CN113094744A

CN113094744A - Information processing method, service platform, device for information processing and multi-party secure computing system

Info

Publication number: CN113094744A
Application number: CN202110335275.0A
Authority: CN
Inventors: 李振宇; 杨杏; 杜猛
Original assignee: Huakong Tsingjiao Information Technology Beijing Co Ltd
Current assignee: Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date: 2021-03-29
Filing date: 2021-03-29
Publication date: 2021-07-09

Abstract

The embodiment of the invention provides an information processing method, a service platform, an information processing device and a multi-party secure computing system. The method comprises the following steps: establishing a resource directory corresponding to preset resources, wherein the resource directory comprises reference information of the preset resources, the preset resources are held by a resource provider, and the preset resources can be used for multi-party security calculation; and determining the target resource which meets the resource demand party in the resource catalog, and outputting the reference information of the target resource to the resource demand party. The embodiment of the invention realizes the hosting of the preset resources of the resource provider by adding the service platform in the multi-party safety computing system, and provides the reference information of the target resources to the resource demander in a directory mode, so that the resource demander can use the preset resources provided by the resource provider according to the reference information, thereby realizing the circulation and fusion of the resources and solving the problem of information isolated island.

Description

Information processing method, service platform, device for information processing and multi-party secure computing system

Technical Field

The present invention relates to the field of computer technologies, and in particular, to an information processing method, a service platform, an information processing apparatus, and a multi-party secure computing system.

Background

The multi-party security calculation is to solve the problem of cooperative calculation among mutually untrusted parties on the premise of ensuring data security. Specifically, assuming that a plurality of participants respectively hold private data, the participants want to use the data as input to jointly complete the calculation of a certain function, and each participant is required to not obtain any private information of other participants except the calculation result.

However, in consideration of information security and user privacy protection, different organizations or individuals have mastered data of different types, and these data are usually isolated from each other, so that the data cannot be circulated efficiently and conveniently, an information island is formed, and it is difficult to realize the application value of mass data in network services.

Disclosure of Invention

The embodiment of the invention provides an information processing method, a service platform, an information processing device and a multi-party safety computing system, which can realize the circulation and fusion of resources and solve the problem of information isolated island.

In order to solve the above problem, an embodiment of the present invention discloses an information processing method, which is applied to a service platform, and the method includes:

establishing a resource directory corresponding to preset resources, wherein the resource directory comprises reference information of the preset resources, the preset resources are held by a resource provider, and the preset resources are used for multi-party security calculation;

determining a target resource meeting the resource demand party in the resource directory;

and outputting the reference information of the target resource to the resource demander.

Optionally, the preset resource includes data, the reference information of the preset resource includes a data source address of the data, and the resource directory further includes: at least one of a hash value of the data, provider information of the data, usage of the data, and a metadata structure of the data.

Optionally, the preset resource includes an algorithm, the reference information of the preset resource includes an implementation code of the algorithm, and the resource directory further includes: at least one of provider information of the algorithm, description information of the algorithm, data referenced by the algorithm, and usage conditions of the algorithm.

Optionally, the preset resource includes computing power, the reference information of the preset resource includes connection information of a server corresponding to the computing power, and the resource directory further includes: and at least one of the magnitude of the computing power, the information of the provider of the computing power, and the server information of the server corresponding to the computing power.

Optionally, the establishing a resource directory corresponding to the preset resource includes:

respectively establishing resource catalogs corresponding to different resource types according to the types of preset resources;

determining the type of the resource to be registered according to the resource registration information submitted by the resource provider;

and newly building a directory entry in the resource directory corresponding to the type of the resource to be registered, and storing the resource registration information in the newly built directory entry.

Optionally, the method further comprises:

determining recommended resources corresponding to the resource demander in the resource catalog, wherein the recommended resources comprise at least one of recommended data, recommended algorithms and recommended calculation power;

and outputting the relevant information of the recommended resources to the resource demander.

Optionally, the determining, in the resource catalog, a recommended resource corresponding to the resource demander includes:

receiving a resource demand submitted by the resource demander, wherein the resource demand comprises data description information of data required by the resource demander;

and determining recommended data matched with the data description information in the resource catalog.

determining operation data information of the resource demand party according to the operation behavior of the resource demand party, wherein the operation data information comprises browsed data information and/or selected data information;

and determining a recommendation algorithm corresponding to the resource demander in the resource directory according to the association degree of the operation data information and each algorithm in the resource directory.

determining parameter information of multi-party security calculation to be executed by the resource demand party, and determining state information of each calculation power in the resource directory, wherein the parameter information comprises data volume of the multi-party security calculation and/or complexity of the multi-party security calculation, and the state information comprises at least one of calculation power size, calculation power stability and calculation power idle state;

and determining that the state information conforms to the recommended computation power of the parameter information of the multi-party security computation in the resource directory.

Optionally, after the resource directory corresponding to the preset resource is established, the method further includes:

and uploading the resource registration information in the resource directory to a block chain corresponding to the resource directory.

In another aspect, an embodiment of the present invention discloses a service platform, where the service platform includes:

the system comprises a catalog establishing module, a resource catalog establishing module and a resource analyzing module, wherein the catalog establishing module is used for establishing a resource catalog corresponding to preset resources, the resource catalog comprises reference information of the preset resources, the preset resources are held by a resource provider, and the preset resources are used for multi-party security calculation;

the resource determining module is used for determining target resources meeting the resource demand party in the resource catalog;

and the information output module is used for outputting the reference information of the target resource to the resource demander.

Optionally, the directory establishing module includes:

the initial establishing submodule is used for respectively establishing resource catalogues corresponding to different resource types according to the types of the preset resources;

the type determining submodule is used for determining the type of the resource to be registered according to the resource registration information submitted by the resource provider;

and the item recording sub-module is used for newly building a directory item in the resource directory corresponding to the type of the resource to be registered and storing the resource registration information in the newly built directory item.

Optionally, the service platform further comprises:

a recommended resource determining module, configured to determine recommended resources corresponding to the resource demander in the resource directory, where the recommended resources include at least one of recommended data, recommended algorithms, and recommended calculation power;

and the recommended resource output module is used for outputting the relevant information of the recommended resource to the resource demander.

Optionally, the resource determining module includes:

the description information determining submodule is used for receiving the resource requirements submitted by the resource demander, and the resource requirements comprise data description information of data required by the resource demander;

and the recommended data determining submodule is used for determining recommended data matched with the data description information in the resource catalogue.

Optionally, the resource determining module includes:

the operation data determining submodule is used for determining operation data information of the resource demand party according to the operation behavior of the resource demand party, and the operation data information comprises browsed data information and/or selected data information;

and the recommendation algorithm determining submodule is used for determining a recommendation algorithm corresponding to the resource demand party in the resource directory according to the association degree of the operation data information and each algorithm in the resource directory.

Optionally, the resource determining module includes:

the parameter state determining submodule is used for determining parameter information of multi-party security calculation to be executed by the resource demand party and determining state information of each calculation power in the resource directory, wherein the parameter information comprises data volume of the multi-party security calculation and/or complexity of the multi-party security calculation, and the state information comprises at least one of calculation power size, calculation power stability and calculation power idle state;

and the recommended calculation power determining submodule is used for determining the recommended calculation power of the parameter information of which the state information accords with the multi-party safety calculation in the resource directory.

Optionally, the apparatus further comprises:

and the information uploading module is used for uploading the resource registration information in the resource directory to the block chain corresponding to the resource directory.

In another aspect, an embodiment of the present invention discloses an apparatus for information processing, the apparatus applied to a service platform, including a memory, and one or more programs, where the one or more programs are stored in the memory, and configured to be executed by the one or more processors includes instructions for:

Optionally, the device is also configured to execute the one or more programs by the one or more processors including instructions for:

In another aspect, an embodiment of the present invention discloses a multi-party secure computing system, which includes: the system comprises a resource provider, a resource demander and a service platform;

the resource provider is used for sending reference information of the preset resources held by the resource provider to the service platform so as to register the preset resources on the service platform;

the service platform is used for establishing a resource directory corresponding to preset resources, determining target resources meeting resource demand parties in the resource directory, and outputting reference information of the target resources to the resource demand parties, wherein the resource directory comprises reference information of the preset resources, the preset resources are held by a resource provider, and the preset resources are used for multi-party security calculation;

the resource demanding party is used for receiving the reference information of the target resource sent by the service platform and performing multi-party security calculation by using the target resource based on the reference information of the target resource.

In yet another aspect, an embodiment of the present invention discloses a machine-readable medium having stored thereon instructions, which, when executed by one or more processors, cause an apparatus to perform an information processing method as described in one or more of the preceding.

The embodiment of the invention has the following advantages:

the embodiment of the invention realizes the hosting of the preset resources of the resource provider by adding the service platform in the multi-party safety computing system, and provides the reference information of the target resources to the resource demander in a directory mode, so that the resource demander can use the preset resources provided by the resource provider according to the reference information, thereby realizing the circulation and fusion of the resources and solving the problem of information isolated island. In addition, the service platform of the embodiment of the invention provides the reference information of the target resource to the resource demand party instead of directly providing the original data of the resource, so that the leakage of the privacy data of the resource provider can be avoided, and the privacy safety of the resource is ensured.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.

FIG. 1 is a flow chart of the steps of an embodiment of a method of information processing of the present invention;

FIG. 2 is a block diagram of a multi-party secure computing system of the present invention;

FIG. 3 is a block diagram of a service platform embodiment of the present invention;

FIG. 4 is a block diagram of an apparatus 800 for information processing of the present invention;

fig. 5 is a schematic diagram of a server in some embodiments of the invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Method embodiment

Referring to fig. 1, a flowchart illustrating steps of an embodiment of an information processing method according to the present invention is shown, where the method is applicable to a service platform, and the method specifically includes the following steps:

step 101, establishing a resource directory corresponding to preset resources, wherein the resource directory comprises reference information of the preset resources, the preset resources are held by a resource provider, and the preset resources are used for multi-party security calculation;

step 102, determining target resources meeting the resource demand party in the resource catalog;

and 103, outputting the reference information of the target resource to the resource demander.

The information processing method provided by the embodiment of the invention can be applied to a service platform, and the service platform can be in the form of a server, a cloud platform and the like. The service platform can be applied to a multi-party security computing system, and the multi-party security computing system can comprise a resource provider, a service platform and a resource demand party.

The service platform serves as a Hub in the multi-party security system and hosts preset resources of a resource provider. The resource provider may register a preset resource held by the resource provider in the service platform, for example, reference information of the preset resource may be registered. The service platform can provide the reference information of the target resource to the resource demander, so that the resource demander can use the preset resource provided by the resource provider according to the reference information, and the circulation and fusion of the resource are further realized. The resource demander can receive the reference information of the target resource sent by the service platform and perform multi-party security calculation by using the target resource based on the reference information of the target resource.

The embodiment of the invention adds the service platform in the multi-party safety computing system, thereby opening the generation, consumption, exchange and circulation processes of data and algorithm in the multi-party safety computing process, realizing the circulation and fusion of resources and solving the problem of information isolated island.

The embodiment of the invention does not limit the specific type of the multi-party secure computing protocol adopted by the multi-party secure computing, for example, the multi-party secure computing protocol realized based on the technologies of secret sharing, semi-homomorphism, careless transmission and the like can be adopted.

Further, the multi-party secure computing system further comprises at least one computing engine, and each computing engine can comprise a task control node and at least one computing node. The task control node is used for scheduling the computing nodes to execute computing tasks. The computing nodes perform multi-party secure computation based on the respectively held data to complete the computation task.

After obtaining the reference information of the target resource, the resource demander can issue a calculation task to the calculation engine, the calculation engine issues the calculation task to the task control node, and the calculation node is scheduled by the task control node to perform multi-party safe calculation so as to complete the calculation task.

The embodiment of the invention does not limit the type of the preset resource. For example, the preset resources may include resources such as data, algorithms, computing power, and the like. The preset resources may be used for multi-party secure computing.

The embodiment of the invention provides the preset resources provided by the resource provider to the resource demander in a directory mode, and the resource demander can search the required target resources in the resource directory of the service platform to execute multi-party safe calculation.

The embodiment of the invention mainly takes three preset resources of data, algorithm and computing power as examples for explanation. Specifically, the establishing of the resource directory corresponding to the preset resource refers to respectively establishing a data directory, an algorithm directory, and an algorithm directory.

After the resource catalog corresponding to the preset resource is established, the target resource meeting the resource demander can be determined in the resource catalog, and the reference information of the target resource is output to the resource demander.

The reference information may have different expressions for different types of preset resources. For example, for a data resource held by a data provider, the reference information may be a hash value obtained by hash calculation of original data in order to protect the privacy of the data. For the algorithm resources held by the algorithm provider, the reference information can be the implementation code of the algorithm under the condition that the algorithm does not need to be kept secret; in case the algorithm needs to be kept secret, the reference information may be an encrypted algorithm. For the computing resources held by the computing power provider, the reference information may be connection information of the computing power corresponding server.

The resource demand side can use the target resource to perform multi-party security calculation according to the reference information of the target resource provided by the service platform. For example, after obtaining the reference information of the target data, the resource demander may obtain a hash value of the original data of the target data according to the reference information, and may perform multi-party security calculation based on the hash value without revealing the original data.

In an optional embodiment of the present invention, the establishing a resource directory corresponding to the preset resource may specifically include:

step S11, respectively establishing resource catalogues corresponding to different resource types according to the types of the preset resources;

step S12, determining the type of the resource to be registered according to the resource registration information submitted by the resource provider;

step S13, creating a new directory entry in the resource directory corresponding to the type of the resource to be registered, and storing the resource registration information in the new directory entry.

The embodiment of the invention can pre-establish the resource catalogues corresponding to different resource types, such as establishing the data catalog corresponding to the data resources, the algorithm catalog corresponding to the algorithm resources and the calculation catalog corresponding to the calculation resources. Resource providers may include data providers, algorithm providers, computing power providers, and the like. The resource registration information may include registration information in which the data provider registers data held by the data provider with the service platform, registration information in which the algorithm provider registers an algorithm held by the algorithm provider with the service platform, and registration information in which the algorithm provider registers an algorithm held by the algorithm provider with the service platform.

The data provider can submit data registration information to the service platform to register data held by the data provider in the service platform, and the service platform can create a directory entry in the data directory to store the data registration information of the data provider. Likewise, the algorithm provider can submit the algorithm registration information to the service platform, and the service platform can newly create a directory entry in the algorithm directory to store the algorithm registration information of the algorithm provider. The computing power provider can submit computing power registration information to the service platform, and the service platform can newly establish a directory entry in the computing power directory to store the computing power registration information of the computing power provider.

The resource provider may be an organization or an individual, and the embodiment of the present invention does not limit the type of the subject of the resource provider.

In an optional embodiment of the present invention, the preset resource may include data, the reference information of the preset resource may include a data source address of the data, and the resource directory may further include: at least one of a hash value of the data, provider information of the data, usage of the data, and a metadata structure of the data.

In the embodiment of the invention, each organization or individual can register the data held by each organization or individual in the service platform, and the service platform stores the data registration information in the data directory, so that a resource demand party can use the registered data in the service platform according to the protocol.

In the case that the preset resource is data, the reference information of the preset resource may include a data source address of the data, and a hash value of the data may be obtained according to the data source address. Further, the data directory may further include: at least one of a hash value of the data, provider information of the data, usage of the data, and a metadata structure of the data.

In a specific implementation, in order to prevent the data of the data provider from being leaked and ensure the privacy and the security of the data, the data provider may perform hash calculation on the data provided by the data provider to obtain a hash value of the data, and only expose the hash value of the data to the outside. The reference information may be a data source address of a hash value of the data. In this way, the resource demander can acquire the hash value of the data provided by the data provider according to the reference information, and perform multiparty security calculation based on the hash value without exposing the original data. In addition, the hash value of the data is stored in the data directory, and the data can be traced back after the original data of the data is tampered and used, so that the safety of the data is improved.

The usage amount of data indicates the number of times data specified by a data provider can be referenced or used. The metadata structure of the data may be a file structure containing information such as description of the data, type of the data content, size of the data content, and the like, for example, the metadata structure may be a piece of info file.

Further, the data provided by the data provider may be in the form of data sets, and a directory entry may be maintained in the data directory for each data set.

In an optional embodiment of the present invention, the preset resource may include an algorithm, the reference information of the preset resource may include an implementation code of the algorithm, and the resource directory may further include: at least one of provider information of the algorithm, description information of the algorithm, data referenced by the algorithm, and usage conditions of the algorithm.

And under the condition that the preset resources are algorithms, the resource directory is an algorithm directory, and the algorithm directory is used as an algorithm hosting center and is used for hosting the algorithms provided by the algorithm providers. Algorithms provided by algorithm providers can serve data of some n data types. The algorithm provider can be an organization or an individual, and the algorithm demander can use the registered algorithm in the service platform according to the specification.

In the case that the preset resource is an algorithm, the reference information of the preset resource may include an implementation code of the algorithm, and further, the algorithm directory may further include: at least one of provider information of the algorithm, description information of the algorithm, data referenced by the algorithm, and usage conditions of the algorithm.

Alternatively, two types of algorithms may be registered in the algorithm catalog as follows: a free algorithm and a data binding algorithm. The free algorithm refers to an algorithm which is not bound with any data and can be customized by secondary development or directly used. The data binding algorithm refers to an algorithm in which specified data is bound. For the data binding algorithm, the corresponding registration information in the algorithm directory may further include data metadata and sample data of the data bound by the algorithm.

It should be noted that the data binding algorithm may also bind one or more data sets.

In order to ensure that the original data of the data bound by the algorithm is not leaked and the data binding algorithm can be developed secondarily based on the bound data, the description information of the sample data can be added to the data binding algorithm in the algorithm directory, so that an algorithm developer can develop the data binding algorithm again on the basis of the sample data and the original data of the data bound by the algorithm is not leaked.

Further, the algorithm list may also include usage and usage of the algorithm. The usage of the algorithm may be the usage of the algorithm, such as the parameters entered, the type of data used, etc. The usage of an algorithm refers to the number of times an algorithm specified by an algorithm provider can be referenced or used.

In an optional embodiment of the present invention, the preset resource may include computing power, the reference information of the preset resource may include connection information of a server corresponding to the computing power, and the resource directory may further include: and at least one of the magnitude of the computing power, the information of the provider of the computing power, and the server information of the server corresponding to the computing power.

And under the condition that the preset resources are computing power, the resource catalog is a computing power catalog which is used as a computing power hosting center and used for hosting the computing power provided by each computing power provider. The computing power provided by the computing power provider comprises hardware resources required by multi-party security computing, and each organization or each individual can upload the information related to the computing power held by the organization or each individual to the service platform so as to register the held computing power resources in the computing power catalog, so that the resource demander can use the registered computing power in the service platform under the condition of meeting.

In an embodiment of the invention, the computing power is a server that can provide computing power. In the case that the preset resource is computing power, the reference information may include connection information of the server corresponding to the computing power, where the connection information includes, but is not limited to, an IP (Internet Protocol Address), a port, and the like of the server. Further, the calculation catalog may further include: and at least one of the magnitude of the computing power, the information of the provider of the computing power, and the server information of the server corresponding to the computing power.

An organization or an individual may register a server corresponding to his own competency with the service platform. The resource demander can select target data and target algorithm in the service platform, and perform multi-party security calculation by using the target calculation power available in the calculation power directory. Therefore, for a third-party user without computing resources, the registered computing resources provided by the service platform can be used for performing multi-party safe computation, and the utilization rate of the computing resources can be improved.

Resource providers (e.g., computing force providers) may submit computing force registration information to the service platform, which may include, but is not limited to, the magnitude of the computing force, computing force provider information, server information of the computing force corresponding server, and the like.

The calculation power size indicates information describing the calculation power, such as the number of calculation power servers available to the calculation power provider, the number of CPU cores per server, and the like. The calculation power provider information may include information such as the name and identification of the calculation power provider. The server information of the force corresponding server may include, but is not limited to, server identification, server address, and the like.

In an optional embodiment of the present invention, after the establishing the resource directory corresponding to the preset resource, the method may further include: and uploading the resource registration information in the resource directory to a block chain corresponding to the resource directory.

In practical applications, data resources and algorithm resources need to be guaranteed to be correct and credible. That is, for the registered data and algorithms in the service platform, it needs to be ensured that the used data and algorithms are registered data and algorithms which are not tampered in the specified multi-party security calculation, so that the situation that calculation errors are caused by using the tampered data or wrong algorithms is avoided.

According to the embodiment of the invention, the characteristic that the block chain cannot be tampered is utilized, the resource registration information in the resource directory is uploaded to the block chain corresponding to the resource directory, and the data stored in the block chain can only be inquired but cannot be modified, so that the correctness and the credibility of the registered resource can be ensured.

For example, for a data resource, after data registration information submitted by a certain data provider is stored in a data directory, the data registration information may also be uploaded to a blockchain corresponding to the data directory. Specifically, the data provider may provide data registration information such as a hash value of data, a data source address of the data hash value, provider information of data, a usage amount of data, and a metadata structure of data. The service platform may upload one or more items of the data registration information to the data directory chain. For example, a hash value of the data is uploaded to a chain of data directories. Therefore, before the target data is used for multi-party security calculation, the hash value of the target data is obtained by performing hash calculation on the target data, and then the hash value of the target data is compared with the hash value of the target data stored in the data directory chain, and if the hash value of the target data is different from the hash value of the target data stored in the data directory chain, the target data acquired currently can be determined to be tampered. Therefore, the data can be found in time after being modified, and the wrong data is prevented from being used.

Similarly, for algorithm resources, algorithm registration information can be uploaded to a block chain (algorithm directory chain) corresponding to the algorithm directory, so that the algorithm can be found in time after being tampered, and an incorrect algorithm is prevented from being used.

In an optional embodiment of the invention, the method may further comprise:

step S21, determining recommended resources corresponding to the resource demander in the resource catalog, wherein the recommended resources comprise at least one of recommended data, recommended algorithms and recommended calculation power;

and step S22, outputting the relevant information of the recommended resource to the resource demander.

In the embodiment of the invention, the service platform can provide a resource retrieval function for the resource demander so that the resource demander can inquire the required target resource in the resource directory and can also actively provide recommended resources for the resource demander. The recommended resources comprise at least one of recommended data, recommended algorithms and recommended calculation power, so that the efficiency of the resource demander for obtaining the required target resources can be improved, the operation of the resource demander is reduced, and the user experience is improved.

It should be noted that, the embodiment of the present invention does not limit the specific manner for determining the recommended resource. For example, the recommended resource meeting the requirement of the resource demander can be determined according to the resource description information provided by the resource demander and the resource browsing information of the resource demander.

In an optional embodiment of the present invention, the determining, in the resource catalog, a recommended resource corresponding to the resource demander may specifically include:

step S31, receiving the resource requirement submitted by the resource demander, wherein the resource requirement comprises data description information of the data required by the resource demander;

and step S32, determining the recommended data matched with the data description information in the resource catalog.

In the case that the recommended resource is recommended data, the embodiment of the present invention may determine, in the resource directory, recommended data that matches the data description information according to the data description information in the resource demand submitted by the resource demanding party.

The data description information may include, but is not limited to, data type, data source, and the like.

Further, the data description information may be obtained according to the retrieval data of the resource demander, for example, when the resource demander inputs the retrieval information in the service platform to query the required target data, the embodiment of the present invention may obtain the retrieval information, extract the data description information such as the data type and the data source from the retrieval information, and further may actively provide the resource demander with the relevant recommendation data meeting the retrieval requirement of the resource demander under the condition that the retrieval result does not include the data required by the resource demander.

step S41, determining the operation data information of the resource demand side according to the operation behavior of the resource demand side, wherein the operation data information comprises browsed data information and/or selected data information;

and step S42, determining a recommendation algorithm corresponding to the resource demand party in the resource directory according to the association degree of the operation data information and each algorithm in the resource directory.

Under the condition that the recommended resources are recommended algorithms, the embodiment of the invention actively provides the recommended algorithms associated with the required data to the resource demanders.

Specifically, the embodiment of the present invention may acquire an operation behavior of the resource demanding party, and further determine operation data information of the resource demanding party, where the operation data information includes, but is not limited to, browsed data information and/or selected data information.

The embodiment of the invention can provide the algorithm which has the incidence relation with the browsed data to the resource demander, and can also provide the algorithm which has the incidence relation with the selected data to the resource demander. Of course, the embodiment of the present invention may also record data information used by the resource demander, such as information of data being used or used historically, and further may provide the algorithm having an association relationship with the data used by the resource demander to the resource demander.

Specifically, according to the association degree between the operation data information and each algorithm in the resource directory, the embodiment of the present invention may determine the recommendation algorithm corresponding to the resource demander in the resource directory. The association degree can be determined according to whether the data browsed by the resource demand side and/or the selected data are referred by the algorithm.

The embodiment of the invention does not limit the specific mode for determining the recommended resources. For example, the recommended resources can be comprehensively determined according to the application scenario of the multi-party security calculation, the source of the preset resources, the heat of the preset resources and other factors.

In one example, after certain data registered in the service platform is used, the number of times the data is used may be updated, and the heat degree of each data registered in the service platform may be recorded. Thus, when recommending data to the resource demander, the recommendation can be performed according to the popularity of the data.

Similarly, after a certain algorithm registered in the service platform is used, the number of times the algorithm is used can be updated, and further, the heat of each algorithm registered in the service platform can be recorded. Thus, when the algorithm is recommended to the resource demander, the recommendation can be performed according to the heat of the algorithm. Of course, the recommendation algorithm may also be determined comprehensively in combination with the heat of the algorithm and the association degree of the algorithm with the data operated by the resource demander.

step S51, determining parameter information of multiparty security computation to be executed by the resource demander, and determining status information of each computational power in the resource directory, wherein the parameter information includes data size of the multiparty security computation and/or complexity of the multiparty security computation, and the status information includes at least one of computational power size, computational power stability, and computational power idle state;

step S52, determining the state information in the resource directory to accord with the recommended computation power of the parameter information of the multi-party security computation.

Under the condition that the recommended resources are recommended calculation power, the embodiment of the invention actively provides the recommended calculation power which is consistent with the calculation power required by multi-party safety calculation and is consistent with the load balancing condition to the resource demand party.

Specifically, the service platform may receive a resource demand submitted by a resource demander, where the resource demand may include computation description information of computation required by the resource demander, and determine, in the resource catalog, recommended computation that satisfies computation required by the resource demander and meets load balancing conditions. The computation power description information may include, but is not limited to, parameter information of the multi-party security computation to be performed by the resource demand party, such as a data volume of the multi-party security computation and/or a complexity of the multi-party security computation.

And determining that the state information conforms to the recommended computation power of the parameter information of the multi-party security computation in the resource directory. Wherein the state information includes, but is not limited to, at least one of the magnitude of the computing power, the stability of the computing power, and the idle state of the computing power. For example, the calculation power and the stability of the calculation power can be determined to meet the data volume of the multi-party safety calculation and/or the complexity of the multi-party safety calculation, and the calculation power in the idle state is the recommended calculation power, so that the determined recommended calculation power can meet the calculation power required by the resource demand party and also meet the load balancing condition, the situation that the idle calculation power is wasted and the multi-party safety calculation waits for the distribution of the calculation power for a long time is avoided, the calculation power utilization rate can be improved, and the efficiency of the multi-party safety calculation can be improved.

To sum up, the embodiment of the present invention, by adding a service platform to a multi-party secure computing system, hosts preset resources of a resource provider, and provides reference information of a target resource to a resource demander in a directory manner, so that the resource demander can use the preset resources provided by the resource provider according to the reference information, thereby implementing circulation and fusion of resources and solving the problem of information islanding. In addition, the service platform of the embodiment of the invention provides the reference information of the target resource to the resource demand party instead of directly providing the original data of the resource, so that the leakage of the privacy data of the resource provider can be avoided, and the privacy safety of the resource is ensured.

For the data directory, each large organization or individual can entrust the data held by the organization or individual to the service platform, and the data held by each party can be circulated and used safely and reliably. For the algorithm catalog, an algorithm developer can develop the algorithm aiming at various data, and a multi-party safe calculation algorithm is provided, so that the data in the data catalog can be used more efficiently and simply. For the calculation capacity catalog, each organization and individual who possess the calculation capacity can register the calculation capacity owned by the organization and the individual into the calculation capacity catalog, and a third party user without the calculation capacity can use the calculation capacity according to the protocol, so that the multi-party safe calculation can be reasonably and efficiently carried out, and the utilization rate of the calculation capacity is improved.

It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.

Device embodiment

Referring to FIG. 2, there is shown a schematic diagram of a multi-party secure computing system of the present invention, including but not limited to: the system comprises a resource provider, a resource demander and a service platform;

the resource provider 201 is configured to send reference information of a preset resource held by the resource provider 201 to the service platform, so as to register the preset resource in the service platform;

the service platform 202 is configured to establish a resource directory corresponding to a preset resource, determine a target resource meeting a resource demand party in the resource directory, and output reference information of the target resource to the resource demand party, where the resource directory includes reference information of the preset resource, the preset resource is owned by a resource provider, and the preset resource is used for multi-party security computation;

the resource demander 203 is configured to receive reference information of the target resource sent by the service platform, and perform multi-party security calculation by using the target resource based on the reference information of the target resource.

It should be noted that, in the embodiment of the present invention, the number of the computing nodes participating in executing one computing task is not limited, preferably, the number of the computing nodes participating in executing one computing task is greater than or equal to 2, and may be preferably 4.

In the embodiment of the present invention, the computing task may be a computer program code implemented by a preset programming language, and the multiparty security computing system may implement a corresponding computing function by executing the computer program code. The computing tasks include, but are not limited to: and performing data-related operations such as data calculation, cleaning, analysis, model training, storage, database query and the like. It is to be understood that embodiments of the invention are not limited to the particular type of computing task.

Any type of mathematical computation may be included in a computational task, such as four arithmetic computations (e.g., addition, subtraction, multiplication, division), logical computations (e.g., and, or, xor), etc.

The service platform can be in the form of a server, a cloud platform and the like. The service platform can be applied to a multi-party security computing system, and the multi-party security computing system can comprise a resource provider, a service platform and a resource demand party.

To sum up, the embodiment of the present invention, by adding a service platform to a multi-party secure computing system, hosts preset resources of a resource provider, and provides reference information of a target resource to a resource demander in a directory manner, so that the resource demander can use the preset resources provided by the resource provider according to the reference information, and opens up the generation, consumption, exchange, and circulation processes of data and algorithms in the multi-party secure computing process, thereby implementing the circulation and fusion of resources, and solving the problem of information islanding. In addition, the service platform of the embodiment of the invention provides the reference information of the target resource to the resource demand party instead of directly providing the original data of the resource, so that the leakage of the privacy data of the resource provider can be avoided, and the privacy safety of the resource is ensured.

Referring to fig. 3, a block diagram of a service platform according to an embodiment of the present invention is shown, where the service platform may specifically include:

the catalog establishing module 301 is configured to establish a resource catalog corresponding to a preset resource, where the resource catalog includes reference information of the preset resource, the preset resource is held by a resource provider, and the preset resource is used for multiparty security calculation;

a resource determining module 302, configured to determine a target resource meeting a resource demand party in the resource directory;

an information output module 303, configured to output the reference information of the target resource to the resource demander.

Optionally, the directory establishing module includes:

Optionally, the service platform further comprises:

Optionally, the resource determining module includes:

Optionally, the apparatus further comprises:

The embodiment of the invention realizes the hosting of the preset resources of the resource provider by adding the service platform in the multi-party safety computing system, and provides the reference information of the target resources to the resource demander in a directory mode, so that the resource demander can use the preset resources provided by the resource provider according to the reference information, and the generation, consumption, exchange and circulation processes of data and algorithms in the multi-party safety computing process are opened, thereby realizing the circulation and fusion of the resources and solving the problem of information isolated island. In addition, the service platform of the embodiment of the invention provides the reference information of the target resource to the resource demand party instead of directly providing the original data of the resource, so that the leakage of the privacy data of the resource provider can be avoided, and the privacy safety of the resource is ensured.

For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.

With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.

An embodiment of the present invention provides an apparatus for information processing, comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs configured to be executed by the one or more processors include instructions for: establishing a resource directory corresponding to preset resources, wherein the resource directory comprises reference information of the preset resources, the preset resources are held by a resource provider, and the preset resources are used for multi-party security calculation; determining a target resource meeting the resource demand party in the resource directory; and outputting the reference information of the target resource to the resource demander.

Fig. 4 is a block diagram illustrating an apparatus 800 for information processing according to an example embodiment. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.

Referring to fig. 4, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.

The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing elements 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.

The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.

The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice information processing mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.

The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed state of the device 800, the relative positioning of the components, such as a display and keypad of the apparatus 800, the sensor assembly 814 may also detect a change in position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on radio frequency information processing (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.

In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.

Fig. 5 is a schematic diagram of a server in some embodiments of the invention. The server 1900 may vary widely by configuration or performance and may include one or more Central Processing Units (CPUs) 1922 (e.g., one or more processors) and memory 1932, one or more storage media 1930 (e.g., one or more mass storage devices) storing applications 1942 or data 1944. Memory 1932 and storage medium 1930 can be, among other things, transient or persistent storage. The program stored in the storage medium 1930 may include one or more modules (not shown), each of which may include a series of instructions operating on a server. Still further, a central processor 1922 may be provided in communication with the storage medium 1930 to execute a series of instruction operations in the storage medium 1930 on the server 1900.

The server 1900 may also include one or more power supplies 1926, one or more wired or wireless network interfaces 1950, one or more input-output interfaces 1958, one or more keyboards 1956, and/or one or more operating systems 1941, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.

A non-transitory computer-readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform the information processing method shown in fig. 1.

A non-transitory computer-readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform an information processing method, the method comprising: establishing a resource directory corresponding to preset resources, wherein the resource directory comprises reference information of the preset resources, the preset resources are held by a resource provider, and the preset resources are used for multi-party security calculation; determining a target resource meeting the resource demand party in the resource directory; and outputting the reference information of the target resource to the resource demander.

Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

The information processing method, the service platform, the device for information processing and the multi-party secure computing system provided by the invention are introduced in detail, and a specific example is applied in the text to explain the principle and the implementation of the invention, and the description of the above embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims

1. An information processing method, applied to a service platform, the method comprising:

2. The method of claim 1, wherein the preset resource comprises data, the reference information of the preset resource comprises a data source address of the data, and the resource directory further comprises: at least one of a hash value of the data, provider information of the data, usage of the data, and a metadata structure of the data.

3. The method of claim 1, wherein the preset resource comprises an algorithm, the reference information of the preset resource comprises an implementation code of the algorithm, and the resource directory further comprises: at least one of provider information of the algorithm, description information of the algorithm, data referenced by the algorithm, and usage conditions of the algorithm.

4. The method of claim 1, wherein the preset resource includes computing power, the reference information of the preset resource includes connection information of a server corresponding to the computing power, and the resource directory further includes: and at least one of the magnitude of the computing power, the information of the provider of the computing power, and the server information of the server corresponding to the computing power.

5. The method according to claim 1, wherein the establishing a resource directory corresponding to the preset resource comprises:

6. The method of claim 1, further comprising:

7. A service platform, characterized in that the service platform comprises:

8. An apparatus for information processing, the apparatus being applied to a service platform, the apparatus comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory, and wherein the one or more programs configured to be executed by the one or more processors comprise instructions for:

9. A multi-party secure computing system, comprising a resource provider, a resource demander, and a service platform;

10. A machine-readable medium having stored thereon instructions, which when executed by one or more processors, cause an apparatus to perform the information processing method of any one of claims 1 to 6.