computing system accesses the trusted privacy computing system, and only identity information stored in the identity information storage module can be modified and edited by the identity information owner.
3. A distributed trusted privacy computing system as claimed in claim 1, wherein: the access record storage module is used for storing the access records of all the credible privacy computing system visitors, and the access records in the access record storage module cannot be deleted.
4. A distributed trusted privacy computing system as claimed in claim 3, wherein: the access records in the access record storage module are stored in a block chain network of nodes in a distributed mode, and can be read through multi-node integration.
5. A distributed trusted privacy computing system as claimed in claim 1, wherein: the node data acquisition module is used for a visitor to acquire distributed single-node data, the single-node data acquired by the node data acquisition module is transmitted to the data function processing module, and the data function processing module is used for processing the data acquired by the node data acquisition module.
6. The distributed trusted privacy computing system of claim 5, wherein: the target function fitting module is used for carrying out target function processing on the data acquired by the single node, and meanwhile, the data processed by the target function is transmitted to the relay node processing module through the node distribution module.
7. The distributed trusted privacy computing system of claim 6, wherein: the node distribution module is used for distributing the data of the single nodes, enabling a certain number of the single nodes to correspond to the relay nodes, the relay node processing module is provided with a plurality of single nodes which are butted with the corresponding number of the single nodes and process the data of the single nodes, and the processed data are transmitted to the distribution node butting module.
8. The distributed trusted privacy computing system of claim 7, wherein: the distributed node docking module is used for docking the relay node processing modules and acquiring data processed by the relay nodes, the distributed node integration module is used for integrating the relay node data acquired by the distributed node docking module and transmitting the integrated data to the privacy calculation result acquisition module, and the privacy calculation result acquisition module is used for directly displaying the data result of privacy calculation for the visitor.
9. A distributed trusted privacy computing system as claimed in claim 1, wherein: the privacy calculation realizes the conversion and release of data value on the premise of fully protecting data and privacy security, is a calculation theory and method for privacy information full life cycle protection, and is a calculable model and an axiomatic system for privacy measurement, privacy leakage cost, privacy protection and privacy analysis complexity when the ownership, management right and use right of the privacy information are separated.
10. A distributed trusted privacy computing system as claimed in claim 9, wherein: the privacy computation is a cross fusion technology covering a plurality of disciplines, and the current mainstream privacy computation technologies are mainly divided into three categories: the first is a cryptography-based privacy computing technique represented by multiparty secure computing; the second type is a technology derived by fusing artificial intelligence represented by federal learning and a privacy protection technology; the third category is trusted hardware-based private computing technologies typified by trusted execution environments; different technologies are often used in combination, so that the tasks of calculating and analyzing data are completed while the safety and privacy of the original data are ensured.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210470744.4A CN115021962B (en) | 2022-04-28 | 2022-04-28 | Distributed trusted privacy computing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210470744.4A CN115021962B (en) | 2022-04-28 | 2022-04-28 | Distributed trusted privacy computing system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115021962A true CN115021962A (en) | 2022-09-06 |
| CN115021962B CN115021962B (en) | 2023-08-22 |
Family
ID=83067940
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210470744.4A Active CN115021962B (en) | 2022-04-28 | 2022-04-28 | Distributed trusted privacy computing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115021962B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112380578A (en) * | 2020-11-20 | 2021-02-19 | 天翼电子商务有限公司 | Edge computing framework based on block chain and trusted execution environment |
| US20210326868A1 (en) * | 2020-08-31 | 2021-10-21 | Alipay (Hangzhou) Information Technology Co., Ltd. | Information sharing methods and systems |
| CN114020841A (en) * | 2021-11-03 | 2022-02-08 | 广州广电运通金融电子股份有限公司 | Data sharing system, method, storage medium and equipment |
| CN114036583A (en) * | 2021-10-27 | 2022-02-11 | 浙江数秦科技有限公司 | Asynchronous privacy calculation method based on intelligent contract |
-
2022
- 2022-04-28 CN CN202210470744.4A patent/CN115021962B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210326868A1 (en) * | 2020-08-31 | 2021-10-21 | Alipay (Hangzhou) Information Technology Co., Ltd. | Information sharing methods and systems |
| CN112380578A (en) * | 2020-11-20 | 2021-02-19 | 天翼电子商务有限公司 | Edge computing framework based on block chain and trusted execution environment |
| CN114036583A (en) * | 2021-10-27 | 2022-02-11 | 浙江数秦科技有限公司 | Asynchronous privacy calculation method based on intelligent contract |
| CN114020841A (en) * | 2021-11-03 | 2022-02-08 | 广州广电运通金融电子股份有限公司 | Data sharing system, method, storage medium and equipment |
Non-Patent Citations (1)
| Title |
|---|
| 顾绵雪: "基于区块链的多方可验证隐私保护记录链接机制研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115021962B (en) | 2023-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106528775B (en) | Private block chain operation support system supporting logic multi-chain and working method thereof | |
| CN105184166A (en) | Kernel-based Android application real-time behavior analysis method and system | |
| CN110661861A (en) | Wisdom logistics business system | |
| Longley et al. | Data And Computer Security: A Dictionary Of Terms And Concepts | |
| CN111639914A (en) | Block chain case information management method and device, electronic equipment and storage medium | |
| CN110933040B (en) | Block chain based data uplink method, device, equipment and medium | |
| CN112532718A (en) | Block chain based offshore equipment data sharing system, method and medium | |
| CN116168820A (en) | Medical data interoperation method based on virtual integration and blockchain fusion | |
| US11113385B2 (en) | Communicating trace information between security zones | |
| WO2022059826A1 (en) | Digital twin environment-based convergence-type smart-iot connected middleware device, and method for providing same | |
| CN110096542A (en) | Data verification processing method, device, system and the medium of decentralization | |
| Akilal et al. | An improved forensic-by-design framework for cloud computing with systems engineering standard compliance | |
| El-Din et al. | Information integrity for multi-sensors data fusion in smart mobility | |
| CN109711849B (en) | Ether house address portrait generation method and device, electronic equipment and storage medium | |
| CN113612766B (en) | Data management device, method, computer equipment and storage medium | |
| CN109325360B (en) | Information management method and device | |
| CN115021962A (en) | Distributed trusted privacy computing system | |
| CN117812094A (en) | Data sharing method and system based on Internet of things equipment | |
| CN117061165A (en) | Safety protection system based on space-time data lake technology of monitoring and control system | |
| CN105678176A (en) | Mandatory access control method under virtual environment | |
| CN102420856B (en) | Data processing method and equipment | |
| US11763014B2 (en) | Production protection correlation engine | |
| Laufer et al. | Modelling data protection in fog computing systems using UMLsec and SysML-Sec | |
| CN104243197B (en) | Data transmission method, system and virtual memory gateway | |
| CN208637143U (en) | Customer information control system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |