CN111062057A

CN111062057A - Neutral data application method, device and system

Info

Publication number: CN111062057A
Application number: CN201911297368.8A
Authority: CN
Inventors: 郑明程
Original assignee: Union Xiamen Finance Technology Service Co ltd
Current assignee: Union Xiamen Finance Technology Service Co ltd
Priority date: 2019-12-16
Filing date: 2019-12-16
Publication date: 2020-04-24
Anticipated expiration: 2039-12-16
Also published as: CN111062057B

Abstract

The application discloses a neutral data application method, a device and a system, wherein the method comprises the following steps: an application server of the neutral data application system sends a calculation request to a data operation server based on an application request of a user for a specified service; the data operation server responds to the calculation request and sends a data extraction request to the data management server; the data management server responds to the data extraction request, reads the user data and returns the user data to the data operation server; the data operation server executes logic calculation corresponding to the specified service on the user data returned by the data management server and feeds back the calculation result to the application server; the application server sends a calculation result returned by the data operation server to the service execution party so that the service execution party executes the specified service based on the calculation result; the application server is deployed in a first network, and the data operation server and the data management server are deployed in a second network.

Description

Neutral data application method, device and system

Technical Field

The present application relates to the field of computer technologies, and in particular, to a neutral data application method, device, and system.

Background

At present, a premise of executing a service logic by a service executing party using data of a data ownership party is to migrate user data related to the service logic stored in a server of the data ownership party to the server of the service executing party, and then execute service logic calculation on the read user data. However, the data application method has a problem that data of a data owner is leaked, and further data security is not guaranteed, and a business executive side performs data calculation under the condition of knowing user data, so that objectivity and neutrality are lost, and a solution is needed.

Disclosure of Invention

The embodiment of the application aims to provide a neutral data application method, a neutral data application device and a neutral data application system, so as to solve the problems that data safety cannot be guaranteed and objectivity and neutrality are lost in data application and calculation in the conventional data application mode.

In order to achieve the above purpose, the embodiments of the present application are implemented as follows:

in a first aspect, a neutral data application method is provided, including:

the method comprises the steps that an application server of a neutral data application system sends a calculation request to a data operation server of the neutral data application system based on a request of a user for a specified service, wherein the calculation request is used for requesting the data operation server to acquire a calculation result corresponding to the specified service;

the data operation server responds to the calculation request and sends a data extraction request to a data management server of the neutral data application system, wherein the data extraction request is used for acquiring user data from the data management server, and the user data is data required for executing logic calculation corresponding to the specified service;

the data management server responds to the data extraction request, reads the user data and returns the user data to the data operation server;

the data operation server executes logic calculation corresponding to the specified service on the user data returned by the data management server and feeds back a calculation result to the application server;

the application server sends the calculation result returned by the data operation server to a service execution party so that the service execution party executes the specified service based on the calculation result;

the application server is deployed in a first network, and the data operation server and the data management server are deployed in a second network.

In a second aspect, a neutral data application system is provided, which comprises an application server deployed in a first network, and a data management server and a data operation server deployed in a second network;

the application server is used for sending a calculation request to the data operation server based on an application request of a user for a specified service, and sending a calculation result corresponding to the specified service returned by the data operation server to a service execution party so as to enable the service execution party to execute the specified service based on the calculation result, wherein the calculation request is used for requesting the data operation server to acquire the calculation result corresponding to the specified service;

the data operation server is used for responding to the calculation request, sending a data extraction request to the data management server, and executing logic calculation corresponding to a specified service on user data returned by the data management server, wherein the data extraction request of the user data is used for acquiring the user data from the data management server, and the user data is data required by executing the logic calculation;

and the data management server is used for responding to the data extraction request, reading the user data and returning the user data to the data operation server.

In a third aspect, a neutral data application method is provided, which is applied to a data operation server of a neutral data application system, and the method includes:

sending a data extraction request to a data management server of the neutral data application system in response to a calculation request from an application server, wherein the calculation request is sent to the calculation server by the application server based on a request of a user for a specified service, the calculation request is used for requesting the data calculation server to perform logic calculation corresponding to the specified service by using acquired user data, and the data extraction request is used for acquiring the user data required for executing the logic calculation from the data management server;

executing logic calculation corresponding to the specified service on the user data returned by the data management server;

and feeding back a calculation result to the application server so that the application server sends the calculation result to a service execution party, wherein the calculation result is used for the service execution party to execute the specified service.

In a fourth aspect, there is provided a neutral data application method applied to a data management server of a neutral data application system, the method including:

reading user data in response to a data extraction request sent by a data operation server from the neutral data application system, wherein the data extraction request is sent by the data operation server according to a calculation request from the application server of the neutral data application system, the calculation request is used for requesting to obtain a calculation result corresponding to a specified service, and the data extraction request is used for obtaining the user data required for executing logic calculation corresponding to the specified service from the data management server;

and returning the user data to the data operation server, so that the data operation server executes logic calculation corresponding to the specified service on the user data and feeds back a calculation result to the application server to instruct the application server to send the calculation result to a service execution party, wherein the calculation result is used for the service execution party to execute the specified service.

In a fifth aspect, there is provided a neutral data application device applied to a data operation server of a neutral data application system, the device including: an interface and operation module;

the interface is used for receiving a calculation request from an application server and sending the calculation request to the calculation module, wherein the calculation request is sent to the calculation server by the application server based on an application request of a user for a specified service, and the calculation request is used for requesting the data calculation server to perform logic calculation corresponding to the specified service by using the acquired user data;

the operation module is configured to send a data extraction request to a data management server of the neutral data application system in response to the received calculation request, execute logical calculation corresponding to the specified service on the user data returned by the data management server, and feed back a calculation result to the interface, where the data extraction request is used to request the data management server to acquire user data required to execute the logical calculation;

the interface is further configured to feed back the calculation result to the application server, so that the application server sends the calculation result to a service execution party, where the calculation result is used by the service execution party to execute the specified service.

In a sixth aspect, there is provided a neutral data application apparatus applied to a data management server of a neutral data application system, the apparatus including: the system comprises an authorization verification module, a data extraction module and a database;

the authorization verification module is configured to send a data extraction instruction to the data extraction module in response to a data extraction request sent by a data operation server of the neutral data application system, where the data extraction request is sent by the data operation server according to a computation request from an application server of the neutral data application system, the computation request is used to request to obtain a computation result corresponding to a specified service, the data extraction request is used to obtain, from the data management server, user data required to perform logical computation corresponding to the specified service, and the data extraction instruction is used to instruct the data extraction module to read the user data;

the data extraction module is configured to, in response to the received data extraction instruction, read the user data from the database, and return the user data to the data operation server, so that the data operation server performs a logical calculation corresponding to the specified service on the user data and feeds back a calculation result to the application server, so as to instruct the application server to send the calculation result to a service executor, where the calculation result is used by the service executor to execute the specified service.

In a seventh aspect, an electronic device is provided, including:

a processor; and

a memory arranged to store computer executable instructions that, when executed, cause the processor to:

sending a data extraction request to a data management server of a neutral data application system in response to a calculation request from an application server, wherein the calculation request is sent to the calculation server by the application server based on an application request of a user for a specified service, the calculation request is used for requesting the data calculation server to perform logic calculation corresponding to the specified service by using acquired user data, and the data extraction request is used for acquiring the user data required for executing the logic calculation from the data management server;

In an eighth aspect, a computer-readable storage medium is provided that stores one or more programs that, when executed by an electronic device that includes a plurality of application programs, cause the electronic device to:

In a ninth aspect, there is provided an electronic device comprising:

a processor; and

reading user data in response to a data extraction request sent by a data operation server from a neutral data application system, wherein the data extraction request is sent by the data operation server according to a calculation request from the application server of the neutral data application system, the calculation request is used for requesting to acquire a calculation result corresponding to a specified service, and the data extraction request is used for acquiring the user data required for executing logic calculation corresponding to the specified service from the data management server;

In a tenth aspect, a computer-readable storage medium is provided that stores one or more programs that, when executed by an electronic device that includes a plurality of application programs, cause the electronic device to:

The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects: the service logic calculation executed by the service executing party is transferred to the data operation server independent of the service executing party and the user side, so that the condition that the service executing party directly contacts the relevant user data required by the service logic calculation can be avoided, and the problem that the relevant user data is leaked by the service executing party can be further prevented. And the data management server stores the relevant user data, the data operation server reads the user data from the data management server when the specified service logic calculation needs to be executed, and the data operation server and the data management server are deployed in a network different from the application server, so that the effective isolation of the application, operation and storage of the user data is realized, and the data safety and privacy of the user data are effectively guaranteed. Because the service executive party can not master the user data and the user can not master the operation process, the operation processing of the data is completed by the independent data operation server, and the objectivity and the neutrality of the data application and the operation are ensured. In addition, the data operation server can automatically delete the acquired user data after feeding back the calculation result to the data application server, so that the user data can not be stored or leaked by the data operation server.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:

fig. 1 is a schematic structural diagram of a neutral data application system according to an embodiment of the present application.

Fig. 2 is a flowchart illustrating a neutral data application method according to an embodiment of the present application.

Fig. 3 is a schematic flow chart of another neutral data application method provided in the embodiments of the present application.

Fig. 4 is a schematic flow chart of another neutral data application method provided in the embodiments of the present application.

Fig. 5 is a schematic flow chart of another neutral data application method provided in the embodiments of the present application.

Fig. 6 is a schematic flow chart of another neutral data application method provided in the embodiments of the present application.

Fig. 7 is a schematic structural diagram of a neutral data application apparatus provided in the present specification.

Fig. 8 is a schematic structural diagram of another neutral data application apparatus provided in the present specification.

Fig. 9 is a schematic structural diagram of an electronic device provided in the present specification.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

In order to solve the problems that data security cannot be guaranteed and data application and calculation are not objective and neutral in the existing data application mode, embodiments of the present application provide a neutral data application method, device, system, electronic device, and computer storage medium.

A neutral data application system provided by an embodiment of the present application will be described first.

Referring to fig. 1, a schematic structural diagram of a neutral data application system according to an embodiment of the present application is shown. The neutral data application system comprises an application server A1, a data operation server and a data management server, wherein the application server A1 and the data management server are respectively connected with the data operation server, the application server is deployed in a first network (such as the Internet), and the data operation server and the data management server are deployed in a second network (such as a local area network).

The number of the data calculation servers of the neutral data application system may be one or more, and the number of the data management servers may also be one or more. Fig. 1 shows that the neutral data application system includes data operation servers E1 to En and data management servers D1 to Dn, and one data operation server corresponds to one data management server, and the data operation server E1 and the data management server D1 are deployed in the local area network X1, and so on, the data operation server En and the data management server Dn are deployed in the local area network Xn, and n is a positive integer.

Optionally, the neutral data application system shown in fig. 1 may further include a user client and a service executor server for executing logic computation corresponding to the user-specified service, the user client and the service executor server are respectively connected to the application server, and the server of each service executor is preset with a program interface for communicating or data interacting with the application server a 1. Fig. 1 shows that the service executing side server includes a server of the service executing side M1 to a server of the service executing side Mn, the server of the service executing side M1 includes a program interface M1a1, the server of the service executing side Mn includes a program interface Mna1, and n is a positive integer.

In the neutral data application system described in this embodiment, the user client may be any device capable of providing various business application services such as finance and the like for the user, for example, a pc (personal computer) terminal, a mobile terminal, and the like.

In the neutral data application system described in this embodiment, the application server a1 can be regarded as an intermediate server between the service execution side server and the data operation server and between the user client and the data operation server, and is used for realizing indirect communication or data interaction between the service execution side server and the data operation server and between the user client and the data operation server. The application server A1 can directly communicate with the service execution side server and the user client, and the application server A1 can directly communicate with the data computation server.

Optionally, the neutral data application system shown in fig. 1 may further include an authorization server B1 and an authentication server, the authorization server B1 being connected with the user client and the authentication server, respectively, and the authentication server being further connected with the data management server. The number of the authentication servers may be one or more, and furthermore, the authorization server B1 may be deployed in the first network, and the authentication server may be deployed in the second network. Fig. 1 shows that the neutral data application system includes a verification server C1 to a verification server Cn, n is a positive integer, and the verification server C1, a data calculation server E1, and a data management server D1 are deployed in the same local area network X1, and so on, the verification server Cn, the data calculation server En, and the data management server Dn are deployed in the same local area network Xn.

Optionally, the neutral data application system shown in fig. 1 may further include a model publishing server connected to the application server a1 for verifying and deploying the models needed to perform the logical computations in the compute servers. The number of the model publishing servers can be one or more, and fig. 1 shows that the model publishing servers include a model publishing server F1 to a model publishing server Fn, and n is a positive integer.

It should be noted that the application server, the data calculation server, the data management server, the authorization server, and the model issuing server may be managed by different third parties (third parties other than the user and the service executing party), for example, the application server, the data calculation server, and the model issuing server may be servers of a third party a, and the authorization server and the authentication server may be servers of a third party B.

In addition, the first network and the second network can communicate or interact data through a private line.

Based on the above-mentioned neutral data application system, in a detailed embodiment, if the user wants to apply for a specific service, as shown in fig. 1, the neutral data application system may include: an application server A1, a data calculation server and a data management server.

And the application server A1 is used for sending a calculation request to the calculation server based on an application request of a user for a specified service, and sending a logic calculation result corresponding to the specified service returned by the data calculation server to a service execution party so that the service execution party executes the specified service based on the calculation result.

And the calculation request is used for requesting the data operation server to acquire a calculation result corresponding to the specified service. The computation request may carry an identifier of a user (or a user client), content of a logical computation corresponding to a specific service or an identifier of a logical computation corresponding to a specific service, a model identifier corresponding to a specific service, an access code (e.g., SQL statement) of user data, or an access address (e.g., network address, etc.) of user data.

The data operation server may be configured to send a data extraction request to the data management server in response to the calculation request, and execute logic calculation corresponding to a specified service on user data returned by the data management server, where the data extraction request is used to obtain the user data from the data management server, and the user data is data required to execute the logic calculation.

And the data management server can be used for responding to the data extraction request, reading the user data and returning the user data to the data operation server.

In one implementation scenario, a user may apply for a certain banking loan transaction (i.e., a designated transaction) through a user client, and the user client sends an application request for the loan transaction to the application server a1 in response to the user applying for the loan transaction. The application server a1 sends a calculation request to the data calculation server in response to the application request to request the data calculation server to return a logical calculation result corresponding to the loan transaction. And the data operation server responds to the calculation request and sends a data extraction request to the data management server to request to acquire user data required by executing the logic calculation corresponding to the loan service from the data management server. The data management server returns the user data to the data arithmetic server, the data arithmetic server performs logical calculation corresponding to the loan transaction on the user data, and returns the calculation result to the application server a 1. After receiving the calculation result, the application server a1 sends the calculation result to a bank (service executing party), and the bank processes the loan service based on the calculation result and feeds back the processing result to the application server a 1. The application server a1 may feed back the processing results to the user client and other departments.

In one embodiment, the application server a1 may include an application group AX1, a service interface group AY1, and a compute interface group AZ 1. The application program group AX1 comprises a plurality of application programs, the service interface group AY1 comprises a plurality of service interfaces for communication or data interaction with service executing parties, and the calculation interface group AZ1 comprises a plurality of calculation interfaces for communication or data interaction with a data calculation server. Fig. 1 shows that the application group AX1 includes applications AX1a1 to AX1an, the service interface group AY1 includes service interfaces AY1a1 to AY1an, the operation interface group AZ1 includes operation interfaces AZ1a1 to AZ1a1, and n is a positive integer.

The data operation server may include an interface group, an operation group and a model group, wherein the interface group includes a plurality of interfaces which can be used for communication or data interaction with the operation interface group of the application server a1, the operation group includes a plurality of operation modules which can be used for executing logic calculation corresponding to a specified service, and the model group includes a plurality of models which are used for being called by the operation group to execute the logic calculation. Fig. 1 shows that the data operation server E1 includes an interface group EX1, an operation group EZ1 and a model group EY1, the interface group EX1 includes interfaces EX1a1 to EX1an, the model group EY1 includes models EY1a1 to EY1an, the operation group EZ1 includes operation modules EZ1a1 to operation modules EZ1an, and n is a positive integer.

The data management server can comprise an authorization verification module, an authorization record storage module, a data extraction module and a database. The authorization verification module is used for communicating or data interaction with the data operation server, the authorization record storage module is used for storing authorization records of users, the database is used for storing user data of the users, and the data extraction module is used for reading the user data of the users from the one or more databases. Fig. 1 shows that the data management server D1 includes an authorization verification module D1b1, an authorization record storage module D1a1, a data extraction module D1D1, and databases D1c1 to D1cn, n being a positive integer.

In specific implementation, taking an application program AX1a1 corresponding to a specified service as an example, the application program AX1a1 of the application server a1 receives an application request for the specified service from a user client, and sends a calculation request to the data calculation server through the calculation interface AZ1a1 in response to the application request. Then, the interface EX1a1 of the data calculation server E1 receives the calculation request and passes the calculation request to the calculation module EZ1a1, and the calculation module EZ1a1 receives and responds to the calculation request, and sends the data extraction request to the data management server. Next, the authorization verification module D1b1 of the data management server D1 receives the data extraction request, and invokes the authorization storage module D1a1 to query the authorization record of the user, and the authorization storage module D1a1 feeds back the query result of the authorization record of the user to the authorization verification module D1b 1. If the authorization verification module D1b1 determines that the authorization record of the user does not exist, it will feed back to the operation module EZ1a1 of the data operation server E1 that the authorization record of the user does not exist, the operation module EZ1a1 returns the result that the authorization record of the user does not exist to the application program AX1a1 through the interface EX1a1 and the operation interface AZ1a1, and the application program AX1a1 will notify the user that the authorization record does not exist through the user client; if the authorization verification module D1b1 determines that the authorization record of the user exists, it will initiate a data extraction request to the authorization extraction module D1D1, and then the data extraction module D1D1 responds to the data extraction request, reads the user data from the database D1c1 to the database D1cn and returns the user data to the operation module EZ1a1 of the data operation server E1; the operation module EZ1a1 calls one or more models from the model group EY1 to execute logic calculation corresponding to the specified service on the user data, and feeds back the calculation result to the interface EX1a1, and the calculation result is returned to the application server A1 by the interface EX1a 1. Finally, the calculation interface AZ1a1 of the application server a1 receives the calculation result and forwards the calculation result to the application program AX1a1, the application program AX1a1 sends the calculation result to the service interface AY1a1, and the service interface AY1a1 sends the calculation result to the program interface M1a1 of the service executor server M1, so that the service executor executes the specified service.

Further, the interface AY1a1 of the application server a1 may also receive the execution result of the specified service returned by the service executing party, and send the execution result to the application program AX1a1, and send the execution result to the user client and other departments H through the application program AXia 1.

It can be understood that, in the neutral data application system provided in this embodiment, the service logic calculation originally executed by the service executing party is transferred to the data operation server independent of the service executing party and the user side, so that the related user data required by the service executing party to directly perform the service logic calculation can be avoided, and further the problem that the related user data is leaked by the service executing party can be prevented. And the data management server stores the relevant user data, the data operation server reads the user data from the data management server when the specified service logic calculation needs to be executed, and the data operation server and the data management server are deployed in a network different from the application server, so that the effective isolation of the application, operation and storage of the user data is realized, and the data safety and privacy of the user data are effectively guaranteed. Because the service executive party can not master the user data and the user can not master the operation process, the operation processing of the data is completed by the independent data operation server, and the objectivity and the neutrality of the data application and the operation are ensured.

In another embodiment, the data operation server may further delete the user data after feeding back the calculation result to the service executing party M. For example, the operation module EZ1a1 of the data operation server E1 deletes the user data after obtaining the calculation result and feeding the calculation result back to the interface EX1a 1.

Therefore, the user data can be prevented from being leaked by a third party to which the data operation server belongs, and the safety of the user data is further guaranteed.

It should be noted that, before reading the user data, the data management server also calls a pre-stored authorization record, determines whether the service executing party M has the right to use the user data, and reads the user data when the service executing party M has the right to use the user data. The authorization record of different data ownership parties is stored in the authorization record, and the authorization record of each data ownership party is used for indicating that the service executing party M has the authority to use the user data of the user. It should be noted that the authorization record of the user is also used to indicate that the party to which the application server a1 belongs has the right to use the user data. Specifically, the authorization verification module D1b1 of the data management server requests the authorization record storage module D1a1 to invoke a pre-stored authorization record in response to the data extraction request sent by the data operation server E1, and if the authorization record storage module D1a1 successfully invokes the authorization record of the user, it is determined that the service execution party M or the party affiliated to the application server a1 has the right to use the user data, and further, the authorization record storage module D1a1 sends a data extraction instruction to the data extraction module D1D 1. The data extraction module D1D1 reads the user data from the related database and returns the user data to the data operation server E1 according to the data extraction instruction. It can be understood that, in the neutral data application system provided in this embodiment, the data operation server authorizes the user (i.e. the data authority of the user data) to apply the user data, so that the data security and information confidentiality of the data user data can be further ensured.

In another detailed embodiment, the owner (user) of the user data may grant the service executing party M the right to use the user data. Further, the owner of the user data may also grant the owner of application server a1 rights to use the user data. In this embodiment, as shown in fig. 1, the neutral data application system may include: user client, authorization server B1, authentication server, and data management server.

The user client is used for sending an authorization instruction and identity identification information to the authorization server B1 based on the authorization operation of the user.

The authorization server B1 may be configured to forward an authorization instruction and identification information from the user to the authentication server.

Wherein the authorization instruction is used for indicating that the service executing party has the authority to use the user data. The identification information may comprise an identification of the user or an identification of the user client.

The verification server can be used for verifying the validity of the identity identification information, generating an authorization record of the user based on the authorization instruction under the condition that the identity identification information is valid, and sending the authorization record of the user to the data management server for storage.

In one embodiment, the authorization server B1 may include an identification collection module and an authorization instruction transceiver module. The authentication server may include an authentication module C1a1 and an authorization record generation module C1b 1. Among them, fig. 1 shows that the authentication server C1 includes an authentication module C1a1 and an authorization record generation module C1b 1.

In specific implementation, the id acquisition module B1a1 of the authorization server B1 may receive the id information and the authorization command from the user client, perform basic verification on the id information and the authorization command, and transmit the result to the authorization command transceiver module B1B1, and the authorization command transceiver module B1B1 transmits the id information and the authorization command to the verification module C1a1 of the verification server C1. The verification module C1a1 verifies the validity of the id information, and if it is determined that the id information is invalid, sends invalid id feedback information to the authorization instruction transceiver module B1B1 of the authorization server B1, and the authorization instruction transceiver module B1B1 feeds back the invalid id feedback information to the user client via the acquisition module B1a 1; if the identity identification information is determined to be valid, an authorization confirmation instruction is sent to the authorization record generation module C1b 1. The authorization record generating module C1B1 generates the authorization record of the data authority B according to the authorization confirmation command, and sends the authorization record to the authorization record storage module D1a1 of the data management server D1 for storage.

It can be understood that, the neutral data application system provided by the embodiment is controlled by the owner of the user data because the usage right of the user data stored in the data management server is controlled, so that the data security and information confidentiality of the user data can be further ensured.

In another detailed embodiment, if a model designer O (e.g., one or more of model designer O1 through model designer On) wants to deploy its own model in the calculation server, as shown in fig. 1, the neutral data application system may include: an application server A1, a data computation server, and a model distribution server.

The application server a1 may be further configured to receive a model to be deployed from the model designer O and forward the model to the model publishing server.

The model issuing server can be used for sending the model to be deployed to a model auditor for auditing, and sending the model to be deployed to the data operation server when feedback information from the model auditor is received, wherein the feedback information represents that the model to be deployed passes auditing.

The data operation server is also used for receiving and deploying the model to be deployed.

In one embodiment, application server A1 may also include a model publishing module AO1 for communicating or data interacting with model designer O and the model publishing server. The model issuing server may include a model processing module, a model checking pool and a model issuing pool, wherein the model processing module is configured to perform communication or data interaction with the application server a1, the model checking pool is configured to store the model to be deployed waiting for the audit, and the model issuing pool is configured to store and send the model to be deployed that passes the audit. FIG. 1 shows that model publishing server F1 includes model processing module F1a, model validation pool F1b, and model publishing pool F1 c.

In specific implementation, the application server a1 receives the model to be deployed uploaded by the model designer O through the model publishing module AO1, and sends the model to be deployed to the model publishing server F1. Then, the model publishing server F1 receives the model to be deployed through the model processing module F1a, stores the model to be deployed in the model checking pool F1b, and sends the model to be deployed to the model auditor G1 for auditing and receives the feedback information for the model to be deployed returned by the model auditor G1 through the model checking pool F1 b; and if the model checking pool F1b receives feedback information that the model to be deployed passes the audit, which is returned by the model auditor G1, the model to be deployed is sent to the model publishing pool F1c, and the model publishing pool F1c sends the model to be deployed to the data operation server E1. Finally, the data operation server E1 receives the model to be deployed and deploys the model to be deployed into a model group EY 1.

Further, if the model checking pool F1b receives feedback information that the model audit to be deployed fails, which is returned by the model auditor G1, the feedback information is sent to the model processing module F1a, the model processing module F1a forwards the feedback information to the model issuing module AO1 of the application server a1, and the model issuing module AO1 feeds the feedback information back to the model designer O.

It is worth noting that the model auditor G1 may include a manual audit group and a program audit group, wherein the manual audit group includes a plurality of audit verifiers; the program auditing group comprises a plurality of auditing verification programs which can automatically audit the model to be deployed. FIG. 1 shows that the model auditor G1 includes a manual audit group G1a and a program audit group G1b, with the manual audit group G1a including audit verifiers G1a1 through audit verifier G1an, and the program audit group G1b including audit verifiers G1b1 through audit verification program G1 bn.

It can be understood that the neutral data application system provided by the embodiment realizes integration of four aspects of model design, model auditing, model publishing and model application, and realizes flow control of model production.

The above is a description of the neutral data application system provided in the embodiments of the present application, and in addition to the neutral data application system, the embodiments of the present application also provide a neutral data application method, which is described below.

It should be noted that, since the following neutral data application method corresponds to the foregoing neutral data application system, the following description of the neutral data application method is brief, and reference may be made to the above description of the neutral data application system for the relevant points.

Referring to fig. 2, a flow chart of a neutral data application method provided in an embodiment of the present application is shown, where the neutral data application method can be applied to a neutral data application system as shown in fig. 1, and the method may include the following steps:

step 201, an application server of a neutral data application system sends a calculation request to a data operation server of the neutral data application system based on a request of a user for a specified service, wherein the calculation request is used for requesting to acquire a calculation result corresponding to the specified service from the data operation server.

Optionally, before step 201, the method shown in fig. 2 may further include: and the application server receives the application request of the specified service sent by the user client.

Step 202, the data operation server sends a data extraction request to a data management server of the neutral data application system in response to the calculation request, where the data extraction request is used to obtain user data from the data management server, and the user data is data required to perform logic calculation corresponding to the specified service.

Step 203, the data management server responds to the data extraction request to read the user data and returns the user data to the data operation server.

And step 204, the data operation server executes logic calculation corresponding to the specified service on the user data returned by the data management server, and feeds back a calculation result to the application server.

Wherein the performing the computation of the specified business logic on the returned user data comprises: and calling at least one pre-deployed model to perform logic calculation corresponding to the specified service on the user data.

Step 205, the application server sends the calculation result returned by the data operation server to a service execution party, so that the service execution party executes the specified service based on the calculation result.

It can be understood that, in the neutral data application method provided in this embodiment, the service logic calculation originally executed by the service executing party is transferred to the data operation server independent of the service executing party and the user side, so that the related user data required by the service executing party to directly perform the service logic calculation can be avoided, and further the problem that the related user data is leaked by the service executing party can be prevented. And the data management server stores the relevant user data, the data operation server reads the user data from the data management server when the specified service logic calculation needs to be executed, and the data operation server and the data management server are deployed in a network different from the application server, so that the effective isolation of the application, the operation and the storage of the user data is realized, the data safety and the privacy of the user data are effectively guaranteed, and the application and the operation of the data are more objective and neutral.

Alternatively, as shown in fig. 3, another embodiment of the present application provides a neutral data application method, which may apply the neutral data application system shown in fig. 1, and the method may include the following steps:

step 301, an application server of a neutral data application system sends a calculation request to a data operation server of the neutral data application system based on a request of a user for a specified service, wherein the calculation request is used for requesting to acquire a calculation result corresponding to the specified service from the data operation server.

Step 302, the data operation server sends a data extraction request to a data management server of the neutral data application system in response to the calculation request, where the data extraction request is used to obtain user data from the data management server, and the user data is data required to perform logic calculation corresponding to the specified service.

Step 303, before the data management server reads the user data, the data management server calls a pre-stored authorization record to determine whether the service executing party has the right to use the user data.

Further, the data management server also judges whether the party of the application server has the authority to use the user data.

If the service executing party or the party of the application server has the right to use the user data, step 304 is executed.

Step 304, the data management server responds to the data extraction request to read the user data and returns the user data to the data operation server.

Step 305, the data operation server executes logic calculation corresponding to the specified service on the user data returned by the data management server, and feeds back a calculation result to the application server.

Step 306, the application server sends the calculation result returned by the data operation server to a service execution party, so that the service execution party executes the specified service based on the calculation result.

It can be understood that, in the neutral data application method provided in this embodiment, the data user applies the user data via the authorization of the data owner of the user data, so that the data security and information privacy of the data user data can be further ensured.

Optionally, before the data calculation server sends a data extraction request to the data management server, the method shown in fig. 3 may further include: the authorization server of the neutral data application system forwards an authorization instruction and identification information from the user to an authentication server of the neutral data application system, wherein the authorization instruction is used for indicating that the service executive party has the authority to use the user data; the verification server verifies the validity of the identity identification information, generates an authorization record of the user based on the authorization instruction under the condition that the identity identification information is valid, and sends the authorization record of the user to the data management server for storage. Further, the authorization instruction is used to indicate that the party of the application server has the right to use the user data.

It can be understood that, the neutral data application method provided by the present embodiment is controlled by the owner of the user data because the usage right of the user data stored in the data management server is controlled by the owner of the user data, so that the data security and information confidentiality of the data user data can be further ensured.

Alternatively, as shown in fig. 4, another embodiment of the present application provides a neutral data application method, which may apply the neutral data application system shown in fig. 1, and the method may include the following steps:

step 401, the application server receives a model to be deployed from a model designer and forwards the model to a model publishing server of the neutral data application system.

Step 402, the model issuing server sends the model to be deployed to a model auditor for auditing, and sends the model to be deployed to the data operation server when receiving feedback information from the model auditor, which indicates that the model to be deployed passes auditing.

And 403, receiving and deploying the model to be deployed by the data operation server.

Step 404, an application server of a neutral data application system sends a calculation request to a data operation server of the neutral data application system based on a request of a user for a specified service, wherein the calculation request is used for requesting to acquire a calculation result corresponding to the specified service from the data operation server.

Step 405, the data operation server sends a data extraction request to a data management server of the neutral data application system in response to the calculation request, where the data extraction request is used to obtain user data from the data management server, and the user data is data required to perform logic calculation corresponding to the specified service.

And step 406, the data management server reads the user data in response to the data extraction request and returns the user data to the data operation server.

Step 407, the data operation server executes the logic calculation corresponding to the specified service on the user data returned by the data management server, and feeds back the calculation result to the application server.

Step 408, the application server sends the calculation result returned by the data operation server to a service execution party, so that the service execution party executes the specified service based on the calculation result.

Optionally, the methods shown in fig. 2, fig. 3, and fig. 4 may further include: and after the data operation server feeds back the calculation result to the service execution party, deleting the user data. Illustratively, the operation module of the data operation server deletes the user data after feeding back the calculation result to the interface of the data operation server.

It can be understood that the neutral data application method provided by this embodiment can avoid the user data being left in the data operation server and being leaked by the third party to which the data operation server belongs, and further ensure the data security and information confidentiality of the data user data.

Referring to fig. 5, a flowchart of a neutral data application method provided in an embodiment of the present application is shown, where the neutral data application method may apply to a data operation server of a neutral data application system as shown in fig. 1, and the method may include the following steps:

step 501, in response to a computation request from an application server, sending a data extraction request to a data management server of the neutral data application system, where the computation request is sent to the computation server by the application server based on a request for a specified service from a user, the computation request is used to request the data computation server to perform a logic computation corresponding to the specified service using acquired user data, and the data extraction request is used to acquire user data required to perform the logic computation from the data management server.

Step 502, executing logic calculation corresponding to the specified service on the user data returned by the data management server.

Wherein the performing of the computation of the specified business logic on the user data returned by the data management server comprises: and calling at least one pre-deployed model, and executing logic calculation corresponding to the specified service on the user data returned by the data management server based on the at least one model.

Step 503, feeding back the calculation result to the application server, so that the application server sends the calculation result to a service execution party, where the calculation result is used for the service execution party to execute the specified service.

The neutral data application method provided by the embodiment of the application transfers the service logic calculation originally executed by the service executing party to the data operation server independent of the service executing party and the user side, so that the service executing party can be prevented from directly contacting the relevant user data required for executing the service logic calculation, and the problem that the relevant user data is leaked by the service executing party can be further prevented. And the data management server stores the relevant user data, the data operation server reads the user data from the data management server when the specified service logic calculation needs to be executed, and the data operation server and the data management server are deployed in a network different from the application server, so that the effective isolation of the application, the operation and the storage of the user data is realized, the data safety and the privacy of the user data are effectively guaranteed, and the application and the operation of the data are more objective and neutral.

Optionally, before step 502, the method shown in fig. 5 may further include: and receiving and deploying a model to be deployed from a model publishing server of the neutral data application system, wherein the model to be deployed is sent after the model publishing server verifies the model to be deployed.

Optionally, after step 503, the method further comprises: and deleting the user data.

Referring to fig. 6, a flowchart of a neutral data application method provided in an embodiment of the present application is shown, where the neutral data application method may apply to a data management server of a neutral data application system as shown in fig. 1, and the method may include the following steps:

step 601, reading user data in response to a data extraction request sent by a data operation server from the neutral data application system, wherein the data extraction request is sent by the data operation server according to a calculation request from the application server of the neutral data application system, the calculation request is used for requesting to obtain a calculation result corresponding to a specified service, and the data extraction request is used for obtaining user data required for executing logic calculation corresponding to the specified service from the data management server.

Step 602, returning the user data to the data operation server, so that the data operation server performs a logical calculation corresponding to the specified service on the user data and feeds back a calculation result to the application server, so as to instruct the application server to send the calculation result to a service executing party, where the calculation result is used by the service executing party to execute the specified service.

Optionally, before step 601, the method shown in fig. 6 may further include: calling a pre-stored authorization record, judging whether the service executive party has the authority of using the user data, and if the service executive party has the authority of using the user data, executing step 601; otherwise, an authorization failure result is returned to the data operation server, so that the data operation server feeds the authorization failure result back to the service execution party through the application server.

Further, it may also be determined whether the party to which the application server belongs has the right to use the user data by calling a pre-stored authorization record, and if the party to which the application server belongs has the right to use the user data, step 601 is executed.

It can be understood that, in the neutral data application method provided by this embodiment, the data user applies the user data by authorization of the owner of the user data, so that data security and information confidentiality of the data user data can be further ensured.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The embodiment of the present application also provides a neutral data application device corresponding to the neutral data application method provided by the present application, and the following briefly introduces.

Fig. 7 is a schematic diagram showing a configuration of a neutral data application device provided in the present specification, and can be applied to a data operation server of the neutral data application system shown in fig. 1. Referring to fig. 7, the neutral data application device 700 may include: an interface 701 and an operation module 702.

An interface 701, configured to respond to a computation request from an application server and send the computation request to the computation module, where the computation request is sent to the computation server by the application server based on a request of a user for a specified service, and the computation request is used to request the data computation server to perform logic computation corresponding to the specified service by using acquired user data.

An operation module 702, configured to send a data extraction request to a data management server of the neutral data application system in response to the received computation request, execute a logic computation corresponding to the specified service on the user data returned by the data management server, and feed back a computation result to the interface, where the data extraction request is used to request the data management server to acquire user data required to execute the logic computation.

The interface 701 is further configured to feed back the calculation result to the application server, so that the application server sends the calculation result to a service execution party, where the calculation result is used by the service execution party to execute the specified service.

It can be understood that, the neutral data application device provided in the embodiment of the present application transfers the service logic calculation originally executed by the service executing party to the data operation server independent of the service executing party and the user side, so as to avoid the direct contact of the service executing party with the relevant user data required for executing the service logic calculation, and further prevent the relevant user data from being leaked by the service executing party. And the data management server stores the relevant user data, the data operation server reads the user data from the data management server when the specified service logic calculation needs to be executed, and the data operation server and the data management server are deployed in a network different from the application server, so that the effective isolation of the application, the operation and the storage of the user data is realized, the data safety and the privacy of the user data are effectively guaranteed, and the application and the operation of the data are more objective and neutral.

It should be noted that the number of the interfaces 701 may be one or more, and when there are more interfaces 701, the interfaces 701 may form an interface group. The number of the operation modules 702 may be one or more, and when there are a plurality of operation modules 702, the operation modules 702 form an operation group.

Further, in another embodiment, the neutral data application device 700 may further include a model group, the model group includes a plurality of models, and the operation module 702 may call at least one model in the model group, and perform a logic calculation corresponding to the specific service based on the at least one model.

Fig. 8 is a schematic configuration diagram of a neutral data application device provided in the present specification, and can be applied to the data management server of the neutral data application system shown in fig. 1. Referring to fig. 8, the neutral data application apparatus 800 may include: an authorization verification module 801, a data extraction module 802, and a database 803.

An authorization verification module 801, configured to send a data extraction instruction to a data extraction module 802 in response to a data extraction request sent by a data operation server of the neutral data application system, where the data extraction request is sent by the data operation server according to a computation request from an application server of the neutral data application system, the computation request is used to request to obtain a computation result corresponding to a specified service, the data extraction request is used to obtain, from the data management server, user data required to perform logical computation corresponding to the specified service, and the data extraction instruction is used to instruct the data extraction module 802 to read the user data.

A data extraction module 802, configured to, in response to the received data extraction instruction, read the user data from the database 803, and return the user data to the data operation server, so that the data operation server performs a logical calculation corresponding to the specified service on the user data and feeds back a calculation result to the application server, so as to instruct the application server to send the calculation result to a service executor, where the calculation result is used by the service executor to execute the specified service.

The number of the databases 803 may be one or more.

Fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Referring to fig. 9, at a hardware level, the electronic device includes a processor, and optionally further includes an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.

The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (peripheral component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 9, but this does not indicate only one bus or one type of bus.

And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.

The processor reads the corresponding computer program from the non-volatile memory into the memory and then runs the computer program, and a neutral data application device is formed on a logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:

Or, the processor executes the program stored in the memory, and is specifically configured to perform the following operations:

The neutral data application method disclosed in the embodiment of fig. 5 or fig. 6 of the present application can be applied to or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete gates or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.

The electronic device may further execute the neutral data application method of fig. 5 or fig. 6, and the embodiments of the present application are not described herein again.

Of course, besides the software implementation, the electronic device of the present application does not exclude other implementations, such as a logic device or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or a logic device.

Embodiments of the present application also provide a computer-readable storage medium storing one or more programs, where the one or more programs include instructions, which when executed by a portable electronic device including a plurality of applications, enable the portable electronic device to perform the method of the embodiment shown in fig. 5, and are specifically configured to:

Embodiments of the present application also provide a computer-readable storage medium storing one or more programs, where the one or more programs include instructions, which when executed by a portable electronic device including a plurality of applications, enable the portable electronic device to perform the method of the embodiment shown in fig. 6, and are specifically configured to:

In short, the above description is only a preferred embodiment of the present application, and is not intended to limit the scope of the present application. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a server.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

Claims

1. A neutral data application method, comprising:

2. The method of claim 1, further comprising:

the data management server calls a pre-stored authorization record before reading the user data, judges whether the service executive party or the affiliated party of the application server has the authority of using the user data, and reads the user data under the condition that the service executive party or the affiliated party of the application server has the authority of using the user data.

3. The method of claim 2, further comprising:

the authorization server of the neutral data application system forwards an authorization instruction and identity identification information from the user to an authentication server of the neutral data application system, wherein the authorization instruction is used for indicating that the service executive party or the affiliated party of the application server has the authority of using the user data;

the verification server verifies the validity of the identity identification information, generates an authorization record of the user based on the authorization instruction under the condition that the identity identification information is valid, and sends the authorization record of the user to the data management server for storage.

4. The method according to claim 1, wherein the data operation server performs logical computation corresponding to the specified service on the user data returned by the data management server, and the logical computation includes:

and the data operation server calls at least one pre-deployed model to execute logic calculation corresponding to the specified service on the user data.

5. The method of claim 4, wherein before the application server sends a computation request to the data computation server, the method further comprises:

the application server receives a model to be deployed from a model designer and forwards the model to a model publishing server of the neutral data application system;

the model issuing server sends the model to be deployed to a model auditor for auditing, and if the received feedback information from the model auditor indicates that the model to be deployed passes auditing, the model to be deployed is sent to the data operation server;

and the data operation server receives and deploys the model to be deployed.

6. The method according to any one of claims 1-5, wherein after the data calculation server feeds back the calculation result to the application server, the method further comprises:

and the data operation server deletes the user data.

7. A neutral data application system is characterized by comprising an application server deployed in a first network, and a data management server and a data operation server deployed in a second network;

the application server is used for sending a calculation request to the data operation server based on an application request of a user for a specified service, and sending a calculation result corresponding to the specified service returned by the data operation server to a service execution party so as to enable the service party to execute the specified service based on the calculation result, wherein the calculation request is used for requesting the data operation server to acquire the calculation result corresponding to the specified service;

the data operation server is used for responding to the calculation request, sending a data extraction request to the data management server, and executing logic calculation corresponding to a specified service on user data returned by the data management server, wherein the data extraction request is used for acquiring the user data from the data management server, and the user data is data required for executing the logic calculation;

8. The system of claim 7,

the data management server is further configured to call a pre-stored authorization record before reading the user data, determine whether the service executor or the application server owner has the right to use the user data, and read the user data when the service executor or the application server owner has the right to use the user data.

9. The system of claim 8, further comprising an authorization server and an authentication server;

the authorization server is used for forwarding an authorization instruction and identity identification information from the user to the verification server, wherein the authorization instruction is used for indicating that the data user or the party to which the application server belongs has the right to use the user data;

the verification server is used for verifying the validity of the identity identification information, generating an authorization record of the user based on the authorization instruction under the condition that the identity identification information is valid, and sending the authorization record of the user to the data management server for storage.

10. The system of claim 7,

the data operation server is specifically configured to invoke at least one pre-deployed model to perform logic computation corresponding to the specified service on the user data.

11. The system of claim 10, wherein the neutral data application system further comprises a model publishing server;

the application server is further used for receiving the model to be deployed from the model designer and forwarding the model to the model issuing server before the application server sends a calculation request to the data operation server;

the model issuing server is used for sending the model to be deployed to a model auditor for auditing, and if the received feedback information from the model auditor indicates that the model to be deployed passes the auditing, the model to be deployed is sent to the data operation server;

12. The system according to any one of claims 8-11,

the data operation server is further used for deleting the user data after the calculation result is fed back to the application server.

13. A neutral data application method applied to a data operation server of a neutral data application system, the method comprising:

14. The method according to claim 13, wherein performing the logic computation corresponding to the specified service on the user data returned by the data management server comprises:

and calling at least one pre-deployed model, and executing logic calculation corresponding to the specified service on the user data returned by the data management server based on the at least one model.

15. The method of claim 14, wherein prior to responding to the computing request from the application server, the method further comprises:

and receiving and deploying a model to be deployed from a model publishing server of the neutral data application system, wherein the model to be deployed is sent after the model publishing server verifies the model to be deployed.

16. The method according to any of claims 13-15, wherein after feeding back the calculation result to the application server, the method further comprises:

and deleting the user data.

17. A neutral data application method applied to a data management server of a neutral data application system, the method comprising:

18. The method of claim 17, wherein prior to reading user data, the method further comprises:

calling a pre-stored authorization record, and judging whether the service executive party or the affiliated party of the application server has the authority of using the user data;

reading user data, comprising:

and reading the user data under the condition that the service executive party or the application server affiliated party has the authority of using the user data.

19. A neutral data application device applied to a data operation server of a neutral data application system, the device comprising: an interface and operation module;

20. A neutral data application apparatus applied to a data management server of a neutral data application system, the apparatus comprising: the system comprises an authorization verification module, a data extraction module and a database;