CN114817982A - Multi-party computing control method, device and equipment for providing privacy protection - Google Patents

Abstract

The embodiment of the specification discloses a multi-party computing control method, a device and equipment for providing privacy protection. The scheme comprises the following steps: determining a service provider with a central node of a cluster system and a client participant with a working node of the cluster system; determining a streaming computing engine application and an application monitoring service deployed on a working node; initiating a cluster task at a central node according to a specified stream processing rule, sending an instruction to a stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire private data of a client participant, and performing desensitization calculation on the private data according to the stream processing rule to obtain desensitization data; communicating with an application monitoring service at a central node to obtain calculation state monitoring data and desensitization data applied to a flow calculation engine; and according to the calculation state monitoring data and the desensitization data, completing multi-party safety calculation of the client participants so that the service provider provides services according to the calculation result.

Description

Multi-party computing control method, device and equipment for providing privacy protection

Technical Field

The present disclosure relates to the field of internet technologies, and in particular, to a multiparty computing control method, apparatus, and device for providing privacy protection.

Background

With the development of computer and internet technologies, more and more data is present in various fields of the internet. Data flows as a new energy source to generate higher value, however, data owners sometimes do not want to disclose relevant data owned by themselves for various reasons, thereby generating data islanding.

For this reason, a multi-party Secure computing (MPC) concept is proposed, which aims to realize the flow of data without revealing privacy of each data owner. The method allows a plurality of data owners to perform collaborative calculation under the condition of mutual distrust, outputs calculation results and ensures that any party cannot obtain any other information except the corresponding calculation results.

In the conventional multi-party security computing, a service party providing the collaborative service is safe by default, each data owner needs to perform local arrangement and deployment of related content, and once the content is modified, the related content needs to be redeployed. However, these deployment processes and subsequent calculation processes are often passively controlled and managed by each data owner, which affects the cooperation efficiency, and moreover, in the calculation process, the data owned by the data owner may still be leaked out through the service side providing the cooperative service.

Based on this, there is a need for a more efficient and practical multi-party computing control scheme that can provide privacy protection.

Disclosure of Invention

One or more embodiments of the present specification provide a multiparty computing control method, apparatus, device and storage medium for providing privacy protection, so as to solve the following technical problems: there is a need for a more efficient and practical multi-party computing control scheme that can provide privacy protection.

To solve the above technical problem, one or more embodiments of the present specification are implemented as follows:

one or more embodiments of the present specification provide a multiparty computing control method for providing privacy protection, including:

determining a service provider with a central node of a cluster system and a client participant with a working node of the cluster system;

determining a streaming compute engine application and an application monitoring service deployed on the worker node;

initiating a cluster task at the central node according to a specified stream processing rule, sending an instruction to the stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire private data of the client participant, and performing desensitization calculation on the private data according to the stream processing rule to obtain desensitization data;

communicating with the application monitoring service at the central node to obtain computing state monitoring data and desensitization data applied to the streaming computing engine;

and according to the calculation state monitoring data and the desensitization data, completing the multi-party security calculation of the client participants so that the service provider provides services according to the result of the multi-party security calculation.

One or more embodiments of the present specification provide a multi-party computing control device providing privacy protection, comprising:

the first deployment module is used for determining a service provider with a central node of the cluster system deployed and a customer participant with a working node of the cluster system deployed;

the second deployment module is used for determining the streaming computing engine application and the application monitoring service deployed on the working node;

the task initiating module initiates a cluster task at the central node according to a specified stream processing rule, sends an instruction to the stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire the private data of the client participant, and performs desensitization calculation on the private data according to the stream processing rule to obtain desensitization data;

the data acquisition module is used for communicating with the application monitoring service at the central node to obtain the calculation state monitoring data and the desensitization data applied to the streaming calculation engine;

and the service providing module is used for finishing the multi-party security calculation of the client participants according to the calculation state monitoring data and the desensitization data so that the service provider provides services according to the result of the multi-party security calculation.

One or more embodiments of the present specification provide a multi-party computing control device providing privacy protection, comprising:

at least one processor; and the number of the first and second groups,

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor to enable the at least one processor to:

determining a service provider with a central node of a cluster system and a client participant with a working node of the cluster system;

determining a streaming computing engine application and an application monitoring service deployed on the worker node;

initiating a cluster task at the central node according to a specified stream processing rule, sending an instruction to the stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire private data of the client participant, and performing desensitization calculation on the private data according to the stream processing rule to obtain desensitization data;

communicating with the application monitoring service at the central node to obtain computing state monitoring data and desensitization data applied to the streaming computing engine;

and according to the calculation state monitoring data and the desensitization data, completing the multi-party security calculation of the client participants so that the service provider provides services according to the result of the multi-party security calculation.

One or more embodiments of the present specification provide a non-transitory computer storage medium storing computer-executable instructions configured to:

determining a service provider with a central node of a cluster system and a client participant with a working node of the cluster system;

determining a streaming compute engine application and an application monitoring service deployed on the worker node;

initiating a cluster task at the central node according to a specified stream processing rule, sending an instruction to the stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire private data of the client participant, and performing desensitization calculation on the private data according to the stream processing rule to obtain desensitization data;

communicating with the application monitoring service at the central node to obtain computing state monitoring data and desensitization data applied to the streaming computing engine;

and according to the calculation state monitoring data and the desensitization data, completing the multi-party security calculation of the client participants so that the service provider provides services according to the result of the multi-party security calculation.

At least one technical scheme adopted by one or more embodiments of the specification can achieve the following beneficial effects:

and respectively deploying the central node and the working node according to the service provider and the client participant to construct a cluster system. By using the streaming computing engine application and the application monitoring service on the cluster system, cluster tasks can be deployed and issued rapidly, and the task monitoring uploading is realized, so that the system can iterate statistical logic rapidly and serve various monitoring scenes in a generalized manner. And the modification of the calculation rule applied to the flow calculation engine can be realized only by instructions in the cluster tasks without redeployment, so that the development and maintenance cost is reduced, the calculation efficiency is improved, the centralized control is enhanced, and the initiative is improved. And the system operation processing logic is completed at the client participant, and only the desensitization data and the calculation result after the stream type calculation processing are returned to the service provider, so that the privacy disclosure and supervision risks caused by the field exit of the original private data are avoided, and the multiparty calculation control is realized on the basis of ensuring the privacy protection.

Drawings

In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.

FIG. 1 is a flow diagram illustrating a multi-party computing control method for providing privacy protection according to one or more embodiments of the present disclosure;

fig. 2 is a schematic diagram of a streaming computing engine application in an application scenario according to one or more embodiments of the present disclosure;

fig. 3 is a schematic diagram of a service execution flow in an application scenario according to one or more embodiments of the present disclosure;

FIG. 4 is a schematic block diagram of a multi-party computing control device providing privacy protection according to one or more embodiments of the present disclosure;

FIG. 5 is a schematic block diagram of a multi-party computing control device providing privacy protection according to one or more embodiments of the present disclosure.

Detailed Description

The embodiment of the specification provides a multi-party computing control method, a device, equipment and a storage medium for providing privacy protection.

In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any inventive step based on the embodiments of the present disclosure, shall fall within the scope of protection of the present application.

Fig. 1 is a flowchart illustrating a multiparty computing control method for providing privacy protection according to one or more embodiments of the present disclosure. The method can be applied to different business fields, such as the field of internet financial business, the field of electric business, the field of instant messaging business, the field of game business, the field of official business and the like. The process may be performed by computing devices in the respective domains, with certain input parameters or intermediate results in the process allowing for manual intervention adjustments to help improve accuracy.

The process in fig. 1 may include the following steps:

s102: determining a service provider with a central node of a cluster system deployed and a customer participant with a working node of the cluster system deployed.

A cluster refers to a group of nodes, which may be physical servers or virtual machines, and the nodes include at least a central node and a working node.

The working node belongs to a client participant, and the client participant is a data owner, which possesses relevant data for multi-party computation and can perform corresponding work on the data (such as computing, transmitting, storing and the like on the data). The central node belongs to a service provider, which refers to a party providing services to other nodes, such as providing management services, configuration services, etc. to a working node, or providing business services to an actual user (the actual user refers to a user handling business at a customer participant or a service provider). Of course, the business service is typically associated with results computed by multiple parties.

S104: a streaming computing engine application (hereinafter engine application) and an application monitoring service deployed on the worker node are determined.

Streaming data refers to a series of dynamic data aggregates that are unlimited in time distribution and quantity, and the value of the data decreases over time, so that calculations must be performed in real time to give a fast response. The streaming computation is a computation mode for performing real-time computation processing on streaming data, and the engine application is used for executing the streaming computation.

The engine application is deployed on the working node, and can execute streaming computation on data to be computed at the working node. The working node is also deployed with an application monitoring service for monitoring the working state of the engine application and the processed data, for example, it may determine whether the working state of the engine application is abnormal, obtain a calculation result of the data, and the like. The method can be used for packaging a Binary format into standard framework application to obtain engine application, and the engine application and application monitoring service are started by a cluster system framework at a working node needing stream computing.

S106: and initiating a cluster task at the central node according to a specified flow processing rule, sending an instruction to the streaming computation engine application through the cluster task to instruct the streaming computation engine application to locally obtain the private data of the client participant, and performing desensitization computation on the private data according to the flow processing rule to obtain desensitization data.

The cluster task is generated and initiated by the central node, carries corresponding parameters, and is mainly used for performing related control on multi-party calculation. For example, according to the cluster task, an instruction is sent to each engine application to control the engine application to be turned on and off, calculate data, return a calculation result to the central node, and the like.

Private data refers to data owned by a customer participant, which is usually intended to be used for multi-party computing, but usually contains some private data (e.g., business data of the customer participant itself, user data of its corresponding actual user, etc.), which the customer participant does not intend to disclose, and is used for multi-party computing.

Based on the method, after the private data of the client participant is locally acquired by the working node, desensitization calculation is carried out on the private data according to the stream processing rule, and after partial data related to privacy are processed, other people cannot acquire the privacy. For example, for image data, a part of the area may be blurred; for text data, partial data may be subjected to invalidation processing (characters are replaced by symbols such as "+"), conversion to random values, data encryption, and the like; for audio data, a part of the content thereof may be subjected to a mute process.

S108: and communicating with the application monitoring service at the central node to obtain the calculation state monitoring data and the desensitization data applied to the streaming calculation engine.

The calculation state monitoring data is usually persistent, the central node needs to collect the calculation state monitoring data in real time to ensure whether the working state of the engine application is abnormal or not, and if the working state of the engine application is abnormal, the engine application can be quickly responded. Desensitization data is generally not persistent and is based on the needs of the actual user. For example, an actual user initiates a service requirement at a service provider, the service provider initiates a cluster task through the service requirement, and sends an instruction to an engine application in each working node, at this time, the engine application acquires private data, and returns desensitization data to a central node after desensitization calculation. Since the business requirements are not persistent, the acquisition of desensitization data is also typically not persistent.

S110: and according to the calculation state monitoring data and the desensitization data, completing the multi-party security calculation of the client participants so that the service provider provides services according to the result of the multi-party security calculation.

The central node helps each working node to complete multi-party security computation, for example, deployment and monitoring services of engine applications, acquisition and arrangement of desensitization data, and the like are provided, and here, it can be regarded that the central node provides services for multi-party security computation. Of course, in the subsequent service execution process, the service provider may also continue to provide relevant services for the actual user executing the service based on the calculation result of the multiparty security calculation.

The system operation processing logic is completed at a client participant, and only desensitization data and a calculation result after flow type calculation processing are returned to a service provider, so that privacy disclosure and supervision risks caused by the fact that original private data are out of a domain are avoided.

Based on the process of fig. 1, some specific embodiments and embodiments of the process are also provided in the present specification, and the description is continued below.

In one or more embodiments of the present disclosure, to ensure efficiency in engine application deployment, the cluster may be a platform for automated container operations, such as a kubernets cluster (also referred to as a k8s cluster). The kubernets cluster can deploy, copy and schedule nodes, can expand or contract container scale at any time, organizes containers into groups, provides load balance among the containers, provides container elasticity, and performs node cluster expansion, and is very convenient for a deployment process.

Based on the method, a command line CLI interface of the engine application is obtained, a cluster task (kubernets joba) is initiated at the central node according to a specified stream processing rule, an instruction is sent to the CLI interface through the kubernets joba, the engine application is started after receiving the instruction, and stream type calculation of private data is started according to stream type calculation task parameters carried in the instruction. The streaming computing task parameter is mainly used for guiding an engine application to perform data computation, for example, to sum, integrate, modulo, and the like on which data is to be summed.

Further, after the central node sends the instruction, the engine application starts to perform streaming computation. At this time, the application monitoring service is synchronously started, and the streaming calculation process of the application is monitored, for example, whether the working state of the engine application is abnormal or not is monitored, whether the engine application calculates according to the streaming calculation task parameters carried in the instruction or not is monitored. If the abnormal condition occurs, the abnormal condition can be reported to the central node, and the central node can process the abnormal condition in time.

At this time, the central node receives the computation state monitoring data and desensitization data of the engine application reported by the application monitoring service through a gateway (for example, gateway, which is an API gateway of restful based on http protocol, and may be used as a uniform API access layer), and then uploads the computation state monitoring data and desensitization data to the system framework API service, so that the framework API controls the engine application. The framework API service refers to that the interface is obtained by self-defining based on a corresponding framework.

In one or more embodiments of the present description, it has been mentioned above that desensitization calculations are performed by the engine application to privacy protect data of the customer participants. In practice, however, the protection here is limited to protect the private data from being leaked by multi-party computing, and if the private data is leaked due to a local security problem of the engine application, the desensitization computing is difficult to achieve the privacy protection effect.

Based on this, the framework API service does not perform multi-party security computation on the desensitization data immediately after receiving the desensitization data, but generates simulation data for the client participants through the desensitization data. The analog data refers to that after desensitization calculation is carried out on the analog data, data similar to or even identical to the analog data can be obtained, and the similarity refers to that the difference degree between the data and the desensitization data is lower than a preset threshold value. For example, the original private data is the identification number "123456789", the desensitization data obtained through desensitization calculation is "123 × 789", the generated simulation data is "123000789", and the data obtained through desensitization calculation is "123 × 789", which is the same as the previous desensitization data. It should be noted that the data illustrated herein is for convenience of explanation only and does not represent that the actual identification number is actually shown as above.

The simulation data can be obtained by converting the acquired private data to a certain degree, but the client party usually does not transmit the private data directly to the service provider, and at this time, the simulation data can be obtained by performing reverse compilation on the desensitization data. For example, also taking the identification number in the above as an example, the service provider can only obtain desensitization data "123 × 789", and after performing inverse compilation, can obtain multiple possibilities, which can all obtain the desensitization data through desensitization calculation, and at this time, one or more possibilities are selected from them as simulation data.

After the simulation data is obtained, when the calculation state monitoring data meets the preset condition, the simulation data is injected into the engine application, and the engine application processes the simulation data as a part of data in the input stream of the private data. Since a part of analog data is doped in the private data, even if the private data is really leaked in the engine application, the existence of the part of analog data causes that the illegal data acquirer is difficult to perform illegal activities according to the private data acquired by the illegal data acquirer. In addition, because the calculation result of the analog data after desensitization calculation is similar to the desensitization data, the final calculation result of the multi-party security calculation cannot be greatly influenced. Of course, to ensure the accuracy of the calculation result, the simulation data may have a certain lifetime, for example, one simulation data can be used for only one day.

Wherein the predetermined condition is determined based on the calculated condition monitoring data. The calculation state monitoring data is mainly used for monitoring whether the calculation of the engine application is abnormal or not, and if the calculation of the engine application is abnormal, simulation data can be generated. For example, when an engine application is attacked, a part of data may fluctuate to some extent (for example, part of data is frequently accessed and acquired in a short time), and at this time, the fluctuation may be used as a predetermined condition to generate similar simulation data for the part of data corresponding to the fluctuation. Of course, the current calculation state may also be evaluated according to the calculation state monitoring data, and if the evaluation result indicates that there is a risk of abnormality, the evaluation result may also be used as a predetermined condition. For example, when some type of data in the private data is sparsely distributed and the samples of the data in the space where the data are located are rare, once the data are attacked, the specified data in the type of data are easier to directly acquire and easier to quickly discriminate by the attacker according to the number of the samples; or, if the type data is in a state of being accessed for a long time, the probability of being attacked is increased.

Further, after sending the instruction to the engine application and adding the simulation data, the instruction may be continuously sent to the engine application, and if the engine application checks that the simulation data corresponding to the private data already exists locally, the private data is replaced with the simulation data. Compared with a doping mode, private data is directly replaced by the simulation data, so that better privacy leakage prevention effect can be achieved, but the accuracy of a calculation result is reduced, and therefore data replacement is not needed in each round of multi-party safety calculation process. For example, whether data replacement is required may be determined based on the risk level of the current predetermined situation (for example, if an abnormality has occurred, the risk level is the highest level, and if no abnormality has occurred, the risk level is divided according to the actual situation), so as to ensure the accuracy of the final calculation result as much as possible.

In one or more embodiments of the present description, the engine application needs to be built first before it is deployed to the working nodes, which, as already mentioned above, can be built through kubernets.

Specifically, fig. 2 is a schematic diagram of a streaming computing engine application in an application scenario according to one or more embodiments of the present disclosure. And acquiring an SQL (structured query language) Parser and a calculation Rule Parser to construct an instruction parsing layer (SQL/Rule Parser) of the central node. The SQL parser is used for determining which data needs to be acquired from which client participants, and the calculation rule parser is used for determining how to perform calculation processing on the data. An SQL processor (SQL processor) is obtained to build the execution plan generation layer. Stream runtime (Streaming runtime) and SQL runtime (SQL runtime) are acquired to build the planned execution layer. At this time, the instruction analysis layer, the execution plan generation layer and the plan execution layer are packaged on the working node through the containerization application deployment capability of the kubernets cluster, and the engine application can be obtained. Of course, the engine application may also include a data storage layer (storage), a data source layer (sources), a data sink layer (sinks), and the like. The data source of the data source layer can acquire data through the message queue MQ and the message queue MQTT, and the data of the data sink layer can sink data through the message queue MQTT, HTTP, File and other modes. A perfect authority verification and evidence storage scheme is provided, and safety risks are effectively prevented.

Based on the method, in the process of sending the instruction, the SQL query instruction is sent to the CLI through the kubernets joba, and the stream type calculation of the private data obtained through the SQL query instruction is indicated to be started. If the SQL query instruction does not contain the streaming computing task parameters, a description file is generated, the description file contains the streaming computing task parameters, and the description file is sent to the CLI interface. If the subsequent streaming computing task parameters change, by means of a system framework similar to kubernets, the change of the streaming computing task parameters can be completed by initiating a kubernets job (it should be noted that the kubernets job can be the same as the kubernets job which sends the SQL query instruction in this embodiment, or can be newly generated) modification description file, so that the rapid deployment iteration processing logic is realized, the system is decoupled, the robustness of the system is enhanced, and the deployment cost is reduced.

Fig. 3 is a schematic service execution flow in an application scenario according to one or more embodiments of the present disclosure. The scheme herein is explained for one common business scenario. In this business scenario, the private data of the customer participant is the business data of the actual user served by the customer participant, and the desensitization data is used to determine the credit status of the actual user, for example, the customer participant is a bank, and the service provider is a credit inquiry platform.

The method comprises the steps that an actual user wants to inquire the credit condition of the user, service requirements are initiated on a credit inquiry platform, framework API service is triggered, and SQL inquiry instructions are generated and sent to engine applications by the framework API service. After receiving the instruction, the engine application analyzes the instruction through the instruction analysis layer, performs desensitization calculation and stream calculation according to private data acquired from the log file (for example, acquiring stream data from the log file through the data stream module fluent), uploads a calculation result to a gateway of the central node, and reports an operation state to the gateway of the central node through the application monitoring service in the calculation process. And the gateway reports the running state of the gateway to the framework API service, and simultaneously, the obtained data is counted and reported for subsequent processing, the credit condition is obtained for the actual user, and the credit condition is displayed for the actual user.

In this service scenario, the credit score of the user usually does not change drastically in a short time, and has a certain hysteresis (for example, the credit score does not change immediately after the user owes the money, but the credit score changes only after the user owes the money for a certain period of time without returning the money), so the service scenario is particularly suitable for further privacy protection by generating the simulation data and doping or replacing the simulation data with the private data.

Based on the same idea, one or more embodiments of the present specification further provide apparatuses and devices corresponding to the above-described method, as shown in fig. 4 and 5.

FIG. 4 is a schematic structural diagram of a multi-party computing control device for providing privacy protection according to one or more embodiments of the present specification, the device including:

a first deployment module 402, which determines a service provider with a central node of a cluster system deployed and a customer participant with a working node of the cluster system deployed;

a second deployment module 404, determining a streaming compute engine application and an application monitoring service deployed on the worker node;

a task initiating module 406, configured to initiate a cluster task at the central node according to a specified stream processing rule, send an instruction to the stream computing engine application through the cluster task, so as to instruct the stream computing engine application to locally obtain private data of the client participant, and perform desensitization calculation on the private data according to the stream processing rule to obtain desensitization data;

a data obtaining module 408, configured to communicate with the application monitoring service at the central node to obtain computation state monitoring data and desensitization data for the streaming computation engine application;

and the service providing module 410 completes the multi-party security calculation of the client participant according to the calculation state monitoring data and the desensitization data, so that the service provider provides services according to the result of the multi-party security calculation.

Optionally, the cluster is a kubernets cluster;

the task initiating module 406 is configured to obtain a command line CLI interface of the streaming computing engine application;

according to a specified flow processing rule, a kubernetes jobis initiated at the central node, and an instruction for starting flow calculation and flow calculation task parameters are sent to the CLI through the kubernetes jobso that the flow calculation engine application starts flow calculation of the private data according to the flow calculation task parameters.

Optionally, the system further includes a synchronization monitoring module 412, which, when the instruction for starting streaming computation is sent, synchronously starts the application monitoring service, so that the application monitoring service monitors the process of streaming computation;

the data obtaining module 408 is configured to receive, through the gateway of the central node, the computation state monitoring data and the desensitization data, which are reported by the application monitoring service and applied to the streaming computation engine;

and receiving the calculation state monitoring data reported by the gateway through a framework API service of the central node so that the framework API service can control the stream type calculation engine application.

Optionally, the data obtaining module 408, the framework API service generates simulation data for the customer participant according to the desensitization data, so that the simulation data can obtain data similar to the desensitization data through the desensitization calculation;

and when the calculation state monitoring data meet a preset condition, injecting the simulation data into the streaming calculation engine application so as to enable the streaming calculation engine application to process the simulation data as part of data in an input stream, wherein the input stream contains private data of a corresponding client participant.

Optionally, a simulation data replacing module 414 is further included, which sends an instruction to the streaming computing engine application through the cluster task to instruct the streaming computing engine application to check whether simulation data corresponding to the private data already exists locally;

and if so, replacing the private data with the simulation data for generating desensitization data for the actual user corresponding to the private data.

Optionally, the system further includes a cluster building module 416, which obtains an SQL parser and a computation rule parser, and is used to build a central node instruction parsing layer;

an acquisition SQL processor for constructing an execution plan generation layer;

acquiring a stream runtime and an SQL runtime, and constructing a plan execution layer;

packing the instruction analysis layer, the execution plan generation layer and the plan execution layer on the working node through the containerization application deployment capacity of the kubernets cluster to obtain the stream type computing engine application.

Optionally, the cluster building module 416 sends an SQL query instruction to the CLI interface through the kubernets jobto instruct to start streaming computation on private data obtained through querying by the SQL query instruction;

if the SQL query instruction does not contain the streaming computing task parameters corresponding to the streaming computing, generating a description file containing the streaming computing task parameters, sending the description file to the CLI, and modifying the description file through kubernets joba when the streaming computing task parameters are changed.

Optionally, the private data of the customer party is business data of an actual user served by the customer party, and the desensitization data is used to determine a credit status of the actual user.

FIG. 5 is a schematic block diagram of a multi-party computing control device for providing privacy protection according to one or more embodiments of the present disclosure, the device including:

at least one processor; and the number of the first and second groups,

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor to enable the at least one processor to:

determining a service provider with a central node of a cluster system and a client participant with a working node of the cluster system;

determining a streaming compute engine application and an application monitoring service deployed on the worker node;

initiating a cluster task at the central node according to a specified stream processing rule, sending an instruction to the stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire private data of the client participant, and performing desensitization calculation on the private data according to the stream processing rule to obtain desensitization data;

communicating with the application monitoring service at the central node to obtain computing state monitoring data and desensitization data applied to the streaming computing engine;

and according to the calculation state monitoring data and the desensitization data, completing the multi-party security calculation of the client participants so that the service provider provides services according to the result of the multi-party security calculation.

Based on the same idea, one or more embodiments of the present specification further provide a non-volatile computer storage medium corresponding to the above method, and storing computer-executable instructions configured to:

determining a service provider with a central node of a cluster system and a client participant with a working node of the cluster system;

determining a streaming compute engine application and an application monitoring service deployed on the worker node;

initiating a cluster task at the central node according to a specified stream processing rule, sending an instruction to the stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire private data of the client participant, and performing desensitization calculation on the private data according to the stream processing rule to obtain desensitization data;

communicating with the application monitoring service at the central node to obtain computing state monitoring data and desensitization data applied to the streaming computing engine;

and according to the calculation state monitoring data and the desensitization data, completing the multi-party security calculation of the client participants so that the service provider provides services according to the result of the multi-party security calculation.

In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the various elements may be implemented in the same one or more software and/or hardware implementations of the present description.

As will be appreciated by one skilled in the art, the present specification embodiments may be provided as a method, system, or computer program product. Accordingly, embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.

The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the embodiments of the apparatus, the device, and the nonvolatile computer storage medium, since they are substantially similar to the embodiments of the method, the description is simple, and for the relevant points, reference may be made to the partial description of the embodiments of the method.

The foregoing description of specific embodiments has been presented for purposes of illustration and description. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The above description is merely one or more embodiments of the present disclosure and is not intended to limit the present disclosure. Various modifications and alterations to one or more embodiments of the present description will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of one or more embodiments of the present specification should be included in the scope of the claims of the present specification.

Claims (17)

1. A multi-party computing control method providing privacy protection, comprising:

determining a service provider with a central node of a cluster system and a client participant with a working node of the cluster system;

determining a streaming compute engine application and an application monitoring service deployed on the worker node;

initiating a cluster task at the central node according to a specified stream processing rule, sending an instruction to the stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire private data of the client participant, and performing desensitization calculation on the private data according to the stream processing rule to obtain desensitization data;

communicating with the application monitoring service at the central node to obtain computing state monitoring data and desensitization data applied to the streaming computing engine;

and according to the calculation state monitoring data and the desensitization data, completing the multi-party security calculation of the client participants so that the service provider provides services according to the result of the multi-party security calculation.

2. The method of claim 1, the cluster being a kubernets cluster;

the initiating a cluster task at the central node according to the specified stream processing rule, and sending an instruction to the stream type calculation engine application through the cluster task specifically includes:

acquiring a command line CLI (common line interface) of the streaming computing engine application;

according to a specified flow processing rule, a kubernetes jobis initiated at the central node, and an instruction for starting flow calculation and flow calculation task parameters are sent to the CLI through the kubernetes jobso that the flow calculation engine application starts flow calculation of the private data according to the flow calculation task parameters.

3. The method of claim 2, further comprising:

when the instruction for starting the stream-oriented computation is sent, the application monitoring service is synchronously started so that the application monitoring service monitors the process of the stream-oriented computation;

the communicating with the application monitoring service at the central node to obtain the calculation state monitoring data and the desensitization data applied to the streaming calculation engine specifically includes:

receiving, by the gateway of the central node, computation state monitoring data and desensitization data for the streaming computation engine application, which are reported by the application monitoring service;

and receiving the calculation state monitoring data reported by the gateway through the framework API service of the central node so that the framework API service controls the application of the streaming calculation engine.

4. The method of claim 3, wherein the framework API service controls the streaming computing engine application, and specifically comprises:

the framework API service generates simulation data for the client participant according to the desensitization data, so that the simulation data can obtain data similar to the desensitization data through desensitization calculation;

and when the calculation state monitoring data meet a preset condition, injecting the simulation data into the streaming calculation engine application so as to enable the streaming calculation engine application to process the simulation data as part of data in an input stream, wherein the input stream contains private data of a corresponding client participant.

5. The method of claim 4, after the central node initiates a cluster task, the method further comprising:

sending, by the cluster task, an instruction to the streaming computing engine application to instruct the streaming computing engine application to check whether simulated data corresponding to the private data already exists locally;

and if so, replacing the private data with the simulation data for generating desensitization data for the actual user corresponding to the private data.

6. The method of claim 2, the determining prior to the streaming compute engine application deployed on the worker node, the method further comprising:

acquiring an SQL parser and a calculation rule parser, and constructing a central node instruction parsing layer;

an acquisition SQL processor for constructing an execution plan generation layer;

acquiring a stream runtime and an SQL runtime, and constructing a plan execution layer;

packing the instruction analysis layer, the execution plan generation layer and the plan execution layer on the working node through the containerization application deployment capacity of the kubernets cluster to obtain the stream type computing engine application.

7. The method of claim 6, wherein the sending of the instruction for starting streaming computation and the streaming computation task parameter to the CLI interface through the kubernetes jobincludes:

sending an SQL query instruction to the CLI through the kubernets jobto indicate to start streaming calculation of private data obtained through query of the SQL query instruction;

if the SQL query instruction does not contain the streaming computing task parameters corresponding to the streaming computing, generating a description file containing the streaming computing task parameters, sending the description file to the CLI, and modifying the description file through kubernets joba when the streaming computing task parameters are changed.

8. A method according to any one of claims 1 to 7 wherein the private data of the customer party is business data of an actual user served by the customer party, the desensitization data being used to determine the credit status of the actual user.

9. A multi-party computing control device providing privacy protection, comprising:

the first deployment module is used for determining a service provider with a central node of the cluster system and a client participant with a working node of the cluster system;

the second deployment module is used for determining the streaming computing engine application and the application monitoring service deployed on the working node;

the task initiating module initiates a cluster task at the central node according to a specified stream processing rule, sends an instruction to the stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire the private data of the client participant, and performs desensitization calculation on the private data according to the stream processing rule to obtain desensitization data;

the data acquisition module is used for communicating with the application monitoring service at the central node to obtain the calculation state monitoring data and the desensitization data applied to the streaming calculation engine;

and the service providing module is used for finishing the multi-party security calculation of the client participants according to the calculation state monitoring data and the desensitization data so that the service provider provides services according to the result of the multi-party security calculation.

10. The apparatus of claim 9, the cluster being a kubernets cluster;

the task initiating module acquires a command line CLI (common line interface) of the streaming computing engine application;

according to a specified flow processing rule, a kubernetes jobis initiated at the central node, and an instruction for starting flow calculation and flow calculation task parameters are sent to the CLI through the kubernetes jobso that the flow calculation engine application starts flow calculation of the private data according to the flow calculation task parameters.

11. The apparatus of claim 10, further comprising a synchronization monitoring module that, when the instruction to start streaming computation is sent, synchronously starts the application monitoring service so that the application monitoring service monitors the process of the streaming computation;

the data acquisition module receives the calculation state monitoring data and the desensitization data applied to the streaming calculation engine reported by the application monitoring service through a gateway of the central node;

and receiving the calculation state monitoring data reported by the gateway through the framework API service of the central node so that the framework API service controls the application of the streaming calculation engine.

12. The apparatus of claim 11, the data acquisition module, the framework API service to generate simulation data for the customer participant based on the desensitization data such that the simulation data is accessible to data similar to the desensitization data via the desensitization calculation;

and when the calculation state monitoring data meet a preset condition, injecting the simulation data into the streaming calculation engine application so as to enable the streaming calculation engine application to process the simulation data as part of data in an input stream, wherein the input stream contains private data of a corresponding client participant.

13. The apparatus of claim 12, further comprising a simulation data replacement module to send, by the cluster task, an instruction to the streaming compute engine application to instruct the streaming compute engine application to check whether simulation data corresponding to the private data already exists locally;

and if so, replacing the private data with the simulation data for generating desensitization data for the actual user corresponding to the private data.

14. The apparatus of claim 10, further comprising a cluster building module that obtains an SQL parser and a computation rules parser for building a central node instruction parsing layer;

an acquisition SQL processor for constructing an execution plan generation layer;

acquiring a stream runtime and an SQL runtime, and constructing a plan execution layer;

packing the instruction analysis layer, the execution plan generation layer and the plan execution layer on the working node through the containerization application deployment capacity of the kubernets cluster to obtain the stream type computing engine application.

15. The apparatus of claim 14, said cluster building module to send an SQL query instruction to said CLI interface via said kubernets joba to indicate to start streaming computation of private data queried via said SQL query instruction;

if the SQL query instruction does not contain the streaming computing task parameters corresponding to the streaming computing, generating a description file containing the streaming computing task parameters, sending the description file to the CLI, and modifying the description file through kubernets joba when the streaming computing task parameters are changed.

16. An apparatus according to any one of claims 9 to 15, the private data of the customer party being business data of an actual user served by the customer party, the desensitization data being used to determine a credit status of the actual user.

17. A multi-party computing control device providing privacy protection, comprising:

at least one processor; and the number of the first and second groups,

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor to enable the at least one processor to:

determining a service provider with a central node of a cluster system and a client participant with a working node of the cluster system;

determining a streaming compute engine application and an application monitoring service deployed on the worker node;

initiating a cluster task at the central node according to a specified stream processing rule, sending an instruction to the stream type calculation engine application through the cluster task to instruct the stream type calculation engine application to locally acquire private data of the client participant, and performing desensitization calculation on the private data according to the stream processing rule to obtain desensitization data;

communicating with the application monitoring service at the central node to obtain computing state monitoring data and desensitization data applied to the streaming computing engine;

and according to the calculation state monitoring data and the desensitization data, completing the multi-party security calculation of the client participants so that the service provider provides services according to the result of the multi-party security calculation.

Images