CN116506227A - Data processing method, device, computer equipment and storage medium - Google Patents

Data processing method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN116506227A
CN116506227A CN202310767679.6A CN202310767679A CN116506227A CN 116506227 A CN116506227 A CN 116506227A CN 202310767679 A CN202310767679 A CN 202310767679A CN 116506227 A CN116506227 A CN 116506227A
Authority
CN
China
Prior art keywords
task
participant
trusted
algorithm
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310767679.6A
Other languages
Chinese (zh)
Other versions
CN116506227B (en
Inventor
张韬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202310767679.6A priority Critical patent/CN116506227B/en
Publication of CN116506227A publication Critical patent/CN116506227A/en
Application granted granted Critical
Publication of CN116506227B publication Critical patent/CN116506227B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The present application relates to a data processing method, apparatus, computer device, storage medium and computer program product. The method comprises the following steps: acquiring task configuration information of a task to be executed, wherein the task configuration information comprises task algorithm information and participant information; determining target equipment corresponding to each of the other participants cooperatively executing the task to be executed according to the participant information, and negotiating with the target equipment to determine a session key under the condition that the trusted verification passes between the target equipment and the target equipment; determining a task execution algorithm corresponding to the task to be executed according to the task algorithm information, and processing the original data of the target participant by adopting the task execution algorithm to obtain a first intermediate execution result; and encrypting the first intermediate execution result by using the session key to obtain an encryption execution result, and sending the encryption execution result to the target equipment. And the data security is improved.

Description

Data processing method, device, computer equipment and storage medium
Technical Field
The present application relates to the field of internet technology, and in particular, to a data processing method, apparatus, computer device, storage medium, and computer program product.
Background
With the development of internet technology, the internet platform presents diversification, and in order to provide better service for objects, the internet platform can utilize own service data and service data of other internet platforms with similar service scope to complete a plurality of service processing tasks which are beneficial to the development of own service.
In the conventional technology, an internet platform with cooperative requirements needs to upload original data of the internet platform to a common computing platform, and the computing platform uniformly processes the uploaded data. However, the original data of the internet platform belongs to very precious and private data, and the data security is not high in the above manner.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a data processing method, apparatus, computer device, computer-readable storage medium, and computer program product that can improve data security.
In one aspect, the present application provides a data processing method. The method is applied to the processing equipment corresponding to the target participant, and comprises the following steps:
acquiring task configuration information of a task to be executed, wherein the task configuration information comprises task algorithm information and participant information;
determining target devices corresponding to all other participants cooperatively executing the task to be executed according to the participant information, and negotiating with the target devices to determine a session key under the condition that the trusted verification passes between the target devices;
Determining a task execution algorithm corresponding to a task to be executed according to the task algorithm information, and processing the original data of the target participant by adopting the task execution algorithm to obtain a first intermediate execution result;
encrypting the first intermediate execution result by using the session key to obtain an encryption execution result, sending the encryption execution result to the target device, wherein the encryption execution result is used for indicating the target device to decrypt the encryption execution result by using the session key to obtain a first intermediate execution result, and obtaining a second intermediate execution result based on a task association algorithm matched with a task to be executed, the first intermediate execution result and original data of a participant to which the target device belongs; and determining a cooperative processing result of the task to be executed at least based on the second intermediate execution result.
In a second aspect, the present application also provides a data processing apparatus. The device comprises:
the acquisition module is used for acquiring task configuration information of a task to be executed, wherein the task configuration information comprises task algorithm information and participant information;
the first determining module is used for determining target equipment corresponding to each other participant which cooperatively executes the task to be executed according to the participant information, and negotiating with the target equipment to determine a session key under the condition that the trusted verification between the target equipment and the target equipment is passed;
The second determining module is used for determining a task execution algorithm corresponding to the task to be executed according to the task algorithm information, and processing the original data of the target participant by adopting the task execution algorithm to obtain a first intermediate execution result;
the interaction module is used for encrypting the first intermediate execution result by using the session key to obtain an encryption execution result, sending the encryption execution result to the target equipment, wherein the encryption execution result is used for indicating the target equipment to decrypt the encryption execution result by using the session key to obtain a first intermediate execution result, and obtaining a second intermediate execution result based on a task association algorithm matched with a task to be executed, the first intermediate execution result and the original data of a participant to which the target equipment belongs; and determining a cooperative processing result of the task to be executed at least based on the second intermediate execution result.
In a third aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:
acquiring task configuration information of a task to be executed, wherein the task configuration information comprises task algorithm information and participant information;
Determining target devices corresponding to all other participants cooperatively executing the task to be executed according to the participant information, and negotiating with the target devices to determine a session key under the condition that the trusted verification passes between the target devices;
determining a task execution algorithm corresponding to a task to be executed according to the task algorithm information, and processing the original data of the target participant by adopting the task execution algorithm to obtain a first intermediate execution result;
encrypting the first intermediate execution result by using the session key to obtain an encryption execution result, sending the encryption execution result to the target device, wherein the encryption execution result is used for indicating the target device to decrypt the encryption execution result by using the session key to obtain a first intermediate execution result, and obtaining a second intermediate execution result based on a task association algorithm matched with a task to be executed, the first intermediate execution result and original data of a participant to which the target device belongs; and determining a cooperative processing result of the task to be executed at least based on the second intermediate execution result.
In a fourth aspect, the present application also provides a computer-readable storage medium. A computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
Acquiring task configuration information of a task to be executed, wherein the task configuration information comprises task algorithm information and participant information;
determining target devices corresponding to all other participants cooperatively executing the task to be executed according to the participant information, and negotiating with the target devices to determine a session key under the condition that the trusted verification passes between the target devices;
determining a task execution algorithm corresponding to a task to be executed according to the task algorithm information, and processing the original data of the target participant by adopting the task execution algorithm to obtain a first intermediate execution result;
encrypting the first intermediate execution result by using the session key to obtain an encryption execution result, sending the encryption execution result to the target device, wherein the encryption execution result is used for indicating the target device to decrypt the encryption execution result by using the session key to obtain a first intermediate execution result, and obtaining a second intermediate execution result based on a task association algorithm matched with a task to be executed, the first intermediate execution result and original data of a participant to which the target device belongs; and determining a cooperative processing result of the task to be executed at least based on the second intermediate execution result.
In a fifth aspect, the present application also provides a computer program product. Computer program product comprising a computer program which, when executed by a processor, realizes the steps of:
Acquiring task configuration information of a task to be executed, wherein the task configuration information comprises task algorithm information and participant information;
determining target devices corresponding to all other participants cooperatively executing the task to be executed according to the participant information, and negotiating with the target devices to determine a session key under the condition that the trusted verification passes between the target devices;
determining a task execution algorithm corresponding to a task to be executed according to the task algorithm information, and processing the original data of the target participant by adopting the task execution algorithm to obtain a first intermediate execution result;
encrypting the first intermediate execution result by using the session key to obtain an encryption execution result, sending the encryption execution result to the target device, wherein the encryption execution result is used for indicating the target device to decrypt the encryption execution result by using the session key to obtain a first intermediate execution result, and obtaining a second intermediate execution result based on a task association algorithm matched with a task to be executed, the first intermediate execution result and original data of a participant to which the target device belongs; and determining a cooperative processing result of the task to be executed at least based on the second intermediate execution result.
The data processing method, the device, the computer equipment, the storage medium and the computer program product, wherein the processing equipment corresponding to the target participant firstly acquires task configuration information of a task to be executed, then determines target equipment corresponding to each other participants cooperatively executing the task to be executed according to the participant information, and negotiates with the target equipment to determine a session key under the condition that the trusted verification passes between the target equipment and the target equipment; the trusted verification can ensure that the logic running in the trusted execution environment of the processing equipment corresponding to each participant in the collaborative execution of the task to be executed is legal, the session key provides a safety channel for subsequent data interaction, the data safety is improved, the task execution algorithm corresponding to the task to be executed is determined according to the task algorithm information, and the original data of the target participant is processed by adopting the task execution algorithm to obtain a first intermediate execution result; encrypting the first intermediate execution result by using the session key to obtain an encryption execution result, sending the encryption execution result to the target device, wherein the encryption execution result is used for indicating the target device to decrypt the encryption execution result by using the session key to obtain a first intermediate execution result, and obtaining a second intermediate execution result based on a task association algorithm matched with a task to be executed, the first intermediate execution result and original data of a participant to which the target device belongs; the method for cooperatively executing the task to be executed can enable all participants to acquire the cooperative processing result of the task to be executed without providing original data, reduce the possibility of privacy data leakage and improve the data security.
Drawings
FIG. 1 is a block diagram of a data processing system in one embodiment;
FIG. 2 is a flow diagram of a data processing method in one embodiment;
FIG. 3 is a flowchart of an embodiment for obtaining encryption execution results;
FIG. 4 is a flow chart of a data processing method according to another embodiment;
FIG. 5 is a flow chart of a method for assisting in processing data in a scene in one embodiment;
FIG. 6 is a flow diagram of obtaining a decryption private key in one embodiment;
FIG. 7 is a flowchart of a method for assisting in processing data in a scene according to another embodiment;
FIG. 8 is a flow chart of a method of data processing in a joint training scenario in one embodiment;
FIG. 9 is a flowchart of a method for processing data in an intersection determination scenario according to an embodiment;
FIG. 10 is a block diagram of a data processing apparatus in one embodiment;
FIG. 11 is an internal block diagram of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
The data processing method provided by the embodiment of the application can be applied to a data processing system shown in fig. 1. The data processing system shown in fig. 1 includes processing devices corresponding to each of a plurality of participants, and fig. 1 is illustrated by taking an example in which a plurality of participants includes a participant a and a participant B. Each processing device in the data processing system shown in fig. 1 has the capability to execute the data processing method provided in the embodiment of the present application. The processing devices may communicate with each other via a network or via a message queue, as illustrated in fig. 1. The specific process of the data processing method is described below by taking a processing device corresponding to one of the participants as an example, and for convenience of description, the participant is referred to as a target participant: the processing equipment firstly acquires task configuration information of a task to be executed, wherein the task configuration information comprises task algorithm information and participant information, and then determines processing equipment corresponding to each of the other participants for cooperatively executing the task to be executed according to the participant information, and for convenience of explanation, the processing equipment corresponding to each of the other participants is called target equipment; negotiating with the target device to determine a session key if the trust verification passes with the target device; determining a task execution algorithm corresponding to a task to be executed according to the task algorithm information, and processing the original data of the target participant by adopting the task execution algorithm to obtain a first intermediate execution result; finally, encrypting the first intermediate execution result by using the session key to obtain an encryption execution result, sending the encryption execution result to the target equipment, wherein the encryption execution result is used for indicating the target equipment to decrypt the encryption execution result by using the session key to obtain a first intermediate execution result, and obtaining a second intermediate execution result based on a task association algorithm matched with the task to be executed, the first intermediate execution result and the original data of the participant to which the target equipment belongs; and determining a cooperative processing result of the task to be executed at least based on the second intermediate execution result.
The processing device may be a terminal, which may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices and portable wearable devices, and the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart vehicle devices and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The processing device may be a server, and the server may be an independent physical server, or may be a server cluster or a distributed system formed by a plurality of physical servers, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, and basic cloud computing services such as big data and artificial intelligence platforms. The terminal may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, etc. The terminal and the server may be directly or indirectly connected through wired or wireless communication, which is not limited herein.
