Summary of the invention
The embodiment of the present application provides a kind of distributed data security application method, system and electronic equipment, existing to solve
Some data application modes, for achieve the purpose that data using data ownership side and after migrating concentration, existing data safety
The problem of obtaining tight effective guarantee is all difficult to information privacy.
In order to solve the above technical problems, the embodiment of the present application is achieved in that
In a first aspect, proposing a kind of distributed data security application method, which comprises
The management node of distributed data security application system is requested according to the distributed computing of data application party in request, to
At least one calculate node of the distributed data security application system sends sub- computation requests, and the calculate node is returned
The calculated result returned feeds back to the data application party in request;Wherein, the sub- computation requests are for requesting the calculate node
The target data of invocation target submodel and data ownership side is calculated, and the target submodel is to the distributed computing
Corresponding entire mathematical model is requested to split, the target data is the target stored in the calculate node
Model data required when calculating;
The calculate node calls the target submodel and the target data to calculate in response to the sub- computation requests
The calculated result is obtained, and returns to the calculated result to the management node.
Second aspect proposes a kind of distributed data security application system, and the system comprises management nodes and multiple
Calculate node;
The management node, for being requested according to the distributed computing of data application party in request, to meter described at least one
Operator node sends sub- computation requests, and the calculated result that the calculate node returns is fed back to the data application party in request;
Wherein, the sub- computation requests for request the target data of the calculate node invocation target submodel and data ownership side into
Row calculates, and the target submodel is to request corresponding entire mathematical model to split the distributed computing, described
Target data is data required when the target submodel stored in the calculate node calculates;
The calculate node, for calling the target submodel and the number of targets in response to the sub- computation requests
According to being calculated the calculated result, and the calculated result is returned to the management node.
The third aspect proposes a kind of data safety application method, the meter applied to distributed data security application system
Operator node, which comprises
In response to the sub- computation requests of the management node from the distributed data security application system, invocation target
Calculated result is calculated in the target data of model and data ownership side;Wherein, the sub- computation requests are the management nodes
It is sent according to the request of the distributed computing of data application party in request, the target submodel is requested the distributed computing
What corresponding entire mathematical model was split, the target data is the target submodel stored in the calculate node
Required data when calculating;
The calculated result is returned to the management node, so that the calculated result is fed back to institute by the management node
State data application party in request.
Fourth aspect proposes a kind of data safety application method, the pipe applied to distributed data security application system
Manage node, which comprises
It is requested according to the distributed computing of data application party in request, Xiang Suoshu distributed data security application system is at least
One calculate node sends sub- computation requests;Wherein, the sub- computation requests are for requesting calculate node invocation target
The target data of model and data ownership side is calculated, and the target submodel is corresponding to distributed computing request
What entire mathematical model was split, when the target data is that the target submodel stored in the calculate node calculates
Required data;
The calculated result that the calculate node is returned feeds back to the data application party in request.
5th aspect, provides a kind of data safety application apparatus, the meter applied to distributed data security application system
Operator node, described device include:
Data computation module, based on the son in response to the management node from the distributed data security application system
It calculates and requests, calculated result is calculated in the target data of invocation target submodel and data ownership side;Wherein, the sub- calculating is asked
Management node described in Seeking Truth is sent according to the request of the distributed computing of data application party in request, and the target submodel is to institute
Stating distributed computing requests corresponding entire mathematical model to split, and the target data is stored in the calculate node
The target submodel required data when calculating;
Result return module, for returning to the calculated result to the management node, so that the management node is by institute
It states calculated result and feeds back to the data application party in request.
6th aspect, provides a kind of data safety application apparatus, the pipe applied to distributed data security application system
Node is managed, described device includes:
Request sending module, for being requested according to the distributed computing of data application party in request, Xiang Suoshu distributed data
At least one calculate node of security application system sends sub- computation requests;Wherein, the sub- computation requests are described for requesting
The target data of calculate node invocation target submodel and data ownership side is calculated, and the target submodel is to described point
The corresponding entire mathematical model of cloth computation requests is split, and the target data is the institute stored in the calculate node
State data required when target submodel calculates;
As a result feedback module, the calculated result for returning to the calculate node, feeds back to the data application
Party in request.
7th aspect, proposes a kind of electronic equipment, comprising:
Processor;And
It is arranged to the memory of storage computer executable instructions, the executable instruction makes the place when executed
It manages device and executes following operation:
In response to the sub- computation requests of the management node from the distributed data security application system, invocation target
Calculated result is calculated in the target data of model and data ownership side;Wherein, the sub- computation requests are the management nodes
It is sent according to the request of the distributed computing of data application party in request, the target submodel is requested the distributed computing
What corresponding entire mathematical model was split, the target data is the target submodel stored in the calculate node
Required data when calculating;
The calculated result is returned to the management node, so that the calculated result is fed back to institute by the management node
State data application party in request.