The data processing method provided by the embodiment of the application can be used as a cloud computing service, cloud computing (cloud computing) is a computing mode, and computing tasks are distributed on a resource pool formed by a large number of computers, so that various application systems can acquire computing power, storage space and information service according to requirements. The network that provides the resources is referred to as the "cloud". Resources in the cloud are infinitely expandable in the sense of users, and can be acquired at any time, used as needed, expanded at any time and paid for use as needed. As a basic capability provider of cloud computing, a cloud computing resource pool (called IaaS (Infrastructure as a Service) platform for short is established, and various types of virtual resources are deployed in the resource pool for external clients to select and use.
In some embodiments, as shown in fig. 2, a data processing method is provided, which is illustrated by using the method applied to a processing device corresponding to a target participant in fig. 1, where the target participant may be any participant in the data processing system shown in fig. 1, and the data processing method includes the following steps:
step 202, task configuration information of a task to be executed is obtained, wherein the task configuration information comprises task algorithm information and participant information.
The task to be executed is a task which is constructed by a task initiator and needs a plurality of participants to cooperatively execute, and the task initiator may be a certain participant in the plurality of participants or may be a third party commonly designated by the plurality of participants.
The task configuration information of the task to be executed may include task algorithm information and participant information, where the task algorithm information may include related information capable of uniquely determining an algorithm, and exemplary task algorithm information may include an algorithm identifier, an algorithm name, a code metric, an algorithm purpose, an application scenario, and the embodiment of the present application is not limited to this.
The participant information comprises information of each participant which cooperates to execute the task to be executed, and the information of each participant comprises an identification of the participant, a name of the participant and equipment information of processing equipment corresponding to the participant. The device information may include a device identification, a device name, a communication address, and the like.
In some embodiments, task issuing may be implemented by an Application (APP), specifically, a task initiator may input relevant information of a task to be executed in a page for constructing the task in the APP, trigger a create completion instruction after the input operation is completed, display a participant list after the APP detects the create completion instruction, select each participant for cooperatively executing the task to be executed in the participant list, trigger the select completion instruction, after the APP detects the select completion instruction, generate task creation information based on information input by the task initiator in the page for constructing the task, and send the task creation information to processing devices corresponding to each participant for cooperatively executing the task to be executed, where each processing device corresponding to each participant extracts task configuration information of the task to be executed based on the received task creation information.
The information input by the task initiator on the page for constructing the task comprises task configuration information, and each participant for cooperatively executing the task to be executed comprises a target participant.
In some embodiments, task issuing may be implemented through a blockchain, where processing devices corresponding to each participant in the data processing system shown in fig. 1 are blockchain nodes of the same blockchain, a task initiator may input relevant information of a task to be executed on a blockchain node corresponding to the task initiator, after the input operation is completed, trigger a task creation instruction, after the blockchain node detects the task creation instruction, obtain task creation information corresponding to the task creation instruction, issue the task creation information to the blockchain, send a task issuing notification to a blockchain node corresponding to each participant in the task creation information, and after each blockchain node corresponding to each participant receives the task issuing notification, obtain task creation information from the blockchain, and extract task configuration information from the task creation information.
And 204, determining target devices corresponding to all other participants cooperatively executing the task to be executed according to the participant information, and negotiating with the target devices to determine a session key under the condition that the trusted verification passes between the target devices.
Wherein, for each participant in the data processing system shown in fig. 1, the corresponding processing device has a trusted execution environment in addition to the function of the blockchain node. After each block chain node corresponding to each participant cooperatively executing the task to be executed receives the task execution notification, the corresponding processing device can execute the step in the trusted execution environment.
In some embodiments, taking a processing device corresponding to a target participant as an example, the specific process of the step is: the method comprises the steps of analyzing the information of the participants to obtain information of each participant which cooperates to execute a task to be executed, acquiring information of all other participants except for a target participant from the information of each participant, and determining processing equipment corresponding to each other participant based on the information of each other participant.
The trusted verification is required to be carried out between the processing devices corresponding to the participants cooperatively executing the task to be executed, and the trusted verification is considered to be passed only when the trusted verification is passed.
Illustratively, each participant cooperatively executing the task to be executed includes a participant a, a participant B, and a participant C, and the trusted verification passing between the processing device corresponding to the target participant and the target device is determined only if the trusted verification passing between the processing device corresponding to the participant a and the processing device corresponding to the participant B, between the processing device corresponding to the participant a and the processing device corresponding to the participant C, and between the processing device corresponding to the participant B and the processing device corresponding to the participant C.
In some embodiments, the processing device corresponding to the target participant may negotiate with the target device to determine a session key if the trusted verification passes between the processing device corresponding to the target participant and the target device.
In some embodiments, the processing device corresponding to the target participant may generate a random value by using a random value generation algorithm, encrypt the random value, send the encrypted value to the target device, decrypt the received encrypted information by the target device, and obtain the random value, and use the random value as the session key.
Step 206, determining a task execution algorithm corresponding to the task to be executed according to the task algorithm information, and processing the original data of the target participant by adopting the task execution algorithm to obtain a first intermediate execution result.
The task algorithm information may include related information capable of uniquely determining an algorithm, and each of the participants cooperatively executing the task to be executed corresponds to a processing device, which may execute the step in a trusted execution environment.
In some embodiments, taking a processing device corresponding to a target participant as an example, the specific process of the step is: the processing device corresponding to the target participant can determine a task execution algorithm corresponding to the task to be executed from all algorithms contained in the database of the target participant according to the task algorithm information. Or the processing device corresponding to the target participant can determine a task execution algorithm corresponding to the task to be executed from the algorithm warehouse according to the task algorithm information.
Under the condition that the task execution algorithms are different, the processing procedures of the original data of the target participants are also different, and correspondingly, the obtained first intermediate execution results are also different.
And step 208, encrypting the first intermediate execution result by using the session key to obtain an encryption execution result, and sending the encryption execution result to the target equipment. The encryption execution result is used for indicating the target equipment to decrypt the encryption execution result by using the session key to obtain a first intermediate execution result, and a second intermediate execution result is obtained based on a task association algorithm matched with the task to be executed, the first intermediate execution result and the original data of the participant to which the target equipment belongs; and determining a cooperative processing result of the task to be executed at least based on the second intermediate execution result.
In some embodiments, after obtaining the first intermediate execution result, the processing device corresponding to each of the participants cooperatively executing the task to be executed may execute the step in a trusted execution environment. Taking a processing device corresponding to a target participant as an example, the specific process of the steps is as follows: in the trusted execution environment, the first intermediate execution result is encrypted by using the session key to obtain an encryption execution result, the encryption execution result is sent to the message queue, and the target device can acquire the encryption execution result from the message queue.
After the target device obtains the encryption execution result, the encryption execution result is decrypted by using the session key to obtain a first intermediate execution result, and then a second intermediate execution result is obtained based on a task association algorithm matched with the task to be executed, the first intermediate execution result and the original data of the participant to which the target device belongs.
The task association algorithm matched with the task to be executed and the task execution algorithm corresponding to the task to be executed can be the same algorithm or can be different algorithms capable of realizing the same function. The target device may determine a task association algorithm matching the task to be performed from all algorithms contained in the database of the party to which the target device belongs. Alternatively, a task association algorithm matching the task to be performed is determined from an algorithm repository.
When the tasks to be executed are different, the first intermediate execution result is determined, the first intermediate execution result is encrypted to obtain an encrypted execution result, the encrypted execution result is sent to the target device, the encrypted execution result is decrypted, the second intermediate execution result is calculated based on the first intermediate execution result obtained by decryption, and the number of times of execution of the series of actions is different, that is, the series of actions may be executed once or multiple times, and the task to be executed constructed by the task initiator is determined.
In some embodiments, the data processing method provided in the embodiments of the present application may be applied in a joint training scenario, where a task initiator may issue a joint training task, that is, a task to be performed is a joint training task, each participant cooperatively performing the joint training task provides data and computing power, each participant needs to store own model parameters, after acquiring task configuration information, processing devices corresponding to each participant cooperatively performing the joint training task may perform steps, where each participant cooperatively performing the joint training task includes a target participant, and taking processing devices corresponding to the target participant as an example, the steps may include: according to the information of the participants, processing equipment corresponding to each of the other participants for cooperatively executing the joint training task is determined, the processing equipment corresponding to each of the other participants is called target equipment for convenience of distinguishing, a session key is negotiated and determined with the target equipment under the condition that the trust verification between the processing equipment and the target equipment is passed, then a task execution algorithm corresponding to the joint training task is determined according to the task algorithm information, for convenience of explanation, the task execution algorithm corresponding to the joint training task can be called a model training algorithm, the original data of the target participants can be processed by adopting the model training algorithm, a first local gradient is obtained, and the first local gradient is used as a first intermediate execution result.
Taking processing equipment corresponding to a target participant as an example, after a first local gradient is obtained, encrypting the first local gradient by using a session key to obtain an encryption execution result, sending the encryption execution result to a message queue, obtaining the encryption execution result from the message queue by the target equipment, decrypting the encryption execution result by using the session key to obtain the first local gradient, determining a global training gradient based on the first local gradient and the local gradient, and updating training parameters in a task association algorithm according to the global training gradient to obtain an updated task association algorithm; and processing the original data of the participant to which the target equipment belongs by adopting the updated task association algorithm to obtain a second local gradient, and taking the second local gradient as a second intermediate execution result.
And when determining that each participant contained in the participant information completes the respective model training process based on the second intermediate result, taking the model parameters corresponding to each participant contained in the participant information as the collaborative processing result of the joint training task.
In some embodiments, the data processing method provided in the embodiments of the present application may be applied in an intersection solving scenario, where a task initiator may issue an intersection solving task, that is, a task to be executed is an intersection solving task, each participant cooperatively executing the intersection solving task provides data and computing power, a specific participant needs to store a final cooperative processing result, a processing device corresponding to the specific participant is a target device, and, among all the participants cooperatively executing the joint training task, after the processing devices corresponding to all the participants except the specific participant acquire task configuration information, the processing device corresponding to the target participant may execute the following steps, where the steps may include: according to the information of the participants, processing equipment corresponding to each of the other participants for cooperatively executing the intersection solving task is determined, the processing equipment corresponding to each of the other participants is called target equipment for convenience of distinguishing, a session key is negotiated and determined with the target equipment under the condition that the trust verification between the processing equipment and the target equipment is passed, then a task execution algorithm corresponding to the intersection solving task is determined according to the task algorithm information, for convenience of explanation, the task execution algorithm corresponding to the intersection solving task can be called an intersection solving algorithm, the original data of the target participants can be processed by adopting the intersection solving algorithm to obtain a first intersection solving result, and the first intersection solving result is used as a first intermediate execution result.
Taking the processing equipment corresponding to the target party as an example, after the first intersection acquisition result is obtained, encrypting the first intersection acquisition result by using a session key to obtain an encryption execution result, sending the encryption execution result to a message queue, obtaining the encryption execution result from the message queue by using the target equipment, decrypting the encryption execution result by using the session key to obtain the first intersection acquisition result, acquiring a union of the first intersection acquisition result and a second intersection acquisition result acquired by the target equipment, taking the union result as a second intermediate execution result, and taking the second intermediate execution result as a cooperative processing result of an intersection acquisition task under an intersection acquisition scene.
In the above embodiment, the processing device corresponding to the target participant first obtains the task configuration information of the task to be executed, then determines, according to the participant information, the target devices corresponding to the other participants cooperatively executing the task to be executed, and negotiates with the target devices to determine the session key when the trusted verification passes between the target devices; the trusted verification can ensure that the logic running in the trusted execution environment of the processing equipment corresponding to each participant in the collaborative execution of the task to be executed is legal, the session key provides a safety channel for subsequent data interaction, the data safety is improved, the task execution algorithm corresponding to the task to be executed is determined according to the task algorithm information, and the original data of the target participant is processed by adopting the task execution algorithm to obtain a first intermediate execution result; encrypting the first intermediate execution result by using the session key to obtain an encryption execution result, sending the encryption execution result to the target device, wherein the encryption execution result is used for indicating the target device to decrypt the encryption execution result by using the session key to obtain a first intermediate execution result, and obtaining a second intermediate execution result based on a task association algorithm matched with a task to be executed, the first intermediate execution result and original data of a participant to which the target device belongs; the method for cooperatively executing the task to be executed can enable all participants to acquire the cooperative processing result of the task to be executed without providing original data, reduce the possibility of privacy data leakage and improve the data security.
In some embodiments, the processing device obtains task configuration information for a task to be performed for a blockchain node, including: receiving a task release notice, wherein the task release notice is sent to each block chain node corresponding to each participant in task creation information after a block chain node corresponding to a task initiator detects a task creation instruction triggered by the task initiator, acquiring task creation information corresponding to the task creation instruction and releasing the task creation information to a block chain; and acquiring task creation information from the blockchain based on the task release notice, and extracting task configuration information from the task creation information.
The processing devices corresponding to the participants cooperatively executing the task to be executed may be blockchain nodes, that is, the processing devices corresponding to the participants cooperatively executing the task to be executed have the function of blockchain nodes.
When the task initiator is a party, the blockchain node corresponding to the task initiator is a processing device corresponding to the party, and when the task initiator is a third party, the third party may apply for a blockchain node under the blockchain, and use the blockchain node as the blockchain node corresponding to the task initiator.
The related information of the task to be executed, which is input by the task initiator on the blockchain node corresponding to the task initiator, may include: task identification, task configuration information, task initiator identification, etc., the task configuration information may include task algorithm information and participant information, the task algorithm information may include algorithm identification, code metrics, code hashes, etc., and the participant information may include information of each participant that cooperatively performs a task to be performed, such as: information of participants providing data and computing power, information of participants providing only data, information of participants providing only computing power, information of participants needing to store the result.
The information of the party providing the data may include storage location indication information of the provided data, for example: table names, file names, column families, etc., to which the embodiments of the present application are not limited.
After the blockchain node corresponding to the task initiator detects the task creation instruction, the blockchain node can acquire the related information of the task to be executed, which is input by the task initiator, and the acquired information is used as the task creation information corresponding to the task creation instruction.
The blockchain node corresponding to the task initiator can issue the task creation information to the blockchain after obtaining the task creation information corresponding to the task creation instruction, that is, the task creation information is uplink, so that the task creation information is added to the blockchain stored by each blockchain node.
After the blockchain node corresponding to the task initiator detects the task creation instruction, the blockchain node corresponding to the task initiator can uplink the task creation information through the blockchain intelligent contract, and can also send a task release notice to the blockchain node corresponding to each participant in the task creation information through the blockchain intelligent contract, namely, send the task release notice to the blockchain node corresponding to each participant in the cooperative execution of the task to be executed.
Wherein each participant that cooperates to perform the task to be performed comprises a target participant. The task publication notification may include a task identification of the task to be performed.
After each block chain node corresponding to each participant cooperatively executing the task to be executed receives the task release notice, task creation information is acquired from the stored block chain, and task configuration information is extracted from the task creation information.
The task creation information comprises task identifiers of tasks to be executed, the task release notice also comprises task identifiers of the tasks to be executed, after each block chain node corresponding to each participant in collaborative execution of the tasks to be executed receives the task release notice, the task identifiers of the tasks to be executed can be extracted from the task release notice, task creation information containing the same task identifiers is obtained from the block chain based on the extracted task identifiers, the task creation information is the task creation information corresponding to the tasks to be executed, and task configuration information of the tasks to be executed can be further extracted from the task creation information.
In the above embodiment, the task initiator may issue the task creation information to the blockchain, and each participant cooperatively executing the task to be executed may obtain the task creation information from the blockchain, thereby improving data security.
In some embodiments, the processing device is a blockchain node, and the data processing method provided in the embodiments of the present application further includes: auditing the task configuration information based on preset auditing rules; under the condition that the auditing is passed, signing the task configuration information to obtain corresponding task authorization information, and issuing the task authorization information to the block chain; after receiving a task execution notice sent by a block chain node corresponding to a task initiator, carrying out trusted verification with target equipment; the task execution notification is sent to the blockchain node corresponding to each participant in the participant information under the condition that the blockchain node corresponding to each participant in the participant information is determined for the blockchain node corresponding to the task initiator and the corresponding task authorization information is issued to the blockchain.
After each block chain node corresponding to each participant cooperatively executing the task to be executed acquires task creation information from the block chain, the task configuration information can be audited based on preset auditing rules; under the condition that the auditing is passed, signing the task configuration information to obtain corresponding task authorization information, and issuing the task authorization information to the block chain; and under the condition that the blockchain nodes corresponding to the task initiator determine the blockchain nodes corresponding to all the participants in the participant information and issue corresponding task authorization information to the blockchain, sending a task execution notice to the blockchain nodes corresponding to all the participants in the participant information.
The blockchain nodes corresponding to the task initiator can judge whether the blockchain nodes corresponding to each participant in the participant information release corresponding task authorization information to the blockchain through the blockchain intelligent contract.
Under the condition that the block chain nodes corresponding to all the participants cooperatively executing the task to be executed do not pass the task configuration information auditing, the auditing result can be issued to the block chain.
The method comprises the steps that when a blockchain node corresponding to a task initiator detects that a blockchain node corresponding to any one participant issues an audit result which is not passed by audit, or the blockchain node corresponding to any one participant does not issue task authorization information before overtime, the task authorization is determined to fail, the process is terminated, and authorization failure reminding is displayed for the task initiator to check.
The auditing the task configuration information based on the preset auditing rule may include: at least one of determining whether data meta-information related to a task execution algorithm has been published, or determining whether there is a risk of data leakage. When judging whether the data leakage risk exists, the method can be realized through algorithm audit and code measurement comparison, and the participant can set other audit rules according to actual requirements, which is not limited by the embodiment of the application.
In the above embodiment, the task execution notification is issued only when all the participants cooperatively executing the task to be executed issue the corresponding task authorization information to the blockchain, so that it is possible to avoid that after the task execution notification is issued, some of the participants do not wish to participate in the issuing invalidation caused by executing the task to be executed, and the waste of processing resources is reduced.
In some embodiments, the data processing method provided in the embodiments of the present application further includes: sending a trusted proving request to a message queue, wherein the trusted proving request is used for generating trusted proving information corresponding to target equipment after the target equipment obtains the trusted proving request from the message queue, and sending the trusted proving information to the message queue; acquiring the credible proving information corresponding to the target equipment from the message queue; and verifying the trusted proving information corresponding to the target equipment to obtain a verification result, and determining whether the trusted verification with the target equipment is passed or not based on the verification result.
The trusted attestation request may be a remote attestation challenge, the trusted attestation information may be a remote attestation, and verifying the remote attestation is intended to verify the validity of the remote attestation.
In a specific implementation, processing equipment corresponding to each participant cooperatively executing a task to be executed sends a remote proof challenge to a message queue, and after the processing equipment corresponding to each participant acquires the remote proof challenges sent by the processing equipment corresponding to each other participant from the message queue, the processing equipment generates remote proof for each other participant and sends the remote proof to the message queue; processing equipment corresponding to each participant acquires remote certificates sent by processing equipment corresponding to each other participant from the message queue, and verifies each remote certificate to obtain a verification result; and under the condition that the verification results obtained by the processing equipment corresponding to all the participants are all passed, determining that the trusted verification is passed.
The processing equipment corresponding to each party can generate an information set to be verified based on the information such as the code measurement of the own code logic, the own public key and the like, and the information set to be verified is signed to obtain the remote certification.
The processing equipment corresponding to each participant for cooperatively executing the task to be executed is provided with a trusted execution environment, wherein the trusted execution environment comprises a trusted key management component, a trusted computing cluster module and a database. The trusted verification process between the participants cooperatively executing the task to be executed may be executed by a trusted key management component in the processing device to which each participant corresponds.
Illustratively, each participant cooperatively executing the task to be executed includes a participant a, a participant B, and a participant C, each of which corresponds to a trusted key management component, and each of which sends a remote attestation challenge to the message queue; after obtaining the remote certificates corresponding to the participants B and C from the message queue, the trusted key management components corresponding to the participant A respectively generate remote certificates for the participants B and C, and send the remote certificates to the trusted key management components corresponding to the participants B and C through the message queue; similarly, the trusted key management component corresponding to the party B obtains the remote certificates corresponding to the party A and the party C from the message queue, generates remote certificates for the party A and the party C respectively after the remote certificates are struggled, and sends the remote certificates to the trusted key management component corresponding to the party A and the party C through the message queue; similarly, the trusted key management component corresponding to the party C generates remote certificates for the party B and the party C respectively after acquiring the remote certificates corresponding to the party B and the party C from the message queue, and sends the remote certificates to the trusted key management components corresponding to the party B and the party C respectively through the message queue. The trusted key management component corresponding to the party A respectively verifies the received remote certificates of the party B and the party C; the trusted key management component corresponding to the party B respectively verifies the received remote certificates of the party A and the party C; the trusted key management component corresponding to the party C respectively verifies the received remote certificates of the party B and the party C; and under the condition that the verification results of the three parties are all passed, determining that the trusted verification is passed.
In the above embodiment, a specific implementation manner of trusted verification is provided, and this manner can enable each of the participants cooperatively executing the task to be executed to respectively correspond to the processing devices, mutually prove that the operation logic in the trusted execution environment of each participant is not tampered, and improve the security of data processing.
In some embodiments, negotiating with the target device to determine the session key includes: obtaining a public key of a party to which target equipment belongs and generating a random value; and encrypting the random value by using the public key to obtain an encryption key, sending the encryption key to the message queue, and decrypting the encryption key by using a private key of a participant to which the target device belongs after the encryption key is used for indicating the encryption key acquired by the target device from the message queue to obtain the random value, wherein the random value is used as a session key.
The processing devices corresponding to the participants in the data processing system shown in fig. 1 can determine a key pair through an asymmetric encryption algorithm, wherein the key pair comprises a public key and a private key. Taking the processing device corresponding to the target participant as an example, the processing device corresponding to the target participant may extract the public keys of the remaining participants from the received remote attestation of the remaining participants.
In some embodiments, after the processing device corresponding to the target party obtains the public key of the party to which the target device belongs, the processing device corresponding to the target party may generate a random value, encrypt the random value with the public key to obtain an encryption key, send the encryption key to the message queue, and after the target device may obtain the encryption key from the message queue, decrypt the encryption key with the private key of the party to which the target device belongs to obtain the random value, where the processing device corresponding to the target party and the target device may use the random value as the session key.
The processing equipment corresponding to each participant for cooperatively executing the task to be executed is provided with a trusted execution environment, wherein the trusted execution environment comprises a trusted key management component, a trusted computing cluster module and a database. The key negotiation process between the participants cooperatively executing the task to be executed may be executed by a trusted key management component in the processing device to which each participant corresponds.
The trusted key management component may be used for distributing and storing the session key, and the trusted computing cluster module may synchronize the session key from the trusted key management component if necessary, and the synchronization process is described in the following embodiments.
In the above embodiment, a specific implementation manner of key negotiation is provided, and the session key provides a secure channel for subsequent data interaction, thereby improving data security.
In some embodiments, determining a task execution algorithm corresponding to a task to be executed according to task algorithm information includes: acquiring an algorithm matched with task algorithm information from an algorithm warehouse, and taking the acquired algorithm as a task execution algorithm corresponding to a task to be executed; the algorithm warehouse contains algorithms developed by the algorithm development objects that have passed the release process.
The algorithm development object may be a participant in the data processing system shown in fig. 1, or may be an object for providing an algorithm development service, which is not limited in the embodiment of the present application.
After the development of a new algorithm is completed or the iterative updating of the original algorithm is completed, the algorithm can be released to an algorithm warehouse through an algorithm release flow by the algorithm development object, and related information of the algorithm is released to a blockchain. The relevant information of the algorithm includes, for example: code metrics, usage, application scenarios, input data structures, output data structures, etc.
Among the algorithms published into the algorithm repository are, for example: four operations, statistical analysis, database table fusion, query, machine learning algorithm, intersection, etc., which are not limited in this embodiment of the present application.
The algorithm development object can sign the algorithm by using a private key held by the algorithm development object, and then issue the signed algorithm to the algorithm warehouse; similarly, the algorithm development object can sign the related information of the algorithm by using a private key held by the algorithm development object, and issue the obtained signed algorithm information to the blockchain.
The data processing system shown in fig. 1 is configured to obtain the above algorithm information on the blockchain node corresponding to each participant, where each participant can determine whether to participate in the execution task of the corresponding algorithm in combination with the actual service cooperation requirement, and under the condition of determining to participate in the execution task of the corresponding algorithm, sort the data stored in the database according to the input data structure in the algorithm information, so as to obtain data with a structure matched with the input data structure of the algorithm, and for convenience of explanation, use the obtained data as original data, and issue the data meta information of the original data to the blockchain through the corresponding blockchain node, where the data meta information of the original data can be used as the data meta information related to the corresponding algorithm. The data meta information of the original data may include the structure, meaning, purpose, etc. of the data.
In the embodiment, the algorithm matched with the task algorithm information can be obtained from the algorithm warehouse, the obtained algorithm is used as the task execution algorithm corresponding to the task to be executed, the participant does not need to develop the task execution algorithm by himself, and the task execution efficiency is improved.
In some embodiments, the processing device includes a trusted key management component and a trusted computing cluster module, where the trusted key management component is configured to store a session key, and as shown in fig. 3, encrypt a first intermediate execution result using the session key to obtain an encrypted execution result, and includes:
in step 302, the trusted computing cluster module performs local trust verification with the trusted key management component.
The trusted computing cluster module sends a remote proving challenge to the trusted key management component, and the trusted key management component sends the remote proving challenge to the trusted computing cluster module; after receiving the remote certification challenge, the trusted computing cluster module generates own remote certification and sends the remote certification to the trusted key management assembly; after receiving the remote certification challenge, the trusted key management component also generates own remote certification and sends the remote certification to the trusted computing cluster module; the trusted key management component and the trusted computing cluster module both verify the received remote attestation, and if the verification passes, the local trusted verification is determined to pass.
Step 304, under the condition that the local trusted verification is passed, the trusted computing cluster module obtains task authorization information corresponding to each participant in the participant information from the blockchain.
In step 306, the trusted computing cluster module transmits the task authorization information corresponding to each participant to the trusted key management component, so as to instruct the trusted key management component to perform signature verification on the task authorization information corresponding to each participant.
As described in the foregoing embodiment, the processing devices corresponding to each of the participants cooperatively executing the task to be executed may issue the task authorization information to the blockchain, and the trusted computing cluster module may obtain the task authorization information corresponding to each of the participants in the participant information from the blockchain, and transmit the task authorization information corresponding to each of the participants to the trusted key management component, where the trusted key management component may perform signature verification on each of the received task authorization information to ensure that the signatures corresponding to all of the task authorization information are legal.
In step 308, the trusted computing cluster module receives a session key that the trusted key management component sent if the signature verification passed.
In step 310, the trusted computing cluster module encrypts the first intermediate execution result using the session key to obtain an encrypted execution result.
After the signature verification is passed, the trusted key management component may send the session key to the trusted computing cluster module, and the trusted computing cluster module encrypts the first intermediate execution result by using the session key to obtain an encrypted execution result. In the case where the first intermediate execution result needs to be saved locally, the first intermediate execution result may be saved in a database in the trusted execution environment.
Referring to fig. 4, a detailed embodiment of a data processing method is provided, specifically comprising 2 stages: a preparation phase and a task execution phase. In the preparation phase, the algorithm development object may publish the developed algorithm into an algorithm warehouse and publish the algorithm information onto the blockchain. Each participant in the data processing system shown in fig. 2 can combine with the actual business cooperation requirement to determine whether to participate in the execution task of the algorithm, and under the condition of determining participation, the data stored in the database is sorted to obtain the data with the structure matched with the input data structure of the algorithm, and the data meta-information is issued to the blockchain. In the task execution stage, the method specifically comprises the following steps: 1. the task initiator builds a task to be executed through the blockchain node corresponding to the task initiator and submits the task, and the blockchain node corresponding to the task initiator can issue the task creation information to the blockchain; 2. the block chain nodes corresponding to the task initiator send task release notices to the block chain nodes corresponding to each participant in the task creation information; 3. the processing equipment corresponding to each participant in the cooperative execution of the task to be executed is provided with a trusted execution environment, wherein the trusted execution environment comprises a trusted key management component, a trusted computing cluster module and a database, and multiparty remote certification and session key negotiation can be carried out among the trusted key management components corresponding to each participant. 4. The trusted computing cluster module corresponding to each participant can synchronize the session key from the local trusted key management component and acquire the algorithm designated by the task to be executed from the algorithm warehouse. 5. The trusted computing cluster modules corresponding to the participants can acquire original data from a local database, the original data is processed by adopting an algorithm acquired from an algorithm warehouse to obtain a first intermediate processing result, the first intermediate execution result is encrypted by using a session key to obtain an encrypted execution result, and the encrypted execution result is sent to the trusted computing cluster modules corresponding to the other participants. 6. And after the trusted computing cluster modules corresponding to the participants respectively complete the responsible computation, issuing an ending state to the blockchain. The various parties interact with data via the message queues of fig. 4.
In the above embodiment, after the session key is negotiated and determined, the session key is stored in the trusted key management component, and the session key may be sent to the trusted computing cluster module only when the local trusted verification, the signature verification of the task authorization information, and the like pass, thereby further improving the data security.
In some embodiments, the processing device includes a trusted key management component and a trusted computing cluster module, and referring to fig. 5, the data processing method provided in the embodiments of the present application further includes:
in step 502, the trusted computing cluster module obtains encrypted original data of the data provider from a database of the data provider, where the encrypted original data is obtained by encrypting the original data of the data provider by the data provider using an encryption public key.
Among the individual parties that cooperate to perform the task to be performed, there may be parties that are unable to maintain their own trusted computing cluster modules, in which case data processing may be performed by means of the trusted computing cluster modules of the other parties. In the embodiment of the application, a participant who is unable to maintain the trusted computing cluster module is called a data provider, and the data provider can process data by means of the trusted computing cluster module of the target participant, and the target participant can also be called a computing power provider.
Step 504, the trusted computing cluster module obtains a decryption private key by interacting with the trusted key management component; and decrypting the encrypted original data by using the decryption private key to obtain the data to be processed.
And step 506, processing the data to be processed by adopting a task execution algorithm to obtain an intermediate processing result corresponding to the data provider.
In some embodiments, the data provider may encrypt the original data of the data provider using the encryption public key to obtain encrypted original data, and the trusted computing cluster module in the processing device corresponding to the target participant may obtain the encrypted original data of the data provider from the database of the data provider, where the trusted computing cluster module may obtain the decryption private key from the trusted key management component in the processing device corresponding to the target participant method, decrypt the encrypted original data using the decryption private key to obtain data to be processed, and process the data to be processed by adopting the task execution algorithm to obtain an intermediate processing result corresponding to the data provider.
In an exemplary embodiment, in a joint training scenario, each participant cooperatively executing the joint training task includes a participant a, a participant B, and a participant C, where the participant a is unable to maintain its own trusted computing cluster module, and the participant a may perform data processing by using the trusted computing cluster module of the participant B or the participant C. For example, party a performs data processing by means of a trusted computing cluster module of party B, party a may encrypt original data of party a using an encryption public key to obtain encrypted original data, the trusted computing cluster module in a processing device corresponding to party B may obtain encrypted original data of a data provider from a database of party a, the trusted computing cluster module may obtain a decryption private key from a trusted key management component in the processing device corresponding to party B, decrypt the encrypted original data using the decryption private key to obtain data to be processed, obtain a training sample based on the data to be processed, and obtain a local gradient corresponding to party a based on the training sample and a model training algorithm.
In the above embodiment, under the condition that the participant is unable to maintain the own trusted computing cluster module, the trusted computing cluster modules of other participants can be used for data processing, so that the inclusion of the capability of the participant is improved.
In some embodiments, the encrypted public key is generated by a trusted key management component of the data provider and returned to the data provider after passing the trusted key management component of the data provider by a key derivation algorithm based on the session key and the signed public key of the data provider.
The data provider can conduct the trusted verification on the trusted key management component of the data provider, specifically, the data provider can verify the remote certification of the trusted key management component, and the trusted verification is determined to be passed under the condition that the remote certification is passed.
Under the condition that the trusted verification is passed, the data provider can use a private signature key to sign a public signature key to obtain signature data, the public signature key and the signature data are sent to a trusted key management component of the data provider, the trusted key management component of the data provider uses the received public signature key to verify the validity of the signature data, under the condition that the signature data is legal, a pair of public and private encryption keys is derived by adopting a key derivation algorithm based on the session key and the public signature key, the public and private encryption key pair comprises a public key and a private key, the public key is used as an encryption public key, and the encryption public key is returned to the data provider.
In the above embodiment, the data provider may obtain the encryption public key through the trusted key management component of the data provider, encrypt the original data of the data provider using the encryption public key, and subsequently assist the trusted computing cluster module corresponding to the participant in data processing, so that the encrypted original data is obtained from the database of the data provider, thereby improving the security in the data transmission process.
In some embodiments, referring to fig. 6, the trusted computing cluster module obtains a decryption private key by interacting with a trusted key management component, comprising:
in step 602, the trusted computing cluster module performs local trust verification with the trusted key management component.
The trusted computing cluster module sends a remote proving challenge to the trusted key management component, and the trusted key management component sends the remote proving challenge to the trusted computing cluster module; after receiving the remote certification challenge, the trusted computing cluster module generates own remote certification and sends the remote certification to the trusted key management assembly; after receiving the remote certification challenge, the trusted key management component also generates own remote certification and sends the remote certification to the trusted computing cluster module; the trusted key management component and the trusted computing cluster module both verify the received remote attestation, and if the verification passes, the local trusted verification is determined to pass.
In step 604, if the local trusted verification passes, the trusted computing cluster module sends the task authorization information corresponding to each of the participants in the participant information and the signature public key of the data provider to the trusted key management component, so as to instruct the trusted key management component to perform signature verification on the task authorization information corresponding to each of the participants.
In step 606, the trusted computing cluster module receives a decryption private key sent by the trusted key management component, where the decryption private key is generated by the trusted key management component by using a key derivation algorithm based on the session key and the public signature key of the data provider under the condition that the signature verification is passed.
As described in the foregoing embodiment, the processing devices corresponding to each of the participants cooperatively executing the task to be executed may issue the task authorization information to the blockchain, and the trusted computing cluster module may obtain the task authorization information corresponding to each of the participants in the participant information from the blockchain, and further send the task authorization information corresponding to each of the participants and the signature public key of the data provider to the trusted key management component.
After the data provider obtains the signature public key, the signature public key can be issued to the blockchain, and the trusted computing cluster module in the processing equipment corresponding to the target participant can acquire the signature public key of the data provider from the blockchain.
The trusted key management component in the processing equipment corresponding to the target party can conduct signature verification on the received task authorization information, under the condition that verification is passed, a pair of encrypted public and private key pairs are generated by adopting a key derivation algorithm based on the session key and the signature public key of the data provider, the private key in the pair is used as a decryption private key, and the decryption private key is returned to the trusted computing cluster module in the processing equipment corresponding to the target party.
In some embodiments, referring to fig. 7, a data processing method is provided, including the steps of: 1. the trusted key management component of the data provider and the trusted key management component of the computing power provider may synchronize session keys through message queues, which may be determined for negotiation in the foregoing embodiments or renegotiation for assistance processing scenarios. 2. The data provider may verify a remote attestation of the trusted key management component of the data provider, and in the event that the verification passes, obtain the encrypted public key from the trusted key management component. 3. The data provider encrypts the original data of the data provider using the encryption public key. 4. And a trusted computing cluster module in the computing power provider acquires encrypted original data of the data provider from a database of the data provider. 5. A trusted computing cluster module within the computing power provider obtains a decryption private key from a trusted key management component within the computing power provider. 6. And the trusted computing cluster module in the computing power provider decrypts the encrypted original data by using a decryption private key to obtain data to be processed, and processes the data to be processed by adopting a task execution algorithm to obtain an intermediate processing result corresponding to the data provider.
In the above embodiment, a specific implementation manner of interactively acquiring the decryption private key by the trusted computing cluster module and the trusted key management component in the trusted execution environment of the processing device corresponding to the target participant is provided, so that the trusted computing cluster module can acquire the encrypted original data from the database of the data provider, and then decrypt the encrypted original data by using the decryption private key after acquiring the encrypted original data, thereby reducing the risk of leakage of the original data in the data transmission process and improving the data security.
In some embodiments, the task to be performed is a joint training task; referring to fig. 8, processing raw data of a target participant by using a task execution algorithm to obtain a first intermediate execution result, including:
at step 802, a first training sample is obtained based on raw data of a target participant.
Step 804, inputting the first training sample to a model training algorithm corresponding to the joint training task, so as to obtain a first prediction result.
Step 806, determining a first local gradient based on the first prediction result, and taking the first local gradient as a first intermediate execution result.
The data processing method provided by the embodiment of the application can be applied to a joint training scene, under the scene, a task initiator can issue a joint training task, each participant cooperatively executing the joint training task comprises a target participant, processing equipment corresponding to the target participant is taken as an example, after task configuration information is acquired, each corresponding target equipment of other participants cooperatively executing the joint training task is determined according to the participant information, under the condition that the trusted verification between the target equipment and the target equipment passes, a session key is negotiated with the target equipment, and then a model training algorithm corresponding to the joint training task is determined according to task algorithm information.
The processing device corresponding to the target participant can convert the original data of the target participant into a first training sample matched with the model training algorithm based on a sample data input structure of the model training algorithm, input the first training sample into the model training algorithm corresponding to the joint training task to obtain a first prediction result, calculate model loss based on the first prediction result and a label of the first training sample, further determine a first local gradient based on the model loss, and take the first local gradient as a first intermediate execution result. The processing device to which the target participant corresponds may perform the above steps in a trusted execution environment.
In the above embodiment, the data processing method provided in the embodiment of the present application is applied to the joint training scenario, so that each participant does not need to provide own original data in the joint training process, thereby improving data security.
In some embodiments, the step of determining the second intermediate execution result includes: determining a global training gradient according to the first local gradient and the local gradient; updating training parameters in the task association algorithm according to the global training gradient to obtain an updated task association algorithm; acquiring a second training sample based on the original data of the participant to which the target device belongs; inputting a second training sample into the updated task association algorithm to obtain a second prediction result, determining a second local gradient based on the second prediction result, and taking the second local gradient as a second intermediate execution result; the step of determining the cooperative processing result of the joint training task comprises the following steps: and when determining that each participant contained in the participant information completes the respective model training process based on the second intermediate result, taking the model parameters corresponding to each participant contained in the participant information as the collaborative processing result of the joint training task.
After the first local gradient is obtained, the target device may fuse the first local gradient and the local gradient to obtain a global training gradient, where the fusing manner includes summation, weighted summation, and the like.
The target device may convert the original data of the participant to which the target device belongs into a second training sample adapted to the task association algorithm based on a sample data input structure of the task association algorithm, input the second training sample to the updated task association algorithm to obtain a second prediction result, calculate a corresponding model loss based on the second prediction result and a label of the second training sample, determine a second local gradient based on the model loss, and use the second local gradient as a second intermediate execution result.
After the target device obtains the second local gradient, the second local gradient can be encrypted by using the session key, the encrypted result is sent to the message queue, and after the processing device corresponding to the target participant obtains the encrypted result from the message queue, the encrypted result is decrypted by using the session key, so that the second local gradient is obtained, and training is continued by combining with the second local gradient; at the same time, the target device also continues training based on the second local gradient. And when determining that each participant contained in the participant information completes the respective model training process based on the second intermediate result, taking the model parameters corresponding to each participant contained in the participant information as the collaborative processing result of the joint training task.
The following is illustrative:
each participant cooperatively executing the joint training task comprises a participant A and a participant B, after processing equipment corresponding to each participant A and each participant B negotiates to determine a session key, the processing equipment corresponding to the participant A carries out parameter training on a model training algorithm corresponding to the joint training task based on the original data of the participant A to obtain a first local gradient, encrypts the first local gradient by using the session key, and sends a corresponding encryption result to a message queue; similarly, the processing equipment corresponding to the participant B performs parameter training on a task association algorithm matched with the task to be executed based on the original data of the participant B to obtain a corresponding local gradient, encrypts the local gradient by using a session key and sends a corresponding encryption result to a message queue; the processing equipment corresponding to the party A acquires the local gradient sent by the party B from the message queue, determines a global training gradient according to the local gradient and the local gradient, updates training parameters of the model training algorithm based on the global training gradient, continuously trains the updated model training algorithm, and acquires the corresponding local gradient again; similarly, the processing equipment corresponding to the party B acquires a first local gradient sent by the party A from the message queue, determines a global training gradient according to the first local gradient and the local gradient, updates training parameters of a task association algorithm based on the global training gradient, continuously trains the updated task association algorithm, and acquires the corresponding local gradient again; and repeating the process of sharing the local gradient until the training process of each of the participant A and the participant B is finished, and taking the model parameters corresponding to each of the participant A and the participant B as the collaborative processing result of the joint training task.
In the above embodiment, how to implement collaborative execution of the joint training task through the data processing method in the embodiment of the present application in the joint training scenario is provided, so that each participant does not need to provide own original data in the joint training process, thereby improving data security.
In some embodiments, the task to be performed is an intersection solving task; referring to fig. 9, processing the original data of the target participant by using a task execution algorithm to obtain a first intermediate execution result, including:
and step 902, performing privacy processing on the original data of the target participant according to a preset privacy processing algorithm to obtain privacy processing data.
The original data of the target participant may be object information that completes registration at the target participant, and the object information may be object identity information, an object mailbox address, or an object phone number, etc. The processing device corresponding to the target participant may perform a hash operation on each object information by using a hash algorithm to obtain a hash value of each object information, where the hash values of all object information form the privacy processing data.
Step 904, splitting the privacy processing data into a plurality of first to-be-processed subsets matched with the number of the participants according to a preset data splitting algorithm and according to the number of the participants contained in the participant information.
The processing device corresponding to the target party can split the privacy processing data into a plurality of first to-be-processed subsets matched with the number of the parties by using a hash bucket algorithm according to the number of the parties contained in the party information. Specifically, for each hash value of the object information, dividing the hash value by the number of participants to obtain a corresponding remainder, and placing the hash values with the same remainder in a subset to be processed.
Similarly, the original data of the party to which the target device belongs includes: the target equipment can use a hash algorithm to carry out hash operation on each piece of object information to obtain a hash value of each piece of object information; all hash values can be split into a plurality of second to-be-processed subsets matching the number of participants using a hash bucket algorithm according to the number of participants contained in the participant information.
Step 906, determining, by negotiating with the target device, a first subset identification of the target participant in the process and a second subset identification of the target device to which the participant is involved in the process.
The processing device corresponding to the target participant can determine a first subset identifier of the participation processing of the target participant and a second subset identifier of the participation processing of the participant to which the target device belongs through negotiation with the target device.
Step 908, encrypting the first to-be-processed subset corresponding to the second subset identifier in the plurality of first to-be-processed subsets using the session key, to obtain first subset encrypted data, and sending the first subset encrypted data to the target device.
The processing device corresponding to the target participant can encrypt a first subset to be processed corresponding to second subset identifiers in the first subsets to be processed by using the session key to obtain first subset encrypted data, and the first subset encrypted data is sent to the message queue; the target device may encrypt the second to-be-processed subset corresponding to the first subset identifier in the plurality of second to-be-processed subsets using the session key to obtain second subset encrypted data, and send the second subset encrypted data to the message queue.
Step 910, after receiving the second subset of encrypted data sent by the target device, decrypting the second subset of encrypted data by using the session key to obtain a subset decryption result.
Step 912, an intersection calculation algorithm corresponding to the intersection calculation task is adopted to calculate an intersection of the to-be-processed subsets corresponding to the first subset identifiers in the first to-be-processed subsets and the subset decryption results, so as to obtain a first intersection calculation result, and the first intersection calculation result is used as a first intermediate execution result.
Wherein. The second subset encryption data is obtained by encrypting a second to-be-processed subset corresponding to the first subset identification in the plurality of second to-be-processed subsets after the target device obtains the plurality of second to-be-processed subsets based on the original data of the participant to which the target device belongs.
The processing device corresponding to the target party acquires second subset encrypted data sent by the target device from the message queue, decrypts the second subset encrypted data by using the session key to obtain a subset decryption result, adopts an intersection solving algorithm corresponding to an intersection solving task, solves an intersection for the to-be-processed subset and the subset decryption result corresponding to the first subset identification in the plurality of first to-be-processed subsets to obtain a first intersection solving result, and takes the first intersection solving result as a first intermediate execution result.
The processing device corresponding to the target party encrypts the first intermediate execution result by using the session key to obtain an encryption execution result, and sends the encryption execution result to the message queue.
In the above embodiment, the data processing method provided in the embodiment of the present application is applied to the intersection solving scene, so that each participant does not need to provide own original data when solving the intersection of the private data, thereby improving the data security.
In some embodiments, the step of determining the second intermediate execution result includes: decrypting the first subset of encrypted data from the processing equipment, adopting a task association algorithm matched with the task to be executed, solving an intersection of a plurality of second subsets to be processed corresponding to second subset identifiers in the second subsets to be processed and decryption results corresponding to the first subset of encrypted data to obtain a second intersection solving result, and obtaining a union of the first intersection solving result and the second intersection solving result as a second intermediate execution result; the step of determining the result of the cooperative processing of the intersection solving task includes: and taking the second intermediate execution result as a collaborative processing result of the intersection solving task.
The target device obtains an encryption execution result from the message queue, decrypts the encryption execution result by using the session key, and obtains a first intersection acquisition result.
The target device obtains first subset encrypted data sent by processing devices corresponding to the target participants from the message queue, decrypts the first subset encrypted data, adopts a task association algorithm matched with a task to be executed, obtains an intersection of second subsets to be processed corresponding to second subset identifiers in the plurality of second subsets to be processed and decryption results corresponding to the first subset encrypted data, and obtains second intersection obtaining results.
The target device may obtain a union of the first intersection obtaining result and the second intersection obtaining result, and use the union result as a second intermediate execution result, and in the intersection obtaining scene, may use the second intermediate execution result as a cooperative processing result of the intersection obtaining task.
The following is illustrative:
after the processing equipment corresponding to each party A negotiates and determines a session key, the processing equipment corresponding to the party A carries out hash operation on each object information of the party A by using a hash algorithm to obtain a hash value of each object information, and splits the hash value of all the object information into 2 subsets by using a hash bucket algorithm, wherein the subsets are respectively a subset with a remainder of 0 and a subset with a remainder of 1; similarly, the processing device corresponding to the party B uses a hash algorithm to perform hash operation on each piece of object information of the party B to obtain a hash value of each piece of object information, and uses a hash bucket algorithm to split the hash values of all pieces of object information into 2 subsets, namely a subset with a remainder of 0 and a subset with a remainder of 1; through negotiation, the processing device corresponding to the party A participates in the intersection operation of the subset with the remainder of 0, and the processing device corresponding to the party B participates in the intersection operation of the subset with the remainder of 1; the processing equipment corresponding to the party A encrypts a subset with the remainder of 1 in the split subsets by using a session key to obtain first subset encrypted data, and sends the first subset encrypted data to a message queue; the processing equipment corresponding to the party B encrypts a subset with the remainder of 0 in the split subset by using the session key to obtain second subset encrypted data, and sends the second subset encrypted data to the message queue; processing equipment corresponding to the participant A acquires second subset encrypted data from the message queue, and decrypts the second subset encrypted data by using the session key to obtain a subset decryption result; the processing equipment corresponding to the party B acquires the first subset of encrypted data from the message queue, and decrypts the first subset of encrypted data by using the session key to obtain a decryption result corresponding to the first subset of encrypted data of the subset decryption result; the party A uses an intersection solving algorithm corresponding to the intersection solving task to solve the intersection of the subset with the remainder of 0 obtained by splitting and the decryption result of the subset to obtain a first intersection solving result, encrypts the first intersection solving result by using a session key and sends the first intersection solving result to a message queue; the participant B obtains an intersection of the subset with the remainder of 1 and the decryption result of the subset obtained by splitting by using a task association algorithm matched with the task to be executed, obtains a second intersection obtaining result, obtains an encryption result of the first intersection obtaining result from the message queue, decrypts the encryption result by using a session key, obtains a first intersection obtaining result, obtains a union of the first intersection obtaining result and the second intersection obtaining result, takes the union result as a second intermediate executing result, and the second intermediate executing result is a cooperation processing result of the intersection obtaining task under the scene of intersection obtaining.
It should be noted that, the application scenario provided above is only used to illustrate the data processing method of the present application, and the application of the data processing method provided in the present application is not limited to the application scenario provided above. For example, the method and the device can be applied to the scenes of statistical analysis, logistic regression and the like, and the embodiment of the application is not limited to the method and the device.
In the above embodiment, it is provided how to implement collaborative execution of the intersection solving task through the data processing method in the embodiment of the present application under the intersection solving scene, so that each participant does not need to provide own original data in the joint training process, thereby improving data security.
In some embodiments, a data processing method is provided, which is applied to a processing device corresponding to a target participant, and includes the following steps:
receiving a task release notice, wherein the task release notice is sent to each block chain node corresponding to each participant in task creation information after a block chain node corresponding to a task initiator detects a task creation instruction triggered by the task initiator, acquiring task creation information corresponding to the task creation instruction and releasing the task creation information to a block chain; and acquiring task creation information from the blockchain based on the task release notice, and extracting task configuration information from the task creation information.
Auditing the task configuration information based on preset auditing rules; under the condition that the auditing is passed, signing the task configuration information to obtain corresponding task authorization information, and issuing the task authorization information to the block chain; after receiving a task execution notice sent by a block chain node corresponding to a task initiator, carrying out trusted verification with target equipment; the task execution notification is sent to the blockchain node corresponding to each participant in the participant information under the condition that the blockchain node corresponding to each participant in the participant information is determined for the blockchain node corresponding to the task initiator and the corresponding task authorization information is issued to the blockchain.
Under the condition that the trusted verification with the target equipment is passed, acquiring a public key of a party to which the target equipment belongs and generating a random value; and encrypting the random value by using the public key to obtain an encryption key, sending the encryption key to the message queue, and decrypting the encryption key by using a private key of a participant to which the target device belongs after the encryption key is used for indicating the encryption key acquired by the target device from the message queue to obtain the random value, wherein the random value is used as a session key.
Acquiring an algorithm matched with task algorithm information from an algorithm warehouse, and taking the acquired algorithm as a task execution algorithm corresponding to a task to be executed; the algorithm warehouse contains algorithms developed by the algorithm development objects that have passed the release process. The processing equipment comprises a trusted key management component and a trusted computing cluster module, wherein the trusted key management component is used for storing a session key, and the trusted computing cluster module and the trusted key management component perform local trusted verification; under the condition that the local trusted verification is passed, the trusted computing cluster module acquires task authorization information corresponding to each participant in the participant information from the blockchain; the trusted computing cluster module transmits the task authorization information corresponding to each participant to the trusted key management component so as to instruct the trusted key management component to carry out signature verification on the task authorization information corresponding to each participant; the trusted computing cluster module receives a session key sent by the trusted key management component under the condition that signature verification is passed; and the trusted computing cluster module encrypts the first intermediate execution result by using the session key to obtain an encrypted execution result.
The encryption execution result is used for indicating the target equipment to decrypt the encryption execution result by using the session key to obtain a first intermediate execution result, and a second intermediate execution result is obtained based on a task association algorithm matched with the task to be executed, the first intermediate execution result and the original data of the participant to which the target equipment belongs; and determining a cooperative processing result of the task to be executed at least based on the second intermediate execution result.
In the above embodiment, the processing device corresponding to the target participant first obtains the task configuration information of the task to be executed, then determines, according to the participant information, the target devices corresponding to the other participants cooperatively executing the task to be executed, and negotiates with the target devices to determine the session key when the trusted verification passes between the target devices; the trusted verification can ensure that the logic running in the trusted execution environment of the processing equipment corresponding to each participant in the collaborative execution of the task to be executed is legal, the session key provides a safety channel for subsequent data interaction, the data safety is improved, the task execution algorithm corresponding to the task to be executed is determined according to the task algorithm information, and the original data of the target participant is processed by adopting the task execution algorithm to obtain a first intermediate execution result; encrypting the first intermediate execution result by using the session key to obtain an encryption execution result, sending the encryption execution result to the target device, wherein the encryption execution result is used for indicating the target device to decrypt the encryption execution result by using the session key to obtain a first intermediate execution result, and obtaining a second intermediate execution result based on a task association algorithm matched with a task to be executed, the first intermediate execution result and original data of a participant to which the target device belongs; the method for cooperatively executing the task to be executed can enable all participants to acquire the cooperative processing result of the task to be executed without providing original data, reduce the possibility of privacy data leakage and improve the data security.
Based on the same inventive concept, the embodiment of the application also provides a data processing device for realizing the above related data processing method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation of one or more embodiments of the data processing device provided below may refer to the limitation of the data processing method hereinabove, and will not be repeated herein.
In one embodiment, as shown in FIG. 10, there is provided a data processing apparatus comprising:
an obtaining module 1001, configured to obtain task configuration information of a task to be executed, where the task configuration information includes task algorithm information and participant information;
a first determining module 1002, configured to determine, according to the participant information, target devices corresponding to the other participants that cooperatively perform the task to be performed, and negotiate with the target devices to determine a session key when the trusted verification passes between the target devices;
a second determining module 1003, configured to determine a task execution algorithm corresponding to the task to be executed according to the task algorithm information, and process the original data of the target participant by using the task execution algorithm to obtain a first intermediate execution result;
The interaction module 1004 is configured to encrypt the first intermediate execution result using the session key to obtain an encrypted execution result, send the encrypted execution result to the target device, and the encrypted execution result is used to instruct the target device to decrypt the encrypted execution result using the session key to obtain a first intermediate execution result, and obtain a second intermediate execution result based on a task association algorithm matched with the task to be executed, the first intermediate execution result, and original data of a participant to which the target device belongs; and determining a cooperative processing result of the task to be executed at least based on the second intermediate execution result.
In some embodiments, the obtaining module 1001 is specifically configured to: receiving a task release notice, wherein the task release notice is sent to each block chain node corresponding to each participant in task creation information after a block chain node corresponding to a task initiator detects a task creation instruction triggered by the task initiator, acquiring task creation information corresponding to the task creation instruction and releasing the task creation information to a block chain; and acquiring task creation information from the blockchain based on the task release notice, and extracting task configuration information from the task creation information.
In some embodiments, the processing device is a blockchain node, and the obtaining module 1001 is further configured to: auditing the task configuration information based on preset auditing rules; under the condition that the auditing is passed, signing the task configuration information to obtain corresponding task authorization information, and issuing the task authorization information to the block chain; after receiving a task execution notice sent by a block chain node corresponding to a task initiator, carrying out trusted verification with target equipment; the task execution notification is sent to the blockchain node corresponding to each participant in the participant information under the condition that the blockchain node corresponding to each participant in the participant information is determined for the blockchain node corresponding to the task initiator and the corresponding task authorization information is issued to the blockchain.
In some embodiments, the processing device is a blockchain node, and the obtaining module 1001 is further configured to: sending a trusted proving request to a message queue, wherein the trusted proving request is used for generating trusted proving information corresponding to target equipment after the target equipment obtains the trusted proving request from the message queue, and sending the trusted proving information to the message queue; acquiring the credible proving information corresponding to the target equipment from the message queue; and verifying the trusted proving information corresponding to the target equipment to obtain a verification result, and determining whether the trusted verification with the target equipment is passed or not based on the verification result.
In some embodiments, the first determining module 1002 is specifically configured to: obtaining a public key of a party to which target equipment belongs and generating a random value; and encrypting the random value by using the public key to obtain an encryption key, sending the encryption key to the message queue, and decrypting the encryption key by using a private key of a participant to which the target device belongs after the encryption key is used for indicating the encryption key acquired by the target device from the message queue to obtain the random value, wherein the random value is used as a session key.
In some embodiments, the second determining module 1003 is specifically configured to: acquiring an algorithm matched with task algorithm information from an algorithm warehouse, and taking the acquired algorithm as a task execution algorithm corresponding to a task to be executed; the algorithm warehouse contains algorithms developed by the algorithm development objects that have passed the release process.
In some embodiments, the processing device includes a trusted key management component for storing a session key and a trusted computing cluster module for performing a local trusted verification with the trusted key management component; under the condition that the local trusted verification passes, task authorization information corresponding to each participant in the participant information is acquired from the blockchain; transmitting the task authorization information corresponding to each participant to the trusted key management component so as to instruct the trusted key management component to carry out signature verification on the task authorization information corresponding to each participant; receiving a session key sent by the trusted key management component under the condition that signature verification is passed; and encrypting the first intermediate execution result by using the session key to obtain an encryption execution result.
In some embodiments, the processing device includes a trusted key management component and a trusted computing cluster module, where the trusted computing cluster module is configured to obtain encrypted original data of the data provider from a database of the data provider, where the encrypted original data is obtained by encrypting, by the data provider, the original data of the data provider using an encryption public key; obtaining a decryption private key by interacting with the trusted key management component; and decrypting the encrypted original data by using a decryption private key to obtain data to be processed, and processing the data to be processed by adopting a task execution algorithm to obtain an intermediate processing result corresponding to the data provider.
In some embodiments, the encrypted public key is generated by a trusted key management component of the data provider and returned to the data provider after passing the trusted key management component of the data provider by a key derivation algorithm based on the session key and the signed public key of the data provider.
In some embodiments, the trusted computing cluster module is specifically configured to perform a local trusted verification with the trusted key management component; under the condition that the local trusted verification passes, the task authorization information corresponding to each participant in the participant information and the signature public key of the data provider are sent to the trusted key management component so as to instruct the trusted key management component to perform signature verification on the task authorization information corresponding to each participant; and receiving a decryption private key sent by the trusted key management component, wherein the decryption private key is generated by the trusted key management component by adopting a key derivation algorithm based on the session key and the signature public key of the data provider under the condition that signature verification is passed.
In some embodiments, the second determining module 1003 is specifically configured to: acquiring a first training sample based on original data of a target participant; and inputting the first training sample into a model training algorithm corresponding to the joint training task to obtain a first prediction result, determining a first local gradient based on the first prediction result, and taking the first local gradient as a first intermediate execution result.
In some embodiments, the step of determining the second intermediate execution result includes: determining a global training gradient according to the first local gradient and the local gradient; updating training parameters in the task association algorithm according to the global training gradient to obtain an updated task association algorithm; acquiring a second training sample based on the original data of the participant to which the target device belongs; inputting a second training sample into the updated task association algorithm to obtain a second prediction result, determining a second local gradient based on the second prediction result, and taking the second local gradient as a second intermediate execution result; the step of determining the cooperative processing result of the joint training task comprises the following steps: and when determining that each participant contained in the participant information completes the respective model training process based on the second intermediate result, taking the model parameters corresponding to each participant contained in the participant information as the collaborative processing result of the joint training task.
In some embodiments, the second determining module 1003 is specifically configured to: performing privacy processing on the original data of the target participant according to a preset privacy processing algorithm to obtain privacy processing data; according to the number of the participants contained in the participant information, splitting privacy processing data into a plurality of first subsets to be processed matched with the number of the participants according to a preset data splitting algorithm; determining a first subset identifier of participation processing of a target participant and a second subset identifier of participation processing of the participant to which the target device belongs through negotiation with the target device; encrypting a first subset to be processed corresponding to second subset identifiers in the first subsets to be processed by using a session key to obtain first subset encrypted data, and sending the first subset encrypted data to target equipment; after receiving second subset encryption data sent by the target device, decrypting the second subset encryption data by using a session key to obtain a subset decryption result, wherein the second subset encryption data is obtained by encrypting a second subset to be processed corresponding to a first subset identifier in the plurality of second subsets to be processed after the target device obtains the plurality of second subsets to be processed based on original data of a participant to which the target device belongs; and adopting an intersection solving algorithm corresponding to the intersection solving task to solve the intersection of the to-be-processed subsets corresponding to the first subset identifiers in the first to-be-processed subsets and the subset decryption results, obtaining a first intersection solving result, and taking the first intersection solving result as a first intermediate execution result.
In some embodiments, the step of determining the second intermediate execution result includes: decrypting the first subset of encrypted data from the processing equipment, adopting a task association algorithm matched with the task to be executed, solving an intersection of a plurality of second subsets to be processed corresponding to second subset identifiers in the second subsets to be processed and decryption results corresponding to the first subset of encrypted data to obtain a second intersection solving result, and obtaining a union of the first intersection solving result and the second intersection solving result as a second intermediate execution result; the step of determining the result of the cooperative processing of the intersection solving task includes: and taking the second intermediate execution result as a collaborative processing result of the intersection solving task.
Each of the modules in the above-described data processing apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 11. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing data such as task configuration information. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a data processing method.
It will be appreciated by those skilled in the art that the structure shown in fig. 11 is merely a block diagram of a portion of the structure associated with the present application and is not limiting of the computer device to which the present application applies, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In an embodiment, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, the object information (including, but not limited to, object device information, object personal information, etc.) and the data (including, but not limited to, data for analysis, stored data, presented data, etc.) related to the present application are both information and data authorized by the object or sufficiently authorized by each party, and the collection, use, and processing of the related data are required to comply with the related laws and regulations and standards of the related countries and regions.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the various embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as Static Random access memory (Static Random access memory AccessMemory, SRAM) or dynamic Random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the various embodiments provided herein may include at least one of relational databases and non-relational databases. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic units, quantum computing-based data processing logic units, etc., without being limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the present application. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application shall be subject to the appended claims.

Claims (18)

1. A data processing method, applied to a processing device corresponding to a target participant, the method comprising:
acquiring task configuration information of a task to be executed, wherein the task configuration information comprises task algorithm information and participant information;
determining target equipment corresponding to each of the other participants cooperatively executing the task to be executed according to the participant information, and negotiating with the target equipment to determine a session key under the condition that the trusted verification passes between the target equipment and the target equipment;
Determining a task execution algorithm corresponding to the task to be executed according to the task algorithm information, and processing the original data of the target participant by adopting the task execution algorithm to obtain a first intermediate execution result;
encrypting the first intermediate execution result by using the session key to obtain an encryption execution result, and sending the encryption execution result to the target device, wherein the encryption execution result is used for indicating the target device to decrypt the encryption execution result by using the session key to obtain the first intermediate execution result, and obtaining a second intermediate execution result based on a task association algorithm matched with the task to be executed, the first intermediate execution result and original data of a participant to which the target device belongs; and determining the cooperative processing result of the task to be executed at least based on the second intermediate execution result.
2. The method of claim 1, wherein the processing device is a blockchain node, and the obtaining task configuration information of a task to be performed comprises:
receiving a task release notice, wherein the task release notice is sent to each block chain node corresponding to each participant in task creation information after a block chain node corresponding to a task initiator detects a task creation instruction triggered by the task initiator, acquiring task creation information corresponding to the task creation instruction and releasing the task creation information to a block chain;
And acquiring the task creation information from the blockchain based on the task release notice, and extracting task configuration information from the task creation information.
3. The method of claim 1, wherein the processing device is a blockchain node, the method further comprising:
auditing the task configuration information based on preset auditing rules;
under the condition that the auditing is passed, signing the task configuration information to obtain corresponding task authorization information, and issuing the task authorization information to a blockchain;
after receiving a task execution notice sent by a block chain node corresponding to a task initiator, carrying out trusted verification with target equipment;
and the task execution notification is sent to the blockchain nodes corresponding to all the participants in the participant information under the condition that the blockchain nodes corresponding to all the participants in the participant information are determined for the blockchain nodes corresponding to the task initiator and the corresponding task authorization information is issued to the blockchain.
4. The method according to claim 1, wherein the method further comprises:
sending a trusted proving request to a message queue, wherein the trusted proving request is used for generating trusted proving information corresponding to target equipment after the target equipment obtains the trusted proving request from the message queue, and sending the trusted proving information to the message queue;
Acquiring the credible proving information corresponding to the target equipment from the message queue;
and verifying the trusted proving information corresponding to the target equipment to obtain a verification result, and determining whether the trusted verification with the target equipment is passed or not based on the verification result.
5. The method of claim 1, wherein negotiating with the target device to determine a session key comprises:
obtaining a public key of a participant to which the target equipment belongs and generating a random value;
and encrypting the random value by using the public key to obtain an encryption key, sending the encryption key to a message queue, and decrypting the encryption key by using a private key of a participant to which the target device belongs after the encryption key is indicated to be acquired from the message queue by the target device by the encryption key to obtain the random value, wherein the random value is used as a session key.
6. The method according to claim 1, wherein determining a task execution algorithm corresponding to the task to be executed according to the task algorithm information includes:
acquiring an algorithm matched with the task algorithm information from an algorithm warehouse, and taking the acquired algorithm as a task execution algorithm corresponding to the task to be executed; the algorithm warehouse comprises algorithms which are developed by the algorithm development objects and pass through the release process.
7. The method of claim 1, wherein the processing device includes a trusted key management component and a trusted computing cluster module, the trusted key management component configured to store the session key, the encrypting the first intermediate execution result using the session key to obtain an encrypted execution result, comprising:
the trusted computing cluster module performs local trusted verification with the trusted key management component;
under the condition that the local trusted verification is passed, the trusted computing cluster module acquires task authorization information corresponding to each participant in the participant information from a blockchain;
the trusted computing cluster module transmits the task authorization information corresponding to each participant to the trusted key management component so as to instruct the trusted key management component to carry out signature verification on the task authorization information corresponding to each participant;
the trusted computing cluster module receives a session key sent by the trusted key management component under the condition that signature verification is passed;
and the trusted computing cluster module encrypts the first intermediate execution result by using the session key to obtain an encrypted execution result.
8. The method of claim 1, wherein the processing device comprises a trusted key management component and a trusted computing cluster module, the method further comprising:
the trusted computing cluster module acquires encrypted original data of the data provider from a database of the data provider, wherein the encrypted original data is obtained by encrypting the original data of the data provider by using an encryption public key;
the trusted computing cluster module acquires a decryption private key through interaction with the trusted key management component;
and decrypting the encrypted original data by using the decryption private key to obtain data to be processed, and processing the data to be processed by adopting the task execution algorithm to obtain an intermediate processing result corresponding to a data provider.
9. The method of claim 8, wherein the encrypted public key is generated by a trusted key management component of the data provider and returned to the data provider using a key derivation algorithm based on the session key and a signed public key of the data provider after the trusted key management component passes its trusted verification.
10. The method of claim 8, wherein the trusted computing cluster module obtains a decryption private key by interacting with the trusted key management component, comprising:
The trusted computing cluster module performs local trusted verification with the trusted key management component;
under the condition that the local trusted verification is passed, the trusted computing cluster module sends the task authorization information corresponding to each participant in the participant information and the signature public key of the data provider to the trusted key management component so as to instruct the trusted key management component to carry out signature verification on the task authorization information corresponding to each participant;
the trusted computing cluster module receives a decryption private key sent by the trusted key management component, wherein the decryption private key is generated by the trusted key management component by adopting a key derivation algorithm based on the session key and a signature public key of a data provider under the condition that signature verification is passed.
11. The method according to any one of claims 1-10, wherein the task to be performed is a joint training task; processing the original data of the target participant by adopting the task execution algorithm to obtain a first intermediate execution result, wherein the first intermediate execution result comprises:
acquiring a first training sample based on the original data of the target participant;
and inputting the first training sample into a model training algorithm corresponding to the joint training task to obtain a first prediction result, determining a first local gradient based on the first prediction result, and taking the first local gradient as the first intermediate execution result.
12. The method according to claim 11, wherein:
the determining step of the second intermediate execution result includes: determining a global training gradient according to the first local gradient and the local gradient; updating training parameters in the task association algorithm according to the global training gradient to obtain an updated task association algorithm; acquiring a second training sample based on the original data of the participant to which the target device belongs; inputting the second training sample into the updated task association algorithm to obtain a second prediction result, determining a second local gradient based on the second prediction result, and taking the second local gradient as the second intermediate execution result;
the step of determining the cooperative processing result of the joint training task comprises the following steps: and when determining that each participant contained in the participant information completes the respective model training process based on the second intermediate result, taking the model parameters corresponding to each participant contained in the participant information as the collaborative processing result of the joint training task.
13. The method according to any one of claims 1-10, wherein the task to be performed is an intersection finding task; processing the original data of the target participant by adopting the task execution algorithm to obtain a first intermediate execution result, wherein the first intermediate execution result comprises:
Performing privacy processing on the original data of the target participant according to a preset privacy processing algorithm to obtain privacy processing data;
splitting the privacy processing data into a plurality of first subsets to be processed matched with the number of the participants according to the number of the participants contained in the participant information and a preset data splitting algorithm;
determining a first subset identifier of the participation process of the target participant and a second subset identifier of the participation process of the participant of the target device through negotiation with the target device;
encrypting a first subset to be processed corresponding to the second subset identifier in the plurality of first subsets to be processed by using the session key to obtain first subset encrypted data, and sending the first subset encrypted data to the target device;
after receiving second subset encryption data sent by target equipment, decrypting the second subset encryption data by using the session key to obtain a subset decryption result, wherein the second subset encryption data is obtained by encrypting a second subset to be processed corresponding to the first subset identifier in the plurality of second subsets to be processed after the target equipment obtains the plurality of second subsets to be processed based on original data of a participant to which the target equipment belongs;
And adopting an intersection solving algorithm corresponding to the intersection solving task to solve an intersection of the to-be-processed subset corresponding to the first subset identification in the plurality of first to-be-processed subsets and the subset decryption result to obtain a first intersection solving result, and taking the first intersection solving result as the first intermediate execution result.
14. The method of claim 13, wherein the step of determining the position of the probe is performed,
the determining step of the second intermediate execution result includes: decrypting the first subset of encrypted data from the processing equipment, adopting a task association algorithm matched with the task to be executed, solving an intersection of a second subset to be processed corresponding to the second subset identifier in the plurality of second subsets to be processed and a decryption result corresponding to the first subset of encrypted data to obtain a second intersection solving result, and obtaining a union of the first intersection solving result and the second intersection solving result as the second intermediate execution result;
the step of determining the cooperation processing result of the intersection solving task comprises the following steps: and taking the second intermediate execution result as a cooperative processing result of the intersection solving task.
15. A data processing apparatus, the apparatus comprising:
The acquisition module is used for acquiring task configuration information of a task to be executed, wherein the task configuration information comprises task algorithm information and participant information;
the first determining module is used for determining target equipment corresponding to each other participant which cooperatively executes the task to be executed according to the participant information, and negotiating with the target equipment to determine a session key under the condition that the trusted verification between the target equipment and the target equipment is passed;
the second determining module is used for determining a task execution algorithm corresponding to the task to be executed according to the task algorithm information, and processing the original data of the target participant by adopting the task execution algorithm to obtain a first intermediate execution result;
the interaction module is used for encrypting the first intermediate execution result by using the session key to obtain an encryption execution result, sending the encryption execution result to the target equipment, wherein the encryption execution result is used for indicating the target equipment to decrypt the encryption execution result by using the session key to obtain a first intermediate execution result, and obtaining a second intermediate execution result based on a task association algorithm matched with a task to be executed, the first intermediate execution result and the original data of a participant to which the target equipment belongs; and determining a cooperative processing result of the task to be executed at least based on the second intermediate execution result.
16. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 14 when the computer program is executed.
17. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 14.
18. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any one of claims 1 to 14.
CN202310767679.6A 2023-06-27 2023-06-27 Data processing method, device, computer equipment and storage medium Active CN116506227B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310767679.6A CN116506227B (en) 2023-06-27 2023-06-27 Data processing method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310767679.6A CN116506227B (en) 2023-06-27 2023-06-27 Data processing method, device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN116506227A true CN116506227A (en) 2023-07-28
CN116506227B CN116506227B (en) 2023-09-19

Family

ID=87330525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310767679.6A Active CN116506227B (en) 2023-06-27 2023-06-27 Data processing method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116506227B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111095256A (en) * 2019-04-26 2020-05-01 阿里巴巴集团控股有限公司 Securely executing intelligent contract operations in a trusted execution environment
CN113395159A (en) * 2021-01-08 2021-09-14 腾讯科技(深圳)有限公司 Data processing method based on trusted execution environment and related device
CN113901425A (en) * 2021-09-16 2022-01-07 医渡云(北京)技术有限公司 Method, device, storage medium and equipment for solving intersection safely by multiple parties
CN113935050A (en) * 2021-09-26 2022-01-14 平安科技(深圳)有限公司 Feature extraction method and device based on federal learning, electronic device and medium
CN114884714A (en) * 2022-04-26 2022-08-09 北京百度网讯科技有限公司 Task processing method, device, equipment and storage medium
CN114896639A (en) * 2022-04-29 2022-08-12 蚂蚁区块链科技(上海)有限公司 Data processing method and device, electronic equipment and storage medium
CN115358411A (en) * 2022-08-11 2022-11-18 联仁健康医疗大数据科技股份有限公司 Data processing method, device, equipment and medium
CN115664655A (en) * 2022-10-21 2023-01-31 杭州安恒信息技术股份有限公司 TEE credibility authentication method, device, equipment and medium
WO2023024789A1 (en) * 2021-08-27 2023-03-02 腾讯科技(深圳)有限公司 Data joint query method and apparatus, electronic device, computer readable storage medium, and computer program product
CN115757624A (en) * 2022-11-17 2023-03-07 百度国际科技(深圳)有限公司 Data processing method and device, electronic equipment and storage medium

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111095256A (en) * 2019-04-26 2020-05-01 阿里巴巴集团控股有限公司 Securely executing intelligent contract operations in a trusted execution environment
CN113395159A (en) * 2021-01-08 2021-09-14 腾讯科技(深圳)有限公司 Data processing method based on trusted execution environment and related device
WO2023024789A1 (en) * 2021-08-27 2023-03-02 腾讯科技(深圳)有限公司 Data joint query method and apparatus, electronic device, computer readable storage medium, and computer program product
CN113901425A (en) * 2021-09-16 2022-01-07 医渡云(北京)技术有限公司 Method, device, storage medium and equipment for solving intersection safely by multiple parties
CN113935050A (en) * 2021-09-26 2022-01-14 平安科技(深圳)有限公司 Feature extraction method and device based on federal learning, electronic device and medium
CN114884714A (en) * 2022-04-26 2022-08-09 北京百度网讯科技有限公司 Task processing method, device, equipment and storage medium
CN114896639A (en) * 2022-04-29 2022-08-12 蚂蚁区块链科技(上海)有限公司 Data processing method and device, electronic equipment and storage medium
CN115358411A (en) * 2022-08-11 2022-11-18 联仁健康医疗大数据科技股份有限公司 Data processing method, device, equipment and medium
CN115664655A (en) * 2022-10-21 2023-01-31 杭州安恒信息技术股份有限公司 TEE credibility authentication method, device, equipment and medium
CN115757624A (en) * 2022-11-17 2023-03-07 百度国际科技(深圳)有限公司 Data processing method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN116506227B (en) 2023-09-19

Similar Documents

Publication Publication Date Title
US10320843B1 (en) Methods, systems, and devices for encrypted electronic storage and confidential network transfer of private data through a trustless distributed ledger technology system
JP6892513B2 (en) Off-chain smart contract service based on a reliable execution environment
US20230023857A1 (en) Data processing method and apparatus, intelligent device, and storage medium
CN113159327B (en) Model training method and device based on federal learning system and electronic equipment
US20230069078A1 (en) Systems, devices, and methods for dlt-based data management platforms and data products
EP3491598B1 (en) Blockchain-implemented method and system
TWI720720B (en) Method and system for preventing misrepresentation of input data in a secure multi-party computation
JP2020528224A (en) Secure execution of smart contract operations in a reliable execution environment
CN111784001B (en) Model training method and device and computer readable storage medium
CN113127916A (en) Data set processing method, data processing device and storage medium
CN111108521A (en) Implementing a blockchain based workflow
CN112581126A (en) Block chain-based platform data management method and device and storage medium
CN111291394B (en) False information management method, false information management device and storage medium
CN111125781B (en) File signature method and device and file signature verification method and device
CN109635572A (en) A kind of contract signing method, apparatus and terminal device based on block chain
CN113609508A (en) Block chain-based federal learning method, device, equipment and storage medium
CN111651794A (en) Alliance chain-based electronic data management method and device and storage medium
CN114205136A (en) Traffic data resource sharing method and system based on block chain technology
CN110597836A (en) Information query request response method and device based on block chain network
CN115396115A (en) Block chain data privacy protection method, device, equipment and readable storage medium
CN116502732B (en) Federal learning method and system based on trusted execution environment
CN112949866A (en) Poisson regression model training method and device, electronic equipment and storage medium
CN116506227B (en) Data processing method, device, computer equipment and storage medium
CN111125734B (en) Data processing method and system
US20240097898A1 (en) Blockchain data processing method and apparatus, computer device, medium, and product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40089292

Country of ref document: HK