Eighth aspect proposes a kind of computer readable storage medium, the computer-readable recording medium storage one
Or multiple programs, one or more of programs are when the electronic equipment for being included multiple application programs executes, so that the electricity
Sub- equipment executes following operation:
In response to the sub- computation requests of the management node from the distributed data security application system, invocation target
Calculated result is calculated in the target data of model and data ownership side;Wherein, the sub- computation requests are the management nodes
It is sent according to the request of the distributed computing of data application party in request, the target submodel is requested the distributed computing
What corresponding entire mathematical model was split, the target data is the target submodel stored in the calculate node
Required data when calculating;
The calculated result is returned to the management node, so that the calculated result is fed back to institute by the management node
State data application party in request.
9th aspect, proposes a kind of electronic equipment, comprising:
Processor;And
It is arranged to the memory of storage computer executable instructions, the executable instruction makes the place when executed
It manages device and executes following operation:
In response to the sub- computation requests of the management node from the distributed data security application system, invocation target
Calculated result is calculated in the target data of model and data ownership side;Wherein, the sub- computation requests are the management nodes
It is sent according to the request of the distributed computing of data application party in request, the target submodel is requested the distributed computing
What corresponding entire mathematical model was split, the target data is the target submodel stored in the calculate node
Required data when calculating;
The calculated result is returned to the management node, so that the calculated result is fed back to institute by the management node
State data application party in request.
Tenth aspect, proposes a kind of computer readable storage medium, the computer-readable recording medium storage one
Or multiple programs, one or more of programs are when the electronic equipment for being included multiple application programs executes, so that the electricity
Sub- equipment executes following operation:
In response to the sub- computation requests of the management node from the distributed data security application system, invocation target
Calculated result is calculated in the target data of model and data ownership side;Wherein, the sub- computation requests are the management nodes
It is sent according to the request of the distributed computing of data application party in request, the target submodel is requested the distributed computing
What corresponding entire mathematical model was split, the target data is the target submodel stored in the calculate node
Required data when calculating;
The calculated result is returned to the management node, so that the calculated result is fed back to institute by the management node
State data application party in request.
As can be seen from the technical scheme provided by the above embodiments of the present application, scheme provided by the embodiments of the present application at least have as
A kind of lower technical effect: it due to being the entire mathematical model that will be run on the server of data application party in request originally, splits
Deployment is called in the calculate node of the data distribution formula data safety application system of storing data ownership side by calculate node
Relevant data are completed to calculate, and avoid the migration of related data, therefore can make the data safety and information of data ownership side
Secrecy obtains tight effective guarantee.
Specific embodiment
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with the application specific embodiment and
Technical scheme is clearly and completely described in corresponding attached drawing.Obviously, described embodiment is only the application one
Section Example, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing
Every other embodiment obtained under the premise of creative work out, shall fall in the protection scope of this application.
In order to solve existing data application mode, concentration is migrated to achieve the purpose that the data using data ownership side
Afterwards, existing data safety and information privacy are all difficult to the problem of obtaining effective guarantee, and this specification embodiment provides a kind of point
Cloth data safety application method, distributed data security application system, data safety application method, data safety application dress
It sets, electronic equipment and computer storage medium.
A kind of distributed data security application system first provided below one embodiment of this specification is introduced.
As shown in Figure 1, as an example, distributed data security application system that this specification embodiment provides can be with
It include: management node 1 and multiple calculate nodes 3, it includes the first calculating section that distributed data security application system is shown in Fig. 1
Point the 31, second calculate node 32, third calculate node 33 to calculate node 3n, wherein n is positive integer.Wherein, management node 1 with
Multiple calculate nodes 3 are separately connected.
Optionally, distributed data security application system shown in FIG. 1 can also include data application server 2 and data
Ownership side's client 4, data application server 2 and data ownership side client 4 are connect with management node 1 respectively.
Wherein, management node 1 also can be regarded as an intermediate clothes between data application server 2 and calculate node 3
Business device, for realizing the indirect communication or data interaction, management node 1 and number between data application server 2 and calculate node 3
According between application server 2 can direct communication, management node 1 and calculate node 3 can also direct communications.
Wherein, data application server 2 can be the server of data application party in request B, for data application party in request
B accesses management node 1, the need that there are data application party in request B the data applied storage in calculate node 3 to carry out relevant calculation
It asks.
Wherein, calculate node 3 can be the data storage server of data ownership side (or data providing) A;Or
It can be server (such as cloud of data storage third party C (third party other than data ownership side and data application party in request)
Hold server), wherein being stored with the data of data ownership side A.It is different when calculate node 3 is the server of data ownership side A
Calculate node 3 can be the server of difference department, data ownership side, for example, the first calculate node 31 can be department one
Server, the second calculate node 32 can be the server of department two, and calculate node 33 can be the server of department three, etc.
Deng.In addition, a part of calculate node 3 can be data ownership side A in distributed data security application system shown in Fig. 1
Server, and another part calculate node 3 can be data storage third party C server, for example, the first calculate node 31
It can be the server of data ownership side A, the second calculate node 32 can be the server of data storage third party C.
In practical applications, management node 1 can be data ownership side A, data application party in request B and distributed computing clothes
The server for either one in quotient D of being engaged in.When management node 1 be data ownership side A server when, management node 1 can simultaneously with
The data application server 2 of one or more data application party in request B connects;When management node 1 is data application party in request B's
When server, management node 1 can be connect with the calculate node 3 of one or more data ownership side A simultaneously, and can be simultaneously
It is connect with the calculate node 3 of one or more data ownership side A or data storage third party C;When management node 1 is distribution
When calculating the server of service provider D, management node 1 can data application with one or more data application party in request B simultaneously
Server 2 connects, and connect with the calculate node 3 of one or more data ownership side A, and weighs with one or more data
The calculate node 3 of category side A or data storage third party C connect.
In a detailed embodiment, if data application party in request B wants to carry out using the data of data ownership side A
It calculates, as shown in Figure 1, distributed data security application system can include: management node 1, data application server 2 and multiple meters
Operator node 3.
The data application server 2 can be used for data application party in request B to the management node 1 and send distributed meter
Calculate request.
Wherein, the distributed computing request can be what data application party in request B was determined according to actual calculating demand,
Distributed computing request is corresponding with the entire mathematical model of data application party in request B.
The management node 1 can be used for being requested according to the distributed computing of data application party in request B, to the distribution
At least one calculate node 3 of data safety application system sends sub- computation requests, and the calculating that the calculate node 3 is returned
As a result the data application party in request B is fed back to.
Wherein, the sub- computation requests are used to request the calculate node invocation target submodel and data ownership side A
Target data is calculated, and the target submodel is to request corresponding entire mathematical model to split the distributed computing
It arrives, the target data is data required when the target submodel stored in the calculate node calculates.
In one embodiment, target submodel can be previously deployed in calculate node by data application party in request B.?
That is, the calculate node 3 can be also used for receiving and respond before management node 1 sends sub- computation requests to calculate node 3
Model deployment request, the model deployment request is for requesting the data application party in request B to the entire mathematical model
The target submodel split, is deployed in the calculate node 3.Specifically, data application party in request B can be with
It requests corresponding entire mathematical model to split distributed computing in advance, obtains at least one submodel, and according to each son
At least one described submodel, is deployed in the calculating for being stored with corresponding target data by model target data required when calculating
In node 3.
In another embodiment, calculate node can be after responding the sub- computation requests, (such as from given server
1 place server of management node) in downloading obtain the target submodel for call.Specifically, data application party in request B can
To request corresponding entire mathematical model to split distributed computing in advance, at least one submodel is obtained, and be stored in
It is downloaded in given server for calculate node.
Wherein, management node 1 is particularly used in and feeds back calculating to data application party in request B by data application server 2
As a result.
The calculate node 3 can be used for calling the target submodel and the target in response to the sub- computation requests
The calculated result is calculated in data, and returns to the calculated result to the management node 1.
It is appreciated that distributed data security application system provided in this embodiment, it will be originally in data application party in request B
Data application server 2 on the entire mathematical model that runs, split deployment the one of distributed data security application system
In a or multiple calculate nodes 3, the related data of data ownership side is stored in the one or more calculate node 3, and by this
One or more calculate nodes 3 call relevant data to substitute into and complete to calculate in the submodel of deployment, it can thus be avoided data
The migration of the related data of ownership side A, and then it is tight effective that the data safety of data ownership side A and information privacy can be made to obtain
Guarantee.This specification embodiment provide this technical solution, can be visually known as " initial data is stayed indoor, calculate
As a result data application mode for reference ".
In addition, being independent of each other since each calculate node 3 carries out alone respective calculating, therefore not only can be to avoid number
It is migrated according to the data of ownership side A to data application party in request B, the trans-departmental migration of data of data ownership side A can also be avoided, into
One step has ensured the data safety and information privacy of data ownership side A.
In a more detailed embodiment, if data application party in request B wants the data using data ownership side A
It is calculated, as shown in Figure 1, distributed data security application system can include: management node 1, data application server 2, more
A calculate node 3 and data ownership side client 4.
The calculate node 3, can be used for receiving and response model disposes request, and the model deployment request will for request
The target submodel that the data application party in request B splits the entire mathematical model is deployed to described
In calculate node 3.
That is, data application party in request B can request corresponding entire mathematical model to be torn open distributed computing in advance
Point, required target data when obtaining at least one submodel, and being calculated according to each submodel will at least one described submodel
It is deployed in the calculate node 3 for being stored with corresponding target data.
If data application party in request B needs to be calculated using the data of data ownership side A, data application party in request B
The corresponding entire mathematical model of calculating demand be Z=fx(a, b ..., x), wherein Z indicates final calculated result, a,
B ..., x indicates the required target data of entire mathematical model.It can then be split are as follows: Z=fx(fx(a),fx
(b),…,fx(x)), wherein fx(a),fx(b),…,fx(x) it indicates to split obtained multiple submodels, it can be by fx(a),fx
(b),…,fx(x) it is deployed in respectively in one or more calculate nodes 3 of data ownership side A or data storage third party C,
These calculate nodes 3 are stored with the target data for needing to call when the submodel disposed calculates.
If specifically, Z=fx(fx(a),fx(b),fxIt (x)), as shown in Figure 1, can be by submodel fx(a) it is deployed in and deposits
It contains in the first calculate node 31 (server that can be the department one of data ownership side A) of data a, by submodel fx(b)
It is deployed in the second calculate node 32 (server that can be the department two of data ownership side A) for being stored with data b, by submodule
Type fx(x) it is deployed in the third calculate node 33 (server that can be data storage third party C) for being stored with data x.
Data ownership side client 4 can be used for data ownership side A to the management node 1 and send the data power
The authorized order of category side A, the authorized order, which is used to indicate the data application party in request B, to be had using the target data
Permission.
For example, data ownership side A can send authorized order to management node 1 by data ownership side client 4, so that
Obtain the permission for the target data that data application demand side B is obtained using data ownership side A.
Wherein, authorized order can be electronic authorization agreement for being communicated or being authenticated with calculate node 3, authorization code
Or key etc., to ensure that data application party in request B requests using the behavior that target data is calculated to be lawful acts.
The data application server 2 can be used for data application party in request B and pass through data application server to the management
Node 1 sends distributed computing request, and the distributed computing request is for requesting the calculating for realizing data application party in request B to need
It asks;Finally receive the calculated result that the management node 1 is fed back.
The management node 1 can be used for that the authorized order is first forwarded to the calculate node 3, so that data application
Party in request B obtains the ultimate authority for using target data;Then it is requested according to the distributed computing of data application party in request B, to
At least one described calculate node 3 sends sub- computation requests, and the calculated result that the calculate node 3 returns is fed back to described
Data application party in request B.
For example, management node 1 can give the first calculate node first by the authorized order from authorization ownership side's client 4
31, the second calculate node 32 and third calculate node 33 forward portion respectively;Then, number is passed through according to data application party in request B
The distributed computing that entire mathematical model Z is calculated is substituted into according to the data by data ownership side A that application server 2 is sent to ask
It asks, respectively to the first calculate node 31, the second calculate node 32 and third calculate node 33, sends the mesh of data ownership side A
Mark data a, b and x substitute into submodel f respectivelyx(a)、fx(b) and fx(x) the sub- computation requests calculated.
Further, as an example, the management node 1, is particularly used according to the entire mathematical model pair
The calculated result that at least one described calculate node 3 returns is summarized, and summarized results is fed back to the data application demand
Square B.
Alternatively, as another example, the management node 1 is particularly used in and returns at least one described calculate node
The calculated result returned, is fed directly to the data application party in request B.
Alternatively, as another example, the management node 1 is particularly used in and returns at least one described calculate node
The calculated result returned is processed using predetermined manner, and the calculated result after working process is fed back to the data application
Party in request B.Wherein, predetermined manner can be other working process modes in addition to summarizing.
The calculate node 3 can be used for calling the target submodel and the target in response to the sub- computation requests
The calculated result is calculated in data, and returns to the calculated result to the management node 1.
For example, the first calculate node 31, can substitute into submodel f with invocation target data ax(a) calculated result z1 is obtained in,
And z1 is returned into management node 1;Second calculate node 32 can substitute into submodel f with invocation target data bx(b) meter is obtained in
Result z2 is calculated, and z2 is returned into management node 1;Third calculate node 33 can substitute into submodel f with invocation target data xx
(x) calculated result zx is obtained in, and zx is returned into management node 1.
Further, management node 1 can be according to Z=fx(fx(a),fx(b),fx(x)), to the calculated result received
Z1, z2 and zx summarized and/or the working process of other forms after, obtain final calculation result, and be transferred to data application
Server 2.Alternatively, z1, z2 and zx can be fed directly to data application server 2 by management node 1.
Optionally, final calculation result can also be fed back to data ownership side client 4 by management node 1, so that data
Ownership side A realizes the trace management of the data possessed it, i.e., trace that is data are called or using is recorded, for data
Ownership side A consults at any time, audits.
According to a kind of explanation of the distributed data security application system provided above this specification embodiment it is found that originally
The distributed data security application system that specification embodiment provides, can obtain it is following at least one the utility model has the advantages that
(1) it due to being the entire mathematical model that will be run on data application server originally, splits deployment and is being distributed
In one or more calculate nodes of formula data safety application system, is called and itself stored by the one or more calculate node
Related data is completed to calculate, and avoids the migration of related data, therefore the data safety of data ownership side and information can be made to protect
It is close to obtain tight effective guarantee.
(2) it since each calculate node carries out alone respective calculating, is independent of each other, therefore can not only be weighed to avoid data
The data of category side are migrated to data application party in request, can also avoid the trans-departmental migration of the data of data ownership side, are further protected
The safety of the data of data ownership side is hindered.
(3) after the calculated result that each calculate node returns being fed back to data application server due to management node, to number
It is also fed back according to the client of ownership side, therefore data ownership side can be made to realize the trace management of data, facilitate data
Ownership side traces the applicating history of owned data.
(4) the data dispersion of data ownership side is stored in the different calculate nodes of distributed data security application system,
Form the data storage architecture that is securely distributed, avoid the centrally stored risk of data, can be effectively reduced data confidentiality at
This.
(5) application due to data application party in request to the data of data ownership side will pass through the authorization of data ownership side,
Therefore it can further guarantee the data safety and information privacy of data ownership side.
(6) due to the application for the data being stored in data ownership side in any calculate node, all pacified by distributed data
The management node control of full application system a, it is thereby achieved that key is turned off or on to data ownership side in management node
Data calling function.
It is to a kind of explanation of distributed data security application system provided in an embodiment of the present invention, in above-mentioned distribution above
On the basis of formula data safety application system, the embodiment of the invention also provides a kind of data application methods, are described below.
It should be noted that since following data application methods is opposite with distributed data application method above
It answers, therefore hereafter more brief to the description of data application method, related place can refer to above to distributed data safety
The explanation of application method.
As shown in Fig. 2, a kind of distributed data security application method that one embodiment of this specification provides, Ke Yiying
With in distributed data security application system as shown in Figure 1, this method be may include steps of:
Step 201, the management node of distributed data security application system are counted according to the distribution of data application party in request
Request is calculated, at least one calculate node of Xiang Suoshu distributed data security application system sends sub- computation requests, and will be described
The calculated result that calculate node returns feeds back to the data application party in request;Wherein, the sub- computation requests are for requesting institute
The target data for stating calculate node invocation target submodel and data ownership side is calculated, and the target submodel is to described
Distributed computing requests corresponding entire mathematical model to split, and the target data is stored in the calculate node
Target submodel data required when calculating.
Wherein, the calculated result that the calculate node is returned feeds back to the data application server, comprising: root
Summarize according to the calculated result that the entire mathematical model returns at least one described calculate node, summarized results is fed back
To the data application party in request.
Alternatively, the calculated result that the calculate node is returned feeds back to the data application server, comprising: will
The calculated result that at least one described calculate node returns, feeds back to the data application party in request.
Alternatively, the calculated result that the calculate node is returned feeds back to the data application server, comprising: right
The calculated result that at least one described calculate node returns is processed using predetermined manner, by the calculating after working process
As a result the data application party in request is fed back to.Wherein, predetermined manner can also include other other than including summarized manner
The working process mode of form.
Optionally, before step 201, method shown in Fig. 2 can also include: that the management node receives the data
It is requested by the distributed computing that data application server is sent application demand side.
Step 202, the calculate node call the target submodel and the target in response to the sub- computation requests
The calculated result is calculated in data, and returns to the calculated result to the management node.
It is appreciated that distributed data security application method provided in this embodiment, it will be originally in data application party in request B
Data application server on the entire mathematical model that runs, split deployment at one of distributed data security application system
Or in multiple calculate nodes, the related data of data ownership side is stored in the one or more calculate node, and by this
Or multiple calculate nodes call relevant data to substitute into the submodel completion calculating disposed in advance, it can thus be avoided data are weighed
The migration of the related data of category side A, and then it is tight effective that the data safety of data ownership side A and information privacy can be made to obtain
It ensures.This specification embodiment provide this technical solution, can be visually known as " initial data is stayed indoor, calculate knot
Fruit is for reference " data application mode.
In addition, being independent of each other since each calculate node carries out alone respective calculating, therefore not only can be to avoid data
The data of ownership side are migrated to data application party in request, can also avoid the trans-departmental migration of the data of data ownership side, further
The data safety and information privacy of data ownership side are ensured.
Optionally, as shown in figure 3, a kind of distributed data security application side that another embodiment of this specification provides
Method can apply distributed data security application system as shown in Figure 1, and this method may include steps of:
Step 203, the calculate node receive and response model disposes request, and the model deployment request will for request
The target submodel that the data application party in request splits the entire mathematical model, is deployed to the meter
In operator node.
That is, data application party in request B can request corresponding entire mathematical model to be torn open distributed computing in advance
Point, required target data when obtaining at least one submodel, and being calculated according to each submodel will at least one described submodel
It is deployed in the calculate node 3 for being stored with corresponding target data.
Step 204, the management node forward authorized order to the calculate node, and the authorized order comes from the number
According to ownership side A, the authorized order, which is used to indicate the data application party in request, has the permission for using the target data.
Step 205, data application party in request B send distributed meter to the management node 1 by data application server
Request is calculated, the distributed computing request is for requesting the calculating demand of realization data application party in request B.
Step 201, the management node are requested according to the distributed computing, Xiang Suoshu distributed data security application system
At least one calculate node of system sends sub- computation requests, and the calculated result that the calculate node returns is fed back to the number
According to application demand side;Wherein, the sub- computation requests are for requesting the calculate node invocation target submodel and data ownership
The target data of side is calculated, and the target submodel is to request corresponding entire mathematical model to be torn open the distributed computing
Get, the target data is data required when the target submodel stored in the calculate node calculates.
Step 202, the calculate node call the target submodel and the target in response to the sub- computation requests
The calculated result is calculated in data, and returns to the calculated result to the management node.
Optionally, can also to include: the management node feed back to data power for final calculation result to method shown in Fig. 3
Data are called or are used so that data ownership side realizes the trace management of the data possessed it by category side's client
Trace is recorded, and is consulted, is audited at any time for data ownership side A.
The distributed data security application method that this specification embodiment provides can obtain following at least one beneficial to effect
Fruit:
(1) it due to being the entire mathematical model that will be run on data application server originally, splits deployment and is being distributed
In one or more calculate nodes of formula data safety application system, is called and itself stored by the one or more calculate node
Related data is completed to calculate, and avoids the migration of related data, therefore the data safety of data ownership side and information can be made to protect
It is close to obtain tight effective guarantee.
(2) it since each calculate node carries out alone respective calculating, is independent of each other, therefore can not only be weighed to avoid data
The data of category side are migrated to data application party in request, can also avoid the trans-departmental migration of the data of data ownership side, are further protected
The safety of the data of data ownership side is hindered.
(3) it since management node is after the calculated result returned to each calculate node is handled to obtain final result, gives
The client of data ownership side is also fed back, therefore data ownership side can be made to realize the trace management of data, facilitates number
It is traced according to applicating history of the ownership side to owned data.
(4) the data dispersion of data ownership side is stored in the different calculate nodes of distributed data security application system,
Form the data storage architecture that is securely distributed, avoid the centrally stored risk of data, can be effectively reduced data confidentiality at
This.
(5) application due to data application party in request to the data of data ownership side will pass through the authorization of data ownership side,
Therefore it can further guarantee the data safety and information privacy of data ownership side.
(6) due to the application for the data being stored in data ownership side in any calculate node, all pacified by distributed data
The management node control of full application system a, it is thereby achieved that key is turned off or on to data ownership side in management node
Data calling function.
It is that the distributed data applied to distributed data security application system provided this specification is answered safely above
With the explanation of method, data to the calculate node and management node that are applied to distributed data security application system separately below
Security application method is introduced.
As shown in figure 4, another embodiment of this specification additionally provides a kind of data safety application method, can be applied to
In the calculate node 3 of distributed data security application system shown in FIG. 1, this method may include:
Step 401, in response to the sub- computation requests of the management node from the distributed data security application system, adjust
Calculated result is calculated with the target data of target submodel and data ownership side A;Wherein, the sub- computation requests are described
Management node is sent according to the request of the distributed computing of data application party in request B, and the target submodel is to the distribution
The corresponding entire mathematical model of formula computation requests is split, the target data be stored in the calculate node it is described
Target submodel data required when calculating;
Step 402, Xiang Suoshu management node return to the calculated result, so that the management node is by the calculated result
Feed back to the data application party in request B.
Optionally, before step 401, method shown in Fig. 4 can also include: to receive simultaneously response model deployment request,
What the model deployment request was used to request to be split the data application party in request B to the entire mathematical model
The target submodel, is deployed in the calculate node.
The data safety application method that this specification embodiment provides can make calculate node directly basis carry out Self management section
The sub- computation requests of point, invocation target data substitute into the target submodel of data application party in request deployment, realize data application
The part of party in request calculates demand, and the target data without storing itself is migrated to the data of data application party in request B
It is calculated again in application server, therefore, the data safety of data ownership side A and information privacy can be made to obtain tight effective guarantor
Barrier.
As shown in figure 5, another embodiment of this specification additionally provides a kind of data safety application method, can be applied to
In the management node of distributed data security application system shown in FIG. 1, this method may include:
Step 501 is requested, Xiang Suoshu distributed data security application according to the distributed computing of data application party in request B
At least one calculate node of system sends sub- computation requests;Wherein, the sub- computation requests are for requesting the calculate node
The target data of invocation target submodel and data ownership side A are calculated, and the target submodel is to the distributed meter
Calculate what the corresponding entire mathematical model of request was split, the target data is the target stored in the calculate node
Submodel data required when calculating.
Optionally, before step 501, method shown in fig. 5 can also include: that the management node is saved to the calculating
Point forwarding authorized order, the authorized order come from the data ownership side A, and the authorized order is used to indicate the data and answers
There is the permission using the target data with party in request B.
Optionally, before step 501, method shown in fig. 5 can also include: that the management node receives the data
Application demand side A is requested by the distributed computing that data application server is sent.
Step 502, the calculated result for returning to the calculate node, feed back to the data application party in request.
As an example, step 502 can specifically include: according to the entire mathematical model at least one described meter
The calculated result that operator node returns is summarized, and summarized results is fed back to the data application party in request B.
As another example, step 502 can specifically include: the calculating knot that at least one described calculate node is returned
Fruit feeds back to the data application party in request B.
As another example, step 502 be can specifically include: the calculating knot returned at least one described calculate node
Fruit is processed using predetermined manner, and the calculated result after working process is fed back to the data application party in request B.
It is direct can to control calculate node by management node for the data safety application method that this specification embodiment provides
According to the sub- computation requests from management node, invocation target data substitute into the target submodel of data application party in request B deployment
In, realize that the part of data application party in request B calculates demand, the target data without storing calculate node is migrated to number
In data application server according to application demand side B, therefore, the data safety of data ownership side A and information privacy can be made to obtain
To tight effective guarantee.
Corresponding to above-mentioned data application method, the embodiment of the invention also provides a kind of data safety application apparatus, below
It is briefly described.
Fig. 6 is the structural schematic diagram for the data safety application apparatus that this specification provides, and can apply distribution shown in FIG. 1
In the calculate node 3 of formula data safety application system.Referring to FIG. 6, data safety application apparatus 600 can include: data calculate
Module 601 and result return module 602.
Data computation module 601, in response to the management node from the distributed data security application system
Calculated result is calculated in the target data of sub- computation requests, invocation target submodel and data ownership side;Wherein, the sub- meter
Calculating request is that the management node is sent according to the request of the distributed computing of data application party in request, and the target submodel is
Corresponding entire mathematical model is requested to split the distributed computing, the target data is in the calculate node
The target submodel of storage data required when calculating.
Result return module 602, for returning to the calculated result to the management node, so that the management node will
The calculated result feeds back to the data application party in request.
The data safety application apparatus that this specification embodiment provides can make calculate node directly basis carry out Self management section
The sub- computation requests of point, invocation target data substitute into the target submodel of data application party in request deployment, realize data application
The part of party in request calculates demand, and the target data without storing itself is migrated to the data of data application party in request and answered
Therefore the data safety of data ownership side and information privacy can be made to obtain tight effective guarantee with server.
Fig. 7 is the structural schematic diagram for the data safety application apparatus that this specification provides, and can apply distribution shown in FIG. 1
In the management node 1 of formula data safety application system.Referring to FIG. 7, data safety application apparatus 700 can include: request is sent
Module 701 and result feedback module 702.
Request sending module 701, for being requested according to the distributed computing of data application party in request, to the distributed number
Sub- computation requests are sent according at least one calculate node of security application system;Wherein, the sub- computation requests are for requesting institute
The target data for stating calculate node invocation target submodel and data ownership side is calculated, and the target submodel is to described
Distributed computing requests corresponding entire mathematical model to split, and the target data is stored in the calculate node
Target submodel data required when calculating.
As a result feedback module 702, the calculated result for returning to the calculate node, feed back to the data and answer
Use party in request.
It is direct can to control calculate node by management node for the data safety application apparatus that this specification embodiment provides
According to the sub- computation requests from management node, invocation target data substitute into the target submodel of data application party in request deployment
In, realize that the part of data application party in request calculates demand, the target data without storing calculate node is migrated to number
According to the data application server of application demand side, therefore, the data safety of data ownership side and information privacy can be made to obtain more
Good guarantee.
Fig. 8 is the structural schematic diagram for the electronic equipment that one embodiment of this specification provides.Referring to FIG. 8, in hardware
Level, the electronic equipment include processor, optionally further comprising internal bus, network interface, memory.Wherein, memory can
It can include memory, such as high-speed random access memory (Random-Access Memory, RAM), it is also possible to further include non-easy
The property lost memory (non-volatile memory), for example, at least 1 magnetic disk storage etc..Certainly, which is also possible to
Including hardware required for other business.
Processor, network interface and memory can be connected with each other by internal bus, which can be ISA
(Industry Standard Architecture, industry standard architecture) bus, PCI (Peripheral
Component Interconnect, Peripheral Component Interconnect standard) bus or EISA (Extended Industry Standard
Architecture, expanding the industrial standard structure) bus etc..The bus can be divided into address bus, data/address bus, control always
Line etc..Only to be indicated with a four-headed arrow in Fig. 8, it is not intended that an only bus or a type of convenient for indicating
Bus.
Memory, for storing program.Specifically, program may include program code, and said program code includes calculating
Machine operational order.Memory may include memory and nonvolatile memory, and provide instruction and data to processor.
Processor is from the then operation into memory of corresponding computer program is read in nonvolatile memory, in logical layer
Data safety application apparatus is formed on face.Processor executes the program that memory is stored, and is specifically used for executing following behaviour
Make:
In response to the sub- computation requests of the management node from the distributed data security application system, invocation target
Calculated result is calculated in the target data of model and data ownership side;Wherein, the sub- computation requests are the management nodes
It is sent according to the request of the distributed computing of data application party in request, the target submodel is requested the distributed computing
What corresponding entire mathematical model was split, the target data is the target submodel stored in the calculate node
Required data when calculating;
The calculated result is returned to the management node, so that the calculated result is fed back to institute by the management node
State data application party in request.
Alternatively, processor, executes the program that memory is stored, and it is specifically used for executing following operation:
It is requested according to the distributed computing of data application party in request, Xiang Suoshu distributed data security application system is at least
One calculate node sends sub- computation requests;Wherein, the sub- computation requests are for requesting calculate node invocation target
The target data of model and data ownership side is calculated, and the target submodel is corresponding to distributed computing request
What entire mathematical model was split, when the target data is that the target submodel stored in the calculate node calculates
Required data;
The calculated result that the calculate node is returned feeds back to the data application party in request.
The above-mentioned data safety application method as disclosed in this specification Fig. 4 or embodiment illustrated in fig. 5 can be applied to handle
In device, or realized by processor.Processor may be a kind of IC chip, the processing capacity with signal.It is realizing
In the process, each step of the above method can pass through the integrated logic circuit of the hardware in processor or the instruction of software form
It completes.Above-mentioned processor can be general processor, including central processing unit (Central Processing Unit,
CPU), network processing unit (Network Processor, NP) etc.;It can also be digital signal processor (Digital Signal
Processor, DSP), it is specific integrated circuit (Application Specific Integrated Circuit, ASIC), existing
Field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device are divided
Vertical door or transistor logic, discrete hardware components.It may be implemented or execute this specification one or more embodiment
In disclosed each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to
Any conventional processor etc..The step of method in conjunction with disclosed in this specification one or more embodiment, can directly embody
Execute completion for hardware decoding processor, or in decoding processor hardware and software module combination execute completion.Software
Module can be located at random access memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable storage
In the storage medium of this fields such as device, register maturation.The storage medium is located at memory, and processor reads the letter in memory
Breath, in conjunction with the step of its hardware completion above method.
The electronic equipment can also carry out the data safety application method of Fig. 4 or Fig. 5, and details are not described herein for this specification.
Certainly, other than software realization mode, other implementations are not precluded in the electronic equipment of this specification, such as
Logical device or the mode of software and hardware combining etc., that is to say, that the executing subject of following process flow is not limited to each
Logic unit is also possible to hardware or logical device.
This specification embodiment also proposed a kind of computer readable storage medium, the computer-readable recording medium storage
One or more programs, the one or more program include instruction, and the instruction is when by the electronic equipment including multiple application programs
When execution, the method that the electronic equipment can be made to execute embodiment illustrated in fig. 4, and be specifically used for executing following operation:
In response to the sub- computation requests of the management node from the distributed data security application system, invocation target
Calculated result is calculated in the target data of model and data ownership side;Wherein, the sub- computation requests are the management nodes
It is sent according to the request of the distributed computing of data application party in request, the target submodel is requested the distributed computing
What corresponding entire mathematical model was split, the target data is the target submodel stored in the calculate node
Required data when calculating;
The calculated result is returned to the management node, so that the calculated result is fed back to institute by the management node
State data application party in request.
This specification embodiment also proposed a kind of computer readable storage medium, the computer-readable recording medium storage
One or more programs, the one or more program include instruction, and the instruction is when by the electronic equipment including multiple application programs
When execution, the method that the electronic equipment can be made to execute embodiment illustrated in fig. 5, and be specifically used for executing following operation:
It is requested according to the distributed computing of data application party in request, Xiang Suoshu distributed data security application system is at least
One calculate node sends sub- computation requests;Wherein, the sub- computation requests are for requesting calculate node invocation target
The target data of model and data ownership side is calculated, and the target submodel is corresponding to distributed computing request
What entire mathematical model was split, when the target data is that the target submodel stored in the calculate node calculates
Required data;
The calculated result that the calculate node is returned feeds back to the data application party in request.
In short, being not intended to limit the protection of this specification the foregoing is merely the preferred embodiment of this specification
Range.With within principle, made any modification, changes equivalent replacement all spirit in this specification one or more embodiment
Into etc., it should be included within the protection scope of this specification one or more embodiment.
System, module or the unit that above-described embodiment illustrates can specifically be realized, Huo Zheyou by computer chip or entity
Product with certain function is realized.It is a kind of typically to realize that equipment is computer.Specifically, computer for example can be a
People's computer, laptop computer, server, smart phone, personal digital assistant, media player, navigation equipment, electronics postal
The combination of any equipment in part equipment, game console, tablet computer, wearable device or these equipment.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices
Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates
Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.When not limiting more, the element that is limited by sentence "including a ...", it is not excluded that in the mistake including the element
There is also other identical elements in journey, method, commodity or equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality
For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method
Part explanation